38 lines
827 B
NASM
38 lines
827 B
NASM
; obfuscation via unaligned instructions
|
|
bits 64
|
|
|
|
%idefine rip rel $
|
|
|
|
SECTION .data
|
|
; empty
|
|
|
|
SECTION .text
|
|
|
|
global _start
|
|
_start:
|
|
%include "header.asm.inc"
|
|
|
|
xor rax, rax
|
|
|
|
; stores address of subsequent instruction to rax
|
|
call getpc
|
|
add rax, 8
|
|
jmp rax
|
|
|
|
;; this is the original assembly we'd like to include here
|
|
; 400081: 48 31 c0 xor rax,rax
|
|
; 400084: b9 0a 00 00 00 mov ecx,0xa
|
|
; 400089: 48 01 c8 add rax,rcx
|
|
; 40008c: e2 fb loop 0x400089
|
|
; finish all unused bytes with NOPs (0x90).
|
|
; note, though, that the NOPs are never entered
|
|
mov rax, 0x90909005ebc03148
|
|
mov rbx, 0x9003eb0000000ab9
|
|
mov rcx, 0x909090fbe2c80148
|
|
|
|
%include "sysexit.asm.inc"
|
|
|
|
getpc:
|
|
mov rax, [rsp]
|
|
ret
|