sources code optimization.

Author: czy

AddSection.cpp

@@ -34,7 +34,7 @@ BOOL AddSection::Init() {
 	pSectionHeadre = SinglePuPEInfo::instance()->puGetSection();
 	FileSize = SinglePuPEInfo::instance()->puFileSize();
 	FileHandle = SinglePuPEInfo::instance()->puFileHandle();
-	OldOep = SinglePuPEInfo::instance()->puOldOep();
+	OldOep = SinglePuPEInfo::instance()->puGetOEP();
 	return true;
 }
 

CombatShell/CombatShell.cpp

@@ -432,7 +432,7 @@ void RepairTheIAT()
 
 #else
 	// IAT
-	byte OpCode[] = { 0xe8, 0x01, 0x00, 0x00,
+	BYTE OpCode[] = { 0xe8, 0x01, 0x00, 0x00,
 					  0x00, 0xe9, 0x58, 0xeb,
 					  0x01, 0xe8, 0xb8, 0x8d,
 					  0xe4, 0xd8, 0x62, 0xeb,
@@ -568,7 +568,7 @@ DWORD ProcessCallBack(LPVOID lpThreadParameter)
 	MyFindWindowExW = (FnFindWindowExW)puGetProcAddress(g_stud.s_User32, 0x4818F71E);
 	MyPostMessageW = (FnPostMessage)puGetProcAddress(g_stud.s_User32, 0x386047E);
 
-	HWND hCalc, hbutton;
+	HWND hCalc = nullptr, hbutton = nullptr;
 	HWND* hWnd = (HWND*)lpThreadParameter;
 	static int i = 10;
 	MySleep(10000);

CombatShell/CombatShell.rc

@@ -51,7 +51,7 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 24,7,3,1
+ FILEVERSION 24,7,6,1
  PRODUCTVERSION 1,0,0,1
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
@@ -67,7 +67,7 @@ BEGIN
     BEGIN
         BLOCK "080404b0"
         BEGIN
-            VALUE "FileVersion", "24.7.3.1"
+            VALUE "FileVersion", "24.7.6.1"
             VALUE "InternalName", "CombatSh.dll"
             VALUE "LegalCopyright", "Copyright (C) 2024"
             VALUE "OriginalFilename", "CombatSh.dll"

CombatShell/CombatShell.vcxproj

@@ -31,13 +31,15 @@
     <UseDebugLibraries>true</UseDebugLibraries>
     <PlatformToolset>v142</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
+    <SpectreMitigation>false</SpectreMitigation>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <PlatformToolset>v142</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
+    <SpectreMitigation>false</SpectreMitigation>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
@@ -116,13 +118,16 @@
       <PrecompiledHeader>Use</PrecompiledHeader>
       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
       <Optimization>Disabled</Optimization>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <EnableUAC>false</EnableUAC>
+      <AdditionalDependencies>liblz4_static.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>../lz4/static/</AdditionalLibraryDirectories>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -173,6 +178,10 @@
     <ClInclude Include="resource.h" />
   </ItemGroup>
   <ItemGroup>
+    <ClCompile Include="..\lz4\include\lz4.c">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">NotUsing</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">NotUsing</PrecompiledHeader>
+    </ClCompile>
     <ClCompile Include="..\quick\quicklz.c">
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">NotUsing</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">NotUsing</PrecompiledHeader>

CombatShell/CombatShell.vcxproj.filters

@@ -65,6 +65,9 @@
     <ClCompile Include="..\quick\quicklz.c">
       <Filter>quick</Filter>
     </ClCompile>
+    <ClCompile Include="..\lz4\include\lz4.c">
+      <Filter>lz4</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="CombatShell.rc">

CombatShellManage.rc

@@ -123,18 +123,6 @@ BOOL CompressionData::EncryptionSectionData(
 // 压缩PE区段数据
 BOOL CompressionData::CompressSectionData()
 {
-	CString csTmep;
-	std::string sTagetDirectory = "";
-	std::wstring wsTagetDirectory = L"";
-	{
-		csTmep = m_MasterStaticTextStr;
-		int n = csTmep.ReverseFind('\\') + 1;
-		int m = csTmep.GetLength() - n;
-		wsTagetDirectory = csTmep.Left(n);
-		csTmep = csTmep.Right(m);
-	}
-	sTagetDirectory = g_CombatShellDataLocalFile;
-
 	std::string sDriectory = "";
 	std::string sCombatShellPath = "";
 	CodeTool::CGetCurrentDirectory(sDriectory);
@@ -208,7 +196,7 @@ BOOL CompressionData::CompressSectionData()
 	DWORD ComressTotalSize = 0;
 
