I am making a PE .exe packer in C and assembly. In C, I do the things like create a new .packed section header, changing Entry Point to that new section, changing sizeofimage, etc. In my C code, I encrypt the .text section with a key
unsigned char* textSectionData = (unsigned char*)outputFile + textSection->PointerToRawData;
for (DWORD i = 0; i < textSection->SizeOfRawData; i++) {
textSectionData[i] ^= 0x19;
}
So, in the new .packed section, I have to inject raw machine code (unpacking stub) that does the reverse operation (decrypt .text section with key 0x19 ) and then jump back to the original entry point. I am using NASM -f bin mode to get raw binary data I can execute on that new section.
I am currently using hardcoded absolute addresses / values for the sake of simplicity and an infinite jmp to signify success.
Here's my XOR loop in assembly:
BITS 64
xor rbx, rbx
loop:
mov rax, byte [0x00007FF75C991000 + rbx] // start of .text section
xor rax, 0x19
inc rbx ,1
cmp rbx, 797696
jne loop
jmp $
Where 797696 corresponds to the SizeOfRawData field on the .text section. Can someone tell me what I'm doing wrong, because NASM gives me this error:
C:\Users\tamar\Downloads\brainfuck compiler\might>nasm -f bin stub.asm
stub.asm:4: error: comma, decorator or end of line expected, got 259
I expected to get a working loop that I can extract the raw bytes of, and use as a stub in my executable packer.
Thanks a lot!
Here's a simple example for demonstration (not optimized):
BITS 64
function:
xor eax, eax
.xorLoop:
;; rcx is the starting address, rax is the counter
xor byte ptr [rcx + rax], 0x19 ; xor value
inc rax ; increment loop counter
cmp rax, 797696 ; number of iterations
jne .xorLoop
ret