| BlackSun |
05.06.2008 10:46 |
...
Код:
function GetPackerSecName: string;
const
SectName: array [0..33] of ShortString =('ASPack','.aspr',
'.code','kryptor','.lame','Guard','.shrink','.UPX1',
'PELockNT','PESHLD','Stone','.peshit','PEtite','SC v1.2',
'.shield','SPLASH','SVKP','tElock','CDLock','.UPX2',
'HYBRIS','.lcc','Xtreme','.pepack','ZCode','.PECrypt',
'ORiEN','.y0da','PUNiSHER','.stealth','.UPX0','.PKLITE',
'.arma','.nfo');
begin
Result := SectName[random(33)];
end;
function Reverse_DWORD(Add: DWORD): String;
var
I: integer;
S1, S2, TT: String[8];
begin
S1 := IntToHEX(Add, 8);
S2 := '';
for I := 1 to 4 do
begin
TT := copy(S1, 1, 2);
delete(S1, 1, 2);
S2 := TT + S2;
end;
Result := S2;
end;
function TfrmMain.AddNewSection(Sign: String): Boolean;
type
TSection = packed record
Name: array[0..7] of Char;
VirtualSize: DWORD;
VirtualAddress: DWORD;
PhysicalSize: DWORD;
PhysicalOffset: DWORD;
PointerToRelocations: DWORD;
PointerToLinenumbers: DWORD;
NumberOfRelocations: WORD;
NumberOfLinenumbers: WORD;
Characteristics: DWORD;
end;
var
NewSectionSize: integer;
FHandle: THandle;
OFS: OFSTRUCT;
BytesRead: DWORD;
EXESig: WORD;
PESig: DWORD;
PEHeaderOffset: DWORD;
ImageBase: DWORD;
EntryPointRVA: DWORD;
SizeOfImage: DWORD;
NumOfSections: WORD;
Sect_Align: DWORD;
Characteristics: DWORD;
Section: TSection;
I: DWORD;
OEP: DWORD;
ImSZ: DWORD;
VirAddr: DWORD;
PhyAddr: DWORD;
Num: Integer;
Byt: Byte;
TrashByte: String;
begin
Result := False;
if not FileExists(FileName.Text) then
begin
MsgError('File not found');
Exit;
end;
FHandle := OpenFile(PChar(FileName.Text), OFS, OF_READWRITE);
if (FHandle = INVALID_HANDLE_VALUE) then
begin
MsgError('Error at opening file');
Exit;
end;
ReadFile(FHandle, EXESig, SizeOf(EXESig), BytesRead, nil);
if EXESig <> $5A4D then
begin
MsgError('Invalid MZ file');
Exit;
end;
SetFilePointer(FHandle, $3C, nil, 0);
ReadFile(FHandle, PEHeaderOffset, SizeOf(PEHeaderOffset), BytesRead, nil);
if PEHeaderOffset = 0 then
begin
MsgError('PE header offset not found');
Exit;
end;
SetFilePointer(FHandle, PEHeaderOffset, nil, 0);
ReadFile(FHandle, PESig, SizeOf(PESig), BytesRead, nil);
if PESig <> $00004550 then
begin
MsgError('Invalid PE file');
Exit;
end;
SetFilePointer(FHandle, PEHeaderOffset + $16, nil, 0);
ReadFile(FHandle, Characteristics, SizeOf(Characteristics), BytesRead, nil);
if Characteristics and IMAGE_FILE_DLL <> 0 then
begin
MsgError('Can not protect a DLL. Sorry...');
Exit;
end;
SetFilePointer(FHandle, PEHeaderOffset + $50, nil, 0);
ReadFile(FHandle, SizeOfImage, SizeOf(SizeOfImage), BytesRead, nil);
SetFilePointer(FHandle, PEHeaderOffset + $34, nil, 0);
ReadFile(FHandle, ImageBase, SizeOf(ImageBase), BytesRead, nil);
SetFilePointer(FHandle, PEHeaderOffset + $28, nil, 0);
ReadFile(FHandle, EntryPointRVA, SizeOf(EntryPointRVA), BytesRead, nil);
SetFilePointer(FHandle, PEHeaderOffset + $06, nil, 0);
ReadFile(FHandle, NumOfSections, SizeOf(NumOfSections), BytesRead, nil);
SetFilePointer(FHandle, PEHeaderOffset + $38, nil, 0);
