public void WriteLogicalFunctionsToTextSection(xNewPE PE, ref JunkCodeInfo JCI, int Multiplier)
{
string TxtSect = PE.PeDirectory.TextSectionPath.ReadText();
int size_pre_ep = 0;
int size_ep = 0;
int size_post_ep = 0;
int pre_ep_func_cnt = Rand.Next(5 * Multiplier, 10 * Multiplier);
int post_ep_func_cnt = Rand.Next(5 * Multiplier, 10 * Multiplier);
// pre - ep
for (int i = 0; i < pre_ep_func_cnt; i++)
{
int index_of = TxtSect.IndexOf(";[PRE_EP_FUNCTIONS]");
if (index_of > -1)
{
int func_len = Rand.Next(0x120, 0x200);
byte[] func_buffer;
if (Rand.NextDouble() >= 0.5)
func_buffer = new DataConstructor().GenData(func_len, func_len);
else
func_buffer = GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000);
// GenerateLogicalFunction(func_len, 0, 0, 0, 0);//GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000);
// Console.WriteLine("Entropy Func: {0}", calc_entropy(func_buffer));
// pad entropy with zeros after func
//int pad_len = Rand.Next(0x10, 0x25);
//Array.Resize(ref func_buffer, func_buffer.Length + pad_len);
TxtSect = TxtSect.Insert(index_of, func_buffer.ToASMBuffer() + Environment.NewLine);
size_pre_ep += func_buffer.Length;
}
}
JCI.SIZE_PRE_EP_FUNCTIONS = size_pre_ep;
// ep -
{
int index_of = TxtSect.IndexOf(";[EP_FUNCTION]");
if (index_of > -1)
{
int func_len = Rand.Next(0x120, 0x140); // const
byte[] func_buffer = GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000);
// pad entropy with zeros after func
//int pad_len = Rand.Next(0x10, 0x25);
//Array.Resize(ref func_buffer, func_buffer.Length + pad_len);
TxtSect = TxtSect.Insert(index_of, func_buffer.ToASMBuffer() + Environment.NewLine);
size_ep += func_buffer.Length;
}
}
JCI.SIZE_EP_FUNCTION = size_ep;
//// post - ep
for (int i = 0; i < post_ep_func_cnt; i++)
{
int index_of = TxtSect.IndexOf(";[POST_EP_FUNCTIONS]");
if (index_of > -1)
{
int func_len = Rand.Next(0x120, 0x200);
byte[] func_buffer;
if (Rand.NextDouble() >= 0.5)
func_buffer = new DataConstructor().GenData(func_len, func_len);
else
func_buffer = GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000);
// Console.WriteLine("Entropy Func: {0}", calc_entropy(func_buffer));
// pad entropy with zeros after func
//int pad_len = Rand.Next(0x10, 0x25);
//Array.Resize(ref func_buffer, func_buffer.Length + pad_len);
TxtSect = TxtSect.Insert(index_of, func_buffer.ToASMBuffer() + Environment.NewLine);
size_post_ep += func_buffer.Length;
}
}
JCI.SIZE_POST_EP_FUNCTIONS = size_post_ep;
// PAD ENTROPY
//int size_of_entropy_pad = 0x200; ;// ALIGN_UP(Rand.Next(0x200, 0x1000), (int)PE.NtHeader.OptionalHeader.FileAlignment);
//byte[] zero_fill = new byte[0x1000];
//string path_inc = Path.Combine(PE.PeDirectory.IncludeDirectory, "zerofill.bin");
//path_inc.WriteFile(zero_fill);
// JCI.SIZE_ENTROPY_PAD = (size_of_entropy_pad * 2);
if (File.Exists(PE.PeDirectory.TextSectionPath))
File.Delete(PE.PeDirectory.TextSectionPath);
PE.PeDirectory.TextSectionPath.WriteText(TxtSect, StringEncoding.ASCII);
GC.Collect();
}
