www.pudn.com > bhxex.zip > exeLockDlg.cpp
// exeLockDlg.cpp : implementation file
//
#include "stdafx.h"
#include "exeLock.h"
#include "exeLockDlg.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
/////////////////////////////////////////////////////////////////////////////
// CAboutDlg dialog used for App About
class CAboutDlg : public CDialog
{
public:
CAboutDlg();
// Dialog Data
//{{AFX_DATA(CAboutDlg)
enum { IDD = IDD_ABOUTBOX };
//}}AFX_DATA
// ClassWizard generated virtual function overrides
//{{AFX_VIRTUAL(CAboutDlg)
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
//}}AFX_VIRTUAL
// Implementation
protected:
//{{AFX_MSG(CAboutDlg)
//}}AFX_MSG
DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
//{{AFX_DATA_INIT(CAboutDlg)
//}}AFX_DATA_INIT
}
void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CAboutDlg)
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
//{{AFX_MSG_MAP(CAboutDlg)
// No message handlers
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CExeLockDlg dialog
CExeLockDlg::CExeLockDlg(CWnd* pParent /*=NULL*/)
: CDialog(CExeLockDlg::IDD, pParent)
{
//{{AFX_DATA_INIT(CExeLockDlg)
m_chkbak = TRUE;
m_filename = _T("");
m_password = _T("");
m_repeatpassword = _T("");
//}}AFX_DATA_INIT
// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CExeLockDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CExeLockDlg)
DDX_Check(pDX, IDC_CHKBAK, m_chkbak);
DDX_Text(pDX, IDC_FILENAME, m_filename);
DDX_Text(pDX, IDC_PASSWORD, m_password);
DDV_MaxChars(pDX, m_password, 14);
DDX_Text(pDX, IDC_REPEATPASSWORD, m_repeatpassword);
DDV_MaxChars(pDX, m_repeatpassword, 14);
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CExeLockDlg, CDialog)
//{{AFX_MSG_MAP(CExeLockDlg)
ON_WM_SYSCOMMAND()
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
ON_BN_CLICKED(IDC_CLOSE, OnClose)
ON_BN_CLICKED(IDC_UNLOCK, OnUnlock)
ON_BN_CLICKED(IDC_LOCK, OnLock)
ON_BN_CLICKED(IDC_FILEOPEN, OnFileopen)
ON_WM_DROPFILES()
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CExeLockDlg message handlers
BOOL CExeLockDlg::OnInitDialog()
{
CDialog::OnInitDialog();
// Add "About..." menu item to system menu.
// IDM_ABOUTBOX must be in the system command range.
ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
ASSERT(IDM_ABOUTBOX < 0xF000);
CMenu* pSysMenu = GetSystemMenu(FALSE);
if (pSysMenu != NULL)
{
CString strAboutMenu;
strAboutMenu.LoadString(IDS_ABOUTBOX);
if (!strAboutMenu.IsEmpty())
{
pSysMenu->AppendMenu(MF_SEPARATOR);
pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
}
}
// Set the icon for this dialog. The framework does this automatically
// when the application's main window is not a dialog
SetIcon(m_hIcon, TRUE); // Set big icon
SetIcon(m_hIcon, FALSE); // Set small icon
// TODO: Add extra initialization here
SetWindowPos(&wndTopMost,0,0,0,0,SWP_NOSIZE|SWP_NOMOVE);
return TRUE; // return TRUE unless you set the focus to a control
}
void CExeLockDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
if ((nID & 0xFFF0) == IDM_ABOUTBOX)
{
CAboutDlg dlgAbout;
dlgAbout.DoModal();
}
else if(nID==SC_CLOSE)
{
CDialog::OnCancel();
}
else
{
CDialog::OnSysCommand(nID, lParam);
}
}
// If you add a minimize button to your dialog, you will need the code below
// to draw the icon. For MFC applications using the document/view model,
// this is automatically done for you by the framework.
void CExeLockDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // device context for painting
SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
// Center icon in client rectangle
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// Draw the icon
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialog::OnPaint();
}
}
// The system calls this to obtain the cursor to display while the user drags
// the minimized window.
HCURSOR CExeLockDlg::OnQueryDragIcon()
{
return (HCURSOR) m_hIcon;
}
void CExeLockDlg::OnOK()
{
//CDialog::OnOK();
}
void CExeLockDlg::OnCancel()
{
//CDialog::OnCancel();
}
void CExeLockDlg::OnFileopen()
{
CFileDialog fdlg(TRUE,"exe","*.exe",NULL,"可执行文件 (*.exe)|*.exe");
if(fdlg.DoModal()==IDOK)
{
SetDlgItemText(IDC_FILENAME,fdlg.GetPathName());
}
}
void CExeLockDlg::OnLock()
{
CFile file,shellfile;
CString csFilename,csSection[8],csPassword,csRepeatPassword;
CHAR szWaterMark[10];
GetDlgItemText(IDC_FILENAME,csFilename);
GetDlgItemText(IDC_PASSWORD,csPassword);
GetDlgItemText(IDC_REPEATPASSWORD,csRepeatPassword);
if(csPassword!=csRepeatPassword)
{
MessageBox("你输入的密码不相同,请重新输入!");
return;
}
if(m_chkbak)
{
if(!CopyFile(csFilename,csFilename+".bak",FALSE))
MessageBox("不能备份文件!",csFilename);
}
if(!file.Open(csFilename,CFile::modeReadWrite|CFile::shareDenyRead))
{
MessageBox("不能打开文件!",csFilename);
return;
}
file.Seek(-8,CFile::end);
file.Read(szWaterMark,8);
if(!strncmp(szWaterMark,"yangboyu",8))
{
MessageBox("文件已经加密!");
file.Close();
return;
}
UINT i;
DWORD dwitImageBase,dwItCodeVirtualAddress,dwMyImageBase,dwMySectionVirtualAddress,dwSectionPading;
DWORD dwitImageEntryPoint,dwitImportTableEntryPoint;
BOOL bisMadeImportSectionWritabled=FALSE;
IMAGE_DOS_HEADER dosHeader;
IMAGE_NT_HEADERS ntHeader,ntHeaderBY;
IMAGE_SECTION_HEADER section,sectionBY;
file.SeekToBegin();
file.Read(&dosHeader,sizeof(IMAGE_DOS_HEADER));
file.Seek(dosHeader.e_lfanew,CFile::begin);
file.Read(&ntHeader,sizeof(IMAGE_NT_HEADERS));
//记录原来的入口地址等
dwitImageBase =ntHeader.OptionalHeader.ImageBase ;
dwitImageEntryPoint =ntHeader.OptionalHeader.AddressOfEntryPoint;
dwitImportTableEntryPoint =ntHeader.OptionalHeader.DataDirectory[1].VirtualAddress ;
WORD wMove;
//写入Section
for ( i=0; i < ntHeader.FileHeader.NumberOfSections ; i++)
{
file.Read(§ion,sizeof(IMAGE_SECTION_HEADER));
csSection[i]=section.Name;
//把有import表的section设为可写
if(!bisMadeImportSectionWritabled)
if(section.VirtualAddress < dwitImportTableEntryPoint)
if((section.VirtualAddress+section.SizeOfRawData)>dwitImportTableEntryPoint)
{
section.Characteristics |=0x80000000;
file.Seek(-sizeof(IMAGE_SECTION_HEADER),CFile::current);
file.Write(§ion,sizeof(IMAGE_SECTION_HEADER));
bisMadeImportSectionWritabled=TRUE;
}
}
sectionBY=section;
sectionBY.Name[0]='.';
sectionBY.Name[1]='B';
sectionBY.Name[2]='O';
sectionBY.Name[3]='Y';
sectionBY.Name[4]='U';
sectionBY.Name[5]=sectionBY.Name[6]=sectionBY.Name[7]=0;
//内存地址
sectionBY.Misc.VirtualSize=0x1000;
sectionBY.VirtualAddress +=sectionBY.SizeOfRawData ;
dwSectionPading=sectionBY.VirtualAddress % ntHeader.OptionalHeader.SectionAlignment;
if(dwSectionPading)dwSectionPading=ntHeader.OptionalHeader.SectionAlignment-dwSectionPading;
sectionBY.VirtualAddress +=dwSectionPading;
sectionBY.PointerToRawData+=sectionBY.SizeOfRawData + dwSectionPading;
sectionBY.SizeOfRawData =0x1000;
sectionBY.Characteristics=0x60000020;
sectionBY.NumberOfLinenumbers=0;
