public void WriteLogicalFunctionsToTextSection(xNewPE PE, ref JunkCodeInfo JCI, int Multiplier) { string TxtSect = PE.PeDirectory.TextSectionPath.ReadText(); int size_pre_ep = 0; int size_ep = 0; int size_post_ep = 0; int pre_ep_func_cnt = Rand.Next(5 * Multiplier, 10 * Multiplier); int post_ep_func_cnt = Rand.Next(5 * Multiplier, 10 * Multiplier); // pre - ep for (int i = 0; i < pre_ep_func_cnt; i++) { int index_of = TxtSect.IndexOf(";[PRE_EP_FUNCTIONS]"); if (index_of > -1) { int func_len = Rand.Next(0x120, 0x200); byte[] func_buffer; if (Rand.NextDouble() >= 0.5) func_buffer = new DataConstructor().GenData(func_len, func_len); else func_buffer = GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000); // GenerateLogicalFunction(func_len, 0, 0, 0, 0);//GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000); // Console.WriteLine("Entropy Func: {0}", calc_entropy(func_buffer)); // pad entropy with zeros after func //int pad_len = Rand.Next(0x10, 0x25); //Array.Resize(ref func_buffer, func_buffer.Length + pad_len); TxtSect = TxtSect.Insert(index_of, func_buffer.ToASMBuffer() + Environment.NewLine); size_pre_ep += func_buffer.Length; } } JCI.SIZE_PRE_EP_FUNCTIONS = size_pre_ep; // ep - { int index_of = TxtSect.IndexOf(";[EP_FUNCTION]"); if (index_of > -1) { int func_len = Rand.Next(0x120, 0x140); // const byte[] func_buffer = GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000); // pad entropy with zeros after func //int pad_len = Rand.Next(0x10, 0x25); //Array.Resize(ref func_buffer, func_buffer.Length + pad_len); TxtSect = TxtSect.Insert(index_of, func_buffer.ToASMBuffer() + Environment.NewLine); size_ep += func_buffer.Length; } } JCI.SIZE_EP_FUNCTION = size_ep; //// post - ep for (int i = 0; i < post_ep_func_cnt; i++) { int index_of = TxtSect.IndexOf(";[POST_EP_FUNCTIONS]"); if (index_of > -1) { int func_len = Rand.Next(0x120, 0x200); byte[] func_buffer; if (Rand.NextDouble() >= 0.5) func_buffer = new DataConstructor().GenData(func_len, func_len); else func_buffer = GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000); // Console.WriteLine("Entropy Func: {0}", calc_entropy(func_buffer)); // pad entropy with zeros after func //int pad_len = Rand.Next(0x10, 0x25); //Array.Resize(ref func_buffer, func_buffer.Length + pad_len); TxtSect = TxtSect.Insert(index_of, func_buffer.ToASMBuffer() + Environment.NewLine); size_post_ep += func_buffer.Length; } } JCI.SIZE_POST_EP_FUNCTIONS = size_post_ep; // PAD ENTROPY //int size_of_entropy_pad = 0x200; ;// ALIGN_UP(Rand.Next(0x200, 0x1000), (int)PE.NtHeader.OptionalHeader.FileAlignment); //byte[] zero_fill = new byte[0x1000]; //string path_inc = Path.Combine(PE.PeDirectory.IncludeDirectory, "zerofill.bin"); //path_inc.WriteFile(zero_fill); // JCI.SIZE_ENTROPY_PAD = (size_of_entropy_pad * 2); if (File.Exists(PE.PeDirectory.TextSectionPath)) File.Delete(PE.PeDirectory.TextSectionPath); PE.PeDirectory.TextSectionPath.WriteText(TxtSect, StringEncoding.ASCII); GC.Collect(); }
public void WriteLogicalFunctionsToTextSection(xNewPE PE, ref JunkCodeInfo JCI, int Multiplier) { string TxtSect = PE.PeDirectory.TextSectionPath.ReadText(); int size_pre_ep = 0; int size_ep = 0; int size_post_ep = 0; int pre_ep_func_cnt = Rand.Next(5 * Multiplier, 10 * Multiplier); int post_ep_func_cnt = Rand.Next(5 * Multiplier, 10 * Multiplier); // pre - ep for (int i = 0; i < pre_ep_func_cnt; i++) { int index_of = TxtSect.IndexOf(";[PRE_EP_FUNCTIONS]"); if (index_of > -1) { int func_len = Rand.Next(0x120, 0x200); byte[] func_buffer; if (Rand.NextDouble() >= 0.5) { func_buffer = new DataConstructor().GenData(func_len, func_len); } else { func_buffer = GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000); } // GenerateLogicalFunction(func_len, 0, 0, 0, 0);//GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000); // Console.WriteLine("Entropy Func: {0}", calc_entropy(func_buffer)); // pad entropy with zeros after func //int pad_len = Rand.Next(0x10, 0x25); //Array.Resize(ref func_buffer, func_buffer.Length + pad_len); TxtSect = TxtSect.Insert(index_of, func_buffer.ToASMBuffer() + Environment.NewLine); size_pre_ep += func_buffer.Length; } } JCI.SIZE_PRE_EP_FUNCTIONS = size_pre_ep; // ep - { int index_of = TxtSect.IndexOf(";[EP_FUNCTION]"); if (index_of > -1) { int func_len = Rand.Next(0x120, 0x140); // const byte[] func_buffer = GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000); // pad entropy with zeros after func //int pad_len = Rand.Next(0x10, 0x25); //Array.Resize(ref func_buffer, func_buffer.Length + pad_len); TxtSect = TxtSect.Insert(index_of, func_buffer.ToASMBuffer() + Environment.NewLine); size_ep += func_buffer.Length; } } JCI.SIZE_EP_FUNCTION = size_ep; //// post - ep for (int i = 0; i < post_ep_func_cnt; i++) { int index_of = TxtSect.IndexOf(";[POST_EP_FUNCTIONS]"); if (index_of > -1) { int func_len = Rand.Next(0x120, 0x200); byte[] func_buffer; if (Rand.NextDouble() >= 0.5) { func_buffer = new DataConstructor().GenData(func_len, func_len); } else { func_buffer = GenerateLogicalFunction(func_len, 0, 1, IMAGE_BASE + 0x1000, 0x100000); } // Console.WriteLine("Entropy Func: {0}", calc_entropy(func_buffer)); // pad entropy with zeros after func //int pad_len = Rand.Next(0x10, 0x25); //Array.Resize(ref func_buffer, func_buffer.Length + pad_len); TxtSect = TxtSect.Insert(index_of, func_buffer.ToASMBuffer() + Environment.NewLine); size_post_ep += func_buffer.Length; } } JCI.SIZE_POST_EP_FUNCTIONS = size_post_ep; // PAD ENTROPY //int size_of_entropy_pad = 0x200; ;// ALIGN_UP(Rand.Next(0x200, 0x1000), (int)PE.NtHeader.OptionalHeader.FileAlignment); //byte[] zero_fill = new byte[0x1000]; //string path_inc = Path.Combine(PE.PeDirectory.IncludeDirectory, "zerofill.bin"); //path_inc.WriteFile(zero_fill); // JCI.SIZE_ENTROPY_PAD = (size_of_entropy_pad * 2); if (File.Exists(PE.PeDirectory.TextSectionPath)) { File.Delete(PE.PeDirectory.TextSectionPath); } PE.PeDirectory.TextSectionPath.WriteText(TxtSect, StringEncoding.ASCII); GC.Collect(); }