heres example of encrypting a file packed with fsg

enjoy
not by me ---------------------------------------
format PE gui 4.0
include "C:\fasm\INCLUDE\win32a.inc"

;_IMAGE_SECTION_HEADER
;Name: packed array[0..IMAGE_SIZEOF_SHORT_NAME-1] of Byte;  0
;Misc: TISHMisc;                                            8
;VirtualAddress: DWORD;                                    12
;SizeOfRawData: DWORD;                                      16
;PointerToRawData: DWORD;                                  20
;PointerToRelocations: DWORD;                              24
;PointerToLinenumbers: DWORD;                              28
;NumberOfRelocations: Word;                                30
;NumberOfLinenumbers: Word;                                32
;Characteristics: DWORD;                                    36
;end;

MAX_PATH equ 260
SIZEOF_IMAGENTHEADERS equ 248
SIZEOF_IMAGESECTIONHEADER equ 40
OEP equ 40

call
mov edi, eax
inc edi
cld
mov al, '"'
xor ecx, ecx
nop
not ecx
repne scasb
cmp byte , '"'
jne OpenBox

xor ecx, ecx
not ecx
repne scasb

mov esi, edi
nop
xor ecx, ecx
nop
nop
not ecx
repne scasb
not ecx
dec ecx
mov edi, FileName
rep movsb
jmp OpenTheFile


OpenBox:
mov , ofnsize - ofn
mov , FileName
mov , MAX_PATH
mov , OFN_NOREADONLYRETURN or OFN_HIDEREADONLY
mov , Title
push ofn
call
test eax ,eax
jz fin

OpenTheFile:

push OF_READWRITE
push FileName
call [_lopen]
cmp eax, 0xFFFFFFFF
je erreur
mov ebx, eax

push 0
push ebx
call
test eax, eax
jz erreur
mov , eax

add eax, 28
push eax
push LPTR
call
test eax, eax
NOP
jz erreur
mov , eax
mov , ebx

push dword
push eax
push ebx
call [_lread]
test eax, eax
jz erreur

mov ebx,
cmp word , 'MZ'
jne erreur
cmp dword , 'FSG!'
jne erreur
mov dword , 'QWET'
add ebx,
cmp word , 'PE'
jne erreur

mov eax, ebx
add eax, SIZEOF_IMAGENTHEADERS + SIZEOF_IMAGESECTIONHEADER

;---------------------------------------------------------------
; section code & executable

or dword , 0x20000020

;---------------------------------------------------------------
; config decrypt code

; find the start crypt RVA + ImageBase
mov edx, 0x154
add edx,
add edx, 2
mov edx,
sub edx,   ; image base
sub edx,   ; rva
add edx,   ; raw offset
add edx,
mov edx,   ; end to crypt
sub edx,   ; image base
sub edx,   ; rva
add edx,   ; raw offset
add edx,
mov edx,     ; start to crypt

mov ecx,   ; RVA import table
add ecx,   ; RVA + ib importtable
sub ecx, 0x20       ;its a litlte shitty, but ididnt really find a way to calculate the size of dat to encrypt
sub ecx, edx       ; size to crypt
shr ecx, 2

push edx
push eax
rdtsc     ; generate a random key
mov esi, eax
nop
xor esi, edx
nop
pop eax
pop edx

mov , edx
mov , ecx
mov , esi
mov edi,
add edi,
mov , edi

;---------------------------------------------------------------
; set the new entry point

mov edi,
sub edi,
add edi,
mov , edi

;---------------------------------------------------------------

add dword , 28

mov edi, edx
sub edi,   ; image base
sub edi,   ; rva
add edi,   ; raw offset
add edi,
bouclecrypt:
xor dword , esi
add edi, 4
dec ecx
jnz bouclecrypt

mov edi,
add edi,
mov ecx, 28
mov esi, decryptcode
rep movsb

push FILE_BEGIN
push 0
push dword
call [_llseek]

add dword , 28

push dword
push dword
push dword
call [_lwrite]

push dword
call [_lclose]

push MB_ICONINFORMATION
push Title
push TextOK
push 0
call

jmp fin

erreur:
push MB_ICONERROR
push Title
push TextError
push 0
call

fin:
call
push eax
call

decryptcode:
mov edi, 0xABCDEFAA
mov ecx, 0xBCDEFBBB
crypting:
xor dword , 0xCDEFCCCC
add edi, 4
dec ecx
jnz crypting
push 0xDEFDDDDD
ret

ofn OPENFILENAME
ofnsize:

FileName rb MAX_PATH
Title db 'FSg 2.0 Modded crypter ', 0
TextError db '/!\ Sure your using fsg 2.0 /!\', 0
TextOK db 'Salut Encrypted', 0
FileBuffer rd 1
FileSize rd 1
hFile rd 1

data import
  library kernel32, "KERNEL32.DLL",\
  comdlg32, "COMDLG32.DLL",\
  user32, "USER32.DLL"

  include "C:\fasm\INCLUDE\APIA\KERNEL32.INC"
  include "C:\fasm\INCLUDE\APIA\COMDLG32.INC"
  include "C:\fasm\INCLUDE\APIA\USER32.INC"
end data
Posted on 2005-06-29 10:15:58 by johndoe
isn`t smaller (FSG general idea):

decryptcode:
mov edi, 0xABCDEFAA
mov ecx, 0xBCDEFBBB
crypting:
xor dword , 0xCDEFCCCC
add edi, 4
loop crypting
jmp 0xDEFDDDDD

yes, it`s smaller - 2 bytes.
: )
Posted on 2005-06-29 13:38:16 by rambo
smaller by a few bytes but slower.  The loop opcode is kind of slow like the string opcodes.
I'd bet benchmarking wise that the dec ecx + conditional jmp would be a little bit faster.
Posted on 2005-06-29 14:41:12 by r22
mov ebx,
cmp word , 'MZ'
jne erreur
cmp dword , 'FSG!'
jne erreur
mov dword , 'QWET'
add ebx,
cmp word , 'PE'
jne erreur


mov dword , 'QWET'


u can add ur own 4 letter something lol
i modded it for 8 while back
i dunno i mess around
Posted on 2005-06-29 15:02:04 by johndoe