//////////////////////////////////////////////
PUSHAD
MOV BL,88
NEG BL
ROR BL,4
NOT BL
XOR BL,AL
NOT BL
ROR BL,4
NEG BL
PUSH 1
PUSH 1
MOV EAX,{TOP}
INC BL
L013:
XOR [BYTE DS:EAX],BL
INC EAX
DEC EAX
INC EAX
CMP EAX,{END}
JLE L013
JMP OEP
POPAD
PUSH 1
PUSH 1
RETN
Xor Encryption Method Hazl0oh Method..
//////////////////////////////////////////////
Standart XOR Manual Undetected Methode
PUSHAD
MOV BL,88
NEG BL
ROR BL,4
NOT BL
XOR BL,AL
NOT BL
ROR BL,4
NEG BL
PUSH 1
PUSH 1
MOV EAX,{TOP}
INC BL
XOR [BYTE DS:EAX],BL
INC EAX
DEC EAX
INC EAX
CMP EAX,{END}
JLE (XOR [BYTE DS:EAX],BL Address)
JMP OEP
POPAD
PUSH 1
PUSH 1
RETN
//////////////////////////////////////////////
InTheComE Pack Methode
PUSH EAX [ N.E.P ]
PUSH ECX
PUSH ESP
PUSH EBP
PUSH 24
PUSH 21
PUSH [OEP]
CALL [ CALL ]
PUSH ESI
PUSH EBX
CALL ESI
CALL EBX
CALL ESP
CALL ECX
CALL EAX
PUSH 20
RETN
//////////////////////////////////////////////
Loop Crypting
mov eax, *TOP*
mov ecx, *länge*
ptr:
xor byte ptr[eax+ecx], *key*
loopd ptr
//////////////////////////////////////////////
Metamorph Crypting:
MOV EDX, TOP
MOV CL, 5
X: ADD [EDX], 5
XOR [EDX], 7
Y: SUB [EDX], 5
ADD CL, 2
MOV [X+2], CL
MOV [Y+2], CL
INC EDX
CMP EDX, END
JLE X
//////////////////////////////////////////////
ByPiT XoR
CMP AX,8
PUSH EAX
MOV EAX,EBP
PUSH (o.e.p)
PUSH 88
PUSH 77
PUSH (o.e.p)
CALL (call)
//////////////////////////////////////////////
UD
PUSH EBP
MOV EBP,ESP
MOV EAX,[Near PUSH EBP +10]
INC EAX
CMP EAX,EBP
SUB ESI,4
PUSH[Alter EP]
RETN
//////////////////////////////////////////////
Kolay bir xor
xor:PUSH EBP
MOV BL, 88
PUSH 99
XOR BL, AL
PUSH 1
PUSH 1
DEC EAX
JMP(push oep)
JLE(call oep)
RETN
//////////////////////////////////////////////
Güzel bir XOR
DEC ECX
DEC EAX
PUSH EBP
MOV EBP,ESP
PUSH (DEC ECX)
PUSH 99
PUSH 11
PUSH (DEC EAX)
PUSH (TOP PUSH )
CALL (TOP CALL )
//////////////////////////////////////////////
V.B için cok güzel BiR XoR
PUSH ESP
PUSH EBP
PUSH EDX
PUSH ECX
NEG EAX
PUSH(Orginal entrypoint)
CALL(orginal call entrypoint)
XCHG DH, CH
PUSH 3788
PUSH 3764
PUSH 3768
PUSH 3772
PUSH 3531
CALL EAX
CALL ESI
CALL EBX
NOT EAX
XOR EAX,EDI
XOR CH,DH
INC ESI
DEC EBP
CALL ESP
JMP (XOR EAX,EDI entrypoint)
JLE (XOR CH,DH Entrypoint)
ROR AL,6
NOT EAX
PUSH 0
RETN
//////////////////////////////////////////////
xor packing
PUSH EBP
MOV EBP, ESP
PUSH ESI
PUSH EDI
PUSH EBX
MOV ESI, ESP
PUSH DWORD PTR SS:[EBP+14]
PUSH DWORD PTR SS:[EBP+10]
PUSH DWORD PTR SS:[EBP+C]
CALL NEAR DWORD PTR SS:[EBP+8]
MOV ESP, ESI
POP EBX
POP EDI
POP ESI
POP EBP
RETN 10
//////////////////////////////////////////////
lods Routine ( xor ) MANUAL PACKING
xor eax, eax
xor ebx, ebx
mov esi, *start adress of your code to crypt*
mov edi, esi
start:
lodsb
add bl, 25 ; changeable!
add bh, 33 ; changeable!!
add ah, 23 ; changeable!!
add al, ah
xor al, bl
sub al, bh
stosb
cmp esi, *end adress of your code to crypt*
jle start
jmp OEP
thanks haZl0oh
//////////////////////////////////////////////
NEG_NOT_ROR Xor routine by haZl0oh
MOV BL,88
NEG BL
ROR BL,4
NOT BL
XOR BL,AL
NOT BL
ROR BL,4
NEG BL
MOV EAX, "start of your code to crypt"
INC BL
XOR BYTE PTR DS:[EAX],BL <<<<<<<<<<< *theseadress
INC EAX
CMP EAX,"end of your code to crypt"
JLE adress of *theseadress
<<<<<<<<<<<
any kind of jump to your OEP
//////////////////////////////////////////////
XOR Manual Undetected Methode
PUSHAD
MOV BL,88
NEG BL
ROR BL,4
NOT BL
XOR BL,AL
NOT BL
ROR BL,4
NEG BL
PUSH 1
PUSH 1
MOV EAX,{TOP}
INC BL
L013:
XOR [BYTE DS:EAX],BL
INC EAX
DEC EAX
INC EAX
CMP EAX,{END}
JLE L013
JMP OEP
POPAD
PUSH 1
PUSH 1
RETN
Xor Encryption Method Hazl0oh Method..
//////////////////////////////////////////////
OllyDbg Xor Packing Yöntemi
xor bl,bl
mov eax,(First)
inc bl
xor byte ptr ds:[eax],bl
inc eax
cmp eax,(Last)
jle (xor)
Push (OEP)
Call (JMP or CALL)
//////////////////////////////////////////////
Basit Bir x0r Packing [Tüm Dosyalarda Çalisir]
100040C2 PUSH EBP
100040C3 MOV EBP,88
100040C8 INC EBP
100040C9 SBB EBP,88
100040CF DEC EBP
100040D0 DEC EBP
100040D1 PUSH 88
100040D6 XOR EBP,88
100040DC TEST EBP,88
100040E2 NEG EBP
100040E4 ^ JLE SHORT stub.100040D6 ; jLe Xor Adress
100040E6 ^ JMP stub.<ModuleEntryPoint> ; Jmp Oep adress
Coded ByRodi
//////////////////////////////////////////////
new xor routine alost fud to some pe files !!!
start
add al,1a
add al,1
xor al,2
mov esi, *end of code which you wanna crypt*
dec al
dec al
xor byte ptr ds:[esi],al <<< addressImean
dec esi
dec esi
cmp esi, *start of code ya wanna crypt*
JGE adressImean
*any kind of jump*
call oep
ret
//////////////////////////////////////////////
Encryption Routine
mov eax,0040129c
xor byte [eax],0f
inc eax
cmp eax,0040E46C
jle [xor address]
Thursday, November 25, 2010
Asm Encryptor
Subscribe to:
Post Comments (Atom)
sağol üstat hepsini denycem :)
ReplyDelete