5 files changed, 311 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..00e8b98
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+.vs/
+*.vcxproj*
diff --git a/PEHDisguiser.sln b/PEHDisguiser.sln
new file mode 100755
index 0000000..5767d64
--- /dev/null
+++ b/PEHDisguiser.sln
@@ -0,0 +1,31 @@
+

+Microsoft Visual Studio Solution File, Format Version 12.00

+# Visual Studio Version 16

+VisualStudioVersion = 16.0.31205.134

+MinimumVisualStudioVersion = 10.0.40219.1

+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PEHDisguiser", "PEHDisguiser\PEHDisguiser.vcxproj", "{F16DE600-4705-40C2-8936-E4324103FF6D}"

+EndProject

+Global

+	GlobalSection(SolutionConfigurationPlatforms) = preSolution

+		Debug|x64 = Debug|x64

+		Debug|x86 = Debug|x86

+		Release|x64 = Release|x64

+		Release|x86 = Release|x86

+	EndGlobalSection

+	GlobalSection(ProjectConfigurationPlatforms) = postSolution

+		{F16DE600-4705-40C2-8936-E4324103FF6D}.Debug|x64.ActiveCfg = Debug|x64

+		{F16DE600-4705-40C2-8936-E4324103FF6D}.Debug|x64.Build.0 = Debug|x64

+		{F16DE600-4705-40C2-8936-E4324103FF6D}.Debug|x86.ActiveCfg = Debug|Win32

+		{F16DE600-4705-40C2-8936-E4324103FF6D}.Debug|x86.Build.0 = Debug|Win32

+		{F16DE600-4705-40C2-8936-E4324103FF6D}.Release|x64.ActiveCfg = Release|x64

+		{F16DE600-4705-40C2-8936-E4324103FF6D}.Release|x64.Build.0 = Release|x64

+		{F16DE600-4705-40C2-8936-E4324103FF6D}.Release|x86.ActiveCfg = Release|Win32

+		{F16DE600-4705-40C2-8936-E4324103FF6D}.Release|x86.Build.0 = Release|Win32

+	EndGlobalSection

+	GlobalSection(SolutionProperties) = preSolution

+		HideSolutionNode = FALSE

+	EndGlobalSection

+	GlobalSection(ExtensibilityGlobals) = postSolution

+		SolutionGuid = {E461D861-87B5-4A9B-9107-77B72F5E7191}

+	EndGlobalSection

+EndGlobal

diff --git a/PEHDisguiser/PEHTimestampChanger.cpp b/PEHDisguiser/PEHTimestampChanger.cpp
new file mode 100755
index 0000000..87908db
--- /dev/null
+++ b/PEHDisguiser/PEHTimestampChanger.cpp
@@ -0,0 +1,114 @@
+#include <cstdio>

+#include <windows.h>

+#include <winnt.h>

+#include <fileapi.h>

+#include <WinBase.h>

+#include <time.h>

+#include <inttypes.h>

+

+#include "skCrypt.h"

+

+#pragma warning(disable : 4996)

+

+int main(int argc, char** argv);

+int randomize_file(const char* path, uint32_t added_file_size);

+

+int main(int argc, char** argv)

+{

+	printf(skCrypt("\nMade by Baitinq.\n\n"));

+

+	if (argc < 3)

+	{

+		printf(skCrypt("BAD USAGE!\tUsage: disguise_file.exe <file_name> <added file size in bytes>\n"));

+		system(skCrypt("pause"));

+

+		return 1;

+	}

+

+	char executable_path[MAX_PATH];

+	strncpy(executable_path, argv[1], sizeof(executable_path));

+

+	const uint32_t added_size = atoi(argv[2]);

+

+	srand(time(NULL));

+

+	printf(skCrypt("Disguising your file...\n"));

+

+	int ret = randomize_file(executable_path, added_size);

+	if (ret < 0)

+		printf(skCrypt("Failed to disguise your file. (%d)\n"), -ret);

+

+	printf(skCrypt("Disguised your file succesfully!\n"));

+

+	system(skCrypt("pause"));

+

+	return ret;

+}

+

+int randomize_file(const char* path, uint32_t added_file_size)

+{

+	HANDLE file = CreateFile(path, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);

+	if (file == NULL || file == INVALID_HANDLE_VALUE)

+	{

+		//printf("BAD FILE!\n");

+		return -1;

+	}

+

+	PIMAGE_DOS_HEADER dosHeader;

+	PIMAGE_NT_HEADERS ntHeader;

+	PIMAGE_FILE_HEADER header;

+

+	HANDLE hMapObject = CreateFileMapping(file, NULL, PAGE_READWRITE, 0, GetFileSize(file, NULL) + added_file_size, NULL);

+	if (hMapObject == NULL || hMapObject == INVALID_HANDLE_VALUE)

+	{

+		//printf("BAD mapping!\n");

+		return -2;

+	}

+

+	void* mapped_file = MapViewOfFile(hMapObject, FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0);

+

+	dosHeader = (PIMAGE_DOS_HEADER)mapped_file;

+	if (dosHeader == NULL || dosHeader->e_magic != IMAGE_DOS_SIGNATURE)

+	{

+		//printf("bad dosheader!\n");

+		return -3;

+	}

+

+	ntHeader = (PIMAGE_NT_HEADERS)((uint8_t*)dosHeader + dosHeader->e_lfanew);

+	if(ntHeader == NULL || ntHeader->Signature != IMAGE_NT_SIGNATURE)

+	{

+		//printf("bad ntheader!\n");

+		return -4;

+	}

+

+	header = &ntHeader->FileHeader;

