0

So i was working on a simple payload encryption using xor project

here is the code

#include <Windows.h>
#include <stdio.h>
#include "resource.h"

VOID XorByOneKey(IN PBYTE pShellCode, IN SIZE_T sShellCodeSize, IN BYTE bKey) {
    for (size_t i = 0; i < sShellCodeSize; i++) {
        pShellCode[i] = pShellCode[i] ^ bKey;
    }
}

int main() {
    HRSRC hRsrc = NULL;
    HGLOBAL hGlobal = NULL;
    PVOID pPayloadAddress = NULL;
    SIZE_T sPayloadSize = NULL;

    // Get the location to the data stored in .rsrc by its id *IDR_RCDATA1*
    hRsrc = FindResourceW(NULL, MAKEINTRESOURCEW(IDR_RCDATA1), RT_RCDATA);
    if (hRsrc == NULL) {
        // in case of function failure
        printf("[!] FindResourceW Failed with Error : %d\n", GetLastError());
        return EXIT_FAILURE;
    }

    // Get the handle of the specified resource data since it is required to lock resource later
    hGlobal = LoadResource(NULL, hRsrc);
    if (hGlobal == NULL) {
        // in case of function failure
        printf("[!] LoadResource Failed with Error : %d\n", GetLastError());
        return EXIT_FAILURE;
    }

    // Get the address of our payload in .rsrc section
    pPayloadAddress = LockResource(hGlobal);
    if (pPayloadAddress == NULL) {
        // in case of function failure
        printf("[!] LockResource Failed With Error : %d\n", GetLastError());
        return EXIT_FAILURE;
    }

    // Get the size of our payload in .rsrc section
    sPayloadSize = SizeofResource(NULL, hRsrc);
    if (sPayloadSize == NULL) {
        // in case of function failure
        printf("[!] SizeofResource Failed with Error : %d\n ", GetLastError());
        return EXIT_FAILURE;
    }

    PVOID pTmpBuffer = HeapAlloc(GetProcessHeap(), 0, sPayloadSize);
    if (pTmpBuffer != NULL) {
        // copying the payload from the resource section
        memcpy(pTmpBuffer, pPayloadAddress, sPayloadSize);
    }
    int i = 0;
    XorByOneKey((PBYTE)pTmpBuffer, sPayloadSize, i);

    // Printing the base address of the buffer
    printf("[i] pTmpBuffer var : 0x%p \n", pTmpBuffer);

    // Printing pointer and size to screen
    printf("[i] sPayloadAddress var : 0x%p \n", pPayloadAddress);
    printf("[i] sPayloadSize var : 0x%ld \n", sPayloadSize);
    getchar();

    return EXIT_SUCCESS;
}

However when i check the pTmpBuffer address using a debugger the shellcode their is not encrypted the shell code remains the same i have loaded the shellcode into the .rsrc section i am on Visual Studio 2022.

Any help would be appreciated

Tried moving the print message around to see if it was old but did not work

Improve this question
3
  • 4
    xor with a zero key doesn't do anything.
    – 500 - Internal Server Error
    Commented Jan 14 at 14:22
  • so should using 1 one work
    – koiboi
    Commented Jan 14 at 15:46
  • Sure. Zero has all bits cleared, which means that x ^ 0 == x. That's not true for any other key value.
    – 500 - Internal Server Error
    Commented Jan 14 at 16:12
Related questions
486
Does my application "contain encryption"?
546
Fundamental difference between Hashing and Encryption algorithms
422
Java 256-bit AES Password-Based Encryption
Load 5 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Browse other questions tagged or ask your own question.