文件加壳实现（二） —— 读取数据并解密

半成品，继续写

// TestShell.cpp : Defines the entry point for the application.
//

#include "stdafx.h"
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include "PEOperate.h"

/*
	以挂起的形式创建进程，
	获取Context
  */

#define KEY 0x56

LPVOID GetLastSecData(LPSTR lpszFile,DWORD &fileSize)
{
	LPVOID pFileBuffer = NULL;
	pFileBuffer= ReadPEFile(lpszFile);
	if(!pFileBuffer)
	{
		printf("文件读取失败\n");
		return NULL;
	}
	
	PIMAGE_DOS_HEADER pDosHeader = NULL;
	PIMAGE_NT_HEADERS pNTHeader = NULL;
	PIMAGE_FILE_HEADER pPEHeader = NULL;
	PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
	PIMAGE_SECTION_HEADER pSectionHeader = NULL;
	PIMAGE_SECTION_HEADER pSectionHeader_LAST = NULL;

	//Header信息
	pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
	pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
	pPEHeader = (PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
	pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);
	pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader);
	pSectionHeader_LAST = (PIMAGE_SECTION_HEADER)((DWORD)pSectionHeader+(pPEHeader->NumberOfSections-1)*40);

	int fileLength = pSectionHeader_LAST->PointerToRawData+pSectionHeader_LAST->SizeOfRawData;
	
	//判断是否已经加壳
	if(strcmp((char*)pSectionHeader_LAST->Name,".enSec")!=0)
	{
		MessageBox(0,"没有加壳","错误",0);
		return NULL;
	}
	
	fileSize = pSectionHeader_LAST->SizeOfRawData;
	LPVOID pEncryptBuffer = malloc(fileSize);
	memset(pEncryptBuffer,0,fileSize);
	CHAR* pNew = (CHAR*)pEncryptBuffer;

	CHAR* pOld = (CHAR*)((DWORD)pFileBuffer+pSectionHeader_LAST->PointerToRawData);

	//将最后一个段的数据拷贝到pEncryptBuffer中,并解密
	for(int i=0;i<(int)fileSize;i++)
	{
		pNew[i] = pOld[i]^KEY;
	}

	
	//关闭文件
	free(pFileBuffer);
	return pEncryptBuffer;
}





int APIENTRY WinMain(HINSTANCE hInstance,
                     HINSTANCE hPrevInstance,
                     LPSTR     lpCmdLine,
                     int       nCmdShow)
{
 	// TODO: Place code here.
	
	TCHAR shellDirectory[256]={0};
	GetModuleFileName(NULL,shellDirectory,256);
	//MessageBox(0,shellDirectory,0,0);
	
	DWORD encryptSize = 0;

	LPVOID encryptFileBuffer = NULL;
	encryptFileBuffer = GetLastSecData(shellDirectory,encryptSize);
	
	//失败则结束
	if(encryptFileBuffer == NULL)
	{
		MessageBox(0,"写出失败","失败",0);
		return 0;
	}
	
	//成功，goon
	//WirteToFile(encryptFileBuffer,encryptSize,"C:\\aaa.exe");
	//MessageBox(0,"结束","写出完成",MB_OK);
	
	//以挂起的形式创建进程

	
	
	return 0;
}