Guest Eudorian Posted June 21, 2007 Share Posted June 21, 2007 (edited) Hi all, this is my first post overhere. I have this simple asm program that shows a messagebox (I have win xp and I'm using winasm):.386 .model flat, stdcalloption casemap: noneinclude windows.incinclude kernel32.incinclude user32.incincludelib kernel32.libincludelib user32.libEncr_Routine proto.data MsgBoxTxt db "Test Message",0MsgBoxCaption db "Crypting",0.data? ;initialized variableshInstance HINSTANCE ?.codestart: mov edi,a_end-1 mov ecx, a_end-a invoke GetModuleHandle, hInstance mov hInstance,eax a: invoke MessageBox,NULL, addr MsgBoxTxt, addr MsgBoxCaption, MB_OK a_end: invoke ExitProcess, NULL Encr_Routine proc decr_next_byte: xor byte ptr [edi],51 dec ecx jnz decr_next_byte RetEncr_Routine EndPend startIn that program I'm trying to hide(from Olly)/encrypt the MessageBox code in the easiest way possible (using xor). How am I supposed to do it to work? The encryption/decryption routines should be the same. I used labels also. Any help is appreciated, cheers,Eudorian Edited June 21, 2007 by Eudorian Link to comment
GaBoR Posted June 22, 2007 Share Posted June 22, 2007 How am I supposed to do it to work? The encryption/decryption routines should be the same.you can encrypt the bytes begininng from offset of 'a' label to 'a_end' with a hex editor, then you have to call the encryption/decryption routine before displaying the messagebox, but I think this command "xor byte ptr [edi],51" is not good, because edi doesn't change. You can use "mov edi,a" then "xor byte ptr [edi+ecx],51" Link to comment
Guest Eudorian Posted June 22, 2007 Share Posted June 22, 2007 Thank you GaBoR, I got it solved, cheers Link to comment
Guest Eudorian Posted June 22, 2007 Share Posted June 22, 2007 I did even a small patcher to replace the bytes of the messagebox with encrypted ones, thanks to gobbit and his tuts Link to comment
starzboy Posted June 25, 2007 Share Posted June 25, 2007 @Eudorian .. its "goppit" not "gobbit" :\thank you Link to comment
Guest Eudorian Posted June 25, 2007 Share Posted June 25, 2007 @Eudorian .. its "goppit" not "gobbit" :\thank youSorry about my bad spelling,Eudorian Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now