VB

VB判断程序自身是否被修改(防脱壳)

Jonty
2013-07-21 / 0 评论 / 97 阅读 / 正在检测是否收录...

以前写的,用了2个判别办法。1.检测自身文件大小 2.检测CRC32(当然也可以检测md5)

补充几句:最简单的就是加个变态壳。。不然遇到高手这也是浮云。。
先上图。
2

3

4

代码如下:

需要添加一个控件,如图5

form.frm窗体代码:

Private Sub Command1_Click()
    txtCRC32.Text = GetFullCRC(App.Path & "\" & App.EXEName & ".exe")
    IfSafe
End Sub

模块mdlFunction.bas代码:

Option Explicit

Dim CRC32 As New clsGetCRC32

Function GetChecksum(sFile As String) As String
    On Error GoTo ErrHandle
    Dim cb0 As Byte
    Dim cb1 As Byte
    Dim cb2 As Byte
    Dim cb3 As Byte
    Dim cb4 As Byte
    Dim cb5 As Byte
    Dim cb6 As Byte
    Dim cb7 As Byte
    Dim cb8 As Byte
    Dim cb9 As Byte
    Dim cb10 As Byte
    Dim cb11 As Byte
    Dim cb12 As Byte
    Dim cb13 As Byte
    Dim cb14 As Byte
    Dim cb15 As Byte
    Dim cb16 As Byte
    Dim cb17 As Byte
    Dim cb18 As Byte
    Dim cb19 As Byte
    Dim cb20 As Byte
    Dim cb21 As Byte
    Dim cb22 As Byte
    Dim cb23 As Byte
    Dim buff As String
    Open sFile For Binary Access Read As #1
        buff = Space$(1)
        Get #1, , buff
    Close #1
    Open sFile For Binary Access Read As #2
        Get #2, 512, cb0
        Get #2, 1024, cb1
        Get #2, 2048, cb2
        Get #2, 3000, cb3
        Get #2, 4096, cb4
        Get #2, 5000, cb5
        Get #2, 6000, cb6
        Get #2, 7000, cb7
        Get #2, 8192, cb8
        Get #2, 9000, cb9
        Get #2, 10000, cb10
        Get #2, 11000, cb11
        Get #2, 12288, cb12
        Get #2, 13000, cb13
        Get #2, 14000, cb14
        Get #2, 15000, cb15
        Get #2, 16384, cb16
        Get #2, 17000, cb17
        Get #2, 18000, cb18
        Get #2, 19000, cb19
        Get #2, 20480, cb20
        Get #2, 21000, cb21
        Get #2, 22000, cb22
        Get #2, 23000, cb23
    Close #2
    buff = cb0
    buff = buff & cb1
    buff = buff & cb2
    buff = buff & cb3
    buff = buff & cb4
    buff = buff & cb5
    buff = buff & cb6
    buff = buff & cb7
    buff = buff & cb8
    buff = buff & cb9
    buff = buff & cb10
    buff = buff & cb11
    buff = buff & cb12
    buff = buff & cb13
    buff = buff & cb14
    buff = buff & cb15
    buff = buff & cb16
    buff = buff & cb17
    buff = buff & cb18
    buff = buff & cb19
    buff = buff & cb20
    buff = buff & cb21
    buff = buff & cb22
    buff = buff & cb23
    GetChecksum = CRC32.StringChecksum(buff)
    Set CRC32 = Nothing
    Exit Function
ErrHandle:
    Close #2
End Function

Function GetFullCRC(sFile As String) As String
    GetFullCRC = CRC32.FileChecksum(sFile)
End Function
Public Function MsgBox2() As Double
MsgBox "“0x1002359e”指令引用的“0x00313c0e8”内存。该内存不能为“fuck”。" & vbCrLf & _
"" & vbCrLf & _
"要终止程序,请单击“确定”。" & vbCrLf & _
"要调试程序,请单击“取消”。", vbCritical + vbOKCancel, "应用程序错误"
End Function

Public Function IfSafe() As Double
On Error Resume Next
Dim a, b
Dim FileLength, FileBig
a = GetFullCRC(App.Path & "\" & App.EXEName & ".exe")
b = Form1.Inet1.OpenURL("https://nobb.cc/test/protect.txt")

