在my_function方法中,我试着引入了一些运行时类库函数和一些Windows API函数,以便比较X和Y参数以显示不同的消息框。
为了在堆上执行这个函数,首先我应该对my_function 代码进行加密。这项工作在名为My_function的项目中进行了实现。如果你阅读该项目的代码,就可以找到一个名为void __stdcall my_function_END()的函数。为了计算我写的这个函数的长度,my_function_END 函数必须跟上my_function。
void encrypt_my_function() 和 bool encrypt_function(BYTE* _my_function,unsigned int n_my_function_size,char* function_name)用于加密my_function 代码数据到一个临时的缓冲区中, void build_h(BYTE* pInBuf,int InBufSize,char* function_name)函数会编写加密的代码数据到一个头文件中。
//
bool encrypt_function(BYTE* _my_function,unsigned int n_my_function_size,
char* function_name)
{
BYTE* buff=(BYTE*)malloc(n_my_function_size);
if(buff==NULL) return false;
//Note: Here is just a simple encryption algorithm,
//you should replace it with your own.
//There are a lot of encryption algorithms which you can get
//from the Internet.
for(UINT i=0;i<n_my_function_size;i++) buff[i]=_my_function[i]^99;
build_h(buff,n_my_function_size,function_name);
free(buff);
return true;
}
//
//
void encrypt_my_function()
{
void ( __stdcall *_my_function)(int x,
int y,
char* str_a,
char* str_b,
void* (__cdecl *_memcpy )( void *dest,
const void *src, size_t count ),
int (__cdecl *_sprintf )( char *buffer, const char *format, ... ),
void* (__cdecl *_malloc )( size_t size ),
void (__cdecl *_free )( void *memblock ),
size_t (__cdecl *_strlen )( const char *string ),
int (__stdcall* _MessageBox)(HWND hWnd, LPCTSTR lpText,
LPCTSTR lpCaption, UINT uType)
);
void ( __stdcall *_my_function_END)();
unsigned int n_my_function_size;
char* function_name="myfunction";
_my_function=my_function;
_my_function_END=my_function_END;
n_my_function_size=abs((UINT)_my_function_END-(UINT)_my_function)+1;
//calculate the length of my_function
if(encrypt_function((BYTE*)_my_function,n_my_function_size,function_name))
{
AfxMessageBox(
"My function is encrypted successfully !
The encrypted code is included in myfunction.h file.");
}
else
{
AfxMessageBox("My function is encrypted unsuccessfully !");
}
}
//
bool encrypt_function(BYTE* _my_function,unsigned int n_my_function_size,
char* function_name)
{
BYTE* buff=(BYTE*)malloc(n_my_function_size);
if(buff==NULL) return false;
//Note: Here is just a simple encryption algorithm,
//you should replace it with your own.
//There are a lot of encryption algorithms which you can get
//from the Internet.
for(UINT i=0;i<n_my_function_size;i++) buff[i]=_my_function[i]^99;
build_h(buff,n_my_function_size,function_name);
free(buff);
return true;
}
//
//
void encrypt_my_function()
{
void ( __stdcall *_my_function)(int x,
int y,
char* str_a,
char* str_b,
void* (__cdecl *_memcpy )( void *dest,
const void *src, size_t count ),
int (__cdecl *_sprintf )( char *buffer, const char *format, ... ),
void* (__cdecl *_malloc )( size_t size ),
void (__cdecl *_free )( void *memblock ),
size_t (__cdecl *_strlen )( const char *string ),
int (__stdcall* _MessageBox)(HWND hWnd, LPCTSTR lpText,
LPCTSTR lpCaption, UINT uType)
);
void ( __stdcall *_my_function_END)();
unsigned int n_my_function_size;
char* function_name="myfunction";
_my_function=my_function;
_my_function_END=my_function_END;
n_my_function_size=abs((UINT)_my_function_END-(UINT)_my_function)+1;
//calculate the length of my_function
if(encrypt_function((BYTE*)_my_function,n_my_function_size,function_name))
{
AfxMessageBox(
"My function is encrypted successfully !
