pour que les choses soient claires J'utilise pas d'antivirus ,pour moi il ne sert à rien, ....
passons aux choses sérieuses , j'ai constaté qu'il ya quelque antivirus qui détecte les applications compiler par pb comme des virus pour rien exemple :
Code : Tout sélectionner
MessageRequester(":(","By Celtic88")
https://www.virustotal.com/fr/file/6bdf ... 513183060/
ok ,
-les étapes pour rendre notre Pb FUD :
* il ya d'autre moyen pour 'contourner' les av , j'ai choisi la méthode la plus simple pour qu'elle soit utilisé par tous :
il faut tout d'abord compiler notre pb en dll on ajoutent une simple fonction , qui sert à être appeler quand le programme se lance
voilà l'éxemple et la fonction à ajouter
Code : Tout sélectionner
CompilerIf #PB_Compiler_ExecutableFormat = #PB_Compiler_DLL
ProcedureDLL Start_EXE () ; procedure that will be called when the program loads
;//not change anything...
Protected OK = 999999;junk code
!PUSH 999999
;........
!PUSH dword 0
!CALL _GetModuleHandleW@4
!MOV [_PB_Instance],eax
!CALL PB_DllInit
!CALL _PB_EOP
ExitProcess_(0)
EndProcedure
CompilerEndIf
;here your code
MessageRequester("","By Celtic88")
;..
et voilà le patche
Code : Tout sélectionner
;// By Celtic88 @hotmail.fr
;// Convert 'PB dll' to Exe
DLL.S = OpenFileRequester ( "Select Pb Dll File..." , "" , "Dll (*.dll)" , 0 )
Declare Patch_Pb_Dll_To_Exe ( DLLPath.s )
If Patch_Pb_Dll_To_Exe ( DLL ) = 1
MessageRequester("","All is ok :)")
EndIf
Procedure Rva2Offset( dwRva, *pLibrary)
Protected *tIMAGE_DOS_HEADER.IMAGE_DOS_HEADER = *pLibrary
Protected *tIMAGE_NT_HEADERS.IMAGE_NT_HEADERS = *tIMAGE_DOS_HEADER + *tIMAGE_DOS_HEADER\e_lfanew
Protected *tIMAGE_SECTION_HEADER.IMAGE_SECTION_HEADER = *tIMAGE_NT_HEADERS + SizeOf ( IMAGE_NT_HEADERS )
With *tIMAGE_SECTION_HEADER
For i = 1 To *tIMAGE_NT_HEADERS\FileHeader\NumberOfSections
If \VirtualAddress < = dwRva And \VirtualAddress + \SizeOfRawData > dwRva
ProcedureReturn ( dwRva - \VirtualAddress ) + \PointerToRawData
EndIf
*tIMAGE_SECTION_HEADER + SizeOf ( IMAGE_SECTION_HEADER )
Next
EndWith
EndProcedure
Procedure Patch_Pb_Dll_To_Exe ( DLLPath.s )
#IMAGE_DOS_HEADER = $5A4D;//Magic number
#IMAGE_NT_SIGNATURE = $00004550;//signature
#IMAGE_SUBSYSTEM_WINDOWS_GUI = 2 ;//Windows graphical user interface (GUI) subsystem.
#IMAGE_FILE_DLL = $2000 ;//The image is a DLL file. While it is an executable file, it cannot be run directly.
#IMAGE_DIRECTORY_ENTRY_BASERELOC = 5
#IMAGE_REL_BASED_HIGHLOW = 3
#IMAGE_REL_BASED_DIR64 = 10
Structure IMAGE_BASE_RELOCATION ; from winnt.h
VirtualAddress.l
SizeOfBlock.l
EndStructure
Protected file = OpenFile ( #PB_Any , DLLPath ) ;//Open Dll
If Not file : ProcedureReturn - 1 : EndIf
Protected size = Lof ( file )
Protected *pLibrary = AllocateMemory ( size )
ReadData ( file , *pLibrary , size )
CloseFile ( file )
;//Read PE format
Protected *tIMAGE_DOS_HEADER.IMAGE_DOS_HEADER = *pLibrary
;//Check If it's valid format
If ( *tIMAGE_DOS_HEADER\e_magic < > #IMAGE_DOS_HEADER ) : ProcedureReturn - 2 : EndIf;// MS-DOS header missing.
Protected *tIMAGE_NT_HEADERS.IMAGE_NT_HEADERS = *tIMAGE_DOS_HEADER + *tIMAGE_DOS_HEADER\e_lfanew
With *tIMAGE_NT_HEADERS
;// Check signature
If ( \Signature < > #IMAGE_NT_SIGNATURE ) : ProcedureReturn - 2 : EndIf;// wrong signature.