public void WriteLogicalFunctionsToTextSection(xNewPE PE, ref JunkCodeInfo JCI, int Multiplier)
{
string TxtSect = PE.PeDirectory.TextSectionPath.ReadText();
int size_pre_ep = 0;
int size_ep = 0;
int size_post_ep = 0;
int pre_ep_func_cnt = Rand.Next(5 * Multiplier, 10 * Multiplier);
int post_ep_func_cnt = Rand.Next(5 * Multiplier, 10 * Multiplier);
// pre - ep
for (int i = 0; i < pre_ep_func_cnt; i++)
{
int index_of = TxtSect.IndexOf(";[PRE_EP_FUNCTIONS]");
if (index_of > -1)
{
int func_len = Rand.Next(0x120, 0x200);
byte[] func_buffer;
if (Rand.NextDouble() >= 0.5)
{
func_buffer = new DataConstructor().GenData(func_len, func_len);
}
else
{
func_buffer = GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000);
}
// GenerateLogicalFunction(func_len, 0, 0, 0, 0);//GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000);
// Console.WriteLine("Entropy Func: {0}", calc_entropy(func_buffer));
// pad entropy with zeros after func
//int pad_len = Rand.Next(0x10, 0x25);
//Array.Resize(ref func_buffer, func_buffer.Length + pad_len);
TxtSect = TxtSect.Insert(index_of, func_buffer.ToASMBuffer() + Environment.NewLine);
size_pre_ep += func_buffer.Length;
}
}
JCI.SIZE_PRE_EP_FUNCTIONS = size_pre_ep;
// ep -
{
int index_of = TxtSect.IndexOf(";[EP_FUNCTION]");
if (index_of > -1)
{
int func_len = Rand.Next(0x120, 0x140); // const
byte[] func_buffer = GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000);
// pad entropy with zeros after func
//int pad_len = Rand.Next(0x10, 0x25);
//Array.Resize(ref func_buffer, func_buffer.Length + pad_len);
TxtSect = TxtSect.Insert(index_of, func_buffer.ToASMBuffer() + Environment.NewLine);
size_ep += func_buffer.Length;
}
}
JCI.SIZE_EP_FUNCTION = size_ep;
//// post - ep
for (int i = 0; i < post_ep_func_cnt; i++)
{
int index_of = TxtSect.IndexOf(";[POST_EP_FUNCTIONS]");
if (index_of > -1)
{
int func_len = Rand.Next(0x120, 0x200);
byte[] func_buffer;
if (Rand.NextDouble() >= 0.5)
{
func_buffer = new DataConstructor().GenData(func_len, func_len);
}
else
{
func_buffer = GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000);
}
// Console.WriteLine("Entropy Func: {0}", calc_entropy(func_buffer));
// pad entropy with zeros after func
//int pad_len = Rand.Next(0x10, 0x25);
//Array.Resize(ref func_buffer, func_buffer.Length + pad_len);
TxtSect = TxtSect.Insert(index_of, func_buffer.ToASMBuffer() + Environment.NewLine);
size_post_ep += func_buffer.Length;
}
}
JCI.SIZE_POST_EP_FUNCTIONS = size_post_ep;
// PAD ENTROPY
//int size_of_entropy_pad = 0x200; ;// ALIGN_UP(Rand.Next(0x200, 0x1000), (int)PE.NtHeader.OptionalHeader.FileAlignment);
//byte[] zero_fill = new byte[0x1000];
//string path_inc = Path.Combine(PE.PeDirectory.IncludeDirectory, "zerofill.bin");
//path_inc.WriteFile(zero_fill);
// JCI.SIZE_ENTROPY_PAD = (size_of_entropy_pad * 2);
if (File.Exists(PE.PeDirectory.TextSectionPath))
{
File.Delete(PE.PeDirectory.TextSectionPath);
}
PE.PeDirectory.TextSectionPath.WriteText(TxtSect, StringEncoding.ASCII);
GC.Collect();
}
