crypter removed
pour la publi open source je le sors, il reviendra peut-être mais sur un autre repo,. Pour l'instant je me focus sur l'agent
This commit is contained in:
4
.gitignore
vendored
4
.gitignore
vendored
@@ -1,7 +1,3 @@
|
||||
#le crypter est en WIP, pas sûr de le faire jusqu'au bout, peut-être faire un obfuscateur à la place
|
||||
.vim
|
||||
Laika/.vs
|
||||
Laika/release
|
||||
Crypter/.vs
|
||||
Crypter/x64
|
||||
Dropper/
|
||||
@@ -1,31 +0,0 @@
|
||||
|
||||
Microsoft Visual Studio Solution File, Format Version 12.00
|
||||
# Visual Studio Version 17
|
||||
VisualStudioVersion = 17.1.32407.343
|
||||
MinimumVisualStudioVersion = 10.0.40219.1
|
||||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Crypter", "Crypter.vcxproj", "{B2AD6043-66E6-45BF-92EB-97885F7C5B54}"
|
||||
EndProject
|
||||
Global
|
||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
||||
Debug|x64 = Debug|x64
|
||||
Debug|x86 = Debug|x86
|
||||
Release|x64 = Release|x64
|
||||
Release|x86 = Release|x86
|
||||
EndGlobalSection
|
||||
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
||||
{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Debug|x64.ActiveCfg = Debug|x64
|
||||
{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Debug|x64.Build.0 = Debug|x64
|
||||
{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Debug|x86.ActiveCfg = Debug|Win32
|
||||
{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Debug|x86.Build.0 = Debug|Win32
|
||||
{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Release|x64.ActiveCfg = Release|x64
|
||||
{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Release|x64.Build.0 = Release|x64
|
||||
{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Release|x86.ActiveCfg = Release|Win32
|
||||
{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Release|x86.Build.0 = Release|Win32
|
||||
EndGlobalSection
|
||||
GlobalSection(SolutionProperties) = preSolution
|
||||
HideSolutionNode = FALSE
|
||||
EndGlobalSection
|
||||
GlobalSection(ExtensibilityGlobals) = postSolution
|
||||
SolutionGuid = {C281EF3B-A7D6-4774-975C-9059CF599FEF}
|
||||
EndGlobalSection
|
||||
EndGlobal
|
||||
@@ -1,170 +0,0 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup Label="ProjectConfigurations">
|
||||
<ProjectConfiguration Include="Debug|Win32">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|Win32">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Debug|x64">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|x64">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<PropertyGroup Label="Globals">
|
||||
<VCProjectVersion>16.0</VCProjectVersion>
|
||||
<Keyword>Win32Proj</Keyword>
|
||||
<ProjectGuid>{b2ad6043-66e6-45bf-92eb-97885f7c5b54}</ProjectGuid>
|
||||
<RootNamespace>Crypter</RootNamespace>
|
||||
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v143</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v143</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v143</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v143</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="Shared">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<PropertyGroup Label="UserMacros" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
<IncludePath>$(SolutionDir)Zydis;$(IncludePath)</IncludePath>
|
||||
<AllProjectIncludesArePublic>false</AllProjectIncludesArePublic>
|
||||
<LibraryPath>$(LibraryPath);$(SolutionDir)lib</LibraryPath>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