Open App.Path & "\" & App.EXEName & ".exe" For Input As #1
FileLength = LOF(1)
FileBig = FileLength
If FileLength <> "28672" Then '这里是文件的大小。右键属性,有个 “大小28.0 KB (28,672 字节)”复制里面的28672
MsgBox2
End
Else
   If a <> b Then
         MsgBox2
     End
   Else
    ' 继续
    MsgBox "程序正常", , "通过"
   End If

End
End If
End Function

类模块clsGetCRC32.cls代码:此类模块非原创

Option Explicit

Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long

Private m_CRC32Asmbl() As Byte
Private m_CRC32Table(0 To 255) As Long

Function FileChecksum(File As String) As String

    If Len(Dir$(File)) = 0 Then
        Exit Function
    End If

    On Error GoTo Err_Handler

    Dim Arr() As Byte
    Dim f As Integer

    f = FreeFile

    Open File For Binary Access Read As f

        ReDim Arr(0 To LOF(f) - 1) As Byte
        Get #f, , Arr()
    Close #f

    FileChecksum = Hex$(CalculateBytes(Arr))

Err_Handler:
End Function

Function StringChecksum(Str As String) As String
    If Not Len(Str) = 0 Then

        StringChecksum = Hex$(CalculateBytes(StrConv(Str, vbFromUnicode)))
    End If
End Function

Private Function CalculateBytes(Arr() As Byte) As Long
    Dim CRC32 As Long
    CRC32 = &HFFFFFFFF
    On Local Error GoTo Err_Handler

    Dim i As Long
    i = UBound(Arr) - LBound(Arr) + 1
    Call CallWindowProc(VarPtr(m_CRC32Asmbl(0)), VarPtr(CRC32), VarPtr(Arr(LBound(Arr))), VarPtr(m_CRC32Table(0)), i)

