Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum
[Previous] [Index] [Next]

ind00r poly engine

Author: slurp

Released in Coderz#2

Author's comments

main procedure: ind00r

parameters:

EAX
size of junk space (in dwords)
EDX
address of junk space

this is the RVA of an empty space in (uninitialized data or padding space). the junk instructions will write to this area

EBX
address of code to decrypt

this is the RVA where the encrypted code will be stored in the infected file.

ECX
size of code to encrypt (in dwords)
ESI
code to encrypt
EDI
area >= 2kb to store the decryptor

returns:

the registers aren't changed except ECX that contains the size of the poly decryptor!

the decryptor constists of junk procedures, decryptor procedures, main loop calling the procedures and finally jump to the start address to the decrypted code.


Comments
Download

 FilenameSizeDescriptionDate 
ipe32.zip20203IPE32 1.0Jan 2001MD5 sum 7285bded6c364e17b64b95d1286ce8cc


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org
deenesitfrplruua