ajout du crypteur en WIP

.gitignore

@@ -1,3 +1,7 @@
+#le crypter est en WIP, pas sûr de le faire jusqu'au bout, peut-être faire un obfuscateur à la place
 .vim
 Laika/.vs
-Laika/release
+Laika/release
+Crypter/.vs
+Crypter/x64
+Dropper/

Crypter/Crypter.sln

@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.1.32407.343
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Crypter", "Crypter.vcxproj", "{B2AD6043-66E6-45BF-92EB-97885F7C5B54}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Debug|x64.ActiveCfg = Debug|x64
+		{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Debug|x64.Build.0 = Debug|x64
+		{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Debug|x86.ActiveCfg = Debug|Win32
+		{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Debug|x86.Build.0 = Debug|Win32
+		{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Release|x64.ActiveCfg = Release|x64
+		{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Release|x64.Build.0 = Release|x64
+		{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Release|x86.ActiveCfg = Release|Win32
+		{B2AD6043-66E6-45BF-92EB-97885F7C5B54}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {C281EF3B-A7D6-4774-975C-9059CF599FEF}
+	EndGlobalSection
+EndGlobal

Crypter/Crypter.vcxproj

@@ -0,0 +1,156 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{b2ad6043-66e6-45bf-92eb-97885f7c5b54}</ProjectGuid>
+    <RootNamespace>Crypter</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions);_CRT_SECURE_NO_WARNINGS</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <LanguageStandard>stdcpp17</LanguageStandard>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions);_CRT_SECURE_NO_WARNINGS;TRIALDLL_EXPORT</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <LanguageStandard>stdcpp17</LanguageStandard>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="main.cpp" />
+    <ClCompile Include="random.cpp" />
+    <ClCompile Include="utils.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="config.hpp" />
+    <ClInclude Include="random.hpp" />
+    <ClInclude Include="utils.hpp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

Crypter/Crypter.vcxproj.filters

@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Init">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Random">
+      <UniqueIdentifier>{e73ec28b-18e4-4f85-9c24-b1e26d972336}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Utils">
+      <UniqueIdentifier>{00c90023-42b3-4b1a-9d61-c363b4660686}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Config">
+      <UniqueIdentifier>{47733102-deb7-437d-ada8-bca851a43356}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Imports">
+      <UniqueIdentifier>{ecae1be1-6edb-45a9-bf23-273b5e5bf6f3}</UniqueIdentifier>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="main.cpp">
+      <Filter>Init</Filter>
+    </ClCompile>
+    <ClCompile Include="random.cpp">
+      <Filter>Random</Filter>
+    </ClCompile>
+    <ClCompile Include="utils.cpp">
+      <Filter>Utils</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="random.hpp">
+      <Filter>Random</Filter>
+    </ClInclude>
+    <ClInclude Include="utils.hpp">
+      <Filter>Utils</Filter>
+    </ClInclude>
+    <ClInclude Include="config.hpp">
+      <Filter>Config</Filter>
+    </ClInclude>
+  </ItemGroup>
+</Project>

Crypter/Crypter.vcxproj.user

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LocalDebuggerCommandArguments>
+    </LocalDebuggerCommandArguments>
+    <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LocalDebuggerCommandArguments>-i x64/Debug/Laika.exe -o x64/Debug/out.exe</LocalDebuggerCommandArguments>
+    <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
+  </PropertyGroup>
+</Project>

Crypter/config.hpp

@@ -0,0 +1,5 @@
+#pragma once
+
+const int PROB_ANSI = 50;
+const int CODE_BLOCK_CALL_COUNT_MIN = 5;
+const int CODE_BLOCK_CALL_COUNT_MAX = 15;

