├── .gitignore
├── LICENSE
├── README.md
├── encrypt
├── encrypt.vcxproj
├── encrypt.vcxproj.filters
├── encrypt.vcxproj.user
└── main.cpp
├── test1337.sln
└── test1337
├── encrypt.h
├── hwbp.h
├── test1337.cpp
├── test1337.vcxproj
├── test1337.vcxproj.filters
└── test1337.vcxproj.user
/.gitignore:
--------------------------------------------------------------------------------
1 | Release/
2 | Debug/
3 | *.sdf
4 | *.opensdf
5 | *.suo
6 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Mozilla Public License Version 2.0
2 | ==================================
3 |
4 | 1. Definitions
5 | --------------
6 |
7 | 1.1. "Contributor"
8 | means each individual or legal entity that creates, contributes to
9 | the creation of, or owns Covered Software.
10 |
11 | 1.2. "Contributor Version"
12 | means the combination of the Contributions of others (if any) used
13 | by a Contributor and that particular Contributor's Contribution.
14 |
15 | 1.3. "Contribution"
16 | means Covered Software of a particular Contributor.
17 |
18 | 1.4. "Covered Software"
19 | means Source Code Form to which the initial Contributor has attached
20 | the notice in Exhibit A, the Executable Form of such Source Code
21 | Form, and Modifications of such Source Code Form, in each case
22 | including portions thereof.
23 |
24 | 1.5. "Incompatible With Secondary Licenses"
25 | means
26 |
27 | (a) that the initial Contributor has attached the notice described
28 | in Exhibit B to the Covered Software; or
29 |
30 | (b) that the Covered Software was made available under the terms of
31 | version 1.1 or earlier of the License, but not also under the
32 | terms of a Secondary License.
33 |
34 | 1.6. "Executable Form"
35 | means any form of the work other than Source Code Form.
36 |
37 | 1.7. "Larger Work"
38 | means a work that combines Covered Software with other material, in
39 | a separate file or files, that is not Covered Software.
40 |
41 | 1.8. "License"
42 | means this document.
43 |
44 | 1.9. "Licensable"
45 | means having the right to grant, to the maximum extent possible,
46 | whether at the time of the initial grant or subsequently, any and
47 | all of the rights conveyed by this License.
48 |
49 | 1.10. "Modifications"
50 | means any of the following:
51 |
52 | (a) any file in Source Code Form that results from an addition to,
53 | deletion from, or modification of the contents of Covered
54 | Software; or
55 |
56 | (b) any new file in Source Code Form that contains any Covered
57 | Software.
58 |
59 | 1.11. "Patent Claims" of a Contributor
60 | means any patent claim(s), including without limitation, method,
61 | process, and apparatus claims, in any patent Licensable by such
62 | Contributor that would be infringed, but for the grant of the
63 | License, by the making, using, selling, offering for sale, having
64 | made, import, or transfer of either its Contributions or its
65 | Contributor Version.
66 |
67 | 1.12. "Secondary License"
68 | means either the GNU General Public License, Version 2.0, the GNU
69 | Lesser General Public License, Version 2.1, the GNU Affero General
70 | Public License, Version 3.0, or any later versions of those
71 | licenses.
72 |
73 | 1.13. "Source Code Form"
74 | means the form of the work preferred for making modifications.
75 |
76 | 1.14. "You" (or "Your")
77 | means an individual or a legal entity exercising rights under this
78 | License. For legal entities, "You" includes any entity that
79 | controls, is controlled by, or is under common control with You. For
80 | purposes of this definition, "control" means (a) the power, direct
81 | or indirect, to cause the direction or management of such entity,
82 | whether by contract or otherwise, or (b) ownership of more than
83 | fifty percent (50%) of the outstanding shares or beneficial
84 | ownership of such entity.
85 |
86 | 2. License Grants and Conditions
87 | --------------------------------
88 |
89 | 2.1. Grants
90 |
91 | Each Contributor hereby grants You a world-wide, royalty-free,
92 | non-exclusive license:
93 |
94 | (a) under intellectual property rights (other than patent or trademark)
95 | Licensable by such Contributor to use, reproduce, make available,
96 | modify, display, perform, distribute, and otherwise exploit its
97 | Contributions, either on an unmodified basis, with Modifications, or
98 | as part of a Larger Work; and
99 |
100 | (b) under Patent Claims of such Contributor to make, use, sell, offer
101 | for sale, have made, import, and otherwise transfer either its
102 | Contributions or its Contributor Version.
103 |
104 | 2.2. Effective Date
105 |
106 | The licenses granted in Section 2.1 with respect to any Contribution
107 | become effective for each Contribution on the date the Contributor first
108 | distributes such Contribution.
109 |
110 | 2.3. Limitations on Grant Scope
111 |
112 | The licenses granted in this Section 2 are the only rights granted under
113 | this License. No additional rights or licenses will be implied from the
114 | distribution or licensing of Covered Software under this License.
