summaryrefslogtreecommitdiff
path: root/other/burneye/tmp
diff options
context:
space:
mode:
authorRoot THC2026-02-24 12:42:47 +0000
committerRoot THC2026-02-24 12:42:47 +0000
commitc9cbeced5b3f2bdd7407e29c0811e65954132540 (patch)
treeaefc355416b561111819de159ccbd86c3004cf88 /other/burneye/tmp
parent073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff)
initial
Diffstat (limited to 'other/burneye/tmp')
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/aplib.libbin0 -> 12800 bytes
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/k-commctrl.inc221
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/k-data.inc307
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/k-engine.asm1223
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/k-menu.inc106
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/makefile30
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/pe-crypt.asm317
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/pe-crypt.def11
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/pe-crypt.resbin0 -> 72244 bytes
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/r-crc32.inc24
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/r-crypto.asm2849
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/r-data.inc426
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/r-ieh.inc155
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/r-line.inc37
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/r-loader.inc3932
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/r-relocc.inc142
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/r-seh.inc120
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/r-slowmte.inc148
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/r-slowmte2.inc824
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/r-sread.inc250
-rw-r--r--other/burneye/tmp/PE-Crypt-1.02/w32.inc5042
-rw-r--r--other/burneye/tmp/deburneye-1.0-final.c257
-rw-r--r--other/burneye/tmp/deburneye-2.0-trap.c435
-rw-r--r--other/burneye/tmp/dl_libv2.c485
-rw-r--r--other/burneye/tmp/dl_libv2.h82
-rw-r--r--other/burneye/tmp/macro.gdb10
-rw-r--r--other/burneye/tmp/upx/fold_elf86.asm133
-rw-r--r--other/burneye/tmp/upx/l_lx_elf.c379
-rw-r--r--other/burneye/tmp/upx/l_lx_elf86.asm179
-rw-r--r--other/burneye/tmp/upx/l_lx_elf86.lds51
30 files changed, 18175 insertions, 0 deletions
diff --git a/other/burneye/tmp/PE-Crypt-1.02/aplib.lib b/other/burneye/tmp/PE-Crypt-1.02/aplib.lib
new file mode 100644
index 0000000..64e1680
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/aplib.lib
Binary files differ
diff --git a/other/burneye/tmp/PE-Crypt-1.02/k-commctrl.inc b/other/burneye/tmp/PE-Crypt-1.02/k-commctrl.inc
new file mode 100644
index 0000000..f6649d1
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/k-commctrl.inc
@@ -0,0 +1,221 @@
1
2LVCF_FMT EQU 0001
3LVCF_WIDTH EQU 0002
4LVCF_TEXT EQU 0004
5LVCF_SUBITEM EQU 0008
6
7LVIF_TEXT EQU 0001
8LVIF_IMAGE EQU 0002
9LVIF_PARAM EQU 0004
10LVIF_STATE EQU 0008
11
12TTS_ALWAYSTIP EQU 01
13
14LVCFMT_RIGHT EQU 0001
15.data
16;List Box Variables:
17
18hList dd 0
19
20;List View Variables:
21
22lv_item:
23lvmask dd LVIF_TEXT
24lvitem dd 0
25lvsubitem dd 0
26lvstate dd 0
27lvstatemask dd 0
28lvtext dd 0
29lvtextmax dd 12
30lvimage dd 0
31lvparam dd 0
32
33lv_col:
34clmask dd LVCF_SUBITEM+LVCF_TEXT+LVCF_WIDTH+LVCF_FMT
35clfmt dd LVCFMT_RIGHT
36clcx dd 0
37cltext dd 0
38cltextmax dd 20
39clsubitem dd 0
40
41hLV dd 0
42itcnt dd 0
43colcnt dd 0
44
45;Text Box Variables:
46
47hBox dd 0
48TmpHex db 11 dup (0)
49TmpDec db 20 dup (0)
50HexFmt db '%#08lx',0
51DecFmt db '%0lu',0
52CR_BLA db 0dh, 0ah, 0
53
54TOOLTIPS_CLASSA db "tooltips_class32"
55
56.code
57
58
59KcommctrlInc_Start:
60
61;================================================================================
62;================ ListBox Functions =============================================
63
64ListBoxIni proc uses eax ebx ecx edx edi esi, handle:DWORD, identifier:DWORD
65
66 pushf
67 call GetDlgItem, handle, identifier
68 mov hList, eax
69 popf
70 ret
71
72ListBoxIni endp
73
74ListBoxGetSel proc uses eax ebx ecx edx edi esi, buffer:DWORD
75
76 ret
77ListBoxGetSel endp
78
79
80ListBoxAdd proc uses eax ebx ecx edx edi esi, string:DWORD
81
82 pushf
83 call SendMessageA, hList, LB_ADDSTRING, 0, string
84 popf
85 ret
86
87ListBoxAdd endp
88
89;================================================================================
90;================ ListView Functions ============================================
91
92ListViewIni proc uses eax ebx ecx edx edi esi ebp, handle:DWORD, idListView:DWORD
93
94 call GetDlgItem, handle, idListView
95 mov hLV, eax
96 ret
97ListViewIni endp
98
99ListViewReset proc uses eax ebx ecx edx edi esi ebp
100
101 call SendMessageA, hLV, LVM_DELETEALLITEMS, 0, 0
102 mov itcnt, 0
103 ret
104
105ListViewReset endp
106
107ListViewAddCol proc uses eax ebx ecx edx edi esi ebp, width:DWORD, pstr:DWORD
108
109 mov eax, colcnt
110 mov clsubitem, eax
111 mov eax, width
112 mov clcx, eax
113 mov eax, pstr
114 mov dword ptr cltext, eax
115 call SendMessageA, hLV, LVM_INSERTCOLUMN, colcnt, offset lv_col
116 inc colcnt
117 ret
118ListViewAddCol endp
119
120ListViewAdd proc uses eax ebx ecx edx edi esi ebp, pstr:DWORD
121
122 mov eax, itcnt
123 mov lvitem, eax
124 mov eax, pstr
125 mov dword ptr lvtext, eax
126 call SendMessageA, hLV, LVM_INSERTITEM, 0, offset lv_item
127 mov lvitem, 0
128 inc itcnt
129 ret
130ListViewAdd endp
131
132ListViewSubAdd proc uses eax ebx ecx edx edi esi ebp, item:DWORD, place:DWORD, pstr:DWORD
133
134 mov eax, item
135 mov lvitem, eax
136 mov eax, place
137 mov lvsubitem, eax
138 mov eax, pstr
139 mov dword ptr lvtext, eax
140 call SendMessageA, hLV, LVM_SETITEM, 0, offset lv_item
141 mov lvitem, 0
142 mov lvsubitem, 0
143 ret
144ListViewSubAdd endp
145
146;================================================================================
147;================ TextBox Functions =============================================
148
149TextBoxIni proc uses eax ebx ecx edx edi esi, hwnd:DWORD, ID:DWORD
150
151 pushf
152 call GetDlgItem, [hwnd], ID
153 mov hBox, eax
154 popf
155 ret
156
157TextBoxIni endp
158
159
160TextBoxHexWrite proc uses eax ebx ecx edx edi esi, Hex:DWORD, Newline:DWORD
161
162 pushf
163 call _wsprintfA, offset TmpHex, offset HexFmt, Hex
164 add esp, 12
165 call TextBoxWrite, offset TmpHex, Newline
166 popf
167 ret
168
169TextBoxHexWrite endp
170
171
172TextBoxDecWrite proc uses eax ebx ecx edx edi esi, Dec:DWORD, Newline:DWORD
173
174 pushf
175 call _wsprintfA, offset TmpDec, offset DecFmt, Dec
176 add esp, 12
177 call TextBoxWrite, offset TmpDec, Newline
178 popf
179 ret
180
181TextBoxDecWrite endp
182
183
184TextBoxWrite proc uses eax ebx ecx edx edi esi, Str:DWORD, Newline:DWORD
185
186 pushf
187 call GetWindowTextLengthA, hBox ; Get edit text length
188
189 push eax
190 push eax
191 push EM_SETSEL
192 push hBox
193 call SendMessageA ; Set Caret to last char
194
195 push Str
196 push FALSE
197 push EM_REPLACESEL
198 push hBox
199 call SendMessageA ; Append new text
200
201 call SetFocus, hBox ; Set Focus to Edit Child
202
203 cmp Newline, 1 ; Add Return chars ?
204 jnz WRITE
205 call TextBoxWrite, offset CR_BLA, 0
206
207WRITE:
208 popf
209 ret
210
211TextBoxWrite endp
212
213;================================================================================
214;================ ToolTip Functions =============================================
215
216ToolTipIni proc uses eax ebx ecx edx edi esi
217
218 Call CreateWindowEx, NULL, offset TOOLTIPS_CLASSA, NULL, TTS_ALWAYSTIP, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInst, NULL
219 ret
220ToolTipIni endp
221KcommctrlInc_End:
diff --git a/other/burneye/tmp/PE-Crypt-1.02/k-data.inc b/other/burneye/tmp/PE-Crypt-1.02/k-data.inc
new file mode 100644
index 0000000..f235e34
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/k-data.inc
@@ -0,0 +1,307 @@
1
2UNICODE=0
3;============================================================
4;===== External Functions ===================================
5
6extrn WritePrivateProfileStringA:PROC
7extrn GetPrivateProfileStringA:PROC
8extrn IsDlgButtonChecked:PROC
9extrn CheckRadioButton:PROC
10extrn CheckDlgButton:PROC
11extrn lstrcmp:PROC
12extrn EnumDisplaySettingsA:proc
13extrn GetMenu:proc
14extrn EnableMenuItem:proc
15extrn SetWindowLongA:proc
16extrn LoadMenuA:proc
17extrn TrackPopupMenu:proc
18extrn GetSubMenu:proc
19extrn SetMenuItemInfoA:proc
20extrn _wsprintfA:PROC
21extrn GetWindowTextLengthA:PROC
22extrn AppendMenuA:PROC
23extrn GetSystemMenu:PROC
24extrn TerminateThread:PROC
25;============================================================
26;===== Resource Constants ===================================
27
28DLG_SPLASH EQU 101
29DLG_ABOUT EQU 102
30DLG_OPTION EQU 103
31DLG_LIST EQU 104
32DLG_MAIN EQU "PE-CRYPT32"
33
34MENU_MENU EQU 105
35
36ITEM_OPEN EQU 40001
37ITEM_SAVE EQU 40002
38ITEM_EXIT EQU 40003
39ITEM_PROT EQU 40004
40ITEM_OPTION EQU 40005
41ITEM_ABOUT EQU 40006
42
43PITEM_NONE EQU 40011
44PITEM_ENC EQU 40012
45PITEM_COM EQU 40013
46
47ACC_OPEN EQU 50001
48ACC_EXIT EQU 50003
49ACC_PROT EQU 50004
50ACC_OPTION EQU 50005
51
52ICON_MAIN EQU 106
53
54CTL_PROGBAR EQU 1001
55CTL_EDBOX EQU 1000
56CTL_LISTVIEW EQU 1015
57
58BS_CANCEL EQU 1002
59;============================================================
60;===== Win32 Constants ======================================
61
62LVIS_FOCUSED EQU 0001
63LVIS_SELECTED EQU 0002
64LVIS_CUT EQU 0004
65LVIS_DROPHILITED EQU 0008
66
67LVIS_OVERLAYMASK EQU 0F00
68LVIS_STATEIMAGEMASK EQU F000
69
70TPM_LEFTALIGN EQU 0000
71TPM_CENTERALIGN EQU 0004
72TPM_RIGHTALIGN EQU 0008
73
74CCS_ADJUSTABLE = 00000020h
75
76;============================================================
77;===== Variables ============================================
78.DATA
79 NThread_ID dd 0 ; identifier of the created thread
80 NThread_Handle dd 0 ; handle of the created thread
81ByteFmt db '%0lu Bytes',0
82Bytetmp db 30 dup (0)
83PointBuf db 30 dup (0)
84FileSizeStr db 'Filesize: ',0
85NFileSizeStr db 'New: ',0
86OFileSizeStr db 'Old: ',0
87ProtectStr db 'Press protect button',0
88DoneStr db 'All done, choose new file',0
89SizeBuf db 50 dup (0)
90NFileSize dd 0
91OFileSize dd 0
92Fmt1 db '%s %0lu Bytes',0
93Fmt2 db '%s %0lu Bytes - %s %0lu Bytes',0
94szBuf db 20 dup (0)
95szBufl equ ($-szBuf)
96;General:
97
98CancelMSG DB 'Are you sure you want to cancel the progress ?',0
99QuitMSG DB 'Are you sure you want to quit PE-Crypt32 ?',0
100NoneMSG DB 'Are you sure you want to change the status of this section?'
101
102 DB 0dh, 0ah,'The file may not work.',0
103DialogTitle DB 'PE-Crypt 1.02',0
104Seperator DB '=========================',0
105SemiSep DB 0dh, 0ah, '- - - - - - - - - - - - - - - - - - - - - - - - - -',0
106OpenOK DB ' successfully opened ..',0dh, 0ah,0
107Unload DB 'File successfully unloaded ..',0
108Dialogstr DB '#32770',0 ; standart dialog class name
109Break DB 0dh, 0ah,0 ; Return
110msg MSG <0>
111FileName2 DB 30 dup (0)
112FileName DB 260 dup (0)
113TmpStrBuf DB 30 dup (0)
114GetOpen DD 0 ; Boolean: TRUE if GetOpenFile dialog is opened
115
116lpszClassName DD 0
117szClassPE DB 'PE-CRYPT32',0 ; String for FakeWindow
118szTemp DB 20 dup (0)
119szClassKI DB 'KILLA 0000WNEZZZ',0 ; String for FakeWindow
120szClassRA DB 'RANDOM RUUULEZZZ',0 ; String for FakeWindow
121COMMANDLINE DD 0
122COMMANDLINE2 DD 0
123
124;Handles:
125
126hInst DD 0 ; Module Instance
127hMain DD 0
128hPrgrs DD 0 ; Progressbar handle
129hListV DD 0 ; ListView handle
130hToolBar DD 0
131hOwn DD 0
132
133;GetOpenFileName Refs:
134
135lStructSize DD 4ch
136hwndOwner DD 0
137hInstance DD 0
138lpstrFilter DD [strFilter]
139lpstrCustomFilter DD 0
140nMaxCustFilter DD 0
141nFilterIndex DD 0
142lpstrFile DD [CryptFile]
143nMaxFile DD 128
144lpstrFileTitle DD [FileName2] ; filebuffer
145nMaxFileTitle DD 0
146lpstrInitialDir DD 0
147lpstrTitle DD [strTitle]
148Flags DD OFN_HIDEREADONLY
149nFileOffset DW 0
150nFileExtension DW 0
151lpstrDefExt DD [strDefExt]
152lCustData DD 0
153lpfnHook DD 0;offset GetOpenFunc
154lpTemplateName DD 0
155
156strFilter DB 'Executable Files (*.exe, *.dll)',0,'*.exe;*.dll',0,'All files (*.*)',0,'*.*',0,0
157strTitle DB 'Choose Executable..',0
158strDefExt DB '*.exe',0
159
160;Inifile Strings:
161
162Section DB 'OPTIONS',0
163KeyAntiDebug DB 'Antidebug',0
164KeyVirus DB 'Virus',0
165KeyHooking DB 'Hooking',0
166KeyPE DB 'PEHeader',0
167KeyChecksums DB 'Checksum',0
168KeyReloc DB 'Relocation',0
169KeyGC DB 'Compression',0
170KeyRC DB 'Resource',0
171KeyRelocC DB 'RelocCompression',0
172KeyBackup DB 'Backup',0
173KeyIH DB 'ImportHiding',0
174KeyAntiL DB 'AntiMemPatch',0
175KeyAntiBPX DB 'AntiBPX',0
176KeyComp DB 'CompatibleMode',0
177
178CSWin DB 'Window',0
179CSHang DB 'Hang',0
180Reloc12 DB '12bit',0
181Reloc16 DB '16bit',0
182RelocC DB 'Compression',0
183ResC DB 'Compression',0
184ResE DB 'Encryption',0
185IniFile DB 'pe-crypt.ini',0
186StrTrue DB 'ON',0
187StrFalse DB 'OFF',0
188
189;List View Strings:
190
191SecName DB 'Name',0
192SecVadd DB 'Virtual Offset',0
193SecVsize DB 'Virtual Size',0
194SecRoff DB 'Raw Offset',0
195SecRsize DB 'Raw Size',0
196SecRchar DB 'Characteristics',0
197SecRstate DB 'Status',0
198SecNone DB 'None',0
199SecEnc DB 'Encrypt',0
200SecComp DB 'Compress',0
201SecOff DD [SecNone]
202 DD [SecEnc]
203 DD [SecComp]
204Sectmp DB 12 dup (0)
205Seccnt DD 0
206
207SectionData DB (28*50) dup (0) ; space for 50 sections
208SectionStates DB 50 dup (0)
209
210;Structures:
211
212wc WNDCLASSEX <0>
213
214RectData:
215rd_left DD 0
216rd_top DD 0
217rd_right DD 0
218rd_bottom DD 0
219
220DevData:
221 DB 42 dup (0ffh)
222dmBitsPerPel DD 0
223dmPelsWidth DD 0
224dmPelsHeight DD 0
225dmDisplayFlags DD 0
226dmDisplayFrequency DD 0
227
228Menuiteminfo:
229cbsize DD 2ch
230fMask DD 11h ;MIIM_CHECKMARKS
231fType DD 200h ;MFT_RADIOCHECK
232fState DD 8 ;MFS_CHECKED
233wID DD 0
234hSubMenu DD 0
235 DD 0, 0, 0, 0,0
236
237BOpenLabel DB 'Open',0
238BExitLabel DB 'Exit',0
239BProtectLabel DB 'Protect',0
240BOptionsLabel DB 'Options',0
241BAboutLabel DB 'About',0
242
243tdbutton:
244i0Bitmap DD 2
245i0dCommand DD 0
246f0sState DB TBSTATE_ENABLED
247f0sStyle DB TBSTYLE_SEP
248d0wData DD 0
249i0String DD [BOpenLabel]
250
251i1Bitmap DD 1
252i1dCommand DD ITEM_OPEN
253f1sState DB TBSTATE_ENABLED
254f1sStyle DB 0
255d1wData DD 0
256i1String DD [BOpenLabel]
257
258i2Bitmap DD 0
259i2dCommand DD 0
260f2sState DB TBSTATE_ENABLED
261f2sStyle DB TBSTYLE_SEP
262d2wData DD 0
263i2String DD 0
264
265i3Bitmap DD 3
266i3dCommand DD ITEM_PROT
267f3sState DB TBSTATE_ENABLED
268f3sStyle DB 0
269d3wData DD 0
270i3String DD [BProtectLabel]
271
272i4Bitmap DD 4
273i4dCommand DD ITEM_OPTION
274f4sState DB TBSTATE_ENABLED
275f4sStyle DB 0
276d4wData DD 0
277i4String DD [BOptionsLabel]
278
279i5Bitmap DD 0
280i5dCommand DD 0
281f5sState DB TBSTATE_ENABLED
282f5sStyle DB TBSTYLE_SEP
283d5wData DD 0
284i5String DD 0
285
286i6Bitmap DD 6
287i6dCommand DD ITEM_ABOUT
288f6sState DB TBSTATE_ENABLED
289f6sStyle DB 0
290d6wData DD 0
291i6String DD [BAboutLabel]
292
293i7Bitmap DD 7
294i7dCommand DD ITEM_EXIT
295f7sState DB TBSTATE_ENABLED
296f7sStyle DB 0
297d7wData DD 0
298i7String DD [BExitLabel]
299
300TOOLINFO:
301ti_cbSize DD 28
302ti_uFlags DD 1;TTF_IDISHWND
303ti_hwnd DD 0
304ti_uId DD 0
305ti_rect DD 0
306ti_hinst DD 0
307blatext DD [BExitLabel] \ No newline at end of file
diff --git a/other/burneye/tmp/PE-Crypt-1.02/k-engine.asm b/other/burneye/tmp/PE-Crypt-1.02/k-engine.asm
new file mode 100644
index 0000000..e01b2b8
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/k-engine.asm
@@ -0,0 +1,1223 @@
1; Changes since i sorted the source:
2;- Tooltips finally in
3;- pseudo - Statusbar
4;- more Warnings
5;- Size now in dec
6;- Updated Strings
7;- Commandline implemented again (without parameters)
8;- Confirmation prompts on exiting & canceling
9;- Cancel Button while protecting
10;- Protection now got own thread -> handling of window still possible while protecting
11;- Fixed TLINK parameter ('MAKEFILE') -> Real Win32 Exe (Mainwindow now Thin with icon and 3D, no more hooling of wm.. needed)
12;- Splash Screen on beginning
13;- Fixed Randoms gemecker (Working Section read routine implemented)
14;- Program can only be started once now
15;- Mainwindow now opened using a windows class (mainwnd now named 'PE-CRYPT32')
16;- Fixed that NT problem 100% (thx g-rom for help) - init now with WM_CREATE and after Creation
17;- Mainwindow now 'Resizing' with nice icon, but still unsizable cuz of hooking wm_sizing and wm_setcursor
18;- Nicer Toolbar, Protect button only enabled if file selected
19
20
21include K-Commctrl.inc
22
23.CODE
24
25start:
26kEngineAsm_Start:
27
28;********************************************************
29;***************** DLGPROC - FUNCTION *******************
30;********************************************************
31
32
33DlgProc proc uses ebx edi esi, hwnd:DWORD, wmsg:DWORD, wparam:DWORD, lparam:DWORD
34
35 cmp wmsg, WM_CREATE ; Startup
36 jz wmcreate
37 cmp wmsg, WM_DESTROY ; Window closed ?
38 jz wmdestroy
39 cmp wmsg, WM_CLOSE ; Window closed ?
40 jz id_cancel
41 cmp wmsg, WM_COMMAND ; Control used ?
42 jz wmcommand
43 cmp wmsg, WM_INITMENU
44 jz wminitmenu
45 cmp wmsg, WM_CONTEXTMENU
46 jz wmcontext
47 cmp wmsg,WM_NOTIFY
48 je wmnotify
49 cmp GetOpen, 1
50 jz CenterOpen
51 cmp COMMANDLINE2, 1
52 jz OpenCL
53 call DefWindowProc, hwnd,wmsg,wparam,lparam
54 jmp finish
55
56wmnotify:
57
58 mov ebx,[lparam] ;get pointer to NMHDR
59 cmp [(NMHDR ptr ebx).code],TTN_NEEDTEXT
60 jne defwndproc
61 mov eax,[(NMHDR ptr ebx).idFrom] ;resource id
62 push szBufl ;size of our buffer
63 push offset szBuf ;buffer to load string into
64 push eax ;resource extracted from TOOLTIPTEXT
65 push [hInst] ;Instance
66 call LoadString ;Load the tip from STRINGTABLE
67 mov ebx,[lparam] ;now just give him our buffer addr.
68 mov [(TOOLTIPTEXT ptr ebx).lpszText],offset szBuf
69 xor eax, eax
70 jmp finish
71
72wminitmenu:
73 jmp finish
74
75CenterOpen:
76
77 call FindWindow, offset Dialogstr, offset strTitle
78 call CenterWindow, eax
79 mov GetOpen, 0
80 jmp finish
81
82wmcontext:
83
84 call SendMessageA, wparam, LVM_GETSELECTEDCOUNT, 0, 0
85 test eax, eax
86 jz finish
87 Call LoadMenuA, hInst, 101
88 call GetSubMenu, eax, 0
89 push eax
90 mov ebx, lparam
91 movzx ebx, bx
92 mov ecx, lparam
93 shr ecx, 16
94 mov eax, wparam
95 mov hListV, eax
96; call LVGetSelected, hListV
97; movzx ebx, byte ptr SectionStates+eax
98; add ebx, PITEM_NONE
99; pop eax
100; push eax
101; mov hSubMenu, eax
102; call SetMenuItemInfoA, eax, ebx, 0, offset Menuiteminfo
103 pop eax
104 call TrackPopupMenu, eax, TPM_LEFTALIGN, ebx, ecx, 0, hwnd, 0
105 jmp finish
106
107
108
109wmcreate:
110
111 call SetWindowTextA, [hwnd], offset DialogTitle ; Set Title
112 mov eax, 0
113 jmp finish
114
115wmcommand:
116 cmp [wparam], IDCANCEL ; Window closed ?
117 je id_cancel
118 cmp [wparam], ITEM_OPEN ; Open
119 je Openbox
120 cmp [wparam], ACC_OPEN ; Open
121 je Openbox
122 cmp [wparam], ITEM_EXIT ; Exit
123 je id_cancel
124 cmp [wparam], ACC_EXIT ; Exit
125 je id_cancel
126 cmp [wparam], ITEM_ABOUT ; About
127 je about
128 cmp [wparam], ITEM_PROT ; Protect
129 je bt_protect
130 cmp [wparam], ACC_PROT ; Protect
131 je bt_protect
132 cmp [wparam], ITEM_OPTION ; Options
133 je bt_options
134 cmp [wparam], ACC_OPTION ; Options
135 je bt_options
136 cmp [wparam], PITEM_NONE
137 je bt_none
138 cmp [wparam], PITEM_ENC
139 je bt_enc
140 cmp [wparam], PITEM_COM
141 je bt_com
142 cmp [wparam], BS_CANCEL
143 je bt_cancel
144 jmp finish
145
146bt_cancel:
147
148 call CheckAbort
149 test eax, eax
150 jz finish
151 call TerminateThread, NThread_Handle, 0
152
153 mov esi,dword ptr [MemStart7]
154 mov ecx,(ToAdd_END - offset CRC_Block1)
155 mov edi,offset CRC_Block1
156 rep movsb
157
158 mov edi,offset Fhandle
159 mov ecx,(offset FICK - offset Fhandle)
160 xor al,al
161 rep stosb
162 Call Memory_DeAlloc
163
164 jmp EncryptionFinishedReturn
165
166bt_none:
167 mov eax, 0
168 lea esi, SecNone
169 jmp bt_context
170bt_enc:
171
172 mov eax, 1
173 lea esi, SecEnc
174 jmp bt_context
175bt_com:
176 mov eax, 2
177 lea esi, SecComp
178 jmp bt_context
179
180bt_context:
181 push eax
182 call LVGetSelected, hListV
183 mov edi, eax
184 pop eax
185 mov bl, byte ptr SectionStates+edi
186 cmp bl, 0
187 jnz Notnone
188 push eax
189 Call MessageBoxA, hMain, offset NoneMSG, offset DialogTitle, MB_YESNO + MB_ICONQUESTION
190 cmp eax, IDNO
191 pop eax
192 jz finish
193 Notnone:
194 mov byte ptr SectionStates+edi, al
195 call ListViewSubAdd, edi, 6, esi
196 jmp finish
197about:
198
199 call DialogBoxParamA, hInst, DLG_ABOUT, hMain , offset AboutProc, 0
200 jmp finish
201
202id_cancel:
203
204 call MessageBoxA, hMain, offset QuitMSG, offset DialogTitle, MB_YESNO + MB_ICONQUESTION
205 cmp eax, IDNO
206 jz finish
207 call EndDialog, [hwnd], 0
208 Call ExitProcess, 0
209 jmp finish ; unusefull ? ;)
210
211Openbox:
212
213 mov GetOpen, 1
214 call GetOpenFileNameA, offset lStructSize
215 test eax, eax
216 jz finish
217 OpenCL:
218
219 mov COMMANDLINE2, 0
220 call lstrlen, offset CryptFile
221 test eax, eax
222 jz finish
223 mov [FileNLength], eax
224 mov [FCpassd], 1
225
226 call ImportIniInfo ; really needed
227 call ReadSectionData ; read that section stuff into the buffer
228 call ListViewReset
229 call ImportSectionData
230 call TextBoxWrite, offset Seperator, 1
231 call TextBoxWrite, offset CryptFile, 0
232 call TextBoxWrite, offset OpenOK, 1
233 call GetMenu, [hwnd]
234 call EnableMenuItem, eax, 40004, MF_ENABLED
235 call SendMessageA, hToolBar, TB_ENABLEBUTTON , ITEM_PROT, TRUE
236
237 call CreateFile, offset CryptFile, GENERIC_READ, 0, 0, OPEN_EXISTING, 0, 0
238 mov Fhandle, eax
239 call GetFileSize, Fhandle, NULL
240 mov OFileSize, eax
241 call _wsprintfA, offset SizeBuf, offset Fmt1, offset FileSizeStr, eax
242 add esp, 16
243 call CloseHandle, Fhandle
244 call SetDlgItemText, hMain, 2001, offset SizeBuf
245 call SetDlgItemText, hMain, 2000, offset ProtectStr
246 jmp finish
247
248bt_protect:
249
250 cmp [FileNLength], 0
251 jz finish
252 call ImportIniInfo ; Import ini data
253 call GetCurrentProcessId ; get current process id
254
255 push eax ; push processid
256 push 0
257 push PROCESS_SET_INFORMATION+DEBUG_ONLY_THIS_PROCESS ; enable set information flag & debug flag
258 call OpenProcess ; open process and receive handle
259
260 push THREAD_PRIORITY_NORMAL
261 push eax ; push process handle
262 call SetPriorityClass ; set the priority class of this thread
263
264 push offset NThread_ID ; for later save of the thread id
265 push CREATE_SUSPENDED ; create a thread which runs after resumethread
266 push 0
267 push offset Cryptor_Start ; thread entrypoint
268 push 0
269 push 0
270 Call CreateThread ; create a new funny thread
271 mov dword ptr [NThread_Handle],eax ; save thread handle
272
273 push THREAD_PRIORITY_NORMAL
274 push dword ptr [NThread_Handle] ; push thread id
275 call SetThreadPriority ; set thread priority
276
277 push dword ptr [NThread_Handle] ; push thread handle
278 call ResumeThread ; resume the suspended thread
279 jmp EndCrypt
280
281EncryptionFinishedReturn:
282 call SendMessageA, [hPrgrs], WM_USER+2, 0,0 ; WM_USER+2 == PBM_SETPOS => clear Progressbar
283 call TextBoxWrite, offset SemiSep, 1
284 call TextBoxWrite, offset Unload, 1
285 call GetMenu, [hMain]
286 call EnableMenuItem, eax, ITEM_OPEN, MF_ENABLED
287 call GetMenu, [hMain]
288 call EnableMenuItem, eax, ITEM_EXIT, MF_ENABLED
289 call GetMenu, [hMain]
290 call EnableMenuItem, eax, ITEM_OPTION, MF_ENABLED
291 call SendMessageA, hToolBar, TB_ENABLEBUTTON , ITEM_OPEN, TRUE
292 call ListViewReset
293 call GetDlgItem, hMain, BS_CANCEL
294 call ShowWindow, eax, FALSE
295 call ShowWindow, hToolBar, TRUE
296
297 call CreateFile, offset CryptFile, GENERIC_READ, 0, 0, OPEN_EXISTING, 0, 0
298 mov Fhandle, eax
299 call GetFileSize, Fhandle, NULL
300 mov NFileSize, eax
301 call _wsprintfA, offset SizeBuf, offset Fmt2, offset OFileSizeStr, OFileSize, offset NFileSizeStr, NFileSize
302 add esp, 24
303 call CloseHandle, Fhandle
304 call SetDlgItemText, hMain, 2001, offset SizeBuf
305 call SetDlgItemText, hMain, 2000, offset DoneStr
306 cmp byte ptr [BACKUPMODE],0 ; are we allowed to generate a backup?
307 jnz finish
308 call DeleteFileA, offset BackupFile
309 jmp finish
310EndCrypt:
311 call ShowWindow, hToolBar, FALSE
312 call GetDlgItem, hMain, BS_CANCEL
313 call ShowWindow, eax, TRUE
314 call GetMenu, [hwnd]
315 call EnableMenuItem, eax, ITEM_PROT, MF_GRAYED
316 call GetMenu, [hwnd]
317 call EnableMenuItem, eax, ITEM_OPEN, MF_GRAYED
318 call GetMenu, [hwnd]
319 call EnableMenuItem, eax, ITEM_EXIT, MF_GRAYED
320 call GetMenu, [hwnd]
321 call EnableMenuItem, eax, ITEM_OPTION, MF_GRAYED
322 call SendMessageA, hToolBar, TB_ENABLEBUTTON , ITEM_PROT, FALSE
323 call SendMessageA, hToolBar, TB_ENABLEBUTTON , ITEM_OPEN, FALSE
324 jmp finish
325
326bt_options:
327
328 call DialogBoxParamA, [hInst], DLG_OPTION, [hMain], offset OptionsProc, 0
329 cmp [FileNLength], 0
330 jz finish
331 call ImportIniInfo ; really needed
332 call ReadSectionData ; read that section stuff into the buffer
333 call ListViewReset
334 call ImportSectionData
335 jmp finish
336
337wmdestroy:
338
339 call PostQuitMessage, 0
340 xor eax, eax
341defwndproc:
342 push [lparam]
343 push [wparam]
344 push [wmsg]
345 push [hwnd]
346 call DefWindowProc
347 jmp finish
348
349finish:
350
351 ret
352
353DlgProc endp
354
355;********************************************************
356;*************** OPTIONSPROC - FUNCTION *****************
357;********************************************************
358
359OptionsProc proc uses ebx edi esi, hOpt:DWORD, wmsg:DWORD, wparam:DWORD, lparam:DWORD
360
361 cmp [wmsg], WM_COMMAND ; Control used ?
362 je op_wmcommand
363 cmp [wmsg], WM_INITDIALOG ; Startup
364 je op_wmcreate
365 mov eax, FALSE
366 jmp op_finish ; Same as ABOVE !!! jmp to end of PROC
367
368op_wmcreate:
369
370 call CheckRadioButton, hOpt, 1008, 1009, 1008
371 call CheckRadioButton, hOpt, 1001, 1003, 1001 ; Initialize Radiobuttons if no Inifile
372 call CheckRadioButton, hOpt, 1101, 1103, 1101
373
374 call LoadIniData
375 jmp op_finish
376
377op_wmcommand:
378 cmp [wparam], 1
379 je op_OK
380 cmp [wparam], IDCANCEL
381 je op_CANCEL
382 cmp [wparam], 1013 ; CRC Box
383 je op_crcbox
384 jmp op_finish
385
386op_crcbox:
387 call IsDlgButtonChecked, hOpt, 1013 ; crcchecked
388 test eax, eax
389 jnz crcchecked
390 call GetDlgItem, hOpt, 1008
391 call EnableWindow, eax, FALSE
392 call GetDlgItem, hOpt, 1009
393 call EnableWindow, eax, FALSE
394 jmp finish
395
396crcchecked:
397 call GetDlgItem, hOpt, 1008
398 call EnableWindow, eax, TRUE
399 call GetDlgItem, hOpt, 1009
400 call EnableWindow, eax, TRUE
401 jmp finish
402
403op_OK:
404
405 call SaveIniData
406 jmp op_CANCEL
407
408op_CANCEL:
409
410 call EndDialog, [hOpt], 1
411 jmp op_finish
412
413op_finish:
414
415 ret
416OptionsProc endp
417
418;********************************************************
419;************** ABOUTPROC - FUNCTION ********************
420;********************************************************
421
422AboutProc proc hAbout:DWORD, wmsg:DWORD, wparam:DWORD, lparam:DWORD
423
424 cmp wmsg, WM_INITDIALOG
425 mov eax, TRUE
426 jz AboutCreate
427 cmp wmsg, WM_COMMAND
428 jnz Default
429 cmp word ptr [wparam], IDOK
430 jz AboutEnd
431 cmp word ptr [wparam], IDCANCEL
432 jnz Default
433AboutEnd:
434 call EndDialog, hAbout, TRUE
435 mov eax, TRUE
436 jmp Return
437AboutCreate:
438; call CenterWindow, hwnd
439 jmp Return
440Default:
441 mov eax, FALSE
442Return:
443 ret
444AboutProc endp
445
446SplashProc proc hAbout:DWORD, wmsg:DWORD, wparam:DWORD, lparam:DWORD
447
448 cmp wmsg, WM_INITDIALOG
449 jz SplashIni
450 cmp wmsg, WM_LBUTTONDOWN
451 jz SplashEnd
452 cmp wmsg, WM_RBUTTONDOWN
453 jz SplashEnd
454 cmp wmsg, WM_COMMAND
455 jz SplashEnd
456 cmp wmsg, 113h
457 jz TimerEnd
458 jmp SplashDefault
459
460SplashIni:
461 call SetTimer, hAbout, 34, 2000, NULL
462 jmp SplashDefault
463
464TimerEnd:
465 cmp wparam, 34
466 jnz SplashDefault
467
468SplashEnd:
469 call EndDialog, hAbout, TRUE
470 mov eax, TRUE
471 jmp SplashReturn
472
473SplashDefault:
474 mov eax, FALSE
475
476SplashReturn:
477 ret
478SplashProc endp
479
480GetOpenFunc proc uses ebx edi esi, hwnd:DWORD, wmsg:DWORD, wparam:DWORD, lparam:DWORD
481
482 cmp [wmsg], WM_INITDIALOG ; Startup
483 je go_wmcreate
484 jmp go_finish
485go_wmcreate:
486 call CenterWindow, hwnd
487go_finish:
488 ret
489GetOpenFunc endp
490
491;********************************************************
492;************* SaveIniData - SUBFUNCTION ****************
493;********************************************************
494
495SaveIniData proc uses eax ebx edi esi
496
497 call IsDlgButtonChecked, hOpt, 1001 ; reloc12
498 test eax, eax
499 jz op_RE12
500 call WritePrivateProfileStringA, offset Section, offset KeyReloc, offset Reloc12, offset IniFile
501op_RE12:
502 call IsDlgButtonChecked, hOpt, 1002 ; reloc16
503 test eax, eax
504 jz op_RE16
505 call WritePrivateProfileStringA, offset Section, offset KeyReloc, offset Reloc16, offset IniFile
506op_RE16:
507 call IsDlgButtonChecked, hOpt, 1003 ; reloc16
508 test eax, eax
509 jz op_REC
510 call WritePrivateProfileStringA, offset Section, offset KeyReloc, offset RelocC, offset IniFile
511op_REC:
512 call WritePrivateProfileStringA, offset Section, offset KeyGC, offset StrFalse, offset IniFile
513 call IsDlgButtonChecked, hOpt, 1004 ; GC
514 test eax, eax
515 jz op_GC
516 call WritePrivateProfileStringA, offset Section, offset KeyGC, offset StrTrue, offset IniFile
517op_GC:
518 call WritePrivateProfileStringA, offset Section, offset KeyRC, offset StrFalse, offset IniFile
519 call IsDlgButtonChecked, hOpt, 1101 ; RC
520 test eax, eax
521 jz op_RC
522 call WritePrivateProfileStringA, offset Section, offset KeyRC, offset ResC, offset IniFile
523op_RC:
524 call IsDlgButtonChecked, hOpt, 1102 ; RC
525 test eax, eax
526 jz op_RE
527 call WritePrivateProfileStringA, offset Section, offset KeyRC, offset ResE, offset IniFile
528op_RE:
529 call IsDlgButtonChecked, hOpt, 1103 ; RC
530 test eax, eax
531 jz op_RN
532 call WritePrivateProfileStringA, offset Section, offset KeyRC, offset StrFalse, offset IniFile
533op_RN:
534 call WritePrivateProfileStringA, offset Section, offset KeyAntiDebug, offset StrFalse, offset IniFile
535 call IsDlgButtonChecked, hOpt, 1006 ; antidebug
536 test eax, eax
537 jz op_AD
538 call WritePrivateProfileStringA, offset Section, offset KeyAntiDebug, offset StrTrue, offset IniFile
539op_AD:
540 call WritePrivateProfileStringA, offset Section, offset KeyVirus, offset StrFalse, offset IniFile
541 call IsDlgButtonChecked, hOpt, 1007 ; Virus
542 test eax, eax
543 jz op_VH
544 call WritePrivateProfileStringA, offset Section, offset KeyVirus, offset StrTrue, offset IniFile
545op_VH:
546 call WritePrivateProfileStringA, offset Section, offset KeyChecksums, offset StrFalse, offset IniFile
547 call IsDlgButtonChecked, hOpt, 1013 ; Checksums
548 test eax, eax
549 jnz op_crc
550 call WritePrivateProfileStringA, offset Section, offset KeyChecksums, offset StrFalse, offset IniFile
551 jmp op_CH
552op_crc:
553 call IsDlgButtonChecked, hOpt, 1008 ; CRCWin
554 test eax, eax
555 jz op_CW
556 call WritePrivateProfileStringA, offset Section, offset KeyChecksums, offset CSWin, offset IniFile
557op_CW:
558 call IsDlgButtonChecked, hOpt, 1009 ; CRCHang
559 test eax, eax
560 jz op_CH
561 call WritePrivateProfileStringA, offset Section, offset KeyChecksums, offset CSHang, offset IniFile
562op_CH:
563 call WritePrivateProfileStringA, offset Section, offset KeyHooking, offset StrFalse, offset IniFile
564 call IsDlgButtonChecked, hOpt, 1010 ; Hooking
565 test eax, eax
566 jz op_AH
567 call WritePrivateProfileStringA, offset Section, offset KeyHooking, offset StrTrue, offset IniFile
568op_AH:
569 call WritePrivateProfileStringA, offset Section, offset KeyPE, offset StrFalse, offset IniFile
570 call IsDlgButtonChecked, hOpt, 1011 ; PEheader
571 test eax, eax
572 jz op_PE
573 call WritePrivateProfileStringA, offset Section, offset KeyPE, offset StrTrue, offset IniFile
574op_PE:
575 call WritePrivateProfileStringA, offset Section, offset KeyBackup, offset StrFalse, offset IniFile
576 call IsDlgButtonChecked, hOpt, 1014 ; Backup
577 test eax, eax
578 jz op_BA
579 call WritePrivateProfileStringA, offset Section, offset KeyBackup, offset StrTrue, offset IniFile
580op_BA:
581 call WritePrivateProfileStringA, offset Section, offset KeyIH, offset StrFalse, offset IniFile
582 call IsDlgButtonChecked, hOpt, 1005 ; ImportHiding
583 test eax, eax
584 jz op_IM
585 call WritePrivateProfileStringA, offset Section, offset KeyIH, offset StrTrue, offset IniFile
586op_IM:
587 call WritePrivateProfileStringA, offset Section, offset KeyAntiL, offset StrFalse, offset IniFile
588 call IsDlgButtonChecked, hOpt, 1012 ; AntiLoader
589 test eax, eax
590 jz op_AL
591 call WritePrivateProfileStringA, offset Section, offset KeyAntiL, offset StrTrue, offset IniFile
592op_AL:
593 call WritePrivateProfileStringA, offset Section, offset KeyAntiBPX, offset StrFalse, offset IniFile
594 call IsDlgButtonChecked, hOpt, 1015 ; AntiBPX
595 test eax, eax
596 jz op_AB
597 call WritePrivateProfileStringA, offset Section, offset KeyAntiBPX, offset StrTrue, offset IniFile
598op_AB:
599 call WritePrivateProfileStringA, offset Section, offset KeyComp, offset StrFalse, offset IniFile
600 call IsDlgButtonChecked, hOpt, 1000 ; InfoMode
601 test eax, eax
602 jz op_CM
603 call WritePrivateProfileStringA, offset Section, offset KeyComp, offset StrTrue, offset IniFile
604op_CM:
605 ret
606SaveIniData endp
607
608;********************************************************
609;************* LoadIniData - SUBFUNCTION ****************
610;********************************************************
611
612LoadIniData proc uses eax ebx esi edi
613
614 call GetPrivateProfileStringA, offset Section, offset KeyReloc, offset Reloc12, offset TmpStrBuf, 30 , offset IniFile
615 call lstrcmp, offset TmpStrBuf, offset Reloc12
616 test eax, eax
617 jnz op2_RE12
618 call CheckRadioButton, hOpt, 1001, 1003, 1001; reloc12
619op2_RE12:
620 call lstrcmp, offset TmpStrBuf, offset Reloc16
621 test eax, eax
622 jnz op2_RE16
623 call CheckRadioButton, hOpt, 1001, 1003, 1002; reloc16
624op2_RE16:
625 call lstrcmp, offset TmpStrBuf, offset RelocC
626 test eax, eax
627 jnz op2_REC
628 call CheckRadioButton, hOpt, 1001, 1003, 1003; reloc16
629op2_REC:
630 call GetPrivateProfileStringA, offset Section, offset KeyGC, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
631 call lstrcmp, offset TmpStrBuf, offset StrTrue
632 test eax, eax
633 jnz op2_GC
634 call CheckDlgButton, hOpt, 1004 ; GC
635 sub esp, 4
636op2_GC:
637 call GetPrivateProfileStringA, offset Section, offset KeyRC, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
638 call lstrcmp, offset TmpStrBuf, offset ResC
639 test eax, eax
640 jnz op2_RC
641 call CheckRadioButton, hOpt, 1101 , 1103, 1101; RC
642op2_RC:
643 call lstrcmp, offset TmpStrBuf, offset ResE
644 test eax, eax
645 jnz op2_RE
646 call CheckRadioButton, hOpt, 1101, 1103, 1102 ; RC
647op2_RE:
648 call lstrcmp, offset TmpStrBuf, offset StrFalse
649 test eax, eax
650 jnz op2_RN
651 call CheckRadioButton, hOpt, 1101, 1103, 1103 ; RC
652op2_RN:
653 call GetPrivateProfileStringA, offset Section, offset KeyAntiDebug, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
654 call lstrcmp, offset TmpStrBuf, offset StrTrue
655 test eax, eax
656 jnz op2_AD
657 call CheckDlgButton, hOpt, 1006 ; antidebug
658 sub esp, 4
659op2_AD:
660 call GetPrivateProfileStringA, offset Section, offset KeyVirus, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
661 call lstrcmp, offset TmpStrBuf, offset StrTrue
662 test eax, eax
663 jnz op2_VH
664 call CheckDlgButton, hOpt, 1007 ; Virus
665 sub esp, 4
666op2_VH:
667 call GetPrivateProfileStringA, offset Section, offset KeyChecksums, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
668 call lstrcmp, offset TmpStrBuf, offset StrFalse
669 test eax, eax
670 jz op2_CH
671 call CheckDlgButton, hOpt, 1013 ; CRC
672 sub esp, 4
673 call GetDlgItem, hOpt, 1008
674 call EnableWindow, eax, TRUE
675 call GetDlgItem, hOpt, 1009
676 call EnableWindow, eax, TRUE
677 call lstrcmp, offset TmpStrBuf, offset CSWin
678 test eax, eax
679 jnz op2_CW
680 call CheckRadioButton, hOpt, 1008, 1009, 1008
681op2_CW:
682 call lstrcmp, offset TmpStrBuf, offset CSHang
683 test eax, eax
684 jnz op2_CH
685 call CheckRadioButton, hOpt, 1008, 1009, 1009
686
687op2_CH:
688 call GetPrivateProfileStringA, offset Section, offset KeyHooking, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
689 call lstrcmp, offset TmpStrBuf, offset StrTrue
690 test eax, eax
691 jnz op2_AH
692 call CheckDlgButton, hOpt, 1010 ; Hooking
693 sub esp, 4
694op2_AH:
695 call GetPrivateProfileStringA, offset Section, offset KeyPE, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
696 call lstrcmp, offset TmpStrBuf, offset StrTrue
697 test eax, eax
698 jnz op2_PE
699 call CheckDlgButton, hOpt, 1011 ; PEheader
700 sub esp, 4
701op2_PE:
702 call GetPrivateProfileStringA, offset Section, offset KeyIH, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
703 call lstrcmp, offset TmpStrBuf, offset StrTrue
704 test eax, eax
705 jnz op2_IM
706 call CheckDlgButton, hOpt, 1005 ; TmportHiding
707 sub esp, 4
708op2_IM:
709 call GetPrivateProfileStringA, offset Section, offset KeyAntiL, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
710 call lstrcmp, offset TmpStrBuf, offset StrTrue
711 test eax, eax
712 jnz op2_AL
713 call CheckDlgButton, hOpt, 1012 ; AntiLoader
714 sub esp, 4
715op2_AL:
716 call GetPrivateProfileStringA, offset Section, offset KeyAntiBPX, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
717 call lstrcmp, offset TmpStrBuf, offset StrTrue
718 test eax, eax
719 jnz op2_AB
720 call CheckDlgButton, hOpt, 1015 ; Antibpx
721 sub esp, 4
722op2_AB:
723 call GetPrivateProfileStringA, offset Section, offset KeyBackup, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
724 call lstrcmp, offset TmpStrBuf, offset StrTrue
725 test eax, eax
726 jnz op2_BA
727 call CheckDlgButton, hOpt, 1014 ; Backup
728 sub esp, 4
729op2_BA:
730 call GetPrivateProfileStringA, offset Section, offset KeyComp, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
731 call lstrcmp, offset TmpStrBuf, offset StrTrue
732 test eax, eax
733 jnz op2_CM
734 call CheckDlgButton, hOpt, 1000 ; Backup
735 sub esp, 4
736op2_CM:
737 ret
738
739LoadIniData endp
740
741;********************************************************
742;************ ImportIniInfo - SUBFUNCTION ***************
743;********************************************************
744
745ImportIniInfo proc uses eax ebx edi esi
746
747 call GetPrivateProfileStringA, offset Section, offset KeyReloc, offset Reloc12, offset TmpStrBuf, 30 , offset IniFile
748 call lstrcmp, offset TmpStrBuf, offset Reloc12
749 test eax, eax
750 jnz iii_RE12
751 mov ARTOFRELOC, 0
752iii_RE12:
753 call lstrcmp, offset TmpStrBuf, offset Reloc16
754 test eax, eax
755 jnz iii_RE16
756 mov ARTOFRELOC, 1
757iii_RE16:
758 mov RELOCCOMP, 0
759 call lstrcmp, offset TmpStrBuf, offset RelocC
760 test eax, eax
761 jnz iii_REC
762 mov RELOCCOMP, 1
763iii_REC:
764 mov COMPRESSION, 0
765 call GetPrivateProfileStringA, offset Section, offset KeyGC, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
766 call lstrcmp, offset TmpStrBuf, offset StrTrue
767 test eax, eax
768 jnz iii_GC
769 mov COMPRESSION, 1
770iii_GC:
771 call GetPrivateProfileStringA, offset Section, offset KeyRC, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
772 call lstrcmp, offset TmpStrBuf, offset ResC
773 test eax, eax
774 jnz iii_RC
775 mov RESOURCECOMP, 1
776iii_RC:
777 call lstrcmp, offset TmpStrBuf, offset ResE
778 test eax, eax
779 jnz iii_RE
780 mov RESOURCECOMP, 0
781iii_RE:
782 call lstrcmp, offset TmpStrBuf, offset StrFalse
783 test eax, eax
784 jnz iii_RN
785 mov RESOURCECOMP, 2
786iii_RN:
787 mov ANTID, 0
788 call GetPrivateProfileStringA, offset Section, offset KeyAntiDebug, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
789 call lstrcmp, offset TmpStrBuf, offset StrTrue
790 test eax, eax
791 jnz iii_AD
792 mov ANTID, 1
793iii_AD:
794 mov VHEURISTIC, 0
795 call GetPrivateProfileStringA, offset Section, offset KeyVirus, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
796 call lstrcmp, offset TmpStrBuf, offset StrTrue
797 test eax, eax
798 jnz iii_VH
799 mov VHEURISTIC, 1
800iii_VH:
801 mov CRCM, 0
802 call GetPrivateProfileStringA, offset Section, offset KeyChecksums, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
803 call lstrcmp, offset TmpStrBuf, offset StrFalse
804 test eax, eax
805 jz iii_CH
806 call lstrcmp, offset TmpStrBuf, offset CSWin
807 test eax, eax
808 jnz iii_CW
809 mov CRCM, 2
810iii_CW:
811 call lstrcmp, offset TmpStrBuf, offset CSHang
812 test eax, eax
813 jnz iii_CH
814 mov CRCM, 1
815
816iii_CH:
817 mov HOOKFUNC, 0
818 call GetPrivateProfileStringA, offset Section, offset KeyHooking, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
819 call lstrcmp, offset TmpStrBuf, offset StrTrue
820 test eax, eax
821 jnz iii_AH
822 mov HOOKFUNC, 1
823iii_AH:
824 mov KILLH, 0
825 call GetPrivateProfileStringA, offset Section, offset KeyPE, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
826 call lstrcmp, offset TmpStrBuf, offset StrTrue
827 test eax, eax
828 jnz iii_PE
829 mov KILLH, 1
830iii_PE:
831 mov IMPORTD, 0
832 call GetPrivateProfileStringA, offset Section, offset KeyIH, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
833 call lstrcmp, offset TmpStrBuf, offset StrTrue
834 test eax, eax
835 jnz iii_IM
836 mov IMPORTD, 1
837iii_IM:
838 mov ANTILOADER, 0
839 call GetPrivateProfileStringA, offset Section, offset KeyAntiL, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
840 call lstrcmp, offset TmpStrBuf, offset StrTrue
841 test eax, eax
842 jnz iii_AL
843 mov ANTILOADER, 1
844iii_AL:
845 mov ANTIBPX, 0
846 call GetPrivateProfileStringA, offset Section, offset KeyAntiBPX, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
847 call lstrcmp, offset TmpStrBuf, offset StrTrue
848 test eax, eax
849 jnz iii_AB
850 mov ANTIBPX, 1
851iii_AB:
852 mov BACKUPMODE, 0
853 call GetPrivateProfileStringA, offset Section, offset KeyBackup, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
854 call lstrcmp, offset TmpStrBuf, offset StrTrue
855 test eax, eax
856 jnz iii_BA
857 mov BACKUPMODE, 1
858iii_BA:
859 mov COMPATIBLE, 0
860 call GetPrivateProfileStringA, offset Section, offset KeyComp, offset StrFalse, offset TmpStrBuf, 30 , offset IniFile
861 call lstrcmp, offset TmpStrBuf, offset StrTrue
862 test eax, eax
863 jnz iii_CM
864 mov COMPATIBLE, 1
865iii_CM:
866 ret
867
868ImportIniInfo endp
869
870;********************************************************
871;********** ImportSectionData - SUBFUNCTION *************
872;********************************************************
873
874ImportSectionData proc uses eax ebx ecx edx edi esi ebp
875
876 lea edi, SectionData
877
878ISD_Start:
879 mov ebp, edi ; save edi
880 lea edi, Sectmp
881 mov eax, 0
882 mov ecx, 12
883 repz stosb ; clean tmpbuf
884 lea edi, Sectmp
885 mov esi, ebp
886 mov ecx, 8
887 repz movsb ; copy sectionname
888 mov edi, ebp
889 call ListViewAdd, offset Sectmp
890 add edi, 8
891 call _wsprintfA, offset Sectmp, offset HexFmt, dword ptr [edi]
892 add esp, 12
893 call ListViewSubAdd, Seccnt, 1, offset Sectmp
894 add edi, 4
895 call _wsprintfA, offset Bytetmp, offset ByteFmt, dword ptr [edi]
896 add esp, 12
897 call ListViewSubAdd, Seccnt, 2, offset Bytetmp
898 add edi, 4
899 call _wsprintfA, offset Sectmp, offset HexFmt, dword ptr [edi]
900 add esp, 12
901 call ListViewSubAdd, Seccnt, 3, offset Sectmp
902 add edi, 4
903 call _wsprintfA, offset Bytetmp, offset ByteFmt, dword ptr [edi]
904 add esp, 12
905 call ListViewSubAdd, Seccnt, 4, offset Bytetmp
906 add edi, 4
907 call _wsprintfA, offset Sectmp, offset HexFmt, dword ptr [edi]
908 add esp, 12
909 call ListViewSubAdd, Seccnt, 5, offset Sectmp
910 add edi, 4
911
912 mov eax, Seccnt
913 movzx eax, byte ptr SectionStates+eax
914 imul eax, 4
915 lea esi, SecOff
916 add esi, eax
917 call ListViewSubAdd, Seccnt, 6, dword ptr [esi]
918 inc Seccnt
919 cmp dword ptr [edi], 0
920 jnz ISD_Start
921 mov Seccnt, 0
922 ret
923
924ImportSectionData endp
925
926;********************************************************
927;************ LVGetSelected - SUBFUNCTION ***************
928;********************************************************
929
930LVGetSelected proc uses ebx ecx edx edi esi, hwnd:DWORD
931
932 call SendMessageA, hwnd, LVM_GETITEMCOUNT, 0, 0
933 mov ebx, eax
934 xor edi, edi
935 NextItem:
936 call SendMessageA, hwnd, LVM_GETITEMSTATE, edi, LVIS_SELECTED
937 test eax, eax
938 jnz SelItem
939 inc edi
940 cmp ebx, edi
941 jnz NextItem
942 mov edi, -1
943 SelItem:
944 mov eax, edi
945 ret
946
947LVGetSelected endp
948
949;********************************************************
950;************ CenterWindow - SUBFUNCTION ****************
951;********************************************************
952
953CenterWindow proc uses eax ebx ecx edx edi esi, hwnd:DWORD
954
955 call GetDesktopWindow
956 call GetWindowRect, eax, offset RectData
957 mov edx, rd_right
958 mov ecx, rd_bottom
959 push edx
960 push ecx
961 call GetWindowRect, hwnd, offset RectData
962 mov eax, rd_bottom
963 sub eax, rd_top
964 pop ecx
965 sub ecx, eax
966 xchg ecx, eax
967 push ecx
968 mov ebx, 2
969 cdq
970 div bx
971 mov ebx, rd_right
972 sub ebx, rd_left
973 pop ecx
974 pop edx
975 sub edx, ebx
976 push eax
977 mov eax, edx
978 mov edx, ebx
979 push edx
980 mov ebx, 2
981 cdq
982 div bx
983 pop edx
984 pop ebx
985 call MoveWindow, hwnd, eax, ebx, edx, ecx, TRUE
986
987 ret
988CenterWindow endp
989
990;********************************************************
991;************** CheckAbort - SUBFUNCTION ****************
992;********************************************************
993
994CheckAbort proc uses ebx ecx edx esi edi ebp
995
996 call SuspendThread, NThread_Handle
997 call MessageBoxA, hMain, offset CancelMSG, offset DialogTitle, MB_YESNO + MB_ICONQUESTION
998 cmp eax, IDNO
999 mov eax, 0
1000 jz CA_End
1001 call CloseHandle, Fhandle
1002 call CopyFileA, offset BackupFile, offset CryptFile, FALSE
1003 call DeleteFileA, offset BackupFile
1004 mov eax, 1
1005
1006CA_End:
1007 push eax
1008 call SetThreadPriority, NThread_Handle, THREAD_PRIORITY_NORMAL ; set thread priority
1009 call ResumeThread, NThread_Handle
1010 pop eax
1011 ret
1012
1013CheckAbort endp
1014
1015;********************************************************
1016;************** CheckAbort - SUBFUNCTION ****************
1017;********************************************************
1018
1019AddPoints proc uses ebx ecx edx esi edi ebp, Str:DWORD
1020
1021 mov eax, 20h
1022 mov ecx, -1
1023 mov edi, Str
1024 repnz scasb
1025 not ecx
1026
1027 mov esi, edi
1028 lea edi, PointBuf
1029
1030AddPoints endp
1031;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
1032;some procs (now located in this file, cause i had some problems with compiling)
1033;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
1034
1035;display resource informations
1036;
1037DisplayResourceInformation proc
1038 pushad
1039 WriteConsole2 <offset Baukasten12>
1040 WriteConsole2 <offset Baukasten15> <Baukasten15L
1041 cmp byte ptr [RCompress],0 ; any previous compression try?