<IncludePath>$(SolutionDir)Zydis;$(IncludePath)</IncludePath>
|
||||
<AllProjectIncludesArePublic>false</AllProjectIncludesArePublic>
|
||||
<LibraryPath>$(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64);;$(SolutionDir)lib</LibraryPath>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Label="Vcpkg">
|
||||
<VcpkgEnabled>false</VcpkgEnabled>
|
||||
<VcpkgManifestInstall>false</VcpkgManifestInstall>
|
||||
<VcpkgAutoLink>false</VcpkgAutoLink>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions);_CRT_SECURE_NO_WARNINGS</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<LanguageStandard>stdcpplatest</LanguageStandard>
|
||||
<LanguageStandard_C>stdc17</LanguageStandard_C>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<AdditionalDependencies>Zydis_debug.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions);_CRT_SECURE_NO_WARNINGS;TRIALDLL_EXPORT</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<LanguageStandard>stdcpplatest</LanguageStandard>
|
||||
<LanguageStandard_C>stdc17</LanguageStandard_C>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="main.cpp" />
|
||||
<ClCompile Include="random.cpp" />
|
||||
<ClCompile Include="utils.cpp" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="config.hpp" />
|
||||
<ClInclude Include="random.hpp" />
|
||||
<ClInclude Include="utils.hpp" />
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
</Project>
|
||||
@@ -1,40 +0,0 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup>
|
||||
<Filter Include="Init">
|
||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||
<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Random">
|
||||
<UniqueIdentifier>{e73ec28b-18e4-4f85-9c24-b1e26d972336}</UniqueIdentifier>
|
||||
</Filter>
|
||||
<Filter Include="Utils">
|
||||
<UniqueIdentifier>{00c90023-42b3-4b1a-9d61-c363b4660686}</UniqueIdentifier>
|
||||
</Filter>
|
||||
<Filter Include="Config">
|
||||
<UniqueIdentifier>{47733102-deb7-437d-ada8-bca851a43356}</UniqueIdentifier>
|
||||
</Filter>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="main.cpp">
|
||||
<Filter>Init</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="random.cpp">
|
||||
<Filter>Random</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="utils.cpp">
|
||||
<Filter>Utils</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="random.hpp">
|
||||
<Filter>Random</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="utils.hpp">
|
||||
<Filter>Utils</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="config.hpp">
|
||||
<Filter>Config</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
@@ -1,12 +0,0 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<LocalDebuggerCommandArguments>
|
||||
</LocalDebuggerCommandArguments>
|
||||
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<LocalDebuggerCommandArguments>-i x64/Debug/Laika.exe -o x64/Debug/out.exe</LocalDebuggerCommandArguments>
|
||||
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
|
||||
</PropertyGroup>
|
||||
</Project>
|
||||
54198
Crypter/Zydis/Zydis.c
54198
Crypter/Zydis/Zydis.c
File diff suppressed because one or more lines are too long
11883
Crypter/Zydis/Zydis.h
11883
Crypter/Zydis/Zydis.h
File diff suppressed because it is too large
Load Diff
@@ -1,5 +0,0 @@
|
||||
#pragma once
|
||||
|
||||
const int PROB_ANSI = 50;
|
||||
const int CODE_BLOCK_CALL_COUNT_MIN = 5;
|
||||
const int CODE_BLOCK_CALL_COUNT_MAX = 15;
|
||||
Binary file not shown.
Binary file not shown.