115 | Notwithstanding Section 2.1(b) above, no patent license is granted by a
116 | Contributor:
117 |
118 | (a) for any code that a Contributor has removed from Covered Software;
119 | or
120 |
121 | (b) for infringements caused by: (i) Your and any other third party's
122 | modifications of Covered Software, or (ii) the combination of its
123 | Contributions with other software (except as part of its Contributor
124 | Version); or
125 |
126 | (c) under Patent Claims infringed by Covered Software in the absence of
127 | its Contributions.
128 |
129 | This License does not grant any rights in the trademarks, service marks,
130 | or logos of any Contributor (except as may be necessary to comply with
131 | the notice requirements in Section 3.4).
132 |
133 | 2.4. Subsequent Licenses
134 |
135 | No Contributor makes additional grants as a result of Your choice to
136 | distribute the Covered Software under a subsequent version of this
137 | License (see Section 10.2) or under the terms of a Secondary License (if
138 | permitted under the terms of Section 3.3).
139 |
140 | 2.5. Representation
141 |
142 | Each Contributor represents that the Contributor believes its
143 | Contributions are its original creation(s) or it has sufficient rights
144 | to grant the rights to its Contributions conveyed by this License.
145 |
146 | 2.6. Fair Use
147 |
148 | This License is not intended to limit any rights You have under
149 | applicable copyright doctrines of fair use, fair dealing, or other
150 | equivalents.
151 |
152 | 2.7. Conditions
153 |
154 | Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
155 | in Section 2.1.
156 |
157 | 3. Responsibilities
158 | -------------------
159 |
160 | 3.1. Distribution of Source Form
161 |
162 | All distribution of Covered Software in Source Code Form, including any
163 | Modifications that You create or to which You contribute, must be under
164 | the terms of this License. You must inform recipients that the Source
165 | Code Form of the Covered Software is governed by the terms of this
166 | License, and how they can obtain a copy of this License. You may not
167 | attempt to alter or restrict the recipients' rights in the Source Code
168 | Form.
169 |
170 | 3.2. Distribution of Executable Form
171 |
172 | If You distribute Covered Software in Executable Form then:
173 |
174 | (a) such Covered Software must also be made available in Source Code
175 | Form, as described in Section 3.1, and You must inform recipients of
176 | the Executable Form how they can obtain a copy of such Source Code
177 | Form by reasonable means in a timely manner, at a charge no more
178 | than the cost of distribution to the recipient; and
179 |
180 | (b) You may distribute such Executable Form under the terms of this
181 | License, or sublicense it under different terms, provided that the
182 | license for the Executable Form does not attempt to limit or alter
183 | the recipients' rights in the Source Code Form under this License.
184 |
185 | 3.3. Distribution of a Larger Work
186 |
187 | You may create and distribute a Larger Work under terms of Your choice,
188 | provided that You also comply with the requirements of this License for
189 | the Covered Software. If the Larger Work is a combination of Covered
190 | Software with a work governed by one or more Secondary Licenses, and the
191 | Covered Software is not Incompatible With Secondary Licenses, this
192 | License permits You to additionally distribute such Covered Software
193 | under the terms of such Secondary License(s), so that the recipient of
194 | the Larger Work may, at their option, further distribute the Covered
195 | Software under the terms of either this License or such Secondary
196 | License(s).
197 |
198 | 3.4. Notices
199 |
200 | You may not remove or alter the substance of any license notices
201 | (including copyright notices, patent notices, disclaimers of warranty,
202 | or limitations of liability) contained within the Source Code Form of
203 | the Covered Software, except that You may alter any license notices to
204 | the extent required to remedy known factual inaccuracies.
205 |
206 | 3.5. Application of Additional Terms
207 |
208 | You may choose to offer, and to charge a fee for, warranty, support,
209 | indemnity or liability obligations to one or more recipients of Covered
210 | Software. However, You may do so only on Your own behalf, and not on
211 | behalf of any Contributor. You must make it absolutely clear that any
212 | such warranty, support, indemnity, or liability obligation is offered by
213 | You alone, and You hereby agree to indemnify every Contributor for any
214 | liability incurred by such Contributor as a result of warranty, support,
215 | indemnity or liability terms You offer. You may include additional
216 | disclaimers of warranty and limitations of liability specific to any
217 | jurisdiction.
218 |
219 | 4. Inability to Comply Due to Statute or Regulation
220 | ---------------------------------------------------
221 |
222 | If it is impossible for You to comply with any of the terms of this
223 | License with respect to some or all of the Covered Software due to
224 | statute, judicial order, or regulation then You must: (a) comply with
225 | the terms of this License to the maximum extent possible; and (b)
226 | describe the limitations and the code they affect. Such description must
227 | be placed in a text file included with all distributions of the Covered
228 | Software under this License. Except to the extent prohibited by statute
229 | or regulation, such description must be sufficiently detailed for a
230 | recipient of ordinary skill to be able to understand it.