Crypter/main.cpp

@@ -0,0 +1,206 @@
+#include <Windows.h>
+#include <stdio.h>
+#include <algorithm>
+#include <string>
+#include <iostream>
+#include <fstream>
+#include <filesystem>
+#include <inttypes.h>
+
+#include <Zydis/Zydis.h>
+#include <Zydis/SharedTypes.h>
+#include <Zydis/Decoder.h>
+
+#include "random.hpp"
+#include "utils.hpp"
+#include "config.hpp"
+
+
+extern g_random random;
+
+unsigned __int64 origSeed;
+int main(int argc, char* argv[]) {
+    if (argc < 5)
+    {
+        printf("Usage: %s -i <in_file> -o <out_file> [-s <seed>] [-c <config_file>]", argv[0]);
+        return 1;
+    }
+
+    unsigned __int64 genSeed = random.random_seed();
+
+    char* arg_in = 0;
+    char* arg_out = 0;
+    char* arg_seed = 0;
+    char* arg_config = 0;
+
+    //==========================================================
+    //    parse commandline
+    //==========================================================
+    for (int arg_i = 0; arg_i < argc; arg_i++)
+    {
+        if (strcmp(argv[arg_i], "-i") == 0)  arg_in = argv[arg_i + 1];
+        if (strcmp(argv[arg_i], "-o") == 0) arg_out = argv[arg_i + 1];
+        if (strcmp(argv[arg_i], "-s") == 0) arg_seed = argv[arg_i + 1];
+        if (strcmp(argv[arg_i], "-c") == 0) arg_config = argv[arg_i + 1];
+    };
+
+    if (arg_in == 0 || arg_out == 0) {
+        printf("Usage: %s -i <in_file> -o <out_file> [-s <seed>] [-c <config_file>]", argv[0]);
+        return 1;
+    }
+
+    printf("\n IN : %s", arg_in);
+    printf("\n OUT: %s", arg_out);
+    printf("\n CFG: %s", arg_config);
+    if (arg_seed == 0) {
+        printf("\n DNA: 0x%I64X \n", genSeed);
+    }
+    else {
+        printf("\n DNA: 0x%s", arg_seed);
+    }
+
+    if (arg_seed)
+    {
+        unsigned __int64 s = _strtoui64(arg_seed, NULL, 10);
+        if (s == 0) {
+            printf("\nBad seed format\n");
+            return 1;
+        }
+
+        random.set_Seed(s);
+    }
+    else {
+        random.set_Seed(genSeed);
+    }
+
+    origSeed = random.get_Seed();
+    
+    StringReplace(arg_out, ".exe", "");
+    size_t n = strlen(arg_out);
+    
+    char* arg_out_full = (char*)malloc(n + 20); // allocating memory for the modified string
+    memcpy(arg_out_full, arg_out, n);
+    sprintf(&arg_out_full[n], "_0x000%I64X.exe", origSeed);
+
+    printf("\n OUT: %s \n", arg_out_full);
+    
+    // check absolute path, if no convert
+    if (arg_out_full && arg_out_full[1] != ':')
+    {
+        char* path = (char*)malloc(MAX_PATH * sizeof(char*));
+
+        DWORD length = GetCurrentDirectoryA(MAX_PATH, path);
+        if (arg_out_full[0] != '/' && arg_out_full[0] != '\\')
+        {
+            strcat(path, "\\");
+        }
+
+        strcat(path, arg_out_full);
+
+        arg_out_full = path;
+    }
+
+
+    printf(" Input:  %s\n", arg_in);
+    printf(" Output: %s\n", arg_out_full);
+
+    if (arg_config) {
+        printf(" Config: %s\n", arg_config);
+    }
+        
+
+    printf(" Seed: 0x%0.8X%0.8X\n", (DWORD)(random.get_Seed() >> 32), (DWORD)random.get_Seed());
+
+    DeleteFileA(arg_out_full);
+    free(arg_out_full);
+
+    HANDLE file_handle = CreateFileA(arg_in, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
+    if (file_handle == INVALID_HANDLE_VALUE) {
+        printf(" Failed to open file %s\n", arg_in);
+        return 1;
