Created
August 5, 2015 14:39
-
-
Save jmbrito01/df1821929a0e31bcc324 to your computer and use it in GitHub Desktop.
Simple portable executable encryptor using intel x86 assembly
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .486 | |
| .model flat, stdcall | |
| option casemap :none ; case sensitive | |
| include base.inc | |
| .code | |
| start: | |
| invoke GetModuleHandle, NULL | |
| mov hInstance, eax | |
| invoke DialogBoxParam, hInstance, 101, 0, ADDR DlgProc, 0 | |
| invoke ExitProcess, eax | |
| SetOK proc hList : DWORD | |
| LOCAL pText : DWORD | |
| invoke SendMessage, hList, LB_GETCOUNT, 0, 0 | |
| dec eax | |
| push eax | |
| invoke SendMessage, hList, LB_GETTEXTLEN, eax, 0 | |
| invoke VirtualAlloc, NULL, eax, MEM_COMMIT, PAGE_READWRITE | |
| mov pText, eax | |
| pop eax | |
| push eax | |
| invoke SendMessage, hList, LB_GETTEXT, eax, pText | |
| invoke lstrcat, pText, lpStr(" [ OK ]") | |
| pop eax | |
| invoke SendMessage, hList, LB_DELETESTRING, eax, 0 | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, pText | |
| Ret | |
| SetOK EndP | |
| PEThread proc hWin : DWORD | |
| LOCAL hFile : DWORD | |
| LOCAL hList : DWORD | |
| LOCAL pMemory : DWORD | |
| LOCAL W: DWORD | |
| LOCAL dwRawEP : DWORD | |
| LOCAL dwSize : DWORD | |
| LOCAL dwRaw : DWORD | |
| invoke GetDlgItem, hWin, 1005 | |
| mov hList, eax | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Starting encriptor...") | |
| invoke GetDlgItem, hWin, 1001 | |
| invoke GetDlgItemText, hWin, 1001, addr lpBuff, sizeof lpBuff | |
| invoke SetOK, hList | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Creating backup file...") | |
| invoke lstrlen, addr lpBuff | |
| invoke RtlMoveMemory, addr szBuff, addr lpBuff, eax | |
| invoke lstrcat, addr szBuff, lpStr(".bak") | |
| invoke CopyFile, addr lpBuff, addr szBuff, TRUE | |
| invoke SetOK, hList | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Starting encryption process...") | |
| invoke CreateFile, addr lpBuff, GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ or FILE_SHARE_WRITE, NULL,OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL | |
| .if (eax == INVALID_HANDLE_VALUE) | |
| invoke GetLastError | |
| invoke wsprintf, addr lpBuff, lpStr("Error on CreateFile, Error Code: %X (%d)"), eax, eax | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, addr lpBuff | |
| ret | |
| .endif | |
| mov hFile, eax | |
| invoke SetOK, hList | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Creating decryption section...") | |
| invoke RtlZeroMemory, addr lpBuff, sizeof lpBuff | |
| invoke lstrlen, addr lpDirectory | |
| invoke RtlMoveMemory, addr lpBuff, addr lpDirectory, eax | |
| invoke lstrcat, addr lpBuff, lpStr("\asModule.dll") | |
| invoke LoadLibrary, addr lpBuff | |
| invoke GetProcAddress, eax, lpStr("AddPESection") | |
| push 0E0000020h | |
| push sizeof dwStub | |
| push ofStr(".ace") | |
| push hFile | |
| call eax | |
| .if (eax == -1) | |
| invoke GetLastError | |
| invoke wsprintf, addr lpBuff, lpStr("Error on creating the section, Error Code: %X (%d)"), eax, eax | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, addr lpBuff | |
| ret | |
| .endif | |
| mov dwRaw, eax | |
| invoke SetOK, hList | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Retrieving file informations...") | |
