程序隐藏、加壳、内存加载运行的一种实验 | 宜武汇-ag真人国际厅网站

unsigned char* crypto::makedatablock(int flag, const char filename[max_file_count][256], int cnt, int& dstdatasize) {

 

    int ret = 0;

 

    int filesize = 0;

    for (int i = 0; i < cnt; i )

    {

        int fz = filehelper::getfilesize(filename[i]);

        filesize = fz;

        printf("file name:%s size:%d\r\n", filename[i], fz);

    }

 

    int dstbufsize = filesize 0x1000;

 

 

    *(int*)dstblock = flag;

 

    //  if (cnt == 1 && strstr((char*)filename[0],".exe") )

    //  {

    //      *(int*)dstblock = only_one_exe;

    //  }

    //  else if (cnt == 1 && strstr((char*)filename[0], ".dll"))

    //  {

    //      *(int*)dstblock = only_one_dll;

    //  }

    //  else if (cnt > 1 )

    //  {

    //      int flagexe = 0;

    //      int flagdll = 0;

    //      for (int i = 0;i < cnt; i )

    //      {

    //          if (strstr((char*)filename[i], ".dll")) {

    //              flagdll = 1;

    //          }else if (strstr(filename[i],".exe"))

    //          {

    //              flagexe = 1;

    //          }

    //      }

    //

    //      if (flagexe && flagdll)

    //      {

    //          *(int*)dstblock = one_exe_and_one_dll;

    //      }

    //      else {

    //          *(int*)dstblock = some_other_files;

    //      }

    //  }

    //  else {

    //      return 0;

    //  }

 

    unsigned char* key = dstblock 4;

 

    getkey(key);

 

    *(int*)(dstblock 4 crypt_key_size) = cnt;

 

    unsigned char* dstbuf = dstblock 4 crypt_key_size 4;

 

    int dstbuflimit = dstbufsize - 4 - crypt_key_size - 4;

 

    for (int i = 0; i < cnt; i )

    {

        lstrcpya((char*)dstbuf, filename[i]);

        pathstrippatha((char*)dstbuf);

        dstbuf = filename_len;

        dstbuflimit -= filename_len;

 

        char* lpdata = 0;

 

        ret = filehelper::filereader(filename[i], &lpdata, &filesize);

        if (ret > 0)

        {

            unsigned long cmpresssize = dstbuflimit - 4;

            ret = compress::compressdata((unsigned char*)lpdata, filesize, dstbuf 4, &cmpresssize);

            delete[] lpdata;

            if (ret != 0)

            {

                delete dstblock;

                printf("compress file:%s error:%u\r\n", filename[i], getlasterror());

                return 0;

            }

 

            *(int*)(dstbuf) = cmpresssize;

            dstbuf = 4;

            dstbuf = cmpresssize;

            dstbuflimit -= 4;

            dstbuflimit -= cmpresssize;

        }

        else {

            delete dstblock;

            printf("read file:%s error\r\n", filename[i]);

            return 0;

        }

    }

 

    dstdatasize = dstbuf - dstblock;

 

    cryptdata(dstblock 4 crypt_key_size, dstdatasize - 4 - crypt_key_size, key, crypt_key_size);

 

    //revertkey(key);

 

    return dstblock;

原文链接:https://bbs.kanxue.com/thread-276877.htm

网络摘文,本文作者:15h,如若转载,请注明出处:https://www.15cov.cn/2023/08/27/程序隐藏、加壳、内存加载运行的一种实验/

发表评论

邮箱地址不会被公开。 必填项已用*标注

网站地图