编码与加密烃源$ C $ C。可以或不可以?或不
我创建了一个简单的自解压应用程序,它的工作原理基于COM pressing /包装的文件。当有人点击输出文件,他会提示输入密码,如果密码正确输入下面的一个特定的程序文件进行解密的自我。
I created a simple SFX application which works on Compressing / Packing files. When someone click the output file he will be prompted for a password, if password entered correctly the file decrypt it self following a specific routines.
一位顾客说,我的文件是病毒,所以我在网上扫描的文件上VirusTotal.com,我看到,该文件被查杀的SCAN结果。我重新审视源$ C $ C逐行,我发现,code以下线被检测到。
A customer said that my file was a virus, so i scanned the file online on VirusTotal.com and i seen that the file was detected by avira in the SCAN RESULT. I reexamined the source code Line by Line, and i found that the following Lines of code are detected.
public class SimplerAES
{
private static byte[] key = { 88, 54, 54, 147, 99, 201, 41, 80, 58, 100, 5, 64, 213, 99, 14, 15, 154, 35, 110, 36, 124, 25, 115, 23, 56, 44, 65, 7, 45, 254, 1, 54 };
private static byte[] vector = { 33, 8, 121, 196, 223, 45, 63, 100, 1, 32, 18, 87, 1, 158, 119, 111};
private ICryptoTransform encryptor, decryptor;
private UTF8Encoding encoder;
public SimplerAES()
{
RijndaelManaged rm = new RijndaelManaged();
encryptor = rm.CreateEncryptor(key, vector);
decryptor = rm.CreateDecryptor(key, vector);
encoder = new UTF8Encoding();
}
public string Encrypt(string unencrypted)
{
return Convert.ToBase64String(Encrypt(encoder.GetBytes(unencrypted)));
}
public string Decrypt(string encrypted)
{
return encoder.GetString(Decrypt(Convert.FromBase64String(encrypted)));
}
public byte[] Encrypt(byte[] buffer)
{
MemoryStream encryptStream = new MemoryStream();
using (CryptoStream cs = new CryptoStream(encryptStream, encryptor, CryptoStreamMode.Write))
{
cs.Write(buffer, 0, buffer.Length);
}
return encryptStream.ToArray();
}
public byte[] Decrypt(byte[] buffer)
{
MemoryStream decryptStream = new MemoryStream();
using (CryptoStream cs = new CryptoStream(decryptStream, decryptor, CryptoStreamMode.Write))
{
cs.Write(buffer, 0, buffer.Length);
}
return decryptStream.ToArray();
}
}
我想现在要做的就是找到这让我的加密类以上解决方案,因此,而不是写它,因为它是在我的C#propgram我会写加密的字符串。和使用的解密函数,并且执行在运行时的加密字符串。 ,而不是写在上面的类,所以我会写以下
What i want to do now is to find a solution which let me encrypt the class above, so instead of writing it as it is in my C# propgram i will write the encrypted string. and use a function which decrypt and execute the encrypted string at Run-time. So instead of writing the above class i will write the following
String MYCODE = "687b1ddf28e8d9d3141c3b5d8d4d1863964a614c74317e88a18a10c1c4723bed18d53c99eeb5f05b6646b10b63ae14166c81b06dd487103d133a06896ed9a125e8e2a9c54a2fec82ddd8abe4ef9bbe1b99664a8bc761db2ce70cd1dd9d6898e72490ccea73d7dab056e86cec23f39328b9eb3ef3ef7942db4122178b8a319971c6de2a5cb7e23dd5ba382525a7993122bf068d9d7ac189e701e1b2120b6f5747123e320f892a51df0ff38d7fef5c24d8914a9974d36183c4885582d2ce37023cbde2c23896e608754e81cf9faf70cd64fea5e930340e185fcfe1f457710a2e8b7c977b4c851f8fb4dd49ea53216dc8242ec6ac17e5256ab16170ac49a124a3972477e6bbfefbf1e1c1f84290e023fa2d7813e7761c9e2872c2d57e8d69be34c2cbb41fd75b81604ebf57dece4c9fd6b5bce441350cc4e2ca1bc78105ee554629ff6201745088a177859d168ffffb356fb2bb327de7495db77e07d9fcc9787fc4313a5118037f5828eb2ac7a006126b21b207eb22a369b3182d1f613b43a097d214650c6fd0af057f7836586b4f55342351e93fbb03f726982f4356c801342b6efe7a9fe29ba6770a61d29656725ed21c77