用C ++加密/用x86解密
[英]Encrypt in C++ / Decrypt in x86
问题描述
I am having a problem with a school assignment. 
我的学校作业有问题。 The assignment is to write a metamorphic Hello World program. 任务是编写一个变形的Hello World程序。 This program will produce 10 .com files that print "Hello World!" 该程序将产生10个.com文件,打印“ Hello World!”。 when executed. 执行时。 Each of the 10 .com files must be different from the others. 10个.com文件中的每个文件都必须与其他文件不同。 I understand the concept of metamorphic vs oligomorphic vs polymorphic. 我了解变质与寡变与多态的概念。 My program currently creates 10 .com files and then writes the machine code to the files. 我的程序当前创建10个.com文件,然后将机器代码写入文件中。 I began by simply writing only the machine code to print hello world and tested it. 首先,我只写了机器代码来打印问候世界并对其进行了测试。 It worked just fine. 工作正常。 I then tried to add a decryption routine to the beginning of the machine code. 然后,我尝试将解密例程添加到机器代码的开头。 Here is my current byte array: 这是我当前的字节数组:
#define ARRAY_SIZE(array) (sizeof((array))/sizeof((array[0])))
BYTE pushCS = 0x0E;
BYTE popDS = 0x1F;
BYTE movDX = 0xBA;
BYTE helloAddr1 = 0x1A;
BYTE helloAddr2 = 0x01;
BYTE movAH = 0xB4;
BYTE nine = 0x09;
BYTE Int = 0xCD;
BYTE tOne = 0x21;
BYTE movAX = 0xB8;
BYTE ret1 = 0x01;
BYTE ret2 = 0x4C;
BYTE movBL = 0xB3;
BYTE keyVal = 0x03; // Encrypt/Decrypt key
typedef unsigned char BYTE;
BYTE data[] = { 0x8D, 0x0E, 0x01, 0xB7, 0x1D, 0xB3, keyVal, 0x30, 0x1C, 0x46, 0xFE, 0xCF, 0x75, 0xF9,
movDX, helloAddr1, helloAddr2, movAH, nine, Int, tOne, movAX, ret1, ret2, Int, tOne,
0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x20, 0x57, 0x6F, 0x72, 0x6C, 0x64, 0x21, 0x0D, 0x0D, 0x0A, 0x24 };
The decryption portion of the machine code is the first 14 bytes of "data". 机器代码的解密部分是“数据”的前14个字节。 This decryption routine would take the obfuscated machine code bytes and decrypt them by xor-ing the bytes with the same key that was used to encrypt them. 该解密例程将获取经过混淆的机器代码字节,并通过使用与加密它们相同的密钥对字节进行异或来解密它们。 I am encrypting the bytes in my C++ code with this: 我使用以下代码加密我的C ++代码中的字节:
for (int i = 15; i < ARRAY_SIZE(data); i++)
{
data[i] ^= keyVal;
}
I have verified over and over again that my addressing is correct considering that the code begins at offset 100. What I have noticed is that when keyVal is 0x00, my code runs fine and I get 10 .com files that print Hello World!. 考虑到代码从偏移量100开始,我已经一遍又一遍地验证了我的寻址是正确的。我注意到的是,当keyVal为0x00时,我的代码运行良好,并且我得到了10个打印Hello World!的.com文件。 However, this does me no good as 0x00 leaves everything unchanged. 但是,这对我没有好处,因为0x00会使所有内容保持不变。 When I provide an actual key like 0x02, my program no longer works. 当我提供一个像0x02这样的实际密钥时,我的程序将不再起作用。 It simply hangs until I close out DosBox. 它只是挂起,直到我关闭DosBox。 Any hints as to the cause of this would be a great help. 关于此起因的任何提示都将有很大帮助。 I have some interesting plans for junk insertion (The actual metamorphic part) but I don't want to move on to that until I figure out this encrypt/decrypt issue. 我有一些有趣的垃圾插入计划(实际的变态部分),但在弄清楚此加密/解密问题之前,我不想继续进行下去。
1 个解决方案
解决方案1
0 2014-10-30 16:29:51
The decryption portion of the machine code is the first 14 bytes of "data".
and 和
for (int i = 15; i < ARRAY_SIZE(data); i++)
do not match since in C++ array indexes start at 0. 不匹配,因为在C ++数组中索引从0开始。
In your array data[15] == helloAddr1 which means you are not encrypting the data[14] == movDX element. 在数组中, data[15] == helloAddr1 ,这意味着您不加密data[14] == movDX元素。 Double-check which elements should be encrypted and start at i = 14 if required. 仔细检查应加密哪些元素,如果需要,请从i = 14开始。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.