;// Check if is a dll file
If (\FileHeader\Characteristics & #IMAGE_FILE_DLL) <> #IMAGE_FILE_DLL:ProcedureReturn -2:EndIf ;//noop :/
;//Get Pe Section
Protected *tIMAGE_SECTION_HEADER.IMAGE_SECTION_HEADER = *tIMAGE_NT_HEADERS + SizeOf ( IMAGE_NT_HEADERS )
;// Export Directory
Protected ExportVirtualAddress = \OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_EXPORT]\VirtualAddress
Protected RelocVirtualAddress=\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_BASERELOC]\VirtualAddress
Protected *PreferredBase = \OptionalHeader\ImageBase
Protected *NewBase = $00400000 ;The default value for DLLs is 0x10000000. The default value for applications is 0x00400000
EndWith
Protected *tIMAGE_EXPORT_DIRECTORY.IMAGE_EXPORT_DIRECTORY ,
*AddressOfNames.long , *AddressOfNameOrdinals.Word , *StartAddressOfFunctions,
*AddressOfFunctions.long , AddressOf_Start_EXE ,
*ir.IMAGE_BASE_RELOCATION,*e.Unicode,ii,*i.integer
For i = 1 To *tIMAGE_NT_HEADERS\FileHeader\NumberOfSections
With *tIMAGE_SECTION_HEADER
;//Find Address of Procedure "Start_EXE()"
If \VirtualAddress < = ExportVirtualAddress And \VirtualAddress + \SizeOfRawData > ExportVirtualAddress
Delta = \VirtualAddress - \PointerToRawData
*tIMAGE_EXPORT_DIRECTORY = *pLibrary + ( ExportVirtualAddress - \VirtualAddress ) + \PointerToRawData
Debug "Dll Name : " + PeekS ( *pLibrary + ( *tIMAGE_EXPORT_DIRECTORY\Name - Delta ) , - 1 , #PB_Ascii )
*AddressOfNames = *pLibrary + *tIMAGE_EXPORT_DIRECTORY\AddressOfNames - Delta
*AddressOfNameOrdinals = *pLibrary + *tIMAGE_EXPORT_DIRECTORY\AddressOfNameOrdinals - Delta
*StartAddressOfFunctions = *pLibrary + *tIMAGE_EXPORT_DIRECTORY\AddressOfFunctions - Delta
For o = 0 To *tIMAGE_EXPORT_DIRECTORY\NumberOfNames - 1
*AddressOfFunctions = *StartAddressOfFunctions + (*AddressOfNameOrdinals\w * SizeOf ( long ) )
;//Debug PeekS(*pLibrary+*AddressOfNames\l-Delta,-1,#PB_Ascii) + " " +
;//Hex(*AddressOfNameOrdinals\w) + " " +
;//Hex(*AddressOfFunctions\l)
If PeekS( *pLibrary + *AddressOfNames\l - Delta , - 1 , #PB_Ascii ) = "Start_EXE";// yoop is here :)
Debug "Address Of 'Start_EXE()' is : " + Hex ( *AddressOfFunctions\l )
AddressOf_Start_EXE = *AddressOfFunctions\l;//save Address...
Break;//break
EndIf
*AddressOfNameOrdinals + SizeOf ( Word )
*AddressOfNames + SizeOf ( long )
Next
EndIf
If \VirtualAddress <= RelocVirtualAddress And \VirtualAddress+ \SizeOfRawData > RelocVirtualAddress
*ir= *pLibrary+\PointerToRawData+ (RelocVirtualAddress-\VirtualAddress)
While *ir\VirtualAddress
Debug "Reloc RVA : " + Hex(*ir\VirtualAddress)
*e=*ir+SizeOf(IMAGE_BASE_RELOCATION)
For ii=1 To (*ir\SizeOfBlock-SizeOf(IMAGE_BASE_RELOCATION))/SizeOf(Word)
If ((*e\u >> 12) & $000F = #IMAGE_REL_BASED_HIGHLOW) Or
((*e\u >> 12) & $000F = #IMAGE_REL_BASED_DIR64)
*i = *pLibrary + (Rva2Offset(*ir\VirtualAddress, *pLibrary) + (*e\u & $0fff))
*i\i - *PreferredBase
*i\i + *NewBase ;// add new imge base address
EndIf
*e + SizeOf(Unicode)
Next
*ir +*ir\SizeOfBlock
Wend
EndIf
EndWith
*tIMAGE_SECTION_HEADER + SizeOf ( IMAGE_SECTION_HEADER )
Next
If AddressOf_Start_EXE;//Finally , write new pe headers
*tIMAGE_NT_HEADERS\OptionalHeader\ImageBase = *NewBase
*tIMAGE_NT_HEADERS\FileHeader\Characteristics ! #IMAGE_FILE_DLL;// remove FILE_DLL attribute
Debug "original Entry Point" + *tIMAGE_NT_HEADERS\OptionalHeader\AddressOfEntryPoint
*tIMAGE_NT_HEADERS\OptionalHeader\AddressOfEntryPoint = AddressOf_Start_EXE;//change Entry point to address of "Start_EXE()"
*tIMAGE_NT_HEADERS\OptionalHeader\Subsystem = #IMAGE_SUBSYSTEM_WINDOWS_GUI
file = CreateFile ( #PB_Any , GetFilePart ( DLLPath , #PB_FileSystem_NoExtension ) + ".exe" ) ;//create new pe file
If Not file : ProcedureReturn - 4 : EndIf
WriteData ( file , *pLibrary , size )
CloseFile ( file )
ProcedureReturn 1;// congratulations :)
Else
;// Procedure "Start_EXE()" not exists ;!!!
ProcedureReturn - 3
EndIf
EndProcedure
2/67 pas mal, et notre application est plus détecté comme un prog pb
https://www.virustotal.com/fr/file/a6a4 ... 513187346/
pour les programmeurs avancés cette méthode sert aussi a exécuté le exe directement depuis la mémoire et on peut même exporter ces procédure comme une dll
a+
By .