The MASM Forum Archive 2004 to 2012

Thanks for all the help I got. It works fine and I'm happy.

P.S. Is there a small editor that will display the hex values of a file
      It would make it easier to plug in the hex values rather than having to drop to DOS

; crypt.asm   Make a registry key from an encrypted string
;                                           HKEY_LOCAL_MACHINE\Software\skywalker
;
;              Andy Kennedy 4/12/06   Use crypt.asm to create the encrypted string
;
;              Help from Paul Brennick,AsMer,MichaelW,

                         
.386                         
.model flat, stdcall
option casemap:none

include     \masm32\include\windows.inc
include     \masm32\include\kernel32.inc
include     \masm32\include\user32.inc
include     \masm32\include\advapi32.inc

includelib  \masm32\lib\user32.lib
includelib  \masm32\lib\kernel32.lib
includelib  \masm32\lib\advapi32.lib

include     \masm32\macros\macros.asm

.DATA
   
    ValueOK     db "Registry key added OK",0 
    Sample      db "BOX",0
     
                             ; Software\skywalker (String must end with 0FFH !)
   string      db  0ACh,90h,99h,8Bh,88h,9Eh,8Dh,9Ah,0A3h,8Ch,94h,86h,88h,9Eh,93h,94h,9Ah,8Dh,0FFh
   holder      db  30 dup(0) ; this receives de-crypted string

.CODE

begin:

START PROC   
   
    LOCAL   hRegKey :DWORD
    LOCAL   Disposition :DWORD
                     
             lea          ebx, holder
             mov          esi,offset string
descramble:
             lodsb
             not          al
             mov          [ebx],al
             inc          ebx
             cmp          al,00h
             jz           finish
             jmp          descramble

finish:

;print   ADDR holder

invoke  RegCreateKeyEx, HKEY_LOCAL_MACHINE, ADDR holder, NULL, NULL,\
            REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, ADDR hRegKey, ADDR Disposition

  .IF EAX == ERROR_SUCCESS ; won't need this in final version
   invoke MessageBox, 0, ADDR ValueOK, ADDR Sample,MB_ICONINFORMATION
  .ENDIF

   ; Erase it out of memory
   invoke  RtlZeroMemory, ADDR holder, sizeof holder ; in kernel32.inc
   invoke ExitProcess,0             

START endp

END begin


Hexeditors :
- frhed
- b2hedit

small hex editor -> www.bpsoft.com -> hex workshop.. again, googling would have helped
and the code is so basic it probably wasnt worth posting it, most of it is probably covered in the examples in masm anyway

    LOCAL   hRegKey :DWORD
    LOCAL   Disposition :DWORD
                     
             lea          edi, holder
             mov          esi,offset string
descramble:
             lodsb
             not          al
             stosb
             cmp          al,00h
             jnz           descramble

finish:


much easier..and why hide a reg key anyway, regmon would show it... pointless

'cause it's 1337 d00d! :green

Andy, you should try a DES encryption next. That's a little more secure.

Quote from: evlncrn8 on April 12, 2006, 05:05:08 PM
small hex editor -> www.bpsoft.com -> hex workshop.. again, googling would have helped
and the code is so basic it probably wasnt worth posting it, most of it is probably covered in the examples in masm anyway

    LOCAL   hRegKey :DWORD
    LOCAL   Disposition :DWORD
                     
             lea          edi, holder
             mov          esi,offset string
descramble:
             lodsb
             not          al
             stosb
             cmp          al,00h
             jnz           descramble

finish:


much easier..and why hide a reg key anyway, regmon would show it... pointless

You should change your handle to Mr. Positive. :-)

Quote from: Mark Jones on April 12, 2006, 05:06:59 PM
'cause it's 1337 d00d! :green

Andy, you should try a DES encryption next. That's a little more secure.

I could, but probably not too many hackers are going to put a lot of effort into a registry key.
I have the code for IDEA which is fairly secure.


Andy