; #########################################################################
.586
.model flat, stdcall
option casemap :none ; case sensitive
; #########################################################################
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\comdlg32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\comdlg32.lib
; #########################################################################
.data
msgTitle db "Scan status:",0h
msgText db "Fake signature ;)",0h
.code
start:
; MASM32 antiPeID example
; coded by ap0x
; Reversing Labs: http://ap0x.headcoders.net
; PeID checks OEP for signatures. If the byte pattern at OEP matches some of
; the signatures stored in PeID.exe or userdb.txt PeID will identify target as
; packer or protector assigned to that signature. So we can insert any number
; of bytes at OEP and make PeID detect the wrong packer.
; For example this is BJFNT`s OEP
db 0EBh,03h,3Ah,4Dh,3Ah,1Eh,0EBh,02h,0CDh,20h,9Ch,0EBh,02h,0CDh,20h,0EBh,02h,0CDh,20h,60h
; The AntiPeID-OEP-Signature archive also contains examples for spoofing
; EXE Shield and ExeCryptor
; After this code executes we just align the STACK and continue executing
; like no code was executed before MessageBox.
POPAD
POPFD
POP DS
PUSH 40h
PUSH offset msgTitle
PUSH offset msgText
PUSH 0
CALL MessageBox
PUSH 0
CALL ExitProcess
end start
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}