244
Crypter/main.cpp
244
Crypter/main.cpp
@@ -1,244 +0,0 @@
|
||||
#include <Windows.h>
|
||||
#include <stdio.h>
|
||||
#include <algorithm>
|
||||
#include <string>
|
||||
#include <iostream>
|
||||
#include <fstream>
|
||||
#include <filesystem>
|
||||
#include <inttypes.h>
|
||||
|
||||
#define ZYDIS_STATIC_BUILD
|
||||
#include <Zydis.h>
|
||||
|
||||
#include "random.hpp"
|
||||
#include "utils.hpp"
|
||||
#include "config.hpp"
|
||||
|
||||
extern g_random random;
|
||||
|
||||
unsigned __int64 origSeed;
|
||||
int main(int argc, char* argv[]) {
|
||||
if (argc < 5)
|
||||
{
|
||||
printf("Usage: %s -i <in_file> -o <out_file> [-s <seed>] [-c <config_file>]", argv[0]);
|
||||
return 1;
|
||||
}
|
||||
|
||||
unsigned __int64 genSeed = random.random_seed();
|
||||
|
||||
char* arg_in = 0;
|
||||
char* arg_out = 0;
|
||||
char* arg_seed = 0;
|
||||
char* arg_config = 0;
|
||||
|
||||
//==========================================================
|
||||
// parse commandline
|
||||
//==========================================================
|
||||
for (int arg_i = 0; arg_i < argc; arg_i++)
|
||||
{
|
||||
if (strcmp(argv[arg_i], "-i") == 0) arg_in = argv[arg_i + 1];
|
||||
if (strcmp(argv[arg_i], "-o") == 0) arg_out = argv[arg_i + 1];
|
||||
if (strcmp(argv[arg_i], "-s") == 0) arg_seed = argv[arg_i + 1];
|
||||
if (strcmp(argv[arg_i], "-c") == 0) arg_config = argv[arg_i + 1];
|
||||
};
|
||||
|
||||
if (arg_in == 0 || arg_out == 0) {
|
||||
printf("Usage: %s -i <in_file> -o <out_file> [-s <seed>] [-c <config_file>]", argv[0]);
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf("\n IN : %s", arg_in);
|
||||
printf("\n OUT: %s", arg_out);
|
||||
printf("\n CFG: %s", arg_config);
|
||||
if (arg_seed == 0) {
|
||||
printf("\n DNA: 0x%I64X \n", genSeed);
|
||||
}
|
||||
else {
|
||||
printf("\n DNA: 0x%s", arg_seed);
|
||||
}
|
||||
|
||||
if (arg_seed)
|
||||
{
|
||||
unsigned __int64 s = _strtoui64(arg_seed, NULL, 10);
|
||||
if (s == 0) {
|
||||
printf("\nBad seed format\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
random.set_Seed(s);
|
||||
}
|
||||
else {
|
||||
random.set_Seed(genSeed);
|
||||
}
|
||||
|
||||
origSeed = random.get_Seed();
|
||||
|
||||
StringReplace(arg_out, ".exe", "");
|
||||
size_t n = strlen(arg_out);
|
||||
|
||||
char* arg_out_full = (char*)malloc(n + 20); // allocating memory for the modified string
|
||||
memcpy(arg_out_full, arg_out, n);
|
||||
sprintf(&arg_out_full[n], "_0x000%I64X.exe", origSeed);
|
||||
|
||||
printf("\n OUT: %s \n", arg_out_full);
|
||||
|
||||
// check absolute path, if no convert
|
||||
if (arg_out_full && arg_out_full[1] != ':')
|
||||
{
|
||||
char* path = (char*)malloc(MAX_PATH * sizeof(char*));
|
||||
|
||||
DWORD length = GetCurrentDirectoryA(MAX_PATH, path);
|
||||
if (arg_out_full[0] != '/' && arg_out_full[0] != '\\')
|
||||
{
|
||||
strcat(path, "\\");
|
||||
}
|
||||
|
||||
strcat(path, arg_out_full);
|
||||
|
||||
arg_out_full = path;
|
||||
}
|
||||
|
||||
|
||||
printf(" Input: %s\n", arg_in);
|
||||
printf(" Output: %s\n", arg_out_full);
|
||||
|
||||
if (arg_config) {
|
||||
printf(" Config: %s\n", arg_config);
|
||||
}
|
||||
|
||||
|
||||
printf(" Seed: 0x%0.8X%0.8X\n", (DWORD)(random.get_Seed() >> 32), (DWORD)random.get_Seed());
|
||||
|
||||