+    }
+
+    HANDLE file_mapping_handle = CreateFileMappingA(file_handle, NULL, PAGE_READONLY, 0, 0, NULL);
+    if (file_mapping_handle == NULL) {
+        printf(" Failed to create file mapping for %s\n", arg_in);
+        CloseHandle(file_handle);
+        return 1;
+    }
+
+    void* mapped_file = MapViewOfFile(file_mapping_handle, FILE_MAP_READ, 0, 0, 0);
+    if (mapped_file == NULL) {
+        printf(" Failed to map view of file %s\n", arg_in);
+        CloseHandle(file_mapping_handle);
+        CloseHandle(file_handle);
+        return 1;
+    }
+
+    PIMAGE_DOS_HEADER dos_header = (PIMAGE_DOS_HEADER)mapped_file;
+    if (dos_header->e_magic != IMAGE_DOS_SIGNATURE) {
+        printf(" Invalid DOS signature in %s\n", arg_in);
+        UnmapViewOfFile(mapped_file);
+        CloseHandle(file_mapping_handle);
+        CloseHandle(file_handle);
+        return 1;
+    }
+
+    PIMAGE_NT_HEADERS nt_headers = (PIMAGE_NT_HEADERS)((BYTE*)mapped_file + dos_header->e_lfanew);
+    if (nt_headers->Signature != IMAGE_NT_SIGNATURE) {
+        printf(" Invalid NT signature in %s\n", arg_in);
+        UnmapViewOfFile(mapped_file);
+        CloseHandle(file_mapping_handle);
+        CloseHandle(file_handle);
+        return 1;
+    }
+
+    DWORD text_addr = 0x0;
+    DWORD text_size = 0x0;
+    PIMAGE_SECTION_HEADER section_headers = (PIMAGE_SECTION_HEADER)((BYTE*)&nt_headers->OptionalHeader + nt_headers->FileHeader.SizeOfOptionalHeader);
+    for (WORD i = 0; i < nt_headers->FileHeader.NumberOfSections; ++i) {
+        if (strncmp((char*)section_headers[i].Name, ".text", 5) == 0) {
+            text_addr = section_headers[i].PointerToRawData;
+            text_size = section_headers[i].SizeOfRawData;
+            break;
+        }
+    }
+
+    printf("\n");
+
+    // Initialize decoder context
+    ZydisDecoder decoder;
+    ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LEGACY_32, ZYDIS_ADDRESS_WIDTH_32);
+
+    // Initialize formatter. Only required when you actually plan to do instruction
+    // formatting ("disassembling"), like we do here
+    ZydisFormatter formatter;
+    ZydisFormatterInit(&formatter, ZYDIS_FORMATTER_STYLE_INTEL);
+    
+    // Loop over the instructions in our buffer.
+    // The runtime-address (instruction pointer) is chosen arbitrary here in order to better
+    // visualize relative addressing
+    ZyanU64 runtime_address = nt_headers->OptionalHeader.ImageBase - 0x1000;
+    ZyanUSize offset = text_addr;
+    const ZyanUSize length = sizeof((char*)mapped_file);
+    ZydisDecodedInstruction instruction;
+
+    while (ZYAN_SUCCESS(ZydisDecoderDecodeBuffer(&decoder, (char*)mapped_file + offset, length - offset,
+        &instruction)) && offset < text_size + text_addr)
+    {
+        // Print current instruction pointer.
+        printf(" %016" PRIX64 "  ", runtime_address);
+
+        // Format & print the binary instruction structure to human-readable format
+        char buffer[256];
+        ZydisFormatterFormatInstruction(&formatter, &instruction, buffer, sizeof(buffer), runtime_address);
+        puts(buffer);
+
+        offset += instruction.length;
+        runtime_address += instruction.length;
+    }
+
+    UnmapViewOfFile(mapped_file);
+    CloseHandle(file_mapping_handle);
+    CloseHandle(file_handle);
+
+    return 0;
+}

