HanDs
管理员

[Delphi文章] 代码变异加密工具代码 



标 题: 代码变异加密工具
作 者: 东方蜘蛛
时 间: 2008-06-17,17:41

思路:将程序中关键代码强行变异,让它执行不下去,出错。。。
       逆向调试也将无法进行,以达到保护作用。

加密工具代码:
代码:unit Unit1;

interface

uses
   Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
   Dialogs, StdCtrls, XPMan;

type
   TForm1 = class(TForm)
     Edit1: TEdit;
     Button1: TButton;
     Edit2: TEdit;
     Edit3: TEdit;
     Button2: TButton;
     OpenDialog: TOpenDialog;
     Label1: TLabel;
     Label2: TLabel;
     Label3: TLabel;
     Button3: TButton;
     XPManifest: TXPManifest;
     Label4: TLabel;
     procedure Button1Click(Sender: TObject);
     procedure Button3Click(Sender: TObject);
     procedure Button2Click(Sender: TObject);
   private
     { Private declarations }
   public
     { Public declarations }
   end;

var
   Form1: TForm1;

implementation

{$R *.dfm}

function hextoint(s: string): Integer;  
begin           //$代表16进制
   Result:=StrToInt('$'+s);
end;

function Stream_SearchString( // 在流中搜索字符串
   mStream: TStream; // 目标流
   mStr: string; // 字符串
   mStartAddress: Integer = 0; // 起始地址
   mEndAddress: Integer = MaxInt; // 终止地址
   mIgnoreCase: Boolean = False // 是否忽略大小写
): Integer; // 返回字符串所在的位置
const
   cBufferSize = $1000;
var
   S: string;
   T: string;
   I: Integer;
   J: Integer;
   L: Integer;
begin
   Result := -1;
   if not Assigned(mStream) then Exit;
   if mStr = '' then Exit;
   L := Length(mStr);
   mStream.Position := mStartAddress;
   if mIgnoreCase then mStr := UpperCase(mStr);
   T := '';
   J := mStartAddress;
   while mStream.Position <= mEndAddress do
   begin
     SetLength(S, cBufferSize);
     I := mStream.Read(S[1], cBufferSize);
     SetLength(S, I);
     if S = '' then Exit;
     if mIgnoreCase then S := UpperCase(S);
     Result := Pos(mStr, T + S) - 1;
     if Result >= 0 then
     begin
       Result := Result + J - Length(T);
       Exit;
     end;
     T := Copy(S, cBufferSize - L, MaxInt);
     Inc(J, I);
   end;
end; { Stream_SearchString }

function File_SearchString( // 在文件中搜索字符串
   mFileName: string; // 文件名
   mStr: string; // 字符串
   mStartAddress: Integer = 0; // 起始地址
   mEndAddress: Integer = MaxInt; // 终止地址
   mIgnoreCase: Boolean =true // 是否忽略大小写
): Integer; // 返回字符串所在的位置
var
   vFileStream: TFileStream;
   vFileHandle: THandle;
begin
   Result := -1;
   if not FileExists(mFileName) then Exit;
   vFileHandle := _lopen(PChar(mFileName), OF_READ or OF_SHARE_DENY_NONE);        //06-09-25 No.1 ZswangY37
   if Integer(vFileHandle) <= 0 then Exit;
   vFileStream := TFileStream.Create(vFileHandle);
   try
     Result := Stream_SearchString(vFileStream, mStr,
       mStartAddress, mEndAddress, mIgnoreCase);
   finally
     vFileStream.Free;
   end;
end; { File_SearchString }

Procedure XorData(vFileName:string; vStart, vEnd: Integer);   //===数据加密
var
   vMemoryStream: TMemoryStream;
   vBuffer: string;
   I: Integer;
begin
   if not FileExists(vFileName) then
     begin
     application.MessageBox('指定的来原文件不存在!','提示',MB_ok+MB_Iconinformation);
     Exit;
     end;
    SetLength(vBuffer, vEnd - vStart + 1);
    vMemoryStream := TMemoryStream.Create;
    try
     vMemoryStream.LoadFromFile(vFileName);
     vMemoryStream.Seek(vStart, soFromBeginning);
     vMemoryStream.Read(vBuffer[1], Length(vBuffer));
     for I := 1 to Length(vBuffer) do
      vBuffer[i] := Chr(Ord(vBuffer[i]) xor $51DE003A);
     vMemoryStream.Seek(vStart, soFromBeginning);
     vMemoryStream.Write(vBuffer[1], Length(vBuffer));
     vMemoryStream.SaveToFile(vFileName);
     finally
     vMemoryStream.Free;
    showmessage('处理成功!');   
   end;
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
     if OpenDialog.Execute then
      Edit1.Text:=OpenDialog.FileName;
end;

