PET - Poly/encrypting engine tester [by BlueOwl]
; PET - Poly/encrypting engine tester
; ***********************************
; Actually, there are not *a lot* of people exercising encryptings and
; polymorphic engines these days anymore. So for the people who are coding,
; or want to code this stuff i made this code.
; What you have to do is simple, you simply attach your poly engine to the
; back of this file, and make sure it accepts all parameters correctly. Then
; compile and run this file. It will use your poly engine to encrypt a little
; test code and compile it into a real program which it executes. So this
; way you can test your poly engine easy, without having to use tons of batch
; files of manual copys. If you are using FASM, simply press F9. If you rather
; not have the new file executed too, comment the *** and all will be well.
; Good luck, i hope you can find some use for this ;)
; BlueOwl
; equates (you can change them)
max_decryptor_size equ 4096
code_to_crypt_size equ 204 ; do not change this to a lower value
format PE GUI 4.0
include '%fasminc%/win32a.inc'
entry start
section '.idata' readable writeable import
library kernel32,'KERNEL32.DLL',\
shell32,'SHELL32.DLL'
include '%fasminc%/apia/kernel32.inc'
include '%fasminc%/apia/shell32.inc'
section '.text' code readable writeable executable
start: invoke GlobalAlloc,GMEM_FIXED,max_decryptor_size
xchg eax, edi
push edi
invoke CreateFile,nfile,GENERIC_WRITE,0,0,\
CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0
cmp eax, INVALID_HANDLE_VALUE
jz dealloc
push eax
mov esi, test_code
mov ecx, code_to_crypt_size
invoke GetTickCount
mov edx, 00041000h
call poly_engine ; eax = size of outputted
xchg eax, esi ; esi = size of decryptor
mov ebx, 1000h
add ebx, esi
mov dword [peheader+80], ebx ; fix imagesize
mov dword [sectionheader+8], esi ; fix physical size
mov dword [sectionheader+16], esi ; fix virtual size
pop edi
invoke WriteFile,edi,mzheader,512,nbr,0 ; write mz and peheader to file
mov ebx, [esp]
invoke WriteFile,edi,ebx,esi,nbr,0 ; write polymorphic engine to file
invoke CloseHandle,edi ; closeup
dealloc: invoke GlobalFree
invoke ShellExecute,0,0,nfile,0,0,0 ; ***
ret
nfile db "testfile.exe",0
; this is the test code which will be encrypted by your
; polymorphic engine
test_code db 05Bh,053h,066h,029h,0DBh,066h,081h,03Bh,04Dh,05Ah
db 074h,008h,081h,0EBh,000h,000h,001h,000h,0EBh,0F1h
db 08Bh,053h,03Ch,001h,0DAh,081h,03Ah,050h,045h,000h
db 000h,075h,0E4h,0E8h,00Dh,000h,000h,000h,04Ch,06Fh
db 061h,064h,04Ch,069h,062h,072h,061h,072h,079h,041h
db 000h,05Fh,0E8h,052h,000h,000h,000h,0E8h,007h,000h
db 000h,000h,075h,073h,065h,072h,033h,032h,000h,0FFh
db 0D2h,093h,0E8h,00Ch,000h,000h,000h,04Dh,065h,073h
db 073h,061h,067h,065h,042h,06Fh,078h,041h,000h,05Fh
db 0E8h,02Ch,000h,000h,000h,06Ah,040h,0E8h,005h,000h
db 000h,000h,054h,065h,073h,074h,000h,0E8h,016h,000h
db 000h,000h,053h,075h,063h,063h,065h,073h,073h,066h
db 075h,06Ch,06Ch,079h,020h,065h,078h,065h,063h,075h
db 074h,065h,064h,000h,06Ah,000h,0FFh,0D2h,0C3h,08Bh
db 053h,03Ch,001h,0DAh,08Bh,052h,078h,001h,0DAh,08Bh
db 072h,020h,001h,0DEh,029h,0C9h,041h,0ADh,001h,0D8h
db 057h,056h,096h,0ACh,008h,0C0h,074h,00Ah,047h,03Ah
db 047h,0FFh,074h,0F5h,05Eh,05Fh,0EBh,0EAh,05Eh,05Fh
db 08Bh,072h,024h,001h,0DEh,00Fh,0B7h,00Ch,04Eh,049h
db 08Bh,072h,01Ch,001h,0DEh,08Bh,014h,08Eh,001h,0DAh
db 0C3h,000h,000h,000h
; This is the header this prog will write to file.
mzheader db 04Dh,05Ah,080h,000h,001h,000h,000h,000h,004h,000h
db 010h,000h,0FFh,0FFh,000h,000h,040h,001h,000h,000h
db 000h,000h,000h,000h,040h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 080h,000h,000h,000h,00Eh,01Fh,0BAh,00Eh,000h,0B4h
db 009h,0CDh,021h,0B8h,001h,04Ch,0CDh,021h,074h,068h
db 069h,073h,020h,070h,072h,06Fh,067h,072h,061h,06Dh
db 020h,063h,061h,06Eh,06Eh,06Fh,074h,020h,062h,065h
db 020h,072h,075h,06Eh,020h,069h,06Eh,020h,044h,04Fh
db 053h,020h,06Dh,06Fh,064h,065h,02Eh,00Dh,00Ah,024h
db 000h,000h,000h,000h,000h,000h,000h,000h
peheader db 050h,045h,000h,000h,04Ch,001h,001h,000h,070h,034h
db 092h,041h,000h,000h,000h,000h,000h,000h,000h,000h
db 0E0h,000h,08Eh,081h,00Bh,001h,001h,036h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,010h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,040h,000h,000h,010h,000h,000h
db 000h,002h,000h,000h,001h,000h,000h,000h,000h,000h
db 000h,000h,004h,000h,000h,000h,000h,000h,000h,000h
db 0C9h,010h,000h,000h,000h,002h,000h,000h,005h,049h
db 000h,000h,002h,000h,000h,000h,000h,010h,000h,000h
db 000h,010h,000h,000h,000h,000h,001h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,010h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h
sectionheader db 02Eh,066h,06Ch,061h,074h,000h,000h,000h,0C9h,000h
db 000h,000h,000h,010h,000h,000h,000h,002h,000h,000h
db 000h,002h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,060h,000h,000h,0E0h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h
nbr dd 0
; ########################################################################################
; Your poly engine
;
; in: eax = random
; ecx = size of code (204 bytes)
; *edx = where the decryptor will be loaded (*optional use)
; esi = start of code
; edi = start of output buffer (4096 bytes)
; out: eax = size of code outputted to the output buffer
; other registers do not matter
poly_engine:
; your code here ;)
ret