Hi,
I haver over 15 years programming with Assembly Intel for PC, and C++,
i´m programming using Assembly (MASM, NASN, FASM), since 1992,
debugging .COM (DOS) file, .EXE file, .DLL (WINDOWS FILE ) file ,
changing the compiled code, changing the .COD, .DATA code and sometimes cerating
header for decript code.
i´m working with IDA DIsassembly, OllyDBG and the old DEBUG. command.
I know how the Binary Executable file Works and how kernel may manage it.
Your work can be using exponentian way, (the malware uses this to encrypt himself),
sometmes as:
MOV EAX, 1232h
MOV EBX, EAX
can be changed by:
PUSH EAX
POP EBX
or
XOR EAX, 20
MOV EBX,EAX
XOR EAX, 20
Is several times to obfuscate any PE file, and it can be
in any PE Section (.CODE and or .DATA, or all binary file).
Thanks for reading