DeleteFileA(arg_out_full);
|
||||
free(arg_out_full);
|
||||
|
||||
HANDLE file_handle = CreateFileA(arg_in, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
|
||||
if (file_handle == INVALID_HANDLE_VALUE) {
|
||||
printf(" Failed to open file %s\n", arg_in);
|
||||
return 1;
|
||||
}
|
||||
|
||||
HANDLE file_mapping_handle = CreateFileMappingA(file_handle, NULL, PAGE_READONLY, 0, 0, NULL);
|
||||
if (file_mapping_handle == NULL) {
|
||||
printf(" Failed to create file mapping for %s\n", arg_in);
|
||||
CloseHandle(file_handle);
|
||||
return 1;
|
||||
}
|
||||
|
||||
void* mapped_file = MapViewOfFile(file_mapping_handle, FILE_MAP_READ, 0, 0, 0);
|
||||
if (mapped_file == NULL) {
|
||||
printf(" Failed to map view of file %s\n", arg_in);
|
||||
CloseHandle(file_mapping_handle);
|
||||
CloseHandle(file_handle);
|
||||
return 1;
|
||||
}
|
||||
|
||||
PIMAGE_DOS_HEADER dos_header = (PIMAGE_DOS_HEADER)mapped_file;
|
||||
if (dos_header->e_magic != IMAGE_DOS_SIGNATURE) {
|
||||
printf(" Invalid DOS signature in %s\n", arg_in);
|
||||
UnmapViewOfFile(mapped_file);
|
||||
CloseHandle(file_mapping_handle);
|
||||
CloseHandle(file_handle);
|
||||
return 1;
|
||||
}
|
||||
|
||||
PIMAGE_NT_HEADERS nt_headers = (PIMAGE_NT_HEADERS)((BYTE*)mapped_file + dos_header->e_lfanew);
|
||||
if (nt_headers->Signature != IMAGE_NT_SIGNATURE) {
|
||||
printf(" Invalid NT signature in %s\n", arg_in);
|
||||
UnmapViewOfFile(mapped_file);
|
||||
CloseHandle(file_mapping_handle);
|
||||
CloseHandle(file_handle);
|
||||
return 1;
|
||||
}
|
||||
|
||||
DWORD text_addr = 0x0;
|
||||
DWORD text_size = 0x0;
|
||||
PIMAGE_SECTION_HEADER section_headers = (PIMAGE_SECTION_HEADER)((BYTE*)&nt_headers->OptionalHeader + nt_headers->FileHeader.SizeOfOptionalHeader);
|
||||
for (WORD i = 0; i < nt_headers->FileHeader.NumberOfSections; ++i) {
|
||||
if (strncmp((char*)section_headers[i].Name, ".text", 5) == 0) {
|
||||
text_addr = section_headers[i].PointerToRawData;
|
||||
text_size = section_headers[i].SizeOfRawData;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
printf("\n");
|
||||
printf(" Enumerating .text instructions and finding the stuff to change...\n");
|
||||
|
||||
// Initialize decoder context
|
||||
ZydisDecoder decoder;
|
||||
ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LEGACY_32, ZYDIS_STACK_WIDTH_32);
|
||||
|
||||
// Initialize formatter. Only required when you actually plan to do instruction
|
||||
// formatting ("disassembling"), like we do here
|
||||
ZydisFormatter formatter;
|
||||
ZydisFormatterInit(&formatter, ZYDIS_FORMATTER_STYLE_INTEL);
|
||||
|
||||
// Loop over the instructions in our buffer.
|
||||
// The runtime-address (instruction pointer) is chosen arbitrary here in order to better
|
||||
// visualize relative addressing
|
||||
ZyanU64 runtime_address = nt_headers->OptionalHeader.ImageBase - 0x1000;
|
||||
ZyanUSize offset = text_addr;
|
||||
const ZyanUSize length = sizeof((char*)mapped_file);
|
||||
ZydisDecodedInstruction instruction;
|
||||
ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT];
|
||||
|
||||
while (ZYAN_SUCCESS(ZydisDecoderDecodeFull(&decoder, (char*)mapped_file + offset, length - offset,
|
||||
&instruction, operands)) && offset < text_size + text_addr)
|
||||
{
|
||||
// Print current instruction pointer.
