import os
import random
import tkinter as tk
from tkinter import filedialog, messagebox, ttk
import shutil
import tempfile
import hashlib
import time
import pefile
import zlib
import sys
import platform
import psutil
from Crypto.Cipher import AES # 仅保留但不用于代码段加密
from Crypto.Util.Padding import pad, unpad # 仅保留但不用于代码段加密
class ExeProtectorApp:
def __init__(self, root):
self.root = root
self.root.title("EXE文件保护工具 v4.2")
self.root.geometry("750x680")
self.root.resizable(True, True)
# 设置中文字体
self.style = ttk.Style()
self.style.configure("TLabel", font=("SimHei", 10))
self.style.configure("TButton", font=("SimHei", 10))
self.style.configure("TProgressbar", thickness=20)
# 创建主框架
self.main_frame = ttk.Frame(root, padding="20")
self.main_frame.pack(fill=tk.BOTH, expand=True)
# 文件选择部分
ttk.Label(self.main_frame, text="选择EXE文件:").grid(row=0, column=0, sticky=tk.W, pady=5)
self.file_path_var = tk.StringVar()
ttk.Entry(self.main_frame, textvariable=self.file_path_var, width=50).grid(row=0, column=1, padx=5, pady=5)
ttk.Button(self.main_frame, text="浏览...", command=self.browse_file).grid(row=0, column=2, padx=5, pady=5)
# 输出目录选择
ttk.Label(self.main_frame, text="输出目录:").grid(row=1, column=0, sticky=tk.W, pady=5)
self.output_dir_var = tk.StringVar()
ttk.Entry(self.main_frame, textvariable=self.output_dir_var, width=50).grid(row=1, column=1, padx=5, pady=5)
ttk.Button(self.main_frame, text="浏览...", command=self.browse_output_dir).grid(row=1, column=2, padx=5, pady=5)
# 选项设置
options_frame = ttk.LabelFrame(self.main_frame, text="选项", padding="10")
options_frame.grid(row=2, column=0, columnspan=3, sticky=(tk.W, tk.E), pady=10)
# 随机字节增加量
ttk.Label(options_frame, text="随机字节增加范围 (KB):").grid(row=0, column=0, sticky=tk.W, pady=5)
self.min_size_var = tk.IntVar(value=100)
ttk.Entry(options_frame, textvariable=self.min_size_var, width=10).grid(row=0, column=1, padx=5, pady=5)
ttk.Label(options_frame, text="至").grid(row=0, column=2, padx=5, pady=5)
self.max_size_var = tk.IntVar(value=1000)
ttk.Entry(options_frame, textvariable=self.max_size_var, width=10).grid(row=0, column=3, padx=5, pady=5)
# 随机性强度
ttk.Label(options_frame, text="随机性强度:").grid(row=0, column=4, sticky=tk.W, pady=5)
self.random_strength = tk.StringVar(value="medium")
strength_options = ttk.Combobox(options_frame, textvariable=self.random_strength, state="readonly", width=12)
strength_options['values'] = ("低", "中", "高")
strength_options.grid(row=0, column=5, padx=5, pady=5)
# 程序类型模拟
ttk.Label(options_frame, text="模拟程序类型:").grid(row=1, column=0, sticky=tk.W, pady=5)
self.app_type = tk.StringVar(value="generic")
app_types = ttk.Combobox(options_frame, textvariable=self.app_type, state="readonly", width=15)
app_types['values'] = ("通用程序", "游戏程序", "办公软件", "系统工具", "开发工具")
app_types.grid(row=1, column=1, padx=5, pady=5)
# 处理方法
self.process_method = tk.StringVar(value="safe")
ttk.Radiobutton(options_frame, text="安全模式", variable=self.process_method, value="safe").grid(row=1, column=2, sticky=tk.W, pady=5)
ttk.Radiobutton(options_frame, text="增强模式", variable=self.process_method, value="enhanced").grid(row=1, column=3, sticky=tk.W, pady=5)
ttk.Radiobutton(options_frame, text="标准保护", variable=self.process_method, value="standard").grid(row=1, column=4, sticky=tk.W, pady=5)
ttk.Radiobutton(options_frame, text="高级保护", variable=self.process_method, value="advanced").grid(row=1, column=5, sticky=tk.W, pady=5)
# 高级选项
advanced_frame = ttk.LabelFrame(self.main_frame, text="保护选项", padding="10")
advanced_frame.grid(row=3, column=0, columnspan=3, sticky=(tk.W, tk.E), pady=10)
self.obfuscate_resources = tk.BooleanVar(value=True)