1042 jz NoPreviousTryResources ; no? then jump
1043 WriteConsole2 <offset Baukasten16>
1044NoPreviousTryResources:
1045 cmp byte ptr [RESOURCECOMP],1
1046 jz DisplayRcompression
1047 WriteConsole2 <offset Baukasten13>
1048Tittenkosten5mark90:
1049 popad
1050 ret
1051DisplayRcompression:
1052 WriteConsole2 <offset Baukasten14>
1053 popad
1054 ret
1055DisplayResourceInformation endp
1056
1057
1058;display new informations
1059;like packing ratio
1060;
1061DisplayStatistic proc
1062 pushad
1063 cmp byte ptr [INFOMODE],0 ; check if infomode is enabled
1064 jz NoAnnoyingStatistic ; if yes, then goto ret
1065
1066 mov eax,CurrentPhysS ; get current physicalsize
1067 cmp dword ptr [NewPhysS],eax ; get the new size
1068 jae NoCompressionused ; if equal then no compression
1069 ; was used
1070 cmp dword ptr [NewPhysS],0 ; compression is off
1071 jz NoCompressionused2 ; jump and display crap ;)
1072
1073 WriteConsole2 <offset Baukasten5>
1074 WriteConsole2 <offset Baukasten7>
1075 mov esi,dword ptr [CurrentPhysS]
1076 mov edi,offset PhysString
1077 call dword2hex ; convert to hexadecimal string
1078 WriteConsole2 <offset PhysString> ; <10> ; display the old physicalsize
1079
1080 WriteConsole2 <offset Baukasten8>
1081 mov esi,dword ptr [NewPhysS]
1082 mov edi,offset NewPhysString
1083 call dword2hex ; convert to hexadecimal string
1084 WriteConsole2 <offset NewPhysString> ; <10> ; display the old physicalsize
1085
1086 ;Prozentberechnung
1087 ;% = 100 - (NewPhysS*100/CurrentPhysS) :)
1088 mov eax,100
1089 mov ecx,dword ptr [NewPhysS]
1090 mul ecx
1091
1092 mov ecx,dword ptr [CurrentPhysS]
1093 xor edx,edx
1094 div ecx
1095 mov ebx,100
1096 sub ebx,eax
1097 xchg ebx,eax
1098
1099 mov esi,offset PercentString+4
1100 call Hex2DecimalString
1101 mov esi,offset PercentString
1102 mov edi,offset NewStringi
1103 mov ecx,4
1104Parsethem:
1105 lodsb
1106 cmp al,20h
1107 jz nowaysuckaahh
1108 stosb
1109nowaysuckaahh:
1110 dec ecx
1111 jnz Parsethem
1112 mov al,"%"
1113 stosb
1114 xor al,al
1115 stosb
1116
1117 WriteConsole2 <offset Baukasten9>
1118 WriteConsole2 <offset NewStringi>
1119
1120 WriteConsole2 <offset ReturnChars>
1121NoAnnoyingStatistic:
1122 popad
1123 ret
1124
1125NoCompressionused:
1126 WriteConsole2 <offset Baukasten11>
1127 WriteConsole2 <offset ReturnChars>
1128 popad
1129 ret
1130
1131NoCompressionused2:
1132 WriteConsole2 <offset Baukasten10>
1133 WriteConsole2 <offset ReturnChars>
1134 popad
1135 ret
1136
1137
1138DisplayStatistic endp
1139
1140Hex2DecimalString proc
1141 mov cx,0Ah ; divide by 10 to get decimal values
1142CalculateAgain:
1143 xor dx,dx
1144 div cx
1145 add dl,30h
1146Label9:
1147 dec esi
1148 mov [esi],dl
1149 or ax,ax
1150 jnz CalculateAgain
1151 ret
1152Hex2DecimalString endp
1153
1154
1155;display routine for the object process counter
1156;another damn design crap ;)
1157;
1158DisplayCounter proc
1159 pushad
1160 cmp byte ptr [INFOMODE],0 ; check if infomode is enabled
1161 jz NoAnnoyingStatistic2 ; if yes, then goto ret
1162
1163 mov ax,word ptr [OBJnumber] ; get the current obj number
1164 mov esi,offset Displaystring+3
1165 call Hex2DecimalString
1166
1167 WriteConsole2 <offset Baukasten>
1168 WriteConsole2 <offset Displaystring>
1169
1170 WriteConsole2 <offset Baukasten2>
1171
1172 mov esi,dword ptr [CurrentRVA] ; get the current rva (only 1 word)
1173 mov edi,offset RVAString
1174 call dword2hex ; convert to hexadecimal string
1175 WriteConsole2 <offset RVAString> ; display the rva value
1176 WriteConsole2 <offset Baukasten3>
1177 mov esi,dword ptr [CurrentVSIZE]
1178 mov edi,offset VsizeString
1179 call dword2hex ; convert to hexadecimal string
1180 WriteConsole2 <offset VsizeString> ; <10> ; display the current vsize value
1181
1182 WriteConsole2 <offset Baukasten4>
1183
1184 mov esi,dword ptr [CurrentFLAGS]
1185 mov edi,offset FlagString
1186 call dword2hex ; convert to hexadecimal string
1187 WriteConsole2 <offset FlagString> ;<11> ; display the current vsize value
1188
1189NoAnnoyingStatistic2:
1190 popad
1191 ret
1192DisplayCounter endp
1193
1194
1195
1196dword2hex proc
1197 mov eax,esi
1198 mov ecx,4
1199 xor ebx,ebx
1200Convert_it:
1201 rol eax,8 ; rotate 8 bits
1202 push eax
1203 xor bh,bh
1204 mov bl,al
1205 mov dl,al
1206 shr bl,4
1207 mov al,[ebx+HTable]
1208 stosb
1209 mov bl,dl
1210 and bl,0Fh
1211 mov al,[ebx+HTable]
1212 stosb
1213 pop eax
1214 dec ecx
1215 jnz Convert_it
1216 ret
1217dword2hex endp
1218
1219kEngineAsm_End:
1220
1221 Include r-Cryptor.asm ; the main encryption routine...
1222 include r-sread.inc ; include the section stat crap
1223
diff --git a/other/burneye/tmp/PE-Crypt-1.02/k-menu.inc b/other/burneye/tmp/PE-Crypt-1.02/k-menu.inc
new file mode 100644
index 0000000..7877ccf
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/k-menu.inc
@@ -0,0 +1,106 @@
1KMenuInc_Start:
2MenuStart Proc
3 call DialogBoxParamA, [hInst], DLG_LIST, [hMain], offset ListProc, 0
4 ret
5MenuStart EndP
6
7
8ListProc proc uses ebx edi esi, hwnd:DWORD, wmsg:DWORD, wparam:DWORD, lparam:DWORD
9
10 cmp [wmsg], WM_INITDIALOG
11 jz lp_wmcreate
12 cmp [wmsg], WM_COMMAND ; EIN BUTTON ?
13 je lp_wmcommand
14 cmp [wmsg], WM_DESTROY
15 je ListEnd
16 xor eax, eax
17 jmp ListEnd
18lp_wmcreate:
19 call ListBoxIni, [hwnd], 1001
20; call CenterWindow, hwnd
21
22; Dialog Title Selector
23 movzx eax, DialogAPI
24 shl eax, 2
25 call SetWindowTextA, [hwnd], dword ptr [offset DialogTable+eax]
26 mov edi,dword ptr [FunctionCounter] ; get the first function name
27 mov eax,60
28 mul edi ; multiply it by 60
29 add eax,dword ptr [TextBuffer]
30 xchg eax,edi ; edi points to the fucking first functionname
31 mov ecx,dword ptr [YSize] ; 25 = normal mode (80*60)
32
33RefreshFunctionNames:
34
35 push ecx
36
37 cmp byte ptr [edi],0 ; end of the functiontable?
38 jz FunctionTableEnd ; if yes, then jump
39 mov esi,edi ; esi = pointer to the string offset
40 xor al,al
41 mov ecx,0FFFFFFFFh ; <- lame eh?
42 repnz scasb ; scan for null terminated string m0thafuckah
43 mov ecx,60
44ParseFunctionName:
45 cmp byte ptr [edi],0
46 jnz FunctionNameParsed
47SecondChar:
48 inc edi
49 dec ecx
50 jnz ParseFunctionName
51FunctionNameParsed:
52 cmp byte ptr [edi],90h
53 jz SecondChar
54 push esi ; push the functionname
55 call ListBoxAdd ; call the r0cking diSplayr0utine
56 pop ecx
57 dec ecx
58 jmp RefreshFunctionNames
59
60FunctionTableEnd:
61 pop ecx
62 mov eax, TRUE
63 jmp ListEnd
64
65lp_wmcommand:
66 cmp [wparam], 1
67 je lp_OK
68 cmp [wparam], IDCANCEL
69 je lp_OK
70 jmp ListEnd
71lp_OK:
72;int 3
73 Call SendMessageA, hList, LB_GETSELITEMS, 500, offset FunctionT
74 lea edi, FunctionT
75 lea esi, FunctionT
76FormatFT:
77 lodsd
78 stosw
79 cmp dword ptr [esi], 0
80 jnz FormatFT
81 mov ecx, edi
82 sub ecx, offset FunctionT
83 mov eax, 0
84 rep stosb
85 call EndDialog, [hwnd], 1
86 jmp ListEnd
87
88ListEnd:
89 ret
90ListProc endp
91
92KMenuInc_End:
93
94.Data
95 Ypos dd 0 ; yposition of the fucking kewl lightbar
96 YSize dd 24 ; resolution = 80*30
97 FunctionCounter dd 0 ; numba of all imported functions
98;
99; Dialog Title Infos
100; Added by G-RoM
101;
102 DialogAPI db 0 ;
103 DialogTitle1 DB "API hooking Protection",0
104 DialogTitle2 DB "API breakpoint protection",0
105 DialogTable DD offset DialogTitle1
106 DD offset DialogTitle2
diff --git a/other/burneye/tmp/PE-Crypt-1.02/makefile b/other/burneye/tmp/PE-Crypt-1.02/makefile
new file mode 100644
index 0000000..85e182d
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/makefile
@@ -0,0 +1,30 @@
1# make -B Will build pe-crypt.exe
2# make -B -DDEBUG Will build the debug version of pe-crypt.exe
3
4NAME = PE-Crypt
5OBJS = $(NAME).obj
6DEF = $(NAME).def
7RES = $(NAME).res
8
9!if $d(DEBUG)
10TASMDEBUG=/zi
11LINKDEBUG=/v
12!else
13TASMDEBUG=
14LINKDEBUG=
15!endif
16
17!if $d(MAKEDIR)
18IMPORT=$(MAKEDIR)\..\lib\import32 aplib.lib
19!else
20IMPORT=import32
21!endif
22
23
24$(NAME).EXE: $(OBJS) $(DEF)
25 @tlink32 /V4.0 /Tpe /aa /c -x $(LINKDEBUG) $(OBJS),$(NAME),, $(IMPORT), $(DEF), $(RES)
26 @del $(OBJS)
27
28.asm.obj:
29 @tasm32 $(TASMDEBUG) /ml /m /kh10000 $&.asm
30# @brc32 -r $&.res
diff --git a/other/burneye/tmp/PE-Crypt-1.02/pe-crypt.asm b/other/burneye/tmp/PE-Crypt-1.02/pe-crypt.asm
new file mode 100644
index 0000000..314a46a
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/pe-crypt.asm
@@ -0,0 +1,317 @@
1 .486P
2 LOCALS
3 JUMPS
4 .Model Flat,StdCall
5 %nolist
6 %list
7
8UNICODE=0
9
10WriteConsole2 Macro oText
11 pusha
12 call TextBoxWrite, offset oText, 0
13 popa
14EndM
15
16F1CKEN Macro _Byte
17 Jmp $+3
18 db _Byte
19EndM
20
21F1CKEN2 Macro _Byte
22 jmp $+4
23 int 20h
24 jmp $+5
25 db _Byte
26 int 20h
27EndM
28
29F1CKEN3 Macro _Byte
30 call $+8
31 int 20h
32 db _Byte
33EndM
34
35F1CKEN4 Macro _Byte
36 push eax
37 call $+13
38 db _Byte
39 db 0FFh
40 pop eax
41 jmp $+26
42 F1CKEN 0Fh
43 F1CKEN2 _Byte
44 pop eax
45 inc eax
46 F1CKEN 8Bh
47 inc eax
48 jmp $+4
49 db 36h
50 db 83h
51 push eax
52 ret
53EndM
54
55F1CKEN5 Macro
56 test eax,eax
57 jnc $+4
58 db 0F7h
59 db 05h
60EndM
61
62
63CONFUSE Macro _Byte
64 jmp $+8
65 int 20h
66 db _Byte
67 db 00h
68 db 05h
69 db 00h
70 jmp $+6
71 int 20h
72 db 06h
73 db 00h
74 jmp $+6
75 int 20h
76 db 05h
77 db 00h
78EndM
79
80CONFUSE2 Macro _Byte
81 jmp $+6
82 jmp $+6
83 jmp $+12
84 jmp $-4
85 jmp $-4
86 int 20h
87 db _Byte
88 db 00H
89 db 05h
90 db 00h
91EndM
92
93SEH_TRICK1 Macro _Byte
94 CONFUSE 0EAh
95 mov edx,(offset $+30 - offset ToAdd)
96 CONFUSE 08Dh
97 add edx,ebx
98 dw 0FFFFh
99 db _Byte
100 mov ebp,ebx
101EndM
102
103CheckforHookedFunctions Macro
104 pushad
105 mov al,byte ptr [(offset Thunktable+4+3 - offset ToAdd)+ebx]
106 F1CKEN2 0EAh
107 cmp al,byte ptr [(offset Thunktable+4+4+3 - offset ToAdd)+ebx]
108 jnz DeCompressResources
109 mov al,byte ptr [(Thunktable - offset ToAdd)+3+ebx]
110 F1CKEN2 0EFh
111 cmp al,byte ptr [(offset Thunktable+4+4+3 - offset ToAdd)+ebx]
112 jnz DeCompressResources
113 mov edx,(offset ModuleDLL - offset ToAdd)
114 add edx,ebx
115 F1CKEN2 0FFh
116 push edx
117 call dword ptr [(offset Thunktable+4 - offset ToAdd)+ebx] ; call "GetmoduleHandle"
118 shr eax,32-8
119 cmp al,byte ptr [(Thunktable - offset ToAdd)+3+ebx]
120 F1CKEN2 0E9h
121 jnz DeCompressResources
122 cmp al,byte ptr [(offset Thunktable+4+4+3 - offset ToAdd)+ebx]
123 F1CKEN2 0C7h
124 jnz DeCompressResources
125 cmp al,byte ptr [(offset Thunktable+4+3 - offset ToAdd)+ebx]
126 F1CKEN2 0C8h
127 jnz DeCompressResources
128 popad
129EndM
130
131
132include w32.inc
133Include k-data.inc
134include r-data.inc
135Include r-loader.inc
136include k-engine.asm
137
138.Code
139
140PeCryptAsm_Start:
141
142;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
143; Fixed ;) Now it acts da right way and we have a REAL win95 task
144; means we have only one task even if several dilaog are active
145;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
146Main:
147 call FindWindow, offset szClassPE, offset DialogTitle
148 test eax, eax
149 jnz Already_Open
150
151 pusha
152 push 4
153 push 1000h
154 push (ToAdd_END - offset CRC_Block1)
155 push 0
156 call VirtualAlloc
157 mov dword ptr [MemStart6],eax
158
159 mov ecx,(ToAdd_END - offset CRC_Block1)
160 mov esi,offset CRC_Block1
161 mov edi,dword ptr [MemStart6]
162 rep movsb
163 popa
164
165 push offset SEH_Handler ; push the new SEH handler
166 push dword ptr fs:[0] ; push the previous one
167 mov dword ptr fs:[0],esp ; save the new handler (install it)
168
169
170 call GetModuleHandle, 0 ; get hmod (in eax)
171 mov hInst, eax ; hInstance is same as HMODULE in the Win32 world
172
173 call InitCommonControls
174
175; mov dword ptr muttafick, offset FakeProc
176; mov dword ptr lpszClassName, offset szClassKI
177; call RegisterClass, offset bla
178; call CreateWindowEx,0, offset szClassKI, offset szClassKI, 0, 0, 0, 0, 0, 0, 0, hInst, 0
179; mov dword ptr lpszClassName, offset szClassRA
180; call RegisterClass, offset bla
181; call CreateWindowEx,0, offset szClassRA, offset szClassRA, 0, 0, 0, 0, 0, 0, 0, hInst, 0
182; mov dword ptr lpszClassName, offset szClassPE
183; call RegisterClass, offset bla
184; call CreateWindowEx,0, offset szClassPE, offset szClassPE, 0, 0, 0, 0, 0, 0, 0, hInst, 0
185
186
187Splash:
188 call DialogBoxParamA, hInst , DLG_SPLASH, NULL , offset SplashProc, 0
189
190Splash_End:
191 call GetCommandLine
192; parse the command line - we want just the parameters
193 mov edi, eax
194; Resolution of "can't open file pb" Command fucked up ;)
195; Start of modification - G-RoM 08/07/98
196 mov COMMANDLINE, 0 ; Never forget it, NT dislike ;)
197 xor eax, eax
198 xor ecx, ecx
199 dec ecx
200 push edi
201 cld
202 repnz scasb
203 pop edi
204 not ecx
205 mov al,20h
206 repnz scasb
207 repz scasb
208 test ecx, ecx
209 jz EndCL
210 dec edi
211; End of modification - G-RoM 08/07/98
212EndGCL:
213 mov COMMANDLINE, 1
214 mov esi, edi
215 lea edi, FileName2
216 call lstrlen, esi
217 mov ecx, eax
218 repz movsb
219 lea esi, FileName2
220 lea edi, CryptFile
221 call lstrlen, esi
222 mov ecx, eax
223 repz movsb
224EndCL:
225
226; initialize the WndClass (Window Class) structure
227; Actually, we'll get the window class from a DIALOG resource (with CLASS directive)
228;int 3
229 mov wc.wc_cbSize, WNDCLASSEX_
230 mov wc.wc_style, CS_HREDRAW + CS_VREDRAW
231 mov wc.wc_lpfnWndProc, offset DlgProc
232 mov wc.wc_cbClsExtra, 0
233 mov wc.wc_cbWndExtra, DLGWINDOWEXTRA ; necessary to use a DialogBox as
234 ; an window class
235 mov eax, hInst
236 mov wc.wc_hInstance, eax
237
238; load main icon from resource
239 call LoadIcon, hInst, ICON_MAIN
240 mov wc.wc_hIcon, eax
241 mov wc.wc_hIconSm, eax
242; load a default cursor
243 call LoadCursor,NULL, IDC_ARROW
244 mov wc.wc_hCursor, eax
245
246 mov wc.wc_hbrBackground, COLOR_WINDOW
247 mov wc.wc_lpszMenuName, MENU_MENU
248 mov wc.wc_lpszClassName, offset szClassPE
249;int 3
250 call RegisterClassEx, offset wc
251
252; create main window
253 call CreateDialogParam, hInst, offset szClassPE, 0, NULL, 0
254 mov [hMain], eax ; We have now owner
255
256 call CreateToolbarEx, hMain, TBSTYLE_TOOLTIPS+WS_CHILD, 0, 8, hInst, 110, offset tdbutton, 8, 16, 16, 16, 16, 18
257 mov hToolBar, eax
258 call ShowWindow, eax, TRUE
259 call SendMessageA, hToolBar, TB_ENABLEBUTTON , ITEM_PROT, FALSE
260 call ListViewIni, hMain, 1015
261 call ListViewAddCol,60,offset SecName
262 call ListViewAddCol,75,offset SecVadd
263 call ListViewAddCol,85, offset SecVsize
264 call ListViewAddCol,75, offset SecRoff
265 call ListViewAddCol,85, offset SecRsize
266 call ListViewAddCol,90, offset SecRchar
267 call ListViewAddCol,60, offset SecRstate
268
269 call TextBoxIni, [hMain], CTL_EDBOX ; EditBox Identifier given to Routine
270 call GetDlgItem, [hMain], CTL_PROGBAR ; Handle for progressbar
271 mov hPrgrs, eax
272 cmp COMMANDLINE, 1
273 jnz msg_loop
274 mov COMMANDLINE2, 1
275 mov COMMANDLINE, 0
276msg_loop:
277 call GetMessage, offset msg, 0,0,0
278 cmp ax, 0
279 je end_loop
280 call IsDialogMessage, [hMain], offset msg ; put this if you want to let the
281 cmp eax, TRUE ; system handle TAB, ENTER, etc
282 jz msg_loop
283
284 call TranslateMessage, offset msg
285 call DispatchMessage, offset msg
286 jmp msg_loop
287
288end_loop:
289
290
291 Push 2
292 push (ToAdd_END - offset CRC_Block1)
293 Push DWord Ptr [MemStart6]
294 Call VirtualFree
295 or eax,eax
296 jne dealloc_error
297
298Already_Open:
299
300 call SetForegroundWindow, eax
301 call ExitProcess, msg.ms_wParam
302
303
304GeouttaHere:
305 Push LARGE-1
306 Call ExitProcess
307CryptIT:
308
309FakeProc proc uses ebx edi esi, hwnd:DWORD, wmsg:DWORD, wparam:DWORD, lparam:DWORD
310xor eax, eax
311ret
312FakeProc endp
313PeCryptAsm_End:
314
315Pecrypt_End:
316 include r-seh.inc
317End Main
diff --git a/other/burneye/tmp/PE-Crypt-1.02/pe-crypt.def b/other/burneye/tmp/PE-Crypt-1.02/pe-crypt.def
new file mode 100644
index 0000000..300851f
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/pe-crypt.def
@@ -0,0 +1,11 @@
1NAME PECRYPT
2
3DESCRIPTION 'PE-Crypt32'
4
5CODE PRELOAD MOVEABLE DISCARDABLE
6DATA PRELOAD MOVEABLE MULTIPLE
7
8EXETYPE WINDOWS
9
10HEAPSIZE 69000
11STACKSIZE 69000
diff --git a/other/burneye/tmp/PE-Crypt-1.02/pe-crypt.res b/other/burneye/tmp/PE-Crypt-1.02/pe-crypt.res
new file mode 100644
index 0000000..7fd4132
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/pe-crypt.res
Binary files differ
diff --git a/other/burneye/tmp/PE-Crypt-1.02/r-crc32.inc b/other/burneye/tmp/PE-Crypt-1.02/r-crc32.inc
new file mode 100644
index 0000000..5c10eef
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/r-crc32.inc
@@ -0,0 +1,24 @@
1;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
2; PECRYPT32 1.02 (c) in 1998 by random and acpizer
3;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
4;lame crc routine, written in a hurry coz a real crc32 is too slow to use it
5;in every fucking api ;)
6
7Calculate_CRC32:
8 shr ecx,2
9 push esi
10 push ecx
11 push edx
12
13Calculate_CRC32_2:
14 lodsd
15 add edx,eax
16 xor edx,ecx
17 dec ecx
18 jnz Calculate_CRC32_2
19 xchg eax,edx
20 pop edx
21 pop ecx
22 pop esi
23 ret
24
diff --git a/other/burneye/tmp/PE-Crypt-1.02/r-crypto.asm b/other/burneye/tmp/PE-Crypt-1.02/r-crypto.asm
new file mode 100644
index 0000000..aa61231
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/r-crypto.asm
@@ -0,0 +1,2849 @@
1;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
2; PECRYPT32 1.02 (c) in 1998 by random and killa
3;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
4;
5;changes since final release of 1.02 :
6; - added the new version of the apack library.
7;
8;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
9
10Cryptor_Start:
11
12 mov edi,offset IconPointers ; points to the data stuff
13 mov dword ptr [IconPointi],edi
14 mov ecx,500
15 xor eax,eax
16 rep stosd
17
18 mov word ptr [OBJnumber],0
19 mov byte ptr [DontStore],1
20 mov dword ptr [KILLASTINKT],ebp
21 mov dword ptr [MONGOKILLA],esp
22
23 mov al,byte ptr [KILLH]
24 mov byte ptr [KILLHEAD],al
25 mov al,byte ptr [HOOKFUNC]
26 mov byte ptr [LOADEROPT],al
27
28 mov al,byte ptr [ANTIBPX]
29 mov byte ptr [ANTIBPXBPM],al
30
31 mov al,byte ptr [IMPORTD]
32 mov byte ptr [IMP_DESTROY],al
33 mov byte ptr [I_MERGING],al
34
35 mov al,byte ptr [ANTILOADER]
36 mov byte ptr [ALOADER],al
37
38 call Randomize
39 mov dword ptr [Impenc],eax ; random value for the new separate import encryption
40 mov dword ptr [IMPENC2],eax ; save it again
41 call Randomize
42 mov dword ptr [Impenc3],eax ; random value for the new separate import encryption
43 mov dword ptr [IMPENC4],eax ; save it again
44 call Randomize
45 mov dword ptr [Patch_Crc1+1],eax ; patch another random value into the code
46 call Randomize
47 mov dword ptr [CRC32VALUE1],eax ; save the first CRC32 Value
48 call Randomize
49 mov dword ptr [CRC32VALUE2],eax ; save the second CRC32 Value
50 call Randomize ; great random function,yeahh
51 mov dword ptr [ENCRYPTV1],eax ; random value for an encryption routine
52 call Randomize ; great random function,yeahh
53 mov dword ptr [ENCRYPTV2],eax ; random value for an encryption routine
54
55 mov al,byte ptr [ANTID] ; get the antidebugging option
56 mov byte ptr [AMETHOD],al ; save it as internal decrypter variable
57
58 mov al,byte ptr [VHEURISTIC] ; get the heuristic option
59 mov byte ptr [HEURISTIC],al ; set the internal flag
60
61 mov al,byte ptr [CRCM] ; get the crc option
62 mov byte ptr [CRCERROR],al ; set the internal flag
63
64
65; int 3
66; mov esi,offset PEText
67; mov ecx,(ToAdd_END - offset PEText)
68; shr ecx,2
69; xor eax,eax
70;EncryptStuff:
71; xor eax,[esi]
72; not eax
73; xor eax,ecx
74; add esi,4
75; dec ecx
76; jnz EncryptStuff
77;
78
79 xor eax,eax
80 push eax
81 push eax
82 push 3
83 push eax
84 push eax
85 push 80000000h+40000000h
86 push offset CryptFile
87 call CreateFileA ; Open file with read&write access
88 cmp eax,-1
89 jnz FileFound
90
91FilenotFound:
92 WriteConsole2 <offset Error1>
93 jmp End_OF_Crypt_Routine
94
95FileFound:
96 mov dword ptr [Fhandle],eax
97
98 push 4
99 push 1000h
100 cmp byte ptr [PEText+88h],"r" ; tag verification
101 jz TagNotChanged
102 push 200h
103 jmp TagChanged
104TagNotChanged:
105 push 10000 ; nacher wieder aendern ;))
106TagChanged:
107 push 0
108 call VirtualAlloc
109 mov dword ptr [LayerBuffer],eax
110 or eax,eax
111 jnz NoAllocError
112AllocError1:
113 WriteConsole2 <offset a_error>
114 jmp End_OF_Crypt_Routine
115
116NoAllocError:
117
118 push offset HighOrderF
119 push dword ptr [Fhandle]
120 call GetFileSize
121 add eax,100000
122 mov dword ptr [FileSize],eax ; save the filesize
123 mov dword ptr [FileSize2],eax ; save the filesize
124
125 push 4
126 push 1000h
127 push 100000
128 push 0
129 call VirtualAlloc
130 mov dword ptr [MemStart5],eax
131 or eax,eax
132 jz AllocError1
133
134 push 4
135 push 1000h
136 push dword ptr [FileSize]
137 push 0
138 call VirtualAlloc
139 mov dword ptr [MemStart4],eax
140 or eax,eax
141 jz AllocError1
142
143 pusha
144 push 4
145 push 1000h
146 push (ToAdd_END - offset CRC_Block1)
147 push 0
148 call VirtualAlloc
149 mov dword ptr [MemStart7],eax
150 or eax,eax
151 jz AllocError1
152
153 mov ecx,(ToAdd_END - offset CRC_Block1)
154 mov esi,offset CRC_Block1
155 mov edi,dword ptr [MemStart7]
156 rep movsb
157 popa
158
159
160 push 4
161 push 1000h
162 push 1000000
163 push 0
164 call VirtualAlloc
165 mov dword ptr [TextBuffer],eax
166 or eax,eax
167 jz AllocError1
168
169 push 4
170 push 1000h
171 push 1000000
172 push 0
173 call VirtualAlloc
174 mov dword ptr [IconBuffer],eax
175 or eax,eax
176 jz AllocError1
177
178 WriteConsole2 <offset MemAllocated>
179
180 mov edx,offset DosHeader
181 mov ecx,80
182 call ReadFromFile
183
184 WriteConsole2 <offset String1>
185
186 mov eax,[FileSize]
187 mov edx,dword ptr [DosHeader+3Ch]
188 cmp edx,eax
189 jl NoFileCorruptError
190 WriteConsole2 <offset Baukasten35>
191 Call Memory_DeAlloc
192 jmp End_OF_Crypt_Routine
193
194NoFileCorruptError:
195 call SeekFile
196
197 mov al,byte ptr [ARTOFRELOC]
198 mov byte ptr [ARTOFRELOC1],al
199 mov al,byte ptr [RESOURCECOMP]
200 mov byte ptr [RCOMP],al
201
202 mov edx,offset PEHeader
203 mov ecx,4000
204 call ReadFromFile
205
206 cmp word ptr [PEHeader],"EP"
207 jz PeFile
208No_PE_File:
209 mov byte ptr [NoWayassi],1
210 WriteConsole2 <offset NotPE>
211 Call Memory_DeAlloc
212 jmp End_OF_Crypt_Routine
213
214PeFile:
215
216 xor edx,edx
217 call SeekFile
218 mov edx,offset DosHeader
219 movzx eax,word ptr [DosHeader+2]
220 movzx ecx,word ptr [DosHeader+4]
221 shl ecx,9
222 add ecx,eax
223 call ReadFromFile
224
225 mov edx,dword ptr [PEHeader+80] ; get the imagebase
226 add edx,10000
227 mov dword ptr [Phillipsuckt],edx
228
229 push 4
230 push 1000h
231 push dword ptr [Phillipsuckt]
232 push 0
233 call VirtualAlloc
234 add eax,10000
235 mov dword ptr [MemStart],eax
236 or eax,eax
237 jz AllocError1
238
239; cmp byte ptr [BACKUPMODE],0 ; are we allowed to generate a backup?
240; jz DontCreateBackup ; if no, then don't generate one
241 mov esi,offset CryptFile
242 mov edi,offset BackupFile
243 mov ecx,128
244Generate_Backup_File:
245 lodsb
246 cmp al,"."
247 jz EndofFileName
248 stosb
249 dec ecx
250 jnz Generate_Backup_File
251
252EndofFileName:
253 stosb
254 mov al,"s"
255 stosb
256 mov ax,"va"
257 stosw
258 xor al,al
259 stosb
260
261 push 4
262 push 1000h
263 push dword ptr [FileSize]
264 push 0
265 call VirtualAlloc
266 or eax,eax
267 jz AllocError1
268 mov dword ptr [RVA_NEW],eax ; another memory buffer
269
270 mov byte ptr [Dealloc],1
271
272 xor edx,edx ; seek to the start of the file
273 call SeekFile
274 mov edx,dword ptr [RVA_NEW] ; points to the reserved memory
275 mov ecx,dword ptr [FileSize] ; get the filesize
276 sub ecx,100000 ; subtract the fake crap
277 call ReadFromFile ; read the whole file into memory
278
279 push 0
280 push 80h
281 push 02
282 push 0
283 push 03
284 push 80000000h+40000000h
285 push offset BackupFile
286 call CreateFileA
287 cmp eax,-1
288 jnz BackupGenerated
289 WriteConsole2 <offset Baukasten34>
290 Call Memory_DeAlloc
291 jmp End_OF_Crypt_Routine
292
293BackupGenerated:
294 mov dword ptr [Fhandle2],eax
295 mov edx,dword ptr [RVA_NEW] ; points to the reserved memory
296 mov ecx,dword ptr [FileSize] ; get the filesize
297 sub ecx,100000 ; subtract the fake crap
298 push 0
299 push offset Howmuch
300 push ecx
301 push edx
302 push eax
303 call WriteFile
304 push dword ptr [Fhandle2]
305
306 Push 2
307 push dword ptr [FileSize] ; push the filesize (amount of allocated mem)
308 Push DWord Ptr [RVA_NEW] ; push the linear offset
309 Call VirtualFree ; free it
310 or eax,eax ; check for error
311 jnz dealloc_error ; jump on error
312
313 mov byte ptr [Dealloc],0
314
315 call CloseHandle
316 WriteConsole2 <offset String0>
317
318DontCreateBackup:
319
320
321 pushad
322 mov esi,offset PEHeader+248 ; pointer to the first obj
323 movzx ecx,word ptr [PEHeader+6] ; get the number of objects
324
325ParseAllVSizes:
326 cmp dword ptr [esi+8],0
327 jnz VirtualSizeOkay
328 mov edx,[esi+12]
329 mov eax,[esi+52]
330 sub eax,edx
331 jmp NewCalculated
332VirtualSizeOkay:
333 mov eax,[esi+8]
334 jmp NotTheLastObject
335NewCalculated:
336 mov [esi+8],eax
337 cmp ecx,1
338 jnz NotTheLastObject
339 mov eax,dword ptr [PEHeader+80]
340 sub eax,[esi+12]
341 mov [esi+8],eax
342NotTheLastObject:
343 movzx edi,word ptr [OBJnumber]
344 shl edi,2
345 add edi,offset VSizeTable
346 stosd
347 add esi,40
348 inc word ptr [OBJnumber]
349 dec ecx
350 jnz ParseAllVSizes
351 popad
352
353 mov eax,40
354 movsx ecx,word ptr [PEHeader+6] ; objcounter * objsize = lastobj
355 mul ecx
356 add eax,208
357 mov dword ptr [LOBJ],eax ; precalculate for the virus check ;)
358 add eax,offset PEHeader ;+208
359 mov esi,eax
360
361 mov edi,offset LastOBJ
362 mov ecx,40
363 rep movsb
364
365 push offset HighOrderF
366 push dword ptr [Fhandle]
367 call GetFileSize
368
369 mov ebx,dword ptr [LastOBJ+16]
370 add ebx,dword ptr [LastOBJ+20]
371
372 cmp ebx,eax
373 ja NoFuckingOverlay
374
375 cmp ebx,eax
376 jz NoFuckingOverlay
377 sub eax,ebx
378 mov dword ptr [OverlaySize],eax ; save the overlay size
379 mov byte ptr [OverLay],1
380
381 push 4
382 push 1000h
383 push eax
384 push 0
385 call VirtualAlloc
386 mov dword ptr [MemStart8],eax
387 or eax,eax
388 jz AllocError1
389
390 mov edx,dword ptr [LastOBJ+16] ; get the physical size
391 add edx,dword ptr [LastOBJ+20] ; get the physical offset
392 call SeekFile
393 mov ecx,dword ptr [OverlaySize]
394 mov edx,dword ptr [MemStart8]
395 call ReadFromFile
396
397NoFuckingOverlay:
398
399
400 mov ecx,dword ptr [PEHeader+84] ; get the size of the headers
401; sub ecx,dword ptr [DosHeader+3Ch] ; subtract the dos header
402 mov edi,ecx ; points now to the end of the header file
403 mov ebx,4000
404 cmp edi,ebx
405 ja NotNeeded
406 sub ebx,edi
407 add edi,offset PEHeader ; points to the peheader in memory
408 mov ecx,ebx
409 xor al,al
410 rep stosb
411
412NotNeeded:
413 movzx eax,byte ptr [PEHeader+6] ; amount of object in this file
414 mov ecx,40 ; 40 bytes = size of every object in the header
415 mul ecx
416 add eax,208 ; add the start of the first obj
417 add eax,80 ; add the size of 2 objects needed for pecrypt32
418
419 mov ebx,dword ptr [PEHeader+84] ; get the peheader size
420 mov dword ptr [OldHSize],ebx ; save the old size of the PE Header & Dos header
421 sub ebx,dword ptr [DosHeader+3Ch] ; subtract the dos header size to get the PE header size
422
423 cmp ebx,eax ; compare them both
424 jae SpaceInTheHeader ; is there any space in the header?
425AlignHeaderAgain:
426 mov ebx,dword ptr [PEHeader+84] ; get the peheader size
427 add ebx,dword ptr [PEHeader+60] ; add the file alignment value
428 mov dword ptr [PEHeader+84],ebx ; write the new header value
429 sub ebx,dword ptr [DosHeader+3Ch] ; subtract the PE header start
430 cmp ebx,eax ; still not enough space?
431 jl AlignHeaderAgain ; if yes then align again till there is enough room
432 mov byte ptr [NewAlign],1
433
434SpaceInTheHeader:
435
436 mov al,byte ptr [RELOCCOMP] ; get the relocation compression value
437 mov byte ptr [RELOCCOMPP],al ; set the internal crypter flag
438
439 cmp dword ptr [PEHeader+128],0 ; check if there are any imports
440 jz NoImportsForSure ; if not, don't execute this funny routine
441
442 mov dword ptr [EsiBuffer],esi
443 Push 2
444 push dword ptr [FileSize] ; push the filesize (amount of allocated mem)
445 Push DWord Ptr [MemStart4] ; push the linear offset
446 Call VirtualFree ; free it
447 or eax,eax ; check for error
448 jnz dealloc_error ; jump on error
449
450 push 4
451 push 1000h ; alignment 4096 bytes
452 push dword ptr [PEHeader + 80] ; allocate memory for the file
453 push 0
454 call VirtualAlloc ; allocate it
455 or eax,eax ; any error?
456 jz AllocError1 ; if yes, go to the error handler
457 mov dword ptr [MemStart4],eax ; new memstart4 linear offset
458
459 mov esi,offset PEHeader+248 ; points to the first PE object
460 movzx ecx,word ptr [PEHeader+6] ; get the amount of objects in this file
461
462Load_PE_Object:
463 pusha
464
465 pusha
466 mov eax,dword ptr [PEHeader+128] ; get the import section rva
467 mov edx,[esi+12] ; get the RVA
468 cmp eax,edx ; compare import rva with current section rva
469 jl NoImportSection ; import rva smaller than the current section rva? if they then skip
470 add edx,[esi+16] ; add the physical size
471 cmp eax,edx ; compare them again
472 jae NoImportSection ; jump if bigger (no import section in this object)
473 mov dword ptr [ImpCounti],ecx ; save the current import section
474NoImportSection:
475 popa
476
477 mov edx,[esi + 20] ; get the physical offset
478 or edx,edx ; physical offset == 0?
479 jz DontRead ; if yes, then don't read
480 call SeekFile ; seek to the physical offset
481 mov edx,[esi+12] ; get the RVA
482
483 add edx,dword ptr [MemStart4] ; add the Memory Start
484 mov ecx,[esi+16] ; add the physical size
485 or ecx,ecx ; physical size == 0?
486 jz DontRead ; if yes then don't read
487 call ReadFromFile ; read from file
488
489DontRead:
490 popa
491 add esi,40 ; go to the next object
492 dec ecx
493 jnz Load_PE_Object
494
495 push dword ptr [Fhandle]
496 call CloseHandle
497
498 push 0
499 push 80h
500 push 02
501 push 0
502 push 03
503 push 80000000h+40000000h
504 push offset CryptFile
505 call CreateFileA
506 mov dword ptr [Fhandle],eax
507
508 mov eax,dword ptr [TextBuffer]
509 mov dword ptr [BufferPos],eax ; save the position of the textbuffer
510
511 mov esi,dword ptr [MemStart4]
512 add esi,dword ptr [PEHeader+128] ; add the import rva
513NextMainImport_2:
514 mov dword ptr [SAVEDLLRVA],190331
515
516 push esi
517 cmp dword ptr [esi+16],0 ; check for end of the imports
518 jz FinishedWithImports_2 ; if end, jump
519
520 cmp dword ptr [esi],0 ; check for the 2nd import crap
521 jnz FirstImportStandart_2 ; if not then jump
522 mov edx,dword ptr [esi+12] ; get the pointer to the dll name
523 add edx,dword ptr [MemStart4] ; add the start of the import section
524 mov esi,dword ptr [esi+16] ; get the thunk table offset
525 add esi,dword ptr [MemStart4] ; add the start of the import section
526 mov edi,esi ; edi = esi = thunktable
527 jmp SecondImportStandart_2
528
529FirstImportStandart_2:
530 mov edi,dword ptr [esi+16]
531 add edi,dword ptr [MemStart4] ; add the memory start
532 mov edx,dword ptr [esi+12]
533 add edx,dword ptr [MemStart4] ; add the memorystart
534
535 mov esi,dword ptr [esi]
536 mov dword ptr [SAVEDLLRVA],esi ; save the dll rva
537 add esi,dword ptr [MemStart4] ; add the fucking kewl memory start
538
539SecondImportStandart_2:
540ParseNextImport_2:
541 lodsd
542 or eax,eax
543 jz MainImportFinished_2
544
545 pusha
546 mov edi,esi
547 mov ecx,(offset MutateHookedApi - offset ContinueRelocationCompression) / 4
548 mov esi,offset ContinueRelocationCompression
549 mov edx,dword ptr [Impenc]
550Generate_Lame_Checksum:
551 lodsd
552 xor eax,ecx
553 add edx,eax
554 not edx
555 rol edx,cl
556 dec ecx
557 jnz Generate_Lame_Checksum
558 mov dword ptr [Impenc],edx
559 xor dword ptr [edi-4],edx
560 popa
561
562 test eax,80000000h
563 jz Pointer2NameDir_2
564
565 push esi
566 push edx
567 push ecx
568 and eax,0FFFFh ; only 16bit are needed
569 mov esi,offset OrdinalNumba+4
570 call Hex2DecimalString ; converts the ordinal numbaa
571
572 mov ecx,2
573 mov eax,offset OrdinalNumba
574Besuch:
575 cmp byte ptr [eax],20h
576 jnz Besuch2
577 inc eax
578 dec ecx
579 jnz Besuch
580Besuch2:
581 pop ecx
582 pop edx
583 pop esi
584 jmp OrdinalImport_2
585
586Pointer2NameDir_2:
587 add eax,dword ptr [MemStart4] ; add the memory start
588 inc eax
589 inc eax
590
591OrdinalImport_2:
592 pusha
593
594 push eax
595 mov esi,edx
596 mov edi,dword ptr [BufferPos] ; get the buffer offset
597CopyText2:
598 lodsb
599 or al,al
600 jz DllnameEnd
601 stosb
602 dec ecx
603 jnz CopyText2
604DllnameEnd:
605 mov al,":" ; looks like DLLNAME:FUNCTIONNAME ;)
606 stosb
607 pop eax
608 mov ecx,20
609 mov esi,eax
610CopyText:
611 lodsb
612 or al,al
613 jz FunctionNameEnd ; every rocking function is null terminated
614 stosb
615 dec ecx
616 jnz CopyText
617FunctionNameEnd:
618
619 pusha
620 mov eax,edi
621 sub eax,dword ptr [BufferPos]
622 mov ecx,56
623 sub ecx,eax
624 mov al,20h
625 rep stosb
626 xor al,al
627 stosb
628 stosb
629 mov dword ptr [BufferPos],edi ; save the new position
630 popa
631 popa
632jmp ParseNextImport_2
633MainImportFinished_2:
634 pop esi
635
636 push eax
637 push esi
638 push edi
639
640 mov edi,edx ; pointer to the dll name
641 mov esi,edx ; another pointer to the dll name
642 mov ecx,40
643EncryptDllName:
644 lodsb
645 or al,al
646 jz DllNameFinished
647
648 push esi
649 push ecx
650 push edi
651 push eax
652 mov ecx,(offset MutateHookedApi - offset ContinueRelocationCompression) / 4
653 mov esi,offset ContinueRelocationCompression
654 mov edx,dword ptr [Impenc3]
655Generate_Lame_Checksum_1:
656 lodsd
657 xor eax,ecx
658 add edx,eax
659 not edx
660 rol edx,cl
661 dec ecx
662 jnz Generate_Lame_Checksum_1
663 mov dword ptr [Impenc3],edx
664 pop eax
665 pop edi
666 pop ecx
667 pop esi
668 xor al,dl
669 stosb
670 dec ecx
671 jnz EncryptDllName
672
673DllNameFinished:
674 pop edi
675 pop esi
676 pop eax
677
678 add esi,20
679CompareAgain:
680 mov eax,dword ptr [SAVEDLLRVA] ; get the last pointer to the named table
681 cmp eax,[esi] ; compare it with the current one
682 jnz NextMainImport_2_2_2 ; difference? then everything is okay
683 add esi,20 ; add 20 bytes to get to the next entry
684 Jmp CompareAgain ; compare again
685
686NextMainImport_2_2_2:
687 pusha
688 mov eax,40
689 sub eax,ecx
690 mov edi,offset DLLNAMESL
691 movzx ebx,byte ptr [NAMECOUNTI]
692 add edi,ebx
693 stosb
694 popa
695 inc byte ptr [NAMECOUNTI]
696 jmp NextMainImport_2
697
698FinishedWithImports_2:
699 mov byte ptr [NAMECOUNTI],0
700 pop esi
701
702 mov edx,dword ptr [MemStart4] ; get the PE file base address (imagebase)
703 add edx,dword ptr [PEHeader+40] ; add the rva
704 cmp dword ptr [edx+0Bh],"!DNR" ; check for the pecrypt32 signature
705 jnz NotPecrypted
706
707 cmp byte ptr [IMPORTD],1
708 jnz DisableAPIHooking
709
710 push 30h
711 push offset Baukasten36
712 push offset Baukasten38
713 push 0
714 call MessageBoxA
715 mov byte ptr [IMP_DESTROY],0
716 mov byte ptr [I_MERGING],0
717 mov byte ptr [IMPORTD],0
718
719 cmp byte ptr [HOOKFUNC],0 ; is the api hooking enabled?
720 jz NotPecrypted ; if yes check for pecrypt32 'protected' filez
721 jmp NotPecrypted
722
723DisableAPIHooking:
724 cmp byte ptr [HOOKFUNC],0 ; is the api hooking enabled?
725 jz NotPecrypted ; if yes check for pecrypt32 'protected' filez
726 push 30h
727 push offset Baukasten36
728 push offset Baukasten362
729 push 0
730 call MessageBoxA
731 mov byte ptr [HOOKFUNC],0 ; disable the api hooking
732 mov byte ptr [LOADEROPT],0 ; disable that crap, LALALA
733
734NotPecrypted:
735 xor edx,edx
736 call SeekFile
737 mov edx,offset DosHeader
738 movzx eax,word ptr [DosHeader+2]
739 movzx ecx,word ptr [DosHeader+4]
740 shl ecx,9
741 add ecx,eax
742 call WritetoFile
743
744 cmp byte ptr [NewAlign],1 ; do we need to align the complete file?
745 jnz NoNewAlign_Needed ; NAH? k, the pass that crap :)
746 mov edx,dword ptr [DosHeader+3Ch] ; seek to the peheader start
747 call SeekFile ; the PEFile (header start)
748 mov edx,offset PEHeader ; point to the header buffer
749 mov ecx,dword ptr [PEHeader+84] ; get the whole header size (dos&peheader together)
750 sub ecx,dword ptr [DosHeader+3Ch] ; subtract the pe header start
751 call WritetoFile ; write the header
752 mov ebx,dword ptr [PEHeader+84] ; get the new header size
753 sub ebx,dword ptr [OldHSize] ; subtract the old one to get the difference for alignment
754 mov dword ptr [OldHSize],ebx ; save the difference
755
756NoNewAlign_Needed:
757
758 mov esi,offset PEHeader+248 ; points to the first PE object
759 movzx ecx,word ptr [PEHeader+6] ; get the amount of objects in this file
760
761Resave_PE_FILE:
762 pusha
763
764 mov edx,[esi+12] ; get the section rva
765 cmp byte ptr [I_MERGING],0
766 jz NoImport_Merging
767 cmp dword ptr [esi+16],0
768 jnz ImportMergingPossible
769 mov byte ptr [I_MERGING],0
770 push 30h
771 push offset Baukasten36
772 push offset Baukasten372
773 push 0
774 call MessageBoxA
775 jmp NoImport_Merging
776ImportMergingPossible:
777 cmp edx,dword ptr [PEHeader+128] ; compare it with the import rva
778 jnz NoImport_Merging ; different? then no import merging
779 pusha
780
781 push ecx
782 mov edx,[esi-40 + 20] ; get the physical offset of the last section
783 call SeekFile ; seek to the physical offset
784 pop ecx
785
786 pusha
787 mov eax,[esi+12]
788 mov edx,[esi-40+8]
789 add edx,[esi-40+12]
790 mov dword ptr [BUFFIRVA],edx
791 sub eax,edx
792 mov dword ptr [BUFFISIZE],eax
793 popa
794
795 mov eax,[esi+8] ; get the virtual size of the current object
796 add eax,[esi+12] ; add the rva
797 sub eax,[esi-40+12] ; subtract the rva of the last section
798 mov ecx,dword ptr [PEHeader+56] ; use the section aligment for the rva
799 xor edx,edx ; calculation
800 div ecx
801 or edx,edx
802 jz NoPhysicalSize_Rest_Value
803 inc eax
804NoPhysicalSize_Rest_Value:
805 mul ecx
806 mov [esi-40+16],eax ; write the new physical size :]
807 mov [esi-40+8],eax ; write the new physical size :]
808
809 mov edx,[esi - 40 +12] ; get the RVA
810 add edx,dword ptr [MemStart4] ; add the Memory Start
811 mov ecx,eax ; get the virtual size (= physical size)
812 call WritetoFile ; write the whole object!
813
814 mov edi,[esi+40 + 20]
815 mov edx,[esi-40 + 20] ; get the physical offset of the last section
816 add edx,[esi-40 + 16] ; add the physical size
817 sub edx,edi
818 mov dword ptr [SaveTmp],edx ; save the reminder
819
820 mov word ptr [OBJnumber],0
821 mov esi,offset PEHeader+248 ; pointer to the first obj
822 movzx ecx,word ptr [PEHeader+6] ; get the number of objects
823 dec ecx
824
825ParseAll_VSizes:
826 cmp dword ptr [esi+8],0
827 jnz Virtual_SizeOkay
828 mov edx,[esi+12]
829 mov eax,[esi+52]
830 sub eax,edx
831 jmp New_Calculated
832Virtual_SizeOkay:
833 mov eax,[esi+8]
834 jmp Not_TheLastObject
835New_Calculated:
836 mov [esi+8],eax
837 cmp ecx,1
838 jnz Not_TheLastObject
839 mov eax,dword ptr [PEHeader+80]
840 sub eax,[esi+12]
841 mov [esi+8],eax
842Not_TheLastObject:
843 movzx edi,word ptr [OBJnumber]
844 shl edi,2
845 add edi,offset VSizeTable
846 stosd
847 add esi,40
848 inc word ptr [OBJnumber]
849 dec ecx
850 jnz ParseAll_VSizes
851
852 mov esi,offset PEHeader+248 ; points to the first PE object
853 movzx ecx,word ptr [PEHeader+6] ; get the amount of objects in this file
854 mov edi,esi
855ParsePEheader:
856 mov edx,[esi+12] ; get the section rva
857 cmp edx,dword ptr [PEHeader+128] ; compare it with the import rva
858 jnz Dont_Erase_Object ; don't erase that one if thats not the import object
859 add esi,40
860 dec word ptr [PEHeader+6]
861 jmp DontCopyThisTime
862
863Dont_Erase_Object:
864 push ecx
865 mov ecx,40
866 rep movsb
867 pop ecx
868DontCopyThisTime:
869 dec ecx
870 jnz ParsePEheader
871 mov ecx,40
872 xor al,al
873 rep stosb
874 popa
875 popa
876 jmp Merging_finished
877
878NoImport_Merging:
879 mov edx,[esi + 20] ; get the physical offset
880 or edx,edx ; physical offset == 0?
881 jz DontRead_2 ; if yes, then don't write
882 cmp byte ptr [NewAlign],1
883 jnz DontAlignThatStuff
884 add edx,dword ptr [OldHSize] ; add the difference
885 mov [esi + 20],edx ; resave the physical offset
886DontAlignThatStuff:
887 mov edx,[esi+20] ; get it
888 add edx,dword ptr [SaveTmp] ; add the reminder
889 mov [esi+20],edx ; resave it
890 call SeekFile ; seek to the physical offset
891 mov edx,[esi+12] ; get the RVA
892 add edx,dword ptr [MemStart4] ; add the Memory Start
893 mov ecx,[esi+16] ; add the physical size
894 or ecx,ecx ; physical size == 0?
895 jz DontRead_2 ; if yes then don't write
896 call WritetoFile ; write the whole object!
897DontRead_2:
898 popa
899 add esi,40 ; go to the next object
900Merging_finished:
901 dec ecx
902 jnz Resave_PE_FILE
903
904 mov edx,dword ptr [DosHeader+3Ch] ; seek to the peheader start
905 call SeekFile ; the PEFile (header start)
906 mov edx,offset PEHeader ; point to the header buffer
907 mov ecx,dword ptr [PEHeader+84] ; get the whole header size (dos&peheader together)
908 sub ecx,dword ptr [DosHeader+3Ch] ; subtract the dos header size to get the PE header sizeeee
909 call WritetoFile ; write the header
910NoNewAlign_Needed_2:
911
912 Push 2
913 push dword ptr [PEHeader+80] ; push the filesize (amount of allocated mem)
914 Push DWord Ptr [MemStart4] ; push the linear offset
915 Call VirtualFree ; free it
916 or eax,eax ; check for error
917 jnz dealloc_error ; jump on error
918
919 push 4
920 push 1000h
921 push dword ptr [FileSize2]
922 push 0
923 call VirtualAlloc
924 mov dword ptr [MemStart4],eax
925 or eax,eax
926 jz AllocError1
927 mov esi,dword ptr [EsiBuffer] ; restore esi
928
929NoImportsForSure:
930 movzx esi,word ptr [PEHeader+20]
931 add esi,offset PEHeader+18h
932 mov edi,offset CODEOBJ
933 mov ecx,40
934 rep movsb
935
936 mov ax,word ptr [PEHeader+16h] ; get the file characteristics
937 test ax,2000h
938 jz NoDllFile
939 mov byte ptr [EXEFLAGS],1 ; mark this file as a DLL!
940
941NoDllFile:
942 mov eax,dword ptr [PEHeader+40] ; get the rva
943 mov dword ptr [RIGHTONE],eax ; save it
944
945 mov eax,dword ptr [CODEOBJ+12] ; get the code rva
946 mov dword ptr [CODEBASE],eax ; save it
947
948 mov eax,dword ptr [CODEOBJ+16] ; get the physical size
949 mov dword ptr [CODESIZE],eax ; save it for later use in the loader
950
951 mov eax,40
952 movsx ecx,word ptr [PEHeader+6] ; objcounter * objsize = lastobj
953 mul ecx
954 add eax,208
955 mov dword ptr [LOBJ],eax ; precalculate for the virus check ;)
956 add eax,offset PEHeader ;+208
957 mov esi,eax
958
959 mov eax,[esi+8] ; get the virtual size of the last obj
960 mov dword ptr [LSIZE],eax ; save it for the heuristic virus check
961
962 mov dword ptr [NewOBJPos],esi ; save the position of the last obj
963 add dword ptr [NewOBJPos],40 ; pointer to the new obj
964
965 push esi
966 mov edi,offset DData
967 mov ecx,6
968 rep cmpsb
969 pop esi
970 jnz NotDInfo
971 sub [NewOBJPos],40
972 mov byte ptr [CUTDINFO],1
973 sub esi,40
974 dec word ptr [PEHeader+6]
975
976NotDInfo:
977 push esi
978 mov edi,offset LastOBJ
979 mov ecx,40
980 rep movsb
981 pop esi
982fickenlan:
983 mov byte ptr [AddNew],1
984 mov byte ptr [RESEND],1
985
986 push eax
987 mov eax,dword ptr [esi+12]
988 mov dword ptr [OFSVALUE],eax
989 mov eax,dword ptr [esi+8]
990 mov dword ptr [OFSVSIZE],eax
991 pop eax
992
993 mov eax,dword ptr [LastOBJ+12]
994 add eax,dword ptr [LastOBJ+16]
995
996 mov ecx,dword ptr [PEHeader+40]
997 mov dword ptr [RVA],eax
998 mov dword ptr [PEHeader+40],eax
999
1000 mov eax,dword ptr [LastOBJ+16]
1001 add eax,dword ptr [LastOBJ+20]
1002 mov dword ptr [PhysicalO],eax
1003
1004 mov esi,offset PEHeader+248
1005 mov edi,offset OBJTABLE
1006 mov dword ptr [TempVar],edi
1007 mov word ptr [OBJnumber],0
1008
1009Parseobj:
1010 mov dword ptr [NewPhysS],0 ; set to zero
1011
1012 cmp byte ptr [KILLH],0 ; killheader option enabled?
1013 jz NoNeedtoKillTheHeader
1014 pusha
1015 mov edi,esi
1016 mov esi,offset NewOBJ
1017 mov ecx,8
1018 rep movsb
1019 popa
1020NoNeedtoKillTheHeader:
1021 mov eax,[esi+12] ; get the current rva
1022 mov dword ptr [CurrentRVA],eax
1023
1024 mov eax,[esi+8] ; get the current virtualsize
1025 mov dword ptr [CurrentVSIZE],eax
1026
1027 mov eax,[esi+36] ; get the flags of this object
1028 mov dword ptr [CurrentFLAGS],eax
1029
1030 mov eax,[esi+16] ; save old physicalsize
1031 mov dword ptr [CurrentPhysS],eax
1032
1033 call DisplayCounter ; displays the obj number and some other crap
1034
1035 mov eax,[esi+36] ; get the objflags
1036 or eax,80000000h
1037 mov [esi+36],eax
1038
1039Cryptyes:
1040 mov edx,dword ptr [esi+20]
1041 mov dword ptr [SavePosition],edx
1042 sub edx,dword ptr [Csize]
1043 mov dword ptr [esi+20],edx
1044 mov dword ptr [LastOBJPos],esi
1045
1046 push eax
1047
1048 push eax
1049 mov eax,dword ptr [PEHeader+136] ; check if this obj is the resource obj
1050 cmp eax,dword ptr [esi+12]
1051 pop eax
1052 jz EncryptResources ; if yes encrypt resources
1053
1054 mov eax,dword ptr [PEHeader+160] ; get relocation rva
1055 mov ebx,dword ptr [esi+12] ; get the section rva
1056 cmp eax,ebx
1057 jl NoRelocationsFor_Sure
1058 add ebx,[esi+8] ; get the section vsize
1059 cmp eax,ebx
1060 jl CheckForRelocations
1061NoRelocationsFor_Sure:
1062
1063 movzx eax,word ptr [OBJnumber] ; get the current obj number
1064 add eax,offset SectionStates ; add the lame section state buffer
1065 cmp byte ptr [eax],0
1066 jz MoveObject
1067
1068 cmp byte ptr [eax],0
1069 jnz Compressit
1070
1071MoveObject:
1072 cmp dword ptr [esi+20],0 ; is the physical offset = 0
1073 jz ObjectGotIgnored
1074 cmp dword ptr [esi+16],0 ; is the physical size = 0
1075 jz ObjectGotIgnored
1076
1077 push esi
1078 mov edx,dword ptr [SavePosition]
1079 call SeekFile
1080
1081 mov edx,dword ptr [MemStart]
1082 mov ecx,dword ptr [esi+16]
1083 call ReadFromFile
1084
1085 mov edx,dword ptr [esi+20]
1086 call SeekFile
1087
1088 mov ecx,dword ptr [esi+16]
1089 mov edx,dword ptr [MemStart] ; write the encrypted obj into the file
1090 call WritetoFile
1091
1092 pop esi
1093ObjectGotIgnored:
1094 WriteConsole2 <offset Baukasten27>
1095 mov byte ptr [ResourceInde],1 ; don't display the lame object statistics
1096 jmp Dontcrypt
1097
1098Compressit:
1099 mov edi,dword ptr [TempVar]
1100 mov eax,dword ptr [esi+12] ; get the objoffset (rva)
1101 mov dword ptr [TempVar2],eax ; save the rva
1102 stosd ; store it in a table
1103 mov eax,dword ptr [esi+16] ; get the objlength
1104 stosd ; store it in the objtable of pecrypt32
1105
1106 call Randomize ; great random function,yeahh
1107 stosd ; save the random encryption value in the table
1108
1109 mov dword ptr [CRYPTVAR1],eax ; save it for encrypting
1110
1111 movzx ecx,word ptr [OBJnumber]
1112 shl ecx,2
1113 mov eax,[ecx+offset VSizeTable]
1114 stosd ; save the virtual size in the objecttable
1115 xor eax,eax
1116 stosb ; save it
1117 stosd ; zero the crc value
1118 stosd ; zero the not aligned realsize of this obj
1119 mov eax,[esi+16] ; get the original physical size
1120 stosd ; save it
1121 mov eax,[esi+36] ; get the flags of this section
1122 stosd ; save them
1123 mov dword ptr [TempVar],edi
1124 mov byte ptr [LazyNess],1
1125
1126 mov edx,dword ptr [SavePosition]
1127 call SeekFile ; seek to the pos
1128
1129 mov edi,dword ptr [MemStart]
1130 mov ecx,dword ptr [esi+16]
1131 shr ecx,2
1132 xor eax,eax
1133 rep stosd
1134
1135 mov ecx,dword ptr [esi+16] ; get the obj length for reading
1136 mov edx,dword ptr [MemStart] ; start of the allocated memory
1137 mov dword ptr [RealSize],ecx ; save the realsize
1138 push ecx
1139 call ReadFromFile ; read the obj into the allocated mem
1140 pop ecx
1141
1142CompressRelocs:
1143 push ecx
1144 push esi
1145 push edi
1146
1147 mov esi,dword ptr [MemStart]
1148 mov dword ptr [MemStart2],esi
1149 mov edi,esi
1150
1151CompressionON:
1152 movzx eax,word ptr [OBJnumber] ; get the current obj number
1153 add eax,offset SectionStates ; add the lame section state buffer
1154 cmp byte ptr [eax],1 ; encryption for this section?
