Anyone have a working example of a program with the source that can password protect any PE executable? I saw the one on protools, but it doesn 't seem to work correctly on Windows 2000.
Posted on 2002-07-24 15:42:25 by jdd48
.
Posted on 2002-07-24 16:54:39 by comrade
you can download SecurePE from DeepZone at http://www.iamgay.com or http://www.oralse.cx

it does not contain the source ... but hope can help you.


Posted on 2002-07-24 16:55:22 by hunter
Hey comrade...
AppLock is very nice but you can "spy out" the pw if you look into the exe with a text-editor because it isn't encrypted :o
Posted on 2002-07-25 18:06:42 by Rennsemmel
That's why its version 0.12. :)
Posted on 2002-07-25 22:55:53 by comrade
patched progs doesn't run under w2k anymore with your tool...
the image size looks somewhat strange (alignment = 1000 but
the image size definitively isn't aligned). windows2000 is much
more strictly than w9x. your section alignment seems also to
be wrong, pe-explorer gives me a shitload of errors...

i know it's stupid to give you hints in such things but here's my
solution (img-size and section alignment):



;EDI = PTR TO PE-HDR
;EBX = PTR TO LAST SECTION

MOV EAX, PROGSIZE
XADD [ EBX + 08H ], EAX ; CHANGE VIRT_SIZE
CMP EAX, [ EBX + 010H ] ; CHECK IF PE IS CORRUPTED
JA _ERR ; (PE-PACK/UPX/...)

PUSH EAX ; SAVE OLDVIRTUALSIZE

ADD EAX, PROGSIZE ; EAX=NEWVIRTUALSIZE
MOV ECX, [ EDI + 03CH ] ; ECX=FILEALIGN VALUE
CALL _ALIGN
MOV [ EBX + 010H ], EAX ; STORE RESULT TO SIZEOFRAWDATA

MOV EAX, [ EBX + 0CH ] ; EAX = SECTION ADDRESS
ADD EAX, [ EBX + 08H ] ; + (NEW) VIRT SIZE
MOV ECX, [ EDI + 038H ] ; ECX = SECTION ALIGNMENT
CALL _ALIGN
MOV [ EDI + 050H ], EAX ; STORE IMAGE SIZE

; MAKE SECTION READABLE & WRITABLE
OR DWORD PTR [ EBX + 024H ], 0C0000000H

POP EAX ; EAX=OLDVIRTUALSIZE
ADD EAX, [ EBX + 00CH ] ; +VIRTUALADDRESS
XCHG [ EDI + 028H ], EAX ; STORE NEW ENTRYPOINT
ADD EAX, [ EDI + 034H ] ; SAVE OLD ENTRYPOINT (+IMGBASE)

.
.
.

_ALIGN: DEC EAX ; EAX = VALUE + ALIGNMENT - 1
XOR EDX, EDX --------------------- * ALIGNMENT
ADD EAX, ECX ALIGNMENT
DIV ECX
MUL ECX
RET
Posted on 2002-07-26 04:02:07 by mob
I am running Windows 2000 Professional and they run fine. I am sure it does make errors when attaching its code, but hey - its v0.12. :)
I've also found it fails on some executables, but again - its v0.12. :)
Posted on 2002-07-26 12:31:09 by comrade
Norton antivirus 2002 said the password protected file protected by the applock was:
Bloodhound. w32.1
That is the name given to unknown but suspected-to-be-a-virus files by symantec's bloodhound scanner to scan out suspected viruses.
Is it a virus or not?
Norton antivirus only complained when it was made password-protected.
Password protected file was command prompt(cmd.exe) and packed with PEPack.
The cmd.exe packed with pepack ran fine, not until it got password-protected.
Posted on 2003-05-11 03:06:24 by chirbyji