| 295 | } |
| 296 | } |
| 297 | DWORD WriteDummyShellCodeBytes(LPWSTR command) |
| 298 | { |
| 299 | BYTE rand[1]; |
| 300 | GetRandomBytes(rand, 1); |
| 301 | |
| 302 | LPCSTR shellCode = ""; |
| 303 | DWORD size = 0; |
| 304 | |
| 305 | switch (rand[0] & 7) |
| 306 | { |
| 307 | // These shellcodes are equal in x64 and x86 mode. |
| 308 | case 0: |
| 309 | shellCode = "\x89\xc0"; // mov eax, eax |
| 310 | size = 2; |
| 311 | break; |
| 312 | case 1: |
| 313 | shellCode = "\x89\xdb"; // mov ebx, ebx |
| 314 | size = 2; |
| 315 | break; |
| 316 | case 2: |
| 317 | shellCode = "\x89\xc9"; // mov ecx, ecx |
| 318 | size = 2; |
| 319 | break; |
| 320 | case 3: |
| 321 | shellCode = "\x89\xd2"; // mov edx, edx |
| 322 | size = 2; |
| 323 | break; |
| 324 | case 4: |
| 325 | shellCode = "\x83\xc0\x00"; // add eax, 0 |
| 326 | size = 3; |
| 327 | break; |
| 328 | case 5: |
| 329 | shellCode = "\x83\xeb\x00"; // sub ebx, 0 |
| 330 | size = 3; |
| 331 | break; |
| 332 | case 6: |
| 333 | shellCode = "\x83\xc1\x00"; // add ecx, 0 |
| 334 | size = 3; |
| 335 | break; |
| 336 | case 7: |
| 337 | shellCode = "\x83\xea\x00"; // sub edx, 0 |
| 338 | size = 3; |
| 339 | break; |
| 340 | } |
| 341 | |
| 342 | WriteShellCodeBytes(command, shellCode, size); |
| 343 | return size; |
| 344 | } |
| 345 | VOID WriteObfuscatedNumber(LPWSTR command, DWORD number) |
| 346 | { |
| 347 | BYTE rand[1]; |
no test coverage detected