|
||||
printf(" %016" PRIX64 " ", runtime_address);
|
||||
|
||||
// Format & print the binary instruction structure to human-readable format
|
||||
char buffer[256];
|
||||
ZydisFormatterFormatInstruction(&formatter, &instruction, operands, instruction.operand_count_visible, buffer, sizeof(buffer), runtime_address, ZYAN_NULL);
|
||||
puts(buffer);
|
||||
|
||||
// Create an encoder request from the previously decoded instruction.
|
||||
ZydisEncoderRequest enc_req;
|
||||
ZydisEncoderDecodedInstructionToEncoderRequest(&instruction, operands,
|
||||
instruction.operand_count_visible, &enc_req);
|
||||
|
||||
// Now, change some things about the instruction!
|
||||
|
||||
// Change `jz` -> `jnz` and `add` -> `sub`.
|
||||
bool changed = true;
|
||||
switch (enc_req.mnemonic)
|
||||
{
|
||||
case ZYDIS_MNEMONIC_ADD:
|
||||
enc_req.mnemonic = ZYDIS_MNEMONIC_SUB;
|
||||
break;
|
||||
case ZYDIS_MNEMONIC_JZ:
|
||||
enc_req.mnemonic = ZYDIS_MNEMONIC_JNZ;
|
||||
break;
|
||||
default:
|
||||
// Don't change other instructions.
|
||||
changed = false;
|
||||
break;
|
||||
}
|
||||
|
||||
if (changed) {
|
||||
printf(" Instruction %s changed\n", buffer);
|
||||
// Encode the instruction back to raw bytes.
|
||||
uint8_t new_bytes[ZYDIS_MAX_INSTRUCTION_LENGTH];
|
||||
ZyanUSize new_instr_length = sizeof(new_bytes);
|
||||
ZydisEncoderEncodeInstruction(&enc_req, new_bytes, &new_instr_length);
|
||||
|
||||
// Decode and print the new instruction. We re-use the old buffers.
|
||||
ZydisDecoderDecodeFull(&decoder, new_bytes, new_instr_length, &instruction,
|
||||
operands);
|
||||
ZydisFormatterFormatInstruction(&formatter, &instruction, operands,
|
||||
instruction.operand_count_visible, buffer, sizeof(buffer), 0, NULL);
|
||||
printf(" New instruction: %s\n", buffer);
|
||||
}
|
||||
|
||||
offset += instruction.length;
|
||||
runtime_address += instruction.length;
|
||||
}
|
||||
|
||||
UnmapViewOfFile(mapped_file);
|
||||
CloseHandle(file_mapping_handle);
|
||||
CloseHandle(file_handle);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -1,55 +0,0 @@
|
||||
#include "random.hpp"
|
||||
#include <math.h>
|
||||
#include <stdlib.h> /* srand, rand */
|
||||
#include <time.h> /* time */
|
||||
#include <stdio.h>
|
||||
#include <random>
|
||||
#include <Windows.h>
|
||||
#include "config.hpp"
|
||||
|
||||
g_random random;
|
||||
|
||||
unsigned __int64 t_random::get_Seed() {
|
||||
return seed;
|
||||
}
|
||||
|
||||
void t_random::set_Seed(unsigned __int64 new_seed) {
|
||||
seed = new_seed;
|
||||
srand((unsigned int)seed);
|
||||
}
|
||||
|
||||
// Robert Jenkins' 96 bit Mix Function
|
||||
unsigned long mix(unsigned long a, unsigned long b, unsigned long c)
|
||||
{
|
||||
a = a - b; a = a - c; a = a ^ (c >> 13);
|
||||
b = b - c; b = b - a; b = b ^ (a << 8);
|
||||
c = c - a; c = c - b; c = c ^ (b >> 13);
|
||||
a = a - b; a = a - c; a = a ^ (c >> 12);
|
||||
b = b - c; b = b - a; b = b ^ (a << 16);
|
||||
c = c - a; c = c - b; c = c ^ (b >> 5);
|
||||
a = a - b; a = a - c; a = a ^ (c >> 3);
|
||||
b = b - c; b = b - a; b = b ^ (a << 10);
|
||||
