Untitled

#pragma option w32c
#includepath "..\..\wxCmm"
#include "wxCmm.h--"
#include "crypt.hmm"
#include "crc32.hmm"
#include "xpu2.rc"
#include "XPVisualStyles.rc"

wxFrame frame;
wxNoteBook      nb;
wxCheckBox  control[10];
wxTextCtrl fname;
wxButton button1, button2, button3, button4;
wxFileDialog FO;
dword sz;
byte buf[40960];

byte DelphiSign[64] =
{
0x55, 0x8B, 0xEC, 0x83, 0xC4, 0xF0, 0xB8, 0xA0, 0x38, 0x55, 0x00, 0xE8, 0x60, 0x30, 0xEB, 0xFF,
0x33, 0xC9, 0xB2, 0x01, 0xA1, 0x40, 0x36, 0x55, 0x00, 0xE8, 0x52, 0x63, 0xF3, 0xFF, 0xA3, 0x90,
0x52, 0x56, 0x00, 0xA1, 0x90, 0x52, 0x56, 0x00, 0xE8, 0x9B, 0xA6, 0xF3, 0xFF, 0xA1, 0x90, 0x52,
0x56, 0x00, 0x8B, 0x10, 0xFF, 0x92, 0x88, 0x00, 0x00, 0x00, 0x33, 0xC0, 0x55, 0x68, 0xDC, 0x40
};
byte MySign[64];

struct IMAGE_NT_HEADERS
{
    dword               Signature;
    IMAGE_FILE_HEADER   FileHeader;
    IMAGE_OPTIONAL_HEADER32 OptionalHeader;
};

struct  PEFile
{
    IMAGE_DOS_HEADER    MZHeader;
    CHAR                MZData[0x400];
    IMAGE_NT_HEADERS    PEHeader;
    IMAGE_SECTION_HEADER Sections[0x20];
    dword               Objects[0x20];
};

PEFile  MyFile;


void wxMain()
{
    dword       panel;
    init_CRC32();
    //FreeConsole();
    if(!IsDebuggerPresentN())
    {

        frame.wxFrame(NULL, -1, "Xpu", 0, new wxSize(400,400), wxSYSTEM_MENU);
        frame.Centre();
        nb.wxNoteBook(#frame);
        panel = new wxPanel(#nb);
        nb.AddPage(panel, "Main");

        fname.wxTextCtrl(panel, -1, "", 0, new wxSize(300,25));

        control[0].wxCheckBox(panel, -1, "Anti Ring3 debuggers");
        control[0].Move(10, 50);

        control[1].wxCheckBox(panel, -1, "Anti SoftIce");
        control[1].Move(10, 80);

        control[2].wxCheckBox(panel, -1, "Exit in Case of bad CRC");
        control[2].Move(10, 110);

        control[3].wxCheckBox(panel, -1, "Erase API/DLL name string");
        control[3].Move(10, 140);

        control[4].wxCheckBox(panel, -1, "Anti API breakpoint");
        control[4].Move(10, 170);

        control[5].wxCheckBox(panel, -1, "Anti in-Loader API BPX");
        control[5].Move(10, 200);

        control[6].wxCheckBox(panel, -1, "Anti in-Loader code BPX");
        control[6].Move(10, 230);

        control[7].wxCheckBox(panel, -1, "Anti hardware breakpoint");
        control[7].Move(10, 260);

        control[8].wxCheckBox(panel, -1, "Anti Ice dump");
        control[8].Move(10, 290);

        control[9].wxCheckBox(panel, -1, "Make buckup");
        control[9].Move(210, 50);


        button1.wxButton(panel, -1, "Crypt");
        button1.Move(10, 320);
        connect(#button1, wxEVT_COMMAND_BUTTON_CLICKED, #DoCrypt);

        button2.wxButton(panel, -1, "Open");
        button2.Move(310, 0);
        connect(#button2, wxEVT_COMMAND_BUTTON_CLICKED, #OpenFile1);

        panel = new wxPanel(#nb);
        nb.AddPage(panel, "Simulate");
        //control.wxCheckBox(panel, -1, "wxCheckBox");

        frame.Show();
    }
}


:void  OpenFile1(dword event)
{
    PCHAR s;
    FO.wxFileDialog(#frame, 0, 0, 0, "*.exe");
    FO.SetStyle(wxOPEN | wxHIDE_READONLY);
    if(FO.ShowModal() == wxID_OK)
        {
            s = FO.GetPathDir();
            lstrcat(s, "\\");
            lstrcat(s, FO.GetFilename());
            fname.WriteText(s);
        }
}