ttk.Checkbutton(advanced_frame, text="混淆资源文件", variable=self.obfuscate_resources).grid(row=0, column=0, sticky=tk.W, pady=5)
self.encrypt_sections = tk.BooleanVar(value=True)
ttk.Checkbutton(advanced_frame, text="轻度代码变换", variable=self.encrypt_sections).grid(row=0, column=1, sticky=tk.W, pady=5)
self.add_dummy_sections = tk.BooleanVar(value=True)
ttk.Checkbutton(advanced_frame, text="添加随机数据块", variable=self.add_dummy_sections).grid(row=1, column=0, sticky=tk.W, pady=5)
self.randomize_imports = tk.BooleanVar(value=True)
ttk.Checkbutton(advanced_frame, text="随机化导入表顺序", variable=self.randomize_imports).grid(row=1, column=1, sticky=tk.W, pady=5)
# 终极选项
ultra_frame = ttk.LabelFrame(self.main_frame, text="高级优化", padding="10")
ultra_frame.grid(row=4, column=0, columnspan=3, sticky=(tk.W, tk.E), pady=10)
self.anti_vm = tk.BooleanVar(value=False)
ttk.Checkbutton(ultra_frame, text="兼容虚拟机环境", variable=self.anti_vm).grid(row=0, column=0, sticky=tk.W, pady=5)
self.anti_debug = tk.BooleanVar(value=False)
ttk.Checkbutton(ultra_frame, text="调试模式兼容", variable=self.anti_debug).grid(row=0, column=1, sticky=tk.W, pady=5)
self.random_pe_layout = tk.BooleanVar(value=True)
ttk.Checkbutton(ultra_frame, text="随机PE结构布局", variable=self.random_pe_layout).grid(row=1, column=0, sticky=tk.W, pady=5)
self.variable_section_count = tk.BooleanVar(value=True)
ttk.Checkbutton(ultra_frame, text="随机区段数量", variable=self.variable_section_count).grid(row=1, column=1, sticky=tk.W, pady=5)
# 处理按钮
ttk.Button(self.main_frame, text="保护文件", command=self.process_file).grid(row=5, column=0, columnspan=3, pady=20)
# 状态和进度条
self.status_var = tk.StringVar(value="就绪")
ttk.Label(self.main_frame, textvariable=self.status_var).grid(row=6, column=0, columnspan=2, sticky=tk.W, pady=5)
self.progress_var = tk.DoubleVar(value=0)
self.progress_bar = ttk.Progressbar(self.main_frame, variable=self.progress_var, length=100)
self.progress_bar.grid(row=6, column=2, sticky=(tk.W, tk.E), pady=5)
# 默认输出目录
self.output_dir_var.set(os.path.join(os.getcwd(), "protected_exes"))
# 绑定窗口关闭事件
self.root.protocol("WM_DELETE_WINDOW", self.on_closing)
# 初始化随机种子
self.initialize_random_seed()
# 初始化随机种子,使用多种来源确保高随机性
def initialize_random_seed(self):
# 使用多种系统信息和随机源作为种子材料,增强随机性
seed_material = (
time.time_ns().to_bytes(8, 'big') +
os.getpid().to_bytes(4, 'big') +
os.urandom(32) + # 增加随机字节数量
str(psutil.virtual_memory().available).encode() +
str(psutil.cpu_percent(interval=0.1)).encode() +
platform.node().encode() +
str(random.getstate()).encode()
)
# 使用SHA-512获取更复杂的哈希值作为种子
seed = int.from_bytes(hashlib.sha512(seed_material).digest(), 'big')
random.seed(seed)
# 额外增加随机状态初始化
random.getstate()
# 浏览文件
def browse_file(self):
file_path = filedialog.askopenfilename(
filetypes=[("可执行文件", "*.exe"), ("所有文件", "*.*")]
)
if file_path:
self.file_path_var.set(file_path)
# 浏览输出目录
def browse_output_dir(self):
dir_path = filedialog.askdirectory()
if dir_path:
self.output_dir_var.set(dir_path)
# 处理文件
def process_file(self):
exe_path = self.file_path_var.get()
output_dir = self.output_dir_var.get()
if not exe_path:
messagebox.showerror("错误", "请选择一个EXE文件")
return
if not os.path.exists(exe_path):
messagebox.showerror("错误", "选择的文件不存在")
return
if not output_dir:
messagebox.showerror("错误", "请选择输出目录")
return
if not os.path.exists(output_dir):
try:
os.makedirs(output_dir)
except:
messagebox.showerror("错误", "无法创建输出目录")
return
# 获取文件名和扩展名
file_name, file_ext = os.path.splitext(os.path.basename(exe_path))
# 添加随机字符串到输出文件名,确保每次不同
random_suffix = hashlib.sha256(str(time.time_ns()).encode() + os.urandom(16)).hexdigest()[:12]
output_path = os.path.join(output_dir, f"{file_name}_protected_{random_suffix}{file_ext}")
try:
# 更新状态
self.status_var.set("正在处理文件...")
