文件加壳实现(一)—— 添加进文件并加密

半成品,要下班了,记录下

 

0x1 调用函数

BOOL PackExeFile(HWND hwndDlg)
{
	HWND hEditShell = GetDlgItem(hwndDlg,IDC_EDIT_SHELL);
	HWND hEditSrc = GetDlgItem(hwndDlg,IDC_EDIT_SRC);
	TCHAR shellPath[256]={0};
	TCHAR srcPath[256]={0};

	GetDlgItemText(hwndDlg,IDC_EDIT_SHELL,shellPath,256);
	GetDlgItemText(hwndDlg,IDC_EDIT_SRC,srcPath,256);

	//MessageBox(0,shellPath,"shell",MB_OK);
	//MessageBox(0,shellPath,"src",MB_OK);
	//将SRC的二进制代码加密,
	
	DWORD SrcFileSize=0;
	LPVOID pSrcFileBuffer = LoadPEFile(srcPath,SrcFileSize);
	CHAR* pOld = (CHAR*)pSrcFileBuffer;

	//循环加密
	//DWORD fileSize = 0;	
	LPVOID pSrcFileBufferEncode = malloc(SrcFileSize);
	memset(pSrcFileBufferEncode,SrcFileSize,0);
	CHAR* pNew = (CHAR*)pSrcFileBufferEncode;

	//void TestAddSecToFile(LPSTR lpszFile)
	//数据加密
	for(int i=0;i<(int)SrcFileSize;i++)
	{
		pNew[i] = pOld[i]^KEY;	
	}
	
	//将加密代码加入到文件内部
	//pNew,SrcFileSize
	AddSecToFile(shellPath,pSrcFileBufferEncode,SrcFileSize);

	return TRUE;
}

 

0x2  实际操作函数

 


void AddSecToFile(LPSTR lpszFile,LPVOID encryptFileBuffer,DWORD encryptBufferSize)
{
	LPVOID pFileBuffer = NULL;
	pFileBuffer= ReadPEFile(lpszFile);
	if(!pFileBuffer)
	{
		printf("文件读取失败\n");
		return;
	}
	
	PIMAGE_DOS_HEADER pDosHeader = NULL;
	PIMAGE_NT_HEADERS pNTHeader = NULL;
	PIMAGE_FILE_HEADER pPEHeader = NULL;
	PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
	PIMAGE_SECTION_HEADER pSectionHeader = NULL;
	PIMAGE_SECTION_HEADER pSectionHeader_ADD = NULL;
	
	//Header信息
	pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
	pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
	pPEHeader = (PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
	pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);
	pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader);
	pSectionHeader_ADD = pSectionHeader;
	
	
	//1 判断能否添加节
	DWORD Header_size = pDosHeader->e_lfanew + 4 + 20 + pPEHeader->SizeOfOptionalHeader + pPEHeader->NumberOfSections*40;
	if(pOptionHeader->SizeOfHeaders-Header_size<80)
	{
		printf("没有可用空间填充节表\n");
		free(pFileBuffer);
		return;
	}
	
	printf("空间:%d\n",pOptionHeader->SizeOfHeaders-Header_size);
	
	
	
	//添加一个节
	//确定参数
	PIMAGE_SECTION_HEADER pSectionHeader_LAST = (PIMAGE_SECTION_HEADER)((DWORD)pSectionHeader+(pPEHeader->NumberOfSections-1)*40);
	pSectionHeader_ADD=(PIMAGE_SECTION_HEADER)((DWORD)pSectionHeader_ADD+(pPEHeader->NumberOfSections)*40);
	//="NewSec";
	strcpy((char*)pSectionHeader_ADD->Name,".enSec");
	pSectionHeader_ADD->Misc.VirtualSize = encryptBufferSize;
	pSectionHeader_ADD->VirtualAddress = pOptionHeader->SizeOfImage;
	pSectionHeader_ADD->SizeOfRawData = encryptBufferSize;
	pSectionHeader_ADD->PointerToRawData = pSectionHeader_LAST->PointerToRawData+pSectionHeader_LAST->SizeOfRawData;
	pSectionHeader_ADD->Characteristics = pSectionHeader->Characteristics;
	
	//填充0
	LPVOID pSectionEND = (LPVOID)((DWORD)pSectionHeader_ADD+40);
	memset(pSectionEND,0,IMAGE_SIZEOF_SECTION_HEADER);
	
	
	printf("pFileBuffer: %x\n",pFileBuffer);
	printf("pSectionHeader: %x\n",pSectionHeader);
	printf("pSectionHeader_LAST: %x\n",pSectionHeader_LAST);
	printf("pSectionHeader_ADD: %x\n",pSectionHeader_ADD);
	printf("pSectionEND: %x\n",pSectionEND);
	
	//修改PE头信息
	pPEHeader->NumberOfSections = pPEHeader->NumberOfSections +1;
	pOptionHeader->SizeOfImage  = pOptionHeader->SizeOfImage+encryptBufferSize;
	
	//写入到文件
	FILE *pOutFile = NULL;	
	//打开文件
	TCHAR outEntryShellName[256]={0};
	sprintf(outEntryShellName,"%s_out.exe",lpszFile);
	pOutFile = fopen(outEntryShellName,"a+b");
	
	if(!pOutFile)
	{
		printf("无法打开文件EXE文件");
		return;
	}
	//写出第一部分
	printf("length: %x \n ",pSectionHeader_ADD->PointerToRawData+pSectionHeader_ADD->SizeOfRawData);
	
	size_t writeSize = fwrite(pFileBuffer,pSectionHeader_ADD->PointerToRawData,1,pOutFile);
	printf("WirteSize:%d\n",writeSize);
	//写出第二部分
	//LPVOID pNewBuffer=(LPVOID)malloc(0x1000);
	LPVOID pNewBuffer = encryptFileBuffer;
	/*
	if(pNewBuffer==NULL)
	{
		printf("pNewBuffer分配空间失败\n");
		return;
	}
	*/
	//memset(pNewBuffer,0,0x1000);
	writeSize = fwrite(pNewBuffer,encryptBufferSize,1,pOutFile);
	
	//关闭文件
	fclose(pOutFile);
	
	
	
	free(pFileBuffer);
	free(pNewBuffer);
	
}
 


 

原文链接: 文件加壳实现(一)—— 添加进文件并加密 版权所有,转载时请注明出处,违者必究。
注明出处格式:流沙团 ( https://gyarmy.com/post-363.html )

发表评论

0则评论给“文件加壳实现(一)—— 添加进文件并加密”