├── Dotfuscator_x86.sln
├── README.md
├── main
├── Dotfuscator.cpp
├── Dotfuscator.h
└── Dotfuscator.vcxproj
└── test
├── Resource.h
├── StdAfx.cpp
├── StdAfx.h
├── test.cpp
├── test.h
├── test.rc
├── test.vcxproj
└── test.vcxproj.filters
/Dotfuscator_x86.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 11.00
3 | # Visual Studio 2010
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Dotfuscator", "main\Dotfuscator.vcxproj", "{A337BFBC-BE7C-4380-A0C1-BE073AC066B0}"
5 | EndProject
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test", "test\test.vcxproj", "{0095BFF1-7AA8-43B4-96E0-79C9A27DE6B6}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Win32 = Debug|Win32
11 | Release|Win32 = Release|Win32
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {A337BFBC-BE7C-4380-A0C1-BE073AC066B0}.Debug|Win32.ActiveCfg = Debug|Win32
15 | {A337BFBC-BE7C-4380-A0C1-BE073AC066B0}.Debug|Win32.Build.0 = Debug|Win32
16 | {A337BFBC-BE7C-4380-A0C1-BE073AC066B0}.Release|Win32.ActiveCfg = Release|Win32
17 | {A337BFBC-BE7C-4380-A0C1-BE073AC066B0}.Release|Win32.Build.0 = Release|Win32
18 | {0095BFF1-7AA8-43B4-96E0-79C9A27DE6B6}.Debug|Win32.ActiveCfg = Release|Win32
19 | {0095BFF1-7AA8-43B4-96E0-79C9A27DE6B6}.Debug|Win32.Build.0 = Release|Win32
20 | {0095BFF1-7AA8-43B4-96E0-79C9A27DE6B6}.Release|Win32.ActiveCfg = Release|Win32
21 | {0095BFF1-7AA8-43B4-96E0-79C9A27DE6B6}.Release|Win32.Build.0 = Release|Win32
22 | EndGlobalSection
23 | GlobalSection(SolutionProperties) = preSolution
24 | HideSolutionNode = FALSE
25 | EndGlobalSection
26 | EndGlobal
27 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Dotfuscator_x86
2 |
3 | 这是一个32位windows下x86指令集的扭曲加密小工具,这个小工具是2008年做的,当时因为需要给开发的windows驱动进行一些防护,防止其他人逆向,当时能给驱动加壳的软件还不是很多,比较厉害的就是刘涛涛的扭曲加密,不过因为各种原因最后在高人的指点下自己弄了个简单的代码扭曲加密小工具用于驱动代码的保护,虽然远远谈不上完美,但是勉强也能用,呵呵。
4 |
5 | 因为年代久远有些细节也记不清楚了,基本思路就是比如将jmp会替成 jnz xxx jz xxx, call变成push xxx,jmp target这种代码,然后可以通过多次循环变换将生成的代码进一步进行分解变换以提高代码扭曲的程度。需要扭曲加密的代码块在编译前用宏 START_MUTATE() 和 END_MUTATE() 包裹住。比如:
6 |
7 | START_MUTATE()
8 |
9 | some code....
10 |
11 | END_MUTATE()
12 |
13 | 执行Dotfuscator.exe输出如下:
14 |
15 | Dotfuscator 1.0
16 | ---------------
17 | Usage:
18 | Dotfuscator exefile [-m{n}] [-o{outfile}]
19 | -m Mutate times
20 | -o Output file
21 |
22 |
23 | 比如 Dotfuscator.exe test.exe -m3 -o1.exe 将test.exe扭曲加密后输出到新的1.exe,-m3代表循环处理3次,默认是2次,如果处理次数太多,代码会急剧膨胀,并且处理时间会变的很长。
24 |
25 | 最后测试的开发环境是vs2010
26 |
--------------------------------------------------------------------------------
/main/Dotfuscator.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/phonegapX/Dotfuscator_x86/40d2db47bf3cf10465cffc7941fa621d24f675cb/main/Dotfuscator.cpp
--------------------------------------------------------------------------------
/main/Dotfuscator.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #ifdef _DEBUG
4 |
5 | #define START_MUTATE()
6 | #define END_MUTATE()
7 |
8 | #else
9 |
10 | #define START_MUTATE() \
11 | __asm _emit 0xEB \
12 | __asm _emit 0x10 \
13 | __asm _emit 'M' \
14 | __asm _emit 'U' \
15 | __asm _emit 'T' \
16 | __asm _emit 'A' \
17 | __asm _emit 'T' \
18 | __asm _emit 'E' \
19 | __asm _emit '_' \
20 | __asm _emit 'S' \
21 | __asm _emit 'T' \
22 | __asm _emit 'A' \
23 | __asm _emit 'R' \
24 | __asm _emit 'T' \
25 | __asm _emit 0x0 \
26 | __asm _emit 0x0 \
27 | __asm _emit 0x0 \
28 | __asm _emit 0x0 \
29 |
30 | #define END_MUTATE() \
31 | __asm _emit 0xEB \
32 | __asm _emit 0x10 \
33 | __asm _emit 'M' \
34 | __asm _emit 'U' \
35 | __asm _emit 'T' \
36 | __asm _emit 'A' \
37 | __asm _emit 'T' \
38 | __asm _emit 'E' \
39 | __asm _emit '_' \
40 | __asm _emit 'E' \
41 | __asm _emit 'N' \
42 | __asm _emit 'D' \
43 | __asm _emit 0x0 \
44 | __asm _emit 0x0 \
45 | __asm _emit 0x0 \
46 | __asm _emit 0x0 \
47 | __asm _emit 0x0 \
48 | __asm _emit 0x0 \
49 |
50 | #endif
51 |
--------------------------------------------------------------------------------
