cmd_line.asm
include \masm32\include\masm32rt.inc
.code
start:
call main
invoke ExitProcess,0
main proc uses esi edi ebx
LOCAL plc:DWORD ;cmd line pointer
LOCAL saida:DWORD ;output handle
LOCAL manipulador_arquivo:dword ;file handle
LOCAL tamanho:DWORD ;source file size
LOCAL mapeado:DWORD ;ptr source file
LOCAL mem_aloc:DWORD ;ptr mem alloc
LOCAL nada:dword
LOCAL arq_mape:DWORD ;mapped file handle
invoke GetStdHandle,STD_OUTPUT_HANDLE
mov saida,eax
invoke GetCommandLine
mov plc,eax
;search for 1st space char, file name supposed to be after
;to-do: deal better with this
dec eax
@@: inc eax
movzx ecx,byte ptr [eax]
test ecx,ecx
jz fim
cmp ecx," "
jnz @B
@@: inc eax
invoke CreateFile,eax,GENERIC_READ,0,0,OPEN_EXISTING,FILE_FLAG_SEQUENTIAL_SCAN,0 ;open source file
mov manipulador_arquivo,eax ;handle
invoke GetFileSize, manipulador_arquivo,NULL ;sizeof source file
mov tamanho,eax
invoke CreateFileMapping,manipulador_arquivo,NULL,PAGE_READONLY,0,0,0 ;mapped file handle
mov arq_mape,eax
;
invoke MapViewOfFile,eax,FILE_MAP_READ,0,0,0 ;map it
mov mapeado,eax
invoke CloseHandle,manipulador_arquivo ;don't need this anymore
invoke GlobalAlloc,GMEM_FIXED or GMEM_ZEROINIT,tamanho ;start a zero block memory
mov mem_aloc,eax
mov esi,mapeado
mov edi,mem_aloc
mov ecx,tamanho
mov edx,0
mov ebx,0
;search for ";" inside source file, if found, ignore it
;if not found, continue storing source file in memory buffer
.while ecx != 0
movzx eax,byte ptr [esi+edx]
inc edx
.if eax == ";"
.else
mov byte ptr [edi+ebx],al
inc ebx
.endif
dec ecx
.endw
mov tamanho,ebx ;sizeof
invoke UnmapViewOfFile,mapeado
invoke WriteFile,saida,mem_aloc,tamanho,addr nada,0
invoke GlobalFree,mem_aloc
fim:
ret
main endp
end start
C:\masm32\Bin\ML.EXE /c /coff /Cp /nologo /I"C:\masm32\Include" "cmd_line.asm"
C:\masm32\Bin\LINK.EXE /SUBSYSTEM:CONSOLE /RELEASE /VERSION:4.0 /LIBPATH:"C:\masm32\Lib" /OUT:"cmd_line.exe" "cmd_line.obj"
use it as: "cmd_line cmd_line.asm"
this snippet will open file cmd_line.asm and echo that context ignoring ";" when found.
Xor cipher have some proprieties, input data have same size as random data and/or output size. One possible attack is a xor search; if you know target language you can try search for some comon words.