Skip to content
/ XyrisPack Public

x86 packer in masm, process hollowing, remapping ntdll

7 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

01Xyris/XyrisPack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
Builder
Builder
 
 
Stub
Stub
 
 
README.md
README.md
 
 
stub_old.asm
stub_old.asm
 
 

Repository files navigation

XyrisPack is a small proof-of-concept packer written in MASM

image

WaterEffect: https://github.com/Xyl2k/MASM32-graphical-effects

┌─────────────────────────────────┐
│ Builder Process                 │
├─────────────────────────────────┤
│ 1. Takes original payload       │
│ 2. Generates random section     │
│ 3. Creates random XOR key       │
│ 4. Encrypts payload             │
│ 5. Adds new section to stub     │
└─────────────────────────────────┘

┌─────────────────────────────────┐
│ Stub Execution Flow             │
├─────────────────────────────────┤
│ 1. Unhooks NTDLL                │
│ 2. Locates encrypted section    │
│ 3. Decrypts payload             │
│ 4. Performs process hollowing   │
└─────────────────────────────────┘

About

x86 packer in masm, process hollowing, remapping ntdll

Resources

Readme
Activity

Stars

7 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 3

0.3 Latest
Nov 16, 2024
+ 2 releases

Packages

No packages published

Languages