📄 75src.asm
字号:
;
;**WARNING: Encryption and Decryption code closed to public for security (as if there
; were any<g>). Everything else is here tho.
;
;
;VGCrypt PE Encryptor v0.75 Beta
;(c)1998 Virogen
;email: vgen@hotmail.com
;----------------------------------------------------------------
;
; This is a fairly simple PE encryptor I wrote up. I commented everything
; that is relavent to PE appendation or insertion, more so than I needed to
; even. The most interesting feature of this encryptor is that it attempts to
; find a location to insert itself between object virtual size and the next
; file alignment boundary, thus not changing the physical file size.
;
; Note that this code is still under development.
;
; Features:
; -three types of PE parasticality<g>:
; 1) install in cave - no physical size increase
; 2) append to last object
; 3) create new object
; -full win95/98/NT compliant
; -does not add new object unless you want to
; -stores correct new checksum of PE executable
; -preserves original file data/time and attributes
; -prompts u to encrypt again if file already encrypted, you can encrypt
; a file as many times as you want. Of course, eventually you will run out
; of available caves and the filesize will start increasing.
;
; Usage:
; -VGCRYPT filename
;
;
; known bugs:
; -might be problems with some encrypted DLLs.
;
;
; Note to coders:
; If you need to retrieve API RVAs in the decryptor, the best way is to
; manually import from the kernel32 export table in memory. The base of
; kernel32.dll can be obtained by using [esp] at entry and scanning down
; to the base. For more information, see my viral code at
;
;
; Updates:
; 11/26/98 v0.40: Initial release
; 11/27/98 v0.45: Added simple SEH anti-debugging code
; Fixed command line problem when running under winnt
; dos box
; Other minor changes in decryptor
; 11/28/98 v0.50: Fixed winNT image problems
; Added better anti-debugging code, but still needs improvements,
; optimization, etc.
; Closed decryptor and encryption source. Sorry, but all the other
; code is still open
; 11/28/98 v0.51: Reformatted decryptor a little, anti-debugging code still needs to
; be improved alot.
; 11/28/98 v0.54: Fixed exception when object with no physical offset/size encountered.
; Temporarily disabled portion of anti-debugging code.
; 11/29/98 v0.56: Source code beautification by Ghiribizzo<g>.
; EBP now preserved correctly
; Minor winNT command line problem fixed
; Encrypted DLLs now load, but some have unusual problems
; Executables which are loaded at an image base other than the one
; specifid in the PE header (unusual) will now work properly.
; No longer flagged by AVP if appended to last object
; Note that when we reach v0.60 I will re-release the source
; code, with the noted exceptions of the encryption and decryption
; code.
; 11/30/98 v0.57: If no "caves" found, gives you choice of appending to last object or
; creating a new object.
; 11/30/98 v0.58: Minor bug fix in creating new object.
; Was missing last object while traversing thru object table, oops.
; 11/31/98 v0.60: Checks to make sure there is room to add another object to
; object table before allowing user to select this option.
; Other minor changes here and there.
; 12/05/98 v0.61: Now accounts correctly for PEs loaded at a differing image base.
; I had forgotten to recalculate encrypted object addresses. This
; was a minor bug because it is rare to have a PE loaded a base other
; than the one specified in the header.
; 12/09/98 v0.65: Now avoids encrypting import & export table no matter where it is at.
; Oops, should done this in the first place.
; 12/19/98 v0.75: Improved security a little bit, still not secure at all.. someday
; I will remedy this.
;
;
;
; ====================================================================================
; Special thanks to Ghiribizzo who has provided more anti-debugging ideas than I can
; even hope to have time to implement<g>. http://Ghiribizzo.home.ml.org
; Greetz lapse,jp,vecna,darkman,Iczelion, and everyone else.
; ====================================================================================
;
;
;
include mywin.inc
ID_OFF equ 0ch ; offset of our marker in PE
DECRYPTOR_SIZE equ (offset decryptor_code_end-offset decryptor_code) ;
VIRTUAL_SIZE equ DECRYPTOR_SIZE
MAX_OBJS equ 6 ; maximum objects we can handle
; by increasing this you are increasing the size
; of the table in decryptor by MAX_OBJS*8.
.586p
locals
jumps
.model flat,STDCALL
extrn ExitProcess:PROC
extrn CreateFileA:PROC
extrn CloseHandle:PROC
extrn ReadFile:PROC
extrn WriteFile:PROC
extrn SetFilePointer:PROC
extrn MapViewOfFile:PROC
extrn CreateFileMappingA:PROC
extrn UnmapViewOfFile:PROC
extrn SetEndOfFile:PROC
extrn SetFilePointer:PROC
extrn GetFileAttributesA:PROC
extrn SetFileAttributesA:PROC
extrn GetFileSize:PROC
extrn GetTickCount:PROC
extrn GetFileSize:PROC
extrn GetFileTime:PROC
extrn SetFileTime:PROC
extrn CheckSumMappedFile:PROC
extrn MessageBoxA:PROC
extrn GetCommandLineA:PROC
extrn lstrcat:PROC
extrn IsBadReadPtr:PROC
extrn WriteConsoleA:PROC
extrn GetStdHandle:PROC
extrn ReadConsoleA:PROC
org 0
.data ; data object
; conditional compile
;console_app equ 1
;
cr equ 0dh
lf equ 0ah
tab equ 9
hline equ 196
marker equ 90909090h
cr_lf_tab db cr,lf,tab,tab,0
init_txt db 50 dup(hline),cr,lf
caption db 'Virogen''s PE Encryptor v0.75, (c)1998 Virogen[NOP]'
ifndef console_app
db 0
endif
ifdef console_app
db cr,lf,' email:vgen@hotmail.com',cr,lf
db 50 dup(hline),cr,lf,0
endif
badcmd_txt db 'Invalid command line!',cr,lf,'Usage: VGCRYPT filename',cr,lf,0
success_txt:
ifdef console_app
db cr,lf
endif
db 'Successfully encrypted!'