1155 jz EncryptByte ; if yes, start with encryption
1156
1157 mov dword ptr [CompressBytes],ecx
1158 mov dword ptr [OrigSize],ecx
1159 mov dword ptr [InfoSize],ecx
1160
1161CompressThem:
1162
1163
1164 pusha
1165 push 4
1166 push 1000h
1167 push 1024*1024
1168 push 0
1169 call VirtualAlloc
1170 mov dword ptr [WorkMemory],eax
1171 or eax,eax
1172 jz AllocError1
1173 popa
1174
1175
1176 push ebx
1177 push esi
1178 push edi
1179
1180 mov dword ptr [SaveEESP],esp
1181
1182
1183 mov eax,dword ptr [MemStart] ; points to the source data
1184 mov edx,dword ptr [MemStart4] ; points to the destination data
1185 mov ebx,ecx ; size of this data (physical size)
1186
1187 cmp byte ptr [RCompress],1 ; check for running resource compression
1188 jz NoLameTextNeeded ; don't display the 'processing' text if resource packing
1189 ; is running
1190
1191
1192 cmp byte ptr [RelocCCC],1 ; check for relocation compression
1193 jz NoCallBackNeeded ; if running then skip this crap
1194 WriteConsole2 <offset Spaces>
1195NoLameTextNeeded:
1196 push offset PackingInfo
1197 push dword ptr [WorkMemory] ; push the workmem
1198 push ebx ; push the size
1199 push edx ; push destination
1200 push eax ; push source data
1201 jmp callbackjuhuuu
1202
1203NoCallBackNeeded:
1204 push 0 ; no callback needed
1205 push dword ptr [WorkMemory] ; push the workmem
1206 push ebx ; push the size
1207 push edx ; push destination
1208 push eax ; push source data
1209
1210callbackjuhuuu:
1211 call _aP_pack
1212 add esp, 5*4
1213
1214
1215 mov esp,dword ptr [SaveEESP]
1216 mov ecx,eax
1217 pop edi
1218 pop esi
1219 pop ebx
1220
1221 mov dword ptr [CCounter],ecx
1222
1223 mov edi,dword ptr [MemStart]
1224 mov esi,dword ptr [MemStart4]
1225 rep movsb
1226
1227 push 2
1228 push 1024*1024
1229 push dword ptr [WorkMemory]
1230 Call VirtualFree ; free it
1231 or eax,eax ; check for error
1232 jnz dealloc_error ; jump on error
1233
1234
1235 cmp byte ptr [RelocCCC],1 ; check for running relocation compression
1236 jz RelocCRunning ; jump if running
1237 cmp byte ptr [RCompress],1 ; check for resource packing
1238 jz RelocCRunning ; skip display routine if running
1239 WriteConsole2 <offset ReturnChars> ; display return chars
1240RelocCRunning:
1241
1242 cmp byte ptr [RCompress],1 ; check for running resource compression
1243 jnz ResourceCRunning ; jump if running
1244 WriteConsole2 <offset Baukasten17>
1245ResourceCRunning:
1246
1247 cmp byte ptr [RelocCCC],1
1248 mov byte ptr [RelocCCC],0 ; disable the relocation compression flag
1249 jz ContinueRelocationPacking ; continue the relocation packing
1250
1251 mov eax,dword ptr [MemStart2] ; get the memory start
1252 mov dword ptr [MemStart],eax ; restore it
1253 jmp weida
1254
1255PackingInfo:
1256 pusha
1257 mov ebx,100
1258 imul ebx
1259 mov ebx,dword ptr [InfoSize]
1260 xor edx,edx
1261 div ebx
1262 pusha
1263 call SendMessageA, [hPrgrs], WM_USER+2, eax, 0 ;PBM_SETPOS
1264 call UpdateWindow, [hMain]
1265blabla:
1266 popa
1267 popa
1268 db 0C3h
1269weida:
1270 pop edi
1271 pop esi
1272 pop ecx
1273
1274 mov edx,dword ptr [esi+20] ; seek to the obj start
1275NotCResources:
1276 call SeekFile
1277
1278 mov eax,dword ptr [CCounter]
1279 add eax,dword ptr [DirSize]
1280
1281 mov dword ptr [RealSize],eax ; save the new physical size
1282
1283 mov ecx,dword ptr [PEHeader+60] ; get the value we need for alignment
1284 xor edx,edx
1285 div ecx
1286 or edx,edx
1287 jz No__RestiValue
1288 inc eax
1289No__RestiValue:
1290 mul ecx
1291
1292 push dword ptr [esi+16]
1293 mov dword ptr [esi+16],eax
1294
1295 mov dword ptr [OBJVSIZE],eax
1296 mov ecx,dword ptr [OrigSize]
1297 mov dword ptr [NewPhysS],eax ; save new physicalsize
1298 cmp eax,ecx
1299 jae NoCompress
1300
1301 mov edx,ecx
1302 sub edx,eax
1303 cmp edx,1024
1304 jl NoCompress
1305
1306 mov dword ptr [RESOURCESIZ],eax
1307 push eax
1308 mov eax,[esi+8]
1309 mov dword ptr [RESOURCEVSIZ],eax
1310 pop eax
1311
1312 cmp byte ptr [RCompress],1
1313 jz PassThisCrap
1314
1315 mov edi,dword ptr [TempVar]
1316 mov byte ptr [edi-17],1
1317 sub edi,29
1318 stosd
1319
1320PassThisCrap:
1321 push eax
1322 sub ecx,eax
1323 add dword ptr [Csize],ecx
1324
1325 mov dword ptr [CCounter],0
1326 mov dword ptr [CompressCounter],0
1327 mov dword ptr [CompressBytes],0
1328 mov dword ptr [HowMany],0
1329 pop ecx
1330 pop edx
1331
1332 jmp Compressed
1333NoCompress:
1334 mov dword ptr [DirSize],0
1335
1336 pop dword ptr [esi+16]
1337
1338 mov edx,dword ptr [MemStart2]
1339 mov dword ptr [MemStart],edx
1340
1341 mov dword ptr [CCounter],0
1342 mov dword ptr [CompressCounter],0
1343 mov dword ptr [CompressBytes],0
1344 mov dword ptr [HowMany],0
1345
1346 mov edx,dword ptr [SavePosition]
1347 call SeekFile ; seek to the pos
1348
1349 mov ecx,dword ptr [esi+16] ; get the obj length for reading
1350 mov edx,dword ptr [MemStart] ; start of the allocated memory
1351 push ecx
1352 call ReadFromFile ; read the obj into the allocated mem
1353 pop ecx
1354 push ecx
1355 push esi
1356 push edi
1357 mov esi,dword ptr [MemStart]
1358 mov edi,esi
1359 cmp byte ptr [RCompress],1 ; is the current section a resource section?
1360 jz EncryptResources ; if yes, then use the special method :)
1361 jmp EncryptByte
1362
1363Compressed:
1364 mov edx,dword ptr [MemStart2]
1365 mov dword ptr [MemStart],edx
1366
1367 mov byte ptr [RCompress],0
1368 mov dword ptr [DirSize],0
1369
1370NoCompressedResources:
1371 call WritetoFile
1372 jmp lalala
1373
1374EncryptByte:
1375 shr ecx,1 ; divide size by 2 (word encryption)
1376@NoTlsEntry:
1377 lodsw
1378 xor ax,cx
1379 not ax
1380 xor eax,dword ptr [CRYPTVAR1]
1381 ror ax,cl
1382 inc dword ptr [CRYPTVAR1]
1383 stosw
1384 inc dword ptr [TempVar2]
1385 dec ecx
1386 jnz @NoTlsEntry
1387
1388ImportFound:
1389 pop edi
1390 pop esi
1391 pop ecx
1392 push ecx
1393
1394 mov edx,dword ptr [esi+20] ; seek to the obj start
1395 call SeekFile
1396 pop ecx
1397 mov edx,dword ptr [MemStart] ; write the encrypted obj into the file
1398 call WritetoFile
1399 jmp lalala
1400Dontcrypt:
1401lalala:
1402 inc word ptr [OBJnumber]
1403 add esi,40
1404 mov ax,word ptr [PEHeader+6]
1405
1406 cmp byte ptr [ResourceInde],1
1407 jz NoStatistic
1408 call DisplayStatistic ; display statistic
1409NoStatistic:
1410 mov byte ptr [ResourceInde],0
1411
1412 cmp byte ptr [LazyNess],0
1413 jz DontEncryptOBJTable
1414
1415 pushad
1416 mov esi,dword ptr [MemStart]
1417 mov edi,dword ptr [TempVar]
1418 mov ecx,dword ptr [RealSize] ; get the real size of this object
1419 mov [edi-12],ecx
1420 shr ecx,2
1421 xor edx,edx
1422 xor ebx,ebx
1423CalculateOBJ_CRC:
1424 lodsd
1425 xor edx,eax
1426 rol edx,cl
1427 shl edx,cl
1428 add edx,ebx
1429 mov ebx,eax
1430 dec ecx
1431 jnz CalculateOBJ_CRC
1432 mov edi,dword ptr [TempVar]
1433 mov [edi-16],eax ; save the crc value in the objecttable
1434 popad
1435
1436 pushad
1437 mov esi,dword ptr [TempVar]
1438 sub esi,33 ; pointer to the first entry
1439 mov ecx,33 ; size of all entries = 21 bytes
1440 xor eax,eax
1441 mov edx,dword ptr [ENCRYPTV1]
1442CalculateOBJCRC:
1443 lodsb ; get a byte
1444 xor eax,ecx ; and calculate a simple checksum
1445 rol eax,cl ; which will be later used
1446 add eax,edx ; to encrypt the next objecttable :)
1447 xor edx,eax
1448 xor edx,dword ptr [ENCRYPTV1]
1449 inc edx ; cause i don't want that some lAmErZ
1450 dec ecx ; change it, tralalaaaa
1451 jnz CalculateOBJCRC
1452
1453 push esi
1454 mov esi,offset ToAdd ; pointer to the loaderstart
1455 mov ecx,offset CodeCRC_End - offset ToAdd
1456 mov edx,dword ptr [ENCRYPTV2]
1457CaculateCODECRC:
1458 mov dl,[esi]
1459 add eax,edx
1460 rol eax,cl
1461 xor eax,ecx
1462 xor eax,dword ptr [ENCRYPTV1]
1463 inc esi
1464 dec ecx
1465 jnz CaculateCODECRC
1466 pop esi
1467
1468 mov edx,eax
1469 mov esi,offset PEText
1470 mov ecx,(offset ToAdd_END - offset PEText)
1471ChecksumText:
1472 lodsb
1473 add edx,eax
1474 rol edx,cl
1475 xor edx,ecx
1476 dec ecx
1477 jnz ChecksumText
1478
1479 mov eax,edx
1480 pushad
1481 mov esi,dword ptr [TempVar]
1482 sub esi,33 ; pointer to the last object
1483 mov edx,dword ptr [PreviousCRC] ; get the previous crc
1484 mov edi,esi
1485 mov ecx,33 ; size = 21 bytes
1486EncryptOBJTable:
1487 lodsb
1488 xor eax,edx
1489 inc edx
1490 stosb
1491 dec ecx
1492 jnz EncryptOBJTable
1493 popad
1494 mov dword ptr [PreviousCRC],eax
1495 popad
1496
1497DontEncryptOBJTable:
1498 mov byte ptr [LazyNess],0
1499
1500 cmp word ptr [OBJnumber],ax
1501 jae allobjsdone
1502 jmp Parseobj
1503
1504CheckForRelocations:
1505
1506 mov eax,[esi+36]
1507 and eax,0EFFFFFFFh
1508 mov [esi+36],eax
1509
1510 pushad
1511 mov esi,offset ResDecryptionFinished
1512 mov ecx,(offset NoTracerRunning - offset ResDecryptionFinished)
1513 call Randomize
1514 mov dword ptr [ENCRYPTV3],eax
1515 mov edx,eax
1516 push edx
1517 call Randomize
1518 mov dword ptr [ENCRYPTV4],eax
1519 pop edx
1520 mov edi,eax
1521 xor eax,eax
1522 shr ecx,2
1523Calculate_RCRC:
1524 lodsd
1525 add edx,eax
1526 xor edx,ecx
1527 xor edi,eax
1528 rol edi,cl
1529 dec ecx
1530 jnz Calculate_RCRC
1531 xor edx,edi
1532 mov dword ptr [ENCRYPTV5],edx
1533 popad
1534
1535 mov eax,[esi+16] ;get the virtual size of the relocations
1536 mov dword ptr [RELOCVSIZE],eax ;save them
1537
1538 mov eax,dword ptr [esi+12] ; get the relocation base :)
1539 mov dword ptr [RELOCBASE],eax ; save it
1540
1541 mov edx,dword ptr [SavePosition]
1542 call SeekFile ; seek to the pos of the .reloc obj
1543
1544 pushad
1545 cmp byte ptr [INFOMODE],0
1546 jnz DontDisplaythiscrap
1547 WriteConsole2 <offset ReturnChars>
1548DontDisplaythiscrap:
1549 WriteConsole2 <offset Baukasten18>
1550 WriteConsole2 <offset Baukasten19>
1551 popad
1552
1553 push esi
1554 mov ecx,dword ptr [PEHeader+164] ; get the .reloc length for reading
1555 mov dword ptr [RelocLength],ecx ; save the lengh of the reloc obj
1556 mov dword ptr [RELOCLENG],ecx ; save it lalalalaa
1557 push ecx
1558 mov ecx,dword ptr [esi+16]
1559 mov edx,dword ptr [MemStart] ; start of the allocated memory
1560 call ReadFromFile ; read the whole .reloc obj
1561 pop ecx
1562
1563 mov edi,dword ptr [MemStart] ; get the allocated memory
1564 add edi,dword ptr [PEHeader+160] ; add the relocation rva
1565 sub edi,[esi+12] ; subtract the section rva
1566
1567 cmp dword ptr [edi],0 ; already protected with pecrypt32
1568 jnz @Only12bitencryption ; don't encrypt again
1569 mov byte ptr [LOADRELOC],0
1570 jmp Finishedrelocs
1571@Only12bitencryption:
1572 cmp byte ptr [RELOCCOMP],1 ; check for relocation compression
1573 jz CompressRelocations ; if enabled, jump
1574
1575 call Randomize ; great random function,yeahh
1576
1577 cmp byte ptr [ARTOFRELOC1],1 ; check the type of relocation encryption
1578 jz Startwithrelocations
1579 pushad
1580 WriteConsole2 <offset Baukasten21>
1581
1582 popad
1583 and ax,0FFFh ; only 12bit cryptvalues are allowed!
1584 jmp GrosseTitten
1585Startwithrelocations:
1586 WriteConsole2 <offset Baukasten20>
1587
1588GrosseTitten:
1589 mov word ptr [CryptValue1],ax ; save it
1590 mov word ptr [CRYPTVALUE2],ax
1591
1592 xor ebx,ebx
1593 mov esi,dword ptr [MemStart] ; esi=offset of the allocated memory
1594 mov eax,[esi]
1595 mov dword ptr [SAVEFIRSTRB],eax
1596 mov dword ptr [esi],0
1597
1598Continuewithreloc:
1599 mov ecx,dword ptr [esi+4]
1600 sub ecx,8
1601 shr ecx,1 ; divide the length by 2
1602 add ebx,8 ; (cause every reloc is a word)
1603 add esi,8 ; increase the pointer
1604 ; points now to the first relocation in this
1605 ; block.
1606 mov edi,esi
1607EncryptReloc:
1608 add ebx,2
1609 lodsw ; get the relocation
1610 cmp byte ptr [ARTOFRELOC1],1 ; 16 bit relocation encryption?
1611 jz Reloc16bit ; yeah? then jump
1612 and ax,0FFFh ; cut off the fucking relocation type
1613 jmp DontEncryptfr
1614
1615Reloc16bit:
1616 not ax
1617 rol ax,cl
1618 xor ax,cx
1619DontEncryptfr:
1620 xor ax,word ptr [CryptValue1]
1621 xor ax,word ptr [ENCRYPTV5]
1622 stosw ; push it again
1623loop EncryptReloc
1624 cmp ebx,dword ptr [RelocLength] ;finished with the reloc obj?
1625 jnz Continuewithreloc ; not? then do the next reloc block
1626
1627Finishedrelocs: ; finished with relocations
1628 pop esi
1629 mov edx,dword ptr [esi+20] ; seek to the obj start
1630 call SeekFile
1631
1632 mov ecx,dword ptr [esi+16]
1633 mov edx,dword ptr [MemStart] ; write the encrypted obj into the file
1634 call WritetoFile
1635
1636 pushad
1637 WriteConsole2 <offset Baukasten22>
1638 popad
1639 mov byte ptr [ResourceInde],1
1640 jmp Dontcrypt
1641CompressRelocations:
1642 pushad
1643 WriteConsole2 <offset Baukasten25>
1644 popad
1645 mov esi,dword ptr [MemStart] ; esi=offset of the allocated memory
1646 include r-relocc.inc ; call the relocation compression
1647 mov byte ptr [ResourceInde],1
1648 pushad
1649 WriteConsole2 <offset Baukasten22>
1650 popad
1651 jmp Dontcrypt
1652
1653Dontcrypt2:
1654 push esi
1655 mov edx,dword ptr [SavePosition]
1656 call SeekFile
1657
1658 mov edx,dword ptr [MemStart]
1659 mov ecx,dword ptr [esi+16]
1660 call ReadFromFile
1661
1662 mov edx,dword ptr [esi+20]
1663 call SeekFile
1664
1665 mov ecx,dword ptr [esi+16]
1666 mov edx,dword ptr [MemStart] ; write the encrypted obj into the file
1667 call WritetoFile
1668
1669 pop esi
1670 jmp Dontcrypt
1671
1672EncryptResources:
1673
1674 cmp byte ptr [RCOMP],2 ; is the resource processing switched off?
1675 jz Dontcrypt2 ; if yes then don't encrypt / pack
1676 cmp dword ptr [PEHeader+136],0
1677 jz Dontcrypt
1678
1679 mov byte ptr [ResourceInde],1
1680
1681 mov esi,dword ptr [LastOBJPos]
1682 push esi
1683
1684 cmp byte ptr [RCompress],0 ; was there any previous compression try?
1685 jz NoPreviousCompression ; if no, don't jump
1686 mov byte ptr [RESOURCECOMP],0 ; no resource compression anymore
1687 mov byte ptr [RCOMP],0
1688 mov byte ptr [AddNew],0
1689 mov byte ptr [RESEND],0
1690 mov byte ptr [PatchRrva],0 ; don't update the icon rvas
1691
1692NoPreviousCompression:
1693 mov eax,dword ptr [PEHeader+136]
1694 mov dword ptr [RESOURCEOFS],eax
1695
1696 mov byte ptr [RCompress],0
1697 mov edx,dword ptr [SavePosition]
1698 call SeekFile ; seek to the pos
1699
1700 mov ecx,dword ptr [esi+16] ; get the obj length for reading
1701 mov edx,dword ptr [MemStart] ; start of the allocated memory
1702 call ReadFromFile ; read the obj into the allocated mem
1703 Call Randomize
1704 xchg ebx,eax
1705 mov dword ptr [RESOURCE_ENCRYPT],ebx
1706
1707 mov eax,[esi+8]
1708 mov dword ptr [RESOURCESIZ],eax
1709
1710 Call DisplayResourceInformation
1711
1712 cmp byte ptr [RESOURCECOMP],1
1713 jz CompressResources
1714 push esi
1715
1716 mov esi,dword ptr [MemStart]
1717 mov ebp,esi
1718 mov edi,dword ptr [RESOURCEOFS]
1719 mov edx,ebp
1720 mov ebx,offset ToAdd
1721 mov byte ptr [DURCHGANG],1
1722 call ParseSubDirectory
1723
1724EncryptionFinished2:
1725 mov byte ptr [DURCHGANG],0
1726 pushad
1727 WriteConsole2 <offset Baukasten17>
1728 popad
1729 pop esi
1730
1731 mov edx,dword ptr [esi+20] ; seek to the obj start
1732 call SeekFile
1733 mov edx,dword ptr [MemStart] ; write the encrypted obj into the file
1734 mov ecx,dword ptr [esi+16] ; get the obj length for writing
1735 call WritetoFile
1736 jmp Dontcrypt
1737
1738CompressResources:
1739 push esi
1740 mov ebp,dword ptr [MemStart]
1741 mov esi,ebp
1742 mov edi,dword ptr [MemStart5]
1743 call ReadSubdirectory
1744 jmp DetermineDirectoryEnd
1745
1746ReadSubdirectory Proc
1747 push edx
1748 movzx ecx,word ptr [esi+14] ; get the number of ID entries (root directory)
1749 movzx edx,word ptr [esi+12] ; get number of named entries (root directory)
1750 add ecx,edx
1751 pop edx
1752ReadSubdirectory_2:
1753 push ecx
1754 add esi,16 ; Image Resource Directory Format = 16 bytes
1755 push esi
1756 mov dword ptr [NumberofDirs],ecx ; save the number of subdirectories
1757ScanNext:
1758 cmp dword ptr [NumberofDirs],0
1759 jz ContinueDirParsing_restore_pointers
1760
1761; cmp byte ptr [CheckIcon],4
1762; jz ScanForIconID
1763 cmp byte ptr [CheckIcon],1 ; check if the group icon scanning is enabled
1764 jz GroupIconScanning
1765 cmp byte ptr [CheckIcon],2 ; check if the icon scanning is enabled
1766 jz NormalIconScanning
1767 cmp byte ptr [CheckIcon],6
1768 jz VersionInfoScanning
1769
1770ContinueDirParsing:
1771 mov eax,dword ptr [esi+4] ; get data or directory offset
1772 ; (directory if 800000000h is set)
1773 and eax,7FFFFFFFh ; pointer contains of 31 bit
1774 test dword ptr [esi+4],80000000h ; test for directory / raw data structure
1775 jnz SubDirectoryFound ; jump if set (subdirectory)
1776 jmp RawStructureFound ; Raw data structure found
1777
1778SubDirectoryFound:
1779 mov esi,ebp ; get the memory offset
1780 add esi,eax ; add the pointer to the sub directory
1781 call ReadSubdirectory
1782 pop esi
1783 pop ecx
1784 sub esi,8
1785 or ecx,ecx
1786 jz Retit
1787 cmp byte ptr [CheckIcon],5
1788 jnz NoNormalScanningEnabled
1789 cmp ecx,1
1790 jz FinishedwithParsing
1791
1792
1793NoNormalScanningEnabled:
1794 dec ecx
1795 jnz ReadSubdirectory_2
1796Retit:
1797 ret
1798 jmp ReadSubdirectory
1799
1800ContinueDirParsing_restore_pointers:
1801 cmp byte ptr [CheckIcon],6 ; is the version scanning finished?
1802 jnz NoVersionScanning
1803 cmp byte ptr [esi],10h
1804 jz VersionInformationFound
1805 mov byte ptr [CheckIcon],0
1806 jmp VersionScanningFinished
1807
1808NoVersionScanning:
1809 cmp byte ptr [CheckIcon],2 ; check if the icon scanning is enabled
1810 jz NormalIconScanningNotEnabled
1811 cmp byte ptr [esi],03h
1812 jz NormalIconFound2
1813 mov byte ptr [CheckIcon],0
1814NormalIconScanningNotEnabled:
1815 cmp byte ptr [CheckIcon],1 ; check if the group icon scanning is enabled
1816 jnz GroupScanNotEnabled
1817 cmp byte ptr [esi],0Eh
1818 jz GroupIconFound
1819 mov byte ptr [CheckIcon],0
1820GroupScanNotEnabled:
1821VersionScanningFinished:
1822
1823 pop esi
1824 push esi
1825 jmp ContinueDirParsing
1826
1827VersionInfoScanning:
1828 cmp byte ptr [esi],10h
1829 jz VersionInformationFound
1830 add esi,8
1831 dec dword ptr [NumberofDirs]
1832 jmp ScanNext
1833
1834GroupIconScanning:
1835 cmp byte ptr [esi],0Eh
1836 jz GroupIconFound
1837 add esi,8
1838 dec dword ptr [NumberofDirs]
1839 jmp ScanNext
1840
1841NormalIconScanning:
1842 cmp byte ptr [esi],03h
1843 jz NormalIconFound2
1844 add esi,8
1845 dec dword ptr [NumberofDirs]
1846 jmp ScanNext
1847
1848NormalIconFound2:
1849 mov byte ptr [CheckIcon],5
1850 mov byte ptr [IconResult],1
1851 jmp ContinueDirParsing
1852
1853GroupIconFound:
1854 mov byte ptr [IconResult],1
1855 mov byte ptr [CheckIcon],3
1856 jmp ContinueDirParsing
1857
1858VersionInformationFound:
1859 mov byte ptr [CheckVInfo],1
1860 mov byte ptr [CheckIcon],3
1861 jmp ContinueDirParsing
1862
1863ScanForIconID:
1864 mov eax,dword ptr [IconID]
1865 cmp [esi],eax
1866 jz ContinueDirParsing2
1867 add esi,8
1868 jmp ScanNext
1869
1870ContinueDirParsing2:
1871 mov byte ptr [CheckIcon],5
1872 jmp ScanNext
1873
1874RawStructureFound:
1875 add eax,ebp
1876 xchg esi,eax
1877 mov eax,[esi] ; get the raw data offset
1878
1879 cmp byte ptr [CheckVInfo],1
1880 jz VersionInfoFound
1881 cmp byte ptr [CheckIcon],3
1882 jz Group_Icon_Found
1883
1884 cmp byte ptr [CheckIcon],5
1885 jnz DontScanForNormalIcon
1886
1887 push edx
1888 mov edx,dword ptr [RESOURCESIZ] ; get the virtual size of the resources
1889 add edx,dword ptr [RESOURCEOFS] ; add the resource rva
1890 cmp eax,edx
1891 pop edx
1892 ja DontScanForNormalIcon
1893
1894 push eax
1895 sub eax,[RESOURCEOFS]
1896 add eax,ebp
1897
1898 cmp byte ptr [eax],28h
1899 pop eax
1900 jz Normal_Icon_Found
1901 jmp DontScanForNormalIcon
1902
1903DontScanForNormalIcon:
1904; cmp byte ptr [CheckIcon],5
1905; jz Normal_Icon_Found
1906
1907 cmp byte ptr [DontStore],0
1908 jz DontStoreOffsets
1909 mov dword ptr [OfsAmount],eax
1910 stosd ; store the raw data offset into the buffer
1911DontStoreOffsets:
1912 pop esi
1913 pop ecx
1914 ret
1915ReadSubdirectory endp
1916
1917DetermineDirectoryEnd:
1918 mov eax,dword ptr [OfsAmount]
1919
1920 mov ecx,edi ; get the current buffer position
1921 sub ecx,dword ptr [MemStart5] ; subtract the buffer start to get the size
1922 shr ecx,2 ; divide it by 4
1923 mov dword ptr [OfsAmount],ecx ; store it
1924 mov esi,dword ptr [MemStart5] ; get the offset buffer start
1925
1926 mov eax,[esi]
1927 mov dword ptr [PosResult],eax ; save this as the result if only one resource entry exists
1928
1929GetTheNextOffset:
1930 push ecx
1931 push esi
1932
1933 mov eax,[esi] ; get the next offset out of the buffer
1934
1935 mov dword ptr [OfsPos],esi ; save the current buffer position
1936
1937 mov esi,dword ptr [MemStart5] ; pointer to the buffer start for every offset
1938 mov ecx,dword ptr [OfsAmount] ; get the amount of all offsets in the buffer
1939 cmp ecx,1
1940 jz DontContinueScanning
1941CompareOffsets:
1942 cmp esi,dword ptr [OfsPos] ; compare the current pos with the offset pos
1943 jz DontAdd ; if equal then don't add
1944 cmp eax,[esi] ; compare the offset with another offset
1945 jae DontAdd ; only add the small offsets
1946 inc dword ptr [OfsResult] ; increase the offset counter
1947DontAdd:
1948 add esi,4 ; set pointer to the next offset
1949 dec ecx
1950 jnz CompareOffsets
1951
1952 mov ebx,dword ptr [OfsResult] ; get the amount of offsets
1953 cmp ebx,dword ptr [EndResult] ; compare it with the end result
1954 jle DontAddAnew ; dont add a new one if the result amount is smaller
1955 mov dword ptr [EndResult],ebx ; save the new end result
1956 mov dword ptr [PosResult],eax ; save the end offset
1957
1958DontAddAnew:
1959 mov dword ptr [OfsResult],0 ; zero the offset counter
1960
1961 pop esi
1962 add esi,4 ; make it point to the next entry
1963 pop ecx
1964 dec ecx
1965 jnz GetTheNextOffset
1966 jmp ScanningSuccessful
1967
1968DontContinueScanning:
1969 pop esi
1970 pop ecx
1971
1972ScanningSuccessful:
1973 mov esi,dword ptr [MemStart]
1974 mov edi,dword ptr [PosResult]
1975 add edi,esi
1976 sub edi,dword ptr [RESOURCEOFS]
1977 mov dword ptr [MemStart],edi
1978
1979 mov eax,[edi] ; get the first dword after the resource directory
1980 mov dword ptr [RESOURCEBYT],eax
1981
1982 sub edi,esi
1983 pop esi
1984 mov dword ptr [DirSize],edi
1985 mov dword ptr [DIRSIZE],edi
1986 mov ecx,[esi+16]
1987 mov dword ptr [OrigSize],ecx
1988 sub ecx,edi
1989 mov dword ptr [InfoSize],ecx
1990 mov dword ptr [CompressBytes],ecx
1991
1992 push ecx
1993 push esi
1994 push edi
1995 mov esi,dword ptr [MemStart]
1996 mov edi,esi
1997 mov byte ptr [RCompress],1
1998 mov byte ptr [IconResult],0
1999 mov byte ptr [DontStore],0
2000 Call CheckForIcons
2001 jmp CompressThem
2002
2003DamnCrap:
2004 mov byte ptr [RCompress],1
2005 jmp EncryptResources
2006
2007CheckForIcons Proc
2008 pushad
2009 mov dword ptr [SaveTemp2],esp
2010
2011
2012 mov byte ptr [CheckIcon],1 ; set the internal variable true
2013 mov esi,dword ptr [MemStart2] ; points to the funny resources
2014 mov ebp,esi
2015 call ReadSubdirectory ; read it
2016
2017ScanningFinished:
2018 mov esp,dword ptr [SaveTemp2]
2019 popad
2020 ret
2021
2022Group_Icon_Found:
2023 mov edx,dword ptr [MemStart2]
2024
2025 mov eax,dword ptr [esi] ; get the offset of this entry
2026 mov ecx,dword ptr [esi+4] ; get the length of this resource entry
2027 sub eax,dword ptr [RESOURCEOFS]
2028 add eax,edx
2029
2030 pushad
2031 mov eax,[esi] ; get the rva of the first icon
2032 mov edx,dword ptr [RESOURCESIZ] ; get the virtual size of the resources
2033 add edx,dword ptr [RESOURCEOFS] ; add the resource rva
2034 cmp eax,edx ; range checking
2035 popad
2036 ja ScanningFinished
2037
2038 push eax
2039 mov eax,dword ptr [IconSize]
2040 mov [esi],eax
2041 pop eax
2042
2043 pushad
2044 sub esi,dword ptr [MemStart2] ; calculate some crap
2045 mov dword ptr [IconPointers],esi
2046 add dword ptr [IconPointi],4
2047; mov dword ptr [SPointer1],esi ; save it
2048 mov edx,dword ptr [SavePosition] ; get the old filepos
2049 sub edx,dword ptr [Csize] ; subtract the packed bytes
2050 mov dword ptr [NewRPos],edx ; save the new resource pos
2051 popad
2052
2053 mov esi,eax
2054 mov edi,dword ptr [IconBuffer] ; points to the reserved icon buffer
2055 add edi,dword ptr [IconSize]
2056 push edi
2057 add dword ptr [IconSize],ecx
2058
2059CopyGroupIcon:
2060 lodsb
2061 mov byte ptr [esi-1],0
2062 stosb
2063 dec ecx
2064 jnz CopyGroupIcon
2065 pop esi
2066
2067 mov byte ptr [CheckIcon],2 ; set the internal variable for the icon scanning
2068 mov esi,dword ptr [MemStart2] ; points to the funny resources
2069 mov ebp,esi
2070
2071 call ReadSubdirectory ; read it
2072 jmp FinishedwithParsing
2073
2074Normal_Icon_Found:
2075 mov edx,ebp
2076
2077 mov eax,dword ptr [esi] ; get the offset of this entry
2078 mov ecx,dword ptr [esi+4] ; get the length of this resource entry
2079 sub eax,dword ptr [RESOURCEOFS]
2080 add eax,edx
2081
2082 pushad
2083 mov eax,[esi] ; get the rva of the first icon
2084 mov edx,dword ptr [RESOURCESIZ] ; get the virtual size of the resources
2085 add edx,dword ptr [RESOURCEOFS] ; add the resource rva
2086 cmp eax,edx ; range checking
2087 popad
2088 ja DontStoreOffsets
2089
2090 push eax
2091 mov eax,dword ptr [IconSize]
2092 mov [esi],eax
2093 pop eax
2094
2095 pushad
2096 sub esi,dword ptr [MemStart2]
2097 mov edi,dword ptr [IconPointi]
2098 mov dword ptr [edi],esi
2099 add edi,4
2100 mov dword ptr [IconPointi],edi
2101; mov dword ptr [SPointer2],esi
2102 popad
2103
2104 mov esi,eax
2105 push esi
2106 mov edi,dword ptr [IconBuffer] ; points to the allocated memory for the iconcrap
2107 add edi,dword ptr [IconSize]
2108 add dword ptr [IconSize],ecx
2109
2110CopyNormalIcon:
2111 lodsb
2112 mov byte ptr [esi-1],0
2113 stosb
2114 dec ecx
2115 jnz CopyNormalIcon
2116 pop esi
2117 jmp DontStoreOffsets
2118
2119FinishedwithParsing:
2120
2121 mov byte ptr [CheckIcon],6 ; Enable the version information scanning
2122 mov esi,dword ptr [MemStart2] ; points to the funny resources
2123 mov ebp,esi
2124 call ReadSubdirectory ; read it
2125 mov byte ptr [CheckVInfo],0
2126 jmp NoVersionInfoInthisFile
2127
2128VersionInfoFound:
2129 mov byte ptr [CheckVInfo],1
2130
2131 mov eax,dword ptr [esi] ; get the offset of this entry
2132 mov ecx,dword ptr [esi+4] ; get the length of this resource entry
2133 sub eax,dword ptr [RESOURCEOFS]
2134 add eax,edx
2135
2136 pushad
2137 mov eax,[esi] ; get the rva of the first icon
2138 mov edx,dword ptr [RESOURCESIZ] ; get the virtual size of the resources
2139 add edx,dword ptr [RESOURCEOFS] ; add the resource rva
2140 cmp eax,edx ; range checking
2141 popad
2142 ja ScanningFinished
2143
2144 push eax
2145 mov eax,dword ptr [IconSize]
2146 mov [esi],eax
2147 pop eax
2148
2149 pushad
2150 sub esi,dword ptr [MemStart2]
2151 mov dword ptr [SPointer3],esi
2152 popad
2153
2154 mov esi,eax
2155 push esi
2156 mov edi,dword ptr [IconBuffer] ; points to the allocated memory for the iconcrap
2157 add edi,dword ptr [IconSize]
2158 add dword ptr [IconSize],ecx
2159CopyVersionInfo:
2160 lodsb
2161 mov byte ptr [esi-1],0
2162 stosb
2163 dec ecx
2164 jnz CopyVersionInfo
2165
2166 pop esi
2167 pop ecx
2168 pop esi
2169NoVersionInfoInthisFile:
2170 mov byte ptr [PatchRrva],1 ; set flag for later rva patching
2171 jmp ScanningFinished
2172
2173CheckForIcons endp
2174
2175allobjsdone:
2176
2177 mov dword ptr [PEHeader+80],0 ; zero the imagesize value
2178 sub esi,40
2179
2180 movsx ecx,word ptr [PEHeader+6] ; get the number of objects
2181 dec ecx
2182 mov eax,40 ; in the pefile..and multiply them by
2183 mul ecx ; 40 (length of an obj block)
2184 add eax,offset PEHeader+248
2185 mov esi,eax
2186
2187 mov eax,[esi+8] ; get virtualsize of the last obj
2188 add eax,[esi+12] ; add rva of the last object
2189
2190 mov ecx,dword ptr [PEHeader+56] ; use the section aligment for the rva
2191 xor edx,edx ; calculation
2192 div ecx
2193 or edx,edx
2194 jz NoRvaRestValue
2195 inc eax
2196NoRvaRestValue:
2197 mul ecx
2198 mov [RVA_NEW],eax ; write the new rva into my ruling object
2199
2200 mov eax,[esi+20] ; get the physical offset of the last object
2201 add eax,[esi+16] ; add the physical size = new offset of my object
2202 mov [Offset_NEW],eax ; save the new physical offset
2203
2204 mov eax,(Offset ToAdd_END - Offset ToAdd) ; size of the whole PECRYPT32 loader
2205 mov ecx,dword ptr [PEHeader+56] ; get the value we need for alignment
2206 xor edx,edx
2207 div ecx
2208 or edx,edx
2209 jz NoRestValue
2210 inc eax
2211NoRestValue:
2212 mul ecx
2213 mov dword ptr [VirtualS_NEW],eax ; save new virtual size
2214
2215 mov eax,(Offset ToAdd_END - Offset ToAdd) ; size of the whole PECRYPT32 loader
2216 mov ecx,dword ptr [PEHeader+60] ; get the value we need for alignment
2217 xor edx,edx
2218 div ecx
2219 or edx,edx
2220 jz NoRestiValue
2221 inc eax
2222NoRestiValue:
2223 mul ecx
2224 mov dword ptr [Physical_NEW],eax ; save it as new physicalsize
2225chabojackson:
2226 add eax,dword ptr [Offset_NEW] ; add the physical offset of this object
2227 mov [PhysOffset],eax ; save it as the new offset for the icon object
2228
2229 mov eax,dword ptr [RVA_NEW] ; get the new calculated rva
2230 add eax,dword ptr [VirtualS_NEW] ; add the virtual size
2231 mov [Rva_NEW],eax ; save it as the RVA for the new icon object
2232
2233 cmp dword ptr [IconSize],0 ; no icons / version info in the resources?
2234 jz No_Icon_VersionInfo
2235
2236 mov eax,dword ptr [IconSize] ; get the iconsize
2237 push eax
2238 mov ecx,dword ptr [PEHeader+56] ; get the value we need for alignment
2239 xor edx,edx
2240 div ecx
2241 or edx,edx
2242 jz No_Rest_Value
2243 inc eax
2244No_Rest_Value:
2245 mul ecx
2246 add dword ptr [PEHeader+80],eax ; add the '.icon' section vsize to the imagesize
2247 mov dword ptr [VSize_New],eax ; save it as new vsize for the .icon object
2248
2249 pop eax
2250 mov ecx,dword ptr [PEHeader+60] ; use the file alignment to align
2251 xor edx,edx
2252 div ecx
2253 or edx,edx
2254 jz No__Rest_Value
2255 inc eax
2256No__Rest_Value:
2257 mul ecx
2258 mov dword ptr [PhysSize_New],eax ; save it also as the new physical size
2259
2260No_Icon_VersionInfo:
2261 mov eax,dword ptr [RVA_NEW] ; get the new calculated rva
2262 mov dword ptr [PEHeader+40],eax ; save it in the PEHEADER
2263
2264 add dword ptr [Dllrva],eax ; prepare the dll field
2265 add dword ptr [ThunkRva],eax ; prepare the thunkarray
2266 add dword ptr [Thunktable],eax
2267 add dword ptr [Thunktable+4],eax
2268
2269 cmp byte ptr [PEText+91h],"k" ; tag verification
2270 jz Tag_NotChanged
2271 xor eax,666h
2272
2273Tag_NotChanged:
2274 add dword ptr [Thunktable+8],eax
2275
2276 mov dword ptr [PEHeader+168],0 ; kill the debuginfo
2277 mov dword ptr [PEHeader+172],0
2278
2279 mov dword ptr [PEHeader+208],0
2280 mov dword ptr [PEHeader+212],0
2281
2282 mov dword ptr [PEHeader+216],0
2283 mov dword ptr [PEHeader+220],0
2284
2285 push eax
2286 mov eax,dword ptr [PEHeader+128]
2287 mov dword ptr [IMPORTOFS],eax ; save the rva
2288 pop eax
2289
2290
2291 push eax
2292 add eax,offset NamehOffset - offset ToAdd
2293 mov dword ptr [PEHeader+128],eax ; save the import table rva
2294 mov dword ptr [PEHeader+132],offset ImportEnd - offset NamehOffset
2295 pop eax
2296 mov dword ptr [NEWIBASE],eax ; save it as new imagebase
2297
2298 add eax,dword ptr [VirtualS_NEW] ; add the virtual size of the new object
2299 add dword ptr [PEHeader+80],eax ; write the new imagesize
2300
2301 pusha
2302 movsx ecx,word ptr [PEHeader+6] ; get the number of objects
2303 mov eax,40 ; in the pefile..and multiply them by
2304 mul ecx ; 40 (length of an obj block)
2305 add eax,offset PEHeader+248
2306 inc word ptr [PEHeader+6]
2307 mov edi,eax
2308 mov esi,offset NewOBJ
2309 mov ecx,40
2310 rep movsb
2311 cmp byte ptr [CheckVInfo],1 ; do we need a new object for the version stuff?
2312 jz WriteNewObject ; if yes then write one
2313 cmp byte ptr [PatchRrva],0 ; do we need a new icon object?
2314 jz NoIconObjectNeeded
2315WriteNewObject:
2316 mov esi,offset NewOBJ2
2317 mov ecx,40
2318 rep movsb
2319 inc word ptr [PEHeader+6]
2320NoIconObjectNeeded:
2321 popa
2322
2323 mov eax,dword ptr [PEHeader+52]
2324 mov dword ptr [IMAGEBASE],eax
2325 cmp byte ptr [LOADEROPT],0 ; api hooking enabled?
2326 jz MenuCrapFinished ; if no , then jump
2327 mov DialogAPI,0
2328 call MenuStart
2329MenuCrapFinished:
2330 cmp byte ptr [ANTIBPX],0
2331 jz AntiBpxStuffDisabled
2332
2333 mov DialogAPI,1
2334 lea esi,FunctionT
2335 lea edi,TempBuffer
2336 mov ecx,500
2337 rep movsd
2338
2339 call MenuStart
2340 lea esi,FunctionT
2341 lea edi,FunctionT2
2342 mov ecx,500
2343 rep movsd
2344
2345 lea esi,TempBuffer
2346 lea edi,FunctionT
2347 mov ecx,500
2348 rep movsd
2349
2350AntiBpxStuffDisabled:
2351
2352;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
2353;Encryption routine for the first antidebugging layer
2354;
2355;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
2356
2357 cmp byte ptr [COMPATIBLE],0
2358 jz TlsSupportEnabled
2359 mov dword ptr [PEHeader+192],0
2360 mov dword ptr [PEHeader+196],0
2361
2362
2363TlsSupportEnabled:
2364 mov dword ptr [PreviousCRC],0 ; zero previouscrc (will be used lAtA lAmErz)
2365 mov ax,word ptr [PEHeader+6]
2366 mov word ptr [OBJNUMBA],ax
2367
2368 mov edi,offset LayerTable ; memory to fill the layers in
2369 mov esi,offset Layer_Table_End ; memory to encrypt/decrypt
2370 mov ecx,(offset REALCODE_CRC_END - offset EncryptLayer3_End)
2371 jmp SlowMte_Start
2372
2373EncryptionFinished:
2374
2375 mov edi,offset output_data
2376 mov esi,offset LayerTable
2377 mov ecx,1000 / 4
2378 rep movsd
2379 mov edi,offset LayerTable
2380 mov ecx,1000 / 4
2381 mov eax,90909090h
2382 rep stosd
2383
2384 cmp byte ptr [ANTID],0
2385 jz NoFuckingAntidebugging
2386
2387 call Randomize
2388 mov dword ptr [VALUE4],eax
2389 mov dword ptr [BLASEN2],eax
2390
2391 call Randomize
2392 mov dword ptr [VALUE3],eax
2393 mov dword ptr [BLASEN],eax
2394
2395 call Randomize
2396 mov dword ptr [ENCRYPTV11],eax
2397 mov edx,eax
2398
2399 mov esi,offset InCPL3
2400 mov edi,esi
2401 mov ecx,(offset EncryptedLayer_4_Start - offset InCPL3) / 4
2402
2403Encrypt_AD_Block:
2404 push esi
2405 push ecx
2406 mov ecx,offset (offset InCPL3 - offset NoHeuristicAlert) / 4
2407 mov esi,offset NoHeuristicAlert
2408
2409GenerateAD_CRC:
2410 mov eax,[esi]
2411 xor edx,eax
2412 xor edx,ecx
2413 add esi,4
2414 dec ecx
2415 jnz GenerateAD_CRC
2416 pop ecx
2417 pop esi
2418 lodsd
2419 xor eax,edx
2420 stosd
2421 inc dword ptr [VALUE3]
2422 xor edx,dword ptr [VALUE4] ; simple xor but effective ;)
2423 xor edx,ecx
2424 dec ecx
2425 jnz Encrypt_AD_Block
2426
2427 mov eax,dword ptr [BLASEN]
2428 mov dword ptr [VALUE3],eax
2429 mov eax,dword ptr [BLASEN2]
2430 mov dword ptr [VALUE4],eax
2431
2432 call Randomize
2433 mov dword ptr [VALUE5],eax
2434 mov dword ptr [BLASEN2],eax
2435
2436 call Randomize
2437 mov dword ptr [VALUE6],eax
2438 mov dword ptr [BLASEN],eax
2439
2440 mov edx,eax
2441 mov esi,offset CPL0_NOT_ACTIVE
2442 mov edi,esi
2443 mov ecx,(offset InCPL3 - offset CPL0_NOT_ACTIVE) / 4
2444Encrypt_First_Antidebugging_Layer:
2445 push esi
2446 push ecx
2447 mov ecx,(offset EncryptedAntiDebuggingLayer_1_End - offset HeuristicPassed) / 4
2448 mov esi,offset HeuristicPassed
2449Generate_CRC_overFirst_Antidebugging_Layer_2:
2450 mov eax,[esi]
2451 xor edx,eax
2452 xor edx,ecx
2453 add esi,4
2454 dec ecx
2455 jnz Generate_CRC_overFirst_Antidebugging_Layer_2
2456 pop ecx
2457 pop esi
2458 rol edx,cl
2459 rol dword ptr [VALUE6],cl
2460 xor dword ptr [VALUE5],ecx
2461 lodsd
2462 xor eax,edx
2463 stosd
2464 inc dword ptr [VALUE5]
2465 xor dword ptr [VALUE6],ecx
2466 xor edx,ecx
2467 dec ecx
2468 jnz Encrypt_First_Antidebugging_Layer
2469
2470 mov eax,dword ptr [BLASEN2]
2471 mov dword ptr [VALUE5],eax
2472
2473 mov eax,dword ptr [BLASEN]
2474 mov dword ptr [VALUE6],eax
2475
2476NoFuckingAntidebugging:
2477 mov esi,offset output_data
2478 mov edi,offset LayerTable
2479 mov ecx,1000 / 4
2480 rep movsd
2481
2482 call Randomize
2483 mov dword ptr [SaveMCRC],eax
2484 mov dword ptr [MutateCRC1],eax
2485
2486 call Randomize
2487 mov dword ptr [SaveMCRC+4],eax
2488 mov dword ptr [MutateCRC2],eax
2489
2490 call Randomize
2491 mov dword ptr [START_VALUE],eax
2492 mov edx,eax
2493
2494 mov esi,offset Encrypted_Block1_End-1
2495 mov edi,esi
2496 mov ecx,(offset Encrypted_Block1_End - offset Encrypted_Block1) / 4
2497 std
2498Decrypt_Block11:
2499 push esi
2500 push ecx
2501 mov ecx,offset (CRC_Block1_End - offset CRC_Block1) / 4
2502 mov esi,offset CRC_Block1
2503GenerateFirst_CRC1:
2504 mov eax,[esi]
2505 xor edx,eax
2506 xor edx,ecx
2507 add esi,4
2508 dec ecx
2509 jnz GenerateFirst_CRC1
2510 pop ecx
2511 pop esi
2512 lodsd
2513 xor eax,edx
2514 stosd
2515 inc dword ptr [MutateCRC2]
2516 rol dword ptr [MutateCRC1],cl
2517 xor edx,ecx
2518 dec ecx
2519 jnz Decrypt_Block11
2520
2521
2522 cld
2523 mov eax,dword ptr [SaveMCRC]
2524 mov dword ptr [MutateCRC1],eax
2525
2526 mov eax,dword ptr [SaveMCRC+4]
2527 mov dword ptr [MutateCRC2],eax
2528
2529 call Randomize
2530 mov dword ptr [VALUE_THREAD],eax
2531
2532 cmp byte ptr [EXEFLAGS],1
2533 jz Thread_Encryption_Finished
2534 jmp Thread_Encryption_Start
2535
2536Thread_Encryption_Finished:
2537
2538 mov edx,dword ptr [Offset_NEW]
2539 add edx,dword ptr [Physical_NEW]
2540 add edx,dword ptr [PhysSize_New]
2541
2542 push 4
2543 push 1000h
2544 push edx
2545 push 0
2546 call VirtualAlloc
2547 mov dword ptr [MemStart6],eax
2548
2549 xor ecx,ecx
2550 mov edx,dword ptr [Offset_NEW]
2551 call SeekFile
2552
2553 mov edx,offset ToAdd
2554 mov ecx,dword ptr [Physical_NEW]
2555 call WritetoFile
2556
2557 mov edx,dword ptr [DosHeader+3Ch]
2558 call SeekFile
2559
2560 movsx ecx,word ptr [PEHeader+6] ; get the number of objects
2561 mov eax,40 ; in the pefile..and multiply them by
2562 mul ecx ; 40 (length of an obj block)
2563 add eax,248
2564 mov edx,offset PEHeader
2565 mov ecx,eax
2566 call WritetoFile ; write all obj and the peheader to the file
2567
2568 xor edx,edx
2569 call SeekFile
2570
2571 mov edx,dword ptr [MemStart6]
2572 mov ecx,dword ptr [Offset_NEW]
2573 add ecx,dword ptr [Physical_NEW]
2574 add ecx,dword ptr [PhysSize_New]
2575 Call ReadFromFile
2576
2577 push dword ptr [Fhandle]
2578 call CloseHandle
2579
2580 cmp byte ptr [CheckVInfo],0
2581 jz DontPatchVersionRVA
2582 pusha
2583 mov edx,dword ptr [MemStart6]
2584 add edx,dword ptr [NewRPos]
2585 mov eax,dword ptr [Rva_NEW] ; rva of the new resource object
2586 add edx,dword ptr [SPointer3]
2587 add [edx],eax
2588 popa
2589
2590DontPatchVersionRVA:
2591
2592 cmp byte ptr [PatchRrva],0 ; is the internal flag set?
2593 jz Dont_patchrvas ; no? then don't patch
2594 pusha
2595 mov edx,dword ptr [MemStart6]
2596 add edx,dword ptr [NewRPos]
2597 push edx
2598 mov eax,dword ptr [Rva_NEW] ; rva of the new resource object
2599
2600
2601 mov esi,offset IconPointers ; points to the data stuff
2602ContinuePatchingRVAS:
2603 cmp dword ptr [esi],0
2604 jz FinishedWithPatchingRvas
2605
2606 mov edi,edx
2607 add edi,[esi]
2608 add [edi],eax
2609 add esi,4
2610 jmp ContinuePatchingRVAS
2611
2612FinishedWithPatchingRvas:
2613 popa
2614Dont_patchrvas:
2615
2616 push 0
2617 push 80h
2618 push 02
2619 push 0
2620 push 03
2621 push 80000000h+40000000h
2622 push offset CryptFile
2623 call CreateFileA
2624 mov dword ptr [Fhandle],eax
2625
2626 mov edx,dword ptr [MemStart6]
2627 mov ecx,dword ptr [PhysicalO]
2628 add ecx,dword ptr [Physical_NEW]
2629 sub ecx,dword ptr [Csize]
2630 call WritetoFile
2631
2632 mov edx,dword ptr [IconBuffer]
2633 mov ecx,dword ptr [PhysSize_New]
2634 call WritetoFile
2635
2636 cmp dword ptr [OverlaySize],0
2637 jz NoDamnOverlay
2638 mov edx,dword ptr [MemStart8]
2639 mov ecx,dword ptr [OverlaySize]
2640 call WritetoFile
2641NoDamnOverlay:
2642 push dword ptr [Fhandle]
2643 call CloseHandle
2644
2645 mov edx,dword ptr [Offset_NEW]
2646 add edx,dword ptr [Physical_NEW]
2647 add edx,dword ptr [PhysSize_New]
2648 Push 2
2649 push edx
2650 Push DWord Ptr [MemStart6]
2651 Call VirtualFree
2652 or eax,eax
2653 jne dealloc_error
2654
2655 cmp byte ptr [OverLay],0
2656 jz NoFuckingOverLay
2657 WriteConsole2 <offset OverLayEr>
2658
2659NoFuckingOverLay:
2660 cmp byte ptr [CUTDINFO],0
2661 jz NoCuttedDebugInfo
2662 WriteConsole2 <offset Baukasten23>
2663
2664NoCuttedDebugInfo:
2665 cmp byte ptr [COMPATIBLE],1
2666 jz NoTLSInformationFound
2667 cmp dword ptr [PEHeader+192],0
2668 jz NoTLSInformationFound
2669 WriteConsole2 <offset Baukasten32>
2670
2671
2672NoTLSInformationFound:
2673
2674 mov esi,dword ptr [MemStart7]
2675 mov ecx,(ToAdd_END - offset CRC_Block1)
2676 mov edi,offset CRC_Block1
2677 rep movsb
2678
2679 mov edi,offset Fhandle
2680 mov ecx,(offset FICK - offset Fhandle)
2681 xor al,al
2682 rep stosb
2683
2684 Call Memory_DeAlloc
2685 jmp End_OF_Crypt_Routine
2686
2687;procedure 2 write some crap in a file
2688;syntax: like the dos one
2689;yoo lame bitch, i rule like the mothaaaaffuuuuucccckiiiiing hell :)
2690
2691WritetoFile proc
2692 push 0
2693 push offset Howmuch
2694 push ecx
2695 push edx
2696 push dword ptr [Fhandle]
2697 call WriteFile
2698 mov eax,dword ptr [Howmuch]
2699 xor edx,edx
2700 xor ecx,ecx
2701 ret
2702WritetoFile endp
2703
2704;returns a great random value ;))
2705
2706Randomize proc
2707 push ecx
2708 call GetTickCount
2709 xchg eax,ecx
2710 call GetTickCount
2711 xor ecx,eax
2712 call GetTickCount
2713 xor ecx,eax
2714 xchg eax,ecx
2715 pop ecx
2716 ret
2717Randomize endp
2718
2719;Procedure 2 read crap out of a fucking lame file
2720;syntax: like the dos readfile function :)
2721;yo man this rocks like the hell
2722
2723ReadFromFile proc
2724 push 0
2725 push offset Howmuch
2726 push ecx
2727 push edx
2728 push dword ptr [Fhandle]
2729 call ReadFile
2730 mov eax,dword ptr [Howmuch]
2731 xor edx,edx
2732 xor ecx,ecx
2733 or eax,eax
2734 jz Errorwhilereading
2735 ret
2736Errorwhilereading:
2737 Call Memory_DeAlloc
2738 WriteConsole2 <offset Terror1>
2739 jmp End_OF_Crypt_Routine
2740
2741ReadFromFile endp
2742
2743; Procedure 2 seek in a file
2744; syntax: like ah=42h int 21h :)
2745; (i'm very lazy hehehe)
2746
2747SeekFile proc
2748 push 0
2749 push 0
2750 push edx ; potato reg = 0 (if potato.kind != siglinde)
2751 push dword ptr [Fhandle] ; muhahgagagagagagagahahahahahahhahhahahaha
2752 Call SetFilePointer
2753 xor edx,edx
2754 ret
2755SeekFile endp
2756
2757Memory_Alloc Proc
2758 push esi
2759 push edi
2760 push edx
2761 push ebp
2762 push 4
2763 push 1000h
2764 push eax
2765 push 0
2766 call VirtualAlloc
2767 pop ebp
2768 pop edx
2769 pop edi
2770 pop esi
2771 ret
2772Memory_Alloc endp
2773
2774Memory_DeAlloc Proc
2775 push dword ptr [Fhandle]
2776 call CloseHandle
2777
2778
2779 cmp byte ptr [OverLay],0
2780 jz NixOverLayDa
2781
2782 Push 2
2783 push dword ptr [OverlaySize]
2784 Push DWord Ptr [MemStart8]
2785 Call VirtualFree
2786 or eax,eax
2787 jnz dealloc_error
2788 mov byte ptr [OverLay],0
2789
2790NixOverLayDa:
2791 cmp byte ptr [Dealloc],0
2792 jz NoPossibleMemoryLeak
2793 Push 2
2794 push dword ptr [FileSize] ; push the filesize (amount of allocated mem)
2795 Push DWord Ptr [RVA_NEW] ; push the linear offset
2796 Call VirtualFree ; free it
2797 or eax,eax ; check for error
2798 jnz dealloc_error ; jump on error
2799NoPossibleMemoryLeak:
2800
2801 Push 2
2802 push (ToAdd_END - offset CRC_Block1)
2803 Push DWord Ptr [MemStart7]
2804 Call VirtualFree ; free it
2805 or eax,eax ; check for error
2806 jnz dealloc_error ; jump on error
2807
2808 Push 2
2809 push dword ptr [Phillipsuckt]
2810 Push DWord Ptr [MemStart]
2811 Call VirtualFree
2812 or eax,eax
2813 jne dealloc_error
2814
2815 Push 2
2816 push 1000000
2817 Push dword Ptr [IconBuffer]
2818 Call VirtualFree
2819 or eax,eax
2820 jne dealloc_error
2821
2822 Push 2
2823 push dword ptr [FileSize]
2824 Push DWord Ptr [MemStart]
2825 Call VirtualFree
2826 or eax,eax
2827 jne dealloc_error
2828 cmp byte ptr [NoWayassi],1
2829 jz Ficktmich
2830 WriteConsole2 <offset MemDeallocated>
2831Ficktmich:
2832 ret
2833dealloc_error:
2834 WriteConsole2 <offset da_error>
2835 jmp End_OF_Crypt_Routine
2836Memory_DeAlloc EndP
2837
2838End_Of_Cryptor:
2839
2840; include r-aplib.asm
2841 include k-menu.inc
2842 Include r-ieh.inc
2843 include r-slowmte.inc ; execute the pseudo mte
2844 include r-line.inc
2845
2846End_OF_Crypt_Routine:
2847 mov ebp,dword ptr [KILLASTINKT]
2848 mov esp,dword ptr [MONGOKILLA]
2849 jmp EncryptionFinishedReturn
diff --git a/other/burneye/tmp/PE-Crypt-1.02/r-data.inc b/other/burneye/tmp/PE-Crypt-1.02/r-data.inc
new file mode 100644
index 0000000..00f3665
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/r-data.inc
@@ -0,0 +1,426 @@
1;============================================================
2;===== External Functions ===================================
3
4 Extrn WriteConsoleA : PROC
5 Extrn WriteFileA : PROC
6 Extrn VirtualAlloc : PROC
7 Extrn VirtualFree : PROC
8 Extrn GetTickCount : PROC
9 Extrn LookupIconIdFromDirectoryEx : PROC
10 Extrn DeleteFileA : PROC
11 Extrn LoadLibraryA : PROC
12 Extrn SetConsoleCursorInfo : PROC
13 Extrn GetConsoleCursorInfo : PROC
14 Extrn CreateThread : PROC
15 Extrn SetThreadPriority : PROC
16 Extrn GetThreadPriority : PROC
17 Extrn GetCurrentProcessId : PROC
18 Extrn GetPriorityClass : PROC
19 Extrn OpenProcess : PROC
20 Extrn SetPriorityClass : PROC
21 Extrn ResumeThread : PROC
22 Extrn SuspendThread : PROC
23 Extrn ExitThread : PROC
24 Extrn CreateEventA : PROC
25 Extrn WaitForSingleObject : PROC
26 Extrn SetEvent : PROC
27 Extrn ResetEvent : PROC
28 Extrn GetProcAddress : PROC
29
30 Extrn GetThreadContext : PROC
31 Extrn SetThreadContext : PROC
32 Extrn GetCurrentThread : PROC
33 extrn _aP_pack : near
34
35
36
37;============================================================
38;===== Some Constants =======================================
39
40 PE_CryptVer EQU "version 1.02"
41 PE_Build EQU "bugfix & test version (DiSTRiBUTE AND DiE)"
42 CR_LF EQU 0dh,0ah
43
44;============================================================
45;===== Variables ============================================
46
47 Error1 db "Can't open file!",CR_LF,0
48 db "ERROR: Filename incorrect or file is in use by another proccess!",CR_LF,0
49 da_error db "ERROR: Error while deallocating memory used by PE-Crypt.",CR_LF
50 db "It is RECOMMENDED that you reboot the system ASAP!",CR_LF,0
51 a_error db "ERROR: Error while allocating memory, free some!.",CR_LF,0
52 Terror1 db "ERROR: Error while reading file!",CR_LF,0
53 MemAllocated db " - Memory allocated...",CR_LF,0
54
55 MemDeallocated db CR_LF," - Memory successfully deallocated.",CR_LF
56 db " - Portable Executable file successfully processed. ",CR_LF,0
57
58 NotPE db "ERROR: This file is damaged or not in Portable Executable Format!",CR_LF,0
59
60Displaystring db " ",0
61
62 String0 db " - Backup successfully generated.",CR_LF,0
63 String1 db " - Reading Portable Executable header.",CR_LF,0
64 String2 db " - Processing the Portable Executable ObjectTable.",CR_LF,0
65 Baukasten db " - OBJECT : ",0
66 Baukasten2 db "RVA : ",0
67 Baukasten3 db "VSIZE : ",0
68 Baukasten4 db "FLAGS : ",0
69 Baukasten5 db " - packing done ",0
70 Baukasten6 db " - encryption done",0
71 Baukasten7 db "Old PhysicalSize : ",0
72 Baukasten8 db CR_LF," New PhysicalSize : ",0
73 Baukasten9 db CR_LF," - Compressionratio : ",0
74 Baukasten10 db " - Encryption successfully finished. ",0
75 Baukasten11 db " - Encryption is finished. (compression ratio too low)",0
76 Baukasten12 db " -- Processing Portable Executable resources.",CR_LF,0
77 Baukasten13 db " - Encrypting resources.",CR_LF,0
78 Baukasten14 db " - Compressing resources.",CR_LF,0
79 Baukasten15 db " - Reading resources.",CR_LF,0
80 Baukasten16 db " - Compression ratio too low.",CR_LF,0
81 Baukasten17 db " - Resource Processing finished.",CR_LF,0
82 Baukasten18 db " -- Processing PE Relocations.",CR_LF,0
83 Baukasten19 db " - Reading relocations.",CR_LF,0
84 Baukasten20 db " - Encrypting relocations (16bit).",CR_LF,0
85 Baukasten21 db " - Encrypting relocations (12bit).",CR_LF,0
86 Baukasten22 db " - Relocation Processing finished.",CR_LF,0
87 Baukasten23 db CR_LF," - Debug info was removed.",0
88 Baukasten24 db CR_LF," - Backup generated.",0
89 Baukasten25 db " - Using delta compression for relocations.",CR_LF,0
90Baukasten252 db " - Delta compression finished.",CR_LF
91 db " - Now using normal compression.",CR_LF,0
92Baukasten253 db " - Normal compression finished.",CR_LF,0
93 Baukasten26 db " - Error while parsing the resource data.",CR_LF
94 db " - Report this error to : random__@hotmail.com",CR_LF,0
95 OverLayEr db CR_LF," - Overlay was successfully transfered. ",CR_LF
96 db " - File may not work after getting protected. ",0
97 Baukasten27 db " - No Encryption / Packing of this object (object skipped).",CR_LF
98 db " This object can't be encrypted / packed due an internal reason.",CR_LF,0
99
100 Baukasten28 db CR_LF
101 db "-=[o]=- PECRYPT32 Internal Version Information -=[þ]=-",CR_LF
102 db "ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ",CR_LF,CR_LF
103 db "PECRYPT32 VERSION : ",0
104 Baukasten29 db "PECRYPT32 BUILD : ",0
105 Baukasten30 db CR_LF
106 db "-=[o]=- PECRYPT32 PROTECTOR REPORT -=[þ]=-",CR_LF
107 db "ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ",CR_LF,CR_LF,0
108 Baukasten32 db CR_LF
109 db " - Thread Local Storage (.tls) section found.",CR_LF
110 db " If the file doesn't run anymore : ",CR_LF
111 db " DISABLE THE TLS SUPPORT. ",CR_LF,0
112 Baukasten34 db CR_LF
113 db "ERROR: Can't create backup file.",CR_LF,0
114 Baukasten35 db CR_LF
115 db "ERROR: No PE file, or PE Header damaged.",CR_LF,0
116 Baukasten36 db "PECRYPT32: ERROR REPORT",0
117Baukasten362 db "File is already PECRYPT32 protected.",CR_LF
118 db "!API HOOKING DISABLED!",0
119Baukasten372 db "Import Merging disabled due to a zero size section.",0
120
121 Baukasten38 db "File is already PECRYPT32 protected.",CR_LF
122 db "!IMPORT DESTROYING DISABLED!",0
123 Baukasten37 db "ERROR: PECRYPT32 can't handle files with no Entrypoint.",CR_LF,0
124
125 PEVersion db PE_CryptVer,0
126 PEBuild db PE_Build,0
127
128 ReturnChars db CR_LF,0
129 HTable db "0123456789ABCDEF"
130 RVAString db " h ",0
131 VsizeString db " h ",0
132 FlagString db " h",CR_LF,0
133 PhysString db " h ",0
134NewPhysString db " h ",0
135PercentString db " %",0
136 CryptFile db 128 Dup(0)
137 BackupFile db 128 dup(0)
138 Spaces db " - processing ..",0
139
140 Contexti db 1000 dup(0)
141
142
143 NewOBJ db ".ficken",0
144VirtualS_NEW dd 0
145 RVA_NEW dd 0
146Physical_NEW dd 0
147 Offset_NEW dd 0
148 Reserved dd 0,0,0
149 ObjectFla db 40h,0,0,0C0h
150
151 NewOBJ2 db ".icon",0,0,0
152 VSize_New dd 0
153 Rva_NEW dd 0
154PhysSize_New dd 0
155 PhysOffset dd 0
156 dd 0,0,0
157 db 40h,0,0,0C0h
158
159NewRelocString db ".relocp",0
160 NewStringi db " % compression successfully finished."
161OrdinalNumba db " ",0 ; buffer for the ordinal values
162 KILLASTINKT dd 0 ; to save ebp for later use
163 MONGOKILLA dd 0 ; to save esp
164 DontStore db 1 ; Dontstore the damn raw data offsets
165 MemStart6 dd 0 ; holds another memory offset (needed for the whole loader.inc)
166 MemStart7 dd 0
167
168 Fhandle dd 0
169 Fhandle2 dd 0
170 RVA dd 0
171 PhysicalO dd 0
172 DosHeader db 4000 dup (?) ; Dosheader
173 PEHeader db 4000 dup (?)
174 LastOBJ db 40 dup (?)
175 CODEOBJ db 40 dup (?)
176 output_data db 1024 dup (?)