231 |
232 | 5. Termination
233 | --------------
234 |
235 | 5.1. The rights granted under this License will terminate automatically
236 | if You fail to comply with any of its terms. However, if You become
237 | compliant, then the rights granted under this License from a particular
238 | Contributor are reinstated (a) provisionally, unless and until such
239 | Contributor explicitly and finally terminates Your grants, and (b) on an
240 | ongoing basis, if such Contributor fails to notify You of the
241 | non-compliance by some reasonable means prior to 60 days after You have
242 | come back into compliance. Moreover, Your grants from a particular
243 | Contributor are reinstated on an ongoing basis if such Contributor
244 | notifies You of the non-compliance by some reasonable means, this is the
245 | first time You have received notice of non-compliance with this License
246 | from such Contributor, and You become compliant prior to 30 days after
247 | Your receipt of the notice.
248 |
249 | 5.2. If You initiate litigation against any entity by asserting a patent
250 | infringement claim (excluding declaratory judgment actions,
251 | counter-claims, and cross-claims) alleging that a Contributor Version
252 | directly or indirectly infringes any patent, then the rights granted to
253 | You by any and all Contributors for the Covered Software under Section
254 | 2.1 of this License shall terminate.
255 |
256 | 5.3. In the event of termination under Sections 5.1 or 5.2 above, all
257 | end user license agreements (excluding distributors and resellers) which
258 | have been validly granted by You or Your distributors under this License
259 | prior to termination shall survive termination.
260 |
261 | ************************************************************************
262 | * *
263 | * 6. Disclaimer of Warranty *
264 | * ------------------------- *
265 | * *
266 | * Covered Software is provided under this License on an "as is" *
267 | * basis, without warranty of any kind, either expressed, implied, or *
268 | * statutory, including, without limitation, warranties that the *
269 | * Covered Software is free of defects, merchantable, fit for a *
270 | * particular purpose or non-infringing. The entire risk as to the *
271 | * quality and performance of the Covered Software is with You. *
272 | * Should any Covered Software prove defective in any respect, You *
273 | * (not any Contributor) assume the cost of any necessary servicing, *
274 | * repair, or correction. This disclaimer of warranty constitutes an *
275 | * essential part of this License. No use of any Covered Software is *
276 | * authorized under this License except under this disclaimer. *
277 | * *
278 | ************************************************************************
279 |
280 | ************************************************************************
281 | * *
282 | * 7. Limitation of Liability *
283 | * -------------------------- *
284 | * *
285 | * Under no circumstances and under no legal theory, whether tort *
286 | * (including negligence), contract, or otherwise, shall any *
287 | * Contributor, or anyone who distributes Covered Software as *
288 | * permitted above, be liable to You for any direct, indirect, *
289 | * special, incidental, or consequential damages of any character *
290 | * including, without limitation, damages for lost profits, loss of *
291 | * goodwill, work stoppage, computer failure or malfunction, or any *
292 | * and all other commercial damages or losses, even if such party *
293 | * shall have been informed of the possibility of such damages. This *
294 | * limitation of liability shall not apply to liability for death or *
295 | * personal injury resulting from such party's negligence to the *
296 | * extent applicable law prohibits such limitation. Some *
297 | * jurisdictions do not allow the exclusion or limitation of *
298 | * incidental or consequential damages, so this exclusion and *
299 | * limitation may not apply to You. *
300 | * *
301 | ************************************************************************
302 |
303 | 8. Litigation
304 | -------------
305 |
306 | Any litigation relating to this License may be brought only in the
307 | courts of a jurisdiction where the defendant maintains its principal
308 | place of business and such litigation shall be governed by laws of that
309 | jurisdiction, without reference to its conflict-of-law provisions.
310 | Nothing in this Section shall prevent a party's ability to bring
311 | cross-claims or counter-claims.
312 |
313 | 9. Miscellaneous
314 | ----------------
315 |
316 | This License represents the complete agreement concerning the subject
317 | matter hereof. If any provision of this License is held to be
318 | unenforceable, such provision shall be reformed only to the extent
319 | necessary to make it enforceable. Any law or regulation which provides
320 | that the language of a contract shall be construed against the drafter
321 | shall not be used to construe this License against a Contributor.
322 |
323 | 10. Versions of the License
324 | ---------------------------
325 |
326 | 10.1. New Versions
327 |
328 | Mozilla Foundation is the license steward. Except as provided in Section
329 | 10.3, no one other than the license steward has the right to modify or
330 | publish new versions of this License. Each version will be given a
331 | distinguishing version number.
332 |
333 | 10.2. Effect of New Versions
334 |
335 | You may distribute the Covered Software under the terms of the version
336 | of the License under which You originally received the Covered Software,
337 | or under the terms of any subsequent version published by the license
338 | steward.
339 |
340 | 10.3. Modified Versions
341 |
342 | If you create software not governed by this License, and you want to
343 | create a new license for such software, you may create and use a
344 | modified version of this License if you rename the license and remove
345 | any references to the name of the license steward (except to note that
346 | such modified license differs from this License).
347 |
348 | 10.4. Distributing Source Code Form that is Incompatible With Secondary
349 | Licenses
350 |
351 | If You choose to distribute Source Code Form that is Incompatible With
352 | Secondary Licenses under the terms of this version of the License, the
353 | notice described in Exhibit B of this License must be attached.