Err_Handler:
    CalculateBytes = (Not CRC32)
End Function

Private Sub Class_Initialize()
    Dim i As Long

    m_CRC32Table(0) = &H0
    m_CRC32Table(1) = &H77073096
    m_CRC32Table(2) = &HEE0E612C
    m_CRC32Table(3) = &H990951BA
    m_CRC32Table(4) = &H76DC419
    m_CRC32Table(5) = &H706AF48F
    m_CRC32Table(6) = &HE963A535
    m_CRC32Table(7) = &H9E6495A3
    m_CRC32Table(8) = &HEDB8832
    m_CRC32Table(9) = &H79DCB8A4
    m_CRC32Table(10) = &HE0D5E91E
    m_CRC32Table(11) = &H97D2D988
    m_CRC32Table(12) = &H9B64C2B
    m_CRC32Table(13) = &H7EB17CBD
    m_CRC32Table(14) = &HE7B82D07
    m_CRC32Table(15) = &H90BF1D91
    m_CRC32Table(16) = &H1DB71064
    m_CRC32Table(17) = &H6AB020F2
    m_CRC32Table(18) = &HF3B97148
    m_CRC32Table(19) = &H84BE41DE
    m_CRC32Table(20) = &H1ADAD47D
    m_CRC32Table(21) = &H6DDDE4EB
    m_CRC32Table(22) = &HF4D4B551
    m_CRC32Table(23) = &H83D385C7
    m_CRC32Table(24) = &H136C9856
    m_CRC32Table(25) = &H646BA8C0
    m_CRC32Table(26) = &HFD62F97A
    m_CRC32Table(27) = &H8A65C9EC
    m_CRC32Table(28) = &H14015C4F
    m_CRC32Table(29) = &H63066CD9
    m_CRC32Table(30) = &HFA0F3D63
    m_CRC32Table(31) = &H8D080DF5
    m_CRC32Table(32) = &H3B6E20C8
    m_CRC32Table(33) = &H4C69105E
    m_CRC32Table(34) = &HD56041E4
    m_CRC32Table(35) = &HA2677172
    m_CRC32Table(36) = &H3C03E4D1
    m_CRC32Table(37) = &H4B04D447
    m_CRC32Table(38) = &HD20D85FD
    m_CRC32Table(39) = &HA50AB56B
    m_CRC32Table(40) = &H35B5A8FA
    m_CRC32Table(41) = &H42B2986C
    m_CRC32Table(42) = &HDBBBC9D6
    m_CRC32Table(43) = &HACBCF940
    m_CRC32Table(44) = &H32D86CE3
    m_CRC32Table(45) = &H45DF5C75
    m_CRC32Table(46) = &HDCD60DCF
    m_CRC32Table(47) = &HABD13D59
    m_CRC32Table(48) = &H26D930AC
    m_CRC32Table(49) = &H51DE003A
    m_CRC32Table(50) = &HC8D75180
    m_CRC32Table(51) = &HBFD06116
    m_CRC32Table(52) = &H21B4F4B5
    m_CRC32Table(53) = &H56B3C423
    m_CRC32Table(54) = &HCFBA9599
    m_CRC32Table(55) = &HB8BDA50F
    m_CRC32Table(56) = &H2802B89E
    m_CRC32Table(57) = &H5F058808
    m_CRC32Table(58) = &HC60CD9B2
    m_CRC32Table(59) = &HB10BE924
    m_CRC32Table(60) = &H2F6F7C87
    m_CRC32Table(61) = &H58684C11
    m_CRC32Table(62) = &HC1611DAB
    m_CRC32Table(63) = &HB6662D3D
    m_CRC32Table(64) = &H76DC4190
    m_CRC32Table(65) = &H1DB7106
    m_CRC32Table(66) = &H98D220BC
    m_CRC32Table(67) = &HEFD5102A
    m_CRC32Table(68) = &H71B18589
    m_CRC32Table(69) = &H6B6B51F
    m_CRC32Table(70) = &H9FBFE4A5
    m_CRC32Table(71) = &HE8B8D433
    m_CRC32Table(72) = &H7807C9A2
    m_CRC32Table(73) = &HF00F934
    m_CRC32Table(74) = &H9609A88E
    m_CRC32Table(75) = &HE10E9818
    m_CRC32Table(76) = &H7F6A0DBB
    m_CRC32Table(77) = &H86D3D2D
    m_CRC32Table(78) = &H91646C97
    m_CRC32Table(79) = &HE6635C01
    m_CRC32Table(80) = &H6B6B51F4
    m_CRC32Table(81) = &H1C6C6162
    m_CRC32Table(82) = &H856530D8
    m_CRC32Table(83) = &HF262004E
    m_CRC32Table(84) = &H6C0695ED
    m_CRC32Table(85) = &H1B01A57B
    m_CRC32Table(86) = &H8208F4C1
    m_CRC32Table(87) = &HF50FC457
    m_CRC32Table(88) = &H65B0D9C6