procedure TForm1.Button3Click(Sender: TObject);   //自动定位,地址可能有所偏差
begin
      Edit2.Text:= IntToHex(File_SearchString(Edit1.text,'xor_begin')-212,8);
      Edit3.Text:= IntToHex(File_SearchString(Edit1.text,'xor_end')-117,8);
end;

procedure TForm1.Button2Click(Sender: TObject);
var i1,i2:integer;
begin
     i1:=hextoint(Edit2.Text);
     i2:=hextoint(Edit3.Text);
     XorData(Edit1.Text,i1,i2); //Xor
end;

end.
程序注册演示:
代码:unit UnitM;

interface

uses
   Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
   Dialogs, XPMan, StdCtrls;

type
   TForm1 = class(TForm)
     Label1: TLabel;
     Label2: TLabel;
     Edit1: TEdit;
     Edit2: TEdit;
     Button1: TButton;
     Label3: TLabel;
     XPManifest1: TXPManifest;
     procedure Button1Click(Sender: TObject);
   private
     { Private declarations }
   public
     { Public declarations }
   end;

var
   Form1: TForm1;

implementation

{$R *.dfm}
//随便写一个算法演示    当然也可以把标位放在这函数里
function StrToASCII16(s: string): string;       //字符串转换ascii码16进制,
var   i:integer;                   //   如:东方蜘蛛=$B6,$AB,$B7,$BD,$D6,$A9,$D6,$EB
begin
     for i:=1 to length(s) do
     begin
     result := result+ '$'+ IntToHex(ord(s[i]),2)+',';
     end;
     Result:=copy(Result,0,Length(result)-1);
end;

procedure TForm1.Button1Click(Sender: TObject);
var x1,x2:string;
begin
   try
      x1:='xor_begin';    //标位
      if   (Edit2.Text=StrToASCII16(Edit1.Text)) and (Length(edit2.Text)>0) then    //明码
      begin
       showmessage('注册成功了,呵呵!');
      end;
      x2:='xor_end';   //标位
    except
      end;
end;

end.
OD载入调试:
代码:
004539CE   |.   55             push     ebp
004539CF   |.   68 A83A4500    push     00453AA8                       ;   0x453AA8进栈    (字符串:"椋 ")
004539D4   |.   64:FF30        push     dword ptr fs:[eax]             ;   SEH异常处理
004539D7   |.   64:8920        mov      dword ptr fs:[eax], esp        ;   FS段[0]=0x12F608    (字符串:"h")
004539DA   |.   33C0           xor      eax, eax                       ;   EAX=0,CF=0    //自身xor运算结果为0,CF=0
004539DC   |.   55             push     ebp                            ;   0x12F638进栈    (字符串:"x")
004539DD   |.   68 663A4500    push     00453A66                       ;   0x453A66进栈
004539E2   |.   64:FF30        push     dword ptr fs:[eax]             ;   SEH异常处理
004539E5   |.   64:8920        mov      dword ptr fs:[eax], esp        ;   FS段[0]=0x12F5FC
004539E8   |.   8D45 FC        lea      eax, dword ptr [ebp-4]
004539EB   |.   80FA 00        cmp      dl, 0                          ;   ZF=0    //DL=0x88
004539EE   |?   7F 3A          jg       short 00453A2A
004539F0   |. |D2D5           rcl      ch, cl
004539F2   |? |3E:C1C5 B7     rol      ebp, 0B7
004539F6   |? |6F             outs     dx, dword ptr es:[edi]
004539F7   |? |CE             into
004539F8   |. |B1 B9          mov      cl, 0B9
004539FA   |? |3E:393A        cmp      dword ptr [edx], edi
004539FD   |? |3AD2           cmp      dl, dl
004539FF   |?^|73 CA          jnb      short 004539CB
00453A01   |? |C7C5 B17FCE6A mov      ebp, 6ACE7FB1

7C92EAF0     8B1C24           mov      ebx, dword ptr [esp]           ;   就在这里来回跳动A
7C92EAF3     51               push     ecx
7C92EAF4     53               push     ebx
7C92EAF5     E8 C78C0200      call     7C9577C1                       ;   就在这里来回跳动B


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
代码 变异 加密 工具 代码
#1楼
发帖时间:2016-7-9   |   查看数:0   |   回复数:0
游客组
快速回复