354 |
355 | Exhibit A - Source Code Form License Notice
356 | -------------------------------------------
357 |
358 | This Source Code Form is subject to the terms of the Mozilla Public
359 | License, v. 2.0. If a copy of the MPL was not distributed with this
360 | file, You can obtain one at http://mozilla.org/MPL/2.0/.
361 |
362 | If it is not possible or desirable to put the notice in a particular
363 | file, then You may include the notice in a location (such as a LICENSE
364 | file in a relevant directory) where a recipient would be likely to look
365 | for such a notice.
366 |
367 | You may add additional accurate notices of copyright ownership.
368 |
369 | Exhibit B - "Incompatible With Secondary Licenses" Notice
370 | ---------------------------------------------------------
371 |
372 | This Source Code Form is "Incompatible With Secondary Licenses", as
373 | defined by the Mozilla Public License, v. 2.0.
374 |
375 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # SimpleAutoItCrypter
2 |
3 | Simple AutoIt crypter
4 |
5 | ## Usage
6 |
7 | 1. Extract the `SCRIPT` resource as `SCRIPT.bin`
8 | 2. Run `encrypt.exe SCRIPT.bin` (optionally change the `encrypt` function)
9 | 3. Replace the `SCRIPT` resource with `SCRIPT.bin.enc`
10 | 4. Change `PSAPI.DLL` in the import directory to `CRYPT.DLL`
11 |
12 | Tool for the job: [CFF Explorer](http://www.ntcore.com/exsuite.php).
13 |
--------------------------------------------------------------------------------
/encrypt/encrypt.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {7F997E69-268F-46CD-B04E-F7678D17B640}
15 | encrypt
16 |
17 |
18 |
19 | Application
20 | true
21 | v120
22 | MultiByte
23 |
24 |
25 | Application
26 | false
27 | v120
28 | true
29 | MultiByte
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 | Level3
45 | Disabled
46 | true
47 |
48 |
49 | true
50 |
51 |
52 |
53 |
54 | Level3
55 | MaxSpeed
56 | true
57 | true
58 | true
59 | MultiThreaded
60 |
61 |
62 | false
63 | true
64 | true
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
--------------------------------------------------------------------------------
/encrypt/encrypt.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/encrypt/encrypt.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/encrypt/main.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include "../test1337/encrypt.h"
5 |
6 | int main(int argc, char* argv[])
7 | {
8 | if(argc < 2)
9 | {
10 | puts("usage: encrypt SCRIPT.bin");
11 | return 0;
12 | }
13 |
14 | FILE* fileptr;
15 | fopen_s(&fileptr, argv[1], "rb");
16 | fseek(fileptr, 0, SEEK_END);
17 | auto filelen = ftell(fileptr);
18 | rewind(fileptr);
19 |
20 | auto buffer = (unsigned char*)malloc((filelen + 1) * sizeof(char));
21 | fread(buffer, filelen, 1, fileptr);
22 | fclose(fileptr);
23 |
24 | encrypt(buffer, filelen);
25 |
26 | auto encname = std::string(argv[1]) + ".enc";
27 | fopen_s(&fileptr, encname.c_str(), "wb");
28 | fwrite(buffer, 1, filelen, fileptr);
29 | fclose(fileptr);
30 |
31 | free(buffer);
32 |
33 | return 0;
34 | }
--------------------------------------------------------------------------------
/test1337.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 2013
4 | VisualStudioVersion = 12.0.40629.0
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crypt", "test1337\test1337.vcxproj", "{D030C707-960B-4D2C-9BE9-E645F78F30F0}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "encrypt", "encrypt\encrypt.vcxproj", "{7F997E69-268F-46CD-B04E-F7678D17B640}"
9 | EndProject
10 | Global
11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | Debug|Win32 = Debug|Win32
13 | Debug|x64 = Debug|x64
14 | Release|Win32 = Release|Win32