+

+	//printf("Timestamp b4: %lu\n", header->TimeDateStamp);

+

+	//printf("Timestamp after: %lu\n", header->TimeDateStamp);

+

+	//printf("setting modified...\n");

+

+	FILETIME fileTime;

+	GetSystemTimeAsFileTime(&fileTime);

+

+	FILE_BASIC_INFO b {0};

+	b.ChangeTime = *(LARGE_INTEGER*)&fileTime;

+	b.CreationTime = *(LARGE_INTEGER*)&fileTime;

+	b.LastAccessTime = *(LARGE_INTEGER*)&fileTime;

+	b.LastWriteTime = *(LARGE_INTEGER*)&fileTime;

+	b.FileAttributes = 0;

+	if (!SetFileInformationByHandle(file, FileBasicInfo, &b, sizeof(b)))

+		return -5;

+

+	if (!UnmapViewOfFile(mapped_file))

+		return -6;

+

+	if (!CloseHandle(hMapObject))

+		return -7;

+

+	if (!CloseHandle(file))

+		return -8;

+		

+	return 0;

+}

diff --git a/PEHDisguiser/skCrypt.h b/PEHDisguiser/skCrypt.h
new file mode 100755
index 0000000..1eee482
--- /dev/null
+++ b/PEHDisguiser/skCrypt.h
@@ -0,0 +1,154 @@
+#pragma once

+

+/*____________________________________________________________________________________________________________

+Original Author: skadro

+Github: https://github.com/skadro-official

+License: See end of file

+skCrypter

+		Compile-time, Usermode + Kernelmode, safe and lightweight string crypter library for C++11+

+							*Not removing this part is appreciated*

+____________________________________________________________________________________________________________*/

+

+#ifdef _KERNEL_MODE

+namespace std

+{

+	// STRUCT TEMPLATE remove_reference

+	template <class _Ty>

+	struct remove_reference {

+		using type = _Ty;

+	};

+

+	template <class _Ty>

+	struct remove_reference<_Ty&> {

+		using type = _Ty;

+	};

+

+	template <class _Ty>

+	struct remove_reference<_Ty&&> {

+		using type = _Ty;

+	};

+

+	template <class _Ty>

+	using remove_reference_t = typename remove_reference<_Ty>::type;

+

+	// STRUCT TEMPLATE remove_const

+	template <class _Ty>

+	struct remove_const { // remove top-level const qualifier

+		using type = _Ty;

+	};

+

+	template <class _Ty>

+	struct remove_const<const _Ty> {

+		using type = _Ty;

+	};

+

+	template <class _Ty>

+	using remove_const_t = typename remove_const<_Ty>::type;

+}

+#else

+#include <type_traits>

+#endif

+

+namespace skc

+{

+	template<class _Ty>

+	using clean_type = typename std::remove_const_t<std::remove_reference_t<_Ty>>;

+

+	template <int _size, char _key1, char _key2, typename T>

+	class skCrypter

+	{

+	public:

+		__forceinline constexpr skCrypter(T* data)

+		{

+			crypt(data);

+		}

+

+		__forceinline T* get()

+		{

+			return _storage;

+		}

+

+		__forceinline int size() // (w)char count

+		{

+			return _size;

+		}

+

+		__forceinline  char key()

+		{

+			return _key1;

+		}

+

+		__forceinline  T* encrypt()

+		{

+			if (!isEncrypted())

+				crypt(_storage);

+

+			return _storage;

+		}

+

+		__forceinline  T* decrypt()

+		{

+			if (isEncrypted())

+				crypt(_storage);

+

+			return _storage;

+		}

+

+		__forceinline bool isEncrypted()

+		{

+			return _storage[_size - 1] != 0;

+		}

+

+		__forceinline void clear() // set full storage to 0

+		{

+			for (int i = 0; i < _size; i++)

+			{

+				_storage[i] = 0;

+			}

+		}

+

+		__forceinline operator T* ()

+		{

+			decrypt();

+

+			return _storage;

+		}

+

+	private:

+		__forceinline constexpr void crypt(T* data)

+		{

+			for (int i = 0; i < _size; i++)

+			{

+				_storage[i] = data[i] ^ (_key1 + i % (1 + _key2));

+			}

+		}

+

+		T _storage[_size]{};

+	};

+}

+

+#define skCrypt(str) skCrypt_key(str, __TIME__[4], __TIME__[7])

+#define skCrypt_key(str, key1, key2) []() { \

+			constexpr static auto crypted = skc::skCrypter \

+				<sizeof(str) / sizeof(str[0]), key1, key2, skc::clean_type<decltype(str[0])>>((skc::clean_type<decltype(str[0])>*)str); \

+					return crypted; }()

+

+/*________________________________________________________________________________

+MIT License

+Copyright (c) 2020 skadro

+Permission is hereby granted, free of charge, to any person obtaining a copy

+of this software and associated documentation files (the "Software"), to deal

+in the Software without restriction, including without limitation the rights

+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

+copies of the Software, and to permit persons to whom the Software is

+furnished to do so, subject to the following conditions:

+The above copyright notice and this permission notice shall be included in all

+copies or substantial portions of the Software.

+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

+SOFTWARE.

+________________________________________________________________________________*/
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..7c8a211
--- /dev/null
+++ b/README.md
@@ -0,0 +1,10 @@
+# PEHDisguiser
+
+Disguises windows executables by altering their PE Header and changing the size of the executable.
+
+This can be useful to alter public exe's fingerprints (anticheat/av protection).
+
+## Usage
+```
+disguise_file.exe <file_name> <added file size in bytes>
+```