#include <stdio.h>#include <stdint.h>#include <string.h>#include <windows.

1. #include <stdio.h>
2. #include <stdint.h>
3. #include <string.h>
4. #include <windows.h>
5.  
6. #define CASE(type) \
7. case type: \
8. fputs("Error: " #type "\n", stderr); \
9. break;
10.  
11. static LONG WINAPI windows_exception_handler(EXCEPTION_POINTERS * ExceptionInfo)
12. {
13. switch(ExceptionInfo->ExceptionRecord->ExceptionCode)
14. {
15. CASE(EXCEPTION_ACCESS_VIOLATION)
16. CASE(EXCEPTION_ARRAY_BOUNDS_EXCEEDED)
17. CASE(EXCEPTION_BREAKPOINT)
18. CASE(EXCEPTION_DATATYPE_MISALIGNMENT)
19. CASE(EXCEPTION_FLT_DENORMAL_OPERAND)
20. CASE(EXCEPTION_FLT_DIVIDE_BY_ZERO)
21. CASE(EXCEPTION_FLT_INEXACT_RESULT)
22. CASE(EXCEPTION_FLT_INVALID_OPERATION)
23. CASE(EXCEPTION_FLT_OVERFLOW)
24. CASE(EXCEPTION_FLT_STACK_CHECK)
25. CASE(EXCEPTION_FLT_UNDERFLOW)
26. CASE(EXCEPTION_ILLEGAL_INSTRUCTION)
27. CASE(EXCEPTION_IN_PAGE_ERROR)
28. CASE(EXCEPTION_INT_DIVIDE_BY_ZERO)
29. CASE(EXCEPTION_INT_OVERFLOW)
30. CASE(EXCEPTION_INVALID_DISPOSITION)
31. CASE(EXCEPTION_NONCONTINUABLE_EXCEPTION)
32. CASE(EXCEPTION_PRIV_INSTRUCTION)
33. CASE(EXCEPTION_SINGLE_STEP)
34. CASE(EXCEPTION_STACK_OVERFLOW)
35. default:
36. fputs("Error: Unrecognized Exception\n", stderr);
37. break;
38. }
39. fflush(stderr);
40.  
41. return EXCEPTION_EXECUTE_HANDLER;
42. }
43.  
44. int
45. sym2hex(uint8_t *dest, uint8_t symbol)
46. {
47. if ( (symbol >= 0x30) && (symbol <= 0x39) ) {
48. *dest |= symbol & 0x0F;
49. return 1;
50. }
51.  
52. if ( ( (symbol >= 0x41) && (symbol <= 0x46) ) ||
53. ( (symbol >= 0x61) && (symbol <= 0x66) ) ) {
54. *dest |= (symbol + 9) & 0x0F;
55. return 1;
56. }
57.  
58. return 0;
59. }
60.  
61. int
62. str2hex(uint8_t *dest, uint8_t *src, size_t size)
63. {
64. int res;
65.  
66. for (size_t i = 0, offset; i < size; i++) {
67. dest[i] = 0;
68. offset = i << 1;
69.  
70. res = sym2hex(&dest[i], src[i << 1]);
71. if (src[(i << 1) + 1] == 0 || src[(i << 1) + 1] == '\n')
72. break;
73.  
74. dest[i] <<= 4;
75. res = sym2hex(&dest[i], src[(i << 1) + 1]);
76.  
77. if (!res)
78. return -1;
79. }
80.  
81. return 0;
82. }
83.  
84. int
85. rc4(uint8_t *data, size_t data_size,
86. const uint8_t *key, size_t key_size)
87. {
88. uint8_t rc4_s[256];
89. uint8_t key_item;
90. int rc4_i, rc4_j;
91. int tmp;
92.  
93. if (strlen(key) > sizeof(rc4_s)) {
94. printf("Key must be under %ld bytes\n", sizeof(rc4_s));
95. return -1;
96. }
97.  
