public ProtectedXml(ProtectionOptions options) { this.m_options = options; //SETTING RSA KEY FOR SIGNING CspParameters parameters = new CspParameters { KeyContainerName = "XML_DSIG_RSA_KEY" }; this.m_rsaKey = new RSACryptoServiceProvider(parameters); //SETTING TDES FOR ECRYPTION UTF8Encoding UTF8 = new UTF8Encoding(); using (MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider()) { const string passphrase = "ASDFGHJKLPOIUYTREWASDFGHJKLPOIUY"; byte[] TDESKey = md5.ComputeHash(UTF8.GetBytes(passphrase)); TripleDESCryptoServiceProvider tdesc = new TripleDESCryptoServiceProvider(); // Step 3. Setup the encoder tdesc.Key = TDESKey; tdesc.Mode = CipherMode.ECB; tdesc.Padding = PaddingMode.PKCS7; this.m_tdes = tdesc; } //Create empty xml doc this.PreserveWhitespace = true; this.AppendChild(this.CreateXmlDeclaration("1.0", "UTF-8", null)); XmlNode newChild = this.CreateElement("data"); this.AppendChild(newChild); this.Protect(); }
private static void Main(string[] args) { ProtectionOptions options = SetupProtectionOptions(); ScanProtector protector = new ScanProtector(options); protector.Start(); Console.WriteLine("Press Enter to stop and exit..."); Console.ReadLine(); protector.Stop(); }
public virtual void ImplementRedirection(WindowsAssembly pE, byte[] peData, ProtectionOptions options) { this.dataStream = new MemoryStream(); int EOF = EndOfFileOffset(pE.SectionHeaders.Last()); WriteSetions(peData, EOF); WriteStubSection(pE.NtHeaders.OptionalHeader.FileAlignment); WriteEndOfFile(peData, EOF); WriteHeaders(pE, options.AddDllLoader); //File.WriteAllBytes("test.exe", dataStream.ToArray()); }
public virtual int GenerateStub(WindowsAssembly pE, ProtectionOptions options) { try { FasmNet fasmNet = new FasmNet(memorySize, 10); // if compilcation fails increase memorySize parameter fasmNet.AddLine(Code); generatedStub = fasmNet.Assemble(NextSectionRVA(pE.NtHeaders.OptionalHeader.SectionAlignment, pE.SectionHeaders.Last()) + (uint)pE.NtHeaders.OptionalHeader.ImageBase); return(generatedStub.Length); } catch { } return(-1); }
private static ProtectionOptions SetupProtectionOptions() { LivePacketDevice device = GetDevice(); IScanningReaction reaction = GetScanningReaction(); Console.WriteLine("Enter max connection tryings:"); int maxConnections = GetIntFromConsole(num => num >= 1); ProtectionOptions options = new ProtectionOptions(device) { MaxConnectionsFromIP = maxConnections, Reacting = reaction, }; return(options); }
/// <summary> /// Allocates a block of given size and given protection options inside virtual memory of the process using given allocation options /// </summary> /// <param name="count">The amount of bytes to be allocated</param> /// <param name="allocationType">The allocation options to be used when allocating</param> /// <param name="protectionOptions">The protection options of the allocated block</param> /// <returns>The starting address of the newly allocated block</returns> /// <exception cref="ArgumentException">If count is equal to or less than zero</exception> public IntPtr Alloc(int count, AllocationOptions allocationType, ProtectionOptions protectionOptions) { if (count <= 0) { throw new ArgumentException("Count must be greater than zero"); } IntPtr address = Kernel32.VirtualAllocEx(Handle.DangerousGetHandle(), IntPtr.Zero, new UIntPtr(Convert.ToUInt32(count)), allocationType, protectionOptions); if (address.IsNullPtr()) { throw new Win32Exception(Marshal.GetLastWin32Error(), "Could not allocate memory within process"); } return(address); }
private void btnProtect_Click(object sender, EventArgs e) { ProtectionOptions options = new ProtectionOptions() { AddDllLoader = chkAddLoader.Checked }; if (!redirector.Protect(options)) { MessageBox.Show(this, redirector.Exception.Message); } else { MessageBox.Show(this, "File protected"); } redirector = null; gpMain.Enabled = false; }
public override int GenerateStub(WindowsAssembly pE, ProtectionOptions options) { try { // add Hash, GMH and GPA AddCommonCode(); if (base.GenerateStub(pE, options) != -1) { byte[] temp = generatedStub; // save stub AddPushAddressesCode(); // a trick to retrieve the addresses of redirected APIs if (base.GenerateStub(pE, options) != -1) { ReadRedirectedFunctionsAddresses(temp.Length); //System.IO.File.WriteAllBytes("stub.bin", generatedStub); // for debug generatedStub = temp; return(generatedStub.Length); } } } catch { } return(-1); }
public static extern IntPtr VirtualAllocEx([In] IntPtr processHandle, [In] IntPtr address, [In] UIntPtr size, [In] AllocationOptions allocationType, [In] ProtectionOptions protectionOptions);