[MASM], Fake exe

Fake exe

Author: Benina

Dowload: 

Bài viết này rất đơn giản về bảo mật.

Trên 4rm virusvn có bạn hỏi làm sao chạy được file ko phải có đuôi là file thực thi exe (ví dụ .xxx) như một file exe.

Đây là cách rất đơn giản về lập trình registry.

Đầu tiên chúng ta query key HKCR\.exe các subkey và giá trị của nó vào các biến tạm.

Sau đó ta set một key cho file có đuôi .xxx

Đây là file exeplus.asm

.386 .model flat,stdcall option casemap:none include exeplus.inc .data szTitle      db "Fake exe",0 MsgBoxText      db "Fake exe registered!",0 szDefaultEXE db 512 dup(0) szContextType db 512 dup(0) szDefaultPer db 512 dup(0) pKeySub dd 0 .code start:       invoke GetRegString, addr szDefaultEXE,                         HKEY_CLASSES_ROOT,                         chr$(".exe\"),                         NULL       invoke GetRegString, addr szContextType,                         HKEY_CLASSES_ROOT,                         chr$(".exe\"),                         chr$("Content Type")       invoke GetRegString, addr szDefaultPer,                         HKEY_CLASSES_ROOT,                         chr$(".exe\PersistentHandler\"),                         NULL                                                       ;------------------------------------------------------       invoke SetRegString,                         HKEY_CLASSES_ROOT,                         chr$(".xxx\"),                         NULL,                         addr szDefaultEXE                                  invoke SetRegString,                         HKEY_CLASSES_ROOT,                         chr$(".xxx\"),                         chr$("Content Type"),                         addr szContextType                                                  invoke SetRegString,                         HKEY_CLASSES_ROOT,                         chr$(".xxx\PersistentHandler\"),                         NULL,                         addr szDefaultPer                                                                                invoke MessageBox, NULL,addr MsgBoxText, addr szTitle, MB_OK       invoke ExitProcess,NULL end start

Đây là file exeplus.inc

include \masm32\include\windows.inc include \masm32\include\user32.inc include \masm32\include\kernel32.inc include \masm32\include\shell32.inc include \masm32\include\advapi32.inc include \masm32\include\gdi32.inc include \masm32\include\comctl32.inc include \masm32\include\comdlg32.inc include \masm32\include\masm32.inc include \masm32\include\ole32.inc include \masm32\macros\macros.asm includelib \masm32\lib\user32.lib includelib \masm32\lib\kernel32.lib includelib \masm32\lib\shell32.lib includelib \masm32\lib\advapi32.lib includelib \masm32\lib\gdi32.lib includelib \masm32\lib\comctl32.lib includelib \masm32\lib\comdlg32.lib includelib \masm32\lib\ole32.lib includelib \masm32\lib\masm32.lib include RegistryASM.asm