v1.00

emc2314 · Apr 30, 2017 · 5eaba94 · 5eaba94
1 parent d1b305b
commit 5eaba94
Show file tree

Hide file tree

Showing 4 changed files with 437 additions and 76 deletions.
diff --git a/Encrypter.cpp b/Encrypter.cpp
@@ -9,7 +9,7 @@ void encrypt_file(PIMAGE_NT_HEADERS nt_headers, pfile_info target_file, const ch
         for(int j = 0; j < sizeof(excluded_sections)/sizeof(excluded_sections[0]); ++j)
             excluded &= strcmp(excluded_sections[j], (char *)current_section->Name);
         if(excluded != 0) {
-            unsigned char *section_start = 
+            unsigned char *section_start =
                 (unsigned char *)target_file->file_mem_buffer + current_section->PointerToRawData;
             unsigned char *section_end = section_start + current_section->SizeOfRawData;
             const unsigned int num_rounds = 32;
@@ -38,8 +38,8 @@ void encrypt(unsigned int num_rounds, unsigned int blocks[2], unsigned int const
         blocks[1] += (((blocks[0] << 4) ^ (blocks[0] >> 5)) + blocks[0]) ^ (sum + key[(sum >> 11) & 3]);
     }
 }
- 
-//Unused, kept for testing/verification
+
+//For debug use
 void decrypt(unsigned int num_rounds, unsigned int blocks[2], unsigned int const key[4]) {
     const unsigned int delta = 0x9E3779B9;
     unsigned int sum = delta * num_rounds;

diff --git a/Injector.cpp b/Injector.cpp
@@ -84,7 +84,7 @@ PIMAGE_SECTION_HEADER add_section(const char *section_name, unsigned int section
     PIMAGE_SECTION_HEADER last_section = IMAGE_FIRST_SECTION(nt_headers) + (nt_headers->FileHeader.NumberOfSections - 1);
     PIMAGE_SECTION_HEADER new_section = IMAGE_FIRST_SECTION(nt_headers) + (nt_headers->FileHeader.NumberOfSections);
     memset(new_section, 0, sizeof(IMAGE_SECTION_HEADER));
-    new_section->Characteristics = IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_CNT_CODE;
+    new_section->Characteristics = IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_WRITE;
     memcpy(new_section->Name, section_name, name_max_length);
     new_section->Misc.VirtualSize = section_size;
     new_section->PointerToRawData = align_to_boundary(last_section->PointerToRawData + last_section->SizeOfRawData,

diff --git a/README.md b/README.md
@@ -1,13 +1,10 @@
-# pe_infector
-PE Infector/Cryptor source code
-
-From April 2011
-
-http://www.codereversing.com/blog/archives/86
-
-http://www.codereversing.com/blog/archives/92
-
-http://www.codereversing.com/blog/archives/94
-
-http://www.codereversing.com/blog/archives/95
-
+# PEZEncrypt
+A simple x86 PE packer
+
+## Features
+* Easy and Simple
+* Using SEH to detect hardware breakpoint
+* Using SetUnhandledExceptionFilter to detect debugger
+* Stub code checksum
+* Using VirtualProtect to disable memory breakpoint
+* Many small tricks to obfuscate the code