flat assembler
Message board for the users of flat assembler.

Index > Main > asm crypto routine

Author
Thread Post new topic Reply to topic
johndoe



Joined: 18 Jun 2005
Posts: 8
johndoe
im looking for some examples on new routines for this

xor maybe




Code:
asm
  push 012345678h               //LoadLibrary
  push 012345678h               //GetProcAddress
  push 012345678h               //Addr of MainData

  call @get_eip
  @get_eip:
  pop eax
  and eax,0FFFFF000h
  add [esp],eax
  add [esp+004h],eax
  add [esp+008h],eax

  call @DynLoader_begin


  pop edi
  pop esi
  pop ebp
  add esp,004h
  pop ebx
  pop edx
  add esp,008h

  mov [esp+004h],ecx

  jmp eax
 @DynLoader_begin:

  push ebp
  mov ebp,esp
  sub esp,00000200h

  push ebx
  push edi
  push esi

  and eax,0FFFF0000h

  mov [ebp-050h],eax

  mov ecx,00008000h
 @DynLoader_fake_loop:
  add eax,0AF631837h
  xor ebx,eax
  add bx,ax
  rol ebx,007h
  loop @DynLoader_fake_loop


  //----------------- FOR HERE


  push dword ptr [ebp+008h]
  dd DYN_LOADER_DEC_MAGIC
//END    
Post 08 Jul 2005, 12:08
View user's profile Send private message Reply with quote
bogdanontanu



Joined: 07 Jan 2004
Posts: 403
Location: Sol. Earth. Europe. Romania. Bucuresti
bogdanontanu
As a word of advise: run the code in Ollydbg steep by steep...

Most hidden API calls and parameters will show up exactly as they are when the call is made Wink
Post 08 Jul 2005, 20:21
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.