ifdef console_app
db 0
endif
file_txt db cr,lf,' Installed on file: ',tab,0
db 400 dup (0) ; plenty of space
obj_txt db cr,lf,' Installed in object: ',tab,0
db 9 dup(0)
eobj_txt db cr,lf,' Encrypted objects: ',0
db (MAX_OBJS*8)+1 dup(0)
hole_txt db cr,lf,'VGCrypt installed in alignment hole, with no phsyical size increase!',0
already_txt:
ifdef console_app
db cr,lf,'File appears to already be encrypted. Encrypting again.',0
endif
db 'File appears to already be encrypted. Do you wish to encrypt again?',0
append_question db 'Could not locate any "caves" to install into!',cr,lf,'Click YES'
db ' to create new object',cr,lf,'Click NO to append to last object.',0
error_txt:
ifdef console_app
db cr,lf,' '
endif
db 'There was an error encrypting the file!',cr,lf
ifdef console_app
db 0
endif
fname_txt db 'Specified file: ',0
db 260 dup(0)
nohole_txt db cr,lf,'No available "caves" to install into, forced to increase physical size.',0
doing_obj_txt db cr,lf,'Encrypting object: ',tab,0
skip_obj_txt db cr,lf,'Skipping object: ',tab,0
found_hole_obj db cr,lf,'Found hole in object: ',tab,0
done_txt db '..Done',0
creation dd 0,0 ; our file time structures
lastaccess dd 0,0
lastwrite dd 0,0
oldchksum dd 0
fsize dd 0
map_ptr dd 0
oldattrib dd 0 ; stored file attribs
fnameptr dd 0 ; ptr to file name we're inf
ptrpeheader dd 0
objPsize dd 0
maphandle dd 0
handle dd 0
objtblVA dd 0
objptr dd 0
lastobjimageoff dd 0
originalpsize dd 0
originalvsize dd 0
error db -1 ;
importtbl dd 0
exporttbl dd 0
byteswrote dd 0
hstdo dd 0
hstdi dd 0
ynbuf db 0
use_hole db 0
holeptr dd 0
bad_otbl: ; this is the list of bad objs - did I miss any?
dd 'rsr.' ; rsrc
dd 'ler.' ; relo
dd 'ade.' ; edata
dd 'ete.' ; etext
dd 'adi.' ; idata
dd 'adr.' ; rdata
dd 'slt.' ; tls
dd 0
;---- decryptor code installed into file ----
;
;
;
;*** CLOSED SOURCE, for security
;
;
;
; --- end of decryptor code ---
; --- start of VGCrypt ---
.code ; code object - change flags to rwx
start:
ifdef console_app
call GetSHandle
lea ebx,init_txt
call WriteString
endif
call GetCommandLineA ; retrieve command line
or eax,eax
jz _exit_bad_cmd_line ; if none then abort /w msg
xchg esi,eax
sl:
cmp byte ptr [esi],0 ; if first byte is NULL then something way wrong
jz _exit_bad_cmd_line
shl eax,8 ; rotate 1 byte in eax, for loop.. eax running load
lodsb ; get next byte in al
cmp eax,'rypt' ; end of our proggie name?
jnz not_eoc
cmp byte ptr [esi],'.'
jnz esl
not_eoc:
cmp eax,'.exe' ; .exe end of our proggie name?
jz esl
cmp eax,'.EXE' ; .EXE end of our proggie name?
jnz sl
esl:
lodsb
cmp al,' '
jz esl
cmp al,'"'
jz esl
dec esi
esl2:
cmp byte ptr [esi],0 ; if first char in parameter 1 is NULL then we fuq
jz _exit_bad_cmd_line
ifndef console_app
push esi
push offset success_txt
call lstrcat ; append filename to success message
endif
ifdef console_app
push esi
push offset fname_txt
call lstrcat
lea ebx,fname_txt
call WriteString
endif
mov fnameptr,esi ; set fnameptr->filename
call EncryptFile ; go encrypt
;cmp error,-4
;jz _exit
cmp error,-1 ; error?
jz _exit_error ; if so go display error message
ifndef console_app
push offset obj_txt
push offset success_txt
call lstrcat ; append object name we inserted or appending to
push offset eobj_txt
push offset success_txt
call lstrcat ; append objects we encrypted
cmp use_hole,1
jnz no_hole_msg
push offset hole_txt
jmp app_success
no_hole_msg:
push offset nohole_txt
app_success:
push offset success_txt
call lstrcat
push 0
push offset caption
push offset success_txt
push 0
call MessageBoxA
endif
ifdef console_app
lea ebx,success_txt
call WriteString
endif
xor eax,eax
jmp _exit
_exit_error:
ifndef console_app
push fnameptr
push offset error_txt
call lstrcat
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -