├── images
    ├── Clean.PNG
    └── Encrypted.PNG
├── DLL-Obfuscation-V2
    ├── TestDll
    │   ├── framework.h
    │   ├── pch.cpp
    │   ├── dllmain.cpp
    │   ├── pch.h
    │   ├── TestDll.vcxproj.filters
    │   └── TestDll.vcxproj
    ├── DLL-Obfuscation-V2
    │   ├── DLL-Obfuscation-V2.cpp
    │   ├── DLL-Obfuscation-V2.vcxproj.filters
    │   ├── DLL-Obfuscation-V2.vcxproj
    │   └── Utiliti.h
    └── DLL-Obfuscation-V2.sln
├── LICENSE
├── README.md
└── .gitignore


/images/Clean.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MahmoudZohdy/DLL-Obfuscation-V2/HEAD/images/Clean.PNG


--------------------------------------------------------------------------------
/images/Encrypted.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MahmoudZohdy/DLL-Obfuscation-V2/HEAD/images/Encrypted.PNG


--------------------------------------------------------------------------------
/DLL-Obfuscation-V2/TestDll/framework.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | #define WIN32_LEAN_AND_MEAN             // Exclude rarely-used stuff from Windows headers
4 | // Windows Header Files
5 | #include <windows.h>
6 | 


--------------------------------------------------------------------------------
/DLL-Obfuscation-V2/TestDll/pch.cpp:
--------------------------------------------------------------------------------
1 | // pch.cpp: source file corresponding to the pre-compiled header
2 | 
3 | #include "pch.h"
4 | 
5 | // When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
6 | 


--------------------------------------------------------------------------------
/DLL-Obfuscation-V2/TestDll/dllmain.cpp:
--------------------------------------------------------------------------------
 1 | // dllmain.cpp : Defines the entry point for the DLL application.
 2 | #include "pch.h"
 3 | 
 4 | BOOL APIENTRY DllMain( HMODULE hModule,
 5 |                        DWORD  ul_reason_for_call,
 6 |                        LPVOID lpReserved
 7 |                      )
 8 | {
 9 |     MessageBoxA(NULL, "Dll-Obfuscation", "Dll-Obfuscation", NULL);
10 | 
11 |     switch (ul_reason_for_call)
12 |     {
13 |     case DLL_PROCESS_ATTACH:
14 |     case DLL_THREAD_ATTACH:
15 |     case DLL_THREAD_DETACH:
16 |     case DLL_PROCESS_DETACH:
17 |         break;
18 |     }
19 |     return TRUE;
20 | }
21 | 
22 | 


--------------------------------------------------------------------------------
/DLL-Obfuscation-V2/TestDll/pch.h:
--------------------------------------------------------------------------------
 1 | // pch.h: This is a precompiled header file.
 2 | // Files listed below are compiled only once, improving build performance for future builds.
 3 | // This also affects IntelliSense performance, including code completion and many code browsing features.
 4 | // However, files listed here are ALL re-compiled if any one of them is updated between builds.
 5 | // Do not add files here that you will be updating frequently as this negates the performance advantage.
 6 | 
 7 | #ifndef PCH_H
 8 | #define PCH_H
 9 | 
10 | // add headers that you want to pre-compile here
11 | #include "framework.h"
12 | 
13 | #endif //PCH_H
14 | 


--------------------------------------------------------------------------------
/DLL-Obfuscation-V2/DLL-Obfuscation-V2/DLL-Obfuscation-V2.cpp:
--------------------------------------------------------------------------------
 1 | #include "Utiliti.h"
 2 | 
 3 | void PrintUsage() {
 4 | 
 5 | 	printf("DLL-Obfuscation-V2.exe <Operation Type>  <Clean Dll Path> <Obfuscated Dll Path>\n\n");
 6 | 	printf("Operation Type:\n 1 Encrypt the DLL\n 2 Load Encrypted Dll\n\n");
 7 | 	printf("DLL-Obfuscation-V2.exe 1 TestDll.dll ObfuscatedTestDll.dll\n");
 8 | 	printf("DLL-Obfuscation-V2.exe 2 ObfuscatedTestDll.dll\n");
 9 | 
10 | 	return;
11 | }
12 | 
13 | CHAR CleanDllName[MAX_PATH];
14 | CHAR ObfuscatedDllName[MAX_PATH];
15 | 
16 | int main(int argc, CHAR* argv[])
17 | {
18 | 	if (argc < 2) {
19 | 		PrintUsage();
20 | 		return 0;
21 | 	}
22 | 	int type = atoi(argv[1]);
23 | 	
24 | 	switch (type)
25 | 	{
26 | 	case 1:
27 | 		strcpy(CleanDllName, argv[2]);
28 | 		strcpy(ObfuscatedDllName, argv[3]);
29 | 		GenerateEncryptedDLL(CleanDllName, ObfuscatedDllName);
30 | 		break;
31 | 
32 | 	case 2:
33 | 
34 | 		LoadEncryptedDll(argv[2]);
35 | 		strcpy(ObfuscatedDllName, argv[2]);
36 | 
37 | 		break;
38 | 
39 | 	default:
40 | 		break;
41 | 	}
42 | 
43 |     return 0;
44 | }
45 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2021 MahmoudZohdy
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/DLL-Obfuscation-V2/DLL-Obfuscation-V2/DLL-Obfuscation-V2.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="DLL-Obfuscation-V2.cpp">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 |   <ItemGroup>
23 |     <ClInclude Include="Utiliti.h">
24 |       <Filter>Source Files</Filter>
25 |     </ClInclude>
26 |   </ItemGroup>
27 | </Project>


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # DLL-Obfuscation-V2
 2 | 
 3 | This Project is the Second version of DLL-Obfuscation that i did before, the difference is that in this version the Dll will be loaded normaly like any other Dll on the system (it will be called on Process\Thread Attach and detach) the First Version uses Reflective DLL injection to load the Encrypted Dll.
 4 | 
 5 | it work by intercepting the excution path of LoadLibraryA by setting a Hardware Breakpoint on ZwMapViewOfSection, then decrypt the code section of the Dll after mapping it to memory as Image.
 6 | 
 7 | # How to use
 8 | ```
 9 | DLL-Obfuscation-V2.exe <Operation Type>  <Clean Dll Path> <Obfuscated Dll Path>
10 | Operation Type:
11 |     1 Encrypt the DLL
12 |     2 Load Encrypted Dll
13 | DLL-Obfuscation-V2.exe 1 TestDll.dll ObfuscatedTestDll.dll
14 | DLL-Obfuscation-V2.exe 2 ObfuscatedTestDll.dll
15 | ```
16 | 
17 | # Note:
18 | the Dll should be on fixed address (No relocation) as this will courupte the decryption of the code section.
19 | 
20 | the decryption is simple XOR with 0xAB
21 | 
22 | # Demo
23 | 
24 | ![Clean](https://github.com/MahmoudZohdy/DLL-Obfuscation-V2/blob/main/images/Clean.PNG)
25 | 
26 | Obfuscated Version
27 | ![Obfuscated](https://github.com/MahmoudZohdy/DLL-Obfuscation-V2/blob/main/images/Encrypted.PNG)


--------------------------------------------------------------------------------
/DLL-Obfuscation-V2/TestDll/TestDll.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClInclude Include="framework.h">
19 |       <Filter>Header Files</Filter>
20 |     </ClInclude>
21 |     <ClInclude Include="pch.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |   </ItemGroup>
25 |   <ItemGroup>
26 |     <ClCompile Include="dllmain.cpp">
27 |       <Filter>Source Files</Filter>
28 |     </ClCompile>
29 |     <ClCompile Include="pch.cpp">
30 |       <Filter>Source Files</Filter>
31 |     </ClCompile>
32 |   </ItemGroup>
33 | </Project>


--------------------------------------------------------------------------------
/DLL-Obfuscation-V2/DLL-Obfuscation-V2.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.31515.178
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DLL-Obfuscation-V2", "DLL-Obfuscation-V2\DLL-Obfuscation-V2.vcxproj", "{EFA02CF4-B857-4957-8AC0-0FAF9AA7AA76}"
 7 | EndProject
 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TestDll", "TestDll\TestDll.vcxproj", "{A57FEC0C-F65D-42E5-A032-9A3ACCE68338}"
 9 | EndProject
10 | Global
11 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | 		Debug|x64 = Debug|x64
13 | 		Debug|x86 = Debug|x86
14 | 		Release|x64 = Release|x64
15 | 		Release|x86 = Release|x86
16 | 	EndGlobalSection
17 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
18 | 		{EFA02CF4-B857-4957-8AC0-0FAF9AA7AA76}.Debug|x64.ActiveCfg = Debug|x64
19 | 		{EFA02CF4-B857-4957-8AC0-0FAF9AA7AA76}.Debug|x64.Build.0 = Debug|x64
20 | 		{EFA02CF4-B857-4957-8AC0-0FAF9AA7AA76}.Debug|x86.ActiveCfg = Debug|Win32
21 | 		{EFA02CF4-B857-4957-8AC0-0FAF9AA7AA76}.Debug|x86.Build.0 = Debug|Win32
22 | 		{EFA02CF4-B857-4957-8AC0-0FAF9AA7AA76}.Release|x64.ActiveCfg = Release|x64
23 | 		{EFA02CF4-B857-4957-8AC0-0FAF9AA7AA76}.Release|x64.Build.0 = Release|x64
24 | 		{EFA02CF4-B857-4957-8AC0-0FAF9AA7AA76}.Release|x86.ActiveCfg = Release|Win32
25 | 		{EFA02CF4-B857-4957-8AC0-0FAF9AA7AA76}.Release|x86.Build.0 = Release|Win32
26 | 		{A57FEC0C-F65D-42E5-A032-9A3ACCE68338}.Debug|x64.ActiveCfg = Debug|x64
27 | 		{A57FEC0C-F65D-42E5-A032-9A3ACCE68338}.Debug|x64.Build.0 = Debug|x64
28 | 		{A57FEC0C-F65D-42E5-A032-9A3ACCE68338}.Debug|x86.ActiveCfg = Debug|Win32
29 | 		{A57FEC0C-F65D-42E5-A032-9A3ACCE68338}.Debug|x86.Build.0 = Debug|Win32
30 | 		{A57FEC0C-F65D-42E5-A032-9A3ACCE68338}.Release|x64.ActiveCfg = Release|x64
31 | 		{A57FEC0C-F65D-42E5-A032-9A3ACCE68338}.Release|x64.Build.0 = Release|x64
32 | 		{A57FEC0C-F65D-42E5-A032-9A3ACCE68338}.Release|x86.ActiveCfg = Release|Win32
33 | 		{A57FEC0C-F65D-42E5-A032-9A3ACCE68338}.Release|x86.Build.0 = Release|Win32
34 | 	EndGlobalSection
35 | 	GlobalSection(SolutionProperties) = preSolution
36 | 		HideSolutionNode = FALSE
37 | 	EndGlobalSection
38 | 	GlobalSection(ExtensibilityGlobals) = postSolution
39 | 		SolutionGuid = {7EB7F29E-8B2B-45D6-8349-E9DA6D56EB35}
40 | 	EndGlobalSection
41 | EndGlobal
42 | 


--------------------------------------------------------------------------------
/DLL-Obfuscation-V2/DLL-Obfuscation-V2/DLL-Obfuscation-V2.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>16.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{efa02cf4-b857-4957-8ac0-0faf9aa7aa76}</ProjectGuid>
 25 |     <RootNamespace>DLLObfuscationV2</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v142</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v142</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v142</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v142</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 77 |     <LinkIncremental>false</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 80 |     <LinkIncremental>true</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <SDLCheck>true</SDLCheck>
 89 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 90 |       <ConformanceMode>true</ConformanceMode>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 95 |     </Link>
 96 |   </ItemDefinitionGroup>
 97 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 98 |     <ClCompile>
 99 |       <WarningLevel>Level3</WarningLevel>
100 |       <FunctionLevelLinking>true</FunctionLevelLinking>
101 |       <IntrinsicFunctions>true</IntrinsicFunctions>
102 |       <SDLCheck>true</SDLCheck>
103 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
104 |       <ConformanceMode>true</ConformanceMode>
105 |     </ClCompile>
106 |     <Link>
107 |       <SubSystem>Console</SubSystem>
108 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
109 |       <OptimizeReferences>true</OptimizeReferences>
110 |       <GenerateDebugInformation>true</GenerateDebugInformation>
111 |     </Link>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
114 |     <ClCompile>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <SDLCheck>true</SDLCheck>
117 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
118 |       <ConformanceMode>true</ConformanceMode>
119 |     </ClCompile>
120 |     <Link>
121 |       <SubSystem>Console</SubSystem>
122 |       <GenerateDebugInformation>true</GenerateDebugInformation>
123 |     </Link>
124 |   </ItemDefinitionGroup>
125 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
126 |     <ClCompile>
127 |       <WarningLevel>Level3</WarningLevel>
128 |       <FunctionLevelLinking>true</FunctionLevelLinking>
129 |       <IntrinsicFunctions>true</IntrinsicFunctions>
130 |       <SDLCheck>true</SDLCheck>
131 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
132 |       <ConformanceMode>true</ConformanceMode>
133 |     </ClCompile>
134 |     <Link>
135 |       <SubSystem>Console</SubSystem>
136 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
137 |       <OptimizeReferences>true</OptimizeReferences>
138 |       <GenerateDebugInformation>true</GenerateDebugInformation>
139 |     </Link>
140 |   </ItemDefinitionGroup>
141 |   <ItemGroup>
142 |     <ClCompile Include="DLL-Obfuscation-V2.cpp" />
143 |   </ItemGroup>
144 |   <ItemGroup>
145 |     <ClInclude Include="Utiliti.h" />
146 |   </ItemGroup>
147 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
148 |   <ImportGroup Label="ExtensionTargets">
149 |   </ImportGroup>
150 | </Project>