/main/Dotfuscator.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {A337BFBC-BE7C-4380-A0C1-BE073AC066B0}
15 | Dotfuscator
16 | Win32Proj
17 |
18 |
19 |
20 | Application
21 | Unicode
22 | true
23 |
24 |
25 | Application
26 | Unicode
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 | <_ProjectFileVersion>10.0.40219.1
40 | $(SolutionDir)$(Configuration)\
41 | $(Configuration)\
42 | true
43 | $(SolutionDir)$(Configuration)\
44 | $(Configuration)\
45 | false
46 | AllRules.ruleset
47 |
48 |
49 | AllRules.ruleset
50 |
51 |
52 |
53 |
54 |
55 | Disabled
56 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
57 | true
58 | EnableFastChecks
59 | MultiThreadedDebugDLL
60 |
61 |
62 | Level3
63 | EditAndContinue
64 |
65 |
66 | true
67 | Console
68 | MachineX86
69 |
70 |
71 |
72 |
73 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
74 | MultiThreadedDLL
75 |
76 |
77 | Level3
78 | ProgramDatabase
79 |
80 |
81 | true
82 | Console
83 | true
84 | true
85 | MachineX86
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
--------------------------------------------------------------------------------
/test/Resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by test.rc
4 | //
5 | #define IDS_HELLO 1
6 |
7 | // Next default values for new objects
8 | //
9 | #ifdef APSTUDIO_INVOKED
10 | #ifndef APSTUDIO_READONLY_SYMBOLS
11 | #define _APS_NEXT_RESOURCE_VALUE 101
12 | #define _APS_NEXT_COMMAND_VALUE 40001
13 | #define _APS_NEXT_CONTROL_VALUE 1000
14 | #define _APS_NEXT_SYMED_VALUE 101
15 | #endif
16 | #endif
17 |
--------------------------------------------------------------------------------
/test/StdAfx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // test.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/test/StdAfx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #if !defined(AFX_STDAFX_H__853659DA_79F1_4CAD_B21D_A532DDA087BF__INCLUDED_)
7 | #define AFX_STDAFX_H__853659DA_79F1_4CAD_B21D_A532DDA087BF__INCLUDED_
8 |
9 | #if _MSC_VER > 1000
10 | #pragma once
11 | #endif // _MSC_VER > 1000
12 |
13 | #define VC_EXTRALEAN // Exclude rarely-used stuff from Windows headers
14 |
15 | #include
16 | #include // MFC core and standard components
17 | #include // MFC extensions
18 | #include // MFC support for Internet Explorer 4 Common Controls
19 | #ifndef _AFX_NO_AFXCMN_SUPPORT
20 | #include // MFC support for Windows Common Controls
21 | #endif // _AFX_NO_AFXCMN_SUPPORT
22 |
23 | #include
24 |
25 | // TODO: reference additional headers your program requires here
26 |
27 | //{{AFX_INSERT_LOCATION}}
28 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line.
29 |
30 | #endif // !defined(AFX_STDAFX_H__853659DA_79F1_4CAD_B21D_A532DDA087BF__INCLUDED_)
31 |
--------------------------------------------------------------------------------
/test/test.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/phonegapX/Dotfuscator_x86/40d2db47bf3cf10465cffc7941fa621d24f675cb/test/test.cpp
--------------------------------------------------------------------------------
/test/test.h:
--------------------------------------------------------------------------------
1 |
2 | #if !defined(AFX_TEST_H__7FB99342_4A33_4EE7_8416_641CB00A413E__INCLUDED_)
3 | #define AFX_TEST_H__7FB99342_4A33_4EE7_8416_641CB00A413E__INCLUDED_
4 |
5 | #if _MSC_VER > 1000
6 | #pragma once
7 | #endif // _MSC_VER > 1000
8 |
9 | #include "resource.h"
10 |
11 |
12 | #endif // !defined(AFX_TEST_H__7FB99342_4A33_4EE7_8416_641CB00A413E__INCLUDED_)
13 |
--------------------------------------------------------------------------------
/test/test.rc:
--------------------------------------------------------------------------------
1 | //Microsoft Visual C++ generated resource script.
2 | //
3 | #include "resource.h"
4 |
5 | #define APSTUDIO_READONLY_SYMBOLS
6 | /////////////////////////////////////////////////////////////////////////////
7 | //
8 | // Generated from the TEXTINCLUDE 2 resource.