:dword Max(dword x1, x2)
{
    if(x1>x2) return(x1);
        else return(x2);
};

:void MakeBak(dword fname2)
{
    PCHAR s;
    s = fname2;
    lstrcat(s, ".bak");
    CopyFile(fname2, s, 1);
}

:dword LoadFile(dword fname1)
{
    PCHAR p;
    HANDLE hfile;
    dword nr, x;
    hfile = CreateFile(fname1, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
    ReadFile(hfile, #MyFile.MZHeader, sizeof(MyFile.MZHeader), #nr, 0);
    if(MyFile.MZHeader.e_magic != IMAGE_DOS_SIGNATURE )
        {
            wxMessageBox(#frame, "Wrong MZ file", "Error", wxOK | wxICON_INFORMATION);
            return(0);
        }
    SetFilePointer(hfile, 0, 0, 0);
    ReadFile(hfile, #MyFile.MZData, MyFile.MZHeader.e_lfanew, #nr, 0);
    ReadFile(hfile, #MyFile.PEHeader, sizeof(IMAGE_NT_HEADERS), #nr, 0);
    if(MyFile.PEHeader.Signature != IMAGE_NT_SIGNATURE)
        {
            wxMessageBox(#frame, "Wrong PE file", "Error", wxOK | wxICON_INFORMATION);
            return(0);
        }
    for(x=1; x<=MyFile.PEHeader.FileHeader.NumberOfSections; x++)
        ReadFile(hfile, #MyFile.Sections[x-1], sizeof(IMAGE_SECTION_HEADER), #nr, 0);

    sz=0;
    MyFile.PEHeader.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress=0;
    for(x=IMAGE_DIRECTORY_ENTRY_EXPORT; x<=IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR; x++)
        {
            if(MyFile.PEHeader.OptionalHeader.DataDirectory[x].VirtualAddress<>0)
                sz += MyFile.PEHeader.OptionalHeader.DataDirectory[x].Size;
        }
    ReadFile(hfile, #buf, sz, #nr, 0);

    for(x=1; x<=MyFile.PEHeader.FileHeader.NumberOfSections; x++)
        {
            SetFilePointer(hfile, MyFile.Sections[x-1].PointerToRawData, 0, 0);
            MyFile.Objects[x-1] = GlobalAlloc(GMEM_ZEROINIT, Max(MyFile.Sections[x-1].Misc.VirtualSize, MyFile.Sections[x-1].SizeOfRawData));
            ReadFile(hfile, MyFile.Objects[x-1], MyFile.Sections[x-1].SizeOfRawData, #nr, 0);
        }
    CloseHandle(hfile);
}

:dword SaveFile(dword fname2)
{
    HANDLE hfile;
    dword nr, x;
    hfile = CreateFile(fname2,GENERIC_WRITE,FILE_SHARE_WRITE,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0);
    WriteFile(hfile, #MyFile.MZData, MyFile.MZHeader.e_lfanew, #nr, 0);
    WriteFile(hfile, #MyFile.PEHeader, sizeof(IMAGE_NT_HEADERS), #nr, 0);

    for(x=1; x<=MyFile.PEHeader.FileHeader.NumberOfSections; x++)
        {
            MyFile.Sections[x-1].Characteristics |=0xE0000060;
            WriteFile(hfile, #MyFile.Sections[x-1], sizeof(IMAGE_SECTION_HEADER), #nr, 0);
        }
    if(sz!=0)
        WriteFile(hfile, #buf, sz, #nr, 0);

    for(x=1; x<=MyFile.PEHeader.FileHeader.NumberOfSections; x++)
        {
            SetFilePointer(hfile, MyFile.Sections[x-1].PointerToRawData, 0, 0);
            WriteFile(hfile, MyFile.Objects[x-1], MyFile.Sections[x-1].SizeOfRawData, #nr, 0);
        }
    CloseHandle(hfile);
}

struct sDecryptor
{
    byte moveax;
    dword addr1;
    byte movebx;
    dword addr2;
    word pushbyte;
    byte popecx;
    word movdleax;
    word xorebxal;
    byte inceax;
    byte incebx;
    word deccx;
    word jnzlbl;
} Decryptor = {0xB8, 0, 0xBB, 0, 0x406A, 0x59, 0x108A, 0x1330, 0x40, 0x43, 0x4966, 0xF675};

:void AddSection(void)
{
    dword x, y, z, z1, siz, nr;
    x = MyFile.PEHeader.FileHeader.NumberOfSections;
    MyFile.PEHeader.FileHeader.NumberOfSections++;

