Article Directory
Windows hacking programming series
Programming for VS and windows is too stiff, and it takes a long time to find every step of the operation.
Resource release
Virus Trojans use resource release technology extensively because it can make programs more concise.
- If the program needs to load some third-party DLL files, text files, picture files, or other audio and video files, you can insert them as resources in the program.
- After waiting for the program to run, release them to the local.
The advantage of this is that the compiled program has only one exe file, without the need to attach other files, thus making the program very concise and reducing the risk of being found.
Resource insertion
Environment: VS2019
Just create a new console program.
- Right-click resource file-> add-> resource
- Select Custom, enter the resource type you want to fill in, I filled in MYTYPES.
- Select MYTEPES type and click import
- Then insert the file you want to insert.
- After the insertion is complete, we check whether the resource file is successfully inserted. View-> Other Window-> Resource View
Perform resource extraction
// ConsoleApplication1.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。
//
#undef UNICODE
#include <Windows.h>
#include <stdio.h>
#include "resource.h"
// 提取资源
BOOL FreeMyResourse(UINT uiResouceName, char *lpszResourceType, char* lpszSaveFileName)
{
HRSRC hRsrc = FindResource(NULL, MAKEINTRESOURCE(uiResouceName), lpszResourceType);
if (hRsrc == NULL)
{
printf("can't find the resource!\n");
return FALSE;
}
DWORD dwSize = SizeofResource(NULL, hRsrc);
if (dwSize <= 0)
{
printf("the resource's size is error!\n");
return FALSE;
}
HGLOBAL hGlobal = LoadResource(NULL, hRsrc);
if(hGlobal == NULL)
{
printf("load resource error!\n");
return FALSE;
}
LPVOID lpVoid = LockResource(hGlobal);
if (lpVoid == NULL)
{
printf("lock resource error!\n");
return FALSE;
}
FILE* fp = NULL;
fopen_s(&fp, lpszSaveFileName, "wb+");
if (fp == NULL)
{
printf("open file error!\n");
return FALSE;
}
fwrite(lpVoid, sizeof(char), dwSize, fp);
fclose(fp);
return TRUE;
}
int main()
{
char lpszResourceType[20] = "MYTYPES";
char szSaveFileName[20] = "555.txt";
BOOL flag = FreeMyResourse(IDR_MYTYPES2, lpszResourceType, szSaveFileName);
if (flag == TRUE)
{
printf("the resource is free!\n");
}
return 0;
}
You can see that 555.txt has been successfully extracted.
Small problems encountered during
- Real parameter of type "char *" is not compatible with parameter of type "LPCWSTR"
- Undefined identifier "IDR_MYTYPES2"
first question:
#undef UNICODE
Just add this line before the header file.
second question:
#include "resource.h"
This identifier was shown in the last part of inserting the resource above, but the program has not defined this identifier because the resource.h header file was not introduced.
DLL delayed loading
When developing programs, third-party libraries are usually used. But not all third-party libraries will provide static files, most will provide DLL files, so that the program needs the corresponding DLL file to load and start.
DLL lazy loading technology is a method of compiling and linking executable files using lazy loading. In this way, the executable program can be loaded and executed first, and the dependent DLL is loaded again when it is officially called.
This technology can be used in conjunction with the resource release technology, that is, load the DLL file into the resource section of the exe file, and then reduce the probability of discovery by releasing the resource + DLL delayed loading, only one exe file, no additional DLL Files, and do n’t worry about losing DLL files.
How to lazy load DLL files
- Right-click the project-> Properties-> Linker-> Input-> Lazy Loaded DLL
- Enter the DLL file that needs to be delayed and click OK
