dagnisk (06-30-2016),deskalt (08-20-2016),GuilhermeBS_VIP1 (12-11-2013),IamNotWhit (07-11-2011),sength (06-27-2016)
Meh, wanted to do something in C++ 'cos I suck dick at it.
Anway, this is a simple function that changes the md5 of a specified file by implanting a random int value within it's reserved space in the DOS header. Of course, if the DOS Header of the file has been collapsed deliberately, this is more likely to just rape your PE and make it unusable, but if you're collapsing your DOS Headers, I think you'd know about it lol.
Enjoy.
Comments/criticisms etc are welcome, I'm a C++ noob, so I probs fucked up some memory management somewhere.Code:#include <windows.h> //for ZeroMemory macro #include <fstream> //derp obvious. #include <time.h> int quit(char* msg) { printf(msg); //print the message to the console window return -1; //-1 is my signifier that the function failed. } char* ReadFromStream(std::fstream *baseStream, int offset, int dwSize) { char* ret = new char[dwSize]; //create a buffer ZeroMemory(ret, sizeof(ret)); //zero the memory like a mad dawg baseStream->seekg(offset, std::ios::beg); //seek to the offset from the beginning of the stream baseStream->read(ret, dwSize); //read dwSize bytes from the stream into the buffer return ret; //return the buffer } char* intToBytes(int val) { /**** not really my function, cbf learning bitshifting ***/ char* ret = new char[4]; ret[0] = (val >> 24) & 0xFF; ret[1] = (val >> 16) & 0xFF; ret[2] = (val >> 8) & 0xFF; ret[3] = val & 0xFF; return ret; } int ChangeMD5(char* file) { using std::ios; //im too lazy to do more than one :: //create the random int. srand(time(NULL) * time(NULL)); //seed the random, dont have to be too fancy int rnd = rand(); //generate a pseudo-random char *newMd5 = intToBytes(rnd); //convert our random to bytes. std::fstream PEStream (file, ios::binary | ios::in | ios::out); //open a stream to the file. char *buff = ReadFromStream(&PEStream, 0, 2); //read the start signature (MUST BE 'MZ' FOR ALL PE) if ( strcmp(buff, "MZ") != 0 ) { return quit("Not a valid PE File"); } //not a PE, exit with a message. buff = ReadFromStream(&PEStream, 0x3C, 4); //read 4 bytes from the stream. int lfanew = *reinterpret_cast<signed*>( buff ); //cast the char to a signed int buff = ReadFromStream(&PEStream, lfanew, 4); //read the PE signature from the stream if ( strcmp(buff, "PE\0\0") != 0 ) { return quit("Not a valid PE File"); } //PE files all have the signature PE followed by 2 null bytes. /** OKAY WE'VE VERIFIED IT'S A PE, NOW IT'S SAFE TO WRITE **/ PEStream.seekp(0x1C, ios::beg); //seek to the start of the reserved space PEStream.write(newMd5, 4); //write those bytes to the file in the reserved space PEStream.flush(); //flush all waiting shit. PEStream.close(); //close the stream return 0; //success } void main() { if ( ChangeMD5("C:\\test.exe") == 0) MessageBoxA(NULL, "OMG FUCK YEAH", "MD5 Changed", 0); }
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
dagnisk (06-30-2016),deskalt (08-20-2016),GuilhermeBS_VIP1 (12-11-2013),IamNotWhit (07-11-2011),sength (06-27-2016)
Hmm.. Interesting..
Good job in C++
Very nice C++ scrub!
THE EYE OF AN ADMINISTRATOR IS UPON YOU. ANY WRONG YOU DO IM GONNA SEE, WHEN YOU'RE ON MPGH, LOOK BEHIND YOU, 'CAUSE THATS WHERE IM GONNA BE
"First they ignore you. Then they laugh at you. Then they fight you. Then you lose.” - Dave84311
HAVING VIRTUAL DETOX
Nice Bro...
When i start Learning C# you start C++...You try to be like Big bro /me
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
IamNotWhit (07-11-2011)
Change the first 2 bytes from MZ to ZM .
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
The fish trap exists because of the fish.
Once you've gotten the fish you can forget the trap.
The rabbit snare exists because of the rabbit.
Once you've gotten the rabbit, you can forget the snare.
Words exist because of meaning.
Once you've gotten the meaning, you can forget the words.
Where can I find a man who has forgotten words so I can talk with him?
THE EYE OF AN ADMINISTRATOR IS UPON YOU. ANY WRONG YOU DO IM GONNA SEE, WHEN YOU'RE ON MPGH, LOOK BEHIND YOU, 'CAUSE THATS WHERE IM GONNA BE
"First they ignore you. Then they laugh at you. Then they fight you. Then you lose.” - Dave84311
HAVING VIRTUAL DETOX
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
If you erase the whole DLL, the MD5 would change.
Any donations would help
Originally Posted by Bombsaway707Originally Posted by BloodOriginally Posted by Alby-kunOriginally Posted by AliOriginally Posted by CodeDemon[21:13] CoderNever: HOLY SHIT ITS USER1!Yes it is me... Yup Yup
[IMG]https://i111.photobucke*****m/albums/n121/golmor/learntoprogram-1.png[/IMG]
WildAssassinz (07-28-2016)