self.progress_var.set(0)
self.root.update()
# 计算随机增加的字节大小
min_size = self.min_size_var.get()
max_size = self.max_size_var.get()
if min_size < 0 or max_size < 0 or min_size > max_size:
messagebox.showerror("错误", "请设置有效的字节增加范围")
return
# 根据随机性强度调整随机范围
strength_factor = 1.0
if self.random_strength.get() == "高":
strength_factor = 1.5
elif self.random_strength.get() == "低":
strength_factor = 0.5
adjusted_min = int(min_size * strength_factor)
adjusted_max = int(max_size * strength_factor)
random_size_kb = random.randint(adjusted_min, adjusted_max)
random_size_bytes = random_size_kb * 1024
# 复制原始文件
shutil.copy2(exe_path, output_path)
# 计算原始文件哈希值
original_hash = self.calculate_file_hash(exe_path)
# 更新进度
self.progress_var.set(5)
self.root.update()
# 根据选择的模式处理文件
if self.process_method.get() == "safe":
self.safe_modify_exe_file(output_path, random_size_bytes)
elif self.process_method.get() == "enhanced":
self.enhanced_modify_exe_file(output_path, random_size_bytes)
elif self.process_method.get() == "standard":
self.standard_protection(output_path, random_size_bytes)
else:
self.advanced_protection(output_path, random_size_bytes)
# 后续哈希计算、进度更新等
modified_hash = self.calculate_file_hash(output_path)
self.progress_var.set(95)
self.root.update()
if self.verify_exe_file(output_path):
self.status_var.set("文件处理完成")
self.progress_var.set(100)
messagebox.showinfo(
"成功",
f"文件保护成功!\n"
f"原始文件大小: {os.path.getsize(exe_path) // 1024} KB\n"
f"处理后文件大小: {os.path.getsize(output_path) // 1024} KB\n"
f"增加了: {random_size_kb} KB\n\n"
f"原始文件哈希 (MD5): {original_hash}\n"
f"处理后文件哈希 (MD5): {modified_hash}\n\n"
f"文件已保存至: {output_path}"
)
else:
self.status_var.set("文件验证失败")
self.progress_var.set(100)
messagebox.showwarning("警告", "处理后的文件可能需要在特定环境运行")
except Exception as e:
self.status_var.set("处理过程中出错")
messagebox.showerror("错误", f"处理文件时出错: {str(e)}")
finally:
self.progress_var.set(0)
# 每次处理后重新初始化随机种子,确保下一次处理的随机性不同
self.initialize_random_seed()
# 计算文件哈希
def calculate_file_hash(self, file_path):
hash_md5 = hashlib.md5()
with open(file_path, "rb") as f:
for chunk in iter(lambda: f.read(4096), b""):
hash_md5.update(chunk)
return hash_md5.hexdigest()
# 安全模式:仅添加正常数据
def safe_modify_exe_file(self, file_path, additional_bytes):
with open(file_path, 'ab') as f:
# 根据选择的应用类型生成对应的数据
app_type = self.app_type.get()
data = self.generate_application_specific_data(additional_bytes, app_type)
f.write(data)
# 增强模式:优化PE结构
def enhanced_modify_exe_file(self, file_path, additional_bytes):
try:
pe = pefile.PE(file_path)
# 更新时间戳,使用更大的随机偏移
pe.FILE_HEADER.TimeDateStamp = int(time.time()) + random.randint(-86400, 86400) # 随机偏移1天内
# 随机化更多非关键的PE头字段
if self.random_pe_layout.get():
pe.FILE_HEADER.PointerToSymbolTable = random.getrandbits(32)
pe.FILE_HEADER.NumberOfSymbols = random.randint(0, 2000)
# 添加更多随机化字段
pe.OPTIONAL_HEADER.MajorLinkerVersion = random.randint(1, 25)
pe.OPTIONAL_HEADER.MinorLinkerVersion = random.randint(0, 99)
pe.OPTIONAL_HEADER.MajorImageVersion = random.randint(1, 20)
pe.OPTIONAL_HEADER.MinorImageVersion = random.randint(0, 99)
# 添加正常附加数据
self.safe_modify_exe_file(file_path, additional_bytes)
pe.write(file_path)
pe.close()
except Exception as e:
print(f"增强模式执行: {e}")
self.safe_modify_exe_file(file_path, additional_bytes)
# 标准保护:添加合理区段
def standard_protection(self, file_path, additional_bytes):
try:
pe = pefile.PE(file_path)
# 随机决定添加的区段数量(1-4个),增加变化性
section_count = 1
if self.variable_section_count.get():
section_count = random.randint(1, 4)
# 添加多个随机区段
for _ in range(section_count):
# 创建新区段
new_section = pefile.SectionStructure(pe.__IMAGE_SECTION_HEADER_format__)
# 生成随机但合理的区段名
new_section.Name = self.generate_sane_section_name()
# 区段大小随机(1-16KB),范围更大
section_size = random.randint(0x1000, 0x4000)
new_section.Misc_VirtualSize = section_size
# 地址对齐,添加更大的随机偏移
base_virtual_address = (pe.sections[-1].VirtualAddress + pe.sections[-1].Misc_VirtualSize + 0x1000 - 1) & ~0xFFF
