mini PE .text cryptor need help

[ecube]

The idea of this mini example is to open a .exe ,encrypt its .text section,and  that's it. I know I need to write in a decryption routine for the .exe to run afterwards but right now I just want to again just encrypt the .text section and close, unfortunately it isn't working. Any help would be much appreciated, thankyou.

Code Select Expand


.586
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\comdlg32.inc
includelib \masm32\lib\comdlg32.lib
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
Cipher proto :dword

.data?
dwFile   dd ?
dwSize   dd ?
dwBuffer dd ?
dwBytes  dd ?

.data
Ifile db "test.exe",0

.code
start:
invoke CreateFile, addr Ifile, GENERIC_READ or GENERIC_WRITE, 0, 0, OPEN_EXISTING, 0, 0
.if eax == INVALID_HANDLE_VALUE
  invoke ExitProcess, 0
.endif

mov dwFile, eax
invoke GetFileSize, dwFile, 0
mov dwSize, eax

invoke GlobalAlloc, GMEM_FIXED or GMEM_ZEROINIT, eax
mov dwBuffer, eax

invoke ReadFile, dwFile, dwBuffer, dwSize, offset dwBytes, 0

invoke Cipher,dwBuffer

invoke SetFilePointer, dwFile, 0, 0, FILE_BEGIN

invoke WriteFile, dwFile, dwBuffer, dwSize, offset dwBytes, 0

invoke GlobalFree, dwBuffer
invoke CloseHandle, dwFile
invoke ExitProcess,0

Cipher proc IBase:dword
  mov edi, IBase
  add edi, 03ch
  assume edi : ptr IMAGE_NT_HEADERS ; edi -> PE header
  mov esi,edi
  add esi,0F8h
  assume esi : ptr IMAGE_SECTION_HEADER ; esi -> Section header


;I know this is dumb and will go into never ending loop if there isn't a .text section
; but was for quick testing, assume the pe file has a .text section
jmp @begin
@back:
inc esi
@begin:
cmp dword ptr [esi].Name1, 'xet.' 
jne @back

mov edx,[esi].SizeOfRawData
mov ecx,[esi].PointerToRawData

mov esi, ecx ;data
mov ecx, edx ;datalength
.while ecx != 0
  mov al, [esi]          ; <----crashes here
  rol al, 4
  mov [esi], al
  inc esi
  dec ecx
.endw
ret
Cipher endp
end start


[anon]

You are trying to move a dword into a byte !

.while ecx != 0
  mov al, BYTE PTR[esi]          ; <----crashes here
  rol al, 4
  mov BYTE PTR[esi], al
  inc esi
  dec ecx
.endw

[ecube]

You are trying to move a dword into a byte !

.while ecx != 0
  mov al, BYTE PTR[esi]          ; <----crashes here
  rol al, 4
  mov BYTE PTR[esi], al
  inc esi
  dec ecx
.endw

no that wasn't the problem it was a proper pointer to a  byte, turns out the problem was I had to account for the address of the .text changed since I mapped in my own process memory so

mov esi,[esi].PointerToRawData
mov eax, IBase
ADD esi, EAX

fixed it.