177 TempBuffer db 2000 dup (?)
178 IconBuffer dd 0 ; points to the memory allocated for the icons
179 OBJnumber dw 0
180 RelocLength dd 0
181 TempVar dd 0 ; just a temp variable
182 TempVar2 dd 0 ; just another temp variable
183 TempVar4 dd 0 ; just another tempvariable
184 CryptValue1 dw 0 ; cryptvalue
185 RCompress db 0
186 DirSize dd 0 ; size of the resource directory
187 MemStart8 dd 0 ; holds the overlay stuff
188 MemStart2 dd 0 ; 2nd mem variable for the resource compression
189 MemStart4 dd 0 ; another pointer for the apack library
190 MemStart5 dd 0 ; holds the offset of the offset buffer ;))
191 IconSize dd 0 ; size of the icons
192 SaveTemp dd 0 ; lame temp variable
193 IconID dd 0 ; icon id
194 SaveTemp2 dd 0 ; another lame temp variable
195 SaveTemp3 dd 0
196 SaveTemp4 dd 0
197 LastOBJPos dd 0
198 VSizeTable db 100 dup (?) ; table for all virtual sizes
199 SaveCrap dd 0
200 FileNLength dd 0 ; length of the filename
201 FCpassd db 0 ; file check passed?
202 CurrentRVA dd 0 ; current rva
203CurrentVSIZE dd 0 ; current virtualsize
204CurrentFLAGS dd 0 ; current Flags
205CurrentPhysS dd 0 ; current physicalsize (old)
206 NewPhysS dd 0 ; new physicalsize
207ResourceInde db 0 ; index for resource crap
208CompressRelocsnow db 0 ; internal flag for relocation compression
209 RelocCofs dw 0 ; buffer for the reloc offset
210 RSize dd 0 ; size of all relocations together
211 DamnCrap22 dd 0
212 NullStellen dd 0 ; suuuuuuuckkking offset
213 Rbyte db 0 ; are the relocations the last object?
214 SPointer1 dd 0
215 SPointer2 dd 0
216 SPointer3 dd 0
217 NewRPos dd 0 ; variable for the new relocation pos
218 PatchRrva db 0 ; internal variable for icon rvas ;)
219 NoWayassi db 0
220 LazyNess db 0 ; just another lame internal variable
221 SaveMCRC dd 0
222 dd 0
223 SAVEMCRC2 dd 0
224Phillipsuckt dd 0
225 Dontsave db 0 ; internal variable for the tls support
226 RealSize dd 0 ; the real physical size of an object
227 HighOrderF db 0 ; High order word for the filesize function
228 FileSize dd 0 ; filesize of this portable executable file
229 FileSize2 dd 0 ; another filesize variable
230 OverLay db 0 ; internal variable for the overlay detection
231 OverlaySize dd 0 ; size of the overlay
232 BufferPos dd 0 ; position of the buffer
233 InternalRVA dd 0 ; internal import rva (recalculated)
234 EsiBuffer dd 0 ; just to save esi ;)
235 TextBuffer dd 0 ; offset of the reserved memory
236 FunctionC dd 0 ; functioncounter
237 SaveEESP dd 0
238 OfsAmount dd 0 ; amount of all offsets
239 OfsPos dd 0 ; position in the table
240 OfsResult dd 0 ; offset result for each round
241 EndResult dd 0 ; contains the smallest offset amount
242 PosResult dd 0 ; containts the result for each round
243 CheckIcon db 0 ; check for icons? (for the readsubdir procedure)
244 CheckVInfo db 0 ; check for version information dir entries
245NumberofDirs dd 0 ; number of subdirectories in this directory
246 IconResult db 0 ; icon found?
247 Marki dw 0 ; used for the api hooking
248 ImpCounti dd 0 ; counter for the sections in this PEfile
249 Impenc dd 0 ; random value for the separate import encryption
250 Impenc3 dd 0 ; another random value for the separate import encryption
251 InfoSize dd 0 ; needed for the progress bar ;)
252
253 IconPointers db 2000 dup (?) ; 500 icons = maximum!
254 IconPointi dd offset IconPointers
255CompressCounter dd 0
256 CompressBytes dd 0
257 HowMany dd 0
258 CCounter dd 0
259 OrigSize dd 0
260 SaveTmp dd 0
261 SavePosition dd 0
262 Csize dd 0 ; size of the compressed data
263 AddNew db 0 ; add a new obj? 1 = yes, 0 = nooooo
264 NewOBJPos dd 0 ; new position for the new obj
265 NewAlign db 0 ; align it?
266 OldHSize dd 0 ; old header size
267 Dealloc db 0 ; needed to fix another possible memory leak
268 BLASEN dd 0
269 BLASEN2 dd 0
270 Howmuch dd 0
271 FICK dd 0 ; leck mich du drecksprogramm
272 WorkMemory dd 0
273;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
274;Strings for the Protector Detection
275;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
276; BJFNTString db ".BJFnt" ; detection string for the BJFnt Protector by Marquis
277; BJFMessage db "--[þ] PROTECTOR USED : BJFnt CODER : MARQUIS:DE:SOIRE",CR_LF,0
278
279
280;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
281;Detection strings for the object detection (support for the rva detection)
282;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
283
284 TLS_String db ".tls"
285 RELOC_String db ".reloc"
286DGROUP_String db "DGROUP"
287 Icon_String db ".icon"
288
289;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
290;possible options
291;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
292
293 COMPRESSION db 0 ; 1 = compression on, 0 = only encryption
294 ARTOFRELOC db 0 ; 1 = 16bit, 0 = 12bit relocation encryption
295RESOURCECOMP db 0 ; 1 = resource compression, 0 = resource encryption,
296 ; 2 = resource compression / encryption = off
297 RELOCCOMP db 0 ; 1 = relocation compression
298 ANTID db 0 ; 1 = enabled, 0 = disabled
299 INFOMODE db 1 ; infomode , 0 = off, 1 = on
300 BACKUPMODE db 0 ; backup mode, 0 = off, 1 = on
301 VHEURISTIC db 0 ; pseudo pe virus heuristic, 1 = on, 0 = off
302 CRCM db 0 ; crc warning 0=off, 1=hangup on error, 2=window with warning
303 HOOKFUNC db 0 ; function hooking, 0 = off , 1 = on
304 KILLH db 0 ; 0 = off (default) , 1 = on
305 IMPORTD db 0 ; enhanced import destroying, 0=off, 1=on
306 I_MERGING db 0 ; belongs to the enhanced import destroying
307 ANTILOADER db 0 ; 0 = off , 1 = on..anti loader routines (background crc checking)
308 ANTIBPX db 0 ; 0 = off , 1 = on..anti bpx routines
309 COMPATIBLE db 0 ; 0 = offset, 1 = disables the TLS support
310
311 DData db ".debug",0
312 RsrcString db ".rsrc",0
313
314aAplibV0_10bThe db 0Dh,0Ah ; DATA XREF: _DATA:000000B0o
315 db 0Dh,0Ah
316 db 'aPLib v0.10b - the smaller the better :)',0Dh,0Ah
317 db 'Copyright (c) 1998 by Ä'
318 db 0FAh ; ú
319 db 4Ah ; J
320 db 69h ; i
321 db 62h ; b
322 db 7Ah ; z
323 db 0FAh ; ú
324 db 0C4h ; Ä
325 db 20h ;
326 db 20h ;
327 db 41h ; A
328 db 6Ch ; l
329 db 6Ch ; l
330 db 20h ;
331 db 52h ; R
332 db 69h ; i
333 db 67h ; g
334 db 68h ; h
335 db 74h ; t
336 db 73h ; s
337 db 20h ;
338 db 52h ; R
339 db 65h ; e
340 db 73h ; s
341 db 65h ; e
342 db 72h ; r
343 db 76h ; v
344 db 65h ; e
345 db 64h ; d
346 db 0Dh ;
347 db 0Ah ;
348 db 0Dh ;
349 db 0Ah ;
350 db 54h ; T
351 db 68h ; h
352 db 69h ; i
353 db 73h ; s
354 db 20h ;
355 db 63h ; c
356 db 6Fh ; o
357 db 70h ; p
358 db 79h ; y
359 db 20h ;
360 db 6Fh ; o
361 db 66h ; f
362 db 20h ;
363 db 61h ; a
364 db 50h ; P
365 db 4Ch ; L
366 db 69h ; i
367 db 62h ; b
368 db 20h ;
369 db 69h ; i
370 db 73h ; s
371 db 20h ;
372 db 66h ; f
373 db 72h ; r
374 db 65h ; e
375 db 65h ; e
376 db 20h ;
377 db 66h ; f
378 db 6Fh ; o
379 db 72h ; r
380 db 20h ;
381 db 6Eh ; n
382 db 6Fh ; o
383 db 6Eh ; n
384 db 2Dh ; -
385 db 70h ; p
386 db 72h ; r
387 db 6Fh ; o
388 db 66h ; f
389 db 69h ; i
390 db 74h ; t
391 db 61h ; a
392 db 62h ; b
393 db 6Ch ; l
394 db 65h ; e
395 db 20h ;
396 db 75h ; u
397 db 73h ; s
398 db 65h ; e
399 db 2Eh ; .
400 db 0Dh ;
401 db 0Ah ;
402 db 0Dh ;
403 db 0Ah ;
404 db 0 ;
405
406 W?message$npnuc dd offset aAplibV0_10bThe
407public W?aP_nexthashentry$ni
408 W?aP_nexthashentry$ni dd 1
409 public W?aP_R0$nui
410 W?aP_R0$nui dd 0FFFFFFFFh
411W?aP_hashtable$npn$aP_HASH$$ dd 0
412 public W?aP_lookup$n__pnui
413 W?aP_lookup$n__pnui dd 0
414 db 1024 dup (?)
415 public W?aP_hashptr$npnuc
416 W?aP_hashptr$npnuc dd 0
417 public W?aP_hash_base$nui
418 W?aP_hash_base$nui dd 0
419 public W?aP_output$npnuc
420 W?aP_output$npnuc dd 0
421 public W?aP_input$npnuc
422 W?aP_input$npnuc dd 0
423 public W?aP_tagbyte$npnuc
424 W?aP_tagbyte$npnuc dd 0
425 public W?aP_tagpos$nui
426 W?aP_tagpos$nui dd 0
diff --git a/other/burneye/tmp/PE-Crypt-1.02/r-ieh.inc b/other/burneye/tmp/PE-Crypt-1.02/r-ieh.inc
new file mode 100644
index 0000000..d72ada5
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/r-ieh.inc
@@ -0,0 +1,155 @@
1;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
2;New Pecrypt32 Encryption / Decryption Routine
3;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
4;
5;Features:
6; - 1 Thread for generating of checksum & decryption
7; - main process for writing the decrypted memory
8;
9RIEHInc_Start:
10
11Thread_Encryption_Start:
12
13 call GetCurrentProcessId ; get current process id
14
15 push eax ; push processid
16 push 0
17 push PROCESS_SET_INFORMATION+DEBUG_ONLY_THIS_PROCESS ; enable set information flag & debug flag
18 call OpenProcess ; open process and receive handle
19
20 push REALTIME_PRIORITY_CLASS
21 push eax ; push process handle
22 call SetPriorityClass ; set the priority class of this thread
23
24 push offset Thread_ID ; for later save of the thread id
25 push CREATE_SUSPENDED ; create a thread which runs after resumethread
26 push 0
27 push offset Thread_Handler ; thread entrypoint
28 push 0
29 push 0
30 Call CreateThread ; create a new funny thread
31 mov dword ptr [Thread_Handle],eax ; save thread handle
32
33 push THREAD_MAX_PRIORITY
34 push dword ptr [Thread_Handle] ; push thread id
35 call SetThreadPriority ; set thread priority
36
37 push 0 ; no event name needed niggaz
38 push 0 ; initial state = non signaled
39 push 0 ; wtf??
40 push 0 ; default security descriptor is enough
41 call CreateEventA
42 mov dword ptr [EventO_Handle],eax ; save the handle of the created event object
43
44 push 0 ; no event name needed niggaz
45 push 0 ; initial state = non signaled
46 push 0 ; wtf??
47 push 0 ; default security descriptor is enough
48 call CreateEventA
49
50 mov dword ptr [EventO_Handle2],eax ; save the handle of the created event object
51
52 push dword ptr [Thread_Handle] ; push thread handle
53 call ResumeThread ; resume the suspended thread
54
55
56 mov esi,offset Encrypted_Thread_Block_End - 4
57 mov edi,esi
58 mov ecx,(offset Encrypted_Thread_Block_End - Encrypted_Thread_Block) / 4
59 mov edx,dword ptr [VALUE_THREAD] ; get the initial state
60 mov dword ptr [SaveECX],ecx ; save ECX initial state
61 mov dword ptr [SaveEDX],edx ; save the initial state of EDX
62
63 std
64Encrypt_Block1:
65 lodsd
66 mov dword ptr [Byte2Encrypt],eax ; save the byte which needs to get encrypted
67
68 pusha
69 push dword ptr [EventO_Handle] ; push event handle
70 call SetEvent ; set event to signaled
71
72 push 0FFFFFFFFh ; wait forever ;)
73 push dword ptr [EventO_Handle2] ; push the handle of the 2nd event
74 call WaitForSingleObject ; wait for thread to set this event to signaled
75 push dword ptr [EventO_Handle2] ; event handle is needed
76 call ResetEvent ; set event to nonsignaled!$="$"
77 popa
78
79 mov eax,dword ptr [Byte2Encrypt] ; get the encrypted dword
80 stosd
81 dec ecx
82 mov dword ptr [SaveECX],ecx ; save the current ECX value
83 jnz Encrypt_Block1
84
85 push dword ptr [Thread_Handle] ; push the thread handle
86 call SuspendThread ; suspend the thread
87 cld
88 jmp Thread_Encryption_Finished
89
90Thread_Handler:
91Restart_Thread:
92 pusha
93 push 0FFFFFFFFh ; wait forever ;)
94 push dword ptr [EventO_Handle] ; event handle is needed
95 call WaitForSingleObject ; wait for the event to set signaled
96 push dword ptr [EventO_Handle] ; event handle is needed
97 call ResetEvent ; set event to nonsignaled!$="$"
98
99 mov edx,dword ptr [SaveEDX] ; get the saved EDX value
100 mov ecx,(offset Encrypted_Thread_Block - offset CRC_Block1) / 4
101
102 mov esi,offset CRC_Block1
103Generate_Thread_CRC:
104 mov eax,[esi]
105 xor edx,eax
106 not edx
107 xor edx,ecx
108 add edx,eax
109 add esi,4
110 dec ecx
111 jnz Generate_Thread_CRC
112
113 mov eax,dword ptr [Byte2Encrypt]
114 xor eax,edx
115
116; xor eax,dword ptr [ENCVALUE]
117 xor eax,0C11BD91Dh
118
119
120 mov dword ptr [Byte2Encrypt],eax
121
122 xor edx,dword ptr [SaveECX]
123 mov dword ptr [SaveEDX],edx
124
125 push dword ptr [EventO_Handle2] ; push event handle
126 call SetEvent ; set event to signaled
127 popa
128 jmp Restart_Thread
129
130RIEHInc_End:
131
132.Data
133 Thread_ID dd 0 ; identifier of the created thread
134 Thread_Handle dd 0 ; handle of the created thread
135 Byte2Encrypt dd 0 ; holds the dword which needs to get encrypted
136 EventO_Handle dd 0 ; holds the handle of the created event object
137;EventO_Handle2 dd 0 ; holds the 2nd event handle
138 SaveEDX dd 0 ; holds edx
139 SaveECX dd 0 ; holds ecx
140
141;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
142; Some definitions (flags for openprocess and such stuff) (thnx to gromi hehe)
143;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
144
145PROCESS_SET_INFORMATION equ 0200h
146NORMAL_PRIORITY_CLASS equ 00000020h
147IDLE_PRIORITY_CLASS equ 00000040h
148HIGH_PRIORITY_CLASS equ 00000080h
149REALTIME_PRIORITY_CLASS equ 00000100h
150 THREAD_MAX_PRIORITY equ 02h
151 CREATE_SUSPENDED equ 00000004h
152 DEBUG_PROCESS equ 00000001h
153DEBUG_ONLY_THIS_PROCESS equ 00000002h
154
155Thread_Encryption_End:
diff --git a/other/burneye/tmp/PE-Crypt-1.02/r-line.inc b/other/burneye/tmp/PE-Crypt-1.02/r-line.inc
new file mode 100644
index 0000000..da5530d
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/r-line.inc
@@ -0,0 +1,37 @@
1
2RunningLineEncryption:
3 int 3
4 push offset RunningLineHandler
5 push dword ptr fs:[0]
6 mov dword ptr fs:[0],esp
7
8 push 100h
9 push cs
10 push offset EnableRunningLine
11 iret
12EnableRunningLine:
13 nop
14 nop
15 nop
16 nop
17 pop dword ptr fs:[0]
18 ret
19
20
21
22RunningLineHandler:
23 int 3
24; mov ebp,esp
25 mov eax,[esp+4] ; get the buffer to the exception_code
26 mov esi,[eax] ; get the EXCEPTION CODE
27 mov eax,[esp+10h - 4] ; get the offset of another information buffer
28 mov esi,[eax+0B8h] ; get the EIP where the exception obcurred
29
30 mov ecx,[eax+0C0h]
31 or ch,1
32 mov [eax+0C0h],ecx
33 xor eax,eax
34 ret
35
36
37
diff --git a/other/burneye/tmp/PE-Crypt-1.02/r-loader.inc b/other/burneye/tmp/PE-Crypt-1.02/r-loader.inc
new file mode 100644
index 0000000..855c263
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/r-loader.inc
@@ -0,0 +1,3932 @@
1;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
2; PECRYPT32 1.02 (c) in 1998 by random and killa
3;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
4;THIS PROGRAM IS COPYRIGHT (c) BY RANDOM TECHNOLOGIES IN 1997/1998
5;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
6 THREAD_MAX_PRIORITY equ 02h ; dunno why it need it again
7
8
9CRC_Block1:
10ToAdd:
11 call $+5
12 pop ebx
13 sub ebx,5
14 jmp JumpAboveSignature
15PESignature:
16 db "RND!" ; signature for
17JumpAboveSignature: ; the heuristic PE Virus
18 F1CKEN5
19 F1CKEN4 0EAh
20
21 push esi ; detection
22 push edi
23 push ebp
24 F1CKEN4 0ECh
25 mov dword ptr [(SAVEESP2 - offset ToAdd) + ebx],esp
26 mov ebp,ebx
27 CONFUSE2 02H
28
29 cmp byte ptr [(EXEFLAGS - offset ToAdd) + ebx],0
30 jz NoDll_File
31 cmp byte ptr [ALDONE - offset ToAdd + ebx],1
32 jz DllExitCode_Execution
33 mov byte ptr [ALDONE - offset ToAdd + ebx],1
34
35NoDll_File:
36 cmp byte ptr [(TEMPVARI - offset ToAdd + ebx)],0
37 jnz DontCalcNew
38 mov eax,dword ptr [NEWIBASE - offset ToAdd + ebx] ; get the imagebasevalue
39 push ebx
40 sub ebx,eax ; subtract it from the current adress!
41
42 F1CKEN2 0FFh
43 mov dword ptr [NEWIBASE - offset ToAdd + ebp],ebx ; save it
44 mov byte ptr [(TEMPVARI - offset ToAdd + ebp)],0190
45 pop ebx
46 CONFUSE 01h ; Confusing jump crap
47
48DontCalcNew:
49 jmp StartwithEncryption
50
51DllError2:
52 F1CKEN3 0EAh
53 push 30h
54 F1CKEN5
55 mov eax,(offset ERRORMH - offset ToAdd)
56 add eax,ebx
57 push eax
58 F1CKEN2 0EAh
59
60 mov eax,(offset ERRORM - offset ToAdd)
61 add eax,ebx
62 push eax
63 push 0
64
65 F1CKEN4 0EAh
66 mov edx,(offset _USER32 - offset ToAdd) ; offset of the USER32.DLL
67 add edx,ebx
68
69 F1CKEN2 0EAh
70
71 push edx
72 push edx
73 call dword ptr [(offset Thunktable+4 - offset ToAdd)+ebx] ; call "GetmoduleHandle"
74 or eax,eax
75 jnz ALreadyLoaded
76 pop edx
77 push edx
78 call dword [(offset Thunktable+4+4-4 - offset ToAdd)+ebx]
79ALreadyLoaded:
80
81 F1CKEN3 0EAh
82 mov edx,(offset f_MessageBoxA - offset ToAdd)
83 add edx,ebx
84
85 F1CKEN2 0EAh
86
87 push edx
88 push eax
89 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
90 call eax
91
92 F1CKEN4 0EAh
93
94 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the _KERNEL32
95 add edx,ebx
96 F1CKEN5
97 push edx
98 call dword ptr [(offset Thunktable+4 - offset ToAdd)+ebx] ; call "GetmoduleHandle"
99
100 F1CKEN 0FFh
101 mov esi,(offset f_ExitProcess - offset ToAdd) ; offset of the function
102 add esi,ebx
103 push esi
104 push eax
105 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
106 F1CKEN2 0EAh
107
108 push 0FFh
109 call eax ; quit
110
111StartwithEncryption:
112
113 F1CKEN5
114 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the _KERNEL32
115 add edx,ebx
116 CONFUSE 08h ; Confusing jump crap
117
118 push edx
119 F1CKEN4 0EAh
120 push edx
121 call dword ptr [(offset Thunktable+4 - offset ToAdd)+ebx]
122 mov dword ptr [(Kernel32RVA - offset ToAdd) + ebx],eax ; save kernel32.dll rva
123
124 F1CKEN4 0EAh
125 mov esi,(offset Open_Process - offset ToAdd)
126 add esi,ebx
127 CONFUSE 03h ; Confusing jump crap
128 push esi
129 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
130 F1CKEN4 0EAh
131 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
132 mov dword ptr [(OpenProcessRVA - offset ToAdd) + ebx],eax ; save 'OpenProcess' RVA
133 CONFUSE 09h ; Confusing jump crap
134
135 F1CKEN4 0EAh
136 mov esi,(offset GetTickCountFunction - offset ToAdd)
137 add esi,ebx
138 push esi
139 F1CKEN4 0F7h
140 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
141 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
142 mov dword ptr [(GetTickCountRVA - offset ToAdd) + ebx],eax ; save it
143
144 F1CKEN5
145
146 mov esi,(offset GetTickCountFunction - offset ToAdd)
147 add esi,ebx
148 F1CKEN4 0E8h
149 push esi
150 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
151 F1CKEN4 0EAh
152 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
153 mov dword ptr [(GetTickCountRVA - offset ToAdd) + ebx],eax ; save it
154
155 mov esi,(offset f_CreateFileA - offset ToAdd)
156 add esi,ebx
157 push esi
158 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
159 F1CKEN4 0EAh
160 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
161 F1CKEN5
162 mov dword ptr [(FunctionRVA - offset ToAdd) + ebx],eax
163
164 F1CKEN4 0E9h
165 cmp byte ptr [(EXEFLAGS - offset ToAdd) + ebx],1
166 jz Encrypted_Thread_Block
167
168 mov esi,(offset SetPriority_Class - offset ToAdd)
169 add esi,ebx
170 push esi
171 F1CKEN4 0EAh
172 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
173 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
174 mov dword ptr [(SetPriorityClassRVA - offset ToAdd) + ebx],eax ; save 'SetPriorityClass' RVA
175
176 F1CKEN5
177 mov esi,(offset Create_Thread - offset ToAdd)
178 add esi,ebx
179 F1CKEN4 0EAh
180 push esi
181 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
182 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
183 mov dword ptr [(CreateThreadRVA - offset ToAdd) + ebx],eax ; save 'CreateThread' RVA
184
185 F1CKEN4 0EAh
186 mov esi,(offset SetThread_Priority - offset ToAdd)
187 add esi,ebx
188 F1CKEN4 0EFh
189 push esi
190 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
191 F1CKEN4 0EAh
192 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
193 mov dword ptr [(SetThreadPriorityRVA - offset ToAdd) + ebx],eax ; save 'SetThreadPriority' RVA
194
195 F1CKEN5
196 mov esi,(offset Terminate_Thread - offset ToAdd)
197 add esi,ebx
198 F1CKEN4 0F7h
199 push esi
200 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
201 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
202 mov dword ptr [(TerminateThreadRVA - offset ToAdd) + ebx],eax ; save 'TerminateThread' RVA
203
204 F1CKEN5
205 mov esi,(offset CreateEvent_A - offset ToAdd)
206 F1CKEN4 0EAh
207 add esi,ebx
208 push esi
209 F1CKEN4 0EAh
210 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
211 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
212 mov dword ptr [(CreateEventARVA - offset ToAdd) + ebx],eax ; save 'CreateEvent' RVA
213
214 CONFUSE 04h ; Confusing jump crap
215
216 F1CKEN5
217 mov esi,(offset WaitForSingle_Object - offset ToAdd)
218 add esi,ebx
219 F1CKEN4 0F7h
220 push esi
221 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
222 F1CKEN4 0EAh
223 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
224 mov dword ptr [(WaitForSingleObjectRVA - offset ToAdd) + ebx],eax ; save 'WaitForSingleObject' RVA
225
226 F1CKEN5
227 mov esi,(offset Set_Event - offset ToAdd)
228 add esi,ebx
229 push esi
230 F1CKEN4 0F7h
231 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
232 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
233 mov dword ptr [(SetEventRVA - offset ToAdd) + ebx],eax ; save 'SetEvent' RVA
234
235 mov esi,(offset Reset_Event - offset ToAdd)
236 F1CKEN4 0EAh
237 add esi,ebx
238 push esi
239 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
240 F1CKEN4 0EAh
241 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
242 mov dword ptr [(ResetEventRVA - offset ToAdd) + ebx],eax ; save 'ResetEvent' RVA
243
244 F1CKEN5
245 mov esi,(offset Suspend_Thread - offset ToAdd)
246 add esi,ebx
247 push esi
248 F1CKEN4 0E8h
249 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
250 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
251 mov dword ptr [(SuspendThreadRVA - offset ToAdd) + ebx],eax ; save 'SuspendThread' RVA
252
253 mov esi,(offset Resume_Thread - offset ToAdd)
254 add esi,ebx
255 push esi
256 F1CKEN4 0E8h
257 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
258 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
259 F1CKEN4 0EAh
260 mov dword ptr [(ResumeThreadRVA - offset ToAdd) + ebx],eax ; save 'ResumeThread' RVA
261
262 mov esi,(offset GetCurrentProcess_Id - offset ToAdd)
263 add esi,ebx
264 push esi
265 F1CKEN4 0E8h
266 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
267 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
268
269 F1CKEN4 0EAh
270 call eax ; call GetCurrentProcessId
271
272 F1CKEN5
273 push eax ; push processid
274 F1CKEN4 0E8h
275 push 0
276 push PROCESS_SET_INFORMATION+DEBUG_ONLY_THIS_PROCESS ; enable set information flag & debug flag
277 call dword ptr [(OpenProcessRVA - offset ToAdd) + ebx]
278 mov dword ptr [(PROCESSHANDLE - offset ToAdd) + ebx],eax ; save the process handle
279
280 push REALTIME_PRIORITY_CLASS
281 F1CKEN4 0EAh
282 push eax ; push process handle
283 call dword ptr [(SetPriorityClassRVA - offset ToAdd) + ebx]
284
285 mov edx,(offset Thread_ID2 - offset ToAdd)
286 add edx,ebx
287 push edx
288 F1CKEN4 0EAh
289 push CREATE_SUSPENDED ; create a thread which runs after resumethread
290 push 0
291 mov edx,(offset Thread_Handler_2 - offset ToAdd)
292 add edx,ebx
293 F1CKEN4 0E8h
294 push edx
295 push 0
296 push 0
297 F1CKEN4 0EAh
298 call dword ptr [(CreateThreadRVA - offset ToAdd) + ebx]
299 mov dword ptr [(Thread_Handle2 - offset ToAdd) + ebx],eax ; save thread handle
300
301 push THREAD_MAX_PRIORITY
302 F1CKEN4 0E8h
303 push dword ptr [(Thread_Handle2 - offset ToAdd) + ebx] ; push thread id
304 call dword ptr [(SetThreadPriorityRVA - offset ToAdd) + ebx]
305
306 push 0 ; no event name needed niggaz
307 push 0 ; initial state = non signaled
308 F1CKEN4 0E8h
309 push 0 ; wtf??
310 push 0 ; default security descriptor is enough
311 call dword ptr [(CreateEventARVA - offset ToAdd) + ebx] ; create the event
312 mov dword ptr [(EventO_Handle2 - offset ToAdd) + ebx],eax ; save the handle of the created event object
313
314 F1CKEN5
315 push 0 ; no event name needed niggaz
316 push 0 ; initial state = non signaled
317 F1CKEN4 0E8h
318 push 0 ; wtf??
319 push 0 ; default security descriptor is enough
320 F1CKEN4 0E8h
321 call dword ptr [(CreateEventARVA - offset ToAdd) + ebx]
322 mov dword ptr [(EventO_Handle22 - offset ToAdd) + ebx],eax ; save the handle of the created event object
323
324 F1CKEN4 0E8h
325 push dword ptr [(Thread_Handle2 - offset ToAdd) + ebx] ; push thread handle
326 F1CKEN4 0E8h
327 call dword ptr [(ResumeThreadRVA - offset ToAdd) + ebx]
328 mov esi,(offset Encrypted_Thread_Block_End - 4 - offset ToAdd)
329 add esi,ebx
330 F1CKEN4 0F7h
331 mov edi,esi
332 mov ecx,(offset Encrypted_Thread_Block_End - Encrypted_Thread_Block) / 4
333 F1CKEN4 0EAh
334 mov edx,dword ptr [(VALUE_THREAD - offset ToAdd) + ebx] ; get the initial state
335 mov dword ptr [(SaveECX2 - offset ToAdd) + ebx],ecx ; save ECX initial state
336 F1CKEN4 0F7h
337 mov dword ptr [(SaveEDX2 - offset ToAdd) + ebx],edx ; save the initial state of EDX
338
339 std
340Encrypt_Block1_2:
341 lodsd
342 mov dword ptr [(Byte2Encrypt2 - offset ToAdd) + ebx],eax ; save the byte which needs to get encrypted
343
344 pusha
345 mov dword ptr [(SAVEESP3 - offset ToAdd) + ebx],esp
346 F1CKEN4 0F7h
347 push dword ptr [(EventO_Handle2 - offset ToAdd) + ebx] ; push event handle
348 call dword ptr [(SetEventRVA - offset ToAdd) + ebx]
349 push 0FFFFFFFFh ; wait forever ;)
350 push dword ptr [(EventO_Handle22 - offset ToAdd) + ebx] ; push the handle of the 2nd event
351 F1CKEN4 0F7h
352 call dword ptr [(WaitForSingleObjectRVA - offset ToAdd) + ebx]
353
354 push dword ptr [(EventO_Handle22 - offset ToAdd) + ebx] ; push the handle of the 2nd event
355 F1CKEN4 0E9h
356 call dword ptr [(ResetEventRVA - offset ToAdd) + ebx]
357 mov esp,dword ptr [(SAVEESP3 - offset ToAdd) + ebx]
358 popa
359 F1CKEN4 0E9h
360 mov eax,dword ptr [(Byte2Encrypt2 - offset ToAdd) + ebx] ; get the encrypted dword
361 stosd
362 dec ecx
363 mov dword ptr [(SaveECX2 - offset ToAdd) + ebx],ecx ; save the current ECX value
364 jnz Encrypt_Block1_2
365
366 cld
367
368 CONFUSE 03h ; Confusing jump crap
369 push 0
370 F1CKEN4 0E9h
371 push dword ptr [(Thread_Handle2 - offset ToAdd) + ebx] ; push the thread handle
372 call dword ptr [(TerminateThreadRVA - offset ToAdd) + ebx] ; terminate the thread
373
374 F1CKEN4 0E9h
375 push NORMAL_PRIORITY_CLASS
376 push dword ptr [(PROCESSHANDLE - offset ToAdd) + ebx] ; push process handle
377 call dword ptr [(SetPriorityClassRVA - offset ToAdd) + ebx]
378 jmp Encrypted_Thread_Block
379
380Thread_Handler_2:
381Restart_Thread_2:
382
383 pusha
384 call $+5
385RelocateCode:
386 pop ebx
387 sub ebx,(RelocateCode - offset ToAdd)
388
389 push 0FFFFFFFFh ; wait forever ;)
390 F1CKEN4 0E9h
391 push dword ptr [(EventO_Handle2 - offset ToAdd) + ebx] ; event handle is needed
392 call dword ptr [(WaitForSingleObjectRVA - offset ToAdd) + ebx]
393
394 push dword ptr [(EventO_Handle2 - offset ToAdd) + ebx] ; event handle is needed
395 F1CKEN4 0E9h
396 call dword ptr [(ResetEventRVA - offset ToAdd) + ebx]
397
398 mov edx,dword ptr [(SaveEDX2 - offset ToAdd) + ebx] ; get the saved EDX value
399 F1CKEN4 0E9h
400 mov ecx,(offset Encrypted_Thread_Block - offset CRC_Block1) / 4
401
402 mov esi,(offset CRC_Block1 - offset ToAdd)
403 F1CKEN4 0E9h
404 add esi,ebx
405
406Generate_Thread_CRC_2:
407 mov eax,[esi]
408 xor edx,eax
409 not edx
410 xor edx,ecx
411 add edx,eax
412 add esi,4
413 dec ecx
414 jnz Generate_Thread_CRC_2
415
416 mov eax,dword ptr [(Byte2Encrypt2 - offset ToAdd) + ebx]
417 xor eax,edx
418
419 push edi
420
421 push esi
422 push eax
423 push ecx
424 mov esi,(offset PEText - offset ToAdd)
425 add esi,ebx
426 mov ecx,(ToAdd_END - offset PEText)
427 shr ecx,2
428 xor eax,eax
429EncryptStuff_1:
430 xor eax,[esi]
431 not eax
432 xor eax,ecx
433 add esi,4
434 dec ecx
435 jnz EncryptStuff_1
436 mov edi,eax
437 pop ecx
438 pop eax
439 pop esi
440
441 xor eax,edi
442 pop edi
443
444 F1CKEN4 0E9h
445 mov dword ptr [(Byte2Encrypt2 - offset ToAdd) + ebx],eax
446
447 xor edx,dword ptr [(SaveECX2 - offset ToAdd) + ebx]
448 F1CKEN4 0E9h
449 mov dword ptr [(SaveEDX2 - offset ToAdd) + ebx],edx
450
451 push dword ptr [(EventO_Handle22 - offset ToAdd) + ebx] ; push event handle
452 call dword ptr [(SetEventRVA - offset ToAdd) + ebx]
453 popa
454 jmp Restart_Thread_2
455
456Encrypted_Thread_Block:
457
458
459Encrypted_Running_Line_Block:
460
461 F1CKEN2 0EAh
462
463 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the _KERNEL32
464 add edx,ebx
465
466 call [(GetTickCountRVA - offset ToAdd) + ebx]
467 mov dword ptr [(SAVETIME - offset ToAdd) + ebx],eax
468
469 CONFUSE 03h ; Confusing jump crap
470
471 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the _KERNEL32
472 add edx,ebx
473 F1CKEN4 0F7h
474 mov esi,(offset f_VirtualAlloc - offset ToAdd) ; offset of the function
475 add esi,ebx
476
477 CONFUSE 03h ; Confusing jump crap
478
479 F1CKEN4 0F7h
480 push edx
481 push edx
482 call dword ptr [(offset Thunktable+4 - offset ToAdd)+ebx] ; call "GetmoduleHandle"
483
484 push esi
485 F1CKEN4 0F7h
486 push eax
487 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
488 mov dword ptr [(F2RVA - offset ToAdd) + ebx],eax
489
490 F1CKEN5
491 push 0
492 push 4
493 push 1000h
494 CONFUSE 03h ; Confusing jump crap
495 push 1024 ; 1kb is needed
496 push 0 ; call the function
497 call dword ptr [F2RVA - offset ToAdd + ebx] ; and allocate memory
498 mov dword ptr [(hash_seg - offset ToAdd) + ebx],eax ; save the memory offset
499
500 F1CKEN4 0F7h
501 push 0
502 push 4
503 push 1000h
504 F1CKEN4 0F7h
505 push 10000 ; about 10kb are needed
506 push 0 ; call the function
507 call dword ptr [F2RVA - offset ToAdd + ebx] ; and allocate memory
508 mov dword ptr [(LayerBuffer - offset ToAdd) + ebx],eax
509
510 F1CKEN5
511 push 0
512 push 4
513 CONFUSE 03h ; Confusing jump crap
514 push 1000h
515 push 1024 ; 1kb is needed for the rvatable
516 CONFUSE 03h ; Confusing jump crap
517 push 0 ; call the function
518 call dword ptr [F2RVA - offset ToAdd + ebx] ; and allocate memory
519 mov dword ptr [(RVATABLE - offset ToAdd) + ebx],eax ; save the memory offset
520
521 CONFUSE 03h ; Confusing jump crap
522 mov ebx,ebp
523 mov esi,(offset Encrypted_Block1_End - offset ToAdd)-1
524 F1CKEN3 0EAh
525 add esi,ebx
526 mov edi,esi
527
528 F1CKEN2 0FFh
529 mov ecx,(offset Encrypted_Block1_End - offset Encrypted_Block1) / 4
530 mov edx,dword ptr [(START_VALUE - offset ToAdd) + ebx]
531 F1CKEN4 0F7h
532 std
533Decrypt_Block1:
534
535 jmp JumpOva2
536MutateCRC2:
537 dd 0
538JumpOva2:
539 push esi
540 push ecx
541 mov ecx,(offset CRC_Block1_End - offset offset CRC_Block1) / 4
542 xor esi,esi
543 add esi,ebx
544GenerateFirst_CRC:
545 mov eax,[esi]
546 xor edx,eax
547 xor edx,ecx
548 add esi,4
549 dec ecx
550 jnz GenerateFirst_CRC
551 pop ecx
552 pop esi
553 jmp JumpOva
554MutateCRC1:
555 dd 0
556JumpOva:
557 lodsd
558 xor eax,edx
559 stosd
560 inc dword ptr [(MutateCRC2 - offset ToAdd) + ebx]
561 rol dword ptr [(MutateCRC1 - offset ToAdd) + ebx],cl
562 add dh,byte ptr fs:[23h]
563 xor edx,ecx
564 F1CKEN2 0EAh
565 dec ecx
566 jnz Decrypt_Block1
567CRC_Block1_End:
568Encrypted_Thread_Block_End:
569Encrypted_Running_Line_Block_End:
570
571Encrypted_Block1:
572 cld
573; F1CKEN2 0FFh
574
575 mov dword ptr [(MutateCRC2 - offset ToAdd) + ebx],0
576; F1CKEN3 0EAh
577 mov dword ptr [(MutateCRC1 - offset ToAdd) + ebx],0
578
579
580;Table for the SlowMutation Engine
581;will be filled with decryption layers ;)
582;
583;
584
585LayerTable:
586 db 1400 dup (90h)
587
588Layer_Table_End:
589;End of the slow mutating layers
590;
591;
592;
593
594 F1CKEN4 0F7h
595 mov edx,(offset ModuleDLL - offset ToAdd)
596 add edx,ebx
597 F1CKEN4 0F7h
598 mov edi,10
599 call RandomizeValue
600 xchg ecx,eax
601
602FakeRVAJumpAgain:
603 mov edi,dword ptr [(CODESIZE - offset ToAdd) + ebx] ; load the maximum size
604 sub edi,100
605 call RandomizeValue
606 xchg eax,edi
607 add edi,dword ptr [NEWIBASE - offset ToAdd + ebx] ; add the calculated imagebase
608 F1CKEN4 0F7h
609 add edi,dword ptr [CODEBASE - offset ToAdd + ebx] ; add the codebase
610
611 push edi
612 mov edi,3
613 F1CKEN4 0F7h
614 call RandomizeValue
615 pop edi
616 cmp eax,1
617 ja UseProgramCODESECTION
618 mov edi,dword ptr [(hash_seg - offset ToAdd) + ebx]
619
620UseProgramCODESECTION:
621 mov dword ptr [(CODEOFS2 - offset ToAdd) + ebx],edi ; save it
622 pusha
623 mov esi,edi
624 mov edi,dword ptr [(RVATABLE - offset ToAdd) + ebx]
625 mov ecx,200
626 rep movsb
627 popa
628
629 push ecx
630 F1CKEN4 0F7h
631 push edi
632 mov edi,20
633 call RandomizeValue
634 pop edi
635 xchg eax,ecx
636 mov al,90h
637 F1CKEN4 0F7h
638 rep stosb
639 pop ecx
640
641 F1CKEN4 0F7h
642 push edi
643 mov edi,5
644 call RandomizeValue
645 pop edi
646
647 F1CKEN4 0F7h
648 mov edx,(ContinueMan - offset ToAdd)
649 add edx,ebx
650
651 cmp eax,1
652 jnz Dontuseedx
653
654Dontuseedx:
655 F1CKEN4 0F7h
656 cmp eax,2
657 jnz Dontuseedi
658 F1CKEN4 0F7h
659 movzx eax,word ptr [(offset InstructionTable - offset ToAdd) + (eax * 2) + ebx]
660 stosw
661 mov edi,edx
662 jmp AlreadyPatched
663Dontuseedi:
664 cmp eax,3
665 jnz Dontuseesi
666 mov esi,edx
667Dontuseesi:
668 cmp eax,4
669 jnz Dontuseebp
670 mov ebp,edx
671Dontuseebp:
672 or eax,eax
673 jnz Dontuseecx
674 mov ecx,edx
675Dontuseecx:
676 F1CKEN4 0F7h
677 movzx eax,word ptr [(offset InstructionTable - offset ToAdd) + (eax * 2) + ebx]
678 stosw
679
680AlreadyPatched:
681 F1CKEN4 0F7h
682 pusha
683 mov eax,dword ptr [(CODEOFS2 - offset ToAdd) + ebx]
684 jmp eax
685
686ContinueMan:
687 popa
688
689 pusha
690 mov esi,dword ptr [(offset RVATABLE - offset ToAdd) + ebx]
691 mov edi,dword ptr [(CODEOFS2 - offset ToAdd) + ebx]
692 mov ecx,200
693 F1CKEN4 0F7h
694 rep movsb
695 popa
696
697 dec ecx
698 jnz FakeRVAJumpAgain
699
700
701BahDasStinkt:
702 F1CKEN4 0F7h
703 mov edi,dword ptr [(offset RVATABLE - offset ToAdd) + ebx]
704 mov ecx,(1000 / 4)
705 xor eax,eax
706 F1CKEN4 0F7h
707 rep stosd
708 mov ebp,ebx
709
710 F1CKEN2 0FEh
711
712
713 call [(GetTickCountRVA - offset ToAdd) + ebx]
714 sub eax,dword ptr [(SAVETIME - offset ToAdd) + ebx]
715 F1CKEN2 0FEh
716 cmp eax,6000
717 jae Encrypt_Block1_2
718
719 cmp byte ptr [(HEURISTIC - offset ToAdd) + ebx],0
720 jz HeuristicPassed
721 mov edi,[(NEWIBASE - offset ToAdd) + ebp] ; get the header start
722 F1CKEN3 0FCh
723 add edi,[edi+3Ch]
724
725 F1CKEN2 0FEh
726
727 mov edx,[edi+40]
728 F1CKEN4 0F7h
729 add edx,[(NEWIBASE - offset ToAdd) + ebp] ; get the header start
730 F1CKEN3 0FCh
731 cmp dword ptr [edx+0Bh],"!DNR" ; check for the PEcrypt32 signature
732 jz HeuristicPassed
733
734 mov ax,[edi+6] ; get the obj number
735 cmp ax,word ptr [(OBJNUMBA - offset ToAdd) + ebp] ; compare with the
736 jz NoHeuristicAlert ; saved one, alert if
737HeuristicAlert: ; changed
738 push 30h
739 mov eax,(offset HeuristicA1H - offset ToAdd)
740 add eax,ebx
741 F1CKEN2 0FFh
742 push eax
743 mov eax,(offset HeuristicA1 - offset ToAdd)
744 add eax,ebx
745 push eax
746 push 0
747 F1CKEN2 0FEh
748 jmp MboxError
749GetSystem_Time db "GetSystemTime",0
750
751Unexpected_Exception_Handler:
752
753Patch_EBX:
754 mov ebx,0190h
755Patch_ECX:
756 mov ecx,0190h
757Patch_ESI:
758 mov esi,0190h
759Patch_EDX:
760 mov edx,0190h
761 mov ebp,ebx
762 mov edi,esi
763
764 rol edx,cl
765 rol dword ptr [(offset VALUE6 - offset ToAdd) + ebx],cl
766 xor dword ptr [(offset VALUE5 - offset ToAdd) + ebx],ecx
767 jmp FinishedWithUnexpectedException
768
769NoHeuristicAlert:
770 mov edx,edi
771 CONFUSE2 02H
772 add edi,dword ptr [(LOBJ - offset ToAdd) + ebp] ; pointer to the virtual size
773 mov eax,[edi+8] ; get the vsize
774
775 F1CKEN2 0FEh
776 cmp eax,dword ptr [(LSIZE - offset ToAdd) + ebp] ; compare it with the saved one
777 jz HeuristicPassed ; the same? then passed
778 F1CKEN2 0FEh
779 mov edx,[edx+40]
780 add edx,[(NEWIBASE - offset ToAdd) + ebp] ; get the header start
781 F1CKEN3 0FCh
782 cmp dword ptr [edx+0Bh],"!DNR"
783 jnz HeuristicAlert
784
785HeuristicPassed:
786
787
788 mov edi,(offset LayerTable - offset ToAdd)
789 F1CKEN4 0F7h
790 add edi,ebx
791 mov ecx,(1000 / 4)
792 mov eax,90909090h
793 F1CKEN4 0F7h
794 rep stosd
795
796 F1CKEN4 0F7h
797
798 cmp byte ptr [(AMETHOD - offset ToAdd) + ebx],0
799 jz InstallExceptionHandler
800
801 mov edx,(offset SICEVXD - offset ToAdd)
802 add edx,ebx
803 push 0
804
805 F1CKEN4 0F7h
806 push 80h
807 push 3
808 push 0
809 push 3
810
811 F1CKEN4 0F7h
812 push 80000000h
813 push edx
814 push dword ptr [(FunctionRVA - offset ToAdd) + ebx]
815 F1CKEN4 0F7h
816 call CallApi
817
818 cmp eax,0FFFFFFFFh
819 jz NoSoftIceInstalled
820
821NTICE_OR_WINICE_INSTALLED:
822 F1CKEN4 0F7h
823 push 30h
824 mov eax,(offset SICEErrorHead - offset ToAdd)
825 F1CKEN4 0F7h
826 add eax,ebx
827 push eax
828 mov eax,(offset SICEError - offset ToAdd)
829 add eax,ebx
830 F1CKEN4 0F7h
831 push eax
832 push 0
833 mov edx,(offset _USER32 - offset ToAdd) ; offset of the dllname
834 F1CKEN4 0F7h
835 add edx,ebx
836 mov esi,(offset f_MessageBoxA - offset ToAdd) ; offset of the function
837 F1CKEN4 0F7h
838 add esi,ebx
839 Call GetApi ; get the rva of this function
840 F1CKEN4 0F7h
841
842 push eax
843 call CallApi
844
845 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the dllname
846 add edx,ebx
847 mov esi,(offset f_ExitProcess - offset ToAdd) ; offset of the function
848 add esi,ebx
849 Call GetApi ; get the rva of this function
850 push 0FFh
851 push eax
852 Call CallApi
853
854NoSoftIceInstalled:
855 mov edx,(offset NTICEVXD - offset ToAdd)
856 add edx,ebx
857 push 0
858
859 F1CKEN4 0E9h
860 push 80h
861 push 3
862 push 0
863 push 3
864 F1CKEN4 0F7h
865 push 80000000h
866 push edx
867 call dword ptr [(FunctionRVA - offset ToAdd) + ebx]
868 F1CKEN4 0E9h
869 cmp eax,0FFFFFFFFh
870 jnz NTICE_OR_WINICE_INSTALLED
871
872EncryptedAntiDebuggingLayer_1_Start:
873 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the dllname
874 add edx,ebx
875 F1CKEN4 0E9h
876 mov esi,(offset f_SetUnhandledExceptionFilter - offset ToAdd)
877 add esi,ebx
878 call GetApi
879
880 mov edx,(offset Unexpected_Exception_Handler - offset ToAdd)
881 add edx,ebx
882 push edx
883 F1CKEN4 0E9h
884 call eax
885 mov dword ptr [(offset HANDLER - offset ToAdd) + ebx],eax
886
887 mov dword ptr [(offset Patch_EBX - offset ToAdd +1 )+ ebx],ebx
888
889 F1CKEN4 0EFh
890 mov esi,(offset CPL0_NOT_ACTIVE - offset ToAdd)
891 add esi,ebx
892 F1CKEN 0FFh
893 mov edi,esi
894 mov ecx,(offset InCPL3 - offset CPL0_NOT_ACTIVE) / 4
895 F1CKEN 0FFh
896 mov edx,dword ptr [(offset VALUE6 - offset ToAdd) + ebx]
897Decrypt_First_Antidebugging_Layer:
898 push esi
899 push ecx
900 mov ecx,(offset EncryptedAntiDebuggingLayer_1_End - offset HeuristicPassed) / 4
901 F1CKEN 0FFh
902 mov esi,(offset HeuristicPassed - offset ToAdd)
903 add esi,ebx
904Generate_CRC_overFirst_Antidebugging_Layer:
905 mov eax,[esi]
906 xor edx,eax
907 xor edx,ecx
908 add esi,4
909 dec ecx
910 jnz Generate_CRC_overFirst_Antidebugging_Layer
911 pop ecx
912 pop esi
913 jmp JumpAboveConfusingTrick
914 VALUE5 dd 0
915f_SetUnhandledExceptionFilter:
916 db "SetUnhandledExceptionFilter",0
917f_VirtualProtect:
918 db "VirtualProtect",0
919SICEVXD:
920 db "\\.\SICE",0
921 VALUE6 dd 0
922NTICEVXD:
923 db "\\.\NTICE",0
924JumpAboveConfusingTrick:
925 F1CKEN 0FFh
926 mov dword ptr [(offset Patch_ECX - offset ToAdd +1 )+ ebx],ecx
927 mov dword ptr [(offset Patch_ESI - offset ToAdd +1 )+ ebx],esi
928 F1CKEN 0FFh
929 mov dword ptr [(offset Patch_EDX - offset ToAdd +1 )+ ebx],edx
930
931 mov ebp,'BCHK'
932 mov eax, 4
933 int 03h
934FinishedWithUnexpectedException:
935 lodsd
936 xor eax,edx
937 stosd
938 xor edx,ecx
939 inc dword ptr [(offset VALUE5 - offset ToAdd) + ebx]
940 F1CKEN 0FFh
941 xor dword ptr [(offset VALUE6 - offset ToAdd) + ebx],ecx
942 dec ecx
943 jnz Decrypt_First_Antidebugging_Layer
944EncryptedAntiDebuggingLayer_1_End:
945
946CPL0_NOT_ACTIVE:
947 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the dllname
948 add edx,ebx
949 mov esi,(offset f_SetUnhandledExceptionFilter - offset ToAdd)
950 add esi,ebx
951 call GetApi
952 mov edx,dword ptr [(offset HANDLER - offset ToAdd) + ebx]
953 push edx
954 F1CKEN4 0EFh
955 call eax
956
957 mov dword ptr [(VALUE5 - offset ToAdd) + ebx],0
958 F1CKEN 0FFh
959 mov dword ptr [(VALUE6 - offset ToAdd) + ebx],0
960 F1CKEN 0FFh
961 mov dword ptr [(offset Patch_EBX - offset ToAdd +1 )+ ebx],0190h
962 F1CKEN 0FFh
963 mov dword ptr [(offset Patch_ECX - offset ToAdd +1 )+ ebx],0190h
964 F1CKEN 0FFh
965 mov dword ptr [(offset Patch_ESI - offset ToAdd +1 )+ ebx],0190h
966 F1CKEN 0FFh
967 mov dword ptr [(offset Patch_EDX - offset ToAdd +1 )+ ebx],0190h
968
969 mov ebp,ebx
970 mov edx,(offset Exception_Handler - offset ToAdd)
971 add edx,ebx
972 push edx
973 push dword ptr fs:[0]
974 mov fs:[0],esp
975 mov dword ptr [(PIZZA - offset ToAdd) + ebx],esp
976
977 mov esi,(offset InCPL3 - offset ToAdd)
978 add esi,ebx
979 mov edi,esi
980; mov ecx,(offset EncryptLayer3_End - offset InCPL3) / 4
981 mov ecx,(offset EncryptedLayer_4_Start - offset InCPL3) / 4
982
983 mov edx,dword ptr [(ENCRYPTV11 - offset ToAdd) + ebx]
984Decrypt_AD_Block:
985 push esi
986 push ecx
987 mov ecx,(offset InCPL3 - offset NoHeuristicAlert) / 4
988 mov esi,(offset NoHeuristicAlert - offset ToAdd)
989 add esi,ebx
990GenerateAD_CRC_2:
991 mov eax,[esi]
992 xor edx,eax
993 xor edx,ecx
994 add esi,4
995 dec ecx
996 jnz GenerateAD_CRC_2
997 pop ecx
998 pop esi
999 lodsd
1000 xor eax,edx
1001 stosd
1002 sidt fword ptr [(IDTVALUE - offset ToAdd) + ebx] ; get the IDT
1003 mov esi,dword ptr [(IDTVALUE - offset ToAdd)+ 2 + ebx] ; get the interrupt table offset
1004Possible_Second_Exception:
1005 mov [esi+8],ecx ; overwrite the int 1 data
1006 xor edx,dword ptr [(offset VALUE4 - offset ToAdd) + ebx] ; simple xor but effective ;)
1007 mov esi,edi
1008 jmp JumpaboveMutation
1009 VALUE3 dd 0
1010 VALUE4 dd 0
1011Exception_Handler:
1012 mov ebp,esp
1013 mov eax,[ebp+0Ch] ; get the offset of another information buffer
1014 mov ebp,[eax+0B8h] ; get the EIP where the exception obcurred
1015 mov edi,[eax+9Ch] ; get the damn edi value
1016 mov ebx,[eax+9Ch+4+4]
1017 mov edx,[eax+9Ch+4+4+4]
1018 mov ecx,[eax+9Ch+4+4+4+4]
1019 mov esi,edi
1020 pusha
1021 mov edx,(Possible_Second_Exception - offset ToAdd) ; compare with the 2nd exception
1022 add edx,ebx
1023 cmp ebp,edx
1024 jz SecondSupposed_Memory_Violation ; jump if they are equal
1025 popa
1026 jmp edx ; for some tricks with SEH
1027
1028SecondSupposed_Memory_Violation:
1029 popa
1030 xor edx,dword ptr [(offset VALUE4 - offset ToAdd) + ebx] ; simple xor but effective ;)
1031 jmp JumpaboveMutation
1032
1033InstallExceptionHandler:
1034 mov edx,(offset Exception_Handler - offset ToAdd)
1035 F1CKEN 0FFh
1036 add edx,ebx
1037 F1CKEN 0FFh
1038 push edx
1039 F1CKEN 0FFh
1040 push dword ptr fs:[0]
1041 F1CKEN 0FFh
1042 mov fs:[0],esp
1043 F1CKEN 0FFh
1044 mov dword ptr [(PIZZA - offset ToAdd) + ebx],esp
1045 jmp EncryptLayer3
1046
1047
1048JumpaboveMutation:
1049 inc dword ptr [(VALUE3 - offset ToAdd) + ebx]
1050 xor edx,ecx
1051 dec ecx
1052 jnz Decrypt_AD_Block
1053InCPL3:
1054
1055EncryptLayer3:
1056 mov ebp,ebx
1057NtCompatibleAD:
1058 SEH_TRICK1 0EAH
1059
1060 mov ebx,ebp
1061 mov dword ptr [(offset VALUE4 - offset ToAdd) + ebx],0
1062 F1CKEN4 0FFh
1063 mov dword ptr [(MutateCRC2 - offset ToAdd) + ebx],0
1064 mov dword ptr [(VALUE3 - offset ToAdd) + ebx],0
1065
1066 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the _KERNEL32
1067 add edx,ebx
1068 CONFUSE 08h ; Confusing jump crap
1069 cmp byte ptr fs:[23h],00h
1070 jnz GenerateAD_CRC_2
1071 mov esi,(offset GetSystem_Time - offset ToAdd)
1072 add esi,ebx
1073 CONFUSE 03h ; Confusing jump crap
1074 push esi
1075 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
1076 call dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
1077 mov dword ptr [(GetSystemTimeRVA - offset ToAdd) + ebx],eax
1078
1079 F1CKEN4 0FFh
1080 mov esi,(offset SYSTEMTIME_STRUCTURE - offset ToAdd) + 1
1081 add esi,ebx
1082 push esi
1083 call dword ptr [(GetSystemTimeRVA - offset ToAdd) + ebx]
1084
1085 SEH_TRICK1 0EFH
1086
1087 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the _KERNEL32
1088 add edx,ebx
1089
1090 F1CKEN 0FFh
1091 cmp byte ptr [(KILLHEAD - offset ToAdd) + ebx],0 ; Header erasing disabled?
