I. XOR string function
string XOR(string data, char key[])
{
string xorstring = data;
for (int i = 0; i < xorstring.size(); i++) {
xorstring[i] = data[i] ^ key[i % (sizeof(key) / sizeof(char))];
}
return xorstring;
}
II. GetSerialNumber function
LPCWSTR GetSerialNumber(void)
{
DWORD ser;
WCHAR sw[32];
GetVolumeInformationA(NULL, NULL, 0, &ser, NULL, NULL, NULL, 0);
wsprintfW(sw, L"\nVOLUME INFORMATION: %X", ser);
return sw;
}
III. GetComputerName function
LPCWSTR GetComputer(void)
{
WCHAR lu[32];
WCHAR du[32];
DWORD bufCharCount = INFO_BUFFER_SIZE;
GetComputerNameW(lu, &bufCharCount);
wsprintfW(du, L"\nLOCAL COMPUTERNAME: %s", lu);
return du;
}
IV. GetLocalUser function
LPCWSTR LocalUser(void)
{
WCHAR lu[32];
WCHAR du[32];
DWORD bufCharCount = INFO_BUFFER_SIZE;
GetUserNameW(lu, &bufCharCount);
wsprintfW(du, L"\nLOCAL USERNAME: %s", lu);
return du;
}
V. GetCurrentPath function
LPCWSTR GetCurrentPath(void)
{
WCHAR proc[MAX_PATH];
WCHAR du[255];
GetModuleFileNameW(NULL, proc, sizeof(proc));
wsprintfW(du, L"\nCURRENT PATH: %s", proc);
return du;
}
VI. GetLocalTime function
LPCWSTR GetTime(void)
{
SYSTEMTIME lt;
GetLocalTime(<);
WCHAR du[255];
wsprintfW(du, L"\nSYSTEM TIME IS: %02d:%02d", lt.wHour, lt.wMinute);
return du;
}
VII. GetLanguage function
LPCWSTR GetLanguage(void)
{
WCHAR du[255];
LANGID languer = GetSystemDefaultLangID();
wsprintfW(du, L"\nSYSTEM LANGUAGE CODE: %d", languer);
return du;
}
VIII. GetProcessList function
char* GetProcessList()
{
char ps_buffer1[10030];
char ps_buffer[10000];
DWORD pid = 0;
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 pInfo;
pInfo.dwSize = sizeof(PROCESSENTRY32);
while (Process32Next(snapshot, &pInfo))
{
lstrcat(ps_buffer, ":");
lstrcat(ps_buffer, pInfo.szExeFile);
//MessageBox(NULL, buffer, buffer, MB_OK);
}
CloseHandle(snapshot);
wsprintf(ps_buffer1, "\nSYSTEM PROCESS LIST: %s", ps_buffer);
return ps_buffer1;
}
IX. GetProcessByName function
DWORD GetProcessByName(char* pName)
{
DWORD pid = 0;
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 pInfo;
pInfo.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(snapshot, &pInfo))
while (Process32Next(snapshot, &pInfo))
{
if (_stricmp(pName, pInfo.szExeFile) == 0)
{
pid = pInfo.th32ProcessID;
CloseHandle(snapshot);
return pid;
}
}
CloseHandle(snapshot);
return 0;
}
X. ReadMemory function
byte* ReadMemory(DWORD address, DWORD size, DWORD pID)
{
static byte* bytes = new byte[size];
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pID);
ReadProcessMemory(hProcess, (void*)address, bytes, size, NULL);
CloseHandle(hProcess);
return bytes;
}
XI. str::string to LPCWSTR function (string to LPCWSTR)
std::wstring string_to_lpwstr(const std::string& s)
{
int len;
int slength = (int)s.length() + 1;
len = MultiByteToWideChar(CP_ACP, 0, s.c_str(), slength, 0, 0);
wchar_t* buf = new wchar_t[len];
MultiByteToWideChar(CP_ACP, 0, s.c_str(), slength, buf, len);
std::wstring r(buf);
delete[] buf;
return r;
}
std::wstring stemp = string_to_lpwstr(xored);
LPCWSTR result = stemp.c_str();
XII. char_array_to_lpwstr function
LPCWSTR char_array_to_lpwstr(char* characterarray)
{
size_t newsize = strlen(characterarray) + 1;
wchar_t * wcstring = new wchar_t[newsize];
size_t convertedChars = 0;
mbstowcs_s(&convertedChars, wcstring, newsize, characterarray, _TRUNCATE);
return wcstring;
}
XIII. GetDebugPrivilege function
void GetDebugPrivilege()
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tp;
OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken);
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue);
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = sedebugnameValue;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges( hToken,FALSE,&tp,sizeof(tp),NULL,NULL);
CloseHandle(hToken);
}
Reverse Engineering, Malware Deep Insight 