Skip to content

Instantly share code, notes, and snippets.

@jmbrito01

jmbrito01/PE Encryptor

Created August 5, 2015 14:39
Show Gist options
  • Save jmbrito01/df1821929a0e31bcc324 to your computer and use it in GitHub Desktop.
Save jmbrito01/df1821929a0e31bcc324 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. João Marcelo Brito created this gist Aug 5, 2015.
    284 changes: 284 additions & 0 deletions PE Encryptor
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,284 @@
    .486
    .model flat, stdcall
    option casemap :none ; case sensitive

    include base.inc

    .code
    start:
    invoke GetModuleHandle, NULL
    mov hInstance, eax
    invoke DialogBoxParam, hInstance, 101, 0, ADDR DlgProc, 0
    invoke ExitProcess, eax

    SetOK proc hList : DWORD
    LOCAL pText : DWORD
    invoke SendMessage, hList, LB_GETCOUNT, 0, 0
    dec eax
    push eax
    invoke SendMessage, hList, LB_GETTEXTLEN, eax, 0
    invoke VirtualAlloc, NULL, eax, MEM_COMMIT, PAGE_READWRITE
    mov pText, eax
    pop eax
    push eax
    invoke SendMessage, hList, LB_GETTEXT, eax, pText
    invoke lstrcat, pText, lpStr(" [ OK ]")
    pop eax
    invoke SendMessage, hList, LB_DELETESTRING, eax, 0
    invoke SendMessage, hList, LB_ADDSTRING, 0, pText
    Ret
    SetOK EndP

    PEThread proc hWin : DWORD
    LOCAL hFile : DWORD
    LOCAL hList : DWORD
    LOCAL pMemory : DWORD
    LOCAL W: DWORD
    LOCAL dwRawEP : DWORD
    LOCAL dwSize : DWORD
    LOCAL dwRaw : DWORD
    invoke GetDlgItem, hWin, 1005
    mov hList, eax
    invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Starting encriptor...")
    invoke GetDlgItem, hWin, 1001
    invoke GetDlgItemText, hWin, 1001, addr lpBuff, sizeof lpBuff
    invoke SetOK, hList

    invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Creating backup file...")
    invoke lstrlen, addr lpBuff
    invoke RtlMoveMemory, addr szBuff, addr lpBuff, eax
    invoke lstrcat, addr szBuff, lpStr(".bak")
    invoke CopyFile, addr lpBuff, addr szBuff, TRUE
    invoke SetOK, hList

    invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Starting encryption process...")
    invoke CreateFile, addr lpBuff, GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ or FILE_SHARE_WRITE, NULL,OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL
    .if (eax == INVALID_HANDLE_VALUE)
    invoke GetLastError
    invoke wsprintf, addr lpBuff, lpStr("Error on CreateFile, Error Code: %X (%d)"), eax, eax
    invoke SendMessage, hList, LB_ADDSTRING, 0, addr lpBuff
    ret
    .endif
    mov hFile, eax
    invoke SetOK, hList

    invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Creating decryption section...")
    invoke RtlZeroMemory, addr lpBuff, sizeof lpBuff
    invoke lstrlen, addr lpDirectory
    invoke RtlMoveMemory, addr lpBuff, addr lpDirectory, eax
    invoke lstrcat, addr lpBuff, lpStr("\asModule.dll")
    invoke LoadLibrary, addr lpBuff
    invoke GetProcAddress, eax, lpStr("AddPESection")
    push 0E0000020h
    push sizeof dwStub
    push ofStr(".ace")
    push hFile
    call eax
    .if (eax == -1)
    invoke GetLastError
    invoke wsprintf, addr lpBuff, lpStr("Error on creating the section, Error Code: %X (%d)"), eax, eax
    invoke SendMessage, hList, LB_ADDSTRING, 0, addr lpBuff
    ret
    .endif
    mov dwRaw, eax
    invoke SetOK, hList

    invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Retrieving file informations...")
    invoke SetFilePointer, hFile, 0, 0, FILE_BEGIN
    invoke GetFileSize, hFile, NULL
    mov dwSize, eax
    invoke VirtualAlloc, NULL, eax, MEM_COMMIT, PAGE_READWRITE
    mov pMemory, eax
    invoke ReadFile, hFile, pMemory, dwSize, addr W, NULL
    .if (eax == 0)
    invoke GetLastError
    invoke wsprintf, addr lpBuff, lpStr("Error on ReadFile, Error Code: %X (%d)"), eax, eax
    invoke SendMessage, hList, LB_ADDSTRING, 0, addr lpBuff
    ret
    .endif
    mov edi, pMemory
    assume edi : ptr IMAGE_DOS_HEADER
    add edi, [edi].e_lfanew
    mov esi, edi
    assume esi : ptr IMAGE_NT_HEADERS
    add edi, sizeof IMAGE_NT_HEADERS
    assume edi : ptr IMAGE_SECTION_HEADER
    mov ebx, [esi].OptionalHeader.ImageBase
    add ebx, [esi].OptionalHeader.AddressOfEntryPoint
    sub ebx, [esi].OptionalHeader.ImageBase
    add ebx, [edi].PointerToRawData
    sub ebx, [edi].VirtualAddress
    mov dwRawEP, ebx
    or [edi].Characteristics, IMAGE_SCN_MEM_WRITE
    invoke SetOK, hList

    invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Encrypting code section...")
    mov ecx, [edi].PointerToRawData
    add ecx, pMemory
    add ecx, [edi].SizeOfRawData
    mov ebx, pMemory
    add ebx, [edi].PointerToRawData
    .while (ebx <= ecx)
    mov al, byte ptr ds:[ebx]
    .if (al == 0)
    mov al, 0FFh
    .else
    dec al
    .endif
    mov byte ptr ds:[ebx], al
    inc ebx
    .endw
    invoke SetOK, hList

    invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Redirecting EntryPoint")
    xor ebx, ebx
    .while (bx <= [esi].FileHeader.NumberOfSections)

    mov eax, pMemory
    assume eax : ptr IMAGE_DOS_HEADER
    add eax, [eax].e_lfanew
    add eax, sizeof IMAGE_NT_HEADERS
    movzx ecx, bx
    imul ecx, sizeof IMAGE_SECTION_HEADER
    add eax, ecx
    push eax
    assume eax : ptr IMAGE_SECTION_HEADER
    invoke lstrcmp, addr [eax].Name1, lpStr(".ace")
    .if (eax == 0)
    invoke SetOK, hList

    invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Writting decryption code...")
    pop eax
    mov [eax].SizeOfRawData, sizeof dwRaw+2
    mov [eax].Misc.VirtualSize, sizeof dwRaw+2
    mov ecx, [esi].OptionalHeader.BaseOfCode
    add ecx, [esi].OptionalHeader.ImageBase
    mov dword ptr ds:[dwStub+4], ecx
    mov ecx, [edi].Misc.VirtualSize
    mov dword ptr ds:[dwStub+9], ecx
    mov ecx, [esi].OptionalHeader.AddressOfEntryPoint
    sub ecx, [eax].VirtualAddress
    sub ecx, sizeof dwStub
    inc ecx
    mov edx, sizeof dwStub
    sub edx, 5
    mov dword ptr ds:[dwStub+edx], ecx
    push eax
    mov ebx, [eax].PointerToRawData
    add ebx, pMemory
    invoke RtlMoveMemory, ebx, addr dwStub, sizeof dwStub
    pop eax
    mov ebx, [eax].VirtualAddress
    mov [esi].OptionalHeader.AddressOfEntryPoint, ebx
    mov ebx, eax
    jmp @EndOfLoop
    .endif
    inc bx
    .endw
    @EndOfLoop:
    push ebx
    invoke SetOK, hList

    invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Saving file...")
    invoke SetFilePointer, hFile, 0, 0, FILE_BEGIN
    invoke GetFileSize, hFile, 0
    mov ebx, eax
    invoke WriteFile, hFile, pMemory, ebx, addr W, NULL
    .if (eax == 0)
    invoke GetLastError
    invoke wsprintf, addr lpBuff, lpStr("Error on WriteFile, Error Code: %X (%d)"), eax, eax
    invoke SendMessage, hList, LB_ADDSTRING, 0, addr lpBuff
    ret
    .endif
    invoke SetOK, hList

    invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Compressing code...")
    invoke SetFilePointer, hFile, dwRaw, 0, FILE_BEGIN
    invoke SetFilePointer, hFile, sizeof dwStub+2, 0, FILE_CURRENT
    invoke SetEndOfFile, hFile
    invoke SetOK,hList

    invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Closing handles...")
    invoke VirtualFree, pMemory, dwSize, MEM_RELEASE
    invoke SetOK, hList

    invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("DONE!")
    invoke CloseHandle, hFile
    Ret
    PEThread EndP

    GetFileName proc hParent:DWORD,lpTitle:DWORD,lpFilter:DWORD
    mov ofn.lStructSize, sizeof OPENFILENAME
    m2m ofn.hWndOwner, hParent
    m2m ofn.hInstance, hInstance
    m2m ofn.lpstrFilter, lpFilter
    m2m ofn.lpstrFile, offset lpBuff
    mov ofn.nMaxFile, sizeof lpBuff
    m2m ofn.lpstrTitle, lpTitle
    mov ofn.Flags, OFN_EXPLORER or OFN_FILEMUSTEXIST or OFN_LONGNAMES
    invoke GetOpenFileName,ADDR ofn
    ret
    GetFileName endp


    DlgProc proc hWin :DWORD,
    uMsg :DWORD,
    wParam :DWORD,
    lParam :DWORD
    LOCAL dwSize : DWORD
    LOCAL hFile : DWORD
    LOCAL pRes : DWORD
    LOCAL W : DWORD
    .if uMsg == WM_COMMAND
    .if wParam == IDC_OK
    invoke CreateThread, 0, 0, addr PEThread, hWin, NULL, NULL
    .elseif wParam == 1016
    invoke GetFileName, hWin, ofStr("Select a Portable Executable (exe)"), offset lpFilter1
    invoke SetDlgItemText, hWin, 1001, addr lpBuff
    .endif
    .elseif uMsg == WM_CLOSE
    invoke EndDialog,hWin,0
    .elseif uMsg == WM_INITDIALOG
    invoke GetDlgItem, hWin, 1006
    invoke SendMessage, eax, BM_SETCHECK, BST_CHECKED, 0
    invoke GetDlgItem, hWin, 1012
    invoke SendMessage, eax, BM_SETCHECK, BST_CHECKED, 0
    invoke GetCurrentDirectory, sizeof lpDirectory, addr lpDirectory

    invoke FindResource, hInstance, 10,RT_RCDATA
    mov esi, eax
    invoke SizeofResource, hInstance, eax
    mov dwSize, eax
    invoke LoadResource, hInstance, esi
    push eax
    invoke LockResource, eax
    mov pRes, eax
    invoke lstrlen, addr lpDirectory
    invoke RtlMoveMemory, addr lpBuff, addr lpDirectory, eax
    invoke lstrcat, addr lpBuff, lpStr("\asModule.dll")
    @Create:
    invoke CreateFile, addr lpBuff,GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ or FILE_SHARE_WRITE, NULL, CREATE_NEW,FILE_ATTRIBUTE_NORMAL, NULL
    .if eax == INVALID_HANDLE_VALUE
    call GetLastError
    .if eax == 50h
    invoke DeleteFile, addr lpBuff
    jmp @Create
    .endif
    .endif
    mov hFile, eax
    invoke WriteFile, hFile, pRes, dwSize, addr W, NULL
    pop eax
    invoke FreeResource, eax
    invoke CloseHandle, hFile
    .elseif uMsg == WM_CTLCOLORLISTBOX
    invoke SetBkColor, wParam, 0
    invoke SetTextColor, wParam, 0FF00h
    invoke CreateSolidBrush, 0
    ret
    .endif

    xor eax,eax
    ret
    DlgProc endp

    end start