1092 jz DontErasePEHeader ; if yes, then jump
1093
1094 mov esi,(offset f_OpenProcess - offset ToAdd) ; offset of the function
1095 add esi,ebx
1096 call GetApi ; get the offset of OpenProcess
1097 mov dword ptr [(F7RVA - offset ToAdd) + ebx],eax ; save the rva of this function
1098
1099 CONFUSE 02h ; Confusing jump crap
1100
1101 mov esi,(offset f_WriteProcessMemory - offset ToAdd) ; offset of the function
1102 add esi,ebx
1103 F1CKEN4 0FFh
1104 call GetApi ; get the offset of OpenProcess
1105 mov dword ptr [(F8RVA - offset ToAdd) + ebx],eax ; save the rva of this function
1106
1107 CONFUSE 01h ; Confusing jump crap
1108
1109; SEH_TRICK1 0EAH
1110 mov esi,(offset f_GetCurrentProcessId - offset ToAdd) ; offset of the function
1111 add esi,ebx
1112 call GetApi ; get the offset of OpenProcess
1113 mov dword ptr [(F9RVA - offset ToAdd) + ebx],eax ; save the rva of this function
1114 CONFUSE 02h ; Confusing jump crap
1115
1116 call dword ptr [(F9RVA - offset ToAdd) + ebx] ; get the current process id
1117 push eax
1118 push 0
1119 push 0c0h
1120 call dword ptr [(F7RVA - offset ToAdd) + ebx]
1121 CONFUSE 03h ; Confusing jump crap
1122 or eax,eax
1123 jz DontPatchHeader
1124
1125 F1CKEN4 0FFh
1126 mov edi,(offset BYTEWRITTEN - offset ToAdd)
1127 add edi,ebx
1128 CONFUSE 01h ; Confusing jump crap
1129 push edi
1130 push 1024
1131 mov edi,(InstructionTable - offset ToAdd)
1132 add edi,ebx
1133 push edi
1134 CONFUSE 02h ; Confusing jump crap
1135 push dword ptr [(NEWIBASE - offset ToAdd) + ebx]
1136 CONFUSE 03h ; Confusing jump crap
1137 push eax
1138 call dword ptr [(F8RVA - offset ToAdd) + ebx]
1139
1140DontErasePEHeader:
1141DontPatchHeader:
1142
1143; SEH_TRICK1 0D3H
1144
1145 F1CKEN4 0FFh
1146 mov ebp,ebx
1147 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the _KERNEL32
1148 add edx,ebx
1149
1150 F1CKEN4 0FFh
1151 mov esi,(offset f_VirtualAlloc - offset ToAdd) ; offset of the function
1152 add esi,ebx
1153 CONFUSE 03h ; Confusing jump crap
1154 Call GetApi ; get the rva of this function
1155 mov dword ptr [(F2RVA - offset ToAdd) + ebx],eax
1156
1157 F1CKEN 0EAh
1158 F1CKEN 0FFh
1159 mov esi,(offset f_VirtualFree - offset ToAdd) ; offset of the function
1160 add esi,ebx
1161 F1CKEN 0FFh
1162 Call GetApi ; get the rva of this function
1163 mov dword ptr [(F4RVA - offset ToAdd) + ebx],eax ; save rva of virtualalloc
1164
1165; SEH_TRICK1 0E8H
1166
1167 mov esi,(offset OBJTABLE - offset ToAdd) ; offset of the obj info table
1168 F1CKEN4 0E8h
1169 add esi,ebx
1170 mov edx,dword ptr [NEWIBASE - offset ToAdd + ebx] ; get the imagebase
1171GetThenextobj:
1172 push edx
1173
1174 F1CKEN 0FFh
1175
1176 cmp dword ptr [esi],0 ; is there another obj?
1177 jz Finito ; no? then jump
1178
1179 F1CKEN4 0FFh
1180
1181 pushad
1182 mov edx,dword ptr [(PreviousCRC - offset ToAdd) + ebx] ; get the previous
1183 mov edi,esi ; crc for decryption
1184
1185 F1CKEN 0FFh
1186
1187 xor eax,eax
1188 push esi
1189 F1CKEN4 0E8h
1190 mov ecx,33 ; size of the objtable
1191DecryptOBJTable:
1192 lodsb ; get a byte
1193 xor eax,edx ; and decrypt it
1194 inc edx ; with the value
1195 stosb ; of the previous
1196 dec ecx ; crc calculation
1197 jnz DecryptOBJTable
1198
1199 pop esi
1200
1201 F1CKEN 0FFh
1202
1203 add dword ptr [(CRAPVAR - offset ToAdd) + ebx],eax
1204
1205 mov ecx,33 ; size of all entries = 21 bytes
1206 CONFUSE 03h ; Confusing jump crap
1207 xor eax,eax
1208 mov edx,dword ptr [(ENCRYPTV1 - offset ToAdd) + ebx]
1209
1210 F1CKEN 0FFh
1211
1212CalculateOBJCRC2:
1213 lodsb ; get a byte
1214 xor eax,ecx ; and calculate a simple checksum
1215 rol eax,cl ; which will be later used
1216 add eax,edx ; to encrypt the next objecttable :)
1217 xor edx,eax
1218 xor edx,dword ptr [(ENCRYPTV1 - offset ToAdd) + ebx]
1219 inc edx ; cause i don't want that some lAmErZ
1220 dec ecx ; change it, tralalaaaa
1221 jnz CalculateOBJCRC2
1222
1223 F1CKEN4 0FFh
1224 push esi
1225
1226 F1CKEN 0FFh
1227
1228 xor esi,esi
1229 CONFUSE 03h ; Confusing jump crap
1230 add esi,ebx
1231
1232 F1CKEN 0FFh
1233
1234 mov ecx,offset CodeCRC_End - offset ToAdd
1235 mov edx,dword ptr [(ENCRYPTV2 - offset ToAdd) + ebx]
1236CaculateCODECRC2:
1237 mov dl,[esi]
1238 add eax,edx
1239 rol eax,cl
1240 xor eax,ecx
1241 xor eax,dword ptr [(ENCRYPTV1 - offset ToAdd) + ebx]
1242 inc esi
1243 dec ecx
1244 jnz CaculateCODECRC2
1245 pop esi
1246
1247 push esi
1248 mov edx,eax
1249
1250 F1CKEN 0EAh
1251
1252 mov esi,(offset PEText - offset ToAdd)
1253 CONFUSE 03h ; Confusing jump crap
1254 add esi,ebx
1255
1256 F1CKEN 0EAh
1257
1258 mov ecx,(offset ToAdd_END - offset PEText)
1259ChecksumText2:
1260 lodsb
1261 add edx,eax
1262 rol edx,cl
1263 xor edx,ecx
1264 dec ecx
1265 jnz ChecksumText2
1266 pop esi
1267 mov eax,edx
1268
1269 mov dword ptr [(PreviousCRC - offset ToAdd) + ebx],eax ; save the crc value
1270 popad
1271
1272 F1CKEN2 0EAh
1273
1274 CheckforHookedFunctions
1275 CONFUSE 01h ; Confusing jump crap
1276
1277 lodsd ; get the rva of the obj
1278 or eax,eax ; end of the objtable?
1279 jz Finito ; then jump
1280 mov dword ptr [COUNTER - offset ToAdd + ebx],eax ; save the virtual offset
1281 add edx,eax ; memstart = imagebase + virtualobjectadress
1282 mov dword ptr [(MEMSTARTI - offset ToAdd) + ebx],edx
1283
1284 F1CKEN 0EAh
1285
1286 lodsd ; physical size of this object
1287 mov dword ptr [OBJRSIZE - offset ToAdd + ebx],eax
1288 push eax
1289 lodsd ; get the encryptionvalue of this object
1290
1291 F1CKEN 0EAh
1292
1293 mov dword ptr [PatchCode1 - offset ToAdd + ebx],eax
1294
1295 cmp byte ptr fs:[23h],00h
1296 jnz GenerateAD_CRC_2
1297
1298 F1CKEN2 0FFh
1299
1300 lodsd ; get the virtual size of this object
1301 mov dword ptr [OBJVSIZE - offset ToAdd + ebx],eax
1302 lodsb ; compressed or not?
1303
1304 F1CKEN 0EAh
1305
1306 mov byte ptr [(CTRUE - offset ToAdd + ebx)],al
1307 lodsd ; get the CRC value of this object
1308 mov dword ptr [(OBJCRC - offset ToAdd) + ebx],eax
1309 F1CKEN4 0E8h
1310 lodsd
1311 mov dword ptr [(REAL_SIZE - offset ToAdd) + ebx],eax
1312 lodsd
1313 mov dword ptr [(REALSIZE - offset ToAdd) + ebx],eax ; save the original physical size
1314 lodsd
1315 mov dword ptr [(FLAGI - offset ToAdd) + ebx],eax ; save the section flags
1316
1317 F1CKEN2 0C7h
1318
1319 pop eax
1320 push esi ; save esi for later use
1321 mov esi,edx
1322 CONFUSE 01h ; Confusing jump crap
1323 mov ecx,eax
1324 mov edi,esi
1325 F1CKEN 0EAh
1326
1327 F1CKEN4 0E8h
1328 cmp byte ptr [(CRCERROR - offset ToAdd) + ebx],0 ; check if the crc option is off
1329 jz NO_OBJCRC_CHECK ; if yes, then jump
1330 pushad
1331 mov ecx,dword ptr [REAL_SIZE - offset ToAdd + ebx] ; get the virtual size of this obj
1332 shr ecx,2
1333 xor edx,edx
1334 xor ebx,ebx
1335CalculateOBJ_CRC2:
1336 lodsd
1337 xor edx,eax
1338 rol edx,cl
1339 shl edx,cl
1340 add edx,ebx
1341 mov ebx,eax
1342 dec ecx
1343 jnz CalculateOBJ_CRC2
1344 cmp eax,dword ptr [(OBJCRC - offset ToAdd) + ebp] ; compare calculated crc with original one
1345 popad
1346 jz NO_OBJCRC_CHECK ; jump if right
1347 cmp byte ptr [(CRCERROR - offset ToAdd) + ebx],1 ; check for the hangup option
1348 jz FinishedWithImports ; hangup if set
1349 push 30h
1350 mov eax,(offset CRCErrorH - offset ToAdd)
1351 add eax,ebx
1352 F1CKEN2 0FFh
1353 push eax
1354 mov eax,(offset CRCError - offset ToAdd)
1355 add eax,ebx
1356 push eax
1357 push 0
1358 F1CKEN2 0FEh
1359 jmp MboxError
1360
1361NO_OBJCRC_CHECK:
1362 cmp byte ptr [CTRUE - offset ToAdd + ebx],1
1363 jz DeCompressResources
1364 F1CKEN 0EAh
1365 shr ecx,1
1366 jmp Encrypt
1367DeCompressResources:
1368
1369 mov dword ptr [OBJRSIZE - offset ToAdd + ebx],ecx
1370 F1CKEN4 0E8h
1371 mov dword ptr [DECOMPSTART - offset ToAdd + ebp],edi ; bla,bla ;)
1372
1373DecompressRelocations:
1374 push 4
1375 CONFUSE 03h ; Confusing jump crap
1376 push 1000h
1377 push dword ptr [OBJVSIZE - offset ToAdd + ebx] ; push the real section size
1378 push 0 ; call the function
1379 call dword ptr [F2RVA - offset ToAdd + ebx] ; and allocate memory
1380 CONFUSE 03h ; Confusing jump crap
1381 mov dword ptr [MemStart - offset ToAdd + ebx],eax ; save the rva
1382 mov edi,eax
1383
1384 mov esi,dword ptr [DECOMPSTART - offset ToAdd + ebp]
1385
1386 push ebp
1387 push ebx
1388 push esi
1389 push edx
1390 push ecx
1391
1392getbitM MACRO
1393LOCAL stillbitsleft
1394 add dl,dl
1395 jnz stillbitsleft
1396 mov dl,[esi]
1397 inc esi
1398 adc dl,dl
1399stillbitsleft:
1400ENDM getbitM
1401
1402domatchM MACRO reg
1403 push esi
1404 mov esi, edi
1405 sub esi, reg
1406 rep movsb
1407 pop esi
1408ENDM domatchM
1409
1410getgammaM MACRO reg
1411LOCAL getmorebits
1412 mov reg, 1
1413getmorebits:
1414 getbitM
1415 adc reg, reg
1416 getbitM
1417 jc getmorebits
1418ENDM getgammaM
1419
1420
1421_aP_depack_asm_fast:
1422 push ebp
1423 mov ebp,esp
1424 push ebp
1425
1426 cld
1427 mov dl,80h
1428
1429literal:
1430 mov al,[esi]
1431 inc esi
1432 mov [edi],al
1433 inc edi
1434nexttag:
1435 getbitM
1436 jnc literal
1437 getbitM
1438 jnc codepair
1439 getbitM
1440 jnc shortmatch
1441 xor eax,eax
1442 getbitM
1443 adc eax,eax
1444 getbitM
1445 adc eax,eax
1446 getbitM
1447 adc eax,eax
1448 getbitM
1449 adc eax,eax
1450 jz thewrite
1451 neg eax
1452 mov al,[edi+eax]
1453thewrite:
1454 mov [edi],al
1455 inc edi
1456 jmp short nexttag
1457codepair:
1458 getgammaM eax
1459 sub eax, 2
1460 jnz normalcodepair
1461 getgammaM ecx
1462 domatchM ebp
1463 jmp nexttag
1464normalcodepair:
1465 dec eax
1466 shl eax, 8
1467 mov al,[esi]
1468 inc esi
1469 mov ebp,eax
1470 getgammaM ecx
1471 cmp eax,1280
1472 jb not_gt_1280
1473 inc ecx
1474not_gt_1280:
1475 cmp eax,7fh
1476 ja dont_add_2
1477 add ecx,2
1478dont_add_2:
1479 domatchM eax
1480 jmp nexttag
1481shortmatch:
1482 xor eax,eax
1483 mov al,[esi]
1484 inc esi
1485 xor ecx,ecx
1486 db 0c0h,0e8h,001h
1487 jz donedepacking
1488 adc ecx,2
1489 mov ebp,eax
1490 domatchM eax
1491 jmp nexttag
1492donedepacking:
1493 pop ebp
1494 pop ebp
1495 pop ecx
1496 pop edx
1497 pop esi
1498 pop ebx
1499 pop ebp
1500
1501 CONFUSE 03h ; Confusing jump crap
1502 sub edi,dword ptr [(MemStart - offset ToAdd) + ebp]
1503 mov ecx,edi
1504
1505 mov esi,dword ptr [(MemStart - offset ToAdd) + ebp]
1506 CONFUSE 03h ; Confusing jump crap
1507 mov edi,dword ptr [(DECOMPSTART - offset ToAdd) + ebp]
1508 rep movsb
1509
1510 push 2
1511 push dword ptr [(OBJVSIZE - offset ToAdd) + ebx]
1512 CONFUSE 03h ; Confusing jump crap
1513 push dword Ptr [(MemStart - offset ToAdd) + ebx]
1514 Call dword ptr [(F4RVA - offset ToAdd) + ebx]
1515 or eax,eax
1516 jz ImpFound
1517 push 30h
1518 mov eax,(offset DeallocErrorHead - offset ToAdd)
1519 add eax,ebx
1520 push eax
1521 mov eax,(offset DeallocError - offset ToAdd)
1522 F1CKEN4 08Bh
1523 add eax,ebx
1524 push eax
1525 push 0
1526 jmp MboxError
1527NoErrorWhileDeallocating_2:
1528
1529Encrypt:
1530 lodsw ; get a byte
1531 rol ax,cl
1532 xor eax,dword ptr [PatchCode1 - offset ToAdd + ebx]
1533 not ax
1534 xor ax,cx
1535 stosw ; store a byte
1536 inc dword ptr [PatchCode1 - offset ToAdd + ebx]
1537 dec ecx
1538 jnz Encrypt
1539
1540 F1CKEN 0EBh
1541
1542ImpFound:
1543 F1CKEN4 08Bh
1544
1545 cmp byte ptr [(RelocCCC - offset ToAdd) + ebx],1 ; is the relocation decompression running?
1546 mov byte ptr [(RelocCCC - offset ToAdd) + ebx],0 ; zero this internal flag
1547 jz ContinueRelocationCompression ; if yes then continue decompression
1548 cmp byte ptr [DECOMR - offset ToAdd + ebx],1
1549 jz NoResources
1550
1551
1552 pusha
1553
1554 F1CKEN4 08Bh
1555
1556
1557 cmp byte ptr [(IMP_DESTROY - offset ToAdd) + ebx],0
1558 jz NoFakeIATPossible
1559
1560 F1CKEN4 08Bh
1561 mov ecx,dword ptr [(OBJVSIZE - offset ToAdd) + ebx]
1562
1563 F1CKEN4 08Bh
1564 mov eax,dword ptr [(REALSIZE - offset ToAdd) + ebx]
1565 F1CKEN4 08Bh
1566 cmp eax,ecx
1567 jae NoFakeIATPossible
1568 sub ecx,eax
1569 F1CKEN4 08Bh
1570 or ecx,ecx
1571 jz NoFakeIATPossible
1572 mov edi,dword ptr [(MEMSTARTI - offset ToAdd) + ebx]
1573 add edi,eax
1574 F1CKEN4 08Bh
1575 mov eax,ecx
1576 mov ecx,6
1577 F1CKEN4 08Bh
1578 xor edx,edx
1579 div ecx
1580 F1CKEN4 08Bh
1581 mov ecx,eax
1582 dec ecx
1583 F1CKEN4 08Bh
1584 or ecx,ecx
1585 jz NoFakeIATPossible
1586
1587 F1CKEN4 08Bh
1588 push ecx
1589 F1CKEN4 08Bh
1590 push edi
1591 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the _KERNEL32
1592 F1CKEN4 08Bh
1593 add edx,ebx
1594 push edx
1595 F1CKEN4 08Bh
1596 push dword ptr [(offset Thunktable+4 - offset ToAdd)+ebx]
1597 call CallApi
1598 mov esi,eax
1599 F1CKEN4 08Bh
1600 mov ebp,eax
1601 pop edi
1602 F1CKEN4 08Bh
1603 pop ecx
1604Generate_Fake_IAT:
1605 push esi
1606 push ebp
1607 F1CKEN4 08Bh
1608 push eax
1609 push edi
1610 F1CKEN4 08Bh
1611
1612 add eax,dword ptr [esi+3Ch] ; pointer to the PE header start
1613 mov edi,esi
1614 F1CKEN4 08Bh
1615 mov eax,[eax+120]
1616 add eax,esi
1617 F1CKEN4 08Bh
1618 xchg eax,esi
1619
1620 F1CKEN4 08Bh
1621 call Randomize2
1622 F1CKEN4 08Bh
1623 and eax,0FFh
1624 sub eax,[esi+16] ; add the ordinal base to the ordinal numba
1625
1626 push edi
1627 F1CKEN4 08Bh
1628 mov edi,[esi+28]
1629 F1CKEN4 08Bh
1630 mov esi,ebp
1631 add edi,esi
1632 F1CKEN4 08Bh
1633 mov eax,[eax*4+edi]
1634 pop edi
1635 F1CKEN4 08Bh
1636 add eax,edi
1637 F1CKEN4 08Bh
1638 pop edi
1639 mov ax,25FFh
1640 stosw
1641 stosd
1642 pop eax
1643 F1CKEN4 08Bh
1644 pop ebp
1645 F1CKEN4 08Bh
1646 pop esi
1647 F1CKEN4 08Bh
1648 dec ecx
1649 jnz Generate_Fake_IAT
1650NoFakeIATPossible:
1651 popa
1652
1653 pop esi
1654 pop edx
1655 inc word ptr [OBJCOUNTI - offset ToAdd + ebx]
1656 jmp GetThenextobj
1657
1658Finito:
1659 CONFUSE 01h ; Confusing jump crap
1660
1661 cmp byte ptr [(PEText+88h - offset ToAdd)+ebx],"r"
1662 jnz Encrypt
1663
1664 cmp byte ptr [(RCOMP - offset ToAdd) + ebx],2 ; no resource processing needed?
1665 jz NoResources ; if yes, jump
1666 CONFUSE 02h ; Confusing jump crap
1667 cmp dword ptr [(RESOURCEOFS - offset ToAdd) + ebx],0 ; no resources?
1668 jz NoResources ; if yes, jump
1669 F1CKEN4 0FFh
1670 mov eax,dword ptr [RESOURCEOFS - offset ToAdd + ebx]
1671 F1CKEN4 0FFh
1672 add eax,dword ptr [NEWIBASE - offset ToAdd + ebx]
1673 CONFUSE 04h ; Confusing jump crap
1674 mov ebp,eax
1675 xchg esi,eax
1676
1677 F1CKEN 0EBh
1678
1679 cmp byte ptr [RCOMP - offset ToAdd + ebx],0 ; compressed resources?
1680 jz NoCompResources ; no? then skip decompression
1681
1682 mov ebp,ebx
1683 mov byte ptr [DECOMR - offset ToAdd + ebx],1
1684 mov eax,dword ptr [RESOURCESIZ - offset ToAdd + ebx]
1685
1686 F1CKEN 0EBh
1687
1688 mov dword ptr [OBJRSIZE - offset ToAdd + ebx],eax
1689 mov eax,dword ptr [RESOURCEVSIZ - offset ToAdd + ebx]
1690 CONFUSE 06h ; Confusing jump crap
1691 mov dword ptr [OBJVSIZE - offset ToAdd + ebx],eax
1692
1693 F1CKEN 0EBh
1694
1695 mov ecx,eax
1696 sub ecx,dword ptr [DIRSIZE - offset ToAdd + ebx]
1697 add esi,dword ptr [DIRSIZE - offset ToAdd + ebx]
1698 F1CKEN 063h
1699 mov edi,esi
1700 CONFUSE 0Dh ; Confusing jump crap
1701
1702 push eax
1703 mov eax,dword ptr [(RESOURCEBYT - offset ToAdd) + ebx]
1704 cmp [esi],eax
1705 pop eax
1706 jnz DeCompressResources
1707 jmp NoResources
1708
1709Encrypted_Layer_1End:
1710
1711NoCompResources:
1712 xor edi,edi
1713 mov dword ptr [(RESOURCEOFS - offset ToAdd) + ebx],0 ; zero it
1714 mov ebp,esi
1715 CONFUSE 03h ; Confusing jump crap
1716 mov edx,dword ptr [NEWIBASE - offset ToAdd + ebx]
1717
1718 call ParseSubDirectory
1719 jmp ResDecryptionFinished
1720
1721ParseSubDirectory Proc
1722 push edx
1723 movzx ecx,word ptr [esi+14] ; get the number of ID entries (root directory)
1724 movzx edx,word ptr [esi+12] ; get number of named entries (root directory)
1725 add ecx,edx
1726 pop edx
1727ReadSubdirectory_3:
1728 push ecx
1729 add esi,16 ; Image Resource Directory Format = 16 bytes
1730 push esi
1731ScanNext2:
1732
1733ContinueDirParsing3:
1734
1735 mov eax,dword ptr [esi+4] ; get data or directory offset
1736 ; (directory if 800000000h is set)
1737 and eax,7FFFFFFFh ; pointer contains of 31 bit
1738 test dword ptr [esi+4],80000000h ; test for directory / raw data structure
1739 jnz SubDirectoryFound2 ; jump if set (subdirectory)
1740 jmp RawStructureFound2 ; Raw data structure found
1741
1742SubDirectoryFound2:
1743 cmp byte ptr [esi],10h
1744 jz SkipThisEntry
1745 mov esi,ebp ; get the memory offset
1746 add esi,eax ; add the pointer to the sub directory
1747 call ParseSubDirectory
1748 CONFUSE 03h ; Confusing jump crap
1749SkipThisEntry:
1750 pop esi
1751 pop ecx
1752 sub esi,8
1753 or ecx,ecx
1754 jz Retit2
1755 dec ecx
1756 jnz ReadSubdirectory_3
1757Retit2:
1758 ret
1759 jmp ContinueDirParsing3
1760
1761DontEncryptThisEntry:
1762 add esi,8
1763 jmp ScanNext2
1764
1765RawStructureFound2:
1766 add eax,ebp
1767 xchg esi,eax
1768 mov eax,[esi] ; get the raw data offset
1769 CONFUSE 03h ; Confusing jump crap
1770 mov ecx,[esi+4] ; get the size of this raw data entry
1771 add eax,edx ; add the memory start of the allocated mem
1772
1773 sub eax,edi ; subtract the resource ofs to get the new offset
1774 mov esi,eax
1775
1776 push esi
1777 push ecx
1778 mov esi,(offset EncryptLayer3 - offset ToAdd) ; checksum start
1779 add esi,ebx ; add the pecrypt32 rva
1780 mov ecx,(offset HookedAPICODE_START - EncryptLayer3)
1781Patch_Crc1:
1782 mov eax,1
1783GenerateResourceChecksum:
1784 xor al,[esi]
1785 xor eax,ecx
1786 not eax
1787 rol eax,4
1788 dec ecx
1789 jnz GenerateResourceChecksum
1790 pop ecx
1791 pop esi
1792
1793 cmp byte ptr [esi],28h ; check for the first icon signature
1794 jz DontEncryptRawData ; don't encrypt if icon
1795
1796Encrypt_RawData:
1797 cmp byte ptr [esi],0 ; check for the first group icon signature
1798 jnz EncryptRawData
1799 cmp byte ptr [esi+2],01 ; check for the 2nd group icon signature
1800 jz DontEncryptRawData ; don't encrypt if icon
1801
1802 cmp byte ptr [(DURCHGANG - offset ToAdd) + ebx],1
1803 jz FickDich
1804 cmp byte ptr [(DURCHGANG - offset ToAdd) + ebx],2
1805 jz FickDich2
1806 push eax
1807 mov eax,dword ptr [(RESOURCEBYT - offset ToAdd) + ebx] ; get the resource bytes
1808 cmp [esi],eax
1809 pop eax
1810 jz ResDecryptionFinished
1811 mov byte ptr [(DURCHGANG - offset ToAdd) + ebx],2
1812 jmp FickDich2
1813
1814FickDich:
1815 push eax
1816 mov eax,[esi]
1817 mov dword ptr [(RESOURCEBYT - offset ToAdd) + ebx],eax
1818 mov byte ptr [(DURCHGANG - offset ToAdd) + ebx],2
1819 pop eax
1820
1821FickDich2:
1822
1823EncryptRawData:
1824 xor [esi],al
1825 xor eax,ecx
1826 not eax
1827 add eax,ecx
1828 inc esi
1829 dec ecx
1830 jnz EncryptRawData
1831DontEncryptRawData:
1832 CONFUSE 03h ; Confusing jump crap
1833 pop esi
1834 pop ecx
1835 ret
1836ParseSubDirectory endp
1837
1838ResDecryptionFinished:
1839 mov ebp,ebx
1840NoResources:
1841
1842 F1CKEN4 0FFh
1843
1844
1845 cmp byte ptr [(LOADRELOC - offset ToAdd + ebx)],0
1846 jz Thesame
1847 CONFUSE 03h ; Confusing jump crap
1848 mov eax,dword ptr [NEWIBASE - offset ToAdd + ebx] ; get the calculated imagebase
1849 F1CKEN4 08Dh
1850 cmp eax,dword ptr [IMAGEBASE - offset ToAdd + ebx] ; get the imagebase
1851 jz Thesame ; the same? then jump
1852 sub eax,dword ptr [IMAGEBASE - offset ToAdd + ebx] ; calculate the delta
1853
1854 CheckforHookedFunctions
1855 CONFUSE 03h ; Confusing jump crap
1856
1857 F1CKEN2 0C7h
1858
1859 mov dword ptr [RELOCDELTA - offset ToAdd + ebx],eax
1860 pop esi
1861
1862 F1CKEN 062h
1863
1864 mov edx,esi
1865 add esi,dword ptr [RELOCBASE - offset ToAdd + ebx] ; relocbase + imagebase relocstart
1866 F1CKEN 062h
1867 add dword ptr [(CRAPVAR - offset ToAdd) + ebx],eax
1868 mov eax,dword ptr [SAVEFIRSTRB - offset ToAdd + ebx]
1869 CONFUSE 03h ; Confusing jump crap
1870 mov dword ptr [esi],eax
1871
1872 F1CKEN 062h
1873
1874 cmp byte ptr [(RELOCCOMPP - offset ToAdd) + ebx],0 ; check for relocation
1875 jz NoRelocationCompression ; compression
1876
1877 mov eax,dword ptr [RELOCSAVE - offset ToAdd + ebx]
1878 mov dword ptr [esi],eax
1879
1880 F1CKEN 062h
1881
1882 mov eax,dword ptr [RELOCSAVE - offset ToAdd + 4 + ebx]
1883 mov dword ptr [esi+4],eax
1884
1885 F1CKEN 062h
1886
1887 mov ax,word ptr [RELOCSAVE - offset ToAdd + 8 + ebx]
1888 mov word ptr [esi+8],ax
1889
1890 CONFUSE 03h ; Confusing jump crap
1891 mov ebp,ebx
1892 mov byte ptr [(RelocCCC - offset ToAdd) + ebx],1 ; enable the relocation = running variable
1893 mov dword ptr [DECOMPSTART - offset ToAdd + ebp],esi ; save the relocation start
1894 CONFUSE 03h ; Confusing jump crap
1895 mov eax,dword ptr [(RelocSize - offset ToAdd) + ebx] ; get the relocation size (before 2nd compression)
1896 mov dword ptr [OBJVSIZE - offset ToAdd + ebx],eax ; save the size
1897 jmp DecompressRelocations
1898
1899ContinueRelocationCompression:
1900
1901 mov esi,dword ptr [DECOMPSTART - offset ToAdd + ebp] ; get the relocation section rva
1902 xor ebp,ebp
1903
1904GetNextRBlock:
1905 mov ecx,dword ptr [esi+4] ; get the length of this relocation block
1906
1907 add dword ptr [PCounter - offset ToAdd + ebx],ecx
1908 mov eax,[esi]
1909 mov dword ptr [TEMPVAR - offset ToAdd + ebx],eax ; save it
1910 add esi,8
1911
1912 xor eax,eax
1913 lodsw
1914 and ax,0FFFh
1915 mov word ptr [DECRELOCOFS - offset ToAdd + ebx],ax
1916
1917 add eax,dword ptr [TEMPVAR - offset ToAdd + ebx] ; add the virtual reloc block
1918 mov edi,eax ; adress to the relocation offset
1919
1920 add edi,dword ptr [NEWIBASE - offset ToAdd + ebx] ; add the new imagebase
1921 mov eax,dword ptr [RELOCDELTA - offset ToAdd + ebx] ; get the relocationdelta
1922 add dword ptr [edi],eax ; load the relocation
1923 cmp ecx,1
1924 jnz DecompReloc
1925 jmp OnlyoneRelocation
1926
1927DecompReloc:
1928 xor eax,eax
1929 lodsb
1930 test al,80h
1931 jz AnotherReloc
1932 and al,7Fh
1933
1934 add ax,word ptr [DECRELOCOFS - offset ToAdd + ebx]
1935 mov word ptr [DECRELOCOFS - offset ToAdd + ebx],ax
1936 jmp NoDamnway
1937AnotherReloc:
1938 dec esi
1939 lodsw
1940 mov [esi-2],cx ; erase the relocation
1941 xchg ah,al
1942 and ax,0FFFh
1943 mov word ptr [DECRELOCOFS - offset ToAdd + ebx],ax
1944
1945NoDamnway:
1946 add eax,dword ptr [TEMPVAR - offset ToAdd + ebx] ; add the virtual reloc block
1947 mov edi,eax ; adress to the relocation offset
1948
1949 add edi,dword ptr [NEWIBASE - offset ToAdd + ebx] ; add the new imagebase
1950 mov eax,dword ptr [RELOCDELTA - offset ToAdd + ebx] ; get the relocationdelta
1951
1952 add dword ptr [edi],eax ; load the relocation
1953 dec ecx
1954 jnz DecompReloc
1955OnlyoneRelocation:
1956
1957 CONFUSE 01h ; Confusing jump crap
1958 mov ebp,dword ptr [TEMPVAR - offset ToAdd + ebx]
1959 cmp ebp,dword ptr [Paranoia - offset ToAdd + ebx]
1960 jnz GetNextRBlock
1961 jmp Thesame
1962
1963NoRelocationCompression:
1964 xor ebp,ebp
1965Titten:
1966 add ebp,8
1967 mov ecx,dword ptr [esi+4] ; get the length of this relocation block
1968 F1CKEN 0FFh
1969 mov eax,[esi]
1970 mov dword ptr [TEMPVAR - offset ToAdd + ebx],eax ; save it
1971 add esi,8
1972 F1CKEN 0FFh
1973 sub ecx,8
1974 shr ecx,1 ; divide by 2, cause every reloc is a word
1975Lodi:
1976 add ebp,2
1977 xor eax,eax
1978
1979 pushad
1980 mov esi,(offset ResDecryptionFinished - offset ToAdd)
1981 add esi,ebx
1982
1983 F1CKEN 0FFh
1984
1985 mov edx,dword ptr [(ENCRYPTV3 - offset ToAdd) + ebx]
1986 mov edi,dword ptr [(ENCRYPTV4 - offset ToAdd) + ebx]
1987
1988 F1CKEN 0FFh
1989
1990 mov ecx,(offset NoTracerRunning - offset ResDecryptionFinished)
1991
1992 shr ecx,2
1993Calculate_RCRC2:
1994 mov eax,[esi]
1995 add edx,eax
1996 xor edx,ecx
1997 xor edi,eax
1998 rol edi,cl
1999 add esi,4
2000 dec ecx
2001 jnz Calculate_RCRC2
2002 xor edx,edi
2003 add dword ptr [(CRAPVAR - offset ToAdd) + ebx],eax
2004
2005 F1CKEN 0FFh
2006
2007 mov dword ptr [(ENCRYPTV5 - offset ToAdd) + ebx],edx
2008 popad
2009
2010 F1CKEN 0FFh
2011
2012 lodsw ; get it
2013 xor ax,word ptr [(ENCRYPTV5 - offset ToAdd) + ebx] ; encrypt it with the CRC
2014 xor ax,word ptr [CRYPTVALUE2 - offset ToAdd + ebx] ; decrypt the relocation
2015 mov [esi-2],cx ; erase the relocation
2016 cmp byte ptr [(ARTOFRELOC1 - offset ToAdd) + ebx],1 ; check for 12 or 16bit
2017 jnz Only12bitencryption ; relocation encryption
2018 xor ax,cx
2019 ror ax,cl
2020 not ax
2021Only12bitencryption:
2022 and ax,0FFFh ; only 12 bits are needed
2023 or ax,ax ; absolute relocation?
2024 jz AbsoluteRelocation ; if yes then jump! (don't load relocation)
2025 add eax,dword ptr [TEMPVAR - offset ToAdd + ebx] ; add the virtual reloc block
2026 mov edi,eax ; adress to the relocation offset
2027 add edi,dword ptr [NEWIBASE - offset ToAdd + ebx] ; add the new imagebase
2028 mov eax,dword ptr [RELOCDELTA - offset ToAdd + ebx] ; get the relocationdelta
2029 F1CKEN2 0C7h
2030 add dword ptr [edi],eax ; load the relocation
2031AbsoluteRelocation:
2032 dec ecx
2033 jnz Lodi
2034 F1CKEN 0FFh
2035 cmp ebp,dword ptr [RELOCLENG - offset ToAdd + ebx] ; relocations done?
2036 jz Thesame
2037 jmp Titten
2038
2039Thesame:
2040 F1CKEN4 08Dh
2041
2042 pusha
2043 cmp byte ptr [(IMP_DESTROY - offset ToAdd) + ebx],0
2044 jz No_FakeIAT_Possible
2045
2046 cmp dword ptr [(RELOCSIZE - offset ToAdd) + ebx],0
2047 jz No_FakeIAT_Possible
2048
2049 mov ecx,dword ptr [(RELOCSIZE - offset ToAdd) + ebx]
2050 F1CKEN4 08Bh
2051 mov edi,dword ptr [(NEWIBASE - offset ToAdd) + ebx]
2052 F1CKEN4 08Bh
2053 add edi,dword ptr [(RELOCBASE - offset ToAdd) + ebx]
2054 F1CKEN4 08Bh
2055 mov eax,ecx
2056 mov ecx,6
2057 F1CKEN4 08Bh
2058 xor edx,edx
2059 div ecx
2060 F1CKEN4 08Bh
2061 mov ecx,eax
2062 dec ecx
2063 F1CKEN4 08Bh
2064 or ecx,ecx
2065 jz No_FakeIAT_Possible
2066
2067 F1CKEN4 08Bh
2068 push ecx
2069 F1CKEN4 08Bh
2070 push edi
2071 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the _KERNEL32
2072 F1CKEN4 08Bh
2073 add edx,ebx
2074 push edx
2075 F1CKEN4 08Bh
2076 push dword ptr [(offset Thunktable+4 - offset ToAdd)+ebx]
2077 call CallApi
2078 mov esi,eax
2079 F1CKEN4 08Bh
2080 mov ebp,eax
2081 pop edi
2082 F1CKEN4 08Bh
2083 pop ecx
2084Generate_Fake_IAT_3:
2085 push esi
2086 push ebp
2087 F1CKEN4 08Bh
2088 push eax
2089 push edi
2090 F1CKEN4 08Bh
2091
2092 add eax,dword ptr [esi+3Ch] ; pointer to the PE header start
2093 mov edi,esi
2094 F1CKEN4 08Bh
2095 mov eax,[eax+120]
2096 add eax,esi
2097 F1CKEN4 08Bh
2098 xchg eax,esi
2099
2100 F1CKEN4 08Bh
2101 call Randomize2
2102 F1CKEN4 08Bh
2103 and eax,0FFh
2104 sub eax,[esi+16] ; add the ordinal base to the ordinal numba
2105
2106 push edi
2107 F1CKEN4 08Bh
2108 mov edi,[esi+28]
2109 F1CKEN4 08Bh
2110 mov esi,ebp
2111 add edi,esi
2112 F1CKEN4 08Bh
2113 mov eax,[eax*4+edi]
2114 pop edi
2115 F1CKEN4 08Bh
2116 add eax,edi
2117 F1CKEN4 08Bh
2118 pop edi
2119 mov ax,25FFh
2120 stosw
2121 stosd
2122 pop eax
2123 F1CKEN4 08Bh
2124 pop ebp
2125 F1CKEN4 08Bh
2126 pop esi
2127 F1CKEN4 08Bh
2128 dec ecx
2129 jnz Generate_Fake_IAT_3
2130
2131No_FakeIAT_Possible:
2132 popa
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142 movzx edx,word ptr [(wSecond - offset ToAdd) + ebx]
2143 push edx
2144 F1CKEN4 0F7h
2145 mov esi,(offset SYSTEMTIME_STRUCTURE - offset ToAdd) + 1
2146 add esi,ebx
2147 push esi
2148 F1CKEN4 0E8h
2149 call dword ptr [(GetSystemTimeRVA - offset ToAdd) + ebx]
2150 movzx eax,word ptr [(wSecond - offset ToAdd) + ebx]
2151 F1CKEN4 08Dh
2152 pop edx
2153 cmp eax,edx
2154 F1CKEN4 08Dh
2155 jz NoTracerRunning
2156 sub eax,edx
2157 F1CKEN4 08Dh
2158 cmp eax,50
2159 jae AbsoluteRelocation
2160
2161NoTracerRunning:
2162 F1CKEN4 08Dh
2163 mov dword ptr [(NEWAPIBUFFE - offset ToAdd) + ebx],ebx ; points now to ToAdd (PECRYPT32 start)
2164 CONFUSE 01h ; Confusing jump crap
2165 add [(TablePos - offset ToAdd) + ebx],ebx ; add ebx to the tableofs
2166 add [(TablePos2 - offset ToAdd) + ebx],ebx ; add ebx to the 2nd tableoffset
2167
2168 CONFUSE 02h ; Confusing jump crap
2169 add [(HOOKEDAPIS - offset ToAdd) + ebx],ebx ; ebx = pecrypt32 start = available memory
2170 CONFUSE 04h ; Confusing jump crap
2171 mov eax,dword ptr [(offset RVATABLE - offset ToAdd) + ebx] ; get the reversed memory offset
2172 CONFUSE 05h ; Confusing jump crap
2173 mov dword ptr [(HookVar3 - offset ToAdd) + ebx + 2 ],eax ; write it in the code
2174 CONFUSE 06h ; Confusing jump crap
2175 add [(HookVar4 - offset ToAdd) + ebx + 1 ],ebx ; add the base to this offset
2176 CONFUSE 07h ; Confusing jump crap
2177 add [(HookVar5 - offset ToAdd) + ebx + 3 ],ebx ; add the base to this jump offset
2178 add [(NoAntiBpxStuffSelected - offset ToAdd) + ebx + 3],ebx
2179 CONFUSE 08h ; Confusing jump crap
2180 add [(HookVar11 - offset ToAdd) + ebx + 1 ],ebx ; add the base to this jump offset
2181 F1CKEN2 0C7h
2182 CONFUSE 09h ; Confusing jump crap
2183 CheckforHookedFunctions
2184
2185 mov esi,dword ptr [IMPORTOFS - offset ToAdd + ebx] ; get the import rva
2186 F1CKEN4 08Dh
2187 add esi,dword ptr [NEWIBASE - offset ToAdd + ebx]
2188 F1CKEN4 08Dh
2189
2190NextMainImport:
2191 mov dword ptr [(SAVEDLLRVA - offset ToAdd) + ebx],0190331
2192 push esi
2193 cmp dword ptr [esi+16],0 ; check for end of the imports
2194 jz FinishedWithImports ; if end, jump
2195
2196 cmp dword ptr [esi],0 ; check for the 2nd import crap
2197 jnz FirstImportStandart ; if not then jump
2198
2199 F1CKEN4 08Dh
2200 cmp dword ptr [(DLLPOS - offset ToAdd) + ebx],0 ; was there a previous dllname?
2201 jz DontDeleteDLLName ; no? then jump
2202 pusha
2203 mov esi,dword ptr [(DLLPOS - offset ToAdd) + ebx] ; get the dll name offset
2204 mov edi,esi
2205 F1CKEN4 08Dh
2206 mov ecx,20
2207DeleteDLLName:
2208 lodsb
2209 or al,al
2210 jz FinishedDlldeleting
2211 xor al,byte ptr [(CRAPVAR - offset ToAdd) + ebx]
2212 stosb
2213 add byte ptr [(CRAPVAR - offset ToAdd) + ebx],al
2214 dec ecx
2215 jnz DeleteDLLName
2216FinishedDlldeleting:
2217 popa
2218
2219DontDeleteDLLName:
2220 mov edx,dword ptr [esi+12] ; get the pointer to the dll name
2221 mov [esi+12],ecx ; overwrite this pointer
2222 F1CKEN4 08Dh
2223 add edx,dword ptr [NEWIBASE - offset ToAdd + ebx]
2224 mov dword ptr [(DLLPOS - offset ToAdd) + ebx],edx
2225
2226 F1CKEN4 08Dh
2227 pusha
2228 mov esi,edx
2229 mov edi,(offset DLLSTRING - offset ToAdd)
2230 add edi,ebx
2231
2232 movzx ecx,byte ptr [(NAMECOUNTI - offset ToAdd) + ebx]
2233 F1CKEN4 08Dh
2234 add ecx,(offset DLLNAMESL - offset ToAdd)
2235 add ecx,ebx
2236 CONFUSE 02h ; Confusing jump crap
2237 movzx ecx,byte ptr [ecx]
2238
2239DecryptDllName:
2240 lodsb
2241 F1CKEN4 66h
2242 push esi
2243 push ecx
2244 push edi
2245 push eax
2246 mov ecx,(offset MutateHookedApi - offset ContinueRelocationCompression) / 4
2247 F1CKEN4 66h
2248 mov esi,(offset ContinueRelocationCompression - offset ToAdd)
2249 add esi,ebx
2250 F1CKEN4 66h
2251 mov edx,dword ptr [(IMPENC4 - offset ToAdd) + ebx]
2252Generate_Lame_Checksum_2_2:
2253 lodsd
2254 xor eax,ecx
2255 add edx,eax
2256 not edx
2257 rol edx,cl
2258 dec ecx
2259 jnz Generate_Lame_Checksum_2_2
2260 mov dword ptr [(IMPENC4 - offset ToAdd) + ebx],edx
2261
2262 pop eax
2263 pop edi
2264 pop ecx
2265 pop esi
2266 xor al,dl
2267 stosb
2268 dec ecx
2269 jnz DecryptDllName
2270
2271Dll_NameFinished:
2272 xor al,al
2273 stosb
2274 popa
2275 inc byte ptr [(NAMECOUNTI - offset ToAdd) + ebx]
2276
2277 F1CKEN4 66h
2278 mov edx,(offset DLLSTRING - offset ToAdd)
2279 add edx,ebx
2280
2281 F1CKEN4 66h
2282 mov eax,dword ptr [esi+16] ; get the thunk table offset
2283 mov [esi+16],ecx ; overwrite this pointer
2284 add eax,dword ptr [NEWIBASE - offset ToAdd + ebx] ; add the imagebase
2285
2286 mov esi,eax
2287 mov edi,esi ; edi = esi = thunktable
2288 jmp SecondImportStandart
2289
2290FirstImportStandart:
2291 mov edi,dword ptr [esi+16]
2292 mov [esi+16],ecx ; overwrite this pointer
2293 add edi,dword ptr [NEWIBASE - offset ToAdd + ebx]
2294 F1CKEN 0FFh
2295
2296 F1CKEN4 66h
2297 cmp dword ptr [(DLLPOS - offset ToAdd) + ebx],0 ; was there a previous dllname?
2298 jz DontDeleteDLLName2 ; no? then jump
2299 pusha
2300 F1CKEN4 0F7h
2301 mov esi,dword ptr [(DLLPOS - offset ToAdd) + ebx] ; get the dll name offset
2302 mov edi,esi
2303 mov ecx,20
2304DeleteDLLName2:
2305 lodsb
2306 or al,al
2307 jz FinishedDlldeleting2
2308 xor al,byte ptr [(CRAPVAR - offset ToAdd) + ebx]
2309 stosb
2310 add byte ptr [(CRAPVAR - offset ToAdd) + ebx],al
2311 dec ecx
2312 jnz DeleteDLLName2
2313FinishedDlldeleting2:
2314 popa
2315DontDeleteDLLName2:
2316 mov edx,dword ptr [esi+12]
2317 mov [esi+12],ecx ; erase this pointer
2318 add edx,dword ptr [NEWIBASE - offset ToAdd + ebx]
2319 mov dword ptr [(DLLPOS - offset ToAdd) + ebx],edx
2320
2321 pusha
2322 F1CKEN4 0F7h
2323 mov esi,edx
2324 mov edi,(offset DLLSTRING - offset ToAdd)
2325 add edi,ebx
2326
2327 F1CKEN4 0F7h
2328 movzx ecx,byte ptr [(NAMECOUNTI - offset ToAdd) + ebx]
2329 add ecx,(offset DLLNAMESL - offset ToAdd)
2330 add ecx,ebx
2331 movzx ecx,byte ptr [ecx]
2332 F1CKEN4 0F7h
2333
2334DecryptDllName_2:
2335 lodsb
2336 push esi
2337 push ecx
2338 push edi
2339 push eax
2340 mov ecx,(offset MutateHookedApi - offset ContinueRelocationCompression) / 4
2341 mov esi,(offset ContinueRelocationCompression - offset ToAdd)
2342 add esi,ebx
2343
2344 mov edx,dword ptr [(IMPENC4 - offset ToAdd) + ebx]
2345Generate_Lame_Checksum_2_2_2:
2346 lodsd
2347 xor eax,ecx
2348 add edx,eax
2349 not edx
2350 rol edx,cl
2351 dec ecx
2352 jnz Generate_Lame_Checksum_2_2_2
2353 mov dword ptr [(IMPENC4 - offset ToAdd) + ebx],edx
2354 pop eax
2355 pop edi
2356 pop ecx
2357 pop esi
2358
2359 xor al,dl
2360 stosb
2361 dec ecx
2362 jnz DecryptDllName_2
2363
2364Dll_NameFinished_2:
2365 xor al,al
2366 stosb
2367 popa
2368 inc byte ptr [(NAMECOUNTI - offset ToAdd) + ebx]
2369
2370 mov edx,(offset DLLSTRING - offset ToAdd)
2371 add edx,ebx
2372
2373 F1CKEN4 0F7h
2374 mov eax,dword ptr [esi]
2375 mov dword ptr [(SAVEDLLRVA - offset ToAdd) + ebx],eax
2376 mov [esi],ecx ; overwrite this pointer
2377 F1CKEN4 0F7h
2378 add eax,dword ptr [NEWIBASE - offset ToAdd + ebx]
2379 mov esi,eax
2380SecondImportStandart:
2381ParseNextImport:
2382 lodsd
2383 or eax,eax
2384 jz MainImportFinished
2385
2386 F1CKEN4 0F7h
2387 push edx
2388 push edi
2389 push esi
2390 push eax
2391 mov edi,esi
2392 F1CKEN4 0F7h
2393 mov ecx,(offset MutateHookedApi - offset ContinueRelocationCompression) / 4
2394 mov esi,(offset ContinueRelocationCompression - offset ToAdd)
2395 add esi,ebx
2396 F1CKEN4 0F7h
2397 mov edx,dword ptr [(IMPENC2 - offset ToAdd) + ebx]
2398Generate_Lame_Checksum_2:
2399 lodsd
2400 xor eax,ecx
2401 add edx,eax
2402 not edx
2403 rol edx,cl
2404 dec ecx
2405 jnz Generate_Lame_Checksum_2
2406 mov dword ptr [(IMPENC2 - offset ToAdd) + ebx],edx
2407 pop eax
2408 xor eax,edx
2409 F1CKEN4 0F7h
2410 pop esi
2411 pop edi
2412 pop edx
2413
2414 F1CKEN4 0F7h
2415
2416 cmp byte ptr [(LOADEROPT - offset ToAdd) + ebx],0 ; function hooking enabled
2417 jz HolladrioChick ; if yes, then continue
2418
2419 jmp OnlyApiHookingEnabled
2420AntiBpxStuffEnabled:
2421 pusha
2422
2423 F1CKEN4 08Bh
2424 mov edi,dword ptr [(TablePos2 - offset ToAdd) + ebx] ; get the table position
2425 mov eax,dword ptr [(InternalFunctionCounter - offset ToAdd) + ebx] ; get the counter
2426 F1CKEN4 08Bh
2427 movzx edx,word ptr [edi] ; get the function value
2428 F1CKEN4 08Bh
2429 cmp eax,edx ; compared both
2430 jnz AntiBpxBpmCrapFinished ; skip if not equal
2431
2432 F1CKEN4 08Bh
2433
2434 add edi,2
2435 mov dword ptr [(TablePos2 - offset ToAdd) + ebx],edi ; save the new table offset
2436 mov byte ptr [(Hookem - offset ToAdd) + ebx],1 ; function needs to get hooked
2437
2438 F1CKEN4 08Bh
2439 cmp byte ptr [(KINDOFHOOK - offset ToAdd) + ebx],0
2440 jnz JumpsAreNotNeeded
2441
2442 mov edi,dword ptr [(NEWAPIBUFFE - offset ToAdd) + ebx] ; points to the PECRYPT32 start
2443 mov dword ptr [(HookRVA - offset ToAdd) + ebx],edi ; save the new rva
2444
2445
2446 push edi
2447 mov ecx,(HookedAPICODE_END - offset HookedAPICODE_START)
2448 mov esi,(offset HookedAPICODE_START - offset ToAdd) ; points to the api code
2449 add esi,ebx
2450 rep movsb
2451 mov dword ptr [(NEWAPIBUFFE - offset ToAdd) + ebx],edi ; save the new buffer pos
2452 pop edi
2453 push edi
2454 mov eax,dword ptr [(TableEntry - offset ToAdd) + ebx] ; get the rva counter
2455 add edi,(offset HookVar1 - offset HookedAPICODE_START + 1)
2456 mov [edi],eax ; write the counter in the code
2457 pop edi
2458 add edi,(offset JMPDATA - offset HookedAPICODE_START) ; points to the 2nd fake var
2459
2460 F1CKEN4 08Bh
2461 mov edx,(offset MAINAPICODE_START - offset ToAdd) ; points to the main api code
2462 add edx,ebx
2463 sub edx,edi
2464 sub edx,4 ; becoz of the jmp opcode
2465 mov [edi],edx ; write the new jump position
2466
2467JumpsAreNotNeeded:
2468 mov al,byte ptr [(KINDOFHOOK - offset ToAdd) + ebx]
2469 or al,1 ; 0 bit set = anti bpx hook
2470 mov byte ptr [(KINDOFHOOK - offset ToAdd) + ebx],al
2471
2472 jmp AntiBpxBpmCrapFinished
2473
2474OnlyApiHookingEnabled:
2475 pusha
2476 F1CKEN4 0F7h
2477
2478
2479 F1CKEN4 08Bh
2480 mov eax,dword ptr [(InternalFunctionCounter - offset ToAdd) + ebx] ; get the counter
2481 mov edi,dword ptr [(TablePos - offset ToAdd) + ebx] ; get the table offset
2482 F1CKEN4 08Bh
2483 movzx edx,word ptr [edi] ; get the function value
2484 cmp eax,edx ; are they the same?
2485 jnz NoHooking ; if not jump
2486
2487 add edi,2 ; pointer to the next entry
2488 F1CKEN4 08Bh
2489 mov dword ptr [(TablePos - offset ToAdd) + ebx],edi ; save the new table offset
2490 mov byte ptr [(Hookem - offset ToAdd) + ebx],1 ; function needs to get hooked
2491 mov edi,dword ptr [(NEWAPIBUFFE - offset ToAdd) + ebx] ; points to the PECRYPT32 start
2492 F1CKEN4 08Bh
2493 mov dword ptr [(HookRVA - offset ToAdd) + ebx],edi ; save the new rva
2494
2495 push edi
2496 F1CKEN4 0F7h
2497 mov ecx,(HookedAPICODE_END - offset HookedAPICODE_START)
2498 mov esi,(offset HookedAPICODE_START - offset ToAdd) ; points to the api code
2499 add esi,ebx
2500 rep movsb
2501 F1CKEN4 0F7h
2502 mov dword ptr [(NEWAPIBUFFE - offset ToAdd) + ebx],edi ; save the new buffer pos
2503 pop edi
2504 push edi
2505 F1CKEN4 0F7h
2506 mov eax,dword ptr [(TableEntry - offset ToAdd) + ebx] ; get the rva counter
2507 add edi,(offset HookVar1 - offset HookedAPICODE_START + 1)
2508 mov [edi],eax ; write the counter in the code
2509 pop edi
2510 F1CKEN4 0F7h
2511 add edi,(offset JMPDATA - offset HookedAPICODE_START) ; points to the 2nd fake var
2512
2513 mov edx,(offset MAINAPICODE_START - offset ToAdd) ; points to the main api code
2514 add edx,ebx
2515 sub edx,edi
2516 CONFUSE 03h ; Confusing jump crap
2517 sub edx,4 ; becoz of the jmp opcode
2518 mov [edi],edx ; write the new jump position
2519 mov al,byte ptr [(KINDOFHOOK - offset ToAdd) + ebx]
2520 or al,4
2521 mov byte ptr [(KINDOFHOOK - offset ToAdd) + ebx],al
2522NoHooking:
2523 popa
2524HolladrioChick:
2525 cmp byte ptr [(ANTIBPXBPM - offset ToAdd) + ebx],1
2526 jz AntiBpxStuffEnabled
2527 jmp Nixpoppen
2528AntiBpxBpmCrapFinished:
2529 popa
2530
2531Nixpoppen:
2532 F1CKEN4 0F7h
2533 push eax
2534 mov eax,dword ptr [(SYSTEMTIME_STRUCTURE - offset ToAdd) + ebx]
2535 F1CKEN4 08Bh
2536 mov [esi-4],eax
2537 F1CKEN4 08Bh
2538 pop eax
2539
2540 test eax,80000000h ; if name entry then jump
2541 jz Pointer2NameDir
2542
2543 F1CKEN4 0F7h
2544 and eax,7FFFFFFFh
2545 push edx
2546 push edi
2547 push esi
2548 push eax
2549 push edx
2550 push edx
2551
2552 call dword ptr [(offset Thunktable+4 - offset ToAdd)+ebx] ; call "GetmoduleHandle"
2553 pop edx
2554 F1CKEN 0FFh
2555 or eax,eax
2556 jnz Dllalreadyloaded
2557 push edx
2558 push edx
2559 call dword [(offset Thunktable+4+4-4 - offset ToAdd)+ebx]
2560 pop edx
2561 or eax,eax
2562 jz DllError
2563
2564Dllalreadyloaded:
2565 F1CKEN4 08Bh
2566 mov esi,eax
2567 mov ebp,eax
2568 F1CKEN4 08Bh
2569 add eax,dword ptr [esi+3Ch] ; pointer to the PE header start
2570 mov edi,esi
2571 mov eax,[eax+120]
2572 F1CKEN4 08Bh
2573 add eax,esi
2574 xchg eax,esi
2575 pop eax
2576 F1CKEN4 08Bh
2577 sub eax,[esi+16] ; add the ordinal base to the ordinal numba
2578 push edi
2579 mov edi,[esi+28]
2580 F1CKEN4 08Bh
2581 mov esi,ebp
2582 add edi,esi
2583 F1CKEN4 08Bh
2584 mov eax,[eax*4+edi]
2585 pop edi
2586 add eax,edi
2587 pop esi
2588 pop edi
2589 pop edx
2590 F1CKEN4 08Bh
2591 jmp OrdinalImport
2592
2593Pointer2NameDir:
2594 F1CKEN4 08Bh
2595 add eax,dword ptr [NEWIBASE - offset ToAdd + ebx]
2596 inc eax
2597 F1CKEN4 08Bh
2598 inc eax
2599 push esi
2600 push eax
2601
2602 F1CKEN4 0E8h
2603 xchg eax,esi
2604 Call GetApi
2605 pop ebp
2606 push edi
2607 mov edi,ebp
2608 F1CKEN4 08Bh
2609 mov ecx,0FFFFh
2610DeleteImport:
2611 cmp byte ptr [edi],0
2612 jz DeletingFinished
2613 mov [edi],cl
2614 inc edi
2615 dec ecx
2616 jnz DeleteImport
2617DeletingFinished:
2618 pop edi
2619
2620 pop esi
2621
2622OrdinalImport:
2623 F1CKEN4 08Bh
2624 cmp byte ptr [(Hookem - offset ToAdd) + ebx],1 ; does this function need to be hooked?