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | ## Ignore Visual Studio temporary files, build results, and
  2 | ## files generated by popular Visual Studio add-ons.
  3 | ##
  4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
  5 | 
  6 | # User-specific files
  7 | *.rsuser
  8 | *.suo
  9 | *.user
 10 | *.userosscache
 11 | *.sln.docstates
 12 | 
 13 | # User-specific files (MonoDevelop/Xamarin Studio)
 14 | *.userprefs
 15 | 
 16 | # Mono auto generated files
 17 | mono_crash.*
 18 | 
 19 | # Build results
 20 | [Dd]ebug/
 21 | [Dd]ebugPublic/
 22 | [Rr]elease/
 23 | [Rr]eleases/
 24 | x64/
 25 | x86/
 26 | [Ww][Ii][Nn]32/
 27 | [Aa][Rr][Mm]/
 28 | [Aa][Rr][Mm]64/
 29 | bld/
 30 | [Bb]in/
 31 | [Oo]bj/
 32 | [Ll]og/
 33 | [Ll]ogs/
 34 | 
 35 | # Visual Studio 2015/2017 cache/options directory
 36 | .vs/
 37 | # Uncomment if you have tasks that create the project's static files in wwwroot
 38 | #wwwroot/
 39 | 
 40 | .vs/
 41 | 
 42 | # Visual Studio 2017 auto generated files
 43 | Generated\ Files/
 44 | 
 45 | # MSTest test Results
 46 | [Tt]est[Rr]esult*/
 47 | [Bb]uild[Ll]og.*
 48 | 
 49 | # NUnit
 50 | *.VisualState.xml
 51 | TestResult.xml
 52 | nunit-*.xml
 53 | 
 54 | # Build Results of an ATL Project
 55 | [Dd]ebugPS/
 56 | [Rr]eleasePS/
 57 | dlldata.c
 58 | 
 59 | # Benchmark Results
 60 | BenchmarkDotNet.Artifacts/
 61 | 
 62 | # .NET Core
 63 | project.lock.json
 64 | project.fragment.lock.json
 65 | artifacts/
 66 | 
 67 | # ASP.NET Scaffolding
 68 | ScaffoldingReadMe.txt
 69 | 
 70 | # StyleCop
 71 | StyleCopReport.xml
 72 | 
 73 | # Files built by Visual Studio
 74 | *_i.c
 75 | *_p.c
 76 | *_h.h
 77 | *.ilk
 78 | *.meta
 79 | *.obj
 80 | *.iobj
 81 | *.pch
 82 | *.pdb
 83 | *.ipdb
 84 | *.pgc
 85 | *.pgd
 86 | *.rsp
 87 | *.sbr
 88 | *.tlb
 89 | *.tli
 90 | *.tlh
 91 | *.tmp
 92 | *.tmp_proj
 93 | *_wpftmp.csproj
 94 | *.log
 95 | *.tlog
 96 | *.vspscc
 97 | *.vssscc
 98 | .builds
 99 | *.pidb
100 | *.svclog
101 | *.scc
102 | 
103 | # Chutzpah Test files
104 | _Chutzpah*
105 | 
106 | # Visual C++ cache files
107 | ipch/
108 | *.aps
109 | *.ncb
110 | *.opendb
111 | *.opensdf
112 | *.sdf
113 | *.cachefile
114 | *.VC.db
115 | *.VC.VC.opendb
116 | 
117 | # Visual Studio profiler
118 | *.psess
119 | *.vsp
120 | *.vspx
121 | *.sap
122 | 
123 | # Visual Studio Trace Files
124 | *.e2e
125 | 
126 | # TFS 2012 Local Workspace
127 | $tf/
128 | 
129 | # Guidance Automation Toolkit
130 | *.gpState
131 | 
132 | # ReSharper is a .NET coding add-in
133 | _ReSharper*/
134 | *.[Rr]e[Ss]harper
135 | *.DotSettings.user
136 | 
137 | # TeamCity is a build add-in
138 | _TeamCity*
139 | 
140 | # DotCover is a Code Coverage Tool
141 | *.dotCover
142 | 
143 | # AxoCover is a Code Coverage Tool
144 | .axoCover/*
145 | !.axoCover/settings.json
146 | 
147 | # Coverlet is a free, cross platform Code Coverage Tool
148 | coverage*.json
149 | coverage*.xml
150 | coverage*.info
151 | 
152 | # Visual Studio code coverage results
153 | *.coverage
154 | *.coveragexml
155 | 
156 | # NCrunch
157 | _NCrunch_*
158 | .*crunch*.local.xml
159 | nCrunchTemp_*
160 | 
161 | # MightyMoose
162 | *.mm.*
163 | AutoTest.Net/
164 | 
165 | # Web workbench (sass)
166 | .sass-cache/
167 | 
168 | # Installshield output folder
169 | [Ee]xpress/
170 | 
171 | # DocProject is a documentation generator add-in
172 | DocProject/buildhelp/
173 | DocProject/Help/*.HxT
174 | DocProject/Help/*.HxC
175 | DocProject/Help/*.hhc
176 | DocProject/Help/*.hhk
177 | DocProject/Help/*.hhp
178 | DocProject/Help/Html2
179 | DocProject/Help/html
180 | 
181 | # Click-Once directory
182 | publish/
183 | 
184 | # Publish Web Output
185 | *.[Pp]ublish.xml
186 | *.azurePubxml
187 | # Note: Comment the next line if you want to checkin your web deploy settings,
188 | # but database connection strings (with potential passwords) will be unencrypted
189 | *.pubxml
190 | *.publishproj
191 | 
192 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
193 | # checkin your Azure Web App publish settings, but sensitive information contained
194 | # in these scripts will be unencrypted
195 | PublishScripts/
196 | 
197 | # NuGet Packages
198 | *.nupkg
199 | # NuGet Symbol Packages
200 | *.snupkg
201 | # The packages folder can be ignored because of Package Restore
202 | **/[Pp]ackages/*
203 | # except build/, which is used as an MSBuild target.
204 | !**/[Pp]ackages/build/
205 | # Uncomment if necessary however generally it will be regenerated when needed
206 | #!**/[Pp]ackages/repositories.config
207 | # NuGet v3's project.json files produces more ignorable files
208 | *.nuget.props
209 | *.nuget.targets
210 | 
211 | # Nuget personal access tokens and Credentials
212 | nuget.config
213 | 
214 | # Microsoft Azure Build Output
215 | csx/
216 | *.build.csdef
217 | 
218 | # Microsoft Azure Emulator
219 | ecf/
220 | rcf/
221 | 
222 | # Windows Store app package directories and files
223 | AppPackages/
224 | BundleArtifacts/
225 | Package.StoreAssociation.xml
226 | _pkginfo.txt
227 | *.appx
228 | *.appxbundle
229 | *.appxupload
230 | 
231 | # Visual Studio cache files
232 | # files ending in .cache can be ignored
233 | *.[Cc]ache
234 | # but keep track of directories ending in .cache
235 | !?*.[Cc]ache/
236 | 
237 | # Others
238 | ClientBin/
239 | ~$*
240 | *~
241 | *.dbmdl
242 | *.dbproj.schemaview
243 | *.jfm
244 | *.pfx
245 | *.publishsettings
246 | orleans.codegen.cs
247 | 
248 | # Including strong name files can present a security risk
249 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
250 | #*.snk
251 | 
252 | # Since there are multiple workflows, uncomment next line to ignore bower_components
253 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
254 | #bower_components/
255 | 
256 | # RIA/Silverlight projects
257 | Generated_Code/
258 | 
259 | # Backup & report files from converting an old project file
260 | # to a newer Visual Studio version. Backup files are not needed,
261 | # because we have git ;-)
262 | _UpgradeReport_Files/
263 | Backup*/
264 | UpgradeLog*.XML
265 | UpgradeLog*.htm
266 | ServiceFabricBackup/
267 | *.rptproj.bak
268 | 
269 | # SQL Server files
270 | *.mdf
271 | *.ldf
272 | *.ndf
273 | 
274 | # Business Intelligence projects
275 | *.rdl.data
276 | *.bim.layout
277 | *.bim_*.settings
278 | *.rptproj.rsuser
279 | *- [Bb]ackup.rdl
280 | *- [Bb]ackup ([0-9]).rdl
281 | *- [Bb]ackup ([0-9][0-9]).rdl
282 | 
283 | # Microsoft Fakes
284 | FakesAssemblies/
285 | 
286 | # GhostDoc plugin setting file
287 | *.GhostDoc.xml
288 | 
289 | # Node.js Tools for Visual Studio
290 | .ntvs_analysis.dat
291 | node_modules/
292 | 
293 | # Visual Studio 6 build log
294 | *.plg
295 | 
296 | # Visual Studio 6 workspace options file
297 | *.opt
298 | 
299 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
300 | *.vbw
301 | 
302 | # Visual Studio LightSwitch build output
303 | **/*.HTMLClient/GeneratedArtifacts
304 | **/*.DesktopClient/GeneratedArtifacts
305 | **/*.DesktopClient/ModelManifest.xml
306 | **/*.Server/GeneratedArtifacts
307 | **/*.Server/ModelManifest.xml
308 | _Pvt_Extensions
309 | 
310 | # Paket dependency manager
311 | .paket/paket.exe
312 | paket-files/
313 | 
314 | # FAKE - F# Make
315 | .fake/
316 | 
317 | # CodeRush personal settings
318 | .cr/personal
319 | 
320 | # Python Tools for Visual Studio (PTVS)
321 | __pycache__/
322 | *.pyc
323 | 
324 | # Cake - Uncomment if you are using it
325 | # tools/**
326 | # !tools/packages.config
327 | 
328 | # Tabs Studio
329 | *.tss
330 | 
331 | # Telerik's JustMock configuration file
332 | *.jmconfig
333 | 
334 | # BizTalk build output
335 | *.btp.cs
336 | *.btm.cs
337 | *.odx.cs
338 | *.xsd.cs
339 | 
340 | # OpenCover UI analysis results
341 | OpenCover/
342 | 
343 | # Azure Stream Analytics local run output
344 | ASALocalRun/
345 | 
346 | # MSBuild Binary and Structured Log
347 | *.binlog
348 | 
349 | # NVidia Nsight GPU debugger configuration file
350 | *.nvuser
351 | 
352 | # MFractors (Xamarin productivity tool) working folder
353 | .mfractor/
354 | 
355 | # Local History for Visual Studio
356 | .localhistory/
357 | 
358 | # BeatPulse healthcheck temp database
359 | healthchecksdb
360 | 
361 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
362 | MigrationBackup/
363 | 
364 | # Ionide (cross platform F# VS Code tools) working folder
365 | .ionide/
366 | 
367 | # Fody - auto-generated XML schema
368 | FodyWeavers.xsd
369 | 
370 | # VS Code files for those working on multiple tools
371 | .vscode/*
372 | !.vscode/settings.json
373 | !.vscode/tasks.json
374 | !.vscode/launch.json
375 | !.vscode/extensions.json
376 | *.code-workspace
377 | 
378 | # Local History for Visual Studio Code
379 | .history/
380 | 
381 | # Windows Installer files from build outputs
382 | *.cab
383 | *.msi
384 | *.msix
385 | *.msm
386 | *.msp
387 | 
388 | # JetBrains Rider
389 | .idea/
390 | *.sln.iml