15 | Release|x64 = Release|x64
16 | EndGlobalSection
17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
18 | {D030C707-960B-4D2C-9BE9-E645F78F30F0}.Debug|Win32.ActiveCfg = Debug|Win32
19 | {D030C707-960B-4D2C-9BE9-E645F78F30F0}.Debug|Win32.Build.0 = Debug|Win32
20 | {D030C707-960B-4D2C-9BE9-E645F78F30F0}.Debug|x64.ActiveCfg = Debug|x64
21 | {D030C707-960B-4D2C-9BE9-E645F78F30F0}.Debug|x64.Build.0 = Debug|x64
22 | {D030C707-960B-4D2C-9BE9-E645F78F30F0}.Release|Win32.ActiveCfg = Release|Win32
23 | {D030C707-960B-4D2C-9BE9-E645F78F30F0}.Release|Win32.Build.0 = Release|Win32
24 | {D030C707-960B-4D2C-9BE9-E645F78F30F0}.Release|x64.ActiveCfg = Release|x64
25 | {D030C707-960B-4D2C-9BE9-E645F78F30F0}.Release|x64.Build.0 = Release|x64
26 | {7F997E69-268F-46CD-B04E-F7678D17B640}.Debug|Win32.ActiveCfg = Debug|Win32
27 | {7F997E69-268F-46CD-B04E-F7678D17B640}.Debug|Win32.Build.0 = Debug|Win32
28 | {7F997E69-268F-46CD-B04E-F7678D17B640}.Debug|x64.ActiveCfg = Debug|Win32
29 | {7F997E69-268F-46CD-B04E-F7678D17B640}.Release|Win32.ActiveCfg = Release|Win32
30 | {7F997E69-268F-46CD-B04E-F7678D17B640}.Release|Win32.Build.0 = Release|Win32
31 | {7F997E69-268F-46CD-B04E-F7678D17B640}.Release|x64.ActiveCfg = Release|Win32
32 | EndGlobalSection
33 | GlobalSection(SolutionProperties) = preSolution
34 | HideSolutionNode = FALSE
35 | EndGlobalSection
36 | EndGlobal
37 |
--------------------------------------------------------------------------------
/test1337/encrypt.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | inline void encrypt(unsigned char* data, size_t size)
4 | {
5 | for(size_t i = 0; i < size; i++)
6 | data[i] = ~data[i];
7 | }
8 |
9 | inline void decrypt(unsigned char* data, size_t size)
10 | {
11 | encrypt(data, size);
12 | }
--------------------------------------------------------------------------------
/test1337/hwbp.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include
4 |
5 | enum HWBP_MODE
6 | {
7 | MODE_DISABLED = 0, //00
8 | MODE_LOCAL = 1, //01
9 | MODE_GLOBAL = 2 //10
10 | };
11 |
12 | enum HWBP_TYPE
13 | {
14 | TYPE_EXECUTE = 0, //00
15 | TYPE_WRITE = 1, //01
16 | TYPE_READWRITE = 3 //11
17 | };
18 |
19 | enum HWBP_SIZE
20 | {
21 | SIZE_1 = 0, //00
22 | SIZE_2 = 1, //01
23 | SIZE_8 = 2, //10
24 | SIZE_4 = 3 //11
25 | };
26 |
27 | #pragma pack(1)
28 | struct DR7
29 | {
30 | BYTE HWBP_MODE[4];
31 | BYTE HWBP_TYPE[4];
32 | BYTE HWBP_SIZE[4];
33 | };
34 |
35 | #define BITSET(a,x) (a|=1<HWBP_MODE[0], 0))
44 | BITSET(ret, 0);
45 | if(BITGET(dr7->HWBP_MODE[0], 1))
46 | BITSET(ret, 1);
47 | if(BITGET(dr7->HWBP_MODE[1], 0))
48 | BITSET(ret, 2);
49 | if(BITGET(dr7->HWBP_MODE[1], 1))
50 | BITSET(ret, 3);
51 | if(BITGET(dr7->HWBP_MODE[2], 0))
52 | BITSET(ret, 4);
53 | if(BITGET(dr7->HWBP_MODE[2], 1))
54 | BITSET(ret, 5);
55 | if(BITGET(dr7->HWBP_MODE[3], 0))
56 | BITSET(ret, 6);
57 | if(BITGET(dr7->HWBP_MODE[3], 1))
58 | BITSET(ret, 7);
59 | if(BITGET(dr7->HWBP_TYPE[0], 0))
60 | BITSET(ret, 16);
61 | if(BITGET(dr7->HWBP_TYPE[0], 1))
62 | BITSET(ret, 17);
63 | if(BITGET(dr7->HWBP_SIZE[0], 0))
64 | BITSET(ret, 18);
65 | if(BITGET(dr7->HWBP_SIZE[0], 1))
66 | BITSET(ret, 19);
67 | if(BITGET(dr7->HWBP_TYPE[1], 0))
68 | BITSET(ret, 20);
69 | if(BITGET(dr7->HWBP_TYPE[1], 1))
70 | BITSET(ret, 21);
71 | if(BITGET(dr7->HWBP_SIZE[1], 0))
72 | BITSET(ret, 22);
73 | if(BITGET(dr7->HWBP_SIZE[1], 1))
74 | BITSET(ret, 23);
75 | if(BITGET(dr7->HWBP_TYPE[2], 0))
76 | BITSET(ret, 24);
77 | if(BITGET(dr7->HWBP_TYPE[2], 1))
78 | BITSET(ret, 25);
79 | if(BITGET(dr7->HWBP_SIZE[2], 0))
80 | BITSET(ret, 26);
81 | if(BITGET(dr7->HWBP_SIZE[2], 1))
82 | BITSET(ret, 27);
83 | if(BITGET(dr7->HWBP_TYPE[3], 0))
84 | BITSET(ret, 28);
85 | if(BITGET(dr7->HWBP_TYPE[3], 1))