new_section.VirtualAddress = base_virtual_address + random.randint(0, 0x2000)
base_raw_data = (pe.sections[-1].PointerToRawData + pe.sections[-1].SizeOfRawData + 0x1000 - 1) & ~0xFFF
new_section.PointerToRawData = base_raw_data + random.randint(0, 0x2000)
new_section.SizeOfRawData = section_size
# 随机选择合理的区段属性,增加更多可能性
section_flags = [
0xC0000040, 0x40000040, 0x20000040,
0x80000040, 0x00000040, 0xE0000040,
0x00000080, 0x40000080
]
new_section.Characteristics = random.choice(section_flags)
# 生成与程序类型匹配的区段数据
app_type = self.app_type.get()
new_data = self.generate_application_specific_data(section_size, app_type)
pe.set_bytes_at_offset(new_section.PointerToRawData, new_data)
# 添加新区段到PE结构
pe.sections.append(new_section)
pe.FILE_HEADER.NumberOfSections += 1
pe.OPTIONAL_HEADER.SizeOfImage = (new_section.VirtualAddress + new_section.Misc_VirtualSize + 0x1000 - 1) & ~0xFFF
# 轻度代码变换
if self.encrypt_sections.get():
self.apply_mild_code_transformations(pe)
# 随机化导入表顺序(如果启用)
if self.randomize_imports.get() and hasattr(pe, 'DIRECTORY_ENTRY_IMPORT'):
# 多次随机打乱以增加随机性
for _ in range(random.randint(1, 3)):
random.shuffle(pe.DIRECTORY_ENTRY_IMPORT)
# 添加文件末尾数据
self.safe_modify_exe_file(file_path, additional_bytes)
# 更新时间戳,添加随机偏移
pe.FILE_HEADER.TimeDateStamp = int(time.time()) + random.randint(-86400, 86400) # 随机偏移1天内
pe.write(file_path)
pe.close()
except Exception as e:
print(f"标准保护执行: {e}")
self.enhanced_modify_exe_file(file_path, additional_bytes)
# 高级保护:进一步增加随机性
def advanced_protection(self, file_path, additional_bytes):
try:
pe = pefile.PE(file_path)
# 随机决定添加的区段数量(2-5个),增加更多变化
section_count = 2
if self.variable_section_count.get():
section_count = random.randint(2, 5)
# 添加多个随机区段
for _ in range(section_count):
new_section = pefile.SectionStructure(pe.__IMAGE_SECTION_HEADER_format__)
new_section.Name = self.generate_sane_section_name()
# 区段大小变化更大(1-32KB)
section_size = random.randint(0x1000, 0x8000)
new_section.Misc_VirtualSize = section_size
# 地址对齐,添加更大的随机偏移
base_virtual_address = (pe.sections[-1].VirtualAddress + pe.sections[-1].Misc_VirtualSize + 0x1000 - 1) & ~0xFFF
new_section.VirtualAddress = base_virtual_address + random.randint(0, 0x4000)
base_raw_data = (pe.sections[-1].PointerToRawData + pe.sections[-1].SizeOfRawData + 0x1000 - 1) & ~0xFFF
new_section.PointerToRawData = base_raw_data + random.randint(0, 0x4000)
new_section.SizeOfRawData = section_size
# 随机选择合理的区段属性,增加更多选项
section_flags = [
0xC0000040, 0x40000040, 0x20000040,
0x80000040, 0x00000040, 0xE0000040,
0x00000080, 0x40000080, 0x80000080,
0x20000080, 0x00000100
]
new_section.Characteristics = random.choice(section_flags)
# 生成特定类型的应用数据
app_type = self.app_type.get()
new_data = self.generate_application_specific_data(section_size, app_type)
pe.set_bytes_at_offset(new_section.PointerToRawData, new_data)
pe.sections.append(new_section)
pe.FILE_HEADER.NumberOfSections += 1
pe.OPTIONAL_HEADER.SizeOfImage = (new_section.VirtualAddress + new_section.Misc_VirtualSize + 0x1000 - 1) & ~0xFFF
# 轻度代码变换
if self.encrypt_sections.get():
self.apply_mild_code_transformations(pe)
# 混淆资源(如果启用)
if self.obfuscate_resources.get() and hasattr(pe, 'DIRECTORY_ENTRY_RESOURCE'):
self.obfuscate_pe_resources(pe)
# 随机化导入表顺序,增加随机性
if self.randomize_imports.get() and hasattr(pe, 'DIRECTORY_ENTRY_IMPORT'):
# 多次随机打乱以确保随机性
for _ in range(random.randint(2, 5)):
random.shuffle(pe.DIRECTORY_ENTRY_IMPORT)
# 添加随机数据块,使用随机大小
if self.add_dummy_sections.get():
dummy_size = random.randint(additional_bytes // 3, additional_bytes * 2 // 3)
self.safe_modify_exe_file(file_path, dummy_size)
additional_bytes -= dummy_size
# 添加文件末尾数据
self.safe_modify_exe_file(file_path, additional_bytes)
# 随机化更多PE头字段
if self.random_pe_layout.get():
pe.FILE_HEADER.PointerToSymbolTable = random.getrandbits(32)
pe.FILE_HEADER.NumberOfSymbols = random.randint(0, 5000)
