XR3X
Clicky

Jump to content


Photo

[FASM] PE loader

source

  • You cannot start a new topic
  • Please log in to reply
8 replies to this topic

#1 kuupa

kuupa

    Beginner

  • Members
  • Reputation: 20
    Fair
  • 18 posts

Posted 26 January 2014 - 12:27 AM

Just a simple example of loading a PE file in fasm. Could be a crypter/packer if you added code to handle TLS callbacks and the decryption. Supports SEH.

As of now it just loads test.exe from its .rdata section into the .bss and runs it, overlaying headers, just a simple hello world message box.

Please Login or Register to see this Hidden Content



Password to archive is the name of this obfuscated std c function:

Please Login or Register to see this Hidden Content


  • Jochen, testacc and Hess like this

#2 Hess

Hess

    Intelligence Service

  • Loyalist
  • Reputation: 816
    Excellent
  • 2,952 posts
  • LocationBelgrade
Contributor

Posted 26 January 2014 - 02:27 AM

You could do it harder next time , so , man has to compile project and then sees the password ! :P :D


  • kuupa likes this

#3 kuupa

kuupa

    Beginner

  • Members
  • Reputation: 20
    Fair
  • 18 posts

Posted 27 January 2014 - 03:03 AM

You could do it harder next time , so , man has to compile project and then sees the password ! :P :D

Lol I think this is plenty hard. Has anyone managed to find the password?
  • Hess likes this

#4 Hess

Hess

    Intelligence Service

  • Loyalist
  • Reputation: 816
    Excellent
  • 2,952 posts
  • LocationBelgrade
Contributor

Posted 27 January 2014 - 04:32 AM

I did , never play with old ASM wolf.... :P :D


  • kuupa likes this

#5 Jochen

Jochen

    Member

  • Associate
  • Reputation: 64
    Good
  • 39 posts
Contributor

Posted 27 January 2014 - 07:17 AM

I did , never play with old ASM wolf.... :P :D

 

I seriously doubt that ...



#6 Hess

Hess

    Intelligence Service

  • Loyalist
  • Reputation: 816
    Excellent
  • 2,952 posts
  • LocationBelgrade
Contributor

Posted 27 January 2014 - 07:35 AM

I seriously listen to "No Doubt"..... :P :D



#7 Hess

Hess

    Intelligence Service

  • Loyalist
  • Reputation: 816
    Excellent
  • 2,952 posts
  • LocationBelgrade
Contributor

Posted 27 January 2014 - 03:11 PM

strcpd ! :P :D kuupa , I have a bit revealed it and I said make it harder next time ! :P :D



#8 polanski.jan

polanski.jan

    Newbie

  • Members
  • Reputation: 0
    Neutral
  • 1 posts

Posted 28 January 2014 - 03:59 PM

oh ... please give me password (((



#9 d3m

d3m

    Intermediate Member

  • Associate
  • Reputation: 132
    Very Good
  • 220 posts

Posted 28 January 2014 - 08:01 PM

Is this obfuscated code of MessageBox api ?

Please Login or Register to see this Hidden Content

Btw i like your obfuscator... Any ideas to sell it?


  • Hess likes this





Also tagged with one or more of these keywords: source