好友
阅读权限40
听众
最后登录1970-1-1
|
本帖最后由 xiaobang 于 2013-4-16 10:19 编辑
{:1_930:}
需要MFC42.DLL才能运行,兼容性依旧未知.
很垃圾很搓的废品.只支持EnableSoft加的单层.
这个网络验证是:http://www.EnableSoft.cn 大家下载自行加壳测试,不要喷我,我不是打广告..
源码:
m_List1.ResetContent();
CFileDialog FileDlg(TRUE, NULL, NULL, OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT , _T("EXE Files (*.exe)|*.exe"));
if (FileDlg.DoModal()!=IDOK)
{
return;
}
CString FileName = FileDlg.GetPathName();
HANDLE hFile=CreateFile(FileName,GENERIC_READ,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if (hFile==INVALID_HANDLE_VALUE)
{
m_List1.InsertString(m_List1.GetCount(),"打开文件失败!");
return;
}
m_List1.InsertString(m_List1.GetCount(),"打开文件成功.");
IMAGE_DOS_HEADER DosHeader;
IMAGE_NT_HEADERS NtHeader;
DWORD DwSize;
m_List1.InsertString(m_List1.GetCount(),"读取程序入口地址.");
ReadFile(hFile,&DosHeader,sizeof(DosHeader),&DwSize,NULL);
SetFilePointer(hFile,DosHeader.e_lfanew,0,FILE_BEGIN);
ReadFile(hFile,&NtHeader,sizeof(NtHeader),&DwSize,NULL);
int AddEntry=NtHeader.OptionalHeader.ImageBase + NtHeader.OptionalHeader.AddressOfEntryPoint;
CloseHandle(hFile);
m_List1.InsertString(m_List1.GetCount(),"计算程序偏移.");
int Patch=AddEntry + 0x552;
int JmpOep=AddEntry + 0x5cd;
BYTE Jmpbyte[]={0xEB,0x5D};
BYTE Command[]={0xEB,0XFE};
PROCESS_INFORMATION pi;
STARTUPINFO si;
memset(&pi,0,sizeof(pi));
memset(&si,0,sizeof(si));
si.wShowWindow=FALSE;
BOOL lRet= CreateProcess(FileName,NULL,NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,&si,&pi);
if (lRet==FALSE)
{
m_List1.InsertString(m_List1.GetCount(),"启动程序失败.");
return;
}
m_List1.InsertString(m_List1.GetCount(),"启动程序成功.");
WriteProcessMemory(pi.hProcess,(LPVOID)Patch,&Jmpbyte,2,NULL);
WriteProcessMemory(pi.hProcess,(LPVOID)JmpOep,&Command,2,NULL);
m_List1.InsertString(m_List1.GetCount(),"写入程序Command.");
ResumeThread(pi.hThread);
CONTEXT Context;
Context.ContextFlags=CONTEXT_FULL;
m_List1.InsertString(m_List1.GetCount(),"等待执行到Command.");
while(1)
{
GetThreadContext(pi.hThread,&Context);
if (Context.Eip==(UINT)JmpOep)
{
SuspendThread(pi.hThread);
break;
}
}
m_List1.InsertString(m_List1.GetCount(),"关闭程序成功.");
int Oep=Context.Eax;
TerminateProcess(pi.hProcess,0);
int endl= FileName.ReverseFind('\\');
CString NewFile=FileName.Mid(0,endl);
int Hou= FileName.ReverseFind('.');
int len=Hou - endl;
NewFile = NewFile + FileName.Mid(endl,len) + "_dump.exe";
CopyFile(FileName,NewFile,NULL);
m_List1.InsertString(m_List1.GetCount(),"复制新文件.");
HANDLE hFileW=CreateFile(NewFile,GENERIC_WRITE|GENERIC_READ,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if (hFileW==INVALID_HANDLE_VALUE)
{
m_List1.InsertString(m_List1.GetCount(),"打开新文件失败.");
return;
}
m_List1.InsertString(m_List1.GetCount(),"打开新文件成功.");
NtHeader.OptionalHeader.AddressOfEntryPoint=Oep-NtHeader.OptionalHeader.ImageBase;
SetFilePointer(hFileW,DosHeader.e_lfanew,0,FILE_BEGIN);
if (!WriteFile(hFileW,&NtHeader,sizeof(NtHeader),&DwSize,NULL))
{
m_List1.InsertString(m_List1.GetCount(),"写入新文件失败.");
}
m_List1.InsertString(m_List1.GetCount(),"脱壳成功.");
m_List1.InsertString(m_List1.GetCount(),NewFile);
m_List1.SetCurSel(m_List1.GetCount() -1 );
CloseHandle(hFileW);
}
Bin:
EnableSoft脱壳机.rar
(9.63 KB, 下载次数: 485)
|
免费评分
-
查看全部评分
|
发表于 2013-4-16 10:16
发表于 2013-4-16 10:50