2625 jnz NoHooking_2 ; no? then jump
2626
2627 F1CKEN4 0E8h
2628 push edi
2629 push edx
2630 mov byte ptr [(Hookem - offset ToAdd) + ebx],0 ; zero it
2631 F1CKEN4 08Bh
2632 mov edi,[(TableEntry - offset ToAdd) + ebx] ; get the rva counter
2633 push eax
2634 mov eax,5
2635 F1CKEN4 08Bh
2636 mul edi
2637 xchg eax,edi
2638 F1CKEN4 08Bh
2639 pop eax
2640 F1CKEN4 08Bh
2641 add edi,dword ptr [(offset RVATABLE - offset ToAdd) + ebx]
2642 F1CKEN4 0F7h
2643 mov [edi],eax ; save the rva
2644 F1CKEN4 08Bh
2645 mov al,byte ptr [(KINDOFHOOK - offset ToAdd) + ebx]
2646 mov [edi+4],al ; save the kind of api hooking
2647 F1CKEN4 08Bh
2648 mov byte ptr [(KINDOFHOOK - offset ToAdd) + ebx],0 ; zero it
2649
2650 F1CKEN4 08Bh
2651 mov eax,dword ptr [(HookRVA - offset ToAdd) + ebx] ; get the new rva (points to PECRYPT32)
2652 F1CKEN4 08Bh
2653 inc dword ptr [(TableEntry - offset ToAdd) + ebx] ; increase the rva counter
2654 pop edx
2655 pop edi
2656
2657NoHooking_2:
2658 mov dword ptr [edi],eax
2659 F1CKEN4 083h
2660 cmp byte ptr [(ANTIBPXBPM - offset ToAdd) + ebx],0
2661 jz DontCheckForHookedApis
2662 F1CKEN4 08Bh
2663 cmp byte ptr [eax],0CCh
2664 jz Anti_Loader_Handler
2665
2666DontCheckForHookedApis:
2667
2668Dontpatchimport:
2669 mov dword ptr [(SYSTEMTIME_STRUCTURE - offset ToAdd) + ebx],eax
2670 add edi,4
2671 inc dword ptr [(InternalFunctionCounter - offset ToAdd) + ebx] ; increase the function counta
2672jmp ParseNextImport
2673 pop esi
2674MainImportFinished:
2675
2676 pop esi
2677
2678 F1CKEN 0FFh
2679 add esi,20
2680CompareAgain_2:
2681 mov eax,dword ptr [(SAVEDLLRVA - offset ToAdd) + ebx]
2682 cmp eax,[esi] ; compare it with the current one
2683 jnz NextMainImport ; difference? then everything is okay
2684 add esi,20 ; add 20 bytes to get to the next entry
2685 Jmp CompareAgain_2 ; compare again
2686
2687jmp NextMainImport
2688FinishedWithImports:
2689
2690EncryptedLayer_4_Start:
2691
2692 mov esp,dword ptr [(PIZZA - offset ToAdd) + ebx]
2693 pop dword ptr fs:[0]
2694
2695
2696 CONFUSE 01h ; Confusing jump crap
2697 cmp byte ptr [(PEText - offset ToAdd +91h)+ebx],"k"
2698 jnz ParseNextImport
2699
2700 CONFUSE 01h ; Confusing jump crap
2701 pusha
2702 mov esi,dword ptr [(CODEBASE - ToAdd) + ebx] ; get the codebase
2703 add esi,dword ptr [(NEWIBASE - offset ToAdd) + ebx] ; add the calculated imagebase
2704 CONFUSE2 04H
2705 mov dword ptr [(HookVar6 - offset ToAdd) + ebx + 1],esi ; save the codesection rva
2706
2707 mov dword ptr [(MemoryPosition - offset ToAdd) + ebx + 1],esi ; save the codesection rva
2708
2709 mov ecx,dword ptr [(CODESIZE - offset ToAdd) + ebx] ; get physical size of the codesection
2710 CONFUSE 04h ; Confusing jump crap
2711 mov dword ptr [(HookVar7 - offset ToAdd) + ebx + 1],ecx ; write the physical code section size
2712
2713 mov dword ptr [(MemorySize - offset ToAdd) + ebx + 1],ecx ; write the physical code section size
2714
2715 CONFUSE 01h ; Confusing jump crap
2716 mov eax,dword ptr [(CRC32VALUE1 - offset ToAdd) + ebx] ; get the first CRC32 Value
2717 CONFUSE 01h ; Confusing jump crap
2718 mov dword ptr [(HookVar10 - offset ToAdd) + ebx + 1],eax ; patch the second value in the code
2719
2720 mov dword ptr [(CRCValue_2 - offset ToAdd) + ebx + 1],eax ; patch the second value in the code
2721
2722 mov edx,dword ptr [(CRC32VALUE1 - offset ToAdd) + ebx]
2723 call Calculate_CRC32 ; calculate the crc32 routine
2724 mov dword ptr [(CRC32VALUE - offset ToAdd) + ebx],eax ; save the crc32 for later use
2725 mov dword ptr [(REALCRCVALUE - offset ToAdd) + ebx],eax ; save the precalculated crc32 value
2726 popa
2727
2728 F1CKEN2 0C7h
2729
2730 pusha
2731
2732 F1CKEN4 08Bh
2733
2734 cmp dword ptr [(BUFFISIZE - offset ToAdd) + ebx],0
2735 jz No_FakeIATPossible
2736 mov ecx,dword ptr [(BUFFISIZE - offset ToAdd) + ebx]
2737 F1CKEN4 08Bh
2738 mov edi,dword ptr [(NEWIBASE - offset ToAdd) + ebx]
2739 F1CKEN4 08Bh
2740 add edi,dword ptr [(BUFFIRVA - offset ToAdd) + ebx]
2741 F1CKEN4 08Bh
2742 mov eax,ecx
2743 mov ecx,6
2744 F1CKEN4 08Bh
2745 xor edx,edx
2746 div ecx
2747 F1CKEN4 08Bh
2748 mov ecx,eax
2749 dec ecx
2750 F1CKEN4 08Bh
2751 or ecx,ecx
2752 jz No_FakeIATPossible
2753
2754 F1CKEN4 08Bh
2755 push ecx
2756 F1CKEN4 08Bh
2757 push edi
2758 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the _KERNEL32
2759 F1CKEN4 08Bh
2760 add edx,ebx
2761 push edx
2762 F1CKEN4 08Bh
2763 push dword ptr [(offset Thunktable+4 - offset ToAdd)+ebx]
2764 call CallApi
2765 mov esi,eax
2766 F1CKEN4 08Bh
2767 mov ebp,eax
2768 pop edi
2769 F1CKEN4 08Bh
2770 pop ecx
2771Generate_Fake_IAT_2:
2772 push esi
2773 push ebp
2774 F1CKEN4 08Bh
2775 push eax
2776 push edi
2777 F1CKEN4 08Bh
2778
2779 add eax,dword ptr [esi+3Ch] ; pointer to the PE header start
2780 mov edi,esi
2781 F1CKEN4 08Bh
2782 mov eax,[eax+120]
2783 add eax,esi
2784 F1CKEN4 08Bh
2785 xchg eax,esi
2786
2787 F1CKEN4 08Bh
2788 call Randomize2
2789 F1CKEN4 08Bh
2790 and eax,0FFh
2791 sub eax,[esi+16] ; add the ordinal base to the ordinal numba
2792
2793 push edi
2794 F1CKEN4 08Bh
2795 mov edi,[esi+28]
2796 F1CKEN4 08Bh
2797 mov esi,ebp
2798 add edi,esi
2799 F1CKEN4 08Bh
2800 mov eax,[eax*4+edi]
2801 pop edi
2802 F1CKEN4 08Bh
2803 add eax,edi
2804 F1CKEN4 08Bh
2805 pop edi
2806 mov ax,25FFh
2807 stosw
2808 stosd
2809 pop eax
2810 F1CKEN4 08Bh
2811 pop ebp
2812 F1CKEN4 08Bh
2813 pop esi
2814 F1CKEN4 08Bh
2815 dec ecx
2816 jnz Generate_Fake_IAT_2
2817
2818No_FakeIATPossible:
2819 popa
2820
2821DontWriteJump:
2822
2823 CONFUSE 03h ; Confusing jump crap
2824 pusha
2825 call Randomize2
2826 mov dword ptr [(offset EVALUE - offset ToAdd) + ebx],eax
2827
2828 mov esi,dword ptr [(HookVar3 - offset ToAdd) + 2 + ebx]
2829 mov edx,eax
2830 CONFUSE 03h ; Confusing jump crap
2831 mov edi,esi
2832 mov ecx,0FFFFFFFFh
2833Encrypt_It:
2834 lodsd
2835 or eax,eax
2836 jz Table_End_2
2837 ror eax,cl
2838 xor eax,edx
2839 sub eax,dword ptr [(CRC32VALUE - offset ToAdd) + ebx]
2840 stosd
2841 lodsb
2842 xor al,cl
2843 stosb
2844 dec ecx
2845 jnz Encrypt_It
2846Table_End_2:
2847 popa
2848
2849 mov esi,(offset DecryptionRoutinesFinished - offset ToAdd)
2850 CONFUSE 03h ; Confusing jump crap
2851 add esi,ebx
2852 mov edi,(offset DecryptionRoutines - offset ToAdd)
2853 add edi,ebx
2854 mov ecx,(offset MAINAPICODE_END - offset DecryptionRoutinesFinished)
2855 CONFUSE 0Fh ; Confusing jump crap
2856 mov byte ptr [(HowMuchLayers - offset ToAdd) + ebx],2
2857 mov edx,(offset DecryptionRoutinesFinished - offset MAINAPICODE_START)
2858 call RelocateMteCode
2859
2860DllExitCode_Execution:
2861
2862 F1CKEN4 0E8h
2863 cmp byte ptr [(ALOADER - offset ToAdd) + ebx],0
2864 jz BackgroundStuffDisabled
2865 push 0
2866 push 4
2867 push 1000h
2868 F1CKEN4 0E8h
2869 push 1024
2870 push 0
2871 F1CKEN4 0E8h
2872
2873 push dword ptr [F2RVA - offset ToAdd + ebx] ; allocate memory for the anti loader handler
2874 call CallApi
2875
2876 push eax
2877 CONFUSE 0Fh ; Confusing jump crap
2878 F1CKEN4 0E8h
2879 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the dllname
2880 add edx,ebx
2881 F1CKEN4 0E8h
2882 mov esi,(offset f_VirtualProtect - offset ToAdd)
2883 add esi,ebx
2884 call GetApi
2885 pop edx
2886
2887 CONFUSE 0Fh ; Confusing jump crap
2888 push edx
2889 mov esi,(offset BYTEWRITTEN - offset ToAdd)
2890 F1CKEN4 0E8h
2891 add esi,ebx
2892
2893 push esi ; push the variable for the old privileges..
2894 F1CKEN4 0E8h
2895 push PAGE_EXECUTE_READWRITE ; push the desired access flag (execute&read/write)
2896 push (Anti_Loader_Handler_End - offset Anti_Loader_Handler) ; size of the region
2897 F1CKEN4 0E8h
2898 push edx
2899 push eax
2900 Call CallApi
2901
2902 pop eax
2903 push eax
2904
2905 CONFUSE 83h ; Confusing jump crap
2906 mov edi,eax
2907 mov esi,(offset Anti_Loader_Handler - offset ToAdd)
2908 add esi,ebx
2909 mov ecx,(Anti_Loader_Handler_End - offset Anti_Loader_Handler)
2910Copy_And_Erase:
2911 lodsb
2912 mov byte ptr [esi-1],0
2913 stosb
2914 dec ecx
2915 jnz Copy_And_Erase
2916
2917 F1CKEN4 0E8h
2918 mov esi,(offset GetCurrentProcess_Id - offset ToAdd)
2919 add esi,ebx
2920 F1CKEN4 0E8h
2921 push esi
2922 F1CKEN4 0E8h
2923 push dword ptr [(Kernel32RVA - offset ToAdd) + ebx]
2924 F1CKEN4 0E8h
2925 push dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
2926 call CallApi
2927
2928 push eax
2929 Call CallApi
2930
2931 CONFUSE 36h ; Confusing jump crap
2932 push eax ; push processid
2933 push 0
2934 push PROCESS_SET_INFORMATION
2935 push dword ptr [(OpenProcessRVA - offset ToAdd) + ebx]
2936 call CallApi
2937 F1CKEN4 0E8h
2938 mov dword ptr [(PROCESSHANDLE - offset ToAdd) + ebx],eax ; save the process handle
2939 pop eax
2940
2941 CONFUSE 0F7h ; Confusing jump crap
2942 mov edx,(offset Thread_ID2 - offset ToAdd)
2943 add edx,ebx
2944 push edx
2945 push CREATE_SUSPENDED ; create a thread which runs after resumethread
2946 push 0
2947 push eax
2948 push 0
2949 push 0
2950 F1CKEN4 0E8h
2951 push dword ptr [(CreateThreadRVA - offset ToAdd) + ebx]
2952 call CallApi
2953 F1CKEN4 0E8h
2954 mov dword ptr [(Thread_Handle2 - offset ToAdd) + ebx],eax ; save thread handle
2955
2956 CONFUSE 0F7h ; Confusing jump crap
2957 push THREAD_PRIORITY_LOWEST
2958 push dword ptr [(Thread_Handle2 - offset ToAdd) + ebx] ; push thread id
2959 F1CKEN4 0E8h
2960 push dword ptr [(SetThreadPriorityRVA - offset ToAdd) + ebx]
2961 call CallApi
2962
2963 F1CKEN4 0E8h
2964 push dword ptr [(Thread_Handle2 - offset ToAdd) + ebx] ; push thread handle
2965 F1CKEN4 0E8h
2966 push dword ptr [(ResumeThreadRVA - offset ToAdd) + ebx]
2967 call CallApi
2968
2969BackgroundStuffDisabled:
2970 mov esp,dword ptr [SAVEESP2 - offset ToAdd + ebx] ; restore esp
2971 pop ebp
2972 F1CKEN4 0E8h
2973 pop edi
2974 pop esi
2975
2976 mov eax,dword ptr [NEWIBASE - offset ToAdd + ebx] ; get the imagebase
2977 F1CKEN4 0E9h
2978 add eax,dword ptr [RIGHTONE - offset ToAdd + ebx] ; add the rva
2979 jmp eax
2980
2981Anti_Loader_Handler:
2982 call $+5
2983 pop ebx
2984 sub ebx,5
2985 F1CKEN4 0F7h
2986RestartCalculatingTheCrc:
2987
2988MemoryPosition:
2989 mov esi,1 ; points to the code section
2990 F1CKEN4 0F7h
2991MemorySize:
2992 mov ecx,1 ; Physical Size of the code section
2993 F1CKEN4 0F7h
2994CRCValue_2:
2995 mov edx,1 ; second CRC32 Value
2996 F1CKEN4 0F7h
2997 shr ecx,2
2998 F1CKEN4 0F7h
2999Calculate_CRC_32:
3000 lodsd
3001 add edx,eax
3002 xor edx,ecx
3003 dec ecx
3004 jnz Calculate_CRC_32
3005 F1CKEN4 0F7h
3006 xchg eax,edx
3007 cmp eax,[(REALCRCVALUE - offset Anti_Loader_Handler) + ebx]
3008 jz CrcIsOkay
3009 F1CKEN4 0F7h
3010 mov edi,dword ptr [(MemoryPosition - offset Anti_Loader_Handler) + 1 + ebx]
3011 F1CKEN4 0F7h
3012 mov ecx,dword ptr [(MemorySize - offset Anti_Loader_Handler) + 1 + ebx]
3013 F1CKEN4 0F7h
3014 shr ecx,2
3015 F1CKEN4 0F7h
3016 rep stosd
3017CrcIsOkay:
3018 jmp RestartCalculatingTheCrc
3019 REALCRCVALUE dd 0 ; offset of the pre calculated crc value...
3020Anti_Loader_Handler_End:
3021
3022MutateHookedApi:
3023 pusha
3024 call $+5
3025 pop ebx
3026 sub ebx,(offset MutateHookedApi - offset ToAdd) + 6
3027 CONFUSE 02h ; Confusing jump crap
3028 mov esi,(offset DecryptionRoutinesFinished - offset ToAdd)
3029 add esi,ebx
3030 mov edi,(offset DecryptionRoutines - offset ToAdd)
3031 add edi,ebx
3032 CONFUSE 01h ; Confusing jump crap
3033 mov ecx,(offset MAINAPICODE_END - offset DecryptionRoutinesFinished)
3034 mov byte ptr [(HowMuchLayers - offset ToAdd) + ebx],2
3035 mov edx,(offset DecryptionRoutinesFinished - offset MAINAPICODE_START)
3036 call RelocateMteCode
3037 popa
3038 pop eax
3039 F1CKEN4 0E8h
3040 test byte ptr [(KINDOFHOOK - offset ToAdd) + ebx],00000000000000000000000000000001b
3041 jz NoAntiBpxStuff_Selected
3042 popa
3043HookVar5:
3044 push dword ptr cs:[(JumpOffset - offset ToAdd)]
3045
3046CallApi2:
3047 push ebx
3048 call $+5
3049 pop ebx
3050 sub ebx,(offset CallApi2 - offset ToAdd) + 6
3051 mov dword ptr [(SAVEEAX - offset ToAdd) + ebx],eax ; save eax
3052 pop eax
3053 F1CKEN4 0E8h
3054 mov dword ptr [(SAVEEBX - offset ToAdd) + ebx],eax ; save ebx
3055 F1CKEN4 0E8h
3056 mov dword ptr [(SAVEECX - offset ToAdd) + ebx],eax ; save ecx
3057 F1CKEN4 0E8h
3058 mov dword ptr [(SAVEEDX - offset ToAdd) + ebx],edx ; save edx
3059 F1CKEN4 0E8h
3060 mov dword ptr [(SAVEEDI - offset ToAdd) + ebx],edi ; save edi
3061 F1CKEN4 0E8h
3062 mov dword ptr [(SAVEESI - offset ToAdd) + ebx],esi ; save esi
3063 F1CKEN4 0E8h
3064 mov dword ptr [(SAVEEBP - offset ToAdd) + ebx],ebp ; save ebp
3065 pop esi
3066 mov dword ptr [(SAVEEIP - offset ToAdd) + ebx],esi ; save eip
3067
3068 F1CKEN4 0E8h
3069 cmp byte ptr [esi],0CCh
3070 jz HookVar4
3071
3072GetNextMnemonic2:
3073 xor eax,eax
3074 F1CKEN4 0E8h
3075 lodsb
3076 cmp al,50h
3077 jb NoPushblainstruction2
3078 cmp al,57h
3079 ja NoPushblainstruction2
3080 sub al,50h
3081 push dword ptr [(eax*4)+(offset SAVEEAX - offset ToAdd) + ebx]
3082 jmp GetNextMnemonic2
3083NoPushblainstruction2:
3084 cmp al,68h
3085 jnz NoDirectDwordValuePush2
3086 push dword ptr [esi]
3087 add esi,4
3088 jmp GetNextMnemonic2
3089NoDirectDwordValuePush2:
3090 cmp al,0E8h
3091 jnz NoCall2
3092 push esi
3093 mov esi,[esi]
3094 jmp GetNextMnemonic2
3095NoCall2:
3096 cmp word ptr [esi-1],0EC8Bh
3097 jnz NoMoVEbpEsp2
3098 inc esi
3099 mov dword ptr [(SAVEEBP - offset ToAdd) + ebx],esp
3100 jmp GetNextMnemonic2
3101NoMoVEbpEsp2:
3102 cmp word ptr [esi-1],0D22Bh
3103 jnz NoSubEdxEdx2
3104 mov dword ptr [(SAVEEDX - offset ToAdd) + ebx],0
3105 inc esi
3106 jmp GetNextMnemonic2
3107NoSubEdxEdx2:
3108 cmp al,6Ah
3109 jnz NoDirectPushi2
3110 movzx eax,byte ptr [esi]
3111 push eax
3112 inc esi
3113 jmp GetNextMnemonic2
3114
3115NoDirectPushi2:
3116 F1CKEN4 0E8h
3117 mov edx,(FarJmpOffset2 - offset ToAdd)
3118 add edx,ebx
3119 sub esi,6
3120 mov edi,esi
3121 sub edi,edx
3122 mov dword ptr [edx+1],edi
3123 F1CKEN4 0E8h
3124 mov eax,dword ptr [(SAVEEAX - offset ToAdd) + ebx]
3125 F1CKEN4 0E8h
3126 mov ecx,dword ptr [(SAVEECX - offset ToAdd) + ebx]
3127 F1CKEN4 0E8h
3128 mov edx,dword ptr [(SAVEEDX - offset ToAdd) + ebx]
3129 F1CKEN4 0E8h
3130 mov edi,dword ptr [(SAVEEDI - offset ToAdd) + ebx]
3131 F1CKEN4 0E8h
3132 mov esi,dword ptr [(SAVEESI - offset ToAdd) + ebx]
3133 F1CKEN4 0E8h
3134 mov ebp,dword ptr [(SAVEEBP - offset ToAdd) + ebx]
3135 F1CKEN4 0E8h
3136 mov ebx,dword ptr [(SAVEEBX - offset ToAdd) + ebx]
3137FarJmpOffset2:
3138 db 0E9h
3139 dd 0
3140NoAntiBpxStuff_Selected:
3141 popa
3142NoAntiBpxStuffSelected:
3143 push dword ptr cs:[(JumpOffset - offset ToAdd)]
3144 ret
3145JumpOffset:
3146 dd 0 ; includes the rva for this APIcall
3147
3148HookedAPICODE_START:
3149 pusha
3150HookVar1:
3151 mov ebp,1 ; 1 = variable
3152HookJump1:
3153 db 0E9h ; far jump
3154JMPDATA:
3155 dd 0
3156Holladrio:
3157HookedAPICODE_END:
3158
3159MAINAPICODE_START:
3160 DecryptionRoutines db 130 dup (90h) ; buffer for the api decryption routines
3161
3162DecryptionRoutinesFinished:
3163 push eax
3164 mov eax,5
3165 mul ebp
3166 xchg eax,ebp
3167 pop eax
3168
3169HookVar3:
3170 add ebp,1234
3171
3172HookVar6:
3173 mov esi,1 ; points to the code section
3174HookVar7:
3175 mov ecx,1 ; Physical Size of the code section
3176HookVar10:
3177 mov edx,1 ; second CRC32 Value
3178; call Calculate_CRC32 ; calculate the crc32 routine
3179
3180 shr ecx,2
3181 push esi
3182 push ecx
3183 push edx
3184
3185Calculate_CRC32_2__:
3186 lodsd
3187 add edx,eax
3188 xor edx,ecx
3189 dec ecx
3190 jnz Calculate_CRC32_2__
3191 xchg eax,edx
3192 pop edx
3193 pop ecx
3194 pop esi
3195
3196 pusha
3197RelocateDecryptCode:
3198 call $+5
3199 pop ebx
3200 sub ebx,(offset RelocateDecryptCode - offset ToAdd) + 5
3201
3202 mov ebp,eax
3203
3204 F1CKEN4 0E8h
3205 mov esi,dword ptr [(HookVar3 - offset ToAdd) + 2 + ebx]
3206 mov edx,dword ptr [(offset EVALUE - offset ToAdd) + ebx]
3207 F1CKEN4 0E8h
3208 mov edi,esi
3209 CONFUSE 03h ; Confusing jump crap
3210 mov ecx,0FFFFFFFFh
3211DecryptIt:
3212 lodsd
3213 or eax,eax
3214 jz TableEnd
3215 add eax,ebp
3216 xor eax,edx
3217 rol eax,cl
3218 stosd
3219 lodsb
3220 xor al,cl
3221 stosb
3222 dec ecx
3223 jnz DecryptIt
3224TableEnd:
3225 popa
3226
3227RelocateMyself:
3228 call $+5
3229 pop ebx
3230 sub ebx,(RelocateMyself - offset ToAdd) + 5
3231
3232 F1CKEN4 0E8h
3233 mov eax,[ebp] ; get the api offset
3234 push edx
3235 mov dl,byte ptr [ebp+4] ; get kind of api hook
3236 F1CKEN4 0E8h
3237 mov byte ptr [(KINDOFHOOK - offset ToAdd) + ebx],dl ; save it
3238 pop edx
3239HookVar4:
3240 mov edi,(JumpOffset - offset ToAdd) ; pointer to the api variable
3241 mov [edi],eax
3242
3243 shl ecx,2
3244; call Calculate_CRC32 ; calculate the crc32 routine
3245
3246 shr ecx,2
3247 push esi
3248 push ecx
3249 push edx
3250
3251Calculate_CRC_32_2:
3252 lodsd
3253 add edx,eax
3254 xor edx,ecx
3255 dec ecx
3256 jnz Calculate_CRC_32_2
3257 xchg eax,edx
3258 pop edx
3259 pop ecx
3260 pop esi
3261
3262
3263
3264 pusha
3265 F1CKEN4 0E8h
3266 mov ebp,eax
3267
3268 F1CKEN4 0E8h
3269
3270 push ecx
3271 push ebx
3272 mov ecx,10
3273 mov ebx,esp
3274 sub ebx,10
3275GenerateDamnRandomValue:
3276 xor eax,[ebx]
3277 inc ebx
3278 dec ecx
3279 jnz GenerateDamnRandomValue
3280 pop ebx
3281 pop ecx
3282
3283 mov dword ptr [(offset EVALUE - offset ToAdd) + ebx],eax
3284 CONFUSE 03h ; Confusing jump crap
3285 mov esi,dword ptr [(HookVar3 - offset ToAdd) + 2 + ebx]
3286 F1CKEN4 0E8h
3287 mov edx,eax
3288 mov edi,esi
3289 F1CKEN4 0E8h
3290 mov ecx,0FFFFFFFFh
3291EncryptIt:
3292 lodsd
3293 or eax,eax
3294 jz Table_End
3295 ror eax,cl
3296 xor eax,edx
3297 sub eax,ebp
3298 stosd
3299 lodsb
3300 xor al,cl
3301 stosb
3302 dec ecx
3303 jnz EncryptIt
3304Table_End:
3305 popa
3306 CONFUSE2 01H
3307HookVar11:
3308 mov edi,(offset CRC32VALUE - offset ToAdd); points to CRC32VALUE variable
3309
3310 F1CKEN4 0E8h
3311 test byte ptr [(KINDOFHOOK - offset ToAdd) + ebx],00000000000000000000000000000100b
3312 jz AgainNoChecksumNeeded
3313 F1CKEN4 0E8h
3314 cmp eax,[edi] ; compare the calculated checksums
3315 jnz EncryptedLayer_4_Start ; jump into garbage code
3316AgainNoChecksumNeeded:
3317 call MutateHookedApi
3318
3319CRC32VALUE:
3320 dd 0 ; crc32 for the code section
3321EVALUE:
3322 dd 0 ; encryption value for the rva table ;)
3323
3324MAINAPICODE_END:
3325
3326 RIGHTONE dd 0 ; Entrypoint aka RVA
3327
3328 include r-crc32.inc ; includes the lame crc32 routine
3329
3330EncryptedLayer_4_End:
3331Encrypt2Layer_End:
3332EncryptLayer3_End:
3333
3334
3335;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
3336;Parameter of GetApi
3337;edx = offset of the dll name ( 0 terminated of course)
3338;esi = offset of the Function name ( 0 terminated of course)
3339;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
3340
3341MemAError:
3342 push 30h
3343 F1CKEN 0FFh
3344 mov eax,(offset DeallocErrorHead - offset ToAdd)
3345 add eax,ebx
3346 push eax
3347
3348 F1CKEN 0FFh
3349
3350 mov eax,(offset AllocError - offset ToAdd)
3351 add eax,ebx
3352 push eax
3353 push 0
3354
3355MboxError:
3356 mov edx,(offset _USER32 - offset ToAdd) ; offset of the dllname
3357 add edx,ebx
3358 mov esi,(offset f_MessageBoxA - offset ToAdd) ; offset of the function
3359 add esi,ebx
3360 Call GetApi ; get the rva of this function
3361
3362 F1CKEN 0FFh
3363
3364 call eax
3365
3366 mov edx,(offset ModuleDLL - offset ToAdd) ; offset of the _KERNEL32
3367 add edx,ebx
3368
3369 F1CKEN 0FFh
3370
3371 mov esi,(offset f_ExitProcess - offset ToAdd) ; offset of the function
3372 add esi,ebx
3373 Call GetApi ; get the rva of this function
3374 push 0FFh
3375 call eax ; quit
3376
3377GetApi proc
3378 push edx
3379 push edx
3380
3381 push dword ptr [(offset Thunktable+4 - offset ToAdd)+ebx]
3382 call CallApi
3383 or eax,eax
3384 jnz LibaryFound
3385 pop edx
3386
3387 push edx
3388 push edx
3389 push edx
3390 push dword ptr [(offset Thunktable - offset ToAdd)+((3*4)-4)+ebx]
3391 call CallApi
3392 pop edx
3393 or eax,eax
3394 jz DllError
3395LibaryFound:
3396 push esi
3397 push eax
3398 push dword ptr [(Thunktable - offset ToAdd)+ebx] ; call "GetProcAddress"
3399 call CallApi
3400 or eax,eax
3401 pop edx
3402 jz FunctionNotImportable
3403 ret
3404GetApi Endp
3405
3406FunctionNotImportable:
3407 mov edi,esi
3408 push edi
3409 xor al,al
3410 repnz scasb
3411 stosb
3412 pop esi
3413 sub edi,esi
3414 mov ecx,edi
3415 mov edi,(offset ImportError2 - offset ToAdd) + 41
3416 add edi,ebx
3417 rep movsb
3418 xor al,al
3419 stosb
3420 push 30h
3421 mov eax,(offset ImportError2H - offset ToAdd)
3422 add eax,ebx
3423 push eax
3424 mov eax,(offset ImportError2 - offset ToAdd)
3425 add eax,ebx
3426 push eax
3427 push 0
3428 jmp MboxError
3429
3430DllError:
3431 mov edi,edx
3432 push edi
3433 xor al,al
3434 repnz scasb
3435 stosb
3436 pop esi
3437 sub edi,esi
3438 mov ecx,edi
3439 mov edi,(offset ImpError - offset ToAdd) + 15
3440 add edi,ebx
3441 rep movsb
3442 xor al,al
3443 stosb
3444 F1CKEN 0FFh
3445 push 30h
3446 mov eax,(offset ImportError - offset ToAdd)
3447 add eax,ebx
3448 push eax
3449 mov eax,(offset ImpError - offset ToAdd)
3450 add eax,ebx
3451 push eax
3452 push 0
3453 jmp MboxError
3454
3455
3456;Generates a random value
3457;edi = maximal value allowed
3458;
3459RandomizeValue proc
3460 push ecx
3461GenerateAgain2:
3462 Call Randomize2
3463 xchg ecx,eax
3464 Call Randomize2
3465 xor ecx,eax
3466 Call Randomize2
3467 xor eax,ecx
3468; mov ecx,eax
3469; and ecx,0FFFFh
3470 mov ecx,255
3471 xor edx,edx
3472GenValues2:
3473 xor eax,ecx
3474 rol edx,cl
3475 inc edx
3476 dec ecx
3477 jnz GenValues2
3478 xor eax,edx
3479 xor edx,edx
3480 div edi
3481 mov eax,edx
3482 or eax,eax
3483 jz GenerateAgain2
3484 pop ecx
3485 ret
3486RandomizeValue endp
3487
3488CallApi proc
3489 push ebx
3490 call $+5
3491 pop ebx
3492 sub ebx,(offset CallApi - offset ToAdd) + 6
3493 mov dword ptr [(SAVEEAX - offset ToAdd) + ebx],eax ; save eax
3494 F1CKEN 0FFh
3495 pop eax
3496 mov dword ptr [(SAVEEBX - offset ToAdd) + ebx],eax ; save ebx
3497 mov dword ptr [(SAVEECX - offset ToAdd) + ebx],eax ; save ecx
3498 F1CKEN 0FFh
3499 mov dword ptr [(SAVEEDX - offset ToAdd) + ebx],edx ; save edx
3500 mov dword ptr [(SAVEEDI - offset ToAdd) + ebx],edi ; save edi
3501 F1CKEN 0B8h
3502 mov dword ptr [(SAVEESI - offset ToAdd) + ebx],esi ; save esi
3503 mov dword ptr [(SAVEEBP - offset ToAdd) + ebx],ebp ; save ebp
3504 pop esi
3505 F1CKEN 0FFh
3506 mov dword ptr [(SAVEEIP - offset ToAdd) + ebx],esi ; save eip
3507 pop esi
3508
3509 F1CKEN 0D8h
3510 push dword ptr [(SAVEEIP - offset ToAdd) + ebx] ; push current eip
3511
3512 F1CKEN 0F7h
3513 cmp byte ptr [esi],0CCh
3514 F1CKEN4 0F7h
3515 jz HookVar4
3516 F1CKEN4 0E9h
3517
3518GetNextMnemonic:
3519 xor eax,eax
3520 lodsb
3521 cmp al,50h
3522 jb NoPushblainstruction
3523 cmp al,57h
3524 ja NoPushblainstruction
3525 sub al,50h
3526 push dword ptr [(eax*4)+(offset SAVEEAX - offset ToAdd) + ebx]
3527 jmp GetNextMnemonic
3528NoPushblainstruction:
3529 cmp al,68h
3530 jnz NoDirectDwordValuePush
3531 push dword ptr [esi]
3532 add esi,4
3533 jmp GetNextMnemonic
3534NoDirectDwordValuePush:
3535 cmp al,0E8h
3536 jnz NoCall
3537 push esi
3538 mov esi,[esi]
3539 jmp GetNextMnemonic
3540NoCall:
3541 cmp word ptr [esi-1],0EC8Bh
3542 jnz NoMoVEbpEsp
3543 inc esi
3544 mov dword ptr [(SAVEEBP - offset ToAdd) + ebx],esp
3545 jmp GetNextMnemonic
3546NoMoVEbpEsp:
3547 cmp word ptr [esi-1],0D22Bh
3548 jnz NoSubEdxEdx
3549 mov dword ptr [(SAVEEDX - offset ToAdd) + ebx],0
3550 inc esi
3551 jmp GetNextMnemonic
3552NoSubEdxEdx:
3553 cmp al,6Ah
3554 jnz NoDirectPushi
3555 movzx eax,byte ptr [esi]
3556 push eax
3557 inc esi
3558 jmp GetNextMnemonic
3559
3560NoDirectPushi:
3561 mov edx,(FarJmpOffset - offset ToAdd)
3562 add edx,ebx
3563 sub esi,6
3564 mov edi,esi
3565 sub edi,edx
3566 mov dword ptr [edx+1],edi
3567 mov eax,dword ptr [(SAVEEAX - offset ToAdd) + ebx]
3568 mov ecx,dword ptr [(SAVEECX - offset ToAdd) + ebx]
3569 mov edx,dword ptr [(SAVEEDX - offset ToAdd) + ebx]
3570 mov edi,dword ptr [(SAVEEDI - offset ToAdd) + ebx]
3571 mov esi,dword ptr [(SAVEESI - offset ToAdd) + ebx]
3572 mov ebp,dword ptr [(SAVEEBP - offset ToAdd) + ebx]
3573 mov ebx,dword ptr [(SAVEEBX - offset ToAdd) + ebx]
3574CodeCRC_End:
3575
3576FarJmpOffset:
3577 db 0E9h
3578 dd 0
3579CallApi endp
3580
3581Randomize2 proc
3582 push ecx
3583 call dword ptr [(GetTickCountRVA - offset ToAdd) + ebx]
3584 xchg eax,ecx
3585 call dword ptr [(GetTickCountRVA - offset ToAdd) + ebx]
3586 xor ecx,eax
3587 call dword ptr [(GetTickCountRVA - offset ToAdd) + ebx]
3588 xor ecx,eax
3589 xchg eax,ecx
3590 pop ecx
3591 ret
3592Randomize2 endp
3593
3594REALCODE_CRC_END:
3595
3596 include r-slowmte2.inc
3597
3598 Align 4
3599DECRRUNNING db 0 ; is already an api decryption running?
3600 KINDOFHOOK db 0 ; defines the kind of the hook (api or bpx/bpm trick..or both)
3601InternalFunctionCounter dd 0 ; internal function countaaaa (for the api hooking)
3602BYTEWRITTEN dd 0 ; needed for writeprocessmemory
3603 TablePos dd (offset FunctionT - offset ToAdd) ; position in the internal api table (needed for api hooking)
3604 TablePos2 dd (offset FunctionT2 - offset ToAdd) ; position in the internal api table (needed for anti bpx/bpm stuff)
3605 DLLPOS dd 0 ; position of the dllname in the import table
3606 CRAPVAR dd 0 ; holds a pseudo random value , used for lame routines ;)
3607 HOOKEDAPIS dd 0 ; points to available mem for hooked apis
3608 TableEntry dd 0 ; counter for the rva table
3609NEWAPIBUFFE dd 0 ; buffaaa
3610 CODEOFS2 dd 0 ; y000 niggaahhhh
3611 FunctionT db 2000 dup (0) ; 500 hooked functions = maximum
3612 FunctionT2 db 2000 dup (0) ; The Anti BPX routines can handle about 500 functions
3613 Hookem db 0 ; hooking of this api allowed?
3614 HookRVA dd 0 ; rva for the new function (points to the pecrypt32 apis)
3615CRC32VALUE1 dd 0 ; first CRC32 value
3616CRC32VALUE2 dd 0 ; second CRC32 value
3617 REAL_SIZE dd 0
3618 CRCERROR db 0 ; internal variable for the crc error handling
3619 PatchCode1 db 0 ; cryptvalue
3620 OLDRVA dd 0 ; The saved RVA
3621 TEMPVAR dd 0 ; just a lame tempvar ;)
3622 CODESIZE dd 0 ; CodeSize
3623 RELOCBASE dd 0 ; the relocation base ..uetz uetz
3624 RELOCLENG dd 0 ; relocation obj length size....
3625 RELOCDELTA dd 0 ; relocation delta value
3626 RELOCVSIZE dd 0 ; virtual size of the relocation object
3627 OBJTABLE db 800 dup (0) ; some obj things..lalalala
3628SAVEFIRSTRB dd 0
3629 RBCOUNTER dd 0 ; relocation base counter
3630CRYPTVALUE2 dd 0 ; cryptvalue 2 (for the relocations)
3631 CRYPTVAR1 dd 0 ; don't know ;)
3632 COUNTER dd 0
3633 FICKEN dd 0 ; just a temp variable ;)
3634 OBJVSIZE dd 0 ; virtual size of this section
3635 OBJRSIZE dd 0 ; real size of a section
3636DECOMPSTART dd 0 ; pointer to the decompression buffa
3637 CTRUE db 0 ; compressed or not?
3638 SAVEORD dd 0 ; save variable for the ordinal number
3639 PIZZA dd 0 ; just a lame variable
3640 DECOMR db 0
3641 DIRSIZE dd 0 ; size of the resource directory
3642DECRELOCOFS dw 0 ; offset of relocation for the reloc decompression routine
3643 Paranoia dd 0 ; this routine is getting annoying, grrrr
3644 PCounter dd 0 ; paranoia counta
3645 RELOCSAVE dd 0,0 ; relocation block information
3646 RELOCSAVE2 dw 0 ; first relocation (the block is only 10bytes)
3647PreviousCRC dd 0 ; previous crc (used for objecttable encryption)
3648 OBJCRC dd 0 ; CRC value of the current object
3649 VALUE1 dd 0 ; another lame value
3650 VALUE2 dd 0 ; another lame value ;)
3651 FLAGI dd 0 ; flags of this section
3652 ENCRYPTV1 dd 0 ; encryption value for the objecttable encryption
3653 ENCRYPTV2 dd 0 ; encryption value for the objecttable encryption ;)
3654
3655 ENCRYPTV3 dd 0 ; used for the relocation encryption
3656 ENCRYPTV4 dd 0 ; l33t value for the relocation encryption
3657 ENCRYPTV5 dd 0 ; CRC value for the reloc encryption
3658
3659 ENCRYPTV6 dd 0 ; CRC value for the resource encryption
3660 ENCRYPTV7 dd 0 ; encryption value for the resource encryption
3661 ENCRYPTV8 dd 0 ; encryption value for the resource encryption
3662
3663 ENCRYPTV9 dd 0 ; encryption value for the 2nd layer (ring 0 of course) hehe
3664 ENCRYPTV10 dd 0 ; encryption value for the 2nd layer
3665
3666 ENCRYPTV11 dd 0 ; encryption value for the 3rd layer
3667 ENCRYPTV12 dd 0 ; encryption value for the 3d layer
3668 DLLSTRING db 40 dup (0) ; buffer where the dllname gets decrypted to :]
3669 BUFFIRVA dd 0 ; start for the fake iat table
3670 BUFFISIZE dd 0 ; size of the fake iat table
3671RESOURCEBYT dd 0 ; 4 bytes from the first crap after the resource directory (for shared support)
3672
3673;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
3674;ErrorMessages for the pecrypt32 kernel
3675;
3676;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
3677
3678 Align 4
3679
3680DeallocErrorHead db "PECRYPT32: MEMORY ERROR!",0
3681 DeallocError db " - Deallocation error.",0
3682 AllocError db " - Allocation error.",0
3683 SICEErrorHead db "PECRYPT32: LOADER ERROR!",0
3684 SICEError db " YO HUEPFBAER, DISABLE SOFTICE",0
3685
3686 ImportError db "PECRYPT32: IMPORT LOADER ERROR!",0
3687 ImpError db " - Can't find "
3688 ImportError2H db "PECRYPT32: - IMPORT LOADER ERROR -",0
3689 ImportError2 db " - Can't import the exported function : "
3690
3691 HeuristicA1H db "PECRYPT32: HEURISTIC VIRUS ALERT!",0
3692 HeuristicA1 db "Possible virus infection of this PE file. ",0
3693 CRCErrorH db "PECRYPT32: CRC ERROR!",0
3694 CRCError db "Execution stopped.",0
3695 IMPORTOFS dd 0 ; offset of the import section
3696f_GetKernelVersion db "GetVersion",0
3697 F6RVA dd 0
3698 f_OpenProcess db "OpenProcess",0
3699 F7RVA dd 0
3700f_WriteProcessMemory db "WriteProcessMemory",0
3701 F8RVA dd 0
3702f_GetCurrentProcessId db "GetCurrentProcessId",0
3703 F9RVA dd 0
3704
3705Layer1End: ; <- end of layer1 encryption
3706Encrypted_Block1_End:
3707
3708 Align 4
3709
3710;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
3711;new imports (just another lame try to call the fucking kernel32 apis)
3712;don't change anything!!!!
3713;change and die!
3714;change and kriech forever (english/german - mixture) :)
3715;ich hau dir auf die nuschel wenn du irgendwas aenderst..grrrrr
3716;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
3717 dd 0
3718NamehOffset dd 0 ; offset to the name/hide table
3719 StampDate dd 0 ; date of this import
3720 FChain dd 0 ; forward chain, not needed
3721 Dllrva dd offset _KERNEL32 - offset ToAdd ; rva to the dll name
3722 ThunkRva dd offset Thunktable - offset ToAdd ; rva of the thunk table
3723 dd 0
3724 dd 0
3725 dd 0
3726 dd 0
3727 dd 0
3728
3729 Thunktable dd offset iGetProcAddress - offset ToAdd
3730 dd offset iGetModuleHandleA - offset ToAdd
3731 dd offset iLoadLibraryA - offset ToAdd
3732 dd 0
3733 dd 0
3734 Align 4
3735
3736 iGetProcAddress dw 0
3737 db "GetProcAddress",0
3738 Align 4
3739 iGetModuleHandleA dw 0
3740 db "GetModuleHandleA",0
3741 Align 4
3742
3743 iLoadLibraryA dw 0
3744 db "LoadLibraryA",0
3745 Align 4
3746
3747 _KERNEL32 db "KERNEL32.DLL",0,0
3748ImportEnd:
3749;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
3750
3751 Align 4
3752
3753 f_MessageBoxA db "MessageBoxA",0
3754 _USER32 db "USER32.DLL",0
3755 f_ExitProcess db "ExitProcess",0
3756 ERRORMH db "PECRYPT32: LOADER ERROR!",0
3757 ERRORM db "ERROR WHILE LOADING",0
3758 f_VirtualAlloc db "VirtualAlloc",0
3759 f_VirtualFree db "VirtualFree",0
3760 F4RVA dd 0
3761 f_CreateFileA db "CreateFileA",0
3762
3763 Align 4
3764 RVATABLE dd 0 ; 1024 bytes (1kb) of memory are needed for the rvatable
3765 F1RVA dd 0
3766 F5RVA dd 0
3767 LOBJ dd 0 ; pre calculated value ;)
3768 LSIZE dd 0 ; virtual size of the last obj (for the virus check)
3769RESOURCE_ENCRYPT dd 0
3770 CODEBASE dd 0 ; base of the code
3771 IMAGEBASE dd 0 ; Image base
3772 NEWIBASE dd 0 ; calculated imagebase :) (for relocation loading)
3773 DLLLOCATION dd 0
3774 MemStart dd 0
3775 FunctionRVA dd 0
3776 RESOURCEOFS dd 0 ; rva of the resource obj
3777 RESOURCESIZ dd 0 ; resource size,muahaha
3778 RESOURCEVSIZ dd 0 ; virtual size of the resource section
3779 F2RVA dd 0
3780 SAVEESP2 dd 0 ; 2nd temp variable for esp
3781 SAVEESP3 dd 0 ; 3nd temp variable for esp (needed by slowmte2.inc)
3782 START_VALUE dd 0 ; value for the first encryption layer
3783 OFSVALUE dd 0 ; value for the first routine
3784 OFSVSIZE dd 0 ; virtual size for the first routine
3785 SAVECRAP dd 0 ; just a lame temp variable
3786 hash_seg dd 0
3787 CCOUNTER1 dd 0
3788 CCOUNTER2 dd 0
3789 REALSIZE dd 0 ; real physical size of the current section
3790 TEMPVARI db 0
3791 ALDONE db 0 ; already done?
3792 OBJCOUNTI dw 0
3793
3794;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
3795;some antidebugging variables ;)
3796;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
3797 Align 4
3798
3799 IDTVALUE dd 0 ; value for the great idt crap ;)
3800 dw 0 ; 6 bytes (fword)
3801 SaveFTemp dd 0 ; just to save some crap like rvas :)
3802 ARTOFRELOC1 db 0
3803 IMP_DESTROY db 0 ; enhanced import destroying? eg: IAT fakes
3804 LOADRELOC db 1 ; load relocation? 1 = yes, 0 = no
3805 RCOMP db 0 ; compressed resources? , 1 = yes, 0 = no
3806 CUTDINFO db 0 ; debug info removed?
3807 RESEND db 0 ; resource section = last section?
3808 RELOCCOMPP db 0 ; internal relocation compression flag
3809 AMETHOD db 0 ; antidebugging method
3810 HEURISTIC db 0 ; internal variable for the virus heuristic option
3811 OBJNUMBA dw 0 ; number of objects in the peheader
3812 FATALERROR db 0 ; internal variable for a fatal error ;)
3813 HOOKFUNCT db 0 ; hook functions?
3814 LOADEROPT db 0 ; variable for the api hooking
3815 KILLHEAD db 0 ; variable for the erasing of the header
3816 RelocCCC db 0 ; relocation compression running?
3817 ALOADER db 0 ; anti loader option
3818 RelocSize dd 0 ; the size of the relocation section before it
3819 ; was packed with the 2nd compression layer
3820;
3821 RELOCSIZE dd 0
3822; COMPATIBLE db 0 ; enables the compatibility with other programs like BJFnt
3823 ANTIBPXBPM db 0 ; anti bpx <api> / bpm <api> protection
3824 EXEFLAGS db 0 ; DLL or Program ?
3825 SAVEDLLRVA dd 0 ; needed to fix this damn fucking conseal bug
3826VALUE_THREAD dd 0 ; value needed for the thread encryption / decryption
3827 SAVEBYTES db 5 dup(0)
3828 DLLNAMESL db 50 dup (0) ; buffer for all dll name sizes
3829 NAMECOUNTI db 0 ; dll name countiii
3830 SAVEESP dd 0 ; temp variable for esp
3831 SAVEOLDRVA dd 0
3832 IMPENC2 dd 0 ; random value for the import encryption / decryption
3833 IMPENC4 dd 0 ; random value for the import encryption / decryption
3834 ORIGBYTES dd 0
3835 db 0
3836
3837
3838
3839 SAVEEAX dd 0
3840 SAVEECX dd 0
3841 SAVEEDX dd 0
3842 SAVEEBX dd 0
3843SAVEESP9 dd 0
3844 SAVEEBP dd 0
3845 SAVEESI dd 0
3846 SAVEEDI dd 0
3847 SAVEEIP dd 0
3848
3849InstructionTable:
3850 dw 0E1FFh
3851 dw 0E2FFh
3852 dw 0E7FFh
3853 dw 0E6FFh
3854 dw 0E5FFh
3855
3856
3857;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
3858;Some variables and function rvas for the thread decryption
3859;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
3860 OLDIMPRVA dd 0 ; the old import rva
3861 Kernel32RVA dd 0 ; rva of kernel32.dll
3862 GetCurrentProcess_Id db "GetCurrentProcessId",0 ; functioname
3863 OpenProcessRVA dd 0 ; openprocess rva
3864 Open_Process db "OpenProcess",0 ; functioname
3865 SetPriority_Class db "SetPriorityClass",0 ; functioname
3866 SetPriorityClassRVA dd 0 ; 'SetPriorityClass' rva
3867 Create_Thread db "CreateThread",0 ; functioname
3868 CreateThreadRVA dd 0 ; 'CreateThread' rva
3869 SetThread_Priority db "SetThreadPriority",0 ; functioname
3870 SetThreadPriorityRVA dd 0 ; 'SetThreadPriority' rva
3871 CreateEvent_A db "CreateEventA",0 ; functioname
3872 CreateEventARVA dd 0 ; 'CreateEventA' rva
3873 WaitForSingle_Object db "WaitForSingleObject",0 ; functioname
3874WaitForSingleObjectRVA dd 0 ; 'WaitForSingleObject' rva
3875 Set_Event db "SetEvent",0 ; functioname
3876 SetEventRVA dd 0 ; 'SetEvent' rva
3877 Reset_Event db "ResetEvent",0 ; functioname
3878 ResetEventRVA dd 0 ; 'ResetEvent' rva
3879 Suspend_Thread db "SuspendThread",0 ; functioname
3880 SuspendThreadRVA dd 0 ; 'SuspendThread' rva
3881 Resume_Thread db "ResumeThread",0 ; functioname
3882 ResumeThreadRVA dd 0 ; 'ResumeThread' rva
3883 Terminate_Thread db "TerminateThread",0 ; functioname
3884 TerminateThreadRVA dd 0 ; 'TerminateThread' rva
3885 GetTickCountFunction db "GetTickCount",0 ; functioname
3886 LayerBuffer dd 0 ; reserved memory for the decryption layers
3887 Thread_ID2 dd 0 ; identifier of the created thread
3888 Thread_Handle2 dd 0 ; handle of the created thread
3889 Byte2Encrypt2 dd 0 ; holds the dword which needs to get encrypted
3890 EventO_Handle2 dd 0 ; holds the handle of the created event object
3891 EventO_Handle22 dd 0 ; holds the 2nd event handle
3892 SaveEDX2 dd 0 ; holds edx
3893 SaveECX2 dd 0 ; holds ecx
3894 SAVETIME dd 0 ; saves the time
3895 PROCESSHANDLE dd 0 ; handle of the opened process
3896 GetTickCountRVA dd 0 ; rva of the gettickcount function
3897 GetSystemTimeRVA dd 0 ; 'GetSystemTime' rva
3898 ModuleDLL db "KERNEL32.DLL",0
3899 SYSTEMTIME_STRUCTURE db 0
3900 wYear dw 0
3901 wMonth dw 0
3902 wDayOfWeek dw 0
3903 wDay dw 0
3904 wHour dw 0
3905 wMinute dw 0
3906 wSecond dw 0
3907 wMilliseconds dw 0
3908 HANDLER dd 0
3909 DURCHGANG db 0
3910 MEMSTARTI dd 0
3911
3912PEText:
3913 db 0dh,0ah,"ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ",0dh,0ah
3914 db " -[þ]- PECRYPT32 ",PE_CryptVer," ú coding project by random & killa -[þ]-"
3915 db 0dh,0ah,"ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ"
3916ToAdd_END:
3917
3918;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
3919;Information about the new PECRYPT32 objecttable
3920;
3921;1 dword = rva of the object
3922;1 dword = physical size of this object
3923;1 dword = encryption value
3924;1 dword = virtual size
3925;1 byte = compressed or not?
3926;1 dword = crcvalue of this object
3927;1 dword = real size of this object (not aligned)
3928;1 dword = old physical size of this object
3929;1 dword = flags of this section
3930;
3931;every objecttable is 33 bytes in length
3932;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
diff --git a/other/burneye/tmp/PE-Crypt-1.02/r-relocc.inc b/other/burneye/tmp/PE-Crypt-1.02/r-relocc.inc
new file mode 100644
index 0000000..6fa85fc
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/r-relocc.inc
@@ -0,0 +1,142 @@
1;relocation compression 0.2á
2;based on a run length encoding range checking :)
3;
4;0.1á - first beta of this funny code
5;0.2á - improved the compression with the apack library
6
7RReloccInc_Start:
8
9 mov edi,dword ptr [MemStart]
10 mov esi,edi
11
12 xor ebx,ebx ; set relocation counter to 0
13
14GetNextRelocation:
15 mov eax,[esi]
16 mov dword ptr [Paranoia],eax
17 mov ecx,dword ptr [esi+4] ; get the size of this relocation buffa
18 sub ecx,8 ; subtract the header
19 shr ecx,1 ; divide by 2
20 dec ecx
21 mov dword ptr [esi+4],ecx ; save it again
22
23 add ebx,8 ; add 8 ;))
24
25 lodsd
26 stosd
27 mov dword ptr [NullStellen],edi
28 lodsd
29 stosd
30
31 lodsw ; get the first relocation
32 and ax,0FFFh ; kick the reloc type away ;)
33 mov word ptr [RelocCofs],ax ; save the relocation offset
34 add ebx,2
35 stosw
36 cmp ecx,1
37 jnz RelocPack
38Damnfuckinglamerelocations:
39 add esi,2
40 add ebx,2
41 jmp StuhlGekippt
42
43RelocPack:
44 add ebx,2 ; every damn relocation is 1 word
45 lodsw ; get a fucking relocation
46 and ax,0FFFh ; gimme only 12 bits you lamer ;)
47 or ax,ax
48 jz Fickooon
49
50 push ax
51 sub ax,word ptr [RelocCofs] ; subtract for range checking
52
53 cmp ax,127 ; range smaller than 128?
54 ja NotCompressAble ; if not, not compressable
55 or al,80h
56 stosb ; save the compressed relocation
57 jmp ContinueWithPacking
58NotCompressAble:
59 inc dword ptr [DamnCrap22]
60 pop ax
61 push ax
62 xchg ah,al
63 stosw
64 pop ax
65 jmp NoDamnWay
66Fickooon:
67 push esi
68 mov esi,dword ptr [NullStellen]
69 dec dword ptr [esi]
70 pop esi
71 jmp StuhlGekippt
72
73ContinueWithPacking:
74 pop ax
75NoDamnWay:
76 mov word ptr [RelocCofs],ax ; save the new relocation offset
77StuhlGekippt:
78 dec ecx ; dec reloccounter
79 jnz RelocPack ; decrease till end
80 cmp ebx,dword ptr [RelocLength] ; finished?
81 jnz GetNextRelocation ; if not , continue packing
82
83 sub edi,dword ptr [MemStart]
84 mov ecx,edi
85 mov dword ptr [RelocSize],ecx ; save the size before the 2nd compression
86
87
88 WriteConsole2 <offset Baukasten252>
89
90 mov byte ptr [RelocCCC],1 ; relocation compression is running now (flag)
91 jmp CompressThem
92ContinueRelocationPacking:
93
94 WriteConsole2 <offset Baukasten253>
95 pop esi
96
97 mov eax,dword ptr [CCounter] ; get the size of the packed relocations
98 mov ebp,dword ptr [PEHeader+60] ; and align them
99 xor edx,edx
100 div ebp
101 inc eax
102 mul ebp
103 mov ecx,[esi+16] ; get the old value for calculation
104 mov [esi+16],eax ; write the new physical size value
105 mov dword ptr [CCounter],eax ; save the new size (aligned now)
106
107 sub ecx,eax ; calculate the difference
108 add dword ptr [Csize],ecx ; add to the special pack counter of pecrypt
109
110
111 mov edx,dword ptr [esi+20] ; seek to the obj start
112 call SeekFile
113
114
115 pushad
116 mov edi,offset RELOCSAVE
117 mov esi,dword ptr [MemStart]
118 mov ecx,5
119 rep movsw
120 movsb
121 mov edi,dword ptr [MemStart]
122 xor eax,eax
123 stosd
124 mov eax,10
125 stosd
126 xor ax,ax
127 stosw
128 mov esi,dword ptr [MemStart]
129 mov eax,[esi]
130 mov dword ptr [SAVEFIRSTRB],eax
131 mov [esi],eax
132 mov byte ptr [AddNew],1
133 popad
134 mov dword ptr [PEHeader+164],10
135
136 mov ecx,dword ptr [CCounter]
137 mov edx,dword ptr [MemStart] ; pointer to the packed relocations
138 call WritetoFile ; write the packed relocations 2 disk
139
140RReloccInc_End:
141
142End_Of_RelocCC:
diff --git a/other/burneye/tmp/PE-Crypt-1.02/r-seh.inc b/other/burneye/tmp/PE-Crypt-1.02/r-seh.inc
new file mode 100644
index 0000000..2ace335
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/r-seh.inc
@@ -0,0 +1,120 @@
1;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
2;Structured Exception Handling for PECRYPT32 1.02
3;(c) by random in 1998
4;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
5
6
7SEH_Handler:
8; int 3
9 mov ebp,esp
10 mov eax,[ebp+4] ; get the buffer to the exception_code
11 mov esi,[eax] ; get the EXCEPTION CODE
12 mov edi,offset EXP_Code
13 call dword2hex
14 mov al,"h"
15 stosb
16 mov ax,0D0Ah
17 stosw
18
19 mov eax,[ebp+10h - 4] ; get the offset of another information buffer
20 mov esi,[eax+0B8h] ; get the EIP where the exception obcurred
21 mov dword ptr [EIPDword],esi ; save it for later use
22 mov edi,offset EIP_Text
23 call dword2hex ; convert the eip dword to a string
24 mov al,"h"
25 stosb
26 mov ax,0D0Ah
27 stosw
28
29 movzx ecx,byte ptr [Module_Amount] ; get the amount of modules in this pecrypt version
30Locate_Module:
31 movzx eax,byte ptr [Module_Amount] ; get the current module
32 sub eax,ecx
33
34 shl eax,3 ; multiply it by 8 (each module entry is 8 bytes)
35 add eax,offset Module_Offsets_Sizes ; add the module buffer start
36 mov ebx,[eax] ; get the module start (offset)
37
38 cmp ebx,dword ptr [EIPDword] ; compare it with the exception offset
39 ja NoException_in_this_Module ; jump if below (no exp in this module)
40 add ebx,[eax+4] ; add the module size
41 cmp ebx,dword ptr [EIPDword] ; compare it with the exception offset
42 jl NoException_in_this_Module ; jump if above (exp not in this module)
43 movzx esi,byte ptr [Module_Amount] ; get the amount of modules in this pecrypt version
44 sub esi,ecx ; subtract to get the module number
45 shl esi,4 ; multiply it by 16
46 add esi,offset Module_Names ; add the module name buffer
47 mov ecx,16 ; every module name size is 16
48 mov edi,offset Module_Name ; buffer it needs to copy the name to
49 rep movsb
50 jmp Output_Start
51NoException_in_this_Module:
52 dec ecx
53 jnz Locate_Module
54
55Output_Start:
56 push 30h
57 push offset Exception_Topic
58 push offset Exception_Code
59 push 0
60 call MessageBoxA
61
62
63 call ExitProcess ; exit! SEH handler finished
64
65.Data
66
67
68 Exception_Topic db "-= PECRYPT32 SEH HANDLER =-",0
69 Exception_Code db "EXCEPTION CODE : "
70 EXP_Code db " "
71Exception_Module db "EXCEPTION IN MODULE : "
72 Module_Name db " "
73 Exception_Proc db "EXCEPTION IN ROUTINE : "
74 Exception_EIP db "EXCEPTION ADDRESS : "
75 EIP_Text db " "
76
77 Module_Amount db (Module_Offsets_Sizes_End - Module_Offsets_Sizes) / 8 ; amount of all modules
78 EIPDword dd 0 ; contains address where exception obcurred
79
80
81Module_Names:
82 db "k-commctrl.inc",CR_LF
83 db "k-engine.asm ",CR_LF
84 db "k-menu.inc ",CR_LF
85 db "pe-crypt.asm ",CR_LF
86 db "r-aplib.asm ",CR_LF
87 db "r-cryptor.asm ",CR_LF
88 db "r-ieh.inc ",CR_LF
89 db "r-loader.inc ",CR_LF
90 db "r-relocc.inc ",CR_LF
91 db "r-slowmte.inc ",CR_LF
92 db "r-sread.inc ",CR_LF
93
94Module_Offsets_Sizes:
95 dd offset KcommctrlInc_Start ; start of this inc file
96 dd (offset KcommctrlInc_End - offset KcommctrlInc_Start) ; size of this inc file
97 dd offset kEngineAsm_Start ; start of k-engine.asm
98 dd (offset kEngineAsm_End - offset kEngineAsm_Start) ; size of it
99 dd offset KMenuInc_Start ; start of k-menu.inc
100 dd (offset KMenuInc_End - offset KMenuInc_Start) ; size of it
101 dd offset PeCryptAsm_Start ; start of pe-crypt.asm
102 dd (offset PeCryptAsm_End - offset PeCryptAsm_Start) ; size of it
103 dd 0
104 dd 0
105; dd offset RAplibAsm_Start ; start of r-aplib.asm
106; dd (offset RAplibAsm_End - offset RAplibAsm_Start) ; size of it
107 dd offset Cryptor_Start ; start of r-cryptor.asm
108 dd (offset End_Of_Cryptor - offset Cryptor_Start) ; size of it
109 dd offset RIEHInc_Start ; start of r-ieh.inc
110 dd (offset RIEHInc_End - offset RIEHInc_Start) ; size of it
111 dd offset CRC_Block1 ; start of r-loader.inc
112 dd (offset ToAdd_END - offset CRC_Block1) ; size of it
113 dd offset RReloccInc_Start ; start of r-relocc.inc
114 dd (offset RReloccInc_End - offset RReloccInc_Start) ; size of it
115 dd offset RSlowMteInc_Start ; start of r-slowmte.inc
116 dd (offset RSlowMteInc_End - offset RSlowMteInc_Start) ; size of it
117 dd offset RSreadIncStart ; start of r-sread.inc
118 dd (offset RSreadIncEnd - offset RSreadIncStart) ; size of it
119
120Module_Offsets_Sizes_End:
diff --git a/other/burneye/tmp/PE-Crypt-1.02/r-slowmte.inc b/other/burneye/tmp/PE-Crypt-1.02/r-slowmte.inc
new file mode 100644
index 0000000..8e50abd
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/r-slowmte.inc
@@ -0,0 +1,148 @@
1;SlowMutation Engine 0.1á2 (c) random
2;Usage:
3; esi = memory to encrypt
4; ecx = size of the memory (how much 2 encrypt/decrypt)
5; edi = buffer to fill in the decryption layers
6
7RSlowMteInc_Start:
8
9SlowMte_Start:
10 mov dword ptr [Mem2Encrypt],esi
11 mov dword ptr [MemSize],ecx
12 mov dword ptr [LayerPos],edi
13
14 mov esi,offset Predefined_Decryption_Layers ; pointer to the encryption layers
15 mov ecx,(offset Predefined_Decryption_Layers_End - offset Predefined_Decryption_Layers)
16 mov edi,dword ptr [LayerBuffer] ; pointer to the reserved memory
17 rep movsb ; copy all layers
18
19 movzx ecx,byte ptr [HowMuchLayers] ; get the number of needed layers
20 xor edx,edx ; edx = layercounter = 0
21Generate_Layer:
22 push ecx
23 push edx
24 movzx edi,byte ptr [NumberOfLayers] ; maximal number of layers
25 call GenRandomValue ; generate a random value
26 pop edx
27
28 mov byte ptr [Choosed_Layers+edx],al ; write the choosed layer
29
30 mov edi,dword ptr [LayerSizes] ; get all sizes of all layers
31 add edi,offset LayerTable
32 mov esi,dword ptr [Decryption_Layer_Table+(eax*4)] ; pointer to the layer
33 add esi,dword ptr [LayerBuffer] ; add the memory offset
34
35 movzx ecx,word ptr [Decryption_Layer_Size+(eax*2)] ; get the layer size
36 add dword ptr [LayerSizes],ecx ; add the size
37 rep movsb ; copy the layer in the new buffer
38
39 pop ecx
40 inc edx ; increase the layer counter
41 dec ecx
42 jnz Generate_Layer
43
44 push esi
45 mov esi,offset Layer_Table_End
46 sub esi,edi
47 add dword ptr [MemSize],esi ; add it to the memsize
48 pop esi
49
50 mov dword ptr [SavedPOS],edi ; save the pos of the last layer
51 movzx ecx,byte ptr [HowMuchLayers] ; how many layers 2 encrypt?
