vgcrypt.txt

这个是一个采用汇编语言编写的文件加密器的源代码。

;
;VGCrypt PE Encryptor v0.75 Beta
;(c)1998 Virogen
;email: vgen@hotmail.com
;www: http://virogen.cjb.net
;----------------------------------------------------------------
; 
; This is a fairly simple PE encryptor I wrote up. I commented everything
; that is relavent to PE appendation or insertion, more so than I needed to
; even. The most interesting feature of this encryptor is that it attempts to
; find a location to insert itself between object virtual size and the next
; file alignment boundary, thus not changing the physical file size.
; 
; Note that this code is still under development.
; 
; Features:
;   -three types of PE parasticality<g>:
;       1) install in cave - no physical size increase
;       2) append to last object
;       3) create new object
;   -full win95/98/NT compliant
;   -does not add new object unless you want to
;   -stores correct new checksum of PE executable
;   -preserves original file data/time and attributes
;   -prompts u to encrypt again if file already encrypted, you can encrypt
;    a file as many times as you want. Of course, eventually you will run out
;    of available caves and the filesize will start increasing.
; 
; Usage:
;   -VGCRYPT filename
;
;
; known bugs:
;   -might be problems with some encrypted DLLs.
;
;
; Note to coders:
;   If you need to retrieve API RVAs in the decryptor, the best way is to
;   manually import from the kernel32 export table in memory. The base of
;   kernel32.dll can be obtained by using [esp] at entry and scanning down
;   to the base. For more information, see my viral code at
;   http://virogen.cjb.net.
;
;
; Updates:
;   11/26/98 v0.40: Initial release
;   11/27/98 v0.45: Added simple SEH anti-debugging code
;                   Fixed command line problem when running under winnt
;                    dos box
;                   Other minor changes in decryptor
;   11/28/98 v0.50: Fixed winNT image problems
;                   Added better anti-debugging code, but still needs improvements,
;                    optimization, etc.              
;                   Closed decryptor and encryption source. Sorry, but all the other
;                    code is still open
;   11/28/98 v0.51: Reformatted decryptor a little, anti-debugging code still needs to
;                    be improved alot.
;   11/28/98 v0.54: Fixed exception when object with no physical offset/size encountered.
;                   Temporarily disabled portion of anti-debugging code.
;   11/29/98 v0.56: Source code beautification by Ghiribizzo<g>.
;                   EBP now preserved correctly
;                   Minor winNT command line problem fixed
;                   Encrypted DLLs now load, but some have unusual problems
;                   Executables which are loaded at an image base other than the one
;                   specifid in the PE header (unusual) will now work properly.
;                   No longer flagged by AVP if appended to last object
;                   Note that when we reach v0.60 I will re-release the source
;                   code, with the noted exceptions of the encryption and decryption
;                   code.
;   11/30/98 v0.57: If no "caves" found, gives you choice of appending to last object or
;                   creating a new object.
;   11/30/98 v0.58: Minor bug fix in creating new object.
;		    Was missing last object while traversing thru object table, oops.
;   11/31/98 v0.60: Checks to make sure there is room to add another object to
;		    object table before allowing user to select this option.
;		    Other minor changes here and there.
;   12/05/98 v0.61: Now accounts correctly for PEs loaded at a differing image base. 
;    		    I had forgotten to recalculate encrypted object addresses. This
;		    was a minor bug because it is rare to have a PE loaded a base other
;		    than the one specified in the header.
;   12/09/98 v0.65: Now avoids encrypting import & export table no matter where it is at. 
;   		    Oops, should done this in the first place. 
;   12/13/98 v0.70: Fixed RING 0 bug causing some unexpected results under win95/98.
;   12/19/98 v0.75: Spent about 5 minutes improving security a little bit, still not 
;		    secure at all.. someday I will remedy this.
;                   
;
; ====================================================================================
; Special thanks to Ghiribizzo who has provided more anti-debugging ideas than I can
;  even hope to have time to implement<g>. http://Ghiribizzo.home.ml.org
; Greetz lapse,jp,vecna,darkman,Iczelion, and everyone else.
; ====================================================================================
;
;