白
白河愁
Unregistered / Unconfirmed
GUEST, unregistred user!
抽空写了个 文件透明加密程序, 代码附加在 记事本 里测试
记事本没改过一个代码(但要把代码嵌入,所以变大了)
可以象普通记事本那样使用,但储存出来的文件会自动加密.
那么即使别人 copy 走了你的文件,也无法打开看到正确的内容.
如果配合机器码加密的话,那么就算别人把这个记事本Copy走了,也无法打开得到正确的内容.
该技术同样可以应用在任何软件比如 OFFICE 系列上.
具体请看我的 Blog, 里面有下载.
http://www.ff18.com/blog/post/5.html
核心代码如下,其中用到我写的 Hook 控件系列和加密方案:
unit MainProc;
interface
uses
Windows, Classes,
HookCoreUnit, EncrypFileUnit;
procedure Start;
procedure Stop;
implementation
const
ReadFileAddr = $1005244;
ReadFileAddrRts = ReadFileAddr + SizeOf(HookCodeEx);
WriteFileAddr = $1004C2A;
WriteFileAddrRts = WriteFileAddr + SizeOf(HookCodeEx);
var
ReadFileHooker, WriteFileHooker: THookerCoreEx;
MemList: TList;
EF: TEncryptFile;
function EncryptBuffer(hFile: THandle
const Buffer
nNumberOfBytesToWrite: DWORD;
var lpNumberOfBytesWritten: DWORD
lpOverlapped: POverlapped): BOOL
stdcall;
var
Data: PChar;
tmp: string;
Size: DWORD;
begin
Data:= @Buffer;
//加密
tmp:= EF.EncryptBuffer(Data, nNumberOfBytesToWrite);
Size:= Length(tmp);
Result:= WriteFile(hFile, tmp[1], Size, lpNumberOfBytesWritten, lpOverlapped);
end;
function DecryptBuffer(hFileMappingObject: THandle
dwDesiredAccess: DWORD;
dwFileOffsetHigh, dwFileOffsetLow: DWORD
dwNumberOfBytesToMap: DWORD): Pointer
stdcall;
var
MemAddr: Pointer;
tmp: string;
Size: DWORD;
begin
Result:= MapViewOfFile(hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh, dwFileOffsetLow, dwNumberOfBytesToMap);
//解密
tmp:= EF.DecryptBuffer(Result, dwNumberOfBytesToMap);
Size:= Length(tmp);
//如果解密有效
if Size <> 0 then
begin
//分配内存
MemAddr:= VirtualAlloc(nil, Size, MEM_COMMIT, PAGE_READWRITE);
CopyMemory(MemAddr, @tmp[1], Size);
Result:= MemAddr;
//加入内存表
MemList.Add(Result);
end
//解密不了按原内容打开
end;
procedure ProcessReadFile;
asm
//解密
call DecryptBuffer
//返回
push ReadFileAddrRts
end;
procedure ProcessWriteFile;
asm
//加密
call EncryptBuffer;
//返回
push WriteFileAddrRts
end;
procedure Start;
begin
{$I ./K_SDK/VM_Start.inc}
EF:= TEncryptFile.Create(nil);
EF.Enable_Encryption:= True;
EF.E_PGM:= True;
EF.FileHead:= 'NotepadEx';
MemList:= TList.Create;
ReadFileHooker:= THookerCoreEx.Create;
ReadFileHooker.HookType:= CHT_JMP;
ReadFileHooker.Instruction:= PHookCodeEx(ReadFileAddr);
ReadFileHooker.Event:= DWORD(@ProcessReadFile);
WriteFileHooker:= THookerCoreEx.Create;
WriteFileHooker.HookType:= CHT_JMP;
WriteFileHooker.Instruction:= PHookCodeEx(WriteFileAddr);
WriteFileHooker.Event:= DWORD(@ProcessWriteFile);
ReadFileHooker.Hook:= True;
WriteFileHooker.Hook:= True;
{$I ./K_SDK/VM_End.inc}
end;
procedure Stop;
var
i: Integer;
begin
{$I ./K_SDK/VM_Start.inc}
WriteFileHooker.Hook:= False;
ReadFileHooker.Hook:= False;
WriteFileHooker.Free;
ReadFileHooker.Free;
//释放内存
for i:= 0 to MemList.Count - 1 do
VirtualFree(MemList, 0, MEM_RELEASE);
MemList.Free;
EF.Free;
{$I ./K_SDK/VM_End.inc}
end;
end.
记事本没改过一个代码(但要把代码嵌入,所以变大了)
可以象普通记事本那样使用,但储存出来的文件会自动加密.
那么即使别人 copy 走了你的文件,也无法打开看到正确的内容.
如果配合机器码加密的话,那么就算别人把这个记事本Copy走了,也无法打开得到正确的内容.
该技术同样可以应用在任何软件比如 OFFICE 系列上.
具体请看我的 Blog, 里面有下载.
http://www.ff18.com/blog/post/5.html
核心代码如下,其中用到我写的 Hook 控件系列和加密方案:
unit MainProc;
interface
uses
Windows, Classes,
HookCoreUnit, EncrypFileUnit;
procedure Start;
procedure Stop;
implementation
const
ReadFileAddr = $1005244;
ReadFileAddrRts = ReadFileAddr + SizeOf(HookCodeEx);
WriteFileAddr = $1004C2A;
WriteFileAddrRts = WriteFileAddr + SizeOf(HookCodeEx);
var
ReadFileHooker, WriteFileHooker: THookerCoreEx;
MemList: TList;
EF: TEncryptFile;
function EncryptBuffer(hFile: THandle
const Buffer
nNumberOfBytesToWrite: DWORD;
var lpNumberOfBytesWritten: DWORD
lpOverlapped: POverlapped): BOOL
stdcall;
var
Data: PChar;
tmp: string;
Size: DWORD;
begin
Data:= @Buffer;
//加密
tmp:= EF.EncryptBuffer(Data, nNumberOfBytesToWrite);
Size:= Length(tmp);
Result:= WriteFile(hFile, tmp[1], Size, lpNumberOfBytesWritten, lpOverlapped);
end;
function DecryptBuffer(hFileMappingObject: THandle
dwDesiredAccess: DWORD;
dwFileOffsetHigh, dwFileOffsetLow: DWORD
dwNumberOfBytesToMap: DWORD): Pointer
stdcall;
var
MemAddr: Pointer;
tmp: string;
Size: DWORD;
begin
Result:= MapViewOfFile(hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh, dwFileOffsetLow, dwNumberOfBytesToMap);
//解密
tmp:= EF.DecryptBuffer(Result, dwNumberOfBytesToMap);
Size:= Length(tmp);
//如果解密有效
if Size <> 0 then
begin
//分配内存
MemAddr:= VirtualAlloc(nil, Size, MEM_COMMIT, PAGE_READWRITE);
CopyMemory(MemAddr, @tmp[1], Size);
Result:= MemAddr;
//加入内存表
MemList.Add(Result);
end
//解密不了按原内容打开
end;
procedure ProcessReadFile;
asm
//解密
call DecryptBuffer
//返回
push ReadFileAddrRts
end;
procedure ProcessWriteFile;
asm
//加密
call EncryptBuffer;
//返回
push WriteFileAddrRts
end;
procedure Start;
begin
{$I ./K_SDK/VM_Start.inc}
EF:= TEncryptFile.Create(nil);
EF.Enable_Encryption:= True;
EF.E_PGM:= True;
EF.FileHead:= 'NotepadEx';
MemList:= TList.Create;
ReadFileHooker:= THookerCoreEx.Create;
ReadFileHooker.HookType:= CHT_JMP;
ReadFileHooker.Instruction:= PHookCodeEx(ReadFileAddr);
ReadFileHooker.Event:= DWORD(@ProcessReadFile);
WriteFileHooker:= THookerCoreEx.Create;
WriteFileHooker.HookType:= CHT_JMP;
WriteFileHooker.Instruction:= PHookCodeEx(WriteFileAddr);
WriteFileHooker.Event:= DWORD(@ProcessWriteFile);
ReadFileHooker.Hook:= True;
WriteFileHooker.Hook:= True;
{$I ./K_SDK/VM_End.inc}
end;
procedure Stop;
var
i: Integer;
begin
{$I ./K_SDK/VM_Start.inc}
WriteFileHooker.Hook:= False;
ReadFileHooker.Hook:= False;
WriteFileHooker.Free;
ReadFileHooker.Free;
//释放内存
for i:= 0 to MemList.Count - 1 do
VirtualFree(MemList, 0, MEM_RELEASE);
MemList.Free;
EF.Free;
{$I ./K_SDK/VM_End.inc}
end;
end.