Xor v1.0
This is a little script I wrote for fun and easy reference. The script generates a small encoder loop which can be used when manually encoding a file on the fly in the debugger. It selects a random XOR key from all possible valid keys and then prints the ASM loop and the binary dump of that loop (if you are connected in RDP to your debugging machine you can paste that dump right in the debugger).
Download: xor.sh
root@bt:~/Desktop# ./xor.sh -------------------------------------------------------------------- | XOR v1.0 ~ b33f | | -Generate XOR encoder loop- | -------------------------------------------------------------------- | USAGE: ./xor.sh -s [Address] -e [Address] | | | | REQUIRED | | -s Address where the encoder should start. | | -e Address where the encoder should end. | -------------------------------------------------------------------- root@bt:~/Desktop# ./xor.sh -s 11223344 -e AABBCCDD [>] ASM Instructions: MOV EAX,11223344 XOR BYTE PTR DS:[EAX],4C INC EAX CMP EAX,AABBCCDD db 07eh,0f5h [>] Binary Dump: B84433221180304C403DDDCCBBAA7EF5