pe.OPTIONAL_HEADER.MajorImageVersion = random.randint(1, 20)
pe.OPTIONAL_HEADER.MinorImageVersion = random.randint(0, 99)
pe.OPTIONAL_HEADER.MajorSubsystemVersion = random.randint(4, 10)
pe.OPTIONAL_HEADER.MinorSubsystemVersion = random.randint(0, 99)
pe.OPTIONAL_HEADER.MajorOperatingSystemVersion = random.randint(5, 10)
pe.OPTIONAL_HEADER.MinorOperatingSystemVersion = random.randint(0, 99)
# 添加更多可随机化的字段
pe.OPTIONAL_HEADER.LoaderFlags = random.getrandbits(32) & 0x00000003 # 仅保留合法值
pe.OPTIONAL_HEADER.NumberOfRvaAndSizes = 16 # 标准值,但可以偶尔修改
if random.random() < 0.3: # 30%概率修改这个值
pe.OPTIONAL_HEADER.SizeOfHeaders = (pe.OPTIONAL_HEADER.SizeOfHeaders + random.randint(0x100, 0x800)) & ~0xFF # 保持对齐
# 更新时间戳,使用更大的随机偏移
pe.FILE_HEADER.TimeDateStamp = int(time.time()) + random.randint(-604800, 604800) # 随机偏移1周内
pe.write(file_path)
pe.close()
except Exception as e:
print(f"高级保护执行: {e}")
self.standard_protection(file_path, additional_bytes)
# 生成模拟特定类型程序的数据,增强随机性和多样性
def generate_application_specific_data(self, size, app_type):
"""根据程序类型生成不同特征的数据,确保每次生成都不同"""
data = bytearray()
# 根据选择的应用类型生成对应的数据模板,增加更多模板项
type_templates = {
"通用程序": [
b"C:\\Program Files\\Common Files\\\x00",
b"HKLM\\Software\\Microsoft\\Windows\\\x00",
b"ERROR_ACCESS_DENIED\x00",
b"SUCCESS\x00",
b"CONFIG_FILE\x00",
b"LOG_FILE\x00",
b"USER_SETTINGS\x00",
b"APPLICATION_DATA\x00",
b"SYSTEM32\x00",
b"KERNEL32.DLL\x00",
b"ADVAPI32.DLL\x00",
(0x00000001).to_bytes(4, 'little'),
(0x00000100).to_bytes(4, 'little'),
(0x00010000).to_bytes(4, 'little'),
(0x00100000).to_bytes(4, 'little'),
],
"游戏程序": [
b"C:\\Program Files\\Game\\Data\\\x00",
b"C:\\Users\\Public\\Documents\\GameSaves\\\x00",
b"TEXTURE_", b"MODEL_", b"SOUND_",
b"LEVEL_", b"SCORE_", b"PLAYER_",
b"ENEMY_", b"WEAPON_", b"QUEST_",
b"ACHIEVEMENT_", b"INVENTORY_",
b"CHARACTER_", b"MAP_", b"DIFFICULTY_",
(0x000F4240).to_bytes(4, 'little'), # 1000000
(0x000003E8).to_bytes(4, 'little'), # 1000
(0x00000064).to_bytes(4, 'little'), # 100
(0x0000000A).to_bytes(4, 'little'), # 10
],
"办公软件": [
b"C:\\Users\\%USERNAME%\\Documents\\\x00",
b"File Format: DOCX\x00",
b"File Format: XLSX\x00",
b"File Format: PPTX\x00",
b"Page ", b"Sheet ", b"Table ",
b"Font ", b"Style ", b"Paragraph ",
b"Header", b"Footer", b"Section",
b"Template", b"Macro", b"Add-in",
b"Spell Check", b"Grammar Check",
b"Word Count", b"Character Count",
(0x0000000A).to_bytes(4, 'little'), # 10
(0x00000014).to_bytes(4, 'little'), # 20
(0x00000064).to_bytes(4, 'little'), # 100
],
"系统工具": [
b"C:\\Windows\\System32\\\x00",
b"C:\\Windows\\SysWOW64\\\x00",
b"HKLM\\SYSTEM\\CurrentControlSet\\\x00",
b"Driver ", b"Service ", b"Device ",
b"Registry ", b"Process ", b"Thread ",
b"Memory ", b"Disk ", b"Network ",
b"Adapter ", b"Protocol ", b"Firewall ",
b"Security ", b"Policy ", b"Account ",
(0x00000001).to_bytes(4, 'little'),
(0x00000000).to_bytes(4, 'little'),
(0xFFFFFFFF).to_bytes(4, 'little'),
(0x00000002).to_bytes(4, 'little'),
],
"开发工具": [
b"C:\\Program Files\\Developer\\SDK\\\x00",
b"C:\\Users\\%USERNAME%\\Source\\\x00",
b"Compiler ", b"Linker ", b"Debugger ",
b"Library ", b"Include ", b"Namespace ",
b"Class ", b"Function ", b"Variable ",
b"Pointer ", b"Array ", b"Struct ",
b"Enum ", b"Union ", b"Template ",
b"Exception ", b"Thread ", b"Mutex ",
(0x00000000).to_bytes(4, 'little'),
(0x00000001).to_bytes(4, 'little'),
(0x00000002).to_bytes(4, 'little'),
(0x00000003).to_bytes(4, 'little'),
]
}
# 获取对应类型的模板
templates = type_templates.get(app_type, type_templates["通用程序"])
# 根据随机性强度调整模板使用方式
template_usage = 0.7 # 70%使用模板,30%使用随机数据
if self.random_strength.get() == "高":
template_usage = 0.5 # 50%使用模板,50%使用随机数据
elif self.random_strength.get() == "低":
template_usage = 0.9 # 90%使用模板,10%使用随机数据
# 填充数据直到达到目标大小,使用更复杂的模式
while len(data) < size:
# 随机选择使用模板还是生成随机数据
if random.random() < template_usage:
# 随机选择一个模板并添加
item = random.choice(templates)