86 | BITSET(ret, 29);
87 | if(BITGET(dr7->HWBP_SIZE[3], 0))
88 | BITSET(ret, 30);
89 | if(BITGET(dr7->HWBP_SIZE[3], 1))
90 | BITSET(ret, 31);
91 | return ret;
92 | }
93 |
94 | inline void uintdr7(ULONG_PTR dr7, DR7* ret)
95 | {
96 | memset(ret, 0, sizeof(DR7));
97 | if(BITGET(dr7, 0))
98 | BITSET(ret->HWBP_MODE[0], 0);
99 | if(BITGET(dr7, 1))
100 | BITSET(ret->HWBP_MODE[0], 1);
101 | if(BITGET(dr7, 2))
102 | BITSET(ret->HWBP_MODE[1], 0);
103 | if(BITGET(dr7, 3))
104 | BITSET(ret->HWBP_MODE[1], 1);
105 | if(BITGET(dr7, 4))
106 | BITSET(ret->HWBP_MODE[2], 0);
107 | if(BITGET(dr7, 5))
108 | BITSET(ret->HWBP_MODE[2], 1);
109 | if(BITGET(dr7, 6))
110 | BITSET(ret->HWBP_MODE[3], 0);
111 | if(BITGET(dr7, 7))
112 | BITSET(ret->HWBP_MODE[3], 1);
113 | if(BITGET(dr7, 16))
114 | BITSET(ret->HWBP_TYPE[0], 0);
115 | if(BITGET(dr7, 17))
116 | BITSET(ret->HWBP_TYPE[0], 1);
117 | if(BITGET(dr7, 18))
118 | BITSET(ret->HWBP_SIZE[0], 0);
119 | if(BITGET(dr7, 19))
120 | BITSET(ret->HWBP_SIZE[0], 1);
121 | if(BITGET(dr7, 20))
122 | BITSET(ret->HWBP_TYPE[1], 0);
123 | if(BITGET(dr7, 21))
124 | BITSET(ret->HWBP_TYPE[1], 1);
125 | if(BITGET(dr7, 22))
126 | BITSET(ret->HWBP_SIZE[1], 0);
127 | if(BITGET(dr7, 23))
128 | BITSET(ret->HWBP_SIZE[1], 1);
129 | if(BITGET(dr7, 24))
130 | BITSET(ret->HWBP_TYPE[2], 0);
131 | if(BITGET(dr7, 25))
132 | BITSET(ret->HWBP_TYPE[2], 1);
133 | if(BITGET(dr7, 26))
134 | BITSET(ret->HWBP_SIZE[2], 0);
135 | if(BITGET(dr7, 27))
136 | BITSET(ret->HWBP_SIZE[2], 1);
137 | if(BITGET(dr7, 28))
138 | BITSET(ret->HWBP_TYPE[3], 0);
139 | if(BITGET(dr7, 29))
140 | BITSET(ret->HWBP_TYPE[3], 1);
141 | if(BITGET(dr7, 30))
142 | BITSET(ret->HWBP_SIZE[3], 0);
143 | if(BITGET(dr7, 31))
144 | BITSET(ret->HWBP_SIZE[3], 1);
145 | }
146 |
147 | inline bool hwbpSet(HANDLE hThread, ULONG_PTR hwbpAddr, int hwbpIndex, HWBP_TYPE hwbpType, HWBP_SIZE hwbpSize)
148 | {
149 | switch(hwbpSize)
150 | {
151 | case SIZE_1:
152 | break;
153 | case SIZE_2:
154 | if((hwbpAddr % 2) != 0)
155 | return false;
156 | break;
157 | case SIZE_4:
158 | if((hwbpAddr % 4) != 0)
159 | return false;
160 | break;
161 | case SIZE_8:
162 | if((hwbpAddr % 8) != 0)
163 | return false;
164 | break;
165 | default:
166 | return false;
167 | }
168 |
169 | CONTEXT DBGContext;
170 | DBGContext.ContextFlags = CONTEXT_DEBUG_REGISTERS;
171 |
172 | if(!GetThreadContext(hThread, &DBGContext))
173 | return false;
174 |
175 | DR7 dr7;
176 | uintdr7((ULONG_PTR)DBGContext.Dr7, &dr7);
177 |
178 | dr7.HWBP_MODE[hwbpIndex] = MODE_LOCAL;
179 | dr7.HWBP_SIZE[hwbpIndex] = hwbpSize;
180 | dr7.HWBP_TYPE[hwbpIndex] = hwbpType;
181 |
182 | DBGContext.Dr7 = (ULONG_PTR)dr7uint(&dr7);
183 |
184 | switch(hwbpIndex)
185 | {
186 | case 0:
187 | DBGContext.Dr0 = (ULONG_PTR)hwbpAddr;
188 | break;
189 | case 1:
190 | DBGContext.Dr1 = (ULONG_PTR)hwbpAddr;
191 | break;
192 | case 2:
193 | DBGContext.Dr2 = (ULONG_PTR)hwbpAddr;
194 | break;
195 | case 3:
196 | DBGContext.Dr3 = (ULONG_PTR)hwbpAddr;
197 | break;
198 | default:
199 | return false;
200 | }
201 |
202 | if(!SetThreadContext(hThread, &DBGContext))
203 | return false;
204 | return true;
205 | }
206 |
207 | inline bool hwbpDel(HANDLE hThread, int hwbpIndex)
208 | {
209 | CONTEXT DBGContext;
210 | DBGContext.ContextFlags = CONTEXT_DEBUG_REGISTERS;
211 |
212 | if(!GetThreadContext(hThread, &DBGContext))
213 | return false;
214 |
215 | DR7 dr7;
216 | uintdr7((ULONG_PTR)DBGContext.Dr7, &dr7);
217 |
218 | dr7.HWBP_MODE[hwbpIndex] = MODE_DISABLED;
219 | dr7.HWBP_SIZE[hwbpIndex] = SIZE_1;
220 | dr7.HWBP_TYPE[hwbpIndex] = TYPE_EXECUTE;
221 |
222 | DBGContext.Dr7 = (ULONG_PTR)dr7uint(&dr7);
223 |
224 | switch(hwbpIndex)
225 | {
226 | case 0:
