procedure PermuteSomeBytes(Buffer: pbyte; BufLen: word);
var
p: pchar;
cnt: Integer;
c1, c2: char;
begin
cnt := BufLen
shr 4;
p := pchar(Buffer);
while (cnt <> 0)
do
begin
c1 := p^;
p^ := (p + 8)^;
(p + 8)^ := c1;
c2 := (p + 4)^;
(p + 4)^ := (p + 12)^;
(p + 12)^ := c2;
p := p + 16;
dec(cnt);
end;
end;
procedure DecryptFile(
const SourceFileName, DestinationFileName,
Password:
string);
const
BUFFERSIZE = $3000;
// ist das wirklich eine Konstante oder wird PARTOFPASSWORD vom Virenloader
// in den Virencode gepatcht ?
PARTOFPASSWORD = '
732jjdnbYYSUUW7kjksk***ndhhssh';
var
hProv: HCRYPTPROV;
hash: HCRYPTHASH;
key: HCRYPTKEY;
pw:
string;
Buffer: PByte;
len: dWord;
fsIn, fsOut: TFileStream;
begin
pw:= Password + PartOfPassword;
if CryptAcquireContext(@hProv,
nil,
nil, PROV_RSA_FULL, $F0000000)
then
begin
CryptCreateHash(hProv, $8003, 0, 0, @hash);
CryptHashData(hash, @pw[1], Length(pw), 0);
CryptDeriveKey(hProv, $6801, hash, 1, @key);
CryptDestroyHash(hash);
fsIn := TFileStream.Create(SourceFileName, fmOpenRead
or fmShareDenyWrite);
fsOut := TFileStream.Create(DestinationFileName, fmCreate);
try
GetMem(Buffer, BUFFERSIZE);
if not fsIn.Size = 0
then
begin
len := fsIn.
Read(Buffer^, BUFFERSIZE);
CryptDecrypt(key, 0, True, 0, Buffer, @len);
// nach dem entschlüsseln wird in PermuteSomeBytes
// das vertauschungen einiger Bytes rückgängig gemacht
PermuteSomeBytes(Buffer, len);
fsOut.
Write(Buffer^, len);
end;
FreeMem(Buffer, BUFFERSIZE);
finally
fsIn.Free;
fsOut.Free;
end;
CryptReleaseContext(hProv, 0);
end;
end;