a17fe61ffb6d9dea55bbd1ab9e70c1ce44fc82ed710550483ae3b6049aa7d24cc142f5d521bc8beaa36d2839fb82efe59aafa713659c3e902a65c27e8fa9712cd9d232ac65fbf20bef047371317bd60331f8b8b2971cc1ba2b5e854c3d0b072ad786deb40811dcdb335d2937a1ef86a5d0923294ed9eed758670856bbd89471e4940d6dbdae6d8e4cb10235645c2e23be442a4739d0a24a56b666828269704984621ba9761d47512e0804a3a20b0f7c15ff10036dedb4ad8f1149c028de5d726f9e62244fc22b45a5096736d6dd65e9afddd05234982818f7eccd35555805169cf1ef887bf06bc4cee729513c255ff3e41de5397e45212ca921e394bfd059f30cd3404a3a7e989e374239c22aca956e39d576838bed69551040095a4e070fdecd369b7be51ae30ad0a8c4d3c23c7678a7bb661a720e88d396218b0f37bea4f7959df498b7f2e59460b32735685b551f0fe74786a119ce9343ebd4c3f2efea11f02741a067300fe836ad7943577c56b22cf54964b6bf8be4b0a61c353be7fffe90166c5a1c667938878eace2046eb254fc65ef7a3c98c7877651e1cc735bb006d5ba9fdf5f5555345570a43adbe6a49ed714d79990f408f667ac2a624511b0fc1674bdff0cd02b11a2666cb76b39c84d5aeb2b32c3777f7f577495bdef2ac7cf8a119487c8a97a6c1ec8f5b775cd7059f7edd3d8da1764467058991d6a6c5b061fdbbc255103798d5d2e2d75eff80316b65abff2b9d1514f55e2db114e207ba6d41419924e9397404750a7822daa93c5055dbd3448f8d25550cae7daf8fea9d6ab51eff5f11e88dabe81a0030a775480bb694acf95ce4cf48497fd24272853a62e1af55c5ab4e2d058ebd04f053a01b86b7d87e0c1c8bae2ed3f3e5f2096d83569aef940331f29ed27656968880433b6a892b97239acef888afb9b4f4e3dcb4bb67823ce1e80f2068805145daacea016267dadbb78f437aaed32711dcc436f9a4997cc19eb797c10ca3c8c432b4fdf9c886bdc566f233400e202630925eb837c812c9ba95957ca7035056831d93ab16cd5c9095090e64b3f90d6ff709f732237dd41a3cebe371f7328b7bd3cbb6cf695f98c69b45e1999a3595bd12cc23f5f3cfcf13e355b7a3ea5b0bbc5c60142ae85829915f48d4ae0fc896ed8113e6062a7c6e54ac8470d0c8cc5b5e5e91d702a7b19af4a9b647e84db3ad1c5c65f2f450f99cdce1be4b3a3404070de4f45f36eb0acec358452c72c475ee69615614889737b698afab9472ab2cd12a543555dbe31199b8c188232a85bbbff925a6e8bac9e0c98fd8156b34b849dcbbcb9077018c5a1d5ca7b76fa5ba3e5fa5070c47d4a4e1723503500f1b63395d60fcf8eb551fb3aaac2a52763d89584951e6adcec46cde1e0e7dc0c511fc38a9cb92413c4f4eb54a803ff18e759a9aac56760ab97f1a25f7474561964e541fac9ae4c53d1728565bfe8007c2a015d9e7a2877891a829db9a3b70e91507f060362efe6f7d51573feadb7cedfab390a6a53e171e28b4c0582c2dd944d2b227b0d79f7484795bdbe15da65c3a60d859b10cc3b20614c827eff8d78bf5a64d86d5404c14b96bbd46c2ae176064feb5ef80b5147dae06faa34982b5835fe0562ce210c27abce2e15235cd530550f1927dc2b73f732b159391fbe186a670284a81a3e22d182b0587dda31429d296b486683d3b74205ce6a15102334c43c610c44841fad92ab9456340ef55fde6814ba11a0d069dd680b7b2c63aaa5b6a7d1ab119ebbfb2c5322ee950f94f9780652e258650b2991a62f9964a6534a16104de5463f1fb278b82690999c6ff48a3eed75ca7a619ab5ae4c3c2a66b4bc7d450f597aba119cfcb292f1a91032cc0a8f11f9baabd491fff0bcea62c72f8e30c87e58b769c5a5e1f6c7aca403ace859f199fb60381412d75703966c8adcef9a6938bde96d09376692a9bffe6ab4c31d7f71c8d959feadb0e532a3e6dd8f84d9e0f114d81bb3122ba2cbb9f59b636118a0d7a3c5f177329ccb50a049a60d6"
然后,只需调用我像一个函数:
Then simply i call a function like :
xor_get_and_execute_original_code(MYCODE,mykey);
这是可能的,我怎么能做到这一点是这样的。 三江源提前!
Is this possible, and how can i achieve this in the case it is. Thankyou in advance !
推荐答案
您可以做的插件式。通过加载codeDOM解密的code并从那里执行它。插件的行为通常是可以接受的AV-洁具。
You could do it plugin-style. Load the decrypted code up via CodeDOM and execute it from there. Plugin behaviour is usually acceptable to AV-ware.