    m_CRC32Table(89) = &H12B7E950
    m_CRC32Table(90) = &H8BBEB8EA
    m_CRC32Table(91) = &HFCB9887C
    m_CRC32Table(92) = &H62DD1DDF
    m_CRC32Table(93) = &H15DA2D49
    m_CRC32Table(94) = &H8CD37CF3
    m_CRC32Table(95) = &HFBD44C65
    m_CRC32Table(96) = &H4DB26158
    m_CRC32Table(97) = &H3AB551CE
    m_CRC32Table(98) = &HA3BC0074
    m_CRC32Table(99) = &HD4BB30E2
    m_CRC32Table(100) = &H4ADFA541
    m_CRC32Table(101) = &H3DD895D7
    m_CRC32Table(102) = &HA4D1C46D
    m_CRC32Table(103) = &HD3D6F4FB
    m_CRC32Table(104) = &H4369E96A
    m_CRC32Table(105) = &H346ED9FC
    m_CRC32Table(106) = &HAD678846
    m_CRC32Table(107) = &HDA60B8D0
    m_CRC32Table(108) = &H44042D73
    m_CRC32Table(109) = &H33031DE5
    m_CRC32Table(110) = &HAA0A4C5F
    m_CRC32Table(111) = &HDD0D7CC9
    m_CRC32Table(112) = &H5005713C
    m_CRC32Table(113) = &H270241AA
    m_CRC32Table(114) = &HBE0B1010
    m_CRC32Table(115) = &HC90C2086
    m_CRC32Table(116) = &H5768B525
    m_CRC32Table(117) = &H206F85B3
    m_CRC32Table(118) = &HB966D409
    m_CRC32Table(119) = &HCE61E49F
    m_CRC32Table(120) = &H5EDEF90E
    m_CRC32Table(121) = &H29D9C998
    m_CRC32Table(122) = &HB0D09822
    m_CRC32Table(123) = &HC7D7A8B4
    m_CRC32Table(124) = &H59B33D17
    m_CRC32Table(125) = &H2EB40D81
    m_CRC32Table(126) = &HB7BD5C3B
    m_CRC32Table(127) = &HC0BA6CAD
    m_CRC32Table(128) = &HEDB88320
    m_CRC32Table(129) = &H9ABFB3B6
    m_CRC32Table(130) = &H3B6E20C
    m_CRC32Table(131) = &H74B1D29A
    m_CRC32Table(132) = &HEAD54739
    m_CRC32Table(133) = &H9DD277AF
    m_CRC32Table(134) = &H4DB2615
    m_CRC32Table(135) = &H73DC1683
    m_CRC32Table(136) = &HE3630B12
    m_CRC32Table(137) = &H94643B84
    m_CRC32Table(138) = &HD6D6A3E
    m_CRC32Table(139) = &H7A6A5AA8
    m_CRC32Table(140) = &HE40ECF0B
    m_CRC32Table(141) = &H9309FF9D
    m_CRC32Table(142) = &HA00AE27
    m_CRC32Table(143) = &H7D079EB1
    m_CRC32Table(144) = &HF00F9344
    m_CRC32Table(145) = &H8708A3D2
    m_CRC32Table(146) = &H1E01F268
    m_CRC32Table(147) = &H6906C2FE
    m_CRC32Table(148) = &HF762575D
    m_CRC32Table(149) = &H806567CB
    m_CRC32Table(150) = &H196C3671
    m_CRC32Table(151) = &H6E6B06E7
    m_CRC32Table(152) = &HFED41B76
    m_CRC32Table(153) = &H89D32BE0
    m_CRC32Table(154) = &H10DA7A5A
    m_CRC32Table(155) = &H67DD4ACC
    m_CRC32Table(156) = &HF9B9DF6F
    m_CRC32Table(157) = &H8EBEEFF9
    m_CRC32Table(158) = &H17B7BE43
    m_CRC32Table(159) = &H60B08ED5
    m_CRC32Table(160) = &HD6D6A3E8
    m_CRC32Table(161) = &HA1D1937E
    m_CRC32Table(162) = &H38D8C2C4
    m_CRC32Table(163) = &H4FDFF252
    m_CRC32Table(164) = &HD1BB67F1
    m_CRC32Table(165) = &HA6BC5767
    m_CRC32Table(166) = &H3FB506DD
    m_CRC32Table(167) = &H48B2364B
    m_CRC32Table(168) = &HD80D2BDA
    m_CRC32Table(169) = &HAF0A1B4C
    m_CRC32Table(170) = &H36034AF6
    m_CRC32Table(171) = &H41047A60
    m_CRC32Table(172) = &HDF60EFC3
    m_CRC32Table(173) = &HA867DF55
    m_CRC32Table(174) = &H316E8EEF
    m_CRC32Table(175) = &H4669BE79
    m_CRC32Table(176) = &HCB61B38C