98. for (int i = 0; i < sizeof(rc4_s); i++)
99. rc4_s[i] = i;
100.  
101. for (rc4_i = 0, rc4_j = 0; rc4_i < sizeof(rc4_s); rc4_i++) {
102. key_item = key[rc4_i % key_size];
103. rc4_j = (rc4_j + rc4_s[rc4_i] + key_item) % sizeof(rc4_s);
104.  
105. tmp = rc4_s[rc4_j];
106. rc4_s[rc4_j] = rc4_s[rc4_i];
107. rc4_s[rc4_i] = tmp;
108. }
109.  
110. rc4_i = 0;
111. rc4_j = 0;
112. for (int i = 0; i < data_size; i++) {
113. rc4_i = (rc4_i + 1) % sizeof(rc4_s);
114. rc4_j = (rc4_j + rc4_s[rc4_i]) % sizeof(rc4_s);
115.  
116. tmp = rc4_s[rc4_j];
117. rc4_s[rc4_j] = rc4_s[rc4_i];
118. rc4_s[rc4_i] = tmp;
119.  
120. tmp = (rc4_s[rc4_i] + rc4_s[rc4_j]) % sizeof(rc4_s);
121. data[i] ^= rc4_s[tmp];
122. }
123.  
124. return 0;
125. }
126.  
127. __asm__(".byte 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08");
128. volatile int
129. protected_main(void)
130. {
131. WIN32_FIND_DATA fdFile;
132. HANDLE hFind = NULL;
133.  
134. puts("Call protected main");
135. puts("Display all files from current directory");
136.  
137. if((hFind = FindFirstFile(".\\*.*", &fdFile)) == INVALID_HANDLE_VALUE) {
138. puts("Can not read first file from directory");
139. return -1;
140. }
141.  
142. do {
143. if (strcmp(fdFile.cFileName, ".") == 0)
144. continue;
145.  
146. if (strcmp(fdFile.cFileName, "..") == 0)
147. continue;
148.  
149. if (fdFile.dwFileAttributes &FILE_ATTRIBUTE_DIRECTORY) {
150. printf("Directory: %s\n", fdFile.cFileName);
151. continue;
152. }
153. printf("File: %s\n", fdFile.cFileName);
154. } while (FindNextFile(hFind, &fdFile));
155.  
156. FindClose(hFind);
157. return 0;
158. }
159.  
160. volatile int
161. protected_main_end(void) { }
162.  
163. __asm__(".byte 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08");
164.  
165. int
166. main(void)
167. {
168. uint8_t key_str[256 << 1];
169. uint8_t key_hex[256];
170. size_t key_str_len;
171. size_t key_hex_len;
172. size_t func_size;
173. DWORD old_perm;
174. int res;
175.  
176. memset(key_str, 0, sizeof(key_str));
177. memset(key_hex, 0, sizeof(key_hex));
178.  
179. puts("Enter key:");
180. fgets(key_str, sizeof(key_str), stdin);
181.  
182. key_str_len = strlen(key_str);
183. key_hex_len = (key_str_len >> 1) + (key_str_len & 1);
184. res = str2hex(key_hex, key_str, key_hex_len);
185. if (res) {
186. puts("Invalid key value");
187. return res;
188. }
189.  
190. func_size = (size_t)protected_main_end - (size_t)protected_main;
191.  
192. SetUnhandledExceptionFilter(windows_exception_handler);
193.  
194. VirtualProtect(
195. protected_main, func_size,
196. PAGE_EXECUTE_READWRITE,
197. &old_perm
198. );
199. rc4(
200. (uint8_t *)protected_main - 8, func_size + 8,
201. key_hex, key_hex_len
202. );
203.  
204. res = protected_main();
205.  
206. rc4(
207. (uint8_t *)protected_main - 8, func_size + 8,
208. key_hex, key_hex_len
209. );
210. VirtualProtect(
211. protected_main, func_size,
212. old_perm,
213. NULL
214. );
215.  
216. return res;