flat assembler
Message board for the users of flat assembler.

Index > Windows > PE with encrypted strings and imports

Author
Thread Post new topic Reply to topic
resoftw



Joined: 26 Dec 2005
Posts: 12
Location: .id
resoftw
Here you can create a PE with encrypted strings and imports using win32x.inc. This is my first try of fasm's great macro.
You can add mimas's code encryption on thread:
flat assembler > Macroinstructions > XOR Crypting Macro So it will be a full encrypted PE...
Sorry for the bad english! Embarassed
btw i'm new here n in 'FASM World' greets to all! Very Happy
FASM ROCKS! Thanks Thomasz!
Some question:
Why cant I use the JohnFound's Global Macro on FASM 1.64? Question
nb:
assemble blank.asm and put the resulting .exe to the same dir as win32x.inc, that is your fasminc directory. Smile


Description:
Download
Filename: win32X.zip
Filesize: 3.06 KB
Downloaded: 122 Time(s)


_________________
Image Loading my signature, please wait...
^_^


Last edited by resoftw on 30 Dec 2005, 18:54; edited 1 time in total
Post 28 Dec 2005, 21:18
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
resoftw: because it just isn't in FASM standard macro package.

I suggest you to stick to following definition, because it will (hopefully) be future FASM Standard Library standard - name was changed to "idata" or "udata" (instead of "iglobal" / "uglobal").

Also block isn't enclosed just in "idata" - "endg", but it beheaves like usual macro definition (it IS macrodefintion anyway). So you use it in this manner:
Code:
idata {
  db 1
  mylabel db "aaaaaa",0
}    


I changed this, because when using JohnFound's "endg" inside macro-definition, you had to excape it ( "\endg") to work properly, and this could be confusing. Escaping symbol "}" comes more natural than escaping "endg" IMO.

So here is the definition:
Code:
macro idata arg
{
  __IData equ __IData,   ;add one ',' to __IData, initial "__IData" before ','s will be used 
to call macro
  macro __IDataBlock     ;begin macro (or overload old one) which holds data inside "idata" 
block
  arg
}

macro udata arg
{
  __UData equ __UData,
  macro __UDataBlock
  arg
}

;include all "idata"-defined blocks
macro IncludeIData
{
  macro __IData dummy,[n]  ;create macro which will be invoked, [n] makes sure macro's 
forward will
  \{                       ;be preprocessed for each ',' added to __IData
    \forward
       __IDataBlock        ;use the macro with data
       purge __IDataBlock  ;and remove it so previous macro becomes avilable
  \}
  match I, __IData \{ I \} ;and now unroll __IData macro (just "__IData" wouldn't do, 
replaced equate isn't
                           ;preprocessed anymore and so it wouldn't beheave as macro usage)
  purge __IData            ;__Idata macro is not needed anymore
}


;include all "udata"-defined blocks
macro IncludeUData         ;... same as IncludeIData but it is whole in virtual to count size 
and define labels
{                          ;and then required space is reserved
  macro __UData dummy,[n]
  \{
    \common
       \local ..begin, ..size
       ..begin = $
       virtual at $
    \forward
       __UDataBlock
       purge __UDataBlock
    \common
       ..size = $ - ..begin
       end virtual
       rb ..size
   \}
  match U, __UData
  \{
    U
  \}
  purge __UData
}

;include both with this directive
macro IncludeAllData
{
  IncludeIData
  IncludeUData
}
idata {}
udata {}
    

and here is example:
Code:
idata {myslabel db 20}
udata {
  string db "Breaking backward compatibility",10,0
  buffer rb 100
}
...
IncludeAllData
    
Post 28 Dec 2005, 22:11
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
shism2



Joined: 14 Sep 2005
Posts: 248
shism2
how to compile.....
Post 28 Dec 2005, 23:51
View user's profile Send private message Reply with quote
resoftw



Joined: 26 Dec 2005
Posts: 12
Location: .id
resoftw
shism2 wrote:
how to compile.....


Code:
include "win32x.inc" ;include this

;declare dbx strings (encrypted strings)
hello dbx 'Hello World!',0
title dbx 'Win32X test App',0

main: ; program's main...
         ; define this if using win32x.inc
    undbxall ; decrypting all dbx strings...
         ; call it before using any dbx strings
         ; and should be placed after all of dbx declarations...
         ; coz it's a macro..

    invoke MessageBox,0,hello,title,0
    invoke ExitProcess,0
    

That's all, use FASMW 1.64, I never tried lower version

BLANK.ASM is source code for DOS STUB (blank.exe) Wink

vid: Thanks alot for your great help....
I was using nasm just before I use fasm.. that's why I want this macro to be working badly....

regards

_________________
Image Loading my signature, please wait...
^_^
Post 29 Dec 2005, 17:59
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
resoftw: nasm had ability / macro to move parts of code elsewhere? Or you mean concatenating sections by linker?
Post 29 Dec 2005, 18:31
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
resoftw



Joined: 26 Dec 2005
Posts: 12
Location: .id
resoftw
vid: yes that's it, concatenating sections by linker, i know it's a linker's job, but with powerful 'Flat Assembler' and it's macro features, why not?

Your solution helps so much, thanks vid! Very Happy

_________________
Image Loading my signature, please wait...
^_^
Post 29 Dec 2005, 20:03
View user's profile Send private message Reply with quote
shism2



Joined: 14 Sep 2005
Posts: 248
shism2
This is what I get


File not found :
format PE gui on 'BLANK.EXE'
Post 30 Dec 2005, 02:58
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
shihsm: remove on 'BLANK.EXE', it can go without it
Post 30 Dec 2005, 09:57
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
resoftw



Joined: 26 Dec 2005
Posts: 12
Location: .id
resoftw
Embarassed sorry, i forgot to mention, blank.exe can be produced by assembling the blank.asm, then put it along with win32x.inc in your fasm include dir.

actualy blank.exe has nothing to do with the encryption it self, it's just in order to make the dos exe header smaller... (default fasm pe stub is 0x80 in size, while this 'blank.exe' produce a stub that has 0x40 in size)

optionally you can remove on 'BLANK.EXE' like vid said.

regards

_________________
Image Loading my signature, please wait...
^_^
Post 30 Dec 2005, 18:41
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.