Is there someone who can help me with this ?
I also put some comments with some questions as well.
Thanks.
; crypt3.asm This is supposed to making a registry key, but isn't.
; Compiles OK, but not working at present.
; Help from Paul Brennick,
.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\advapi32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\advapi32.lib
GetKey PROTO
GenKey PROTO :DWORD
EncryptString PROTO :DWORD, :DWORD, :DWORD, :DWORD
DecryptString PROTO :DWORD, :DWORD, :DWORD, :DWORD
.DATA
; This is a very simple pseudo-encrypted block, it is not meant to
; be secure in any way and is very easy to decrypt by anyone at all.
; It says "SOFTWARE\Microsoft\Windows\CurrentVersion",0,"ProductId"
; It is used in GetKey to generate an encryption key for passwords
; but I didn't want to just leave it in ansi so everyone could see.
; It requires Key# 152715150 to decrypt it
mark1 db "Start" ; see where this is at and what's in here
; 52 characters
cryptdata DB 05Ah,04Fh,0C4h,0D8h,052h,053h,0ECh,0FAh,044h,04Bh
DB 09Ah,0B6h,018h,00Fh,0AEh,0AEh,030h,039h,0F0h,0DEh
DB 02Eh,00Dh,080h,0AEh,012h,037h,0F0h,0F6h,016h,035h
DB 0ACh,0BAh,020h,039h,0E4h,0BAh,018h,037h,09Ah,0AEh
DB 020h,0D1h,0E8h,094h,022h,019h,0A2h,0B6h,014h,043h
DB 080h,070h
mark2 db "End"
ValueOK db "Registry key added OK",0
Sample db "BOX",0
.CODE
start:
call GetKey
invoke ExitProcess,0
GetKey PROC
LOCAL KSRegKey[256] :BYTE
LOCAL KeyString[64] :BYTE
LOCAL hRegKey :DWORD
LOCAL Disposition :DWORD
LOCAL uDataCode :DWORD
LOCAL cbRead :DWORD
;invoke RtlSecureZeroMemory, ADDR KSRegKey, sizeof KSRegKey
invoke RtlZeroMemory, ADDR KSRegKey, sizeof KSRegKey
invoke DecryptString, OFFSET cryptdata, 152715150, ADDR KSRegKey, 13
;int 3
; Key we're trying to make
; HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion",0,"ProductId
invoke RegCreateKeyEx, HKEY_LOCAL_MACHINE, ADDR KSRegKey, NULL, NULL,\
REG_OPTION_NON_VOLATILE, KEY_READ, NULL, ADDR hRegKey, ADDR Disposition
.IF EAX == ERROR_SUCCESS
invoke MessageBox, 0, ADDR ValueOK, ADDR Sample,MB_ICONINFORMATION
.ENDIF
;int 3
or eax, eax
jz @F
xor eax, eax
dec eax
ret
@@:
mov DWORD PTR [cbRead], 64
; what is this doing ?
invoke RegQueryValueEx, [hRegKey], ADDR KSRegKey+42, NULL, ADDR uDataCode,\
ADDR KeyString, ADDR cbRead
invoke RegCloseKey, [hRegKey]
invoke GenKey, ADDR KeyString
;int 3
xor eax, eax
RET
GetKey ENDP
GenKey PROC uses edi esi lpKeyString:DWORD
invoke lstrlen, [lpKeyString] ; return length in bytes of the string
mov edi, 0
mov ecx, eax
mov esi, [lpKeyString]
@@:
push ecx
dec ecx
mov eax, [esi+ecx]
add edi, eax
pop ecx
dec ecx
or ecx, ecx
jnz @B
clc
ret
GenKey ENDP
EncryptString PROC uses edi esi lpDataString:DWORD, CryptKey:DWORD, lpOutString:DWORD, cbdata:DWORD
mov ecx, [cbdata]
mov edi, [lpOutString]
mov esi, [lpDataString]
@@:
push ecx
dec ecx
mov eax, [esi+ecx*4]
rol eax, 6
xor eax, [CryptKey]
ror eax, 5
mov [edi+ecx*4], eax
pop ecx
dec ecx
or ecx, ecx
jnz @B
ret
EncryptString ENDP
DecryptString PROC uses edi esi lpDataString:DWORD, CryptKey:DWORD, lpOutString:DWORD, cbdata:DWORD
mov ecx, [cbdata]
mov edi, [lpOutString]
mov esi, [lpDataString]
@@:
push ecx
dec ecx
mov eax, [esi+ecx*4]
rol eax, 5
xor eax, [CryptKey]
ror eax, 6
mov [edi+ecx*4], eax
pop ecx
dec ecx
or ecx, ecx
jnz @B
ret
DecryptString ENDP
END start