data.extend(item)
# 偶尔添加随机长度的空白或分隔符
if random.random() < 0.4:
separator_length = random.randint(1, 16)
if random.random() < 0.5:
data.extend(b'\x00' * separator_length)
else:
data.extend(b' ' * separator_length)
else:
# 生成更复杂的随机数据
random_len = random.randint(1, 128)
if random.random() < 0.3:
# 生成随机ASCII文本
random_text = bytes(random.choice(b'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-.') for _ in range(random_len))
data.extend(random_text)
elif random.random() < 0.6:
# 生成随机二进制数据
data.extend(os.urandom(random_len))
else:
# 生成随机数值数据
for _ in range(random_len // 4 + 1):
num = random.getrandbits(32)
data.extend(num.to_bytes(4, 'little'))
return data[:size]
# 生成更多样化的合理区段名
def generate_sane_section_name(self):
# 扩展区段名基础列表
base_names = [
b'.data', b'.rdata', b'.text', b'.rsrc', b'.reloc',
b'.bss', b'.edata', b'.idata', b'.pdata', b'.tls',
b'.data1', b'.rdata2', b'.text1', b'.rsrc1',
b'.data_', b'.rdata_', b'.text_', b'.rsrc_',
b'.init', b'.fini', b'.ctors', b'.dtors',
b'.gnu', b'.note', b'.eh_frame', b'.debug',
b'.xdata', b'.pdata', b'.data2', b'.text2',
b'.code', b'.const', b'.dynamic', b'.hash',
b'.plt', b'.got', b'.shstrtab', b'.symtab',
b'.strtab', b'.comment', b'.note.ABI-tag'
]
# 随机选择基础名称并可能添加随机后缀
name = random.choice(base_names)
if random.random() < 0.8: # 提高添加后缀的概率
# 添加更多样化的随机后缀
suffix_type = random.randint(0, 2)
if suffix_type == 0:
# 数字后缀
suffix = str(random.randint(10, 999)).encode()
elif suffix_type == 1:
# 字母后缀
suffix_length = random.randint(1, 3)
suffix = bytes(random.choice('abcdefghijklmnopqrstuvwxyz') for _ in range(suffix_length))
else:
# 混合后缀
suffix = (str(random.randint(1, 9)) +
random.choice('abcdef') +
str(random.randint(10, 99))).encode()
# 确保总长度不超过8字节
name = name[:8-len(suffix)] + suffix
return name.ljust(8, b'\x00')[:8] # 确保正好8字节
# 轻度代码变换,增加更多变换类型
def apply_mild_code_transformations(self, pe):
text_section = None
for section in pe.sections:
if b'.text' in section.Name:
text_section = section
break
if text_section:
data = pe.get_data(text_section.VirtualAddress, text_section.SizeOfRawData)
if not isinstance(data, bytes):
data = bytes(data)
data_list = list(data)
# 根据随机性强度调整变换程度
transform_count = len(data_list) // 200
if self.random_strength.get() == "高":
transform_count = len(data_list) // 100
elif self.random_strength.get() == "低":
transform_count = len(data_list) // 400
# 限制最大变换次数,但增加上限
transform_count = min(200, transform_count)
# 随机选择位置进行更丰富的轻微变换
for _ in range(transform_count):
i = random.randint(0, len(data_list) - 1)
# 增加更多变换类型
transform_type = random.choice(range(8))
if transform_type == 0:
# 加1
data_list[i] = (data_list[i] + 1) % 256
elif transform_type == 1:
# 减1
data_list[i] = (data_list[i] - 1) % 256
elif transform_type == 2:
# 与0xFF异或
data_list[i] ^= 0xFF
elif transform_type == 3:
# 左移一位
data_list[i] = (data_list[i] << 1) % 256
elif transform_type == 4:
# 右移一位
data_list[i] = (data_list[i] >> 1) % 256
elif transform_type == 5:
# 加一个小随机数
data_list[i] = (data_list[i] + random.randint(1, 5)) % 256
elif transform_type == 6:
# 减一个小随机数
data_list[i] = (data_list[i] - random.randint(1, 5)) % 256
else:
# 与一个随机数异或
data_list[i] ^= random.randint(1, 255)
pe.set_bytes_at_offset(text_section.PointerToRawData, bytes(data_list))
# 增强资源混淆
def obfuscate_pe_resources(self, pe):
try:
# 遍历所有资源条目
for resource_type in pe.DIRECTORY_ENTRY_RESOURCE.entries:
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
data_rva = resource_lang.data.struct.OffsetToData
size = resource_lang.data.struct.Size
# 读取资源数据
resource_data = list(pe.get_data(data_rva, size))
# 根据随机性强度调整混淆程度
step_size = 200
if self.random_strength.get() == "高":
step_size = 100
elif self.random_strength.get() == "低":
step_size = 400
# 增加更多变换类型
for i in range(0, len(resource_data), random.randint(step_size-50, step_size+50)):
if i < len(resource_data):
# 随机选择一种变换
transform_type = random.randint(0, 4)
