Encrypt a function in PE and decrypt in memory- C++

Question

0.00/5 (No votes)

See more:

I want to keep an important function encrypted in the exe and while running the program, decrypt it at run time from memory. After execution of the function, I will encrypt it back in the memory (so that memory dump can't be analyzed).

I am able to decrypt and encrypt it in memory successfully. But I am not sure, keeping a function as encrypted in an exe is possible or not. If possible, how can I do it? I am trying to find the function offset and encrypt the function body. Keeping a function body encrypted will corrupt the exe? Please help me with suggestions. Below given is the memory encryption/decryption code:

What I have tried:

<pre>void TestFunction()
{
	MessageBoxA(0, "This will be encrypted", "Test", 0);
}
void stubFunction()
{

}

static bool XORMemory(DWORD pStartAddr, int nLength)
{
	if (!pStartAddr || nLength <= 0)
		return false;

	unsigned char* p = (unsigned char*)(pStartAddr);
	p = p + 4;
	for (int i = 0; i < nLength; i++)
	{
		*p++ ^= 0x5A;
	}

	return true;
}

Posted 9-Dec-19 21:45pm

PECoder

Updated 9-Dec-19 22:17pm

v3

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CPallini · Answer 1 · 2019-12-09T22:06:00

Solution 1

Here some insight: assembly - How could I generate and execute machine code at runtime? - Stack Overflow[^].

Posted 9-Dec-19 22:06pm

CPallini

Comments

PECoder 11-Dec-19 0:12am

Thank you. The link you provided is having a lot of information about different helpful topics. It will definitely help me.
As of now, I found a solution that I have mentioned in the comment below.

CPallini 11-Dec-19 2:58am

You are welcome.

Richard MacCutchan · Answer 2 · 2019-12-09T22:18:00

Solution 2

I do not think that is possible since the actual code to be encrypted is generated by the compiler, and then needs to be modified by the linker. So you cannot encrypt it until it is part of the final exe. But at that point any modification to the content of the executable file could mean the loader cannot handle it. Maybe you need to rethink exactly what you are trying to achieve here.

Posted 9-Dec-19 22:18pm

Richard MacCutchan

Comments

PECoder 11-Dec-19 0:07am

Thank you for the replay. I found a solution. I encrypted the function in PE and added a stub segment as PE entry point. It will decrypt the function while loading in memory and immediately encrypt it back. So the function will remain encrypted in memory.