Exe Encryption\packer

[TGunner54]

Hi, im after a simple source code VB6 or VC++ 6.0 for packing or encrypting an exe file. I want to make a cryptor. I do have some experience with VC++ 6.0 and VB6. I want to learn how this is done.

Thanks In Return!

I <3 SND!!! :happy:

[evlncrn8]

codeproject.com has a few examples, try there, and please.. do it in c/c++ and not ****ty vb

[TGunner54]

theirs only Yodas Crypt.... i dont really want somthing that advanced.

[Killboy]

You basically need a fair bit of knowledge of a PE file's layout, what to crypt, what to change...

Second, you need a stub that does the uncrypting and passes execution to the crypted app in memory, this would be the hardest part...

Take a look at how y0da did it, you can either choose between a (virtual) dll or a fixed stub you just always paste in a new section for example.

If you dont really have a clue, you seriously need to read up a little bit, this isnt like a 10-minute job unless you actually plan to copy the source one by one

Edited March 6, 2008 by Killboy

[evlncrn8]

if you really think y0da's crypt is advanced you have a lot to learn... compared to other cryptors out there y0da's one is primitive to say the least.... the example shows you what you need to do... but there's other problems too, with new compilers, requiring specific characteristics on sections and so on... it can get very tricky very quickly, so i'd recommend you build a mini skeleton from the information on that site.. forget about anti debug etc for the time being.. get the skeleton working, then flesh it out..

looking at the source code for upx (think its on sourceforge) may also point you in the right direction.. using vb though to do it already imples you're going in the wrong direction...

Edited March 6, 2008 by evlncrn8

[TGunner54]

y0da doesn't compile for me anyway... because im compiling it in VC++ 6.0 and its meant to be for another compiler...

y0da's code is... messy.

I dont want to make a protector with all "anti-debug" and compression values etc... i just want to make somthing to protect an application. Then i will move onto compression.

Edited March 6, 2008 by TGunner54

[rendari]

y0da doesn't compile for me anyway... because im compiling it in VC++ 6.0 and its meant to be for another compiler...

y0da's code is... messy.

I dont want to make a protector with all "anti-debug" and compression values etc... i just want to make somthing to protect an application. Then i will move onto compression.

Do you know the basics of C++ and ASM? PE file format? Cus if you do, you wouldn't be asking for help, you'd be able to figure it out yourself.

Its not hard, sit down with a PE file reference and figure out all the things your protector will need to access/change during the protection process. Then look at other people's protectors to get ideas.

Finally, here is the crackme + source of protector for one of the simplest protectors available:

http://crackmes.de/users/mucki/muckis_protector/

[TGunner54]

Its MASM...

If their so simple, why isnt google flooded with them.

I atleast want somthing made in C++ that i can learn from :sad:

[GaBoR]

This one is made in C & asm, it's called NWCC:

http://www.nuclearwintercrew.com/Products-View/31/NWCC/

[TGunner54]

compiler problems... again.. if its not made with VC++ then forget it.. Thats why VB is good, you dont have 100000's of diffrent compilers...

So, if anyone knows of a cryptor made with VC++ 6.0 or VB6. Reply!!! xD

Edited March 8, 2008 by TGunner54

[rendari]

Err, just start from scratch man. That's what I did, and a lot of people before me also prolly did. If you have a good knowledge of the PE file format and C++, that's all you need.

[TGunner54]

i dont have good ASM skills. Nether do i of PE. Thats why i want to learn froma source. Then start from scratch.

[rendari]

Well if you don't know asm or anything about the PE, the sources of other protectors won't help you one bit, because you won't be able to understand a single thing they're doing.

[TGunner54]

Well... i do know the PE layout etc... anyway. I Just started from scratch using the "GREAT VB6!"

XCryptor v3.0

- 128Bit Encryption

- Loaded Directly Into Memory

Lets put it this way... it wasn't easy.

[temosis]

Whats the difference between this XCryptor and yours? Is it gonna be open source for educational purpose?

[evlncrn8]

nope, its going to be a piece of crap vb 'protector'

which will be buggy as hell, because the coder admits to having a lack of asm knowledge or the pe format...

'128 bit encryption, loaded directly into memory'

what crap is that? 128 bit encryption... wow! ;p..

loaded directly into memory = you used mapviewoffile?

suggestion: learn to walk before you run.... and ditch vb...

[HVC]

Wow! Three days ago, you didn't have a clue, and now, you 've got a v 3.00 already!

"GREAT VB6!"