 	// 注意修复-改为程序Name_FileData.txt - 保存本地数据记录，脱壳使用.
-	if ((fpFile = fopen(sTagetDirectory.c_str(), "wb+")) == NULL)
+	if ((fpFile = fopen(g_CombatShellDataLocalFile, "wb+")) == NULL) 
 	{
 		AfxMessageBox(L"CombatShell 打开创建失败.");
 		return false;
@@ -352,6 +340,14 @@ BOOL CompressionData::CompressSectionData()
 	CleanDirectData(ComressNewBase, ComressTotalSize, Size);
 
 	// Create File
+	std::wstring wsTagetDirectory = L"";
+	{
+		CString csTmep = m_MasterStaticTextStr;
+		int n = csTmep.ReverseFind('\\') + 1;
+		int m = csTmep.GetLength() - n;
+		wsTagetDirectory = csTmep.Left(n);
+		csTmep = csTmep.Right(m);
+	}
 	const std::wstring wsMaskCompre = (wsTagetDirectory + L"CompressionMask.exe").c_str();
 	HANDLE HandComprele = CreateFile(wsMaskCompre.c_str(), GENERIC_READ | GENERIC_WRITE, FALSE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
 

CompressionData.cpp

@@ -102,6 +102,7 @@ BOOL MasterWindows::NewSection()
 		return false;
 
 	SingleAddSection::instance()->puInti(m_MasterStaticTextStr);
+	m_dwOldOEP = SinglePuPEInfo::instance()->puGetOEP();
 	SingleAddSection::instance()->puModifySectioNumber();
 	nRet = SingleAddSection::instance()->puModifySectionInfo(Name, SectionSize);
 	if (!nRet) {
@@ -274,7 +275,7 @@ void MasterWindows::OnBnClickedButton1()
 
 	// 3. CombatShell 数据拷贝/操作
 	m_MasterStaticTextStr = (csTargetDirectory + "CompressionMask.exe").GetBSTR();
-	if (!SingleStudData::instance()->puInit(m_MasterStaticTextStr)) {
+	if (!SingleStudData::instance()->puInit(m_MasterStaticTextStr, m_dwOldOEP)) {
 		AfxMessageBox(L"studData failuer!");
 		return;
 	}
@@ -292,10 +293,10 @@ void MasterWindows::OnBnClickedButton1()
 			m_MasterStaticTextStr = nStr;
 		}
 		ShowPEInfoData(m_MasterStaticTextStr);
-		AfxMessageBox(m_MasterStaticTextStr + L"   Success!");
+		AfxMessageBox((m_MasterStaticTextStr + L"   Success!").GetString());
 	}
 	else
-		AfxMessageBox(m_MasterStaticTextStr + L"   Failure!");
+		AfxMessageBox((m_MasterStaticTextStr + L"   Failure!").GetString());
 }
 
 // PE View
@@ -362,38 +363,39 @@ void MasterWindows::OnBnClickedButton2()
 	UpdateData(TRUE);
 	if (m_MasterStaticTextStr.IsEmpty())
 	{
-		AfxMessageBox(L"请先拖入文件");
+		MessageBox(L"请先拖入文件");
 		return;
 	}
 
-	// 判断是否我们的壳，否则不给脱壳
+	// 判断是否我们的壳，否则不给脱壳(未检测.)
 	UnShllerProcPath = m_MasterStaticTextStr;
 
