flat assembler
Message board for the users of flat assembler.

Index > Windows > Crypted function inside dll

Author
Thread Post new topic Reply to topic
powerhead



Joined: 25 Mar 2009
Posts: 2
powerhead 25 Mar 2009, 01:02
goal is to create a function, which stays crypted any time, except when it is called. i found a macro to xor the code and here's my code(i'm new to fasm)

Code:
format PE GUI 4.0 DLL
entry DllEntryPoint

include 'C:\fasmw16732\INCLUDE\win32ax.inc'

macro       encrypt {local x
repeat         code_end-code_begin
         load x byte from code_begin+%-1
     x = x xor 55
        store x at code_begin+%-1
end        repeat}

section '.code' code readable writeable executable

proc DllEntryPoint hinstDLL,fdwReason,lpvReserved
     invoke  MessageBoxA,HWND_DESKTOP,message,caption,MB_OK
     mov     eax,TRUE
     ret
endp

proc Function
;---------------------
     mov edi,code_begin
     mov ecx,code_end-code_begin
     @@: 
     xor byte[edi],55
     inc edi 
     dec ecx 
     test ecx,ecx 
     jnz @b 
code_begin:
     jmp inv
     message2    db      'DLL3 Func',0
     caption2         db      'DLL3',0
inv: invoke  MessageBoxA,HWND_DESKTOP,message2,caption2,MB_OK
code_end:
;--------------------
encrypt
;--------------------
     mov edi,code_begin
     mov ecx,code_end-code_begin
     @@: 
     xor byte[edi],55
     inc edi 
     dec ecx 
     test ecx,ecx 
     jnz @b 
     ret
endp

message     db          'DLL3 Main',0
caption     db       'DLL3',0


section '.idata' import data readable writeable

  library kernel32,'kernel32.dll',user,'USER32.DLL'

  import user,\
   MessageBoxA,'MessageBoxA'

section '.edata' export data readable

  export 'dll3.DLL',\
  Function,'Function'

section '.reloc' fixups data discardable
    

when i load this dll and try to call Function() program crashes and disassebly gives out garbage. What am I doing wrong?
Post 25 Mar 2009, 01:02
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 25 Mar 2009, 01:48
I haven't checked it completely but the first and fatal error is that you are XOR-encrypting instructions that contains relocations (for instance "push caption2" from the invoke macro).

The example you have seen somewhere probably was an EXE, not a DLL, so the fixups weren't a problem there but now they are.

The following workaround will probably solve the problem (if it was only that):
Code:
ccode_begin:
     call inv
delta:
     message2    db      'DLL3 Func',0
     caption2     db      'DLL3',0
inv: pop eax
lea ecx, [eax+message2-delta] ; lea ecx, [eax] would be the same here
lea edx, [eax+caption2-delta]
stdcall  [eax+MessageBoxA-delta], HWND_DESKTOP, ecx, edx, MB_OK
; WARNING: EAX, ECX and EDX destroyed here
code_end:    
Post 25 Mar 2009, 01:48
View user's profile Send private message Reply with quote
powerhead



Joined: 25 Mar 2009
Posts: 2
powerhead 25 Mar 2009, 07:30
Thanks! everything works now!
Post 25 Mar 2009, 07:30
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.