📄 75src.asm
字号:
push MB_ICONEXCLAMATION
push offset caption
push offset error_txt
push 0
call MessageBoxA
endif
ifdef console_app
lea ebx,error_txt
call WriteString
endif
mov eax,2
jmp _exit
_exit_bad_cmd_line:
ifndef console_app
push MB_ICONEXCLAMATION
push offset caption
push offset badcmd_txt
push 0
call MessageBoxA
endif
ifdef console_app
lea ebx,badcmd_txt
call WriteString
endif
xor eax,eax
inc eax
_exit:
call ExitProcess,eax
;-----------------------------------------------
; encrypt file - call with fnameptr set
;
EncryptFile proc
mov eax,fnameptr
push eax
call GetFileAttributesA ; get file attributes
mov oldattrib,eax
cmp eax,-1 ; if error then maybe shared
jnz not_shared
ret ; can't encrypt it
not_shared:
push 20h ; +A
mov eax,fnameptr
push eax
call SetFileAttributesA ; clear 'da attribs
mov esi,fnameptr
call OpenFile
call test_error
jnc open_ok
ret
open_ok:
mov handle,eax
push offset creation
push offset lastaccess
push offset lastwrite
push eax
call GetFileTime ; grab the file time
xor ecx,ecx ; only map size of file
call create_mapping ; create file mapping
jc abort_encrypt
; eax->mapped file
cmp word ptr [eax],'ZM' ; is EXE?
jnz abort_encrypt
call GetPEHeader ; load esi->PE Header
push 2
push esi ; test ptr for read acces
call IsBadReadPtr ; was ptr any good?
or eax,eax
jnz abort_encrypt
cmp word ptr [esi],'EP' ; PE?
jnz abort_encrypt
cmp dword ptr [esi+ID_OFF],marker ; marker?
jnz not_encrypted ; if yes, already processed
ifndef console_app
push MB_ICONHAND or MB_YESNO
push offset caption
push offset already_txt
push 0
call MessageBoxA
cmp eax,IDYES
jnz abort_encrypt
endif
ifdef console_app
lea ebx,already_txt
call WriteString
endif
not_encrypted:
call unmap ; unmap file
mov ecx,1000h ; give us room to add to the file, if needed
call create_mapping ; map file again
jc abort_encrypt
call GetPEHeader ; load esi -> pe header
call GetTickCount ; get tick count
mov key,eax ; save for encryption key
mov dword ptr [esi+ID_OFF],marker ; save marker
;mov eax,[esi+imagebase]
;mov svd_imagebase,eax ; save the image base
mov eax,[esi+datadir]
mov importtbl,eax
mov eax,[esi+edatadir]
mov exporttbl,eax
xor eax,eax
mov ax, word ptr [esi+NtHeaderSize] ; get header size
add eax,18h ; object table is here
add eax,esi
mov objptr,eax
; Let's check for existance of cave after object table in PE header
;mov edi,[eax+objpoff]
;add edi,map_ptr
;push esi
;int 3
;push eax
;xor eax,eax
;mov ax,[esi+numObj]
;inc eax
;mov ecx,40
;xor edx,edx
;mul ecx
;pop esi
;add esi,eax
;cmp esi,edi
;jge no_room_in_hdr
;xchg edi,esi
;mov cx,DECRYPTOR_SIZE
;xor eax,eax
;push edi
;repz scasb
;pop edi
;or cx,cx
;jnz no_room_in_hdr
;pop esi
;push esi
;mov eax,objptr
;mov ecx,[esi+filealign]
;mov ebx,[eax+objpoff]
;sub ebx,edi
;sub ebx,map_ptr
;mov [eax+objpoff],ebx
;mov holeptr,edi
;mov use_hole,1
no_room_in_hdr:
; Here we will traverse through the object table, encrypting objects
; which can be encrypted and also searching for a 'cave' big enough
; to hold us.
;pop esi
push esi
mov eax,objptr
lea edi,otable
xor ecx,ecx
mov cx,[esi+numObj] ; get number of objects
; dec cx
otbl_loop:
cmp edi,offset otable_end-8 ; filled up table?
jz next_obj
call test_obj ; see if good obj name
jc next_obj
pushad
cmp use_hole,1 ; already found hole?
jz no_hole_here
mov edx,[eax+objpsize] ; get obj psize
mov ecx,[eax+objvsize] ; get obj vsize
cmp ecx,edx ; any hole here?
jge no_hole_here
sub edx,ecx ; get size of hole
cmp edx,DECRYPTOR_SIZE ; big enough for us?