 	UnShell obj_Unshell;
 	if (!obj_Unshell.puUnShell()) {
-		AfxMessageBox(L"puUnShell error");
+		MessageBox(L"puUnShell error");
 		return;
 	}
 	if (!obj_Unshell.puRepCompressionData()) {
-		AfxMessageBox(L"puRepCompressionData error.");
+		MessageBox(L"puRepCompressionData error.");
 		return;
 	}
 	if(!obj_Unshell.puDeleteSectionInfo()) {
-		AfxMessageBox(L"puDeleteSectionInfo error.");
+		MessageBox(L"puDeleteSectionInfo error.");
 		return;
 	}
 
 	if (obj_Unshell.puSaveUnShell())
 	{
-		DeleteFile(m_MasterStaticTextStr);
 		const std::wstring sUnShellPath = CodeTool::string2wstring(obj_Unshell.puGetUnShellPath().c_str()).c_str();
+		// Clear
+		obj_Unshell.puClose();
+		DeleteFile(m_MasterStaticTextStr);
 		int nRet = CopyFile(sUnShellPath.c_str(), m_MasterStaticTextStr, FALSE);
 		if (nRet) {
-			m_MasterStaticTextStr = sUnShellPath.c_str();
 			DeleteFile(sUnShellPath.c_str());
 			DeleteFileA(g_CombatShellDataLocalFile);
 		}
-		AfxMessageBox(L"puSaveUnShell_Success");
+		MessageBox(L"puSaveUnShell_Success.");
 	}
 	ShowPEInfoData(m_MasterStaticTextStr);
 }

MasterWindows.cpp

@@ -45,4 +45,5 @@ class MasterWindows : public CDialogEx
 	afx_msg void OnPaint();
 	CStatic m_bitmapZionloab;
 
+	DWORD m_dwOldOEP = 0;
 };

MasterWindows.h

@@ -10,7 +10,12 @@ PE虚拟壳框架，项目意图给学习软件保护加壳的初学者提供一
 
 ![image](https://github.com/TimelifeCzy/Shell_Protect/blob/main/readmepng/1.png)
 
-2. 重点说一下虚拟机：虚拟壳目前仅支持x64加代码片段(需要稍作修改)，这只是一个示例和思路，如何自己编写虚拟机，运行态保存上下文环境及维护堆栈。
+2. 一键加壳成功后, 被加壳程序同级别会生成FileName_CombatShellData.dat文件，文件本身是原PE数据，仅脱壳使用，计划是保存新增节表中，简单方便化就本地存储.
+```
+压缩节表数据 | 清理的数据目录16个) + 清理的记录节表数据 | 原始的OEP
+```
+
+3. 虚拟机：虚拟壳目前仅支持x64加代码片段(需要稍作修改)，这只是一个示例和思路，如何自己编写虚拟机，运行态保存上下文环境及维护堆栈。
 
 - 对需要加密代码段进行Vmcode，简单点说加密代码，dll中壳代码执行vmentry进入虚拟机，默认x32直接进入壳main函数未Vm。
 
@@ -28,18 +33,18 @@ PE虚拟壳框架，项目意图给学习软件保护加壳的初学者提供一
 
 项目中的虚拟机没有高级算法，只是简单加密用来阐述过程，Vmcode分析引擎因为能力/精力有限，没有去构造Vmcode代码分析引擎，只是构造了解密后代码分析引擎挂钩handle处理。再加壳时候记录了加密汇编大小/长度/基于该代码段的起始偏移，用来做为Vmcode分析引擎使用，快速解密和处理分发。
 
+工程中有一处硬编码，void CompressionData::VmcodeEntry(), 可以做反汇编获取行数优化.
 **注意：本项目仅支持加壳器中的Main函数，只对Main汇编映射指令进行了处理，未处理其它指令。**
 
 造轮子的意义在于学习理解：理解虚拟机和指令集映射，理解虚拟机结构和协同工作。
-
 推荐专业的虚拟机分析引擎(看雪版主玩命)： https://github.com/devilogic/cerberus.git ，加密解密书籍有配套虚拟壳代码(没有看过)，也可以参考。
 
 软件保护技术还可应用于免杀，当然可以扩展更深层次了解杀软检测及反检测。
 
 ![image](https://github.com/TimelifeCzy/Shell_Protect/blob/main/readmepng/5.png)
 ![image](https://github.com/TimelifeCzy/Shell_Protect/blob/main/readmepng/6.png)
 
-项目仅用于学习，请大家重视。
+项目不提供Release版本，仅用于学习和研究。
 
 ## Stargazers over time