227 | DBGContext.Dr0 = 0;
228 | break;
229 | case 1:
230 | DBGContext.Dr1 = 0;
231 | break;
232 | case 2:
233 | DBGContext.Dr2 = 0;
234 | break;
235 | case 3:
236 | DBGContext.Dr3 = 0;
237 | break;
238 | default:
239 | return false;
240 | }
241 |
242 | if(!SetThreadContext(hThread, &DBGContext))
243 | return false;
244 |
245 | return true;
246 | }
--------------------------------------------------------------------------------
/test1337/test1337.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include "encrypt.h"
3 | #include "hwbp.h"
4 |
5 | //#pragma comment(linker, "/export:EmptyWorkingSet=PSAPI.EmptyWorkingSet")
6 | //#pragma comment(linker, "/export:EnumDeviceDrivers=PSAPI.EnumDeviceDrivers")
7 | //#pragma comment(linker, "/export:EnumPageFilesA=PSAPI.EnumPageFilesA")
8 | //#pragma comment(linker, "/export:EnumPageFilesW=PSAPI.EnumPageFilesW")
9 | //#pragma comment(linker, "/export:EnumProcesses=PSAPI.EnumProcesses")
10 | //#pragma comment(linker, "/export:EnumProcessModules=PSAPI.EnumProcessModules")
11 | //#pragma comment(linker, "/export:GetDeviceDriverBaseNameA=PSAPI.GetDeviceDriverBaseNameA")
12 | //#pragma comment(linker, "/export:GetDeviceDriverBaseNameW=PSAPI.GetDeviceDriverBaseNameW")
13 | //#pragma comment(linker, "/export:GetDeviceDriverFileNameA=PSAPI.GetDeviceDriverFileNameA")
14 | //#pragma comment(linker, "/export:GetDeviceDriverFileNameW=PSAPI.GetDeviceDriverFileNameW")
15 | //#pragma comment(linker, "/export:GetMappedFileNameA=PSAPI.GetMappedFileNameA")
16 | //#pragma comment(linker, "/export:GetMappedFileNameW=PSAPI.GetMappedFileNameW")
17 | //#pragma comment(linker, "/export:GetModuleBaseNameA=PSAPI.GetModuleBaseNameA")
18 | //#pragma comment(linker, "/export:GetModuleBaseNameW=PSAPI.GetModuleBaseNameW")
19 | //#pragma comment(linker, "/export:GetModuleFileNameExA=PSAPI.GetModuleFileNameExA")
20 | //#pragma comment(linker, "/export:GetModuleFileNameExW=PSAPI.GetModuleFileNameExW")
21 | //#pragma comment(linker, "/export:GetModuleInformation=PSAPI.GetModuleInformation")
22 | //#pragma comment(linker, "/export:GetPerformanceInfo=PSAPI.GetPerformanceInfo")
23 | //#pragma comment(linker, "/export:GetProcessImageFileNameA=PSAPI.GetProcessImageFileNameA")
24 | //#pragma comment(linker, "/export:GetProcessImageFileNameW=PSAPI.GetProcessImageFileNameW")
25 | #pragma comment(linker, "/export:GetProcessMemoryInfo=PSAPI.GetProcessMemoryInfo")
26 | //#pragma comment(linker, "/export:GetWsChanges=PSAPI.GetWsChanges")
27 | //#pragma comment(linker, "/export:InitializeProcessForWsWatch=PSAPI.InitializeProcessForWsWatch")
28 | //#pragma comment(linker, "/export:QueryWorkingSet=PSAPI.QueryWorkingSet")
29 |
30 | static ULONG_PTR hwidAddr = 0;
31 | static wchar_t tempPath[MAX_PATH] = L"";
32 | static int tempPathLen;
33 |
34 | static bool match(const wchar_t* a, const wchar_t* b, size_t s)
35 | {
36 | for(size_t i = 0; i < s; i++)
37 | if(a[i] != b[i])
38 | return false;
39 | return true;
40 | }
41 |
42 | static LONG CALLBACK VectoredHandler(PEXCEPTION_POINTERS ExceptionInfo)
43 | {
44 | static bool bRestoreHardwareBreakpoint = false;
45 | static ULONG_PTR dr7backup = 0;
46 | DWORD ExceptionCode = ExceptionInfo->ExceptionRecord->ExceptionCode;
47 | if(ExceptionCode == DBG_PRINTEXCEPTION_C)
48 | return EXCEPTION_CONTINUE_SEARCH;
49 | if(ExceptionCode == EXCEPTION_SINGLE_STEP)
50 | {
51 | if(bRestoreHardwareBreakpoint)
52 | {
53 | bRestoreHardwareBreakpoint = false;
54 | ExceptionInfo->ContextRecord->Dr7 = dr7backup;
55 | return EXCEPTION_CONTINUE_EXECUTION;
56 | }
57 | if(ULONG_PTR(ExceptionInfo->ExceptionRecord->ExceptionAddress) == hwidAddr)
58 | {
59 | #ifdef _WIN64
60 | auto arg = (wchar_t*)ExceptionInfo->ContextRecord->Rcx;