    m_CRC32Table(177) = &HBC66831A
    m_CRC32Table(178) = &H256FD2A0
    m_CRC32Table(179) = &H5268E236
    m_CRC32Table(180) = &HCC0C7795
    m_CRC32Table(181) = &HBB0B4703
    m_CRC32Table(182) = &H220216B9
    m_CRC32Table(183) = &H5505262F
    m_CRC32Table(184) = &HC5BA3BBE
    m_CRC32Table(185) = &HB2BD0B28
    m_CRC32Table(186) = &H2BB45A92
    m_CRC32Table(187) = &H5CB36A04
    m_CRC32Table(188) = &HC2D7FFA7
    m_CRC32Table(189) = &HB5D0CF31
    m_CRC32Table(190) = &H2CD99E8B
    m_CRC32Table(191) = &H5BDEAE1D
    m_CRC32Table(192) = &H9B64C2B0
    m_CRC32Table(193) = &HEC63F226
    m_CRC32Table(194) = &H756AA39C
    m_CRC32Table(195) = &H26D930A
    m_CRC32Table(196) = &H9C0906A9
    m_CRC32Table(197) = &HEB0E363F
    m_CRC32Table(198) = &H72076785
    m_CRC32Table(199) = &H5005713
    m_CRC32Table(200) = &H95BF4A82
    m_CRC32Table(201) = &HE2B87A14
    m_CRC32Table(202) = &H7BB12BAE
    m_CRC32Table(203) = &HCB61B38
    m_CRC32Table(204) = &H92D28E9B
    m_CRC32Table(205) = &HE5D5BE0D
    m_CRC32Table(206) = &H7CDCEFB7
    m_CRC32Table(207) = &HBDBDF21
    m_CRC32Table(208) = &H86D3D2D4
    m_CRC32Table(209) = &HF1D4E242
    m_CRC32Table(210) = &H68DDB3F8
    m_CRC32Table(211) = &H1FDA836E
    m_CRC32Table(212) = &H81BE16CD
    m_CRC32Table(213) = &HF6B9265B
    m_CRC32Table(214) = &H6FB077E1
    m_CRC32Table(215) = &H18B74777
    m_CRC32Table(216) = &H88085AE6
    m_CRC32Table(217) = &HFF0F6A70
    m_CRC32Table(218) = &H66063BCA
    m_CRC32Table(219) = &H11010B5C
    m_CRC32Table(220) = &H8F659EFF
    m_CRC32Table(221) = &HF862AE69
    m_CRC32Table(222) = &H616BFFD3
    m_CRC32Table(223) = &H166CCF45
    m_CRC32Table(224) = &HA00AE278
    m_CRC32Table(225) = &HD70DD2EE
    m_CRC32Table(226) = &H4E048354
    m_CRC32Table(227) = &H3903B3C2
    m_CRC32Table(228) = &HA7672661
    m_CRC32Table(229) = &HD06016F7
    m_CRC32Table(230) = &H4969474D
    m_CRC32Table(231) = &H3E6E77DB
    m_CRC32Table(232) = &HAED16A4A
    m_CRC32Table(233) = &HD9D65ADC
    m_CRC32Table(234) = &H40DF0B66
    m_CRC32Table(235) = &H37D83BF0
    m_CRC32Table(236) = &HA9BCAE53
    m_CRC32Table(237) = &HDEBB9EC5
    m_CRC32Table(238) = &H47B2CF7F
    m_CRC32Table(239) = &H30B5FFE9
    m_CRC32Table(240) = &HBDBDF21C
    m_CRC32Table(241) = &HCABAC28A
    m_CRC32Table(242) = &H53B39330
    m_CRC32Table(243) = &H24B4A3A6
    m_CRC32Table(244) = &HBAD03605
    m_CRC32Table(245) = &HCDD70693
    m_CRC32Table(246) = &H54DE5729
    m_CRC32Table(247) = &H23D967BF
    m_CRC32Table(248) = &HB3667A2E
    m_CRC32Table(249) = &HC4614AB8
    m_CRC32Table(250) = &H5D681B02
    m_CRC32Table(251) = &H2A6F2B94
    m_CRC32Table(252) = &HB40BBE37
    m_CRC32Table(253) = &HC30C8EA1
    m_CRC32Table(254) = &H5A05DF1B
    m_CRC32Table(255) = &H2D02EF8D

    Const ASM As String = "5589E557565053518B45088B008B750C8B7D108B4D1431DB8A1E30C3C1E80833049F464975F28B4D088901595B585E5F89EC5DC21000"

    ReDim m_CRC32Asmbl(0 To Len(ASM) \ 2 - 1)
    For i = 1 To Len(ASM) Step 2
        m_CRC32Asmbl(i \ 2) = Val("&H" & Mid$(ASM, i, 2))
    Next i
End Sub
本文共 161 个字数,平均阅读时长 ≈ 1分钟
0

打赏

海报

正在生成.....

评论 (0)

取消