From 76e89361f6cba455934dd19bce0deae1ab1c73e6 Mon Sep 17 00:00:00 2001
From: segfault <segfault@secmail.pro>
Date: Sun, 5 May 2019 17:48:42 +0200
Subject: _DEBUG macro check example, CRET_CHECK *before* (en|de)cryption but
*after* validating, crypt_return documentation, fix for Windoze
VirtualProtect: DWORD *old_protect can not be NULL
Signed-off-by: segfault <segfault@secmail.pro>
---
example.c | 7 ++++---
funccrypt.c | 16 +++++++++++-----
funccrypt.h | 8 ++++++--
3 files changed, 21 insertions(+), 10 deletions(-)
diff --git a/example.c b/example.c
index b2f7e89..93688f3 100644
--- a/example.c
+++ b/example.c
@@ -37,6 +37,7 @@ int main(void)
{
srand(time(NULL));
+#ifdef _DEBUG
printf("Before Encryption:\n");
printf("crypted_fn:\n");
printHexBuf((uint8_t *)crypted_fn, 160, 32);
@@ -44,7 +45,7 @@ int main(void)
printHexBuf((uint8_t *)crypted_fn2, 160, 32);
printf("crypted_fn3:\n");
printHexBuf((uint8_t *)crypted_fn3, 160, 32);
-
+#endif
printf("\nAfter Encryption:\n");
printf("crypted_fn return val: %s\n",
crypt_strs[ crypt_func((void *)crypted_fn) ]);
@@ -59,11 +60,11 @@ int main(void)
printHexBuf((uint8_t *)crypted_fn2, 160, 32);
printf("crypted_fn3:\n");
printHexBuf((uint8_t *)crypted_fn3, 160, 32);
-
+#ifdef _DEBUG
printf("\noutput:\n");
printf("crypted_fn: 0x%X\n", crypted_fn(0, NULL, NULL));
crypted_fn2();
crypted_fn3(NULL, (unsigned int)-1, "TEST");
-
+#endif
return 0;
}
diff --git a/funccrypt.c b/funccrypt.c
index de51405..bfb0b31 100644
--- a/funccrypt.c
+++ b/funccrypt.c
@@ -61,7 +61,6 @@ crypt_return crypt_func(void *fn_start)
if (cret == CRET_EPILOGUE &&
i >= sizeof *hdr)
{
- cret = CRET_CHECK;
#if _DEBUG
printf("Prologue Marker: %p\n", pro);
printf("Epilogue Marker: %p\n", epi);
@@ -81,6 +80,7 @@ crypt_return crypt_func(void *fn_start)
#endif
)
{
+ cret = CRET_CHECK;
#ifdef __linux__
mbuf = (uint8_t *)( (long int)hdr & ~(sysconf(_SC_PAGESIZE) - 1) );
if (!mprotect(mbuf, sysconf(_SC_PAGESIZE), PROT_READ|PROT_WRITE|PROT_EXEC))
@@ -92,17 +92,23 @@ crypt_return crypt_func(void *fn_start)
{
if (hdr->crpyted == 0x00) {
hdr->crpyted = 0xFF;
- hdr->key = (uint64_t) rand() << 32;
- hdr->key |= rand();
+#ifdef __linux__
+ hdr->key = (uint64_t) rand() << 32;
+ hdr->key |= (uint64_t) rand();
+#else
+ hdr->key = (uint64_t) rand() << 48;
+ hdr->key |= (uint64_t) rand() << 32;
+ hdr->key |= (uint64_t) rand() << 16;
+ hdr->key |= (uint64_t) rand();
+#endif
}
for (i = 0; i < crypt_size / 0x8; ++i) {
hdr->func_body[i] ^= hdr->key;
}
-
#ifdef __linux__
if (!mprotect(mbuf, sysconf(_SC_PAGESIZE), PROT_READ|PROT_EXEC))
#else
- if (VirtualProtect(mbuf, crypt_size, old_prot, NULL))
+ if (VirtualProtect(mbuf, crypt_size, old_prot, &old_prot))
#endif
cret = CRET_OK;
}
diff --git a/funccrypt.h b/funccrypt.h
index 6b1f95c..2e80340 100644
--- a/funccrypt.h
+++ b/funccrypt.h
@@ -5,7 +5,7 @@
#include <stdint.h>
#if !defined(__GNUC__) || !defined(__GNUC_MINOR__)
-#error "This is only verified to work with GCC compiler!"
+#error "This is only verified to work with a GCC compiler!"
#endif
/* Force GCC struct for MingW compilers and pack them,
@@ -21,7 +21,11 @@ typedef struct crypt_header {
} GCC_PACKED crypt_header;
typedef enum crypt_return {
- CRET_ERROR, CRET_PROLOGUE, CRET_EPILOGUE, CRET_CHECK, CRET_OK
+ CRET_ERROR /* Neither prologue marker nor epilogue marker found. */,
+ CRET_PROLOGUE /* prologue marker found */,
+ CRET_EPILOGUE /* epilogue marker found */,
+ CRET_CHECK /* all pre (en|de)cryption checks successful */,
+ CRET_OK /* (en|de)cryption succeeded */
} crypt_return;
#define CRYPT_FUNC_MAXSIZ 0x100
--
cgit v1.2.3