61 | #else
62 | auto arg = *(wchar_t**)(ExceptionInfo->ContextRecord->Esp + 4);
63 | #endif //_WIN64
64 | if(match(arg, tempPath, tempPathLen))
65 | *arg = L'\0';
66 | else
67 | {
68 | dr7backup = ExceptionInfo->ContextRecord->Dr7;
69 | ExceptionInfo->ContextRecord->Dr7 = 0;
70 | bRestoreHardwareBreakpoint = true;
71 | ExceptionInfo->ContextRecord->EFlags |= 0x100; //TRAP_FLAG
72 | }
73 | return EXCEPTION_CONTINUE_EXECUTION;
74 | }
75 | }
76 | return EXCEPTION_CONTINUE_SEARCH;
77 | }
78 |
79 | extern "C"
80 | _Ret_maybenull_
81 | HRSRC
82 | WINAPI
83 | FindResourceExW_hook(
84 | _In_opt_ HMODULE hModule,
85 | _In_ LPCWSTR lpType,
86 | _In_ LPCWSTR lpName,
87 | _In_ WORD wLanguage
88 | )
89 | {
90 | static auto decrypted = false;
91 | auto hResInfo = FindResourceExW(hModule, lpType, lpName, wLanguage);
92 | if(!memcmp(lpName, L"SCRIPT", sizeof(L"SCRIPT")) && !decrypted)
93 | {
94 | decrypted = true;
95 | auto size = SizeofResource(hModule, hResInfo);
96 | auto data = LockResource(LoadResource(hModule, hResInfo));
97 | DWORD old;
98 | VirtualProtect(data, size, PAGE_READWRITE, &old);
99 | decrypt((unsigned char*)data, size);
100 | VirtualProtect(data, size, old, &old);
101 | }
102 | return hResInfo;
103 | }
104 |
105 | BOOL WINAPI DllMain(
106 | _In_ HINSTANCE hinstDLL,
107 | _In_ DWORD fdwReason,
108 | _In_ LPVOID lpvReserved
109 | )
110 | {
111 | if(fdwReason == DLL_PROCESS_ATTACH)
112 | {
113 | void* frex = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "FindResourceExW");
114 | auto lol = (void**)GetModuleHandleW(nullptr);
115 | while(*lol != frex)
116 | lol++;
117 |
118 | DWORD old;
119 | VirtualProtect(lol, sizeof(void*), PAGE_READWRITE, &old);
120 | *lol = FindResourceExW_hook;
121 | VirtualProtect(lol, sizeof(void*), old, &old);
122 |
123 | tempPathLen = GetTempPathW(MAX_PATH, tempPath);
124 | AddVectoredExceptionHandler(1, VectoredHandler);
125 | hwidAddr = ULONG_PTR(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "LoadLibraryW"));
126 | hwbpSet(GetCurrentThread(), hwidAddr, 0, TYPE_EXECUTE, SIZE_1);
127 | }
128 | return TRUE;
129 | }
--------------------------------------------------------------------------------
/test1337/test1337.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Debug
10 | x64
11 |
12 |
13 | Release
14 | Win32
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {D030C707-960B-4D2C-9BE9-E645F78F30F0}
23 | test1337
24 | crypt
25 |
26 |
27 |
28 | DynamicLibrary
29 | true
30 | v120
31 | MultiByte
32 |
33 |
34 | DynamicLibrary
35 | true
36 | v120
37 | MultiByte
38 |
39 |
40 | DynamicLibrary
41 | false
42 | v120
43 | true
44 | MultiByte
45 |
46 |
47 | DynamicLibrary
48 | false
49 | v120
50 | true
51 | MultiByte
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 | Level3
73 | Disabled
74 | true
75 |
76 |
77 | true
78 |
79 |
80 |
81 |
82 | Level3
83 | Disabled
84 | true
85 |
86 |
87 | true
88 |
89 |
90 |
91 |
92 | Level3
93 | MaxSpeed
94 | true
95 | true
96 |
97 |
98 | MultiThreaded
99 | false
100 |
101 |
102 | false
103 | true
104 | true
105 | true
106 | DllMain
107 |
108 |
109 |
110 |
111 | Level3
112 | MaxSpeed
113 | true
114 | true
115 |
116 |
117 | MultiThreaded
118 | false
119 |
120 |
121 | false
122 | true
123 | true
124 | true
125 | DllMain
126 |
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 |
138 |
--------------------------------------------------------------------------------
/test1337/test1337.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 | Header Files
28 |
29 |
30 |
--------------------------------------------------------------------------------
/test1337/test1337.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------