public ProtectedXml(ProtectionOptions options)
{
this.m_options = options;
//SETTING RSA KEY FOR SIGNING
CspParameters parameters = new CspParameters {
KeyContainerName = "XML_DSIG_RSA_KEY"
};
this.m_rsaKey = new RSACryptoServiceProvider(parameters);
//SETTING TDES FOR ECRYPTION
UTF8Encoding UTF8 = new UTF8Encoding();
using (MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider())
{
const string passphrase = "ASDFGHJKLPOIUYTREWASDFGHJKLPOIUY";
byte[] TDESKey = md5.ComputeHash(UTF8.GetBytes(passphrase));
TripleDESCryptoServiceProvider tdesc = new TripleDESCryptoServiceProvider();
// Step 3. Setup the encoder
tdesc.Key = TDESKey;
tdesc.Mode = CipherMode.ECB;
tdesc.Padding = PaddingMode.PKCS7;
this.m_tdes = tdesc;
}
//Create empty xml doc
this.PreserveWhitespace = true;
this.AppendChild(this.CreateXmlDeclaration("1.0", "UTF-8", null));
XmlNode newChild = this.CreateElement("data");
this.AppendChild(newChild);
this.Protect();
}
private static void Main(string[] args)
{
ProtectionOptions options = SetupProtectionOptions();
ScanProtector protector = new ScanProtector(options);
protector.Start();
Console.WriteLine("Press Enter to stop and exit...");
Console.ReadLine();
protector.Stop();
}
public virtual void ImplementRedirection(WindowsAssembly pE, byte[] peData, ProtectionOptions options)
{
this.dataStream = new MemoryStream();
int EOF = EndOfFileOffset(pE.SectionHeaders.Last());
WriteSetions(peData, EOF);
WriteStubSection(pE.NtHeaders.OptionalHeader.FileAlignment);
WriteEndOfFile(peData, EOF);
WriteHeaders(pE, options.AddDllLoader);
//File.WriteAllBytes("test.exe", dataStream.ToArray());
}
public virtual int GenerateStub(WindowsAssembly pE, ProtectionOptions options)
{
try
{
FasmNet fasmNet = new FasmNet(memorySize, 10); // if compilcation fails increase memorySize parameter
fasmNet.AddLine(Code);
generatedStub = fasmNet.Assemble(NextSectionRVA(pE.NtHeaders.OptionalHeader.SectionAlignment,
pE.SectionHeaders.Last()) +
(uint)pE.NtHeaders.OptionalHeader.ImageBase);
return(generatedStub.Length);
}
catch { }
return(-1);
}
private static ProtectionOptions SetupProtectionOptions()
{
LivePacketDevice device = GetDevice();
IScanningReaction reaction = GetScanningReaction();
Console.WriteLine("Enter max connection tryings:");
int maxConnections = GetIntFromConsole(num => num >= 1);
ProtectionOptions options = new ProtectionOptions(device)
{
MaxConnectionsFromIP = maxConnections,
Reacting = reaction,
};
return(options);
}
/// <summary>
/// Allocates a block of given size and given protection options inside virtual memory of the process using given allocation options
/// </summary>
/// <param name="count">The amount of bytes to be allocated</param>
/// <param name="allocationType">The allocation options to be used when allocating</param>
/// <param name="protectionOptions">The protection options of the allocated block</param>
/// <returns>The starting address of the newly allocated block</returns>
/// <exception cref="ArgumentException">If count is equal to or less than zero</exception>
public IntPtr Alloc(int count, AllocationOptions allocationType, ProtectionOptions protectionOptions)
{
if (count <= 0)
{
throw new ArgumentException("Count must be greater than zero");
}
IntPtr address = Kernel32.VirtualAllocEx(Handle.DangerousGetHandle(), IntPtr.Zero,
new UIntPtr(Convert.ToUInt32(count)), allocationType, protectionOptions);
if (address.IsNullPtr())
{
throw new Win32Exception(Marshal.GetLastWin32Error(), "Could not allocate memory within process");
}
return(address);
}
private void btnProtect_Click(object sender, EventArgs e)
{
ProtectionOptions options = new ProtectionOptions()
{
AddDllLoader = chkAddLoader.Checked
};
if (!redirector.Protect(options))
{
MessageBox.Show(this, redirector.Exception.Message);
}
else
{
MessageBox.Show(this, "File protected");
}
redirector = null;
gpMain.Enabled = false;
}
public override int GenerateStub(WindowsAssembly pE, ProtectionOptions options)
{
try
{
// add Hash, GMH and GPA
AddCommonCode();
if (base.GenerateStub(pE, options) != -1)
{
byte[] temp = generatedStub; // save stub
AddPushAddressesCode(); // a trick to retrieve the addresses of redirected APIs
if (base.GenerateStub(pE, options) != -1)
{
ReadRedirectedFunctionsAddresses(temp.Length);
//System.IO.File.WriteAllBytes("stub.bin", generatedStub); // for debug
generatedStub = temp;
return(generatedStub.Length);
}
}
}
catch { }
return(-1);
}
public static extern IntPtr VirtualAllocEx([In] IntPtr processHandle, [In] IntPtr address, [In] UIntPtr size,
[In] AllocationOptions allocationType, [In] ProtectionOptions protectionOptions);