| invoke SetFilePointer, hFile, 0, 0, FILE_BEGIN | |
| invoke GetFileSize, hFile, NULL | |
| mov dwSize, eax | |
| invoke VirtualAlloc, NULL, eax, MEM_COMMIT, PAGE_READWRITE | |
| mov pMemory, eax | |
| invoke ReadFile, hFile, pMemory, dwSize, addr W, NULL | |
| .if (eax == 0) | |
| invoke GetLastError | |
| invoke wsprintf, addr lpBuff, lpStr("Error on ReadFile, Error Code: %X (%d)"), eax, eax | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, addr lpBuff | |
| ret | |
| .endif | |
| mov edi, pMemory | |
| assume edi : ptr IMAGE_DOS_HEADER | |
| add edi, [edi].e_lfanew | |
| mov esi, edi | |
| assume esi : ptr IMAGE_NT_HEADERS | |
| add edi, sizeof IMAGE_NT_HEADERS | |
| assume edi : ptr IMAGE_SECTION_HEADER | |
| mov ebx, [esi].OptionalHeader.ImageBase | |
| add ebx, [esi].OptionalHeader.AddressOfEntryPoint | |
| sub ebx, [esi].OptionalHeader.ImageBase | |
| add ebx, [edi].PointerToRawData | |
| sub ebx, [edi].VirtualAddress | |
| mov dwRawEP, ebx | |
| or [edi].Characteristics, IMAGE_SCN_MEM_WRITE | |
| invoke SetOK, hList | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Encrypting code section...") | |
| mov ecx, [edi].PointerToRawData | |
| add ecx, pMemory | |
| add ecx, [edi].SizeOfRawData | |
| mov ebx, pMemory | |
| add ebx, [edi].PointerToRawData | |
| .while (ebx <= ecx) | |
| mov al, byte ptr ds:[ebx] | |
| .if (al == 0) | |
| mov al, 0FFh | |
| .else | |
| dec al | |
| .endif | |
| mov byte ptr ds:[ebx], al | |
| inc ebx | |
| .endw | |
| invoke SetOK, hList | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Redirecting EntryPoint") | |
| xor ebx, ebx | |
| .while (bx <= [esi].FileHeader.NumberOfSections) | |
| mov eax, pMemory | |
| assume eax : ptr IMAGE_DOS_HEADER | |
| add eax, [eax].e_lfanew | |
| add eax, sizeof IMAGE_NT_HEADERS | |
| movzx ecx, bx | |
| imul ecx, sizeof IMAGE_SECTION_HEADER | |
| add eax, ecx | |
| push eax | |
| assume eax : ptr IMAGE_SECTION_HEADER | |
| invoke lstrcmp, addr [eax].Name1, lpStr(".ace") | |
| .if (eax == 0) | |
| invoke SetOK, hList | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Writting decryption code...") | |
| pop eax | |
| mov [eax].SizeOfRawData, sizeof dwRaw+2 | |
| mov [eax].Misc.VirtualSize, sizeof dwRaw+2 | |
| mov ecx, [esi].OptionalHeader.BaseOfCode | |
| add ecx, [esi].OptionalHeader.ImageBase | |
| mov dword ptr ds:[dwStub+4], ecx | |
| mov ecx, [edi].Misc.VirtualSize | |
| mov dword ptr ds:[dwStub+9], ecx | |
| mov ecx, [esi].OptionalHeader.AddressOfEntryPoint | |
| sub ecx, [eax].VirtualAddress | |
| sub ecx, sizeof dwStub | |
| inc ecx | |
| mov edx, sizeof dwStub | |
| sub edx, 5 | |
| mov dword ptr ds:[dwStub+edx], ecx | |
| push eax | |
| mov ebx, [eax].PointerToRawData | |
| add ebx, pMemory | |
| invoke RtlMoveMemory, ebx, addr dwStub, sizeof dwStub | |
| pop eax | |
| mov ebx, [eax].VirtualAddress | |
| mov [esi].OptionalHeader.AddressOfEntryPoint, ebx | |
| mov ebx, eax | |
| jmp @EndOfLoop | |
| .endif | |
| inc bx | |
| .endw | |
| @EndOfLoop: | |
| push ebx | |
| invoke SetOK, hList | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Saving file...") | |
| invoke SetFilePointer, hFile, 0, 0, FILE_BEGIN | |
| invoke GetFileSize, hFile, 0 | |
| mov ebx, eax | |
| invoke WriteFile, hFile, pMemory, ebx, addr W, NULL | |
| .if (eax == 0) | |
| invoke GetLastError | |
| invoke wsprintf, addr lpBuff, lpStr("Error on WriteFile, Error Code: %X (%d)"), eax, eax | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, addr lpBuff | |
| ret | |
| .endif | |
| invoke SetOK, hList | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Compressing code...") | |
| invoke SetFilePointer, hFile, dwRaw, 0, FILE_BEGIN | |
| invoke SetFilePointer, hFile, sizeof dwStub+2, 0, FILE_CURRENT | |
| invoke SetEndOfFile, hFile | |
| invoke SetOK,hList | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("Closing handles...") | |
| invoke VirtualFree, pMemory, dwSize, MEM_RELEASE | |
| invoke SetOK, hList | |
| invoke SendMessage, hList, LB_ADDSTRING, 0, lpStr("DONE!") | |
| invoke CloseHandle, hFile | |
| Ret | |
| PEThread EndP | |
| GetFileName proc hParent:DWORD,lpTitle:DWORD,lpFilter:DWORD | |
| mov ofn.lStructSize, sizeof OPENFILENAME | |
| m2m ofn.hWndOwner, hParent | |
| m2m ofn.hInstance, hInstance | |
| m2m ofn.lpstrFilter, lpFilter | |
| m2m ofn.lpstrFile, offset lpBuff | |
| mov ofn.nMaxFile, sizeof lpBuff | |
| m2m ofn.lpstrTitle, lpTitle | |
| mov ofn.Flags, OFN_EXPLORER or OFN_FILEMUSTEXIST or OFN_LONGNAMES | |
| invoke GetOpenFileName,ADDR ofn | |
| ret | |
| GetFileName endp | |
| DlgProc proc hWin :DWORD, | |
| uMsg :DWORD, | |
| wParam :DWORD, | |
| lParam :DWORD | |
| LOCAL dwSize : DWORD | |
| LOCAL hFile : DWORD | |
| LOCAL pRes : DWORD | |
| LOCAL W : DWORD | |
| .if uMsg == WM_COMMAND | |
| .if wParam == IDC_OK | |
| invoke CreateThread, 0, 0, addr PEThread, hWin, NULL, NULL | |
| .elseif wParam == 1016 | |
| invoke GetFileName, hWin, ofStr("Select a Portable Executable (exe)"), offset lpFilter1 | |
| invoke SetDlgItemText, hWin, 1001, addr lpBuff | |
| .endif | |
| .elseif uMsg == WM_CLOSE | |
| invoke EndDialog,hWin,0 | |
| .elseif uMsg == WM_INITDIALOG | |
| invoke GetDlgItem, hWin, 1006 | |
| invoke SendMessage, eax, BM_SETCHECK, BST_CHECKED, 0 | |
| invoke GetDlgItem, hWin, 1012 | |
| invoke SendMessage, eax, BM_SETCHECK, BST_CHECKED, 0 | |
| invoke GetCurrentDirectory, sizeof lpDirectory, addr lpDirectory | |
| invoke FindResource, hInstance, 10,RT_RCDATA | |
| mov esi, eax | |
| invoke SizeofResource, hInstance, eax | |
| mov dwSize, eax | |
| invoke LoadResource, hInstance, esi | |
| push eax | |
| invoke LockResource, eax | |
| mov pRes, eax | |
| invoke lstrlen, addr lpDirectory | |
| invoke RtlMoveMemory, addr lpBuff, addr lpDirectory, eax | |
| invoke lstrcat, addr lpBuff, lpStr("\asModule.dll") | |
| @Create: | |
| invoke CreateFile, addr lpBuff,GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ or FILE_SHARE_WRITE, NULL, CREATE_NEW,FILE_ATTRIBUTE_NORMAL, NULL | |
| .if eax == INVALID_HANDLE_VALUE | |
| call GetLastError | |
| .if eax == 50h | |
| invoke DeleteFile, addr lpBuff | |
| jmp @Create | |
| .endif | |
| .endif | |
| mov hFile, eax | |
| invoke WriteFile, hFile, pRes, dwSize, addr W, NULL | |
| pop eax | |
| invoke FreeResource, eax | |
| invoke CloseHandle, hFile | |
| .elseif uMsg == WM_CTLCOLORLISTBOX | |
| invoke SetBkColor, wParam, 0 | |
| invoke SetTextColor, wParam, 0FF00h | |
| invoke CreateSolidBrush, 0 | |
| ret | |
| .endif | |
| xor eax,eax | |
| ret | |
| DlgProc endp | |
| end start |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment