Hi all, this is my first post overhere. I have this simple asm program that shows a messagebox (I have win xp and I'm using winasm):

.386

.model flat, stdcall

option casemap: none

include windows.inc

include kernel32.inc

include user32.inc

includelib kernel32.lib

includelib user32.lib

Encr_Routine proto

.data

MsgBoxTxt db "Test Message",0

MsgBoxCaption db "Crypting",0

.data? ;initialized variables

hInstance HINSTANCE ?

.code

start:

mov edi,a_end-1

mov ecx, a_end-a

invoke GetModuleHandle, hInstance

mov hInstance,eax

a:

invoke MessageBox,NULL, addr MsgBoxTxt, addr MsgBoxCaption, MB_OK

a_end:

invoke ExitProcess, NULL

Encr_Routine proc

decr_next_byte:

xor byte ptr [edi],51

dec ecx

jnz decr_next_byte

Ret

Encr_Routine EndP

end start

In that program I'm trying to hide(from Olly)/encrypt the MessageBox code in the easiest way possible (using xor). How am I supposed to do it to work? The encryption/decryption routines should be the same. I used labels also. Any help is appreciated, cheers,

Eudorian

Edited June 21, 200718 yr by Eudorian

How am I supposed to do it to work? The encryption/decryption routines should be the same.

you can encrypt the bytes begininng from offset of 'a' label to 'a_end' with a hex editor, then you have to call the encryption/decryption routine before displaying the messagebox, but I think this command "xor byte ptr [edi],51" is not good, because edi doesn't change. You can use "mov edi,a" then "xor byte ptr [edi+ecx],51"

Thank you GaBoR, I got it solved, cheers

I did even a small patcher to replace the bytes of the messagebox with encrypted ones, thanks to gobbit and his tuts

@Eudorian

.. its "goppit" not "gobbit" :\

thank you

@Eudorian

.. its "goppit" not "gobbit" :\

thank you

Sorry about my bad spelling,

Eudorian