sectionBY.PointerToLinenumbers=0;
sectionBY.NumberOfRelocations=0;
sectionBY.PointerToRelocations =0;
file.Write(§ionBY,sizeof(IMAGE_SECTION_HEADER));
//写入Section 完了
dwitImageBase=ntHeader.OptionalHeader.ImageBase;
dwMyImageBase=ntHeader.OptionalHeader.ImageBase;
dwMySectionVirtualAddress=sectionBY.VirtualAddress;
ntHeaderBY=ntHeader;
ntHeaderBY.FileHeader.NumberOfSections+=1;
ntHeaderBY.OptionalHeader.AddressOfEntryPoint=dwMySectionVirtualAddress+0x000;
ntHeaderBY.OptionalHeader.SizeOfCode +=0x1000;
ntHeaderBY.OptionalHeader.SizeOfImage+=0x2000;
ntHeaderBY.OptionalHeader.DataDirectory[1].VirtualAddress=dwMySectionVirtualAddress+0x64C;
ntHeaderBY.OptionalHeader.DataDirectory[1].Size =0x3c;
file.Seek(dosHeader.e_lfanew,CFile::begin);
file.Write(&ntHeaderBY,sizeof(IMAGE_NT_HEADERS));
//写入文件头完了
//写入壳代码段
UCHAR codeBY[0x0C00];
UCHAR *pspading;
DWORD dwtmp;
if(!LoadSheller(codeBY))
return;
if(dwSectionPading)
{
pspading=new UCHAR[dwSectionPading];
memset(pspading,0,dwSectionPading);
file.SeekToEnd();
file.Write(pspading,dwSectionPading);
}
const INT nCodeNeedToChangeCount=59;
UINT nCodeNeedToChangeIndex[][2]=
{
{0x0008,0x3008},{0x0012,0x300C},{0x001A,0x300C},{0x0022,0x3008},
{0x0048,0x114E},{0x0072,0x10CA},{0x00F2,0x3010},{0x00F7,0x10CA},
{0x0103,0x3000},{0x010B,0x3000},{0x0116,0x3000},{0x016E,0x3032},
{0x0174,0x3004},{0x017E,0x3046},{0x0183,0x3032},{0x01A2,0x305E},
{0x01AF,0x3056},{0x01B5,0x305E},{0x01FA,0x3010},{0x01FF,0x11E0},
{0x021C,0x3066},{0x0225,0x3062},{0x022B,0x3056},{0x0230,0x3062},
{0x0254,0x3066},{0x0269,0x3062},{0x0275,0x3056},{0x0289,0x305A},
{0x028F,0x3056},{0x033C,0x3010},{0x0341,0x12BE},{0x03BC,0x135E},
{0x03C1,0x138B},{0x03EC,0x1388},{0x03F1,0x1394},{0x0400,0x3004},
{0x041E,0x136A},{0x0423,0x139B},{0x0448,0x1374},{0x044D,0x139B},
{0x0475,0x137E},{0x047A,0x139B},
{0x04CA,0x2040},{0x04D0,0x2030},{0x04D6,0x2038},{0x04DC,0x2034},
{0x04E2,0x201C},{0x04E8,0x202C},{0x04EE,0x2020},{0x04F4,0x2018},
{0x04FA,0x203C},{0x0500,0x2044},{0x0506,0x2024},{0x050C,0x2028},
{0x0512,0x200C},{0x0518,0x2008},{0x051E,0x2010},{0x0524,0x2004},
{0x052A,0x2000},
};
for(i=0;i=0x3000)
dwItCodeVirtualAddress-=(0x3000-0x0a00);
else if(dwItCodeVirtualAddress>=0x2000)
dwItCodeVirtualAddress-=(0x2000-0x0600);
else
dwItCodeVirtualAddress-=0x1000;
dwtmp=dwItCodeVirtualAddress;
dwtmp+=dwMyImageBase;
dwtmp+=dwMySectionVirtualAddress;
codeBY[nCodeNeedToChangeIndex[i][0]]=LOBYTE(LOWORD(dwtmp));
codeBY[nCodeNeedToChangeIndex[i][0]+1]=HIBYTE(LOWORD(dwtmp));
codeBY[nCodeNeedToChangeIndex[i][0]+2]=LOBYTE(HIWORD(dwtmp));
codeBY[nCodeNeedToChangeIndex[i][0]+3]=HIBYTE(HIWORD(dwtmp));
}
//写入壳Import段
const UINT nImportNeedToChangeCount=40;
UINT nImportNeedToChangeIndex[]=
{
0X600,0X604,0X608,0X60C,
0X610, 0X618,0X61C,
0X620,0X624,0X628,0X62C,
0X630,0X634,0X638,0X63C,
0X640,0X644, 0X64C,
0X658,0X65C,
0X660, 0X66C,
0X670,
0X688,0X68C,
0X690,0X694,0X698,
0X6A0,0X6A4,0X6A8,0X6AC,
0X6B0,0X6B4,0X6B8,0X6BC,
0X6C0,0X6C4,0X6C8,0X6CC,
};
for(i=0;i