--------------------------------------------------------------------------------
/DLL-Obfuscation-V2/DLL-Obfuscation-V2/Utiliti.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #pragma warning(disable : 4996)
  3 | 
  4 | #include <iostream>
  5 | #include <Windows.h>
  6 | #include <DbgHelp.h>
  7 | 
  8 | #pragma comment(lib, "Dbghelp.lib")
  9 | 
 10 | #define KEY 0xAB
 11 | 
 12 | #define CALL_FIRST 1  
 13 | 
 14 | #if _WIN64			
 15 | #define DWORD64 unsigned long long
 16 | #else
 17 | #define DWORD64 unsigned long
 18 | #endif
 19 | 
 20 | PIMAGE_NT_HEADERS  GetNTHeaders(DWORD64 dwImageBase) {
 21 | 	return (PIMAGE_NT_HEADERS)(dwImageBase + ((PIMAGE_DOS_HEADER)dwImageBase)->e_lfanew);
 22 | }
 23 | 
 24 | PLOADED_IMAGE  GetLoadedImage(DWORD64 dwImageBase)
 25 | {
 26 | 	PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)dwImageBase;
 27 | 
 28 | 	PIMAGE_NT_HEADERS pNTHeaders = GetNTHeaders(dwImageBase);
 29 | 	PLOADED_IMAGE pImage = new LOADED_IMAGE();
 30 | 
 31 | 	pImage->FileHeader = (PIMAGE_NT_HEADERS)(dwImageBase + pDosHeader->e_lfanew);
 32 | 
 33 | 	pImage->NumberOfSections = pImage->FileHeader->FileHeader.NumberOfSections;
 34 | 
 35 | 	pImage->Sections = (PIMAGE_SECTION_HEADER)(dwImageBase + pDosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS));
 36 | 
 37 | 	return pImage;
 38 | }
 39 | 
 40 | void EncryptDecryptCodeSection(BYTE* Data, int MemoryType) {
 41 | 	BOOL bSuccess = FALSE;
 42 | 	LPVOID lpRemoteLibraryBuffer = NULL;
 43 | 	LPTHREAD_START_ROUTINE lpReflectiveLoader = NULL;
 44 | 	HANDLE hThread = NULL;
 45 | 	DWORD dwReflectiveLoaderOffset = 0;
 46 | 	DWORD dwThreadId = 0;
 47 | 	DWORD dwLength;
 48 | 
 49 | 
 50 | 	PIMAGE_NT_HEADERS pSourceHeaders = GetNTHeaders((DWORD64)Data);
 51 | 
 52 | 	PLOADED_IMAGE pSourceImage = GetLoadedImage((DWORD64)Data);
 53 | 	for (DWORD x = 0; x < pSourceImage->NumberOfSections; x++)
 54 | 	{
 55 | 
 56 | 		char pSectionName[] = "text";
 57 | 		char* pch;
 58 | 		pch = strstr((CHAR*)pSourceImage->Sections[x].Name, "text");
 59 | 		if (pch == NULL) {
 60 | 			pch = strstr((CHAR*)pSourceImage->Sections[x].Name, "code");
 61 | 			if (pch == NULL)
 62 | 				continue;
 63 | 		}
 64 | 
 65 | 		//the data is buffer read from file
 66 | 		if (MemoryType == 1) {
 67 | 			for (DWORD i = 0; i < pSourceHeaders->OptionalHeader.SizeOfCode; i++) {
 68 | 				DWORD64* ByteTohange = (DWORD64*)((DWORD64)Data + (DWORD64)pSourceImage->Sections[x].PointerToRawData + (DWORD64)i);
 69 | 				*(BYTE*)ByteTohange = *(BYTE*)ByteTohange ^ KEY;
 70 | 
 71 | 			}
 72 | 			break;
 73 | 		}
 74 | 
 75 | 		//the data is memory mapped for the Dll
 76 | 		DWORD OldProtection;
 77 | 		BOOL ret = VirtualProtect((DWORD64*)((DWORD64)Data + (DWORD64)pSourceImage->Sections[x].VirtualAddress), pSourceHeaders->OptionalHeader.SizeOfCode, PAGE_EXECUTE_READWRITE, &OldProtection);
 78 | 		if (!ret) {
 79 | 			printf("failed to change protection Error Code %x\n", GetLastError());
 80 | 			return;
 81 | 		}
 82 | 
 83 | 		for (DWORD i = 0; i < pSourceHeaders->OptionalHeader.SizeOfCode; i++) {
 84 | 			DWORD64* ByteTohange = (DWORD64*)((DWORD64)Data + (DWORD64)pSourceImage->Sections[x].VirtualAddress + (DWORD64)i);
 85 | 			*(BYTE*)ByteTohange = *(BYTE*)ByteTohange ^ KEY;
 86 | 		}
 87 | 
 88 | 		ret = VirtualProtect((DWORD64*)((DWORD64)Data + (DWORD64)pSourceImage->Sections[x].VirtualAddress), pSourceHeaders->OptionalHeader.SizeOfCode, OldProtection, &OldProtection);
 89 | 		if (!ret) {
 90 | 			printf("failed to change protection to its original protection Error Code %x\n", GetLastError());
 91 | 			return;
 92 | 		}
 93 | 		break;
 94 | 
 95 | 	}
 96 | }
 97 | 
 98 | 
 99 | 
100 | int Flag = 1;
101 | //Gets Executed when we hit our hardware breakpoint
102 | LONG WINAPI ExceptionHandler(_EXCEPTION_POINTERS* ExceptionInfo)
103 | {
104 | 	if (Flag) {
105 | 
106 | 		typedef NTSTATUS(WINAPI* _ZwMapViewOfSection)(
107 | 			HANDLE          SectionHandle,
108 | 			HANDLE          ProcessHandle,
109 | 			PVOID* BaseAddress,
110 | 			ULONG_PTR       ZeroBits,
111 | 			SIZE_T          CommitSize,
112 | 			PLARGE_INTEGER  SectionOffset,
113 | 			PSIZE_T         ViewSize,
114 | 			DWORD64			InheritDisposition,
115 | 			ULONG           AllocationType,
116 | 			ULONG           Win32Protect
117 | 			);
118 | 
119 | 		NTSTATUS   result = NULL;
120 | 
121 | #if _WIN64			
122 | 		DWORD64* EspValue = (DWORD64*)ExceptionInfo->ContextRecord->Rsp;
123 | #else
124 | 		DWORD* EspValue = (DWORD*)ExceptionInfo->ContextRecord->Esp;
125 | #endif
126 | 
127 | 		_ZwMapViewOfSection ZwMapViewOfSectionaddr = (_ZwMapViewOfSection)GetProcAddress(LoadLibraryA("ntdll"), "ZwMapViewOfSection");
128 | 
129 | 		if (!ZwMapViewOfSectionaddr) {
130 | 			ExceptionInfo->ContextRecord->Dr0 = 0;
131 | 			ExceptionInfo->ContextRecord->Dr7 = 0;
132 | 
133 | 			printf("Faile to get ZwMapViewOfSection address Error Code\n",GetLastError());
134 | 			return EXCEPTION_CONTINUE_EXECUTION;
135 | 		}
136 | 
137 | 
138 | 		//Remove HardWare Break Point and Exception
139 | 		ExceptionInfo->ContextRecord->Dr0 = 0;
140 | 		ExceptionInfo->ContextRecord->Dr7 = 0;
141 | 		CONTEXT Context;
142 | 		Context.ContextFlags = CONTEXT_DEBUG_REGISTERS;
143 | 
144 | 		RemoveVectoredExceptionHandler(ExceptionHandler);
