You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: README.md
+6-8
Original file line number
Diff line number
Diff line change
@@ -26,15 +26,13 @@ gcc -no-pie example.o -o example
26
26
27
27
In order to use **mkpoly**, the target executable must contains a _DECRYPTOR_SECTION_ (see _mkpoly.inc_ and _example.asm_) that is a piece of code that contains the function used by the program to decrypt itself. Also, the section to encrypt must be aligned to 16 bytes and its size must be a multiple of 16. The macro _DECRYPTOR_SECTION_ defines two local labels: _.mkpoly_loop_ and _.mkpoly_func_ that are, respectively, the begin of the decryptor loop and the begin of the decryption function.
28
28
29
-
**mkpoly** takes 4 input parameters (all in hexadecimal):
29
+
**mkpoly** takes 4 input parameters (all in the hexadecimal format):
30
30
- The filename of the binary to make polymorphic
31
31
- The offset in the binary file of the section to encrypt
32
32
- The size of the section to encrypt
33
-
- The offset in the binary file in which to place the decrypt function
33
+
- The offset in the binary file where to place the decrypt function
34
34
35
-
Note: All the integer parameters must be passed in the hexadecimal format.
36
-
37
-
When executed, **makepoly** randomly generates the encryption and the decryption functions. The encryption function is used to encrypt the section specified by the user. The decryption function is placed in the _DECRYPTOR_SECTION_ at the offset specified by the user. So, when the output binary is executed, it will decrypt parts of itself executing the _DECRYPTOR_SECTION_.
35
+
When executed, the polymorphic engine randomly generates the encryption and the decryption functions. The encryption function is used to encrypt the section specified by the user. The decryption function is placed in the _DECRYPTOR_SECTION_ at the offset specified by the user. So, when the output binary is executed, it will decrypt parts of itself executing the _DECRYPTOR_SECTION_.
0 commit comments