c = c - a; c = c - b; c = c ^ (b >> 15);
|
||||
return c;
|
||||
}
|
||||
|
||||
unsigned __int64 t_random::random_seed() {
|
||||
srand((unsigned long)mix(clock(), (unsigned long)time(NULL), GetCurrentProcessId())); //http://web.archive.org/web/20070111091013/http://www.concentric.net/~Ttwang/tech/inthash.htm
|
||||
unsigned __int64 upper = (unsigned __int64)rand() << 32; // generate a random upper 32 bits
|
||||
unsigned __int64 lower = (unsigned __int64)rand(); // generate a random lower 32 bits
|
||||
unsigned __int64 result = upper | lower; // combine the upper and lower bits
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
bool t_random::get_proctype() {
|
||||
return (rand() % 100) < PROB_ANSI;
|
||||
}
|
||||
|
||||
int t_random::get_less(int min, int max) {
|
||||
std::random_device rd; //Will be used to obtain a seed for the random number engine
|
||||
std::mt19937 gen(rd()); //Standard mersenne_twister_engine seeded with rd()
|
||||
std::uniform_int_distribution<> dis(min, max);
|
||||
|
||||
return dis(gen);
|
||||
}
|
||||
@@ -1,13 +0,0 @@
|
||||
#pragma once
|
||||
#include <string>
|
||||
|
||||
typedef struct t_random {
|
||||
unsigned __int64 seed;
|
||||
|
||||
unsigned __int64 get_Seed();
|
||||
void set_Seed(unsigned __int64 new_seed);
|
||||
|
||||
unsigned __int64 random_seed();
|
||||
bool get_proctype();
|
||||
int get_less(int min, int max);
|
||||
} g_random;
|
||||
@@ -1,18 +0,0 @@
|
||||
#include "utils.hpp"
|
||||
#include <Windows.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
|
||||
void StringReplace(char* in, const char* to_find, const char* replacement)
|
||||
{
|
||||
char buffer[1024];
|
||||
char* p;
|
||||
|
||||
if (!(p = strstr(in, to_find)))
|
||||
return;
|
||||
|
||||
strncpy(buffer, in, p - in);
|
||||
buffer[p - in] = '\0';
|
||||
sprintf(buffer + (p - in), "%s%s", replacement, p + strlen(to_find));
|
||||
strcpy(in, buffer);
|
||||
}
|
||||
@@ -1,3 +0,0 @@
|
||||
#pragma once
|
||||
|
||||
void StringReplace(char* in, const char* to_find, const char* replacement);
|
||||
@@ -122,6 +122,7 @@
|
||||
<EntryPointSymbol>main</EntryPointSymbol>
|
||||
<StackReserveSize>
|
||||
</StackReserveSize>
|
||||
<GenerateMapFile>true</GenerateMapFile>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
|
||||
15
readme.md
15
readme.md
@@ -8,7 +8,7 @@
|
||||
* Shellcode injection (TODO)
|
||||
|
||||
## Caractéristiques
|
||||
* Petit (7ko)
|
||||
* Petit (12ko)
|
||||
* Fait en C, sans CRT
|
||||
* x32 bit
|
||||
* Modulaire (peut se déployer via shellcode/dll/pe injection/.exe)
|
||||
@@ -36,21 +36,8 @@
|
||||
<details open>
|
||||
<summary>TODO</summary>
|
||||
|
||||
* Ajouter un crypteur/dropper
|
||||
* Fix l'input qui bloque l'arrivée de données (reproductible avec une session powershell)
|
||||
</details>
|
||||
|
||||
|
||||
|
||||
|
||||
# Crypter
|
||||
|
||||
En WIP.
|
||||
|
||||
<details open>
|
||||
<summary>TODO</summary>
|
||||
|
||||
* Ajouter du code mutation
|
||||
* Control flow flattening
|
||||
* Anti-disassembly
|
||||
</details>
|
||||
|
||||
Reference in New Issue
Block a user