if transform_type == 0:
resource_data[i] = (resource_data[i] + random.randint(1, 5)) % 256
elif transform_type == 1:
resource_data[i] = (resource_data[i] - random.randint(1, 5)) % 256
elif transform_type == 2:
resource_data[i] ^= random.randint(1, 255)
elif transform_type == 3:
resource_data[i] = (resource_data[i] << random.randint(1, 3)) % 256
else:
resource_data[i] = (resource_data[i] >> random.randint(1, 3)) % 256
# 对部分资源进行块级混淆
if random.random() < 0.3 and size > 1024:
block_size = random.randint(64, 256)
for b in range(0, size, block_size):
if random.random() < 0.2: # 20%的块会被翻转
start = b
end = min(b + block_size, size)
resource_data[start:end] = resource_data[start:end][::-1]
# 写回修改后的资源数据
pe.set_bytes_at_offset(data_rva, bytes(resource_data))
except Exception as e:
print(f"资源混淆错误: {e}")
# 计算PE校验和
def calculate_pe_checksum(self, pe):
try:
with open(pe.name, 'rb') as f:
data = f.read()
checksum = 0
for i in range(0, len(data), 2):
if i + 1 < len(data):
w = (data[i+1] << 8) | data[i]
checksum += w
else:
checksum += data[i]
checksum = (checksum >> 16) + (checksum & 0xffff)
checksum += (checksum >> 16)
return 0 - checksum
except:
return 0x00000000
# 验证EXE文件
def verify_exe_file(self, file_path):
try:
pe = pefile.PE(file_path)
pe.close()
return True
except:
return False
# 关闭窗口
def on_closing(self):
if messagebox.askokcancel("退出", "确定要退出程序吗?"):
self.root.destroy()
if __name__ == "__main__":
root = tk.Tk()
app = ExeProtectorApp(root)
root.mainloop()
用户希望每次输出的程序减小TEXT代码段熵值 相对上次输出的程序静态特征都有很大差异 绕过qvm静态分析查杀 2025-07-10 09:57:50 恶意软件(HEUR/QVM10.2.95BA.Malware.Gen)MD5:f4722f1fd2c14e65558207bd3415ed0a已删除此文件,如果您发现误删,可从隔离区恢复此文件。
2025-07-10 10:07:34 恶意软件(HEUR/QVM10.2.95BA.Malware.Gen)MD5:3f519280c806a531c2fd494f392add06已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_2587963335de.exe
2025-07-10 10:05:41 恶意软件(HEUR/QVM10.2.95BA.Malware.Gen)MD5:ad5bf7bf68759eaa5f25587d0e977320已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_4df5eb7b2b48.exe
2025-07-10 10:04:55 恶意软件(HEUR/QVM10.2.95BA.Malware.Gen)MD5:ce816bbac00149bda721dec01d623773已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_5795dc64119b.exe
2025-07-10 10:03:42 恶意软件(HEUR/QVM10.2.95BA.Malware.Gen)MD5:224798374219b4fc6046b1da7f4eb632已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_17f73c7eda70.exe
2025-07-10 10:03:16 恶意软件(HEUR/QVM10.2.95BA.Malware.Gen)MD5:cb3c1534897e38110aeeea2aa71c9d5a已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_eb5a679318ab.exe
2025-07-10 09:57:50 恶意软件(HEUR/QVM10.2.95BA.Malware.Gen)MD5:f4722f1fd2c14e65558207bd3415ed0a已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_7e5282a2592431df.exe
2025-07-10 09:56:51 恶意软件(HEUR/QVM10.2.95BA.Malware.Gen)MD5:63d542dffd607fda49b4ca8880069471已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_0269d064dca0e33d.exe
2025-07-10 09:56:23 恶意软件(HEUR/QVM10.2.95BA.Malware.Gen)MD5:c7edea82a1abefe84502a88980b86356已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_98f344f33553ad04.exe
2025-07-10 09:55:20 恶意软件(HEUR/QVM10.2.95BA.Malware.Gen)MD5:8bb531f637cdae52b17ecab88b28b88d已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_32027bfd1919.exe
2025-07-10 09:54:37 恶意软件(HEUR/QVM10.2.95BA.Malware.Gen)MD5:f03cac215d14019e60e97a0a9dff564a已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_dc0e4952f25d.exe
2025-07-10 09:54:16 恶意软件(HEUR/QVM10.2.95BA.Malware.Gen)MD5:79f41c9ca52f656e0d14d7f99a7c0361已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_d0d314c24b51.exe
2025-07-10 09:36:22 恶意软件(HEUR/QVM10.2.958D.Malware.Gen)MD5:7a8102febd74e861b0f798e130e3bbdf已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_3766493edd57.exe
2025-07-10 09:35:48 恶意软件(HEUR/QVM10.2.958D.Malware.Gen)MD5:ceaa9c2e0ae64a9242eae202c127970a已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_e6c9d5d7be4e.exe
