| View previous topic :: View next topic |
| Author |
Message |
azfk
Cheater
![]() Reputation: 0
Joined: 26 May 2009
Posts: 37
|
 Posted: Mon Sep 21, 2009 9:32 pm Post subject: ASM Obsfucation |
 |
|
I'm trying some small assembly obsfucation somewhat like this:
| Code: | jmp below
db e8
db 8A
db 7B
db 04
below:
push 0
...
|
Well, I thought that would work, so I tried pumping that out in assembly, but using masm32, it doesn't work, I want the disassembler to see something like this at first glance:
| Code: |
jmp blah.402839
call 40b7a8
push 0
|
Hmm..
|
|
| Back to top |
|
 |
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Mon Sep 21, 2009 10:14 pm Post subject: |
|
|
Don't know that much but I'm pretty sure there isn't a 4 byte CALL (E8), you gotta add that last 2 0's.
Should look like this:
DB E8
DB A8
DB B7
DB 40
DB 00
_________________
|
|
| Back to top |
|
|
Deltron Z
Expert Cheater
![]() Reputation: 1
Joined: 14 Jun 2009
Posts: 164
|
| Posted: Wed Sep 23, 2009 7:47 am Post subject: |
|
|
| lurc wrote: | Don't know that much but I'm pretty sure there isn't a 4 byte CALL (E , you gotta add that last 2 0's.
Should look like this:
DB E8
DB A8
DB B7
DB 40
DB 00 |
That's the idea. the last byte will be taken from the PUSH command (0x6A) and the next instruction will be ADD since the disassembler thinks that 0x00 is part of the next instruction.
|
|
| Back to top |
|
|
DoomsDay
Grandmaster Cheater
 Reputation: 0
Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
|
| Posted: Wed Sep 23, 2009 8:07 am Post subject: |
|
|
| What error are you receiving?
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Wed Sep 23, 2009 12:31 pm Post subject: |
|
|
Not sure if I'm remembering this right, but can you not accomplish this by just mashing everything into the data section? It'll just come up as bytes when disassembled.
Pretty sure I've had this happen to me before
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Wed Sep 23, 2009 1:14 pm Post subject: |
|
|
yes you can merge data + code section with masm's linker
also, i guess this is what you're trying to achieve :
| Code: | include \masm32\include\masm32rt.inc
.code
Start:
jmp @f
db 0e8h
db 8Ah
db 7Bh
db 04
@@:
push 0
ret
end Start |
the ret is placed there so olly doesn't mess up the analysis.
ignore the top messed up bit of the screenshots. i messed up in paint but i'm too lazy to reupload
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