52 mov dword ptr [LayerSizes],0 ; zero layersizes
53 dec edx ; decrease the layer pointer
54EncryptMemory:
55 pushad
56 movzx eax,byte ptr [Choosed_Layers+edx] ; get the choosed layer
57 mov ecx,dword ptr [LayerSizes] ; get the size of all layers
58
59 mov esi,dword ptr [SavedPOS] ; get the position of the last layer
60
61 movzx ebx,word ptr [Decryption_Layer_Size+(eax*2)] ; get the size of the current
62 add dword ptr [LayerSizes],ebx ; add the current size to the layersizes
63 add ecx,dword ptr [MemSize] ; add the size of the mem
64
65 sub dword ptr [SavedPOS],ebx ; calculate the new last pos
66
67 push esi
68 mov esi,dword ptr [SavedPOS]
69 add esi,dword ptr [Size_Patches+(eax*4)]
70 cmp byte ptr [BitBreite+eax],1
71 jnz BitBreite8
72 shr ecx,1
73BitBreite8:
74 cmp byte ptr [BitBreite+eax],2
75 jnz BitBreite8_2
76 shr ecx,2
77BitBreite8_2:
78 mov [esi+1],ecx
79 pop esi
80
81 cmp dword ptr [NebelBomben+(eax*4)],0
82 jz NoNebelBombe
83
84 push esi
85 mov esi,dword ptr [SavedPOS]
86 add esi,dword ptr [NebelBomben+(eax*4)]
87 push eax
88 Call Randomize
89 mov byte ptr [esi+2],al
90 pop eax
91 pop esi
92NoNebelBombe:
93
94 push esi
95 mov esi,dword ptr [SavedPOS]
96 cmp dword ptr [RandomValues+(eax*4)],0
97 jz NoRandomValue
98 add esi,dword ptr [RandomValues+(eax*4)]
99 push eax
100 Call Randomize
101 mov [esi+1],eax
102 mov edx,eax
103 pop eax
104NoRandomValue:
105 pop esi
106
107 call dword ptr [(eax*4)+offset Encryption_Layer_Table] ; call the encryption routine for this layer
108
109 popad
110 dec edx
111 dec ecx
112 jnz EncryptMemory
113
114 jmp EncryptionFinished
115
116;Generates a random value
117;edi = maximal value allowed
118;
119GenRandomValue proc
120GenerateAgain:
121 Call Randomize
122 xchg ecx,eax
123 Call Randomize
124 xor ecx,eax
125 Call Randomize
126 xor eax,ecx
127
128; mov ecx,eax
129; and ecx,0FFFFh
130 mov ecx,255
131 xor edx,edx
132GenValues:
133 xor eax,ecx
134 rol edx,cl
135 inc edx
136 dec ecx
137 jnz GenValues
138 xor eax,edx
139 xor edx,edx
140 div edi
141 mov eax,edx
142 or eax,eax
143 jz GenerateAgain
144 ret
145GenRandomValue endp
146
147RSlowMteInc_End:
148SlowMte_End:
diff --git a/other/burneye/tmp/PE-Crypt-1.02/r-slowmte2.inc b/other/burneye/tmp/PE-Crypt-1.02/r-slowmte2.inc
new file mode 100644
index 0000000..f7e9365
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/r-slowmte2.inc
@@ -0,0 +1,824 @@
1;SlowMutation Engine 0.1á2 (c) random
2;-------
3;designed for use with the PECRYPT32 api hooking feature ;)
4;Usage:
5; esi = memory to encrypt
6; ecx = size of the memory (how much 2 encrypt/decrypt)
7; edi = buffer to fill in the decryption layers
8
9
10RelocateMteCode:
11 call $+5
12 pop ebx
13 sub ebx,(offset RelocateMteCode - offset ToAdd) + 5
14
15 mov dword ptr [(SAVEESP3 - offset ToAdd) + ebx],esp
16
17 pusha
18 mov edi,(offset LayerPointer - offset ToAdd)
19 add edi,ebx
20 mov ecx,(offset SavedPOS - offset LayerPointer)
21 xor al,al
22 rep stosb
23 popa
24
25 mov dword ptr [(Mem2Encrypt - offset ToAdd) + ebx],esi
26 mov dword ptr [(MemSize - offset ToAdd) + ebx],ecx
27 mov dword ptr [(LayerPos - offset ToAdd) + ebx],edi
28 mov dword ptr [(TableSize - offset ToAdd) + ebx],edx
29
30 pusha
31 mov ecx,[(TableSize - offset ToAdd) + ebx]
32 mov al,90h
33 mov edi,dword ptr [(LayerPos - offset ToAdd) + ebx]
34 rep stosb
35 popa
36
37 mov esi,(offset Predefined_Decryption_Layers - offset ToAdd) ; pointer to the encryption layers
38 add esi,ebx
39
40 mov ecx,(offset Predefined_Decryption_Layers_End - offset Predefined_Decryption_Layers)
41 mov edi,dword ptr [(LayerBuffer - offset ToAdd) + ebx] ; pointer to the reserved memory
42 rep movsb ; copy all layers
43
44 movzx ecx,byte ptr [(HowMuchLayers - offset ToAdd) + ebx] ; get the number of needed layers
45 xor edx,edx ; edx = layercounter = 0
46Generate_Layer_2:
47 push ecx
48 push edx
49 movzx edi,byte ptr [(NumberOfLayers - offset ToAdd) + ebx] ; maximal number of layers
50 call RandomizeValue ; generate a random value
51 pop edx
52
53 mov byte ptr [(Choosed_Layers - offset ToAdd) + ebx + edx],al ; write the choosed layer
54
55 mov edi,dword ptr [(LayerSizes - offset ToAdd) + ebx] ; get all sizes of all layers
56; add edi,(offset LayerTable - offset ToAdd)
57; add edi,ebx
58 add edi,dword ptr [(LayerPos - offset ToAdd) + ebx]
59 mov esi,dword ptr [(Decryption_Layer_Table - offset ToAdd) + ebx + (eax*4)] ; pointer to the layer
60 add esi,dword ptr [(LayerBuffer - offset ToAdd) + ebx] ; add the memory offset
61
62 movzx ecx,word ptr [(Decryption_Layer_Size - offset ToAdd) + ebx + (eax*2)] ; get the layer size
63 add dword ptr [(LayerSizes - offset ToAdd) + ebx],ecx ; add the size
64 rep movsb ; copy the layer in the new buffer
65
66 pop ecx
67 inc edx ; increase the layer counter
68 dec ecx
69 jnz Generate_Layer_2
70
71 push esi
72 mov esi,dword ptr [(LayerPos - offset ToAdd) + ebx]
73 add esi,dword ptr [(TableSize - offset ToAdd) + ebx]
74 sub esi,edi
75 add dword ptr [(MemSize - offset ToAdd) + ebx],esi ; add it to the memsize
76 pop esi
77
78 mov dword ptr [(SavedPOS - offset ToAdd) + ebx],edi ; save the pos of the last layer
79 movzx ecx,byte ptr [(HowMuchLayers - offset ToAdd) + ebx] ; how many layers 2 encrypt?
80 mov dword ptr [(LayerSizes - offset ToAdd) + ebx],0 ; zero layersizes
81 dec edx ; decrease the layer pointer
82EncryptMemory2:
83 pushad
84 movzx eax,byte ptr [(Choosed_Layers - offset ToAdd) + ebx + edx] ; get the choosed layer
85 mov ecx,dword ptr [(LayerSizes - offset ToAdd) + ebx] ; get the size of all layers
86
87 mov esi,dword ptr [(SavedPOS - offset ToAdd) + ebx] ; get the position of the last layer
88
89 push edi
90 movzx edi,word ptr [(Decryption_Layer_Size - offset ToAdd) + ebx + (eax*2)] ; get the size of the current
91 add dword ptr [(LayerSizes - offset ToAdd) + ebx],edi ; add the current size to the layersizes
92 add ecx,dword ptr [(MemSize - offset ToAdd) + ebx] ; add the size of the mem
93 sub dword ptr [(SavedPOS - offset ToAdd) + ebx],edi ; calculate the new last pos
94 pop edi
95
96; 0 = 8bit, 1 = 16bit, 2 = 32bit
97
98 push esi
99 mov esi,dword ptr [(SavedPOS - offset ToAdd) + ebx]
100 add esi,dword ptr [(Size_Patches - offset ToAdd) + ebx + (eax*4)]
101 cmp byte ptr [(BitBreite - offset ToAdd) + ebx + eax],1
102 jnz BitBreite82
103 shr ecx,1
104BitBreite82:
105 cmp byte ptr [(BitBreite - offset ToAdd) + ebx + eax],2
106 jnz BitBreite8_22
107 shr ecx,2
108BitBreite8_22:
109 mov [esi+1],ecx
110 pop esi
111
112 cmp dword ptr [(NebelBomben - offset ToAdd) + ebx + (eax*4)],0
113 jz NoNebelBombe_2
114
115 push esi
116 mov esi,dword ptr [(SavedPOS - offset ToAdd) + ebx]
117 add esi,dword ptr [(NebelBomben - offset ToAdd) + ebx + (eax*4)]
118 push eax
119 Call Randomize2
120 mov byte ptr [esi+2],al
121 pop eax
122 pop esi
123NoNebelBombe_2:
124
125 push esi
126 mov esi,dword ptr [(SavedPOS - offset ToAdd) + ebx]
127 cmp dword ptr [(RandomValues - offset ToAdd) + ebx + (eax*4)],0
128 jz NoRandomValue2
129 add esi,dword ptr [(RandomValues - offset ToAdd) + ebx + (eax*4)]
130 push eax
131 Call Randomize2
132 mov [esi+1],eax
133 mov edx,eax
134 pop eax
135NoRandomValue2:
136 pop esi
137
138 shl eax,2 ; multiply eax by 4
139 add eax,(offset Encryption_Layer_Table - offset ToAdd)
140 add eax,ebx
141
142 mov eax,[eax]
143 sub eax,offset ToAdd
144 add eax,ebx
145 call eax ; call the encryption routine for this layer
146
147 popad
148 dec edx
149 dec ecx
150 jnz EncryptMemory2
151 mov esp,dword ptr [(SAVEESP3 - offset ToAdd) + ebx]
152 ret
153
154
155
156Predefined_Decryption_Layers:
157
158ELayer1:
159 call $+5
160 pop edx
161 sub edx,5
162SizePatch_ELayer1:
163 mov ecx,1
164 mov esi,(offset ELayer1_End - offset ELayer1)
165NebelBombe1:
166 F1CKEN 0FFh
167 F1CKEN2 0EAh
168VxdBombe:
169 add esi,edx
170Decrypt_Layer1:
171 xor [esi],cl
172 inc esi
173 inc word ptr [VxdBombe-ELayer1+edx]
174 dec ecx
175 jnz Decrypt_Layer1
176ELayer1_End:
177
178ELayer2:
179 call $+5
180 pop edx
181 sub edx,5
182 F1CKEN2 0EAh
183SizePatch_ELayer2:
184 mov ecx,1
185 mov esi,(offset ELayer2_End - offset ELayer2)
186NebelBombe2:
187 F1CKEN 0FFh
188 add esi,edx
189VxdBombe2:
190 F1CKEN2 0EAh
191Decrypt_Layer2:
192 rol byte ptr [esi],cl
193 inc esi
194 inc word ptr [VxdBombe2-ELayer2+edx]
195 dec ecx
196 jnz Decrypt_Layer2
197ELayer2_End:
198
199ELayer3:
200 call $+5
201 pop edx
202 sub edx,5
203SizePatch_ELayer3:
204 mov ecx,1
205 F1CKEN2 0EAh
206 mov edi,(offset ELayer3_End - offset ELayer3)
207NebelBombe3:
208 F1CKEN 0EBh
209 add edi,edx
210Decrypt_Layer3:
211 add byte ptr [edi],cl
212 inc edi
213 dec ecx
214 jnz Decrypt_Layer3
215ELayer3_End:
216
217ELayer4:
218 call $+5
219 pop edx
220 sub edx,5
221SizePatch_ELayer4:
222 mov ecx,1
223 mov edi,(offset ELayer4_End - offset ELayer4)
224 F1CKEN2 0EAh
225 add edi,edx
226NebelBombe4:
227 F1CKEN 0EAh
228Decrypt_Layer4:
229 mov al,[edi]
230 inc al
231 xor al,cl
232 stosb
233 dec ecx
234 jnz Decrypt_Layer4
235ELayer4_End:
236
237ELayer5:
238 call $+5
239 pop edx
240 F1CKEN2 0EFh
241 sub edx,5
242SizePatch_ELayer5:
243 mov ecx,1
244 mov edi,(offset ELayer5_End - offset ELayer5)
245 F1CKEN2 0EAh
246 add edi,edx
247NebelBombe5:
248 F1CKEN 0EAh
249
250RandomVPatch:
251 mov eax,1
252Decrypt_Layer5:
253 xor [edi],al
254 inc eax
255 inc edi
256 inc word ptr [RandomVPatch-ELayer5+edx]
257 dec ecx
258 jnz Decrypt_Layer5
259ELayer5_End:
260
261ELayer6:
262 call $+5
263 pop edx
264 sub edx,5
265 F1CKEN2 0EFh
266SizePatch_ELayer6:
267 mov ecx,1
268 mov edi,(offset ELayer6_End - offset ELayer6)
269NebelBombe6:
270 F1CKEN 0EAh
271 add edi,edx
272RandomVPatch1:
273 mov eax,1
274
275Decrypt_Layer6:
276 xor byte ptr [edi],al
277 rol byte ptr [edi],cl
278 inc eax
279 inc edi
280 inc word ptr [RandomVPatch1-ELayer6+edx]
281 dec ecx
282 jnz Decrypt_Layer6
283ELayer6_End:
284
285ELayer7:
286 call $+5
287 pop edx
288 F1CKEN2 0EFh
289 sub edx,5
290 add edx,(offset ELayer7_End - offset ELayer7)
291SizePatch_ELayer7:
292 mov ecx,1
293NebelBombe7:
294 F1CKEN 0EAh
295RandomVPatch2:
296 mov eax,1
297
298Decrypt_Layer7:
299 mov al,[edx]
300 xor al,cl
301 rol al,cl
302 xor al,ah
303 mov [edx],al
304 xor eax,ecx
305 inc edx
306loop Decrypt_Layer7
307ELayer7_End:
308
309ELayer8:
310 call $+5
311 pop edx
312 sub edx,5
313 F1CKEN2 0EFh
314 add edx,(offset ELayer8_End - offset ELayer8)
315SizePatch_ELayer8:
316 mov ecx,1
317NebelBombe8:
318 F1CKEN 0EAh
319RandomVPatch3:
320 mov eax,1
321 mov esi,edx
322 F1CKEN2 0FFh
323 mov edi,edx
324Decrypt_Layer8:
325 lodsb
326 xor al,cl
327 xor al,ah
328 stosb
329loop Decrypt_Layer8
330ELayer8_End:
331
332ELayer9:
333 call $+5
334 pop edx
335 sub edx,5
336 F1CKEN2 0C7h
337 add edx,(offset ELayer9_End - offset ELayer9)
338SizePatch_ELayer9:
339 mov ecx,1
340NebelBombe9:
341 F1CKEN 0EAh
342RandomVPatch4:
343 mov eax,1
344 mov esi,edx
345 F1CKEN 0FFh
346 mov edi,edx
347Decrypt_Layer99:
348 lodsw
349 xor ax,cx
350 stosw
351loop Decrypt_Layer99
352ELayer9_End:
353
354ELayer10:
355 call $+5
356 pop edx
357 F1CKEN 0FFh
358 sub edx,5
359 add edx,(offset ELayer10_End - offset ELayer10)
360SizePatch_ELayer10:
361 mov ecx,1
362RandomVPatch5:
363 mov edi,1
364NebelBombe10:
365 F1CKEN 0EAh
366 mov esi,edx
367Decrypt_Layer10:
368 xor [esi],cx
369 xor [esi],di
370 inc di
371 add esi,2
372loop Decrypt_Layer10
373ELayer10_End:
374
375ELayer11:
376 call $+5
377 pop esi
378 F1CKEN 0FFh
379 add esi,(offset ELayer11_End - offset ELayer11)-5
380SizePatch_ELayer11:
381 mov ecx,1
382 jmp $+4
383Decrypt_Layer11:
384 int 20h
385 xor [esi],ecx
386 jmp $+4
387 int 20h
388 inc esi
389 inc esi
390 jmp $+4
391 int 20h
392 inc esi
393 inc esi
394 jmp $+4
395 int 20h
396loop $-18
397ELayer11_End:
398
399ELayer12:
400 call $+5
401 pop esi
402 F1CKEN 0FFh
403 add esi,(offset ELayer12_End - offset ELayer12)-5
404SizePatch_ELayer12:
405 mov ecx,1
406 jmp $+4
407Decrypt_Layer12:
408 int 20h
409 sub [esi],ecx
410 jmp $+4
411 int 20h
412 inc esi
413 inc esi
414 jmp $+4
415 int 20h
416 inc esi
417 inc esi
418 jmp $+4
419 int 20h
420loop $-18
421ELayer12_End:
422
423ELayer13:
424 call $+5
425 pop edi
426 F1CKEN 0FFh
427 add edi,(offset ELayer13_End - offset ELayer13)-5
428SizePatch_ELayer13:
429 mov ecx,1
430 jmp $+4
431Decrypt_Layer13:
432 int 20h
433 rol dword ptr [edi],cl
434 jmp $+4
435 int 20h
436 inc edi
437 inc edi
438 jmp $+4
439 int 20h
440 inc edi
441 inc edi
442 jmp $+4
443 int 20h
444loop $-18
445ELayer13_End:
446
447ELayer14:
448 call $+5
449 pop edx
450 F1CKEN2 0EAh
451SizePatch_ELayer14:
452 mov ecx,1
453 add edx,(offset ELayer14_End - offset ELayer14)-5
454 jmp $+4
455Decrypt_Layer14:
456 int 20h
457 ror dword ptr [edx],cl
458 jmp $+4
459 int 20h
460 inc edx
461 inc edx
462 jmp $+4
463 int 20h
464 inc edx
465 inc edx
466 jmp $+4
467 int 20h
468loop $-18
469ELayer14_End:
470
471ELayer15:
472 call $+5
473 pop esi
474SizePatch_ELayer15:
475 mov ecx,1
476 F1CKEN2 0C7h
477 add esi,(offset ELayer15_End - offset ELayer15)-5
478 jmp $+4
479Decrypt_Layer15:
480 int 20h
481 add [esi],ecx
482 jmp $+4
483 int 20h
484 inc esi
485 inc esi
486 jmp $+4
487 int 20h
488 inc esi
489 inc esi
490 jmp $+4
491 int 20h
492loop $-18
493ELayer15_End:
494
495ELayer16:
496 call $+5
497 pop esi
498SizePatch_ELayer16:
499 mov ecx,1
500 F1CKEN2 0C7h
501 add esi,(offset ELayer16_End - offset ELayer16)-5
502 jmp $+4
503Decrypt_Layer16:
504 int 20h
505 add [esi],ecx
506 jmp $+4
507 int 20h
508 inc esi
509 inc esi
510 jmp $+4
511 int 20h
512 inc esi
513 inc esi
514 jmp $+4
515 int 20h
516loop $-18
517ELayer16_End:
518
519
520Predefined_Decryption_Layers_End:
521
522
523Predefined_Encryption_Layers:
524EncryptLayer1:
525 xor [esi],cl
526 inc esi
527 dec ecx
528 jnz EncryptLayer1
529 ret
530EncryptLayer1_End:
531
532EncryptLayer2:
533 ror byte ptr [esi],cl
534 inc esi
535 dec ecx
536 jnz EncryptLayer2
537 ret
538EncryptLayer2_End:
539
540EncryptLayer3_2:
541 sub byte ptr [esi],cl
542 inc esi
543 dec ecx
544 jnz EncryptLayer3_2
545 ret
546
547EncryptLayer3_2_End:
548
549EncryptLayer4_2:
550 mov al,[esi]
551 xor al,cl
552 dec al
553 mov [esi],al
554 inc esi
555 dec ecx
556 jnz EncryptLayer4_2
557 ret
558EncryptLayer4_2_End:
559
560EncryptLayer5_2:
561 xor [esi],dl
562 inc edx
563 inc esi
564 dec ecx
565 jnz EncryptLayer5_2
566 ret
567EncryptLayer5_2_End:
568
569EncryptLayer6_2:
570 ror byte ptr [esi],cl
571 xor [esi],dl
572 inc edx
573 inc esi
574 dec ecx
575 jnz EncryptLayer6_2
576 ret
577EncryptLayer6_2_End:
578
579EncryptLayer7_2:
580 mov al,[esi]
581 xor al,dh
582 ror al,cl
583 xor al,cl
584 mov [esi],al
585 xor edx,ecx
586 inc esi
587 dec ecx
588 jnz EncryptLayer7_2
589 ret
590EncryptLayer7_2_End:
591
592EncryptLayer8_2:
593 mov al,[esi]
594 xor al,dh
595 xor al,cl
596 mov [esi],al
597 inc esi
598 dec ecx
599 jnz EncryptLayer8_2
600 ret
601EncryptLayer8_2_End:
602
603EncryptLayer9_2:
604 xor [esi],cx
605 inc dx
606 add esi,2
607 dec ecx
608 jnz EncryptLayer9_2
609 ret
610EncryptLayer9_2_End:
611
612EncryptLayer10_2:
613 xor [esi],dx
614 xor [esi],cx
615 add esi,2
616 inc dx
617 dec ecx
618 jnz EncryptLayer10_2
619 ret
620EncryptLayer10_2_End:
621
622EncryptLayer11_2:
623 xor [esi],ecx
624 add esi,4
625 dec ecx
626 jnz EncryptLayer11_2
627 ret
628EncryptLayer11_2_End:
629
630EncryptLayer12_2:
631 add [esi],ecx
632 add esi,4
633 dec ecx
634 jnz EncryptLayer12_2
635 ret
636EncryptLayer12_2_End:
637
638EncryptLayer13_2:
639 ror dword ptr [esi],cl
640 add esi,4
641 dec ecx
642 jnz EncryptLayer13_2
643 ret
644EncryptLayer13_2_End:
645
646EncryptLayer14_2:
647 rol dword ptr [esi],cl
648 add esi,4
649 dec ecx
650 jnz EncryptLayer14_2
651 ret
652EncryptLayer14_2_End:
653
654EncryptLayer15_2:
655 sub [esi],ecx
656 add esi,4
657 dec ecx
658 jnz EncryptLayer15_2
659 ret
660EncryptLayer15_2_End:
661
662
663Predefined_Encryption_Layers_End:
664
665.Data
666
667
668;Variables of the Slow Mutation Engine
669;
670 HowMuchLayers db 15 ; number of Decryption layers you want to include ;)
671 NumberOfLayers db 16 ; number of all layers
672
673 LayerPointer db 0 ; current selected layer
674 Mem2Encrypt dd 0 ; memory 2 encrypt
675 MemSize dd 0 ; size of this memory
676 LayerPos dd 0 ; position of the layerbuffer
677 LayerSizes dd 0 ; = all layersizes together
678 SavedPOS dd 0 ; pos of the last layer
679 TableSize dd 0 ; table size for the layers
680
681;Tables which includes pointers to different Decryption routines
682Decryption_Layer_Table:
683 dd 0
684 dd offset ELayer1 - offset ELayer1
685 dd offset ELayer2 - offset ELayer1
686 dd offset ELayer3 - offset ELayer1
687 dd offset ELayer4 - offset ELayer1
688 dd offset ELayer5 - offset ELayer1
689 dd offset ELayer6 - offset ELayer1
690 dd offset ELayer7 - offset ELayer1
691 dd offset ELayer8 - offset ELayer1
692 dd offset ELayer9 - offset ELayer1
693 dd offset ELayer10 - offset ELayer1
694 dd offset ELayer11 - offset ELayer1
695 dd offset ELayer12 - offset ELayer1
696 dd offset ELayer13 - offset ELayer1
697 dd offset ELayer14 - offset ELayer1
698 dd offset ELayer15 - offset ELayer1
699 dd 0
700 dd 0
701
702Decryption_Layer_Size:
703 dw 0
704 dw (offset ELayer1_End - offset ELayer1)
705 dw (offset ELayer2_End - offset ELayer2)
706 dw (offset ELayer3_End - offset ELayer3)
707 dw (offset ELayer4_End - offset ELayer4)
708 dw (offset ELayer5_End - offset ELayer5)
709 dw (offset ELayer6_End - offset ELayer6)
710 dw (offset ELayer7_End - offset ELayer7)
711 dw (offset ELayer8_End - offset ELayer8)
712 dw (offset ELayer9_End - offset ELayer9)
713 dw (offset ELayer10_End - offset ELayer10)
714 dw (offset ELayer11_End - offset ELayer11)
715 dw (offset ELayer12_End - offset ELayer12)
716 dw (offset ELayer13_End - offset ELayer13)
717 dw (offset ELayer14_End - offset ELayer14)
718 dw (offset ELayer15_End - offset ELayer15)
719 dw 0
720
721;Table which includes pointers to the different decryption routines
722Encryption_Layer_Table:
723 dd 0
724 dd offset EncryptLayer1
725 dd offset EncryptLayer2
726 dd offset EncryptLayer3_2
727 dd offset EncryptLayer4_2
728 dd offset EncryptLayer5_2
729 dd offset EncryptLayer6_2
730 dd offset EncryptLayer7_2
731 dd offset EncryptLayer8_2
732 dd offset EncryptLayer9_2
733 dd offset EncryptLayer10_2
734 dd offset EncryptLayer11_2
735 dd offset EncryptLayer12_2
736 dd offset EncryptLayer13_2
737 dd offset EncryptLayer14_2
738 dd offset EncryptLayer15_2
739 dd 0
740 dd 0
741
742Size_Patches:
743 dd 0
744 dd offset SizePatch_ELayer1 - offset ELayer1
745 dd offset SizePatch_ELayer2 - offset ELayer2
746 dd offset SizePatch_ELayer3 - offset ELayer3
747 dd offset SizePatch_ELayer4 - offset ELayer4
748 dd offset SizePatch_ELayer5 - offset ELayer5
749 dd offset SizePatch_ELayer6 - offset ELayer6
750 dd offset SizePatch_ELayer7 - offset ELayer7
751 dd offset SizePatch_ELayer8 - offset ELayer8
752 dd offset SizePatch_ELayer9 - offset ELayer9
753 dd offset SizePatch_ELayer10 - offset ELayer10
754 dd offset SizePatch_ELayer11 - offset ELayer11
755 dd offset SizePatch_ELayer12 - offset ELayer12
756 dd offset SizePatch_ELayer13 - offset ELayer13
757 dd offset SizePatch_ELayer14 - offset ELayer14
758 dd offset SizePatch_ELayer15 - offset ELayer15
759 dd 0
760 dd 0
761
762RandomValues:
763 dd 0
764 dd 0
765 dd 0
766 dd 0
767 dd 0
768 dd RandomVPatch - offset ELayer5
769 dd RandomVPatch1 - offset ELayer6
770 dd RandomVPatch2 - offset ELayer7
771 dd RandomVPatch3 - offset ELayer8
772 dd RandomVPatch4 - offset ELayer9
773 dd RandomVPatch5 - offset ELayer10
774 dd 0
775 dd 0
776 dd 0
777 dd 0
778 dd 0
779 dd 0
780 dd 0
781
782NebelBomben:
783 dd 0 ; remains always empty
784 dd NebelBombe1 - offset ELayer1
785 dd NebelBombe2 - offset ELayer2
786 dd NebelBombe3 - offset ELayer3
787 dd NebelBombe4 - offset ELayer4
788 dd NebelBombe5 - offset ELayer5
789 dd NebelBombe6 - offset ELayer6
790 dd NebelBombe7 - offset ELayer7
791 dd NebelBombe8 - offset ELayer8
792 dd NebelBombe9 - offset ELayer9
793 dd NebelBombe10 - offset ELayer10
794 dd 0
795 dd 0
796 dd 0
797 dd 0
798 dd 0
799 dd 0
800
801BitBreite: ; 0 = 8bit, 1 = 16bit, 2 = 32bit
802 db 0
803 db 0
804 db 0
805 db 0
806 db 0
807 db 0
808 db 0
809 db 0
810 db 0
811 db 1
812 db 1
813 db 2
814 db 2
815 db 2
816 db 2
817 db 2
818
819Choosed_Layers:
820 db 100 dup (0)
821
822
823
824
diff --git a/other/burneye/tmp/PE-Crypt-1.02/r-sread.inc b/other/burneye/tmp/PE-Crypt-1.02/r-sread.inc
new file mode 100644
index 0000000..808d9a2
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/r-sread.inc
@@ -0,0 +1,250 @@
1;
2;SectionData struct
3;
4;8 bytes maximal fuer den sectionsnamen
5;1 dword fuer den rva
6;1 dword fuer die virtual size
7;1 dword fuer das offset auf der pladde
8;1 dword fuer die physical size
9;1 dword fuer die flags
10;==
11;28
12;
13;ZERO DWORD TERMINATED
14;
15;SectionStates struct
16
17;bpro section ein byte
18;0=none
19;1=encrypt
20;2=compress
21
22RSreadIncStart:
23
24ReadSectionData proc
25 pusha
26
27 xor eax,eax
28 push eax
29 push eax
30 push 3
31 push eax
32 push eax
33 push 80000000h+40000000h
34 push offset CryptFile
35 call CreateFileA ; Open file with read&write access
36 cmp eax,-1
37 jnz FileOpened
38 WriteConsole2 <offset Error1>
39 jmp FinishedWithReading
40
41FileOpened:
42 mov dword ptr [Fhandle],eax
43
44 push offset HighOrderF
45 push dword ptr [Fhandle]
46 call GetFileSize
47 or eax,eax
48 jz No_PE_File2
49
50 mov edx,offset DosHeader
51 mov ecx,80
52 call ReadFromFile
53
54 cmp word ptr [DosHeader],"ZM"
55 jz DosExecutable
56 cmp word ptr [DosHeader],"MZ"
57 jz DosExecutable
58 jmp No_PE_File2
59
60DosExecutable:
61 push offset HighOrderF
62 push dword ptr [Fhandle]
63 call GetFileSize
64
65 mov edx,dword ptr [DosHeader+3Ch]
66 cmp edx,eax
67 ja No_PE_File2
68
69 call SeekFile
70 mov edx,offset PEHeader
71 mov ecx,4000
72 call ReadFromFile
73 cmp word ptr [PEHeader],"EP"
74 jz PEFileForSure
75No_PE_File2:
76 WriteConsole2 <offset NotPE>
77 push dword ptr [Fhandle]
78 call CloseHandle
79 jmp FinishedWithReading
80
81PEFileForSure:
82 cmp dword ptr [PEHeader+40],0
83 jnz RvaAvailable
84 WriteConsole2 <offset Baukasten37>
85 push dword ptr [Fhandle]
86 jmp FinishedWithReading
87
88
89RvaAvailable:
90 mov esi,offset PEHeader+248 ; pointer to the first obj
91 movzx ecx,word ptr [PEHeader+6] ; get the number of objects
92 mov edi,offset SectionData ; points to sectiondata start
93 mov edx,offset SectionStates ; points to the section states buffa
94CreateSectionBuffer:
95
96 push esi
97 push ecx
98 push esi
99 mov ecx,8 ; section name is 8 bytes (maximum)
100 rep movsb ; copy it to the sectiondata structure
101 pop esi
102 mov eax,[esi+12] ; get the section rva
103 stosd ; save it
104 mov eax,[esi+8] ; get the virtual size
105 stosd ; save it
106 mov eax,[esi+20] ; get the physical offset
107 stosd ; save it
108 mov eax,[esi+16] ; get the physical size
109 stosd ; save it
110 mov eax,[esi+36] ; get the section flags
111 stosd ; save them
112
113 push edi
114
115 cmp dword ptr [esi+20],0 ; is the physical offset = 0
116 jz WriteNoEncryptionByte ; if yes, then don't encrypt / pack
117 cmp dword ptr [esi+16],0 ; is the physical size = 0
118 jz WriteNoEncryptionByte ; if yes, then don't encrypt / pack
119
120 push esi
121 mov edi,offset TLS_String ; pointer to the usual tls string
122 mov ecx,4 ; size of the string = 3 bytes (".tls")
123 rep cmpsb ; compare th000se 2 strings
124 pop esi
125 jz WriteNoEncryptionByte
126
127 mov eax,dword ptr [PEHeader+120] ; get the export rva
128 mov ebx,dword ptr [esi+12] ; get the current rva
129 cmp eax,ebx
130 jl NoExportForSure
131 add ebx,dword ptr [esi+8]
132 cmp eax,ebx
133 jl WriteNoEncryptionByte ; don't encrypt / pack this section!
134NoExportForSure:
135
136 push esi
137 mov edi,offset DGROUP_String ; pointer to the dgroup string
138 mov ecx,7 ; 7 bytes = size (".dgroup")
139 rep cmpsb
140 pop esi
141 jz WriteNoEncryptionByte
142
143 push esi
144 mov edi,offset Icon_String
145 mov ecx,5
146 rep cmpsb
147 pop esi
148 jz WriteNoEncryptionByte
149
150 mov eax,dword ptr [PEHeader+192] ; get tls section rva
151 mov ebx,dword ptr [esi+12] ; get the section rva
152 cmp eax,ebx
153 jl NoTlsForSure
154 add ebx,[esi+8] ; get the section vsize
155 cmp eax,ebx
156 jl WriteNoEncryptionByte
157NoTlsForSure:
158
159 mov eax,dword ptr [PEHeader+120]
160 cmp eax,dword ptr [esi+12]
161 jz WriteNoEncryptionByte
162
163 mov eax,dword ptr [PEHeader+136] ; check if this obj is the resource obj
164 cmp eax,dword ptr [esi+12]
165 jz ResourceConfig
166
167 mov eax,dword ptr [PEHeader+164]
168 mov dword ptr [RELOCSIZE],eax ; save the original size of the relocation section
169
170 mov eax,dword ptr [PEHeader+160] ; get relocation section rva
171 mov ebx,dword ptr [esi+12] ; get the section rva
172 cmp eax,ebx
173 jl NoRelocationsForSure
174 add ebx,[esi+8] ; get the section vsize
175 cmp eax,ebx
176 jl RelocationConfig
177NoRelocationsForSure:
178
179 test [esi+36],00010000000000000000000000000000b ; check for the shared flag!
180 jnz WriteNoEncryptionByte
181
182 mov edi,edx
183 cmp byte ptr [COMPRESSION],1
184 jz PackingEnabled
185 mov al,1
186 jmp Finished_With_This_Section
187PackingEnabled:
188 mov al,2
189 jmp Finished_With_This_Section
190
191RelocationConfig:
192 mov edi,edx
193 cmp byte ptr [RELOCCOMP],1
194 jz RelocationCompressionEnabled
195 mov al,1
196 jmp Finished_With_This_Section
197
198RelocationCompressionEnabled:
199 mov al,2
200 jmp Finished_With_This_Section
201
202ResourceConfig:
203 mov edi,edx
204 mov al,byte ptr [RESOURCECOMP]
205 cmp al,2
206 jnz ConvertCrap
207 xor al,al
208 jmp Finished_With_This_Section
209ConvertCrap:
210 cmp al,1
211 jnz ConvertCrap2
212 mov al,2
213 jmp Finished_With_This_Section
214ConvertCrap2:
215 mov al,1
216 jmp Finished_With_This_Section
217
218WriteNoEncryptionByte:
219 mov edi,edx
220 xor al,al
221
222Finished_With_This_Section:
223 stosb
224 inc edx
225 pop edi
226
227 pop ecx
228 pop esi
229
230 add esi,40 ; points now to the next object
231 dec ecx
232 jnz CreateSectionBuffer
233
234 xor eax,eax
235 stosd
236
237 push dword ptr [Fhandle]
238 call CloseHandle
239
240 popa
241 ret
242FinishedWithReading:
243 popa
244 pop eax
245 jmp finish
246
247ReadSectionData endp
248
249
250RSreadIncEnd:
diff --git a/other/burneye/tmp/PE-Crypt-1.02/w32.inc b/other/burneye/tmp/PE-Crypt-1.02/w32.inc
new file mode 100644
index 0000000..88666d7
--- /dev/null
+++ b/other/burneye/tmp/PE-Crypt-1.02/w32.inc
@@ -0,0 +1,5042 @@
1;Main include file for Win32 applications built with TASM5.
2;Supplied on Companion Disk for book
3;"Windows Assembly Language and Systems Programming"
4;by Barry Kauler, published by R&D Books / Miller Freeman, USA, 1997.
5;
6;I have inserted some comments, marked by "*bk*".
7;some unicode support, but a bit patchy. What is missing mainly is
8;the prototypes and structures for UNICODE characters. All API
9;functions ending in "....A" are ANSI character, while UNICODE
10;functions end in "....W". Maybe someone will be moved to fix this?
11;Also, I have stuck stuff into this file "here and there" and it
12;could do with a bit of organising.
13
14
15;I would like to acknowledge Sven Schreiber:
16; W32Main.inc
17; Win32 Main Header File V1.00
18; 03-14-1996 Sven B. Schreiber sbs@psbs.franken.de
19; This is Public Domain Software
20;His file W32MAIN.INC is part of his WALK32 Windows 95 assembly language
21;development tools, all public domain. I have incorporated much of
22;W32MAIN.INC into this file.
23
24;I would like to acknowledge Wayne Radburn.
25;Wayne has a public domain example assembly language program for Windows 95,
26;included on the Companion Disk as SKELETON.ZIP. It is for MASM 6.11.
27;I have "borrowed" from his file WINDOWSA.INC, which has the API
28;prototypes. I have modified the prototypes to suit TASM 5.0.
29
30
31
32;------------------------------------------------------------------------------
33 if UNICODE
34;
35CHAR textequ <WCHAR> ;unicode char type
36CHAR_ equ 2 ;unicode char size
37;
38 else
39;
40CHAR textequ <ACHAR> ;ansi char type
41CHAR_ equ 1 ;ansi char size
42;
43 endif
44;
45;------------------------------------------------------------------------------
46
47
48;
49; BASIC TYPES
50;........................................................................
51ACHAR typedef BYTE ;ansi character
52ATOM typedef DWORD ;string atom
53BOOL typedef DWORD ;boolean variable
54COLORREF typedef DWORD ;rgb color
55DWORDLONG typedef QWORD ;long double word
56GLOBALHANDLE typedef DWORD ;global handle
57HACCEL typedef DWORD ;accelerator handle
58HANDLE typedef DWORD ;unspecified handle
59HBITMAP typedef DWORD ;bitmap handle
60HBRUSH typedef DWORD ;brush handle
61HCOLORSPACE typedef DWORD ;color space handle
62HCURSOR typedef DWORD ;cursor handle
63HDC typedef DWORD ;device context handle
64HDWP typedef DWORD ;defer win pos handle
65HENHMETAFILE typedef DWORD ;enh. metafile handle
66HFILE typedef DWORD ;file handle
67HFONT typedef DWORD ;font handle
68HGLOBAL typedef DWORD ;global handle
69HHOOK typedef DWORD ;hook handle
70HICON typedef DWORD ;icon handle
71HINSTANCE typedef DWORD ;instance handle
72HINTERNET typedef DWORD ;internet handle
73HLOCAL typedef DWORD ;local handle
74HMENU typedef DWORD ;menu handle
75HMETAFILE typedef DWORD ;metafile handle
76HPALETTE typedef DWORD ;palette handle
77HPEN typedef DWORD ;pen handle
78HRGN typedef DWORD ;region handle
79HRSRC typedef DWORD ;resource handle
80HSTR typedef DWORD ;string handle
81HTASK typedef DWORD ;task handle
82HTREEITEM typedef DWORD ;tree view item handle
83HWND typedef DWORD ;window handle
84INTEGER typedef DWORD ;standard integer
85LOCALHANDLE typedef DWORD ;local handle
86LONG typedef DWORD ;long integer
87LONGINT typedef DWORD ;long integer
88LPARAM typedef DWORD ;long parameter
89LPBOOL typedef DWORD ;long ptr to boolean
90LPBYTE typedef DWORD ;long ptr to byte
91LPCSTR typedef DWORD ;long ptr to string
92LPCTSTR typedef DWORD ;long ptr to string
93LPCVOID typedef DWORD ;long ptr to buffer
94LPDWORD typedef DWORD ;long ptr to dword
95LPFN typedef DWORD ;long ptr to function
96LPINT typedef DWORD ;long ptr to integer
97LPLONG typedef DWORD ;long ptr to long int
98LPSTR typedef DWORD ;long ptr to string
99LPTSTR typedef DWORD ;long ptr to string
100LPVOID typedef DWORD ;long ptr to buffer
101LPWORD typedef DWORD ;long ptr to word
102LRESULT typedef DWORD ;long result
103POINTER typedef DWORD ;pointer to anything
104PVOID typedef DWORD ;pointer to buffer
105SHORTINT typedef WORD ;short integer
106UINT typedef DWORD ;unsigned integer
107WCHAR typedef WORD ;unicode character
108WNDPROC typedef DWORD ;window procedure
109WPARAM typedef DWORD ;word parameter
110;
111;
112;
113NULL equ 0 ;null
114FALSE equ 0 ;boolean false
115TRUE equ 1 ;boolean true
116;
117;------------------------------------------------------------------------------
118;
119BUTTON equ 0080h ;button class
120EDIT equ 0081h ;edit class
121STATIC equ 0082h ;static class
122LISTBOX equ 0083h ;list box class
123SCROLLBAR equ 0084h ;scroll bar class
124COMBOBOX equ 0085h ;combo box class
125;
126;------------------------------------------------------------------------------
127;
128MAX_PATH equ 260 ;maximum path length
129OFS_MAXPATHNAME equ 128 ;max OFSTRUCT path len
130;
131;------------------------------------------------------------------------------
132;
133INVALID_HANDLE_VALUE equ 0FFFFFFFFh ;invalid handle
134INVALID_FILE_SIZE equ 0FFFFFFFFh ;invalid file size
135INVALID_FILE_POINTER equ 0FFFFFFFFh ;invalid file pointer
136;
137;==============================================================================
138;
139; WIN32 CONSTANTS
140;
141;==============================================================================
142;
143; ========================
144; bitmap compression types
145; ========================
146;
147BI_RGB equ 0
148BI_RLE8 equ 1
149BI_RLE4 equ 2
150BI_BITFIELDS equ 3
151;
152;------------------------------------------------------------------------------
153;
154; =======================
155; button control messages
156; =======================
157;
158BM_GETCHECK equ 00F0h
159BM_SETCHECK equ 00F1h
160BM_GETSTATE equ 00F2h
161BM_SETSTATE equ 00F3h
162BM_SETSTYLE equ 00F4h
163BM_CLICK equ 00F5h
164BM_GETIMAGE equ 00F6h
165BM_SETIMAGE equ 00F7h
166;
167;------------------------------------------------------------------------------
168;
169; ============================
170; button control notifications
171; ============================
172;
173BN_CLICKED equ 0000h
174BN_PAINT equ 0001h
175BN_HILITE equ 0002h
176BN_UNHILITE equ 0003h
177BN_DISABLE equ 0004h
178BN_DOUBLECLICKED equ 0005h
179BN_SETFOCUS equ 0006h
180BN_KILLFOCUS equ 0007h
181;
182BN_PUSHED equ BN_HILITE
183BN_UNPUSHED equ BN_UNHILITE
184BN_DBLCLK equ BN_DOUBLECLICKED
185;
186;------------------------------------------------------------------------------
187;
188; =====================
189; button control styles
190; =====================
191;
192BS_PUSHBUTTON equ 0000h
193BS_DEFPUSHBUTTON equ 0001h
194BS_CHECKBOX equ 0002h
195BS_AUTOCHECKBOX equ 0003h
196BS_RADIOBUTTON equ 0004h
197BS_3STATE equ 0005h
198BS_AUTO3STATE equ 0006h
199BS_GROUPBOX equ 0007h
200BS_USERBUTTON equ 0008h
201BS_AUTORADIOBUTTON equ 0009h
202BS_OWNERDRAW equ 000Bh
203BS_LEFTTEXT equ 0020h
204BS_TEXT equ 0000h
205BS_ICON equ 0040h
206BS_BITMAP equ 0080h
207BS_LEFT equ 0100h
208BS_RIGHT equ 0200h
209BS_CENTER equ 0300h
210BS_TOP equ 0400h
211BS_BOTTOM equ 0800h
212BS_VCENTER equ 0C00h
213BS_PUSHLIKE equ 1000h
214BS_MULTILINE equ 2000h
215BS_NOTIFY equ 4000h
216BS_FLAT equ 8000h
217;
218BS_RIGHTBUTTON equ BS_LEFTTEXT
219;
220;------------------------------------------------------------------------------
221;
222; ==================
223; combo box messages
224; ==================
225;
226CB_GETEDITSEL equ 0140h
227CB_LIMITTEXT equ 0141h
228CB_SETEDITSEL equ 0142h
229CB_ADDSTRING equ 0143h
230CB_DELETESTRING equ 0144h
231CB_DIR equ 0145h
232CB_GETCOUNT equ 0146h
233CB_GETCURSEL equ 0147h
234CB_GETLBTEXT equ 0148h
235CB_GETLBTEXTLEN equ 0149h
236CB_INSERTSTRING equ 014Ah
237CB_RESETCONTENT equ 014Bh
238CB_FINDSTRING equ 014Ch
239CB_SELECTSTRING equ 014Dh
240CB_SETCURSEL equ 014Eh
241CB_SHOWDROPDOWN equ 014Fh
242CB_GETITEMDATA equ 0150h
243CB_SETITEMDATA equ 0151h
244CB_GETDROPPEDCONTROLRECT equ 0152h
245CB_SETITEMHEIGHT equ 0153h
246CB_GETITEMHEIGHT equ 0154h
247CB_SETEXTENDEDUI equ 0155h
248CB_GETEXTENDEDUI equ 0156h
249CB_GETDROPPEDSTATE equ 0157h
250CB_FINDSTRINGEXACT equ 0158h
251CB_SETLOCALE equ 0159h
252CB_GETLOCALE equ 015Ah
253CB_GETTOPINDEX equ 015Bh
254CB_SETTOPINDEX equ 015Ch
255CB_GETHORIZONTALEXTENT equ 015Dh
256CB_SETHORIZONTALEXTENT equ 015Eh
257CB_GETDROPPEDWIDTH equ 015Fh
258CB_SETDROPPEDWIDTH equ 0160h
259CB_INITSTORAGE equ 0161h
260CB_MSGMAX equ 0162h
261;
262;------------------------------------------------------------------------------
263;
264; =======================
265; combo box return values
266; =======================
267;
268CB_OKAY equ 0
269CB_ERR equ -1
270CB_ERRSPACE equ -2
271;
272;------------------------------------------------------------------------------
273;
274; ======================
275; CreateDIBitmap() codes
276; ======================
277;
278CBM_INIT equ 4
279;
280;------------------------------------------------------------------------------
281;
282; ============================
283; combo box notification codes
284; ============================
285;
286CBN_ERRSPACE equ -1
287CBN_SELCHANGE equ 1
288CBN_DBLCLK equ 2
289CBN_SETFOCUS equ 3
290CBN_KILLFOCUS equ 4
291CBN_EDITCHANGE equ 5
292CBN_EDITUPDATE equ 6
293CBN_DROPDOWN equ 7
294CBN_CLOSEUP equ 8
295CBN_SELENDOK equ 9
296CBN_SELENDCANCEL equ 10
297;
298;------------------------------------------------------------------------------
299;
300; ================
301; combo box styles
302; ================
303;
304CBS_SIMPLE equ 0001h
305CBS_DROPDOWN equ 0002h
306CBS_DROPDOWNLIST equ 0003h
307CBS_OWNERDRAWFIXED equ 0010h
308CBS_OWNERDRAWVARIABLE equ 0020h
309CBS_AUTOHSCROLL equ 0040h
310CBS_OEMCONVERT equ 0080h
311CBS_SORT equ 0100h
312CBS_HASSTRINGS equ 0200h
313CBS_NOINTEGRALHEIGHT equ 0400h
314CBS_DISABLENOSCROLL equ 0800h
315CBS_UPPERCASE equ 2000h
316CBS_LOWERCASE equ 4000h
317;
318;------------------------------------------------------------------------------
319;
320; =================
321; clipboard formats
322; =================
323;
324CF_TEXT equ 0001h
325CF_BITMAP equ 0002h
326CF_METAFILEPICT equ 0003h
327CF_SYLK equ 0004h
328CF_DIF equ 0005h
329CF_TIFF equ 0006h
330CF_OEMTEXT equ 0007h
331CF_DIB equ 0008h
332CF_PALETTE equ 0009h
333CF_PENDATA equ 000Ah
334CF_RIFF equ 000Bh
335CF_WAVE equ 000Ch
336CF_UNICODETEXT equ 000Dh
337CF_ENHMETAFILE equ 000Eh
338CF_HDROP equ 000Fh
339CF_LOCALE equ 0010h
340CF_MAX equ 0011h
341;
342CF_OWNERDISPLAY equ 0080h
343CF_DSPTEXT equ 0081h
344CF_DSPBITMAP equ 0082h
345CF_DSPMETAFILEPICT equ 0083h
346CF_DSPENHMETAFILE equ 008Eh
347;
348CF_PRIVATEFIRST equ 0200h
349CF_PRIVATELAST equ 02FFh
350;
351CF_GDIOBJFIRST equ 0300h
352CF_GDIOBJLAST equ 03FFh
353;
354;------------------------------------------------------------------------------
355;
356; ===========
357; color types
358; ===========
359;
360COLOR_SCROLLBAR equ 0
361COLOR_BACKGROUND equ 1
362COLOR_ACTIVECAPTION equ 2
363COLOR_INACTIVECAPTION equ 3
364COLOR_MENU equ 4
365COLOR_WINDOW equ 5
366COLOR_WINDOWFRAME equ 6
367COLOR_MENUTEXT equ 7
368COLOR_WINDOWTEXT equ 8
369COLOR_CAPTIONTEXT equ 9
370COLOR_ACTIVEBORDER equ 10
371COLOR_INACTIVEBORDER equ 11
372COLOR_APPWORKSPACE equ 12
373COLOR_HIGHLIGHT equ 13
374COLOR_HIGHLIGHTTEXT equ 14
375COLOR_BTNFACE equ 15
376COLOR_BTNSHADOW equ 16
377COLOR_GRAYTEXT equ 17
378COLOR_BTNTEXT equ 18
379COLOR_INACTIVECAPTIONTEXT equ 19
380COLOR_BTNHIGHLIGHT equ 20
381COLOR_3DDKSHADOW equ 21
382COLOR_3DLIGHT equ 22
383COLOR_INFOTEXT equ 23
384COLOR_INFOBK equ 24
385;
386COLOR_DESKTOP equ COLOR_BACKGROUND
387COLOR_3DFACE equ COLOR_BTNFACE
388COLOR_3DSHADOW equ COLOR_BTNSHADOW
389COLOR_3DHIGHLIGHT equ COLOR_BTNHIGHLIGHT
390COLOR_3DHILIGHT equ COLOR_BTNHIGHLIGHT
391COLOR_BTNHILIGHT equ COLOR_BTNHIGHLIGHT
392;
393;------------------------------------------------------------------------------
394;
395; ===================
396; network connections
397; ===================
398;
399CONNECT_UPDATE_PROFILE equ 00000001h
400CONNECT_UPDATE_RECENT equ 00000002h
401CONNECT_TEMPORARY equ 00000004h
402CONNECT_INTERACTIVE equ 00000008h
403CONNECT_PROMPT equ 00000010h
404CONNECT_NEED_DRIVE equ 00000020h
405CONNECT_REFCOUNT equ 00000040h
406CONNECT_REDIRECT equ 00000080h
407CONNECT_LOCALDRIVE equ 00000100h
408CONNECT_CURRENT_MEDIA equ 00000200h
409;
410NETPROPERTY_PERSISTENT equ 1
411;
412;------------------------------------------------------------------------------
413;
414; ====================
415; thread context flags
416; ====================
417;
418CONTEXT_i386 equ 00010000h
419CONTEXT_i486 equ 00010000h
420;
421CONTEXT_CONTROL equ CONTEXT_i386+00000001h
422CONTEXT_INTEGER equ CONTEXT_i386+00000002h
423CONTEXT_SEGMENTS equ CONTEXT_i386+00000004h
424CONTEXT_FLOATING_POINT equ CONTEXT_i386+00000008h
425CONTEXT_DEBUG_REGISTERS equ CONTEXT_i386+00000010h
426;
427CONTEXT_FULL equ CONTEXT_CONTROL+\
428 CONTEXT_INTEGER+\
429 CONTEXT_SEGMENTS
430;
431SIZE_OF_80387_REGISTERS equ 80
432;
433;------------------------------------------------------------------------------
434;
435; ==========
436; code pages
437; ==========
438;
439CP_ACP equ 0
440CP_OEMCP equ 1
441CP_MACCP equ 2
442;
443;------------------------------------------------------------------------------
444;
445; ============
446; class styles
447; ============
448;
449CS_VREDRAW equ 00000001h
450CS_HREDRAW equ 00000002h
451CS_KEYCVTWINDOW equ 00000004h
452CS_DBLCLKS equ 00000008h
453CS_OWNDC equ 00000020h
454CS_CLASSDC equ 00000040h
455CS_PARENTDC equ 00000080h
456CS_NOKEYCVT equ 00000100h
457CS_NOCLOSE equ 00000200h
458CS_SAVEBITS equ 00000800h
459CS_BYTEALIGNCLIENT equ 00001000h
460CS_BYTEALIGNWINDOW equ 00002000h
461CS_GLOBALCLASS equ 00004000h
462CS_IME equ 00010000h
463;
464;------------------------------------------------------------------------------
465;
466; ===================
467; control color types
468; ===================
469;
470CTLCOLOR_MSGBOX equ 0
471CTLCOLOR_EDIT equ 1
472CTLCOLOR_LISTBOX equ 2
473CTLCOLOR_BTN equ 3
474CTLCOLOR_DLG equ 4
475CTLCOLOR_SCROLLBAR equ 5
476CTLCOLOR_STATIC equ 6
477CTLCOLOR_MAX equ 7
478;
479;------------------------------------------------------------------------------
480;
481; =======================
482; CreateWindow() commands
483; =======================
484;
485CW_USEDEFAULT equ 80000000h
486;
487;------------------------------------------------------------------------------
488;
489; ===================
490; device capabilities
491; ===================
492;
493DC_FIELDS equ 1
494DC_PAPERS equ 2
495DC_PAPERSIZE equ 3
496DC_MINEXTENT equ 4
497DC_MAXEXTENT equ 5
498DC_BINS equ 6
499DC_DUPLEX equ 7
500DC_SIZE equ 8
501DC_EXTRA equ 9
502DC_VERSION equ 10
503DC_DRIVER equ 11
504DC_BINNAMES equ 12
505DC_ENUMRESOLUTIONS equ 13
506DC_FILEDEPENDENCIES equ 14
507DC_TRUETYPE equ 15