2025-07-10 09:34:47 恶意软件(HEUR/QVM10.2.958D.Malware.Gen)MD5:7cfe0a2c5d8fbce0d86a01613bef166e已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_e3d311d2cf8e.exe
2025-07-10 09:31:31 恶意软件(HEUR/QVM10.2.958D.Malware.Gen)MD5:416cfe49e997da0d85efc5eac7cd33f3已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server.exe
2025-07-10 09:18:33 恶意软件(HEUR/QVM10.2.958D.Malware.Gen)MD5:1dae68d1345fe77c6427f8f36ef257a3已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_100a4418.exe
2025-07-10 09:17:27 恶意软件(HEUR/QVM10.2.958D.Malware.Gen)MD5:22be3cbbdaf6adc964323e6cd7b1830e已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_a423e3f7.exe
2025-07-10 09:16:34 恶意软件(HEUR/QVM10.2.958D.Malware.Gen)MD5:19811a97d4f619ccc30fbd9355710c94已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_42c8f493.exe
2025-07-10 09:15:28 恶意软件(HEUR/QVM10.2.9551.Malware.Gen)MD5:603aa37cafcc1a97ba7d3b6944e7c44f已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_1870a4d5.exe
2025-07-10 09:15:28 恶意软件(HEUR/QVM10.2.9551.Malware.Gen)MD5:f4f3aaa34d45f6d392ab02d469529fa2已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_6ef68774.exe
2025-07-10 09:02:21 恶意软件(HEUR/QVM10.2.9551.Malware.Gen)MD5:d963a3b990e387d512c1505cc1defc2d已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\appdata\local\temp\vmware-odaycaogen'\vmwarednd\4e3bc625\server_protected_b162fbecda18.exe
2025-07-10 09:02:20 恶意软件(HEUR/QVM10.2.9551.Malware.Gen)MD5:d963a3b990e387d512c1505cc1defc2d已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_b162fbecda18.exe
2025-07-10 09:01:55 恶意软件(HEUR/QVM10.2.9551.Malware.Gen)MD5:6613a15d293baa581027037940f38123已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_0c7cdb86447c.exe
2025-07-10 09:01:13 恶意软件(HEUR/QVM10.2.9551.Malware.Gen)MD5:6e784a5d6e4c5cd3e102341571186c02已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_91770c617ba9.exe
2025-07-10 09:00:26 恶意软件(HEUR/QVM10.2.9551.Malware.Gen)MD5:ebaba98d0a9815b21c637a4f2cb2fea8已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_c5080514e48f.exe
2025-07-10 08:59:26 恶意软件(HEUR/QVM10.2.9551.Malware.Gen)MD5:3e2c4fc7477c93fe7446866dfa0c0d2a已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_917a4f029497.exe
2025-07-10 08:59:00 恶意软件(HEUR/QVM10.2.9551.Malware.Gen)MD5:fce5281cf86dca7226f2dde2764ceee1已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_e3ea24fe8204.exe
2025-07-09 20:41:17 恶意软件(HEUR/QVM10.2.9279.Malware.Gen)MD5:28391ff043ea6b95c0a22c42b827fd13已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_d94e61705c0d.exe
2025-07-09 20:39:48 恶意软件(HEUR/QVM10.2.9279.Malware.Gen)MD5:0dbbcc8071f854fa75fe485c055e9cb0已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_df81323ec213.exe
2025-07-09 20:39:17 恶意软件(HEUR/QVM10.2.9279.Malware.Gen)MD5:1d3e05e3d94613d048aff46974c9eae5已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_08d18b05d328.exe
2025-07-09 20:38:43 恶意软件(HEUR/QVM10.2.9279.Malware.Gen)MD5:cd26422e884d3110bc75080d27c1c069已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_e06bbef612d8.exe
2025-07-09 20:38:08 恶意软件(HEUR/QVM10.2.9279.Malware.Gen)MD5:8b12ffcdf948eca4636292ee8399b390已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_61f1aadc6f43.exe
2025-07-09 20:37:25 恶意软件(HEUR/QVM10.2.9279.Malware.Gen)MD5:7eb6481e075f5eeb5465e6395b55db92已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\users\odaycaogen'\desktop\server_protected_789d8774794b.exe
2025-07-09 18:54:48 恶意软件(HEUR/QVM10.2.9231.Malware.Gen)MD5:5c7d6aec8656f4850e914408c8779c35已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\program files\360\360safe\softmgr\whitelist\myapp_36171265\454336_protected_9d9289dd.exe
2025-07-09 18:54:43 恶意软件(HEUR/QVM10.2.9231.Malware.Gen)MD5:5c7d6aec8656f4850e914408c8779c35已删除此文件,如果您发现误删,可从隔离区恢复此文件。 c:\program files\360\360safe\softmgr\whitelist\myapp_36170329\454336_protected_9d9289dd.exe
2025-07-09 18:48:32 恶意软件(HEUR/QVM10.2.9231.Malware.Gen)MD5:8b18925bca5cf9c236bae2ed5f39e67c已删除此文件,如果您发现误删,可从隔离区恢复此文件。
最新发布