/*
- EvilProtector 2.8 Deobfuscator
- Created by Zyrel
- Don't use this software for lamering please
- Syntax: Deobfuscator.exe file_to_deobfuscate.exe
*/
#include <windows.h>
#include <stdio.h>
int main(int argc, char *argv[])
{
HANDLE hFile;
BYTE *BaseAddress;
DWORD FileSize, BR;
IMAGE_DOS_HEADER *ImageDosHeader;
IMAGE_NT_HEADERS *ImageNtHeaders;
if (argc < 2)
{
printf("\n+Numero argomenti insufficiente.\n");
return -1;
}
hFile = CreateFile(argv[1], GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if (hFile == INVALID_HANDLE_VALUE)
{
printf("+Cannot Open the File\n");
return -1;
}
FileSize = GetFileSize(hFile, NULL);
BaseAddress = (BYTE *) malloc(FileSize);
if (!ReadFile(hFile, BaseAddress, FileSize, &BR, NULL))
{
free(BaseAddress);
CloseHandle(hFile);
return -1;
}
ImageDosHeader = (IMAGE_DOS_HEADER *) BaseAddress;
ImageNtHeaders = (IMAGE_NT_HEADERS *)(ImageDosHeader->e_lfanew + (DWORD) ImageDosHeader);
if (ImageNtHeaders->OptionalHeader.NumberOfRvaAndSizes == IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT) {
printf("\n+Protection found...");
BYTE Fix[] = {0x10};
SetFilePointer(hFile, 0xF4,NULL, FILE_BEGIN);
if(!WriteFile(hFile, Fix, sizeof(Fix), &BR, NULL))
{
printf("\n+Error: Unable to write file\n");
CloseHandle(hFile);
free(BaseAddress);
return -1;
}
printf("\n+Protecion removed...");
}else{printf("\n+The file does not seem to be protected from EvilProtector 2.8 :(\n");}
free(BaseAddress);
CloseHandle(hFile);
return 0;
}