The encrypted code is included in myfunction.h file.");
}
else
{
AfxMessageBox("My function is encrypted unsuccessfully !");
}
}
//
Myfunction.h文件由My_function项目产生。
一个包括了加密代码数据的头文件形式如下:
//
//myfunction.h
unsigned char myfunction_00001_code[]="\
\xe8\x27\x47\x6f\x30\x36\x35\xe8\x17\x47\x53\x34\x33\
x9c\xb5\xe8\x0f\x47\x47\xe8\
\x9b\x36\x9c\xb5\xe8\xbb\xee\x2f\x58\x77\x32\x9c\x37\
x47\x5b\xe8\x37\x47\x43\xe8\
\x93\xe8\x27\x47\x47\xe0\xa7\x6f\x58\xb3\x1d\x5f\xe8\
x27\x47\x7f\x34\x33\x35\x9c\
\x37\x47\x53\x30\xee\x6f\x5d\x36\x32\x9c\x37\x47\x5f\
xe8\x27\x47\x57\xe0\xa7\x7b\
\xee\x77\x7d\x09\x63\x33\x35\x09\x63\xa5\x67\x59\x63\
x9c\x37\x47\x2b\x35\x9c\x37\
\x47\x57\xe0\xa7\x67\x3c\x3d\x3e\x38\xa1\x4b\x63\x30\
x36\x35\x9c\x37\x47\x53\xe8\
\x2f\x47\x4b\x60\xbd\x34\x32\x30\x9c\x37\x47\x5f\xe0\
xa7\x7b\xa5\x67\x58\x63\x09\
\x63\x0b\x17\x33\x23\x63\x35\x09\x63\x9c\x76\x1b\x50\
x23\x63\x09\x63\x36\x35\x09\
\x63\x9c\x37\x47\x2b\x35\x9c\x37\x47\x57\xe0\xa7\x67\
x3c\x3d\x3e\x38\xa1\x4b\x63\
\xf3\xf3\xf3\xf3\xf3\xf3\xf3\xf3\xf3\xf3\xf3\xf3\xa0";
#define myfunction_00001_code_LEN 193
#define myfunction_ARRAY_NUM 1
#define myfunction_CODE_LEN 193
//
//myfunction.h
unsigned char myfunction_00001_code[]="\
\xe8\x27\x47\x6f\x30\x36\x35\xe8\x17\x47\x53\x34\x33\
x9c\xb5\xe8\x0f\x47\x47\xe8\
\x9b\x36\x9c\xb5\xe8\xbb\xee\x2f\x58\x77\x32\x9c\x37\
x47\x5b\xe8\x37\x47\x43\xe8\
\x93\xe8\x27\x47\x47\xe0\xa7\x6f\x58\xb3\x1d\x5f\xe8\
x27\x47\x7f\x34\x33\x35\x9c\
\x37\x47\x53\x30\xee\x6f\x5d\x36\x32\x9c\x37\x47\x5f\
xe8\x27\x47\x57\xe0\xa7\x7b\
\xee\x77\x7d\x09\x63\x33\x35\x09\x63\xa5\x67\x59\x63\
x9c\x37\x47\x2b\x35\x9c\x37\
\x47\x57\xe0\xa7\x67\x3c\x3d\x3e\x38\xa1\x4b\x63\x30\
x36\x35\x9c\x37\x47\x53\xe8\
\x2f\x47\x4b\x60\xbd\x34\x32\x30\x9c\x37\x47\x5f\xe0\
xa7\x7b\xa5\x67\x58\x63\x09\
\x63\x0b\x17\x33\x23\x63\x35\x09\x63\x9c\x76\x1b\x50\
x23\x63\x09\x63\x36\x35\x09\
\x63\x9c\x37\x47\x2b\x35\x9c\x37\x47\x57\xe0\xa7\x67\
x3c\x3d\x3e\x38\xa1\x4b\x63\
\xf3\xf3\xf3\xf3\xf3\xf3\xf3\xf3\xf3\xf3\xf3\xf3\xa0";
#define myfunction_00001_code_LEN 193
#define myfunction_ARRAY_NUM 1
#define myfunction_CODE_LEN 193
//