jl no_hole_here
mov objptr,eax ; save ptr obj rec
mov use_hole,1 ; set flag
mov ecx,[eax+objvsize] ; encrypt vsize
mov [edi+4],ecx ; if vsize<psize
ifdef console_app
lea ebx,found_hole_obj
call WriteString
mov ebx,eax
call WriteString
endif
no_hole_here:
push offset cr_lf_tab
push offset eobj_txt
call lstrcat
popad
pushad
push eax
push offset eobj_txt
call lstrcat
popad
push eax ecx
mov ebx,eax[objflags] ; get obj flags
or ebx,oflag_write ; OR in writable flag
mov eax[objflags],ebx ; save new object flags
mov ebx,eax[objrva] ; get the object's rva
mov [edi],ebx ; save it
mov ecx,[edi+4] ; see if we set above
or ecx,ecx ; if so then we are
jnz already_vsize ; gonna use vsize
mov ecx,eax[objpsize] ; get the object's physical size
mov [edi+4],ecx
already_vsize:
ifdef console_app
lea ebx,doing_obj_txt
call WriteString
mov ebx,eax
call WriteString
endif
add edi,8 ; increment to next table member
push edi
mov esi,eax[objpoff] ; esi->object physical offset
add esi,map_ptr
mov edi,esi
call encrypt_object ; encrypt the object
pop edi ecx eax
ifdef console_app
lea ebx,done_txt
call WriteString
endif
ifdef console_app
jmp next_did
endif
next_obj:
ifdef console_app
lea ebx,skip_obj_txt
call WriteString
mov ebx,eax
call WriteString
endif
next_did:
add eax,40 ; increment to next object record
loop otbl_loop
done_otbl:
pop esi ; restore ptr pe hdr
cmp use_hole,1
jz found_hole
sub eax,40
; make sure nuff room to add another object before we ask if
; the user wants to. dunno if this is best way to do it, but I
; just scan to make sure the next 40 bytes (1 object record) are
; all 0.
pushad
mov edi,eax
add edi,40
mov ecx,40
xor eax,eax
repz scasb
or ecx,ecx
jnz go_append
push MB_ICONQUESTION or MB_YESNO
push offset caption
push offset append_question
push 0
call MessageBoxA
cmp eax,IDNO
jz go_append
;cmp eax,IDCANCEL
;jnz go_create
;popad
;mov error,-4
;jmp abort_encrypt
go_create:
; user selected to create new object
popad
mov ecx,[eax+objrva] ; get last object rva
add ecx,[eax+objvsize] ; +=last object virtual size
push eax ; save obj record ptr
xchg ecx,eax ; eax=last object virtual end
mov ecx,[esi+objalign] ; ecx=object alignment
call align_fix ; go align da shiznit
xchg ecx,eax ; ecx=next object's rva
pop eax ; restore obj record ptr
mov edx,[eax+objpoff] ; edx=last object physical offset
add edx,[eax+objpsize] ; edx+=last object psize=obj pend
add eax,40 ; goto next object in table (new)
mov dword ptr [eax],'cgv.' ; set object name to .vgc
mov dword ptr [eax+objpsize],0 ; set psize to 0, updated later
mov dword ptr [eax+objvsize],0 ; set vsize to 0, update later
mov [eax+objrva],ecx ; set rva of object
mov [eax+objpoff],edx ; set physical offset of obj
inc word ptr [esi+numObj] ; increment number of objects
jmp after_apop
go_append:
popad
after_apop:
mov objptr,eax ; objptr->last obj
found_hole:
mov edi,objptr ; objptr->obj /w hole
cmp holeptr,0
jnz go_pe_hdr_hole
push edi
push offset obj_txt ; strcat object name
call lstrcat ; for display
mov eax,[edi+objpoff] ; get object physical off
mov lastobjimageoff,eax ; save it
mov ecx,[edi+objpsize] ; get object physical size
mov originalpsize,ecx ; save it 4 later
mov eax,[edi+objvsize] ; get object virtual size
mov originalvsize,eax ; save it
cmp use_hole,1
jz psize_less_vsize
cmp eax,ecx
jge psize_less_vsize ; padded space for alignment?
mov eax,ecx ; set vsize to psize
psize_less_vsize:
add eax,VIRTUAL_SIZE ; add our virtual size
mov dword ptr [edi+objvsize],eax ; save new virtual size
cmp use_hole,1 ; if using hole then add virtual size
jz in_hole_no_psize
mov eax,originalpsize ; get physical size of object
add eax,DECRYPTOR_SIZE ; adjust physical size of object
mov ecx,[esi+filealign]
call align_fix ; on file alignment
mov [edi+objpsize],eax
; now we must CORRECTLY calculate the new image size. This was the
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -