1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136
|
format PE console 5.0
include 'include/windows/win32a.inc'
;--------------------------------------------------
section '.text' code readable writeable executable
;--------------------------------------------------
entry $
mov edi,texte
call strlen
mov [texte_len],ecx
begin:
mov esi,mod_addr
mov ebp,mod_addr_len
xor dl,dl
not dl
@@:
inc dl
inc ebp
add esi,4
cmp bl,dl
jnz @b
mov esi,[esi]
mov edi,y1
xor ecx,ecx
mov cl,12 ;Padding de la zone afin d'éviter
mov al,0x90 ;des bytes restant de précédantes
repnz stosb ;instructions.
sub edi,12
mov cl,byte [ebp]
repnz movsb ;Injection d'un des "mod(nbr)".
mov esi,texte
mov edi,txtbuf
mov ecx,[texte_len]
@re:
mov dl,4
@@:
mov al,[esi]
inc esi
ror eax,8
dec dl
jnz @b
y1:
rd 3 ;Zone d'injection des "mod(nbr)".
mov [edi],eax
add edi,4
sub ecx,4
jnz @re
push ebx
cinvoke printf,forms,txtbuf
cinvoke puts,crlf
invoke Sleep,1000
pop ebx
z1: ;Gestion de la fonction:
inc bl ;"modifier db 0,1,2,3,4,5,4,3,2,1,0"
z2: ;par un "inc/dec bl" automodifiant.
cmp bl,5
jnz z3
mov edi,z1
mov ax,0xCBFE ;"dec bl" opcode.
cmp bl,5
jz @f
sub ah,8 ;Modificateur d'opcode en "inc bl".
@@:
stosw ;Storage de l'opcode à "z1".
mov esi,z2
mov ax,0xFB80 ;"cmp bl" opcode.
stosw ;Storage de l'opcode à "z2".
xor al,al ;"0" opcode suite.
cmp bl,5
jz @f
add al,5 ;"5" opcode suite.
@@:
stosb ;Storage à "z2" de la suite de
z3: ;l'opcode "cmp bl" donc 5 ou 0.
dec [nbrloop]
jnz begin
invoke ExitProcess,0
strlen:
xor ecx,ecx
xor al,al
@@:
inc edi
inc ecx
cmp byte [edi],al
jnz @b
ret
;-[Data]------------------------------------------------------------------
txtbuf rb 1024
texte db 'A table is a form of furniture with a flat horizontal upper surface used to support objects of interest, for storage, show, and/or manipulation. The surface must be held stable; for reasons of simplicity, this is usually done by support from below by either a column, a "base", or at least three columnar "stands". In special situations, table surfaces may be supported from a nearby wall, or suspended from above. wikipedia',0
texte_len dd 0
mod_addr dd 0,0,mod1,mod2,mod3,mod4,mod5 ;adresse opcode
mod_addr_len db 0,0,4,4,8,8,12 ;longueur opcode
mod1 dd 0x08C0C166 ;rol ax,8
mod2 dd 0x9010C0C1 ;rol eax,16
mod3 dd 0x08C0C166,0x9010C0C1 ;mix
mod4 dd 0x9010C0C1,0x08C0C166 ;mix
mod5 dd 0x08C0C166,0x9010C0C1,0x08C0C166 ;mix
nbrloop db 11
crlf db 13,10,0
forms db '%s',10,0
;-[Import]----------------------------------------------------------------
data import
library kernel32,'kernel32.dll',\
msvcrt,'msvcrt.dll',\
user32,'user32.dll',\
wsock32,'ws2_32.dll'
include 'include/windows/api/kernel32.inc'
include 'include/windows/api/user32.inc'
include 'include/windows/api/wsock32.inc'
import msvcrt,\
printf,'printf',\
puts,'puts'
end data |
Partager