用Win32汇编语言对PE格式的EXE文件进行口令加密(下)
szUser32 db 'user32',0
szMessageBox db 'MessageBoxA',0
;定义指向对话框函数的指针变量及常量的定义 _GetModuleHandle _ApiGetModuleHandle ? _GlobalAlloc _ApiGlobalAlloc ?
_MultiByteToWideChar _ApiMultiByteToWideChar ?
_DialogBoxIndirectParam _ApiDialogBoxIndirectParam ? _GlobalFree _ApiGlobalFree ? _EndDialog _ApiEndDialog ?
_GetDlgItemText _ApiGetDlgItemText ? _SetWindowText _ApiSetWindowText ?
_SendDlgItemMessage _ApiSendDlgItemMessage ? szGetModuleHandle db 'GetModuleHandleA',0 szGlobalAlloc db 'GlobalAlloc',0
szMultiByteToWideChar db 'MultiByteToWideChar',0
szDialogBoxIndirectParam db 'DialogBoxIndirectParamA',0 szGlobalFree db 'GlobalFree',0 szEndDialog db 'EndDialog',0
szGetDlgItemText db 'GetDlgItemTextA',0 szSetWindowText db 'SetWindowTextA',0
szSendDlgItemMessage db 'SendDlgItemMessageA',0 APPEND_PASSWD_CODE equ this byte
OldPswdText db 30 dup(0) ;加密后留存的口令 PswdText db 30 dup(0) ;对话框输入的验证口令 TitleName db 'Enter PassWord',0 ButtonName db '确定',0
FontName db 'Times New Roman',0 ID_PSWD equ 101 ID_EXIT equ 202 ID_CAPTION equ 11011
szCaption db \问题提示:\TitleText db \请输入口令:\ErrPasswd db \口令错误!\hInstance1 dd ? @strlen11 dd ? @strlen22 dd ? ;取字符串长度过程
strlen proc _dwarg local @count mov @count,0 pushad cld
mov esi,_dwarg @@: lodsb
inc @count cmp al,0 jz exit jmp @b exit:
popad
mov eax,@count ret strlen endp ;口令核对过程
ChkEnterpswd proc pushad call @f @@:
pop ebx
sub ebx,offset @b
lea eax,[ebx+PswdText] invoke strlen,eax
mov [ebx+@strlen11],eax lea eax,[ebx+OldPswdText] invoke strlen,eax
mov [ebx+@strlen22],eax mov ecx,[ebx+@strlen11] mov eax,[ebx+@strlen22] .if ecx < eax xchg eax,ecx .endif
lea esi,[ebx+OldPswdText] lea edi,[ebx+PswdText] cld
repe cmpsb .if ZERO? popad
mov eax,TRUE ret .else popad
mov eax,FALSE ret
.endif ChkEnterpswd endp ;对话框过程
DlgProc proc hWnd:dword,uMsg:dword,wParam:dword,lParam:dword call @f @@:
pop ebx
sub ebx,offset @b .if uMsg==WM_COMMAND mov eax,wParam .if ax==ID_PSWD
lea edx,[ebx+PswdText]
invoke [ebx+_GetDlgItemText],hWnd,ID_PSWD,edx,30 .elseif ax==ID_EXIT
invoke [ebx+_EndDialog],hWnd,NULL .endif
.elseif uMsg==WM_INITDIALOG lea ecx,[ebx+TitleText]
invoke [ebx+_SetWindowText],hWnd,ecx invoke
[ebx+_SendDlgItemMessage],hWnd,ID_PSWD,EM_LIMITTEXT,18,NULL invoke
[ebx+_SendDlgItemMessage],hWnd,ID_PSWD,EM_SETPASSWORDCHAR,42,NULL .else
mov eax,FALSE ret .endif
mov eax,TRUE ret
DlgProc endp
;口令加密代码的入口 _NewEntry: ;重定位
call @F @@: pop ebx sub ebx,offset @B
invoke _GetKernelBase,[esp] ;获取Kernel32.dll基地址 mov [ebx+hDllKernel32],eax lea eax,[ebx+szGetProcAddress] ;获取GetProcAddress入口地址 invoke _GetApi,[ebx+hDllKernel32],eax mov [ebx+_GetProcAddress],eax lea eax,[ebx+szLoadLibrary] ;获取LoadLibrary入口地址 invoke [ebx+_GetProcAddress],[ebx+hDllKernel32],eax mov [ebx+_LoadLibrary],eax lea eax,[ebx+szUser32] ;获取User32.dll基地址