diff --git a/Malware/Malware/Malware.cpp b/Malware/Malware/Malware.cpp
index 1902add..0599073 100644
--- a/Malware/Malware/Malware.cpp
+++ b/Malware/Malware/Malware.cpp
@@ -115,15 +115,15 @@ typedef struct {
} FuncList2;
int main(int argc, char *argv[]) {
- // Init des struct d'obfuscation d'appel de fonction
- Obfuscated_stdFunclist *stdfunclist = new Obfuscated_stdFunclist();
- FuncList2 list = {evaluate_polynomial, memcpy, lonesha256};
-
if (argc < 2 || strlen(argv[1]) > 8) {
printf("Arguments invalides.\n");
return 1;
}
+ // Init des struct d'obfuscation d'appel de fonction
+ Obfuscated_stdFunclist *stdfunclist = new Obfuscated_stdFunclist();
+ FuncList2 list = {evaluate_polynomial, stdfunclist->obfusc_memcpy, lonesha256};
+
fakemain(argc, (wchar_t **)argv);
uint8_t input[8];
diff --git a/Malware/Malware/Malware.vcxproj b/Malware/Malware/Malware.vcxproj
index 74e2700..88845a2 100644
--- a/Malware/Malware/Malware.vcxproj
+++ b/Malware/Malware/Malware.vcxproj
@@ -113,16 +113,19 @@
Level3
Use
- MaxSpeed
+ Disabled
true
- true
+ false
WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
+ Disabled
Console
true
- true
- true
+ false
+ false
+ false
+ false
diff --git a/Malware/Malware/functions.h b/Malware/Malware/functions.h
index 7557095..efebae9 100644
--- a/Malware/Malware/functions.h
+++ b/Malware/Malware/functions.h
@@ -1,35 +1,57 @@
-#include
-#include
+#include
+#include
+#include
-bool verify_signature(unsigned char* signature, unsigned char* starting_loc);
-void print_signature(unsigned char* loc);
+bool verify_signature(unsigned char *signature, unsigned char *starting_loc);
+void print_signature(unsigned char *loc);
class Obfuscated_stdFunclist {
- public: // list of functions
- int (*obfusc_printf)(const char *__restrict, ...);
- void* (*obfusc_malloc)(size_t __size);
- private:
- void find_obfusc_printf(){
- // print_signature(printf)
- unsigned char signature_printf[12] = {0x8b, 0xff, 0x55, 0x8b, 0xec, 0x6a, 0xfe, 0x68, 0xe0, 0xdb, 0x34, 0x10};
- unsigned char* loc = (unsigned char*) ungetc; // after printf in memory
- while (!verify_signature(signature_printf, loc)) {
- loc--; // go back until we find printf
- }
- obfusc_printf = (int (*)(const char *__restrict, ...)) loc;
+ public: // list of functions
+ int (*obfusc_printf)(const char *__restrict, ...);
+ void *(*obfusc_malloc)(size_t __size);
+ void *(*obfusc_memcpy)(void *__restrict __dest,
+ const void *__restrict __src, size_t __n);
+
+ private:
+ void find_obfusc_printf() {
+ // print_signature(printf)
+ unsigned char signature_printf[12] = {0x8b, 0xff, 0x55, 0x8b,
+ 0xec, 0x6a, 0xfe, 0x68,
+ 0xe0, 0xdb, 0x34, 0x10};
+ unsigned char *loc = (unsigned char *)ungetc; // after printf in memory
+ while (!verify_signature(signature_printf, loc)) {
+ loc--; // go back until we find printf
}
- void find_obfusc_malloc(){
- // print_signature((unsigned char*)malloc);
- unsigned char signature_malloc[12] = {0x8b, 0xff, 0x55, 0x8b, 0xec, 0x51, 0x6a, 0x0, 0x6a, 0x0, 0x6a, 0x1};
- unsigned char* loc = (unsigned char*) free; // after malloc in memory
- while (!verify_signature(signature_malloc, loc)) {
- loc--; // go backwards until we find malloc
- }
- obfusc_malloc = (void* (*)(size_t __size)) loc;
+ obfusc_printf = (int (*)(const char *__restrict, ...))loc;
+ }
+ void find_obfusc_malloc() {
+ // print_signature((unsigned char*)malloc);
+ unsigned char signature_malloc[12] = {0x8b, 0xff, 0x55, 0x8b,
+ 0xec, 0x51, 0x6a, 0x0,
+ 0x6a, 0x0, 0x6a, 0x1};
+ unsigned char *loc = (unsigned char *)free; // after malloc in memory
+ while (!verify_signature(signature_malloc, loc)) {
+ loc--; // go backwards until we find malloc
}
- public: // constructor
- Obfuscated_stdFunclist(){
- find_obfusc_printf();
- find_obfusc_malloc();
+ obfusc_malloc = (void *(*)(size_t __size))loc;
+ }
+ void find_obfusc_memcpy() {
+ auto a = memcpy; // sinon ça crash parce que memcpy est pas chargé en mémoire :c
+ unsigned char signature_memcpy[12] = {0xe9, 0xdf, 0x39, 0x0, 0x0, 0xe9,
+ 0x20, 0x58, 0x0, 0x0, 0xe9, 0xb};
+ unsigned char *loc = (unsigned char *)memset; // after memcpy in memory
+ while (!verify_signature(signature_memcpy, loc)) {
+ loc++; // go backwards until we find memcpy
}
+ obfusc_memcpy =
+ (void *(*)(void *__restrict __dest, const void *__restrict __src,
+ size_t __n))loc;
+ }
+
+ public: // constructor
+ Obfuscated_stdFunclist() {
+ find_obfusc_printf();
+ find_obfusc_malloc();
+ find_obfusc_memcpy();
+ }
};
\ No newline at end of file