Edited March 11, 2008 by HVC

[D1N]

Wow! Three days ago, you didn't have a clue, and now, you 've got a v 3.00 already!

@HVC

hahahaha oh my coke just came shooting out of my nose.

hahaha ok no more laughing at v 3.00 in three days... hahaha ok one more laugh.. ah!

I'm going to write a book. "Coding a packer in 24hours" RCE++ made easy.. subtitled farrow j0r dr3amz omfg teh c0d3rz crypt z malware.

When you spend more time designing the form then actually punching out code and searching chinese and russian forums for snippets and examples you need to go back to console land.

Looking at source code is pointless when you don't even understand the structure of the application.

#include “stdafx.h”
#include "brain.h"
int _tmain(int argc, _TCHAR* argv[])
{
//========================//
//	 Paste Ripped Code Here
//=======================//
return 0;  
}

sorry i couldn't help it... had you asked help on coding something for good purposes you may have received better feedback. but its clear what you want to do with this "file cryptor" hide malware?

Edited March 11, 2008 by D1N

[HVC]

@D1N

Awww, man: your template gives me an error:

LINK : fatal error LNK1104: cannot open file "brain.h".

What could that mean?

Damn those C++ / Assembly compilers!!!

That's why VB6 rulez!!!

Edited March 11, 2008 by HVC

[D1N]

@HVC sorry bro i forgot to include the h file

// brain.h for cryptor.cpp

#pragma once

#include

Edited March 11, 2008 by D1N

[HVC]

// Function to secret C++ algorithm 
// allowing 15% for packing
virtual double Volume() const
{ return 0.85*m_Length*m_Width*m_Height; }

Yay!

And now that i have mastered ALL the secrets of RE, off to new adventures!!!

I'm going to be coding xtros - tanks 4 introducing me into 3D!!!

Hi ho Silver!

PS: Anyone got VB sources for DirectX???

Edited March 11, 2008 by HVC

[Loki]

Just wanted to congratulate you on managing to get that smiley in there. This is second only to one of my other favourite efforts where UFO once managed to get a Hitler and Pope smiley into the same post.

[D1N]

PS: Anyone got VB sources for DirectX???

No but i've got some uber leet OpenGL projects! and the HalfLife SDK

Check it!

Edited March 11, 2008 by D1N

[TGunner54]

nope, its going to be a piece of crap vb 'protector'

which will be buggy as hell, because the coder admits to having a lack of asm knowledge or the pe format...

'128 bit encryption, loaded directly into memory'

what crap is that? 128 bit encryption... wow! ;p..

loaded directly into memory = you used mapviewoffile?

suggestion: learn to walk before you run.... and ditch vb...

Who needs ASM when you have VB... dont under-estimate people. i could EASLY make the encryption more secure. And no its not a VB protector crap... (--.--) its probbably better than any exe cryptor you could make. Btw... read what you wrote again.

because the coder admits to having a lack of asm knowledge or the pe format...

everyone has lack of knowledge of everything... you cant tell me you can create ANYTHING in C++ i didnt use any ASM while making the cryptor, as VB can do everything i want it to... and no its not Map View Offline... its really a process injector... creates a thread in the process. Dont act so nubish... i know a lot bit more than the basics of VB and C++ I prefer using VB for applications and C++ for small console applications or dll's. I just didnt know the PE layout... then i done some reasearch. I do know ASM but not in much detail.

Its 3.00 because i added things along the way etc.. i dont know why your suprised. Its pretty easy to make a stub read data within itsself and load it into a byte array. Then just use XOR encryption for starters... LOL then make your own encryption. The only hard part was the process injection, witch i have programmed before this project so it wasn't hard. Thanks to the person who said programme it yourself! I didnt think it was that easy, thats why i came here first.

Why dont you guys like VB6... look if it does the job its good. Its simple to use and doesnt need all these headders. Maby your all jelouse that you learnt C++ before VB6 then realised you should of learnt VB =P ok maby not... I see C++ good for SOME things and VB good for other things.

Edited March 11, 2008 by TGunner54

[Loki]

ts probbably better than any exe cryptor you could make. Btw... read what you wrote again.

Just one comment... the above was referring to evlncrn8. I would assume you don't know who he is/was, but he certainly does know what he is talking about probably more than anyone on the forum. As a suggestion I would take his advice..... VB may 'do what you want it to' but as a 'protector' is not really going to be much good.

Having said that, we always encourage new ideas and people learning so dont take the comments to heart, they were meant to be light hearted. If VB really is the way you want to go then good luck, but its not really a field of expertise on this forum simply because (maybe in our opinion) there are better/easier ways to do this.