Crypter/random.cpp

@@ -0,0 +1,55 @@
+#include "random.hpp"
+#include <math.h>
+#include <stdlib.h>     /* srand, rand */
+#include <time.h>       /* time */
+#include <stdio.h>
+#include <random>
+#include <Windows.h>
+#include "config.hpp"
+
+g_random random;
+
+unsigned __int64 t_random::get_Seed() {
+	return seed;
+}
+
+void t_random::set_Seed(unsigned __int64 new_seed) {
+	seed = new_seed;
+	srand((unsigned int)seed);
+}
+
+// Robert Jenkins' 96 bit Mix Function
+unsigned long mix(unsigned long a, unsigned long b, unsigned long c)
+{
+	a = a - b;  a = a - c;  a = a ^ (c >> 13);
+	b = b - c;  b = b - a;  b = b ^ (a << 8);
+	c = c - a;  c = c - b;  c = c ^ (b >> 13);
+	a = a - b;  a = a - c;  a = a ^ (c >> 12);
+	b = b - c;  b = b - a;  b = b ^ (a << 16);
+	c = c - a;  c = c - b;  c = c ^ (b >> 5);
+	a = a - b;  a = a - c;  a = a ^ (c >> 3);
+	b = b - c;  b = b - a;  b = b ^ (a << 10);
+	c = c - a;  c = c - b;  c = c ^ (b >> 15);
+	return c;
+}
+
+unsigned __int64 t_random::random_seed() {
+	srand((unsigned long)mix(clock(), (unsigned long)time(NULL), GetCurrentProcessId())); //http://web.archive.org/web/20070111091013/http://www.concentric.net/~Ttwang/tech/inthash.htm
+	unsigned __int64 upper = (unsigned __int64)rand() << 32; // generate a random upper 32 bits
+	unsigned __int64 lower = (unsigned __int64)rand(); // generate a random lower 32 bits
+	unsigned __int64 result = upper | lower; // combine the upper and lower bits
+
+	return result;
+}
+
+bool t_random::get_proctype() {
+	return (rand() % 100) < PROB_ANSI;
+}
+
+int t_random::get_less(int min, int max) {
+	std::random_device rd;  //Will be used to obtain a seed for the random number engine
+	std::mt19937 gen(rd()); //Standard mersenne_twister_engine seeded with rd()
+	std::uniform_int_distribution<> dis(min, max);
+
+	return dis(gen);
+}

Crypter/random.hpp

@@ -0,0 +1,13 @@
+#pragma once
+#include <string>
+
+typedef struct t_random {
+	unsigned __int64 seed;
+
+	unsigned __int64 get_Seed();
+	void set_Seed(unsigned __int64 new_seed);
+
+	unsigned __int64 random_seed();
+	bool get_proctype();
+	int get_less(int min, int max);
+} g_random;

Crypter/utils.cpp

@@ -0,0 +1,18 @@
+#include "utils.hpp"
+#include <Windows.h>
+#include <string.h>
+#include <stdio.h>
+
+void StringReplace(char* in, const char* to_find, const char* replacement)
+{
+    char buffer[1024];
+    char* p;
+
+    if (!(p = strstr(in, to_find)))
+        return;
+
+    strncpy(buffer, in, p - in);
+    buffer[p - in] = '\0';
+    sprintf(buffer + (p - in), "%s%s", replacement, p + strlen(to_find));
+    strcpy(in, buffer);
+}

Crypter/utils.hpp

@@ -0,0 +1,3 @@
+#pragma once
+
+void StringReplace(char* in, const char* to_find, const char* replacement);

readme.md

@@ -28,9 +28,20 @@
 <details open>
 <summary>TODO</summary>
 
-* Build l'agent en spécifiant la config
 * Ajouter un crypteur/dropper
 </details>
 
 
-![Alt text](Screenshots/Server.PNG "Screenshot du server")
+![Alt text](Screenshots/Server.PNG "Screenshot du server")
+
+# Crypter
+
+En WIP.
+
+<details open>
+<summary>TODO</summary>
+
+* Ajouter du code mutation
+* Control flow flattening
+* Anti-disassembly
+</details>