9 | //
10 | #include "afxres.h"
11 |
12 | /////////////////////////////////////////////////////////////////////////////
13 | #undef APSTUDIO_READONLY_SYMBOLS
14 |
15 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
16 | #ifdef _WIN32
17 | LANGUAGE 4, 2
18 | #pragma code_page(936)
19 | #endif //_WIN32
20 |
21 | #ifdef APSTUDIO_INVOKED
22 | /////////////////////////////////////////////////////////////////////////////
23 | //
24 | // TEXTINCLUDE
25 | //
26 |
27 | 1 TEXTINCLUDE DISCARDABLE
28 | BEGIN
29 | "resource.h\0"
30 | END
31 |
32 | 2 TEXTINCLUDE DISCARDABLE
33 | BEGIN
34 | "#include ""afxres.h""\r\n"
35 | "\0"
36 | END
37 |
38 | 3 TEXTINCLUDE DISCARDABLE
39 | BEGIN
40 | "\r\n"
41 | "\0"
42 | END
43 |
44 | #endif // APSTUDIO_INVOKED
45 |
46 |
47 | /////////////////////////////////////////////////////////////////////////////
48 | //
49 | // String Table
50 | //
51 |
52 | STRINGTABLE DISCARDABLE
53 | BEGIN
54 | IDS_HELLO "Hello from MFC!"
55 | END
56 |
57 | #endif
58 | /////////////////////////////////////////////////////////////////////////////
59 |
60 |
61 |
62 | #ifndef APSTUDIO_INVOKED
63 | /////////////////////////////////////////////////////////////////////////////
64 | //
65 | // Generated from the TEXTINCLUDE 3 resource.
66 | //
67 |
68 |
69 | /////////////////////////////////////////////////////////////////////////////
70 | #endif // not APSTUDIO_INVOKED
71 |
--------------------------------------------------------------------------------
/test/test.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {0095BFF1-7AA8-43B4-96E0-79C9A27DE6B6}
15 | MFCProj
16 |
17 |
18 |
19 | Application
20 | Static
21 | NotSet
22 |
23 |
24 | Application
25 | Dynamic
26 | NotSet
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 | <_ProjectFileVersion>10.0.40219.1
42 | $(SolutionDir)$(Configuration)\
43 | $(Configuration)\
44 | false
45 | $(SolutionDir)$(Configuration)\
46 | $(Configuration)\
47 | true
48 | AllRules.ruleset
49 |
50 |
51 | AllRules.ruleset
52 |
53 |
54 |
55 |
56 |
57 | .\Release/test.tlb
58 |
59 |
60 |
61 |
62 | MaxSpeed
63 | OnlyExplicitInline
64 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
65 | true
66 | MultiThreadedDLL
67 | true
68 | Use
69 | stdafx.h
70 | .\Release/test.pch
71 | .\Release/
72 | .\Release/
73 | .\Release/
74 | Level3
75 |
76 |
77 | NDEBUG;%(PreprocessorDefinitions)
78 | 0x0804
79 |
80 |
81 | kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)
82 | $(OutDir)$(TargetName)$(TargetExt)
83 | .\Release/test.pdb
84 | Console
85 | MachineX86
86 | false
87 |
88 |
89 | true
90 | .\Release/test.bsc
91 |
92 |
93 |
94 |
95 | .\Debug/test.tlb
96 |
97 |
98 |
99 |
100 | Disabled
101 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
102 | true
103 | EnableFastChecks
104 | MultiThreadedDebug
105 | Use
106 | stdafx.h
107 | .\Debug/test.pch
108 | .\Debug/
109 | .\Debug/
110 | .\Debug/
111 | true
112 | Level3
113 | true
114 | EditAndContinue
115 |
116 |
117 | _DEBUG;%(PreprocessorDefinitions)
118 | 0x0804
119 |
120 |
121 | $(OutDir)$(TargetName)$(TargetExt)
122 | true
123 | true
124 | .\Debug/test.pdb
125 | Console
126 | MachineX86
127 | false
128 |
129 |
130 | true
131 | .\Debug/test.bsc
132 |
133 |
134 |
135 |
136 | %(PreprocessorDefinitions)
137 | Create
138 | %(PreprocessorDefinitions)
139 | Create
140 |
141 |
142 | %(PreprocessorDefinitions)
143 | %(PreprocessorDefinitions)
144 |
145 |
146 |
147 |
148 | %(PreprocessorDefinitions)
149 | %(PreprocessorDefinitions)
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
--------------------------------------------------------------------------------
/test/test.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {3831e3d2-c015-48e4-bbf3-8b17c65fc064}
6 | cpp;c;cxx;rc;def;r;odl;idl;hpj;bat
7 |
8 |
9 | {bcad4ceb-2cc8-4772-9e9e-8da49438f807}
10 | h;hpp;hxx;hm;inl
11 |
12 |
13 | {3aa7b85d-a96f-43a2-90db-4b7a6fc9193b}
14 | ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 | Source Files
23 |
24 |
25 |
26 |
27 | Source Files
28 |
29 |
30 |
31 |
32 | Header Files
33 |
34 |
35 | Header Files
36 |
37 |
38 | Header Files
39 |
40 |
41 |
--------------------------------------------------------------------------------