145 | 
146 | 		GetThreadContext(GetCurrentThread(), &Context);
147 | 
148 | 		Context.Dr0 = 0;
149 | 		Context.Dr7 = 0;
150 | 
151 | 		SetThreadContext(GetCurrentThread(), &Context);
152 | 		Flag = 0;
153 | 
154 | 		//Search the ZwMapViewOfSection Function For the return address and set instruction pointer to it.
155 | #if _WIN64			
156 | 		//0xc3	ret
157 | 		for (int i = 0;; i++) {
158 | 			if (((BYTE*)ZwMapViewOfSectionaddr)[i] == 0xc3) {
159 | 				ExceptionInfo->ContextRecord->Rip = (DWORD64)((BYTE*)ZwMapViewOfSectionaddr + i);
160 | 				break;
161 | 			}
162 | 		}
163 | #else
164 | 		// c2 28 00		ret 0x28
165 | 		for (int i = 0;; i++) {
166 | 			if (((BYTE*)ZwMapViewOfSectionaddr)[i] == 0xc2 && ((BYTE*)ZwMapViewOfSectionaddr)[i + 1] == 0x28 && ((BYTE*)ZwMapViewOfSectionaddr)[i + 2] == 0x00) {
167 | 				ExceptionInfo->ContextRecord->Eip = (DWORD64)((BYTE*)ZwMapViewOfSectionaddr + i);
168 | 				break;
169 | 			}
170 | 		}
171 | #endif
172 | 		DWORD64* pBaseAddress = NULL;
173 | 		SIZE_T size = 0;
174 | 
175 | #if _WIN64		
176 | 		result = ZwMapViewOfSectionaddr((HANDLE)ExceptionInfo->ContextRecord->Rcx, (HANDLE)ExceptionInfo->ContextRecord->Rdx, (PVOID*)ExceptionInfo->ContextRecord->R8, ExceptionInfo->ContextRecord->R9, (SIZE_T)EspValue[5], (PLARGE_INTEGER)EspValue[6], (PSIZE_T)EspValue[7], EspValue[8], EspValue[9], EspValue[10]);
177 | 
178 | #else		
179 | 		result = ZwMapViewOfSectionaddr((HANDLE)EspValue[1], (HANDLE)EspValue[2], (PVOID*)EspValue[3], EspValue[4], EspValue[5], (PLARGE_INTEGER)EspValue[6], (PSIZE_T)EspValue[7], EspValue[8], EspValue[9], EspValue[10]);
180 | 
181 | #endif
182 | 		if (result != 0) {
183 | 			printf("ZwMapViewOfSectionaddr failed %x %x\n", result, GetLastError());
184 | 			return EXCEPTION_CONTINUE_EXECUTION;
185 | 		}
186 | 
187 | 
188 | #if _WIN64
189 | 		pBaseAddress = (DWORD64*)ExceptionInfo->ContextRecord->R8;
190 | 
191 | #else
192 | 		pBaseAddress = (DWORD64*)(PVOID*)EspValue[3];
193 | #endif
194 | 		DWORD64* MapBase = (DWORD64*)(*pBaseAddress);
195 | 		DWORD64* Start = MapBase;
196 | 		EncryptDecryptCodeSection((BYTE*)Start, 0);
197 | 
198 | 	}
199 | 
200 | 	return EXCEPTION_CONTINUE_EXECUTION;
201 | 
202 | }
203 | 
204 | 
205 | BYTE* ReadDataFromFile(CHAR* FileName) {
206 | 
207 | 	HANDLE hFile = NULL;
208 | 	BOOL bResult = FALSE;
209 | 	DWORD cbRead = 0;
210 | 
211 | 	hFile = CreateFileA(FileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
212 | 	if (hFile == INVALID_HANDLE_VALUE)
213 | 	{
214 | 		printf("Failed To Open Handle To File %S Error Code is 0x%x\n", FileName, GetLastError());
215 | 		return NULL;
216 | 	}
217 | 
218 | 	int FileSize = GetFileSize(hFile, 0);
219 | 	if (FileSize == INVALID_FILE_SIZE) {
220 | 		printf("Failed To get File size Error Code is 0x%x\n", GetLastError());
221 | 		return NULL;
222 | 	}
223 | 
224 | 	BYTE* FileContents = new BYTE[FileSize];
225 | 	ZeroMemory(FileContents, FileSize);
226 | 
227 | 	bResult = ReadFile(hFile, FileContents, FileSize, &cbRead, NULL);
228 | 	if (bResult == FALSE) {
229 | 		printf("Failed To Read File Data Error Code is 0x%x\n", GetLastError());
230 | 		return NULL;
231 | 	}
232 | 
233 | 	CloseHandle(hFile);
234 | 	return FileContents;
235 | }
236 | 
237 | 
238 | DWORD GenerateEncryptedDLL(CHAR* FileName, CHAR* OutputFileName) {
239 | 
240 | 	HANDLE hOutputFile;
241 | 	DWORD dwBytesWritten;
242 | 	BOOL bErrorFlag;
243 | 
244 | 	BYTE* FileData = ReadDataFromFile(FileName);
245 | 
246 | 	HANDLE hfile = CreateFileA(FileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
247 | 
248 | 	EncryptDecryptCodeSection(FileData,1);
249 | 	hOutputFile = CreateFileA(OutputFileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
250 | 
251 | 	if (hOutputFile == INVALID_HANDLE_VALUE) {
252 | 		printf("Faile TO open file for write Error Code %x\n", GetLastError());
253 | 		return -1;
254 | 	}
255 | 
256 | 	DWORD FileSize = GetFileSize(hfile, NULL);
257 | 	bErrorFlag = WriteFile(hOutputFile, FileData, FileSize, &dwBytesWritten, NULL);
258 | 
259 | 	if (FALSE == bErrorFlag) {
260 | 		printf("Failed To Write To File Error Code %x\n", GetLastError());
261 | 		return -1;
262 | 	}
263 | 
264 | 	CloseHandle(hfile);
265 | 	CloseHandle(hOutputFile);
266 | 
267 | 	return 0;
268 | }
269 | 
270 | 
271 | DWORD LoadEncryptedDll(CHAR* DllPath) {
272 | 
273 | 	DWORD Result = 0;
274 | 	CONTEXT Context;
275 | 	Context.ContextFlags = CONTEXT_ALL;
276 | 
277 | 	GetThreadContext(GetCurrentThread(), &Context);
278 | 
279 | 	DWORD64 FunAddr = (DWORD64)GetProcAddress(LoadLibraryA("ntdll"), "ZwMapViewOfSection");
280 | 
281 | 	Context.Dr7 |= 1 << (0 * 2);
282 | 	Context.Dr0 = FunAddr;
283 | 	Context.Dr7 |= 0x00 << ((0 * 4) + 16);
284 | 	Context.Dr7 |= sizeof(DWORD) << ((0 * 4) + 18);
285 | 
286 | 	AddVectoredExceptionHandler(CALL_FIRST, ExceptionHandler);
287 | 
288 | 	SetThreadContext(GetCurrentThread(), &Context);
289 | 
290 | 	HMODULE Module = LoadLibraryA(DllPath);
291 | 	if (Module) {
292 | 		printf("Load Encrypted Library success Base Address is %p\n", Module);
293 | 		Result = 0;
294 | 	}
295 | 	else {
296 | 		printf("Load Encrypted Library failed  %p  %x\n", Module, GetLastError());
297 | 		Result = -1;
298 | 	}
299 | 
300 | 	return Result;
301 | }


--------------------------------------------------------------------------------
/DLL-Obfuscation-V2/TestDll/TestDll.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>16.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{a57fec0c-f65d-42e5-a032-9a3acce68338}</ProjectGuid>
 25 |     <RootNamespace>TestDll</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v142</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v142</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v142</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v142</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>false</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 77 |     <LinkIncremental>false</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 80 |     <LinkIncremental>false</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <SDLCheck>true</SDLCheck>
 89 |       <PreprocessorDefinitions>WIN32;_DEBUG;TESTDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 90 |       <ConformanceMode>true</ConformanceMode>
 91 |       <PrecompiledHeader>Use</PrecompiledHeader>
 92 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
 93 |       <CompileAs>CompileAsC</CompileAs>
 94 |       <ExceptionHandling>false</ExceptionHandling>
 95 |     </ClCompile>
 96 |     <Link>
 97 |       <SubSystem>Windows</SubSystem>
 98 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 99 |       <EnableUAC>false</EnableUAC>
100 |       <DataExecutionPrevention>false</DataExecutionPrevention>
101 |       <RandomizedBaseAddress>false</RandomizedBaseAddress>
102 |       <FixedBaseAddress>true</FixedBaseAddress>
103 |     </Link>
104 |   </ItemDefinitionGroup>
105 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
106 |     <ClCompile>
107 |       <WarningLevel>Level3</WarningLevel>
108 |       <FunctionLevelLinking>true</FunctionLevelLinking>
109 |       <IntrinsicFunctions>true</IntrinsicFunctions>
110 |       <SDLCheck>true</SDLCheck>
111 |       <PreprocessorDefinitions>WIN32;NDEBUG;TESTDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
112 |       <ConformanceMode>true</ConformanceMode>
113 |       <PrecompiledHeader>Use</PrecompiledHeader>
114 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
115 |       <CompileAs>CompileAsC</CompileAs>
116 |       <ExceptionHandling>false</ExceptionHandling>
117 |     </ClCompile>
118 |     <Link>
119 |       <SubSystem>Windows</SubSystem>
120 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
121 |       <OptimizeReferences>true</OptimizeReferences>
122 |       <GenerateDebugInformation>true</GenerateDebugInformation>
123 |       <EnableUAC>false</EnableUAC>
124 |       <DataExecutionPrevention>false</DataExecutionPrevention>
125 |       <RandomizedBaseAddress>false</RandomizedBaseAddress>
126 |       <FixedBaseAddress>true</FixedBaseAddress>
127 |     </Link>
128 |   </ItemDefinitionGroup>
129 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
130 |     <ClCompile>
131 |       <WarningLevel>Level3</WarningLevel>
132 |       <SDLCheck>true</SDLCheck>
133 |       <PreprocessorDefinitions>_DEBUG;TESTDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
134 |       <ConformanceMode>true</ConformanceMode>
135 |       <PrecompiledHeader>Use</PrecompiledHeader>
136 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
137 |       <CompileAs>CompileAsC</CompileAs>
138 |       <ExceptionHandling>false</ExceptionHandling>
139 |       <BasicRuntimeChecks>Default</BasicRuntimeChecks>
140 |     </ClCompile>
141 |     <Link>
142 |       <SubSystem>Windows</SubSystem>
143 |       <GenerateDebugInformation>true</GenerateDebugInformation>
144 |       <EnableUAC>false</EnableUAC>
145 |       <DataExecutionPrevention>false</DataExecutionPrevention>
146 |       <RandomizedBaseAddress>false</RandomizedBaseAddress>
147 |       <FixedBaseAddress>true</FixedBaseAddress>
148 |     </Link>
149 |   </ItemDefinitionGroup>
150 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
151 |     <ClCompile>
152 |       <WarningLevel>Level3</WarningLevel>
153 |       <FunctionLevelLinking>true</FunctionLevelLinking>
154 |       <IntrinsicFunctions>true</IntrinsicFunctions>
155 |       <SDLCheck>true</SDLCheck>
156 |       <PreprocessorDefinitions>NDEBUG;TESTDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
157 |       <ConformanceMode>true</ConformanceMode>
158 |       <PrecompiledHeader>Use</PrecompiledHeader>
159 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
160 |       <CompileAs>CompileAsC</CompileAs>
161 |       <ExceptionHandling>false</ExceptionHandling>
162 |     </ClCompile>
163 |     <Link>
164 |       <SubSystem>Windows</SubSystem>
165 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
166 |       <OptimizeReferences>true</OptimizeReferences>
167 |       <GenerateDebugInformation>true</GenerateDebugInformation>
168 |       <EnableUAC>false</EnableUAC>
169 |       <DataExecutionPrevention>false</DataExecutionPrevention>
170 |       <RandomizedBaseAddress>false</RandomizedBaseAddress>
171 |       <FixedBaseAddress>true</FixedBaseAddress>
172 |     </Link>
173 |   </ItemDefinitionGroup>
174 |   <ItemGroup>
175 |     <ClInclude Include="framework.h" />
176 |     <ClInclude Include="pch.h" />
177 |   </ItemGroup>
178 |   <ItemGroup>
179 |     <ClCompile Include="dllmain.cpp" />
180 |     <ClCompile Include="pch.cpp">
181 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
182 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
183 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
184 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
185 |     </ClCompile>
186 |   </ItemGroup>
187 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
188 |   <ImportGroup Label="ExtensionTargets">
189 |   </ImportGroup>
190 | </Project>


--------------------------------------------------------------------------------