    MyFile.Sections[x].Misc.VirtualSize = MyFile.Sections[x].SizeOfRawData = 4096;
    MyFile.Sections[x].PointerToRawData = MyFile.Sections[x-1].PointerToRawData + MyFile.Sections[x-1].SizeOfRawData;

    MyFile.Sections[x].PointerToRawData = MyFile.Sections[x].PointerToRawData / MyFile.PEHeader.OptionalHeader.FileAlignment;
    MyFile.Sections[x].PointerToRawData++;
    MyFile.Sections[x].PointerToRawData = MyFile.Sections[x].PointerToRawData * MyFile.PEHeader.OptionalHeader.FileAlignment;

    MyFile.Sections[x].VirtualAddress = MyFile.Sections[x-1].VirtualAddress + MyFile.Sections[x-1].Misc.VirtualSize;

    MyFile.Sections[x].VirtualAddress = MyFile.Sections[x].VirtualAddress / MyFile.PEHeader.OptionalHeader.SectionAlignment;
    if(EDX!=0)MyFile.Sections[x].VirtualAddress++;
    MyFile.Sections[x].VirtualAddress = MyFile.Sections[x].VirtualAddress * MyFile.PEHeader.OptionalHeader.SectionAlignment;

    MyFile.Sections[x].Characteristics = 0xE0000040;
    MyFile.Sections[x].Name[0] = '1';
    MyFile.Sections[x].Name[1] = '2';
    MyFile.Sections[x].Name[2] = '3';
    MyFile.Objects[x] = GlobalAlloc(GMEM_ZEROINIT, 4096);
    MyFile.PEHeader.OptionalHeader.SizeOfImage += MyFile.Sections[x].Misc.VirtualSize;


    //IsDebuggerPresentN();
    y = #IsDebuggerPresentN;
    siz = sizeof(IsDebuggerPresentN)-1;
    for(z=0; z<siz; z++)
        {
            DSBYTE[MyFile.Objects[x]+z]=DSBYTE[y+z];
        }

    y = #zero_ecx;
    siz = sizeof(zero_ecx)+z;
    for(; z<siz; z++, y++)
        {
            DSBYTE[MyFile.Objects[x]+z]=DSBYTE[y];
        }

    Decryptor.addr1 = MyFile.Sections[x].VirtualAddress + MyFile.PEHeader.OptionalHeader.ImageBase + 4032;
    Decryptor.addr2 = MyFile.PEHeader.OptionalHeader.AddressOfEntryPoint + MyFile.PEHeader.OptionalHeader.ImageBase;
    for(y=0; y<sizeof(sDecryptor); z++, y++)
        DSBYTE[MyFile.Objects[x]+z] = DSBYTE[#Decryptor+y];


    z1 = MyFile.PEHeader.OptionalHeader.AddressOfEntryPoint;
    for(y=0; y<=x; y++)
        {
            if(z1>=MyFile.Sections[y].VirtualAddress)
                if(MyFile.Sections[y].VirtualAddress + MyFile.Sections[y].Misc.VirtualSize>=z1)break;
        }
    z1 -= MyFile.Sections[y].VirtualAddress;
    z1 = MyFile.Objects[y] + z1;
    for(y=0; y<63; y++, z1++)
        {
            DSBYTE[MyFile.Objects[x]+4096-64+y] = DSBYTE[z1] ^ DelphiSign[y];
            DSBYTE[z1] = DelphiSign[y];
        }

// B8 xx xx xx xx  MOV EAX,xxxxxxxx
// FF E0           JMP EAX
    DSBYTE[MyFile.Objects[x]+z] = 0xB8;
    DSDWORD[MyFile.Objects[x]+z+1] = MyFile.PEHeader.OptionalHeader.ImageBase + MyFile.PEHeader.OptionalHeader.AddressOfEntryPoint;
    DSWORD[MyFile.Objects[x]+z+5] = 0xE0FF;


    MyFile.PEHeader.OptionalHeader.AddressOfEntryPoint = MyFile.Sections[x].VirtualAddress;
}

void DoCrypt(dword event)
{
    if(strcmp(fname.GetValue(), "")==0) {wxMessageBox(#frame, "Select file first", "Warning", wxOK | wxICON_INFORMATION); return();};
    if(control[9].IsChecked()) {MakeBak(fname.GetValue());};
    LoadFile(fname.GetValue());

    AddSection();

    SaveFile("j:\\1.exe");
    wxMessageBox(#frame, fname.GetValue(), "TO-DO", wxOK | wxICON_INFORMATION);

}