cwindowsassemblynasmexecutable

Simple XOR loop in NASM

I am making a PE .exe packer in C and assembly. In C, I do the things like create a new .packed section header, changing Entry Point to that new section, changing sizeofimage, etc. In my C code, I encrypt the .text section with a key

unsigned char* textSectionData = (unsigned char*)outputFile + textSection->PointerToRawData;
for (DWORD i = 0; i < textSection->SizeOfRawData; i++) {
     textSectionData[i] ^= 0x19;
 }

So, in the new .packed section, I have to inject raw machine code (unpacking stub) that does the reverse operation (decrypt .text section with key 0x19 ) and then jump back to the original entry point. I am using NASM -f bin mode to get raw binary data I can execute on that new section.

I am currently using hardcoded absolute addresses / values for the sake of simplicity and an infinite jmp to signify success.

Here's my XOR loop in assembly:


BITS 64
xor rbx, rbx
loop:
mov rax, byte [0x00007FF75C991000 + rbx] // start of .text section

xor rax, 0x19
inc rbx ,1
cmp rbx, 797696
jne loop
jmp $

Where 797696 corresponds to the SizeOfRawData field on the .text section. Can someone tell me what I'm doing wrong, because NASM gives me this error:

C:\Users\tamar\Downloads\brainfuck compiler\might>nasm -f bin stub.asm
stub.asm:4: error: comma, decorator or end of line expected, got 259

I expected to get a working loop that I can extract the raw bytes of, and use as a stub in my executable packer.

Thanks a lot!

Solution 
  • mov rax, byte [0x00007FF75C991000 + rbx] // start of .text

    stub.asm:4: error: comma, decorator or end of line expected, got 259

    This error exists because NASM does not use // for comments; use ; instead.

    The code that you propose forgets to write back to memory the result of the xoring.
    If you're going to do this one byte at a time then use next code:

    BITS 64
  mov   rbx, 0x00007FF75C991000  ; start of .text
  lea   rcx, [rbx + 797696]      ; end of .text
loop:
  movzx eax, byte [rbx]
  xor   eax, 0x19
  mov   [rbx], al
  inc   rbx
  cmp   rbx, rcx
  jb    loop
  jmp   $

    For extra speed you can do it eight bytes at a time:

    BITS 64
  mov   rbx, 0x00007FF75C991000  ; start of .text
  mov   ecx, 797696 / 8          ; number of qwords is 99712
  mov   rdx, 0x1919191919191919  ; mask
loop:
  mov   rax, [rbx]
  xor   rax, rdx
  mov   [rbx], rax
  add   rbx, 8
  dec   ecx
  jnz   loop
  jmp   $