ReadFile(FHandle, Sect_Align, SizeOf(Sect_Align), BytesRead, nil);
SetFilePointer(FHandle, PEHeaderOffset + $F8, nil, 0);
for I := 1 to NumOfSections do
begin
ReadFile(FHandle, Section, SizeOf(Section), BytesRead, nil);
SetFilePointer(FHandle, -SizeOf(Section), nil, FILE_CURRENT);
section.Characteristics := $C0000040;
WriteFile(FHandle, Section, SizeOf(Section), BytesRead, nil);
end;
SetFilePointer(FHandle, PEHeaderOffset + $F8, nil, 0);
for I := 1 to NumOfSections do
begin
ReadFile(FHandle, Section, SizeOf(Section), BytesRead, nil);
if (EntryPointRVA >= Section.VirtualAddress)
and (EntryPointRVA < Section.VirtualAddress + Section.VirtualSize) then
Break;
end;
OEP := ImageBase + EntryPointRVA;
Sign := Sign + '68' + Reverse_DWORD(OEP) + 'C3';
NewSectionSize := length(Sign) div 2;
SetFilePointer(FHandle, PEHeaderOffset + $F8, nil, 0);
for I := 1 to NumOfSections do
ReadFile(FHandle, Section, SizeOf(Section), BytesRead, nil);
VirAddr := ((Section.VirtualAddress + Section.VirtualSize + Sect_Align-1)
div Sect_Align) * Sect_Align;
PhyAddr := Section.PhysicalOffset + Section.PhysicalSize;
SetFilePointer(FHandle, PEHeaderOffset + $F8 + NumOfSections * $28 - $28, nil, 0);
ReadFile(FHandle, Section, SizeOf(Section), BytesRead, nil);
with Section do
begin
VirtualAddress := VirAddr;
VirtualSize := NewSectionSize;
PhysicalOffset := PhyAddr;
PhysicalSize := NewSectionSize;
Characteristics := $C0000020;
StrPCopy(Name, GetPackerSecName);
end;
SetFilePointer(FHandle, PEHeaderOffset + $50, nil, 0);
ImSZ := VirAddr + Section.VirtualSize - section.PhysicalSize;
WriteFile(FHandle, ImSz, SizeOf(ImSz), BytesRead, nil);
SetFilePointer(FHandle, PEHeaderOffset + $F8 + NumOfSections * $28, nil, 0);
WriteFile(FHandle, Section, SizeOf(Section), BytesRead, nil);
Inc(NumOfSections);
SetFilePointer(FHandle, PEHeaderOffset + $06, nil, 0);
WriteFile(FHandle, NumOfSections, SizeOf(NumOfSections), BytesRead, nil);
//Add new section
SetFilePointer(FHandle, PEHeaderOffset + $50, nil, 0);
ReadFile(FHandle, I, SizeOf(I), BytesRead, nil);
Inc(I, NewSectionSize);
SetFilePointer(FHandle, PEHeaderOffset + $50, nil, 0);
WriteFile(FHandle, I, SizeOf(I), BytesRead, nil);
//Fix Image Size
SetFilePointer(FHandle, PEHeaderOffset + $1C, nil, 0);
ReadFile(FHandle, I, SizeOf(I), BytesRead, nil);
//Fix Size of Code
SetFilePointer(FHandle, Section.PhysicalOffset + Section.PhysicalSize -
NewSectionSize, nil, 0);
for Num := 0 to (Length(Sign) div 2) - 1 do
begin
TrashByte := copy(Sign, (num * 2 + 1), 2);
if TrashByte = '??' then TrashByte := '90';
Byt := StrToInt('$' + TrashByte);
WriteFile(FHandle, Byt, SizeOf(byt), BytesRead, nil);
end;
EntryPointRVA := Section.PhysicalOffset + Section.VirtualAddress
- Section.PhysicalOffset;
SetFilePointer(FHandle, PEHeaderOffset + $28, nil, 0);
WriteFile(FHandle, EntryPointRVA, SizeOf(EntryPointRVA), BytesRead, nil);
CloseHandle(FHandle);
frmLog._Log.Lines.Add('Trash bytes writed');
Result := True;
end;
|