508DC_PAPERNAMES equ 16
509DC_ORIENTATION equ 17
510DC_COPIES equ 18
511;
512;------------------------------------------------------------------------------
513;
514; ====================
515; dib color table id's
516; ====================
517;
518DIB_RGB_COLORS equ 0
519DIB_PAL_COLORS equ 1
520;
521;------------------------------------------------------------------------------
522;
523; ====================
524; DLL LibMain() events
525; ====================
526;
527DLL_PROCESS_DETACH equ 0
528DLL_PROCESS_ATTACH equ 1
529DLL_THREAD_ATTACH equ 2
530DLL_THREAD_DETACH equ 3
531;
532;------------------------------------------------------------------------------
533;
534; ======================
535; device mode selections
536; ======================
537;
538DM_UPDATE equ 1
539DM_COPY equ 2
540DM_PROMPT equ 4
541DM_MODIFY equ 8
542;
543DM_IN_BUFFER equ DM_MODIFY
544DM_IN_PROMPT equ DM_PROMPT
545DM_OUT_BUFFER equ DM_COPY
546DM_OUT_DEFAULT equ DM_UPDATE
547;
548;------------------------------------------------------------------------------
549;
550; =============
551; dialog styles
552; =============
553;
554DS_ABSALIGN equ 0001h
555DS_SYSMODAL equ 0002h
556DS_3DLOOK equ 0004h
557DS_FIXEDSYS equ 0008h
558DS_NOFAILCREATE equ 0010h
559DS_LOCALEDIT equ 0020h ;edit items get local storage
560DS_SETFONT equ 0040h ;user specified font
561DS_MODALFRAME equ 0080h ;combinable with WS_CAPTION
562DS_NOIDLEMSG equ 0100h ;don't send WM_ENTERIDLE
563DS_SETFOREGROUND equ 0200h
564DS_CONTROL equ 0400h
565DS_CENTER equ 0800h
566DS_CENTERMOUSE equ 1000h
567DS_CONTEXTHELP equ 2000h
568;
569DS_MODAL equ DS_ABSALIGN+DS_MODALFRAME
570DS_MODELESS equ DS_ABSALIGN
571;
572;------------------------------------------------------------------------------
573;
574; =======================
575; DrawText() format flags
576; =======================
577;
578DT_TOP equ 00000000h
579DT_LEFT equ 00000000h
580DT_CENTER equ 00000001h
581DT_RIGHT equ 00000002h
582DT_VCENTER equ 00000004h
583DT_BOTTOM equ 00000008h
584DT_WORDBREAK equ 00000010h
585DT_SINGLELINE equ 00000020h
586DT_EXPANDTABS equ 00000040h
587DT_TABSTOP equ 00000080h
588DT_NOCLIP equ 00000100h
589DT_EXTERNALLEADING equ 00000200h
590DT_CALCRECT equ 00000400h
591DT_NOPREFIX equ 00000800h
592DT_INTERNAL equ 00001000h
593DT_EDITCONTROL equ 00002000h
594DT_PATH_ELLIPSIS equ 00004000h
595DT_END_ELLIPSIS equ 00008000h
596DT_MODIFYSTRING equ 00010000h
597DT_RTLREADING equ 00020000h
598DT_WORD_ELLIPSIS equ 00040000h
599;
600;------------------------------------------------------------------------------
601;
602; =====================
603; edit control messages
604; =====================
605;
606EM_GETSEL equ 00B0h
607EM_SETSEL equ 00B1h
608EM_GETRECT equ 00B2h
609EM_SETRECT equ 00B3h
610EM_SETRECTNP equ 00B4h
611EM_SCROLL equ 00B5h
612EM_LINESCROLL equ 00B6h
613EM_SCROLLCARET equ 00B7h
614EM_GETMODIFY equ 00B8h
615EM_SETMODIFY equ 00B9h
616EM_GETLINECOUNT equ 00BAh
617EM_LINEINDEX equ 00BBh
618EM_SETHANDLE equ 00BCh
619EM_GETHANDLE equ 00BDh
620EM_GETTHUMB equ 00BEh
621EM_LINELENGTH equ 00C1h
622EM_REPLACESEL equ 00C2h
623EM_GETLINE equ 00C4h
624EM_LIMITTEXT equ 00C5h
625EM_CANUNDO equ 00C6h
626EM_UNDO equ 00C7h
627EM_FMTLINES equ 00C8h
628EM_LINEFROMCHAR equ 00C9h
629EM_SETTABSTOPS equ 00CBh
630EM_SETPASSWORDCHAR equ 00CCh
631EM_EMPTYUNDOBUFFER equ 00CDh
632EM_GETFIRSTVISIBLELINE equ 00CEh
633EM_SETREADONLY equ 00CFh
634EM_SETWORDBREAKPROC equ 00D0h
635EM_GETWORDBREAKPROC equ 00D1h
636EM_GETPASSWORDCHAR equ 00D2h
637EM_SETMARGINS equ 00D3h
638EM_GETMARGINS equ 00D4h
639EM_GETLIMITTEXT equ 00D5h
640EM_POSFROMCHAR equ 00D6h
641EM_CHARFROMPOS equ 00D7h
642;
643EM_SETLIMITTEXT equ EM_LIMITTEXT
644;
645;------------------------------------------------------------------------------
646;
647; ==========================
648; edit control notifications
649; ==========================
650;
651EN_SETFOCUS equ 0100h
652EN_KILLFOCUS equ 0200h
653EN_CHANGE equ 0300h
654EN_UPDATE equ 0400h
655EN_ERRSPACE equ 0500h
656EN_MAXTEXT equ 0501h
657EN_HSCROLL equ 0601h
658EN_VSCROLL equ 0602h
659;
660;------------------------------------------------------------------------------
661;
662; ===========
663; error codes
664; ===========
665;
666ERROR_SUCCESS equ 0
667NO_ERROR equ 0
668;
669ERROR_INVALID_FUNCTION equ 1
670ERROR_FILE_NOT_FOUND equ 2
671ERROR_PATH_NOT_FOUND equ 3
672ERROR_TOO_MANY_OPEN_FILES equ 4
673ERROR_ACCESS_DENIED equ 5
674ERROR_INVALID_HANDLE equ 6
675ERROR_ARENA_TRASHED equ 7
676ERROR_NOT_ENOUGH_MEMORY equ 8
677ERROR_INVALID_BLOCK equ 9
678ERROR_BAD_ENVIRONMENT equ 10
679ERROR_BAD_FORMAT equ 11
680ERROR_INVALID_ACCESS equ 12
681ERROR_INVALID_DATA equ 13
682ERROR_OUTOFMEMORY equ 14
683ERROR_INVALID_DRIVE equ 15
684ERROR_CURRENT_DIRECTORY equ 16
685ERROR_NOT_SAME_DEVICE equ 17
686ERROR_NO_MORE_FILES equ 18
687ERROR_WRITE_PROTECT equ 19
688ERROR_BAD_UNIT equ 20
689ERROR_NOT_READY equ 21
690ERROR_BAD_COMMAND equ 22
691ERROR_CRC equ 23
692ERROR_BAD_LENGTH equ 24
693ERROR_SEEK equ 25
694ERROR_NOT_DOS_DISK equ 26
695ERROR_SECTOR_NOT_FOUND equ 27
696ERROR_OUT_OF_PAPER equ 28
697ERROR_WRITE_FAULT equ 29
698ERROR_READ_FAULT equ 30
699ERROR_GEN_FAILURE equ 31
700ERROR_SHARING_VIOLATION equ 32
701ERROR_LOCK_VIOLATION equ 33
702ERROR_WRONG_DISK equ 34
703ERROR_SHARING_BUFFER_EXCEEDED equ 36
704ERROR_HANDLE_EOF equ 38
705ERROR_HANDLE_DISK_FULL equ 39
706ERROR_NOT_SUPPORTED equ 50
707ERROR_REM_NOT_LIST equ 51
708ERROR_DUP_NAME equ 52
709ERROR_BAD_NETPATH equ 53
710ERROR_NETWORK_BUSY equ 54
711ERROR_DEV_NOT_EXIST equ 55
712ERROR_TOO_MANY_CMDS equ 56
713ERROR_ADAP_HDW_ERR equ 57
714ERROR_BAD_NET_RESP equ 58
715ERROR_UNEXP_NET_ERR equ 59
716ERROR_BAD_REM_ADAP equ 60
717ERROR_PRINTQ_FULL equ 61
718ERROR_NO_SPOOL_SPACE equ 62
719ERROR_PRINT_CANCELLED equ 63
720ERROR_NETNAME_DELETED equ 64
721ERROR_NETWORK_ACCESS_DENIED equ 65
722ERROR_BAD_DEV_TYPE equ 66
723ERROR_BAD_NET_NAME equ 67
724ERROR_TOO_MANY_NAMES equ 68
725ERROR_TOO_MANY_SESS equ 69
726ERROR_SHARING_PAUSED equ 70
727ERROR_REQ_NOT_ACCEP equ 71
728ERROR_REDIR_PAUSED equ 72
729ERROR_FILE_EXISTS equ 80
730ERROR_CANNOT_MAKE equ 82
731ERROR_FAIL_I24 equ 83
732ERROR_OUT_OF_STRUCTURES equ 84
733ERROR_ALREADY_ASSIGNED equ 85
734ERROR_INVALID_PASSWORD equ 86
735ERROR_INVALID_PARAMETER equ 87
736ERROR_NET_WRITE_FAULT equ 88
737ERROR_NO_PROC_SLOTS equ 89
738ERROR_TOO_MANY_SEMAPHORES equ 100
739ERROR_EXCL_SEM_ALREADY_OWNED equ 101
740ERROR_SEM_IS_SET equ 102
741ERROR_TOO_MANY_SEM_REQUESTS equ 103
742ERROR_INVALID_AT_INTERRUPT_TIME equ 104
743ERROR_SEM_OWNER_DIED equ 105
744ERROR_SEM_USER_LIMIT equ 106
745ERROR_DISK_CHANGE equ 107
746ERROR_DRIVE_LOCKED equ 108
747ERROR_BROKEN_PIPE equ 109
748ERROR_OPEN_FAILED equ 110
749ERROR_BUFFER_OVERFLOW equ 111
750ERROR_DISK_FULL equ 112
751ERROR_NO_MORE_SEARCH_HANDLES equ 113
752ERROR_INVALID_TARGET_HANDLE equ 114
753ERROR_INVALID_CATEGORY equ 117
754ERROR_INVALID_VERIFY_SWITCH equ 118
755ERROR_BAD_DRIVER_LEVEL equ 119
756ERROR_CALL_NOT_IMPLEMENTED equ 120
757ERROR_SEM_TIMEOUT equ 121
758ERROR_INSUFFICIENT_BUFFER equ 122
759ERROR_INVALID_NAME equ 123
760ERROR_INVALID_LEVEL equ 124
761ERROR_NO_VOLUME_LABEL equ 125
762ERROR_MOD_NOT_FOUND equ 126
763ERROR_PROC_NOT_FOUND equ 127
764ERROR_WAIT_NO_CHILDREN equ 128
765ERROR_CHILD_NOT_COMPLETE equ 129
766ERROR_DIRECT_ACCESS_HANDLE equ 130
767ERROR_NEGATIVE_SEEK equ 131
768ERROR_SEEK_ON_DEVICE equ 132
769ERROR_IS_JOIN_TARGET equ 133
770ERROR_IS_JOINED equ 134
771ERROR_IS_SUBSTED equ 135
772ERROR_NOT_JOINED equ 136
773ERROR_NOT_SUBSTED equ 137
774ERROR_JOIN_TO_JOIN equ 138
775ERROR_SUBST_TO_SUBST equ 139
776ERROR_JOIN_TO_SUBST equ 140
777ERROR_SUBST_TO_JOIN equ 141
778ERROR_BUSY_DRIVE equ 142
779ERROR_SAME_DRIVE equ 143
780ERROR_DIR_NOT_ROOT equ 144
781ERROR_DIR_NOT_EMPTY equ 145
782ERROR_IS_SUBST_PATH equ 146
783ERROR_IS_JOIN_PATH equ 147
784ERROR_PATH_BUSY equ 148
785ERROR_IS_SUBST_TARGET equ 149
786ERROR_SYSTEM_TRACE equ 150
787ERROR_INVALID_EVENT_COUNT equ 151
788ERROR_TOO_MANY_MUXWAITERS equ 152
789ERROR_INVALID_LIST_FORMAT equ 153
790ERROR_LABEL_TOO_LONG equ 154
791ERROR_TOO_MANY_TCBS equ 155
792ERROR_SIGNAL_REFUSED equ 156
793ERROR_DISCARDED equ 157
794ERROR_NOT_LOCKED equ 158
795ERROR_BAD_THREADID_ADDR equ 159
796ERROR_BAD_ARGUMENTS equ 160
797ERROR_BAD_PATHNAME equ 161
798ERROR_SIGNAL_PENDING equ 162
799ERROR_MAX_THRDS_REACHED equ 164
800ERROR_LOCK_FAILED equ 167
801ERROR_BUSY equ 170
802ERROR_CANCEL_VIOLATION equ 173
803ERROR_ATOMIC_LOCKS_NOT_SUPPORTED equ 174
804ERROR_INVALID_SEGMENT_NUMBER equ 180
805ERROR_INVALID_ORDINAL equ 182
806ERROR_ALREADY_EXISTS equ 183
807ERROR_INVALID_FLAG_NUMBER equ 186
808ERROR_SEM_NOT_FOUND equ 187
809ERROR_INVALID_STARTING_CODESEG equ 188
810ERROR_INVALID_STACKSEG equ 189
811ERROR_INVALID_MODULETYPE equ 190
812ERROR_INVALID_EXE_SIGNATURE equ 191
813ERROR_EXE_MARKED_INVALID equ 192
814ERROR_BAD_EXE_FORMAT equ 193
815ERROR_ITERATED_DATA_EXCEEDS_64k equ 194
816ERROR_INVALID_MINALLOCSIZE equ 195
817ERROR_DYNLINK_FROM_INVALID_RING equ 196
818ERROR_IOPL_NOT_ENABLED equ 197
819ERROR_INVALID_SEGDPL equ 198
820ERROR_AUTODATASEG_EXCEEDS_64k equ 199
821ERROR_RING2SEG_MUST_BE_MOVABLE equ 200
822ERROR_RELOC_CHAIN_XEEDS_SEGLIM equ 201
823ERROR_INFLOOP_IN_RELOC_CHAIN equ 202
824ERROR_ENVVAR_NOT_FOUND equ 203
825ERROR_NO_SIGNAL_SENT equ 205
826ERROR_FILENAME_EXCED_RANGE equ 206
827ERROR_RING2_STACK_IN_USE equ 207
828ERROR_META_EXPANSION_TOO_LONG equ 208
829ERROR_INVALID_SIGNAL_NUMBER equ 209
830ERROR_THREAD_1_INACTIVE equ 210
831ERROR_LOCKED equ 212
832ERROR_TOO_MANY_MODULES equ 214
833ERROR_NESTING_NOT_ALLOWED equ 215
834ERROR_BAD_PIPE equ 230
835ERROR_PIPE_BUSY equ 231
836ERROR_NO_DATA equ 232
837ERROR_PIPE_NOT_CONNECTED equ 233
838ERROR_MORE_DATA equ 234
839ERROR_VC_DISCONNECTED equ 240
840ERROR_INVALID_EA_NAME equ 254
841ERROR_EA_LIST_INCONSISTENT equ 255
842ERROR_NO_MORE_ITEMS equ 259
843ERROR_CANNOT_COPY equ 266
844ERROR_DIRECTORY equ 267
845ERROR_EAS_DIDNT_FIT equ 275
846ERROR_EA_FILE_CORRUPT equ 276
847ERROR_EA_TABLE_FULL equ 277
848ERROR_INVALID_EA_HANDLE equ 278
849ERROR_EAS_NOT_SUPPORTED equ 282
850ERROR_NOT_OWNER equ 288
851ERROR_TOO_MANY_POSTS equ 298
852ERROR_PARTIAL_COPY equ 299
853ERROR_MR_MID_NOT_FOUND equ 317
854ERROR_INVALID_ADDRESS equ 487
855ERROR_ARITHMETIC_OVERFLOW equ 534
856ERROR_PIPE_CONNECTED equ 535
857ERROR_PIPE_LISTENING equ 536
858ERROR_EA_ACCESS_DENIED equ 994
859ERROR_OPERATION_ABORTED equ 995
860ERROR_IO_INCOMPLETE equ 996
861ERROR_IO_PENDING equ 997
862ERROR_NOACCESS equ 998
863ERROR_SWAPERROR equ 999
864ERROR_STACK_OVERFLOW equ 1001
865ERROR_INVALID_MESSAGE equ 1002
866ERROR_CAN_NOT_COMPLETE equ 1003
867ERROR_INVALID_FLAGS equ 1004
868ERROR_UNRECOGNIZED_VOLUME equ 1005
869ERROR_FILE_INVALID equ 1006
870ERROR_FULLSCREEN_MODE equ 1007
871ERROR_NO_TOKEN equ 1008
872ERROR_BADDB equ 1009
873ERROR_BADKEY equ 1010
874ERROR_CANTOPEN equ 1011
875ERROR_CANTREAD equ 1012
876ERROR_CANTWRITE equ 1013
877ERROR_REGISTRY_RECOVERED equ 1014
878ERROR_REGISTRY_CORRUPT equ 1015
879ERROR_REGISTRY_IO_FAILED equ 1016
880ERROR_NOT_REGISTRY_FILE equ 1017
881ERROR_KEY_DELETED equ 1018
882ERROR_NO_LOG_SPACE equ 1019
883ERROR_KEY_HAS_CHILDREN equ 1020
884ERROR_CHILD_MUST_BE_VOLATILE equ 1021
885ERROR_NOTIFY_ENUM_DIR equ 1022
886ERROR_DEPENDENT_SERVICES_RUNNING equ 1051
887ERROR_INVALID_SERVICE_CONTROL equ 1052
888ERROR_SERVICE_REQUEST_TIMEOUT equ 1053
889ERROR_SERVICE_NO_THREAD equ 1054
890ERROR_SERVICE_DATABASE_LOCKED equ 1055
891ERROR_SERVICE_ALREADY_RUNNING equ 1056
892ERROR_INVALID_SERVICE_ACCOUNT equ 1057
893ERROR_SERVICE_DISABLED equ 1058
894ERROR_CIRCULAR_DEPENDENCY equ 1059
895ERROR_SERVICE_DOES_NOT_EXIST equ 1060
896ERROR_SERVICE_CANNOT_ACCEPT_CTRL equ 1061
897ERROR_SERVICE_NOT_ACTIVE equ 1062
898ERROR_FAILED_SERVICE_CONTROLLER_CONNECT equ 1063
899ERROR_EXCEPTION_IN_SERVICE equ 1064
900ERROR_DATABASE_DOES_NOT_EXIST equ 1065
901ERROR_SERVICE_SPECIFIC_ERROR equ 1066
902ERROR_PROCESS_ABORTED equ 1067
903ERROR_SERVICE_DEPENDENCY_FAIL equ 1068
904ERROR_SERVICE_LOGON_FAILED equ 1069
905ERROR_SERVICE_START_HANG equ 1070
906ERROR_INVALID_SERVICE_LOCK equ 1071
907ERROR_SERVICE_MARKED_FOR_DELETE equ 1072
908ERROR_SERVICE_EXISTS equ 1073
909ERROR_ALREADY_RUNNING_LKG equ 1074
910ERROR_SERVICE_DEPENDENCY_DELETED equ 1075
911ERROR_BOOT_ALREADY_ACCEPTED equ 1076
912ERROR_SERVICE_NEVER_STARTED equ 1077
913ERROR_DUPLICATE_SERVICE_NAME equ 1078
914ERROR_END_OF_MEDIA equ 1100
915ERROR_FILEMARK_DETECTED equ 1101
916ERROR_BEGINNING_OF_MEDIA equ 1102
917ERROR_SETMARK_DETECTED equ 1103
918ERROR_NO_DATA_DETECTED equ 1104
919ERROR_PARTITION_FAILURE equ 1105
920ERROR_INVALID_BLOCK_LENGTH equ 1106
921ERROR_DEVICE_NOT_PARTITIONED equ 1107
922ERROR_UNABLE_TO_LOCK_MEDIA equ 1108
923ERROR_UNABLE_TO_UNLOAD_MEDIA equ 1109
924ERROR_MEDIA_CHANGED equ 1110
925ERROR_BUS_RESET equ 1111
926ERROR_NO_MEDIA_IN_DRIVE equ 1112
927ERROR_NO_UNICODE_TRANSLATION equ 1113
928ERROR_DLL_INIT_FAILED equ 1114
929ERROR_SHUTDOWN_IN_PROGRESS equ 1115
930ERROR_NO_SHUTDOWN_IN_PROGRESS equ 1116
931ERROR_IO_DEVICE equ 1117
932ERROR_SERIAL_NO_DEVICE equ 1118
933ERROR_IRQ_BUSY equ 1119
934ERROR_MORE_WRITES equ 1120
935ERROR_COUNTER_TIMEOUT equ 1121
936ERROR_FLOPPY_ID_MARK_NOT_FOUND equ 1122
937ERROR_FLOPPY_WRONG_CYLINDER equ 1123
938ERROR_FLOPPY_UNKNOWN_ERROR equ 1124
939ERROR_FLOPPY_BAD_REGISTERS equ 1125
940ERROR_DISK_RECALIBRATE_FAILED equ 1126
941ERROR_DISK_OPERATION_FAILED equ 1127
942ERROR_DISK_RESET_FAILED equ 1128
943ERROR_EOM_OVERFLOW equ 1129
944ERROR_NOT_ENOUGH_SERVER_MEMORY equ 1130
945ERROR_POSSIBLE_DEADLOCK equ 1131
946ERROR_MAPPED_ALIGNMENT equ 1132
947ERROR_SET_POWER_STATE_VETOED equ 1140
948ERROR_SET_POWER_STATE_FAILED equ 1141
949ERROR_OLD_WIN_VERSION equ 1150
950ERROR_APP_WRONG_OS equ 1151
951ERROR_SINGLE_INSTANCE_APP equ 1152
952ERROR_RMODE_APP equ 1153
953ERROR_INVALID_DLL equ 1154
954ERROR_NO_ASSOCIATION equ 1155
955ERROR_DDE_FAIL equ 1156
956ERROR_DLL_NOT_FOUND equ 1157
957ERROR_BAD_USERNAME equ 2202
958ERROR_NOT_CONNECTED equ 2250
959ERROR_OPEN_FILES equ 2401
960ERROR_ACTIVE_CONNECTIONS equ 2402
961ERROR_DEVICE_IN_USE equ 2404
962ERROR_BAD_DEVICE equ 1200
963ERROR_CONNECTION_UNAVAIL equ 1201
964ERROR_DEVICE_ALREADY_REMEMBERED equ 1202
965ERROR_NO_NET_OR_BAD_PATH equ 1203
966ERROR_BAD_PROVIDER equ 1204
967ERROR_CANNOT_OPEN_PROFILE equ 1205
968ERROR_BAD_PROFILE equ 1206
969ERROR_NOT_CONTAINER equ 1207
970ERROR_EXTENDED_ERROR equ 1208
971ERROR_INVALID_GROUPNAME equ 1209
972ERROR_INVALID_COMPUTERNAME equ 1210
973ERROR_INVALID_EVENTNAME equ 1211
974ERROR_INVALID_DOMAINNAME equ 1212
975ERROR_INVALID_SERVICENAME equ 1213
976ERROR_INVALID_NETNAME equ 1214
977ERROR_INVALID_SHARENAME equ 1215
978ERROR_INVALID_PASSWORDNAME equ 1216
979ERROR_INVALID_MESSAGENAME equ 1217
980ERROR_INVALID_MESSAGEDEST equ 1218
981ERROR_SESSION_CREDENTIAL_CONFLICT equ 1219
982ERROR_REMOTE_SESSION_LIMIT_EXCEEDED equ 1220
983ERROR_DUP_DOMAINNAME equ 1221
984ERROR_NO_NETWORK equ 1222
985ERROR_CANCELLED equ 1223
986ERROR_USER_MAPPED_FILE equ 1224
987ERROR_CONNECTION_REFUSED equ 1225
988ERROR_GRACEFUL_DISCONNECT equ 1226
989ERROR_ADDRESS_ALREADY_ASSOCIATED equ 1227
990ERROR_ADDRESS_NOT_ASSOCIATED equ 1228
991ERROR_CONNECTION_INVALID equ 1229
992ERROR_CONNECTION_ACTIVE equ 1230
993ERROR_NETWORK_UNREACHABLE equ 1231
994ERROR_HOST_UNREACHABLE equ 1232
995ERROR_PROTOCOL_UNREACHABLE equ 1233
996ERROR_PORT_UNREACHABLE equ 1234
997ERROR_REQUEST_ABORTED equ 1235
998ERROR_CONNECTION_ABORTED equ 1236
999ERROR_RETRY equ 1237
1000ERROR_CONNECTION_COUNT_LIMIT equ 1238
1001ERROR_LOGIN_TIME_RESTRICTION equ 1239
1002ERROR_LOGIN_WKSTA_RESTRICTION equ 1240
1003ERROR_INCORRECT_ADDRESS equ 1241
1004ERROR_ALREADY_REGISTERED equ 1242
1005ERROR_SERVICE_NOT_FOUND equ 1243
1006ERROR_NOT_AUTHENTICATED equ 1244
1007ERROR_NOT_LOGGED_ON equ 1245
1008ERROR_CONTINUE equ 1246
1009ERROR_ALREADY_INITIALIZED equ 1247
1010ERROR_NO_MORE_DEVICES equ 1248
1011ERROR_NOT_ALL_ASSIGNED equ 1300
1012ERROR_SOME_NOT_MAPPED equ 1301
1013ERROR_NO_QUOTAS_FOR_ACCOUNT equ 1302
1014ERROR_LOCAL_USER_SESSION_KEY equ 1303
1015ERROR_NULL_LM_PASSWORD equ 1304
1016ERROR_UNKNOWN_REVISION equ 1305
1017ERROR_REVISION_MISMATCH equ 1306
1018ERROR_INVALID_OWNER equ 1307
1019ERROR_INVALID_PRIMARY_GROUP equ 1308
1020ERROR_NO_IMPERSONATION_TOKEN equ 1309
1021ERROR_CANT_DISABLE_MANDATORY equ 1310
1022ERROR_NO_LOGON_SERVERS equ 1311
1023ERROR_NO_SUCH_LOGON_SESSION equ 1312
1024ERROR_NO_SUCH_PRIVILEGE equ 1313
1025ERROR_PRIVILEGE_NOT_HELD equ 1314
1026ERROR_INVALID_ACCOUNT_NAME equ 1315
1027ERROR_USER_EXISTS equ 1316
1028ERROR_NO_SUCH_USER equ 1317
1029ERROR_GROUP_EXISTS equ 1318
1030ERROR_NO_SUCH_GROUP equ 1319
1031ERROR_MEMBER_IN_GROUP equ 1320
1032ERROR_MEMBER_NOT_IN_GROUP equ 1321
1033ERROR_LAST_ADMIN equ 1322
1034ERROR_WRONG_PASSWORD equ 1323
1035ERROR_ILL_FORMED_PASSWORD equ 1324
1036ERROR_PASSWORD_RESTRICTION equ 1325
1037ERROR_LOGON_FAILURE equ 1326
1038ERROR_ACCOUNT_RESTRICTION equ 1327
1039ERROR_INVALID_LOGON_HOURS equ 1328
1040ERROR_INVALID_WORKSTATION equ 1329
1041ERROR_PASSWORD_EXPIRED equ 1330
1042ERROR_ACCOUNT_DISABLED equ 1331
1043ERROR_NONE_MAPPED equ 1332
1044ERROR_TOO_MANY_LUIDS_REQUESTED equ 1333
1045ERROR_LUIDS_EXHAUSTED equ 1334
1046ERROR_INVALID_SUB_AUTHORITY equ 1335
1047ERROR_INVALID_ACL equ 1336
1048ERROR_INVALID_SID equ 1337
1049ERROR_INVALID_SECURITY_DESCR equ 1338
1050ERROR_BAD_INHERITANCE_ACL equ 1340
1051ERROR_SERVER_DISABLED equ 1341
1052ERROR_SERVER_NOT_DISABLED equ 1342
1053ERROR_INVALID_ID_AUTHORITY equ 1343
1054ERROR_ALLOTTED_SPACE_EXCEEDED equ 1344
1055ERROR_INVALID_GROUP_ATTRIBUTES equ 1345
1056ERROR_BAD_IMPERSONATION_LEVEL equ 1346
1057ERROR_CANT_OPEN_ANONYMOUS equ 1347
1058ERROR_BAD_VALIDATION_CLASS equ 1348
1059ERROR_BAD_TOKEN_TYPE equ 1349
1060ERROR_NO_SECURITY_ON_OBJECT equ 1350
1061ERROR_CANT_ACCESS_DOMAIN_INFO equ 1351
1062ERROR_INVALID_SERVER_STATE equ 1352
1063ERROR_INVALID_DOMAIN_STATE equ 1353
1064ERROR_INVALID_DOMAIN_ROLE equ 1354
1065ERROR_NO_SUCH_DOMAIN equ 1355
1066ERROR_DOMAIN_EXISTS equ 1356
1067ERROR_DOMAIN_LIMIT_EXCEEDED equ 1357
1068ERROR_INTERNAL_DB_CORRUPTION equ 1358
1069ERROR_INTERNAL_ERROR equ 1359
1070ERROR_GENERIC_NOT_MAPPED equ 1360
1071ERROR_BAD_DESCRIPTOR_FORMAT equ 1361
1072ERROR_NOT_LOGON_PROCESS equ 1362
1073ERROR_LOGON_SESSION_EXISTS equ 1363
1074ERROR_NO_SUCH_PACKAGE equ 1364
1075ERROR_BAD_LOGON_SESSION_STATE equ 1365
1076ERROR_LOGON_SESSION_COLLISION equ 1366
1077ERROR_INVALID_LOGON_TYPE equ 1367
1078ERROR_CANNOT_IMPERSONATE equ 1368
1079ERROR_RXACT_INVALID_STATE equ 1369
1080ERROR_RXACT_COMMIT_FAILURE equ 1370
1081ERROR_SPECIAL_ACCOUNT equ 1371
1082ERROR_SPECIAL_GROUP equ 1372
1083ERROR_SPECIAL_USER equ 1373
1084ERROR_MEMBERS_PRIMARY_GROUP equ 1374
1085ERROR_TOKEN_ALREADY_IN_USE equ 1375
1086ERROR_NO_SUCH_ALIAS equ 1376
1087ERROR_MEMBER_NOT_IN_ALIAS equ 1377
1088ERROR_MEMBER_IN_ALIAS equ 1378
1089ERROR_ALIAS_EXISTS equ 1379
1090ERROR_LOGON_NOT_GRANTED equ 1380
1091ERROR_TOO_MANY_SECRETS equ 1381
1092ERROR_SECRET_TOO_LONG equ 1382
1093ERROR_INTERNAL_DB_ERROR equ 1383
1094ERROR_TOO_MANY_CONTEXT_IDS equ 1384
1095ERROR_LOGON_TYPE_NOT_GRANTED equ 1385
1096ERROR_NT_CROSS_ENCRYPTION_REQUIRED equ 1386
1097ERROR_NO_SUCH_MEMBER equ 1387
1098ERROR_INVALID_MEMBER equ 1388
1099ERROR_TOO_MANY_SIDS equ 1389
1100ERROR_LM_CROSS_ENCRYPTION_REQUIRED equ 1390
1101ERROR_NO_INHERITANCE equ 1391
1102ERROR_FILE_CORRUPT equ 1392
1103ERROR_DISK_CORRUPT equ 1393
1104ERROR_NO_USER_SESSION_KEY equ 1394
1105ERROR_LICENSE_QUOTA_EXCEEDED equ 1395
1106ERROR_INVALID_WINDOW_HANDLE equ 1400
1107ERROR_INVALID_MENU_HANDLE equ 1401
1108ERROR_INVALID_CURSOR_HANDLE equ 1402
1109ERROR_INVALID_ACCEL_HANDLE equ 1403
1110ERROR_INVALID_HOOK_HANDLE equ 1404
1111ERROR_INVALID_DWP_HANDLE equ 1405
1112ERROR_TLW_WITH_WSCHILD equ 1406
1113ERROR_CANNOT_FIND_WND_CLASS equ 1407
1114ERROR_WINDOW_OF_OTHER_THREAD equ 1408
1115ERROR_HOTKEY_ALREADY_REGISTERED equ 1409
1116ERROR_CLASS_ALREADY_EXISTS equ 1410
1117ERROR_CLASS_DOES_NOT_EXIST equ 1411
1118ERROR_CLASS_HAS_WINDOWS equ 1412
1119ERROR_INVALID_INDEX equ 1413
1120ERROR_INVALID_ICON_HANDLE equ 1414
1121ERROR_PRIVATE_DIALOG_INDEX equ 1415
1122ERROR_LISTBOX_ID_NOT_FOUND equ 1416
1123ERROR_NO_WILDCARD_CHARACTERS equ 1417
1124ERROR_CLIPBOARD_NOT_OPEN equ 1418
1125ERROR_HOTKEY_NOT_REGISTERED equ 1419
1126ERROR_WINDOW_NOT_DIALOG equ 1420
1127ERROR_CONTROL_ID_NOT_FOUND equ 1421
1128ERROR_INVALID_COMBOBOX_MESSAGE equ 1422
1129ERROR_WINDOW_NOT_COMBOBOX equ 1423
1130ERROR_INVALID_EDIT_HEIGHT equ 1424
1131ERROR_DC_NOT_FOUND equ 1425
1132ERROR_INVALID_HOOK_FILTER equ 1426
1133ERROR_INVALID_FILTER_PROC equ 1427
1134ERROR_HOOK_NEEDS_HMOD equ 1428
1135ERROR_GLOBAL_ONLY_HOOK equ 1429
1136ERROR_JOURNAL_HOOK_SET equ 1430
1137ERROR_HOOK_NOT_INSTALLED equ 1431
1138ERROR_INVALID_LB_MESSAGE equ 1432
1139ERROR_SETCOUNT_ON_BAD_LB equ 1433
1140ERROR_LB_WITHOUT_TABSTOPS equ 1434
1141ERROR_DESTROY_OBJECT_OF_OTHER_THREAD equ 1435
1142ERROR_CHILD_WINDOW_MENU equ 1436
1143ERROR_NO_SYSTEM_MENU equ 1437
1144ERROR_INVALID_MSGBOX_STYLE equ 1438
1145ERROR_INVALID_SPI_VALUE equ 1439
1146ERROR_SCREEN_ALREADY_LOCKED equ 1440
1147ERROR_HWNDS_HAVE_DIFF_PARENT equ 1441
1148ERROR_NOT_CHILD_WINDOW equ 1442
1149ERROR_INVALID_GW_COMMAND equ 1443
1150ERROR_INVALID_THREAD_ID equ 1444
1151ERROR_NON_MDICHILD_WINDOW equ 1445
1152ERROR_POPUP_ALREADY_ACTIVE equ 1446
1153ERROR_NO_SCROLLBARS equ 1447
1154ERROR_INVALID_SCROLLBAR_RANGE equ 1448
1155ERROR_INVALID_SHOWWIN_COMMAND equ 1449
1156ERROR_NO_SYSTEM_RESOURCES equ 1450
1157ERROR_NONPAGED_SYSTEM_RESOURCES equ 1451
1158ERROR_PAGED_SYSTEM_RESOURCES equ 1452
1159ERROR_WORKING_SET_QUOTA equ 1453
1160ERROR_PAGEFILE_QUOTA equ 1454
1161ERROR_COMMITMENT_LIMIT equ 1455
1162ERROR_MENU_ITEM_NOT_FOUND equ 1456
1163ERROR_EVENTLOG_FILE_CORRUPT equ 1500
1164ERROR_EVENTLOG_CANT_START equ 1501
1165ERROR_LOG_FILE_FULL equ 1502
1166ERROR_EVENTLOG_FILE_CHANGED equ 1503
1167ERROR_INVALID_USER_BUFFER equ 1784
1168ERROR_UNRECOGNIZED_MEDIA equ 1785
1169ERROR_NO_TRUST_LSA_SECRET equ 1786
1170ERROR_NO_TRUST_SAM_ACCOUNT equ 1787
1171ERROR_TRUSTED_DOMAIN_FAILURE equ 1788
1172ERROR_TRUSTED_RELATIONSHIP_FAILURE equ 1789
1173ERROR_TRUST_FAILURE equ 1790
1174ERROR_NETLOGON_NOT_STARTED equ 1792
1175ERROR_ACCOUNT_EXPIRED equ 1793
1176ERROR_REDIRECTOR_HAS_OPEN_HANDLES equ 1794
1177ERROR_PRINTER_DRIVER_ALREADY_INSTALLED equ 1795
1178ERROR_UNKNOWN_PORT equ 1796
1179ERROR_UNKNOWN_PRINTER_DRIVER equ 1797
1180ERROR_UNKNOWN_PRINTPROCESSOR equ 1798
1181ERROR_INVALID_SEPARATOR_FILE equ 1799
1182ERROR_INVALID_PRIORITY equ 1800
1183ERROR_INVALID_PRINTER_NAME equ 1801
1184ERROR_PRINTER_ALREADY_EXISTS equ 1802
1185ERROR_INVALID_PRINTER_COMMAND equ 1803
1186ERROR_INVALID_DATATYPE equ 1804
1187ERROR_INVALID_ENVIRONMENT equ 1805
1188ERROR_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT equ 1807
1189ERROR_NOLOGON_WORKSTATION_TRUST_ACCOUNT equ 1808
1190ERROR_NOLOGON_SERVER_TRUST_ACCOUNT equ 1809
1191ERROR_DOMAIN_TRUST_INCONSISTENT equ 1810
1192ERROR_SERVER_HAS_OPEN_HANDLES equ 1811
1193ERROR_RESOURCE_DATA_NOT_FOUND equ 1812
1194ERROR_RESOURCE_TYPE_NOT_FOUND equ 1813
1195ERROR_RESOURCE_NAME_NOT_FOUND equ 1814
1196ERROR_RESOURCE_LANG_NOT_FOUND equ 1815
1197ERROR_NOT_ENOUGH_QUOTA equ 1816
1198ERROR_INVALID_TIME equ 1901
1199ERROR_INVALID_FORM_NAME equ 1902
1200ERROR_INVALID_FORM_SIZE equ 1903
1201ERROR_ALREADY_WAITING equ 1904
1202ERROR_PRINTER_DELETED equ 1905
1203ERROR_INVALID_PRINTER_STATE equ 1906
1204ERROR_PASSWORD_MUST_CHANGE equ 1907
1205ERROR_DOMAIN_CONTROLLER_NOT_FOUND equ 1908
1206ERROR_ACCOUNT_LOCKED_OUT equ 1909
1207ERROR_INVALID_PIXEL_FORMAT equ 2000
1208ERROR_BAD_DRIVER equ 2001
1209ERROR_INVALID_WINDOW_STYLE equ 2002
1210ERROR_METAFILE_NOT_SUPPORTED equ 2003
1211ERROR_TRANSFORM_NOT_SUPPORTED equ 2004
1212ERROR_CLIPPING_NOT_SUPPORTED equ 2005
1213ERROR_UNKNOWN_PRINT_MONITOR equ 3000
1214ERROR_PRINTER_DRIVER_IN_USE equ 3001
1215ERROR_SPOOL_FILE_NOT_FOUND equ 3002
1216ERROR_SPL_NO_STARTDOC equ 3003
1217ERROR_SPL_NO_ADDJOB equ 3004
1218ERROR_PRINT_PROCESSOR_ALREADY_INSTALLED equ 3005
1219ERROR_PRINT_MONITOR_ALREADY_INSTALLED equ 3006
1220ERROR_WINS_INTERNAL equ 4000
1221ERROR_CAN_NOT_DEL_LOCAL_WINS equ 4001
1222ERROR_STATIC_INIT equ 4002
1223ERROR_INC_BACKUP equ 4003
1224ERROR_FULL_BACKUP equ 4004
1225ERROR_REC_NON_EXISTENT equ 4005
1226ERROR_RPL_NOT_ALLOWED equ 4006
1227ERROR_NO_BROWSER_SERVERS_FOUND equ 6118
1228;
1229;------------------------------------------------------------------------------
1230;
1231; ===================
1232; edit control styles
1233; ===================
1234;
1235ES_LEFT equ 0000h
1236ES_CENTER equ 0001h
1237ES_RIGHT equ 0002h
1238ES_MULTILINE equ 0004h
1239ES_UPPERCASE equ 0008h
1240ES_LOWERCASE equ 0010h
1241ES_PASSWORD equ 0020h
1242ES_AUTOVSCROLL equ 0040h
1243ES_AUTOHSCROLL equ 0080h
1244ES_NOHIDESEL equ 0100h
1245ES_OEMCONVERT equ 0400h
1246ES_READONLY equ 0800h
1247ES_WANTRETURN equ 1000h
1248ES_NUMBER equ 2000h
1249;
1250ES_DEFAULT equ ES_MULTILINE+ES_AUTOHSCROLL
1251;
1252;------------------------------------------------------------------------------
1253;
1254; =============
1255; font families
1256; =============
1257;
1258FF_DONTCARE equ 0000h
1259FF_ROMAN equ 0010h
1260FF_SWISS equ 0020h
1261FF_MODERN equ 0030h
1262FF_SCRIPT equ 0040h
1263FF_DECORATIVE equ 0050h
1264;
1265;------------------------------------------------------------------------------
1266;
1267; ===============
1268; file attributes
1269; ===============
1270;
1271FILE_ATTRIBUTE_READONLY equ 00000001h
1272FILE_ATTRIBUTE_HIDDEN equ 00000002h
1273FILE_ATTRIBUTE_SYSTEM equ 00000004h
1274FILE_ATTRIBUTE_DIRECTORY equ 00000010h
1275FILE_ATTRIBUTE_ARCHIVE equ 00000020h
1276FILE_ATTRIBUTE_NORMAL equ 00000080h
1277FILE_ATTRIBUTE_TEMPORARY equ 00000100h
1278FILE_ATTRIBUTE_COMPRESSED equ 00000800h
1279;
1280;------------------------------------------------------------------------------
1281;
1282; ===================
1283; file creation flags
1284; ===================
1285;
1286FILE_FLAG_WRITE_THROUGH equ 80000000h
1287FILE_FLAG_OVERLAPPED equ 40000000h
1288FILE_FLAG_NO_BUFFERING equ 20000000h
1289FILE_FLAG_RANDOM_ACCESS equ 10000000h
1290FILE_FLAG_SEQUENTIAL_SCAN equ 08000000h
1291FILE_FLAG_DELETE_ON_CLOSE equ 04000000h
1292FILE_FLAG_BACKUP_SEMANTICS equ 02000000h
1293FILE_FLAG_POSIX_SEMANTICS equ 01000000h
1294;
1295;------------------------------------------------------------------------------
1296;
1297; ==================
1298; file notifications
1299; ==================
1300;
1301FILE_NOTIFY_CHANGE_FILE_NAME equ 0001h
1302FILE_NOTIFY_CHANGE_DIR_NAME equ 0002h
1303FILE_NOTIFY_CHANGE_ATTRIBUTES equ 0004h
1304FILE_NOTIFY_CHANGE_SIZE equ 0008h
1305FILE_NOTIFY_CHANGE_LAST_WRITE equ 0010h
1306FILE_NOTIFY_CHANGE_SECURITY equ 0100h
1307;
1308;------------------------------------------------------------------------------
1309;
1310; ================
1311; file share modes
1312; ================
1313;
1314FILE_SHARE_NONE equ 0000h
1315FILE_SHARE_READ equ 0001h
1316FILE_SHARE_WRITE equ 0002h
1317;
1318FILE_SHARE_READWRITE equ FILE_SHARE_READ+FILE_SHARE_WRITE
1319;
1320;------------------------------------------------------------------------------
1321;
1322; ========================
1323; SetFilePointer() methods
1324; ========================
1325;
1326FILE_BEGIN equ 0
1327FILE_CURRENT equ 1
1328FILE_END equ 2
1329;
1330;------------------------------------------------------------------------------
1331;
1332; =================
1333; file system flags
1334; =================
1335;
1336FILE_CASE_SENSITIVE_SEARCH equ 00000001h
1337FILE_CASE_PRESERVED_NAMES equ 00000002h
1338FILE_UNICODE_ON_DISK equ 00000004h
1339FILE_PERSISTENT_ACLS equ 00000008h
1340FILE_FILE_COMPRESSION equ 00000010h
1341FILE_VOLUME_IS_COMPRESSED equ 00008000h
1342;
1343FS_CASE_SENSITIVE equ FILE_CASE_SENSITIVE_SEARCH
1344FS_CASE_IS_PRESERVED equ FILE_CASE_PRESERVED_NAMES
1345FS_UNICODE_STORED_ON_DISK equ FILE_UNICODE_ON_DISK
1346FS_PERSISTENT_ACLS equ FILE_PERSISTENT_ACLS
1347FS_FILE_COMPRESSION equ FILE_FILE_COMPRESSION
1348FS_VOL_IS_COMPRESSED equ FILE_VOLUME_IS_COMPRESSED
1349;
1350;------------------------------------------------------------------------------
1351;
1352; ============
1353; font weights
1354; ============
1355;
1356FW_DONTCARE equ 000
1357FW_THIN equ 100
1358FW_EXTRALIGHT equ 200
1359FW_LIGHT equ 300
1360FW_NORMAL equ 400
1361FW_MEDIUM equ 500
1362FW_SEMIBOLD equ 600
1363FW_BOLD equ 700
1364FW_EXTRABOLD equ 800
1365FW_HEAVY equ 900
1366;
1367FW_ULTRALIGHT equ FW_EXTRALIGHT
1368FW_REGULAR equ FW_NORMAL
1369FW_DEMIBOLD equ FW_SEMIBOLD
1370FW_ULTRABOLD equ FW_EXTRABOLD
1371FW_BLACK equ FW_HEAVY
1372;
1373;------------------------------------------------------------------------------
1374;
1375; ======================
1376; GetClassLong() offsets
1377; ======================
1378;
1379GCL_MENUNAME equ -08
1380GCL_HBRBACKGROUND equ -10
1381GCL_HCURSOR equ -12
1382GCL_HICON equ -14
1383GCL_HMODULE equ -16
1384GCL_CBWNDEXTRA equ -18
1385GCL_CBCLSEXTRA equ -20
1386GCL_WNDPROC equ -24
1387GCL_STYLE equ -26
1388GCW_ATOM equ -32
1389GCL_HICONSM equ -34
1390;
1391;------------------------------------------------------------------------------
1392;
1393; =================
1394; file access types
1395; =================
1396;
1397GENERIC_ALL equ 10000000h
1398GENERIC_EXECUTE equ 20000000h
1399GENERIC_WRITE equ 40000000h
1400GENERIC_READ equ 80000000h
1401;
1402GENERIC_READWRITE equ GENERIC_READ+GENERIC_WRITE
1403;
1404;------------------------------------------------------------------------------
1405;
1406; ===================
1407; global memory flags
1408; ===================
1409;
1410GMEM_FIXED equ 0000h
1411GMEM_MOVEABLE equ 0002h
1412GMEM_NOCOMPACT equ 0010h
1413GMEM_NODISCARD equ 0020h
1414GMEM_ZEROINIT equ 0040h
1415GMEM_MODIFY equ 0080h
1416GMEM_DISCARDABLE equ 0100h
1417GMEM_NOT_BANKED equ 1000h
1418GMEM_SHARE equ 2000h
1419GMEM_DDESHARE equ 2000h
1420GMEM_NOTIFY equ 4000h
1421GMEM_INVALID_HANDLE equ 8000h
1422;
1423GMEM_VALID_FLAGS equ 7F72h
1424GMEM_LOWER equ GMEM_NOT_BANKED
1425;
1426;------------------------------------------------------------------------------
1427;
1428; ================
1429; GetWindow() id's
1430; ================
1431;
1432GW_HWNDFIRST equ 0
1433GW_HWNDLAST equ 1
1434GW_HWNDNEXT equ 2
1435GW_HWNDPREV equ 3
1436GW_OWNER equ 4
1437GW_CHILD equ 5
1438;
1439GW_MAX equ 5
1440;
1441;------------------------------------------------------------------------------
1442;
1443; =======================
1444; GetWindowLong() offsets
1445; =======================
1446;
1447GWL_WNDPROC equ -04
1448GWL_HINSTANCE equ -06
1449GWL_HWNDPARENT equ -08
1450GWL_STYLE equ -16
1451GWL_EXSTYLE equ -20
1452GWL_USERDATA equ -21
1453GWL_ID equ -12
1454;
1455;------------------------------------------------------------------------------
1456;
1457; ==================
1458; WinHelp() commands
1459; ==================
1460;
1461HELP_CONTEXT equ 0001h
1462HELP_QUIT equ 0002h
1463HELP_INDEX equ 0003h
1464HELP_CONTENTS equ 0003h
1465HELP_HELPONHELP equ 0004h
1466HELP_SETINDEX equ 0005h
1467HELP_SETCONTENTS equ 0005h
1468HELP_CONTEXTPOPUP equ 0008h
1469HELP_FORCEFILE equ 0009h
1470HELP_CONTEXTMENU equ 000Ah
1471HELP_FINDER equ 000Bh
1472HELP_WM_HELP equ 000Ch
1473HELP_SETPOPUP_POS equ 000Dh
1474HELP_TCARD_DATA equ 0010h
1475HELP_TCARD_OTHER_CALLER equ 0011h
1476HELP_KEY equ 0101h
1477HELP_COMMAND equ 0102h
1478HELP_PARTIALKEY equ 0105h
1479HELP_MULTIKEY equ 0201h
1480HELP_SETWINPOS equ 0203h
1481HELP_TCARD equ 8000h
1482;
1483;------------------------------------------------------------------------------
1484;
1485; =======================
1486; hit test position codes
1487; =======================
1488;
1489HTERROR equ -2
1490HTTRANSPARENT equ -1
1491HTNOWHERE equ 0
1492HTCLIENT equ 1
1493HTCAPTION equ 2
1494HTSYSMENU equ 3
1495HTGROWBOX equ 4
1496HTMENU equ 5
1497HTHSCROLL equ 6
1498HTVSCROLL equ 7
1499HTMINBUTTON equ 8
1500HTMAXBUTTON equ 9
1501;
1502HTSIZEFIRST equ HTLEFT
1503HTLEFT equ 10
1504HTRIGHT equ 11
1505HTTOP equ 12
1506HTTOPLEFT equ 13
1507HTTOPRIGHT equ 14
1508HTBOTTOM equ 15
1509HTBOTTOMLEFT equ 16
1510HTBOTTOMRIGHT equ 17
1511HTSIZELAST equ HTBOTTOMRIGHT
1512;
1513HTBORDER equ 18
1514HTOBJECT equ 19
1515HTCLOSE equ 20
1516HTHELP equ 21
1517;
1518HTSIZE equ HTGROWBOX
1519HTREDUCE equ HTMINBUTTON
1520HTZOOM equ HTMAXBUTTON
1521;
1522;------------------------------------------------------------------------------
1523;
1524; ===================
1525; toolbar bitmap id's
1526; ===================
1527;
1528IDB_STD_SMALL_COLOR equ 0
1529IDB_STD_LARGE_COLOR equ 1
1530IDB_VIEW_SMALL_COLOR equ 4
1531IDB_VIEW_LARGE_COLOR equ 5
1532;
1533HINST_COMMCTRL equ -1
1534;
1535;------------------------------------------------------------------------------
1536;
1537; ====================
1538; standard cursor id's
1539; ====================
1540;
1541IDC_ARROW equ 32512
1542IDC_IBEAM equ 32513
1543IDC_WAIT equ 32514
1544IDC_CROSS equ 32515
1545IDC_UPARROW equ 32516
1546IDC_SIZE equ 32640 ;obsolete, use IDC_SIZEALL
1547IDC_ICON equ 32641 ;obsolete, use IDC_ARROW
1548IDC_SIZENWSE equ 32642
1549IDC_SIZENESW equ 32643
1550IDC_SIZEWE equ 32644
1551IDC_SIZENS equ 32645
1552IDC_SIZEALL equ 32646
1553IDC_NO equ 32648
1554IDC_APPSTARTING equ 32650
1555IDC_HELP equ 32651
1556;
1557;------------------------------------------------------------------------------
1558;
1559; ==================
1560; standard icon id's
1561; ==================
1562;
1563IDI_APPLICATION equ 32512
1564IDI_HAND equ 32513
1565IDI_QUESTION equ 32514
1566IDI_EXCLAMATION equ 32515
1567IDI_ASTERISK equ 32516
1568IDI_WINLOGO equ 32517
1569;
1570;------------------------------------------------------------------------------
1571;
1572; ===================
1573; dialog command id's
1574; ===================
1575;
1576IDOK equ 1
1577IDCANCEL equ 2
1578IDABORT equ 3
1579IDRETRY equ 4
1580IDIGNORE equ 5
1581IDYES equ 6
1582IDNO equ 7
1583IDCLOSE equ 8
1584IDHELP equ 9
1585;
1586;------------------------------------------------------------------------------
1587;
1588; =============================
1589; keyboard message lParam flags
1590; =============================
1591;
1592KF_EXTENDED equ 0100h
1593KF_DLGMODE equ 0800h
1594KF_MENUMODE equ 1000h
1595KF_ALTDOWN equ 2000h
1596KF_REPEAT equ 4000h
1597KF_UP equ 8000h
1598;
1599;------------------------------------------------------------------------------
1600;
1601; ================
1602; listbox messages
1603; ================
1604;
1605LB_ADDSTRING equ 0180h
1606LB_INSERTSTRING equ 0181h
1607LB_DELETESTRING equ 0182h
1608LB_SELITEMRANGEEX equ 0183h
1609LB_RESETCONTENT equ 0184h
1610LB_SETSEL equ 0185h
1611LB_SETCURSEL equ 0186h
1612LB_GETSEL equ 0187h
1613LB_GETCURSEL equ 0188h
1614LB_GETTEXT equ 0189h
1615LB_GETTEXTLEN equ 018Ah
1616LB_GETCOUNT equ 018Bh
1617LB_SELECTSTRING equ 018Ch
1618LB_DIR equ 018Dh
1619LB_GETTOPINDEX equ 018Eh
1620LB_FINDSTRING equ 018Fh
1621LB_GETSELCOUNT equ 0190h
1622LB_GETSELITEMS equ 0191h
1623LB_SETTABSTOPS equ 0192h
1624LB_GETHORIZONTALEXTENT equ 0193h
1625LB_SETHORIZONTALEXTENT equ 0194h
1626LB_SETCOLUMNWIDTH equ 0195h
1627LB_ADDFILE equ 0196h
1628LB_SETTOPINDEX equ 0197h
1629LB_GETITEMRECT equ 0198h
1630LB_GETITEMDATA equ 0199h
1631LB_SETITEMDATA equ 019Ah
1632LB_SELITEMRANGE equ 019Bh
1633LB_SETANCHORINDEX equ 019Ch
1634LB_GETANCHORINDEX equ 019Dh
1635LB_SETCARETINDEX equ 019Eh
1636LB_GETCARETINDEX equ 019Fh
1637LB_SETITEMHEIGHT equ 01A0h
1638LB_GETITEMHEIGHT equ 01A1h
1639LB_FINDSTRINGEXACT equ 01A2h
1640LB_SETLOCALE equ 01A5h
1641LB_GETLOCALE equ 01A6h
1642LB_SETCOUNT equ 01A7h
1643LB_INITSTORAGE equ 01A8h
1644LB_ITEMFROMPOINT equ 01A9h
1645LB_MSGMAX equ 01B0h
1646;
1647;------------------------------------------------------------------------------
1648;
1649; =====================
1650; listbox return values
1651; =====================
1652;
1653LB_OKAY equ 0
1654LB_ERR equ -1
1655LB_ERRSPACE equ -2
1656;
1657;------------------------------------------------------------------------------
1658;
1659; ==========================
1660; listbox notification codes
1661; ==========================
1662;
1663LBN_ERRSPACE equ -2
1664LBN_SELCHANGE equ 1
1665LBN_DBLCLK equ 2
1666LBN_SELCANCEL equ 3
1667LBN_SETFOCUS equ 4
1668LBN_KILLFOCUS equ 5
1669;
1670;------------------------------------------------------------------------------
1671;
1672; ==============
1673; listbox styles
1674; ==============
1675;
1676LBS_NOTIFY equ 00000001h
1677LBS_SORT equ 00000002h
1678LBS_NOREDRAW equ 00000004h
1679LBS_MULTIPLESEL equ 00000008h
1680LBS_OWNERDRAWFIXED equ 00000010h
1681LBS_OWNERDRAWVARIABLE equ 00000020h
1682LBS_HASSTRINGS equ 00000040h
1683LBS_USETABSTOPS equ 00000080h
1684LBS_NOINTEGRALHEIGHT equ 00000100h
1685LBS_MULTICOLUMN equ 00000200h
1686LBS_WANTKEYBOARDINPUT equ 00000400h
1687LBS_EXTENDEDSEL equ 00000800h
1688LBS_DISABLENOSCROLL equ 00001000h
1689LBS_NODATA equ 00002000h
1690LBS_NOSEL equ 00004000h
1691LBS_STANDARD equ 00A00003h
1692;
1693;------------------------------------------------------------------------------
1694;
1695; ==================
1696; local memory flags
1697; ==================
1698;
1699LMEM_FIXED equ 0000h
1700LMEM_MOVEABLE equ 0002h
1701LMEM_NOCOMPACT equ 0010h
1702LMEM_NODISCARD equ 0020h
1703LMEM_ZEROINIT equ 0040h
1704LMEM_MODIFY equ 0080h
1705LMEM_LOCKCOUNT equ 00FFh
1706LMEM_DISCARDABLE equ 0F00h
1707LMEM_DISCARDED equ 4000h
1708LMEM_INVALID_HANDLE equ 8000h
1709;
1710LMEM_VALID_FLAGS equ 0F72h
1711;
1712NONZEROLHND equ LMEM_MOVEABLE
1713NONZEROLPTR equ LMEM_FIXED
1714;
1715LHND equ LMEM_ZEROINIT+LMEM_MOVEABLE
1716LPTR equ LMEM_ZEROINIT+LMEM_FIXED
1717;
1718;------------------------------------------------------------------------------
1719;
1720; ==================
1721; list view messages
1722; ==================
1723;
1724LVM_FIRST equ 1000h
1725;
1726LVM_GETBKCOLOR equ LVM_FIRST+000
1727LVM_SETBKCOLOR equ LVM_FIRST+001
1728LVM_GETIMAGELIST equ LVM_FIRST+002
1729LVM_SETIMAGELIST equ LVM_FIRST+003
1730LVM_GETITEMCOUNT equ LVM_FIRST+004
1731LVM_GETITEMA equ LVM_FIRST+005
1732LVM_SETITEMA equ LVM_FIRST+006
1733LVM_INSERTITEMA equ LVM_FIRST+007
1734LVM_DELETEITEM equ LVM_FIRST+008
1735LVM_DELETEALLITEMS equ LVM_FIRST+009
1736LVM_GETCALLBACKMASK equ LVM_FIRST+010
1737LVM_SETCALLBACKMASK equ LVM_FIRST+011
1738LVM_GETNEXTITEM equ LVM_FIRST+012
1739LVM_FINDITEMA equ LVM_FIRST+013
1740LVM_GETITEMRECT equ LVM_FIRST+014
1741LVM_SETITEMPOSITION equ LVM_FIRST+015
1742LVM_GETITEMPOSITION equ LVM_FIRST+016
1743LVM_GETSTRINGWIDTHA equ LVM_FIRST+017
1744LVM_HITTEST equ LVM_FIRST+018
1745LVM_ENSUREVISIBLE equ LVM_FIRST+019
1746LVM_SCROLL equ LVM_FIRST+020
1747LVM_REDRAWITEMS equ LVM_FIRST+021
1748LVM_ARRANGE equ LVM_FIRST+022
1749LVM_EDITLABELA equ LVM_FIRST+023
1750LVM_GETEDITCONTROL equ LVM_FIRST+024
1751LVM_GETCOLUMNA equ LVM_FIRST+025
1752LVM_SETCOLUMNA equ LVM_FIRST+026
1753LVM_INSERTCOLUMNA equ LVM_FIRST+027
1754LVM_DELETECOLUMN equ LVM_FIRST+028
1755LVM_GETCOLUMNWIDTH equ LVM_FIRST+029
1756LVM_SETCOLUMNWIDTH equ LVM_FIRST+030
1757LVM_CREATEDRAGIMAGE equ LVM_FIRST+033
1758LVM_GETVIEWRECT equ LVM_FIRST+034
1759LVM_GETTEXTCOLOR equ LVM_FIRST+035
1760LVM_SETTEXTCOLOR equ LVM_FIRST+036
1761LVM_GETTEXTBKCOLOR equ LVM_FIRST+037
1762LVM_SETTEXTBKCOLOR equ LVM_FIRST+038
1763LVM_GETTOPINDEX equ LVM_FIRST+039
1764LVM_GETCOUNTPERPAGE equ LVM_FIRST+040
1765LVM_GETORIGIN equ LVM_FIRST+041
1766LVM_UPDATE equ LVM_FIRST+042
1767LVM_SETITEMSTATE equ LVM_FIRST+043
1768LVM_GETITEMSTATE equ LVM_FIRST+044
1769LVM_GETITEMTEXTA equ LVM_FIRST+045
1770LVM_SETITEMTEXTA equ LVM_FIRST+046
1771LVM_SETITEMCOUNT equ LVM_FIRST+047
1772LVM_SORTITEMS equ LVM_FIRST+048
1773LVM_SETITEMPOSITION32 equ LVM_FIRST+049
1774LVM_GETSELECTEDCOUNT equ LVM_FIRST+050
1775LVM_GETITEMSPACING equ LVM_FIRST+051
1776LVM_GETISEARCHSTRINGA equ LVM_FIRST+052
1777;
1778LVM_GETITEMW equ LVM_FIRST+075
1779LVM_SETITEMW equ LVM_FIRST+076
1780LVM_INSERTITEMW equ LVM_FIRST+077
1781LVM_FINDITEMW equ LVM_FIRST+083
1782LVM_GETSTRINGWIDTHW equ LVM_FIRST+087
1783LVM_GETCOLUMNW equ LVM_FIRST+095
1784LVM_SETCOLUMNW equ LVM_FIRST+096
1785LVM_INSERTCOLUMNW equ LVM_FIRST+097
1786LVM_GETITEMTEXTW equ LVM_FIRST+115
1787LVM_SETITEMTEXTW equ LVM_FIRST+116
1788LVM_GETISEARCHSTRINGW equ LVM_FIRST+117
1789LVM_EDITLABELW equ LVM_FIRST+118
1790;
1791 if UNICODE
1792LVM_GETITEM equ LVM_GETITEMW
1793LVM_SETITEM equ LVM_SETITEMW
1794LVM_INSERTITEM equ LVM_INSERTITEMW
1795LVM_FINDITEM equ LVM_FINDITEMW
1796LVM_GETSTRINGWIDTH equ LVM_GETSTRINGWIDTHW
1797LVM_GETCOLUMN equ LVM_GETCOLUMNW
1798LVM_SETCOLUMN equ LVM_SETCOLUMNW
1799LVM_INSERTCOLUMN equ LVM_INSERTCOLUMNW
1800LVM_GETITEMTEXT equ LVM_GETITEMTEXTW
1801LVM_SETITEMTEXT equ LVM_SETITEMTEXTW
1802LVM_GETISEARCHSTRING equ LVM_GETISEARCHSTRINGW
1803LVM_EDITLABEL equ LVM_EDITLABELW
1804 else
1805LVM_GETITEM equ LVM_GETITEMA
1806LVM_SETITEM equ LVM_SETITEMA
1807LVM_INSERTITEM equ LVM_INSERTITEMA
1808LVM_FINDITEM equ LVM_FINDITEMA
1809LVM_GETSTRINGWIDTH equ LVM_GETSTRINGWIDTHA
1810LVM_GETCOLUMN equ LVM_GETCOLUMNA
1811LVM_SETCOLUMN equ LVM_SETCOLUMNA
1812LVM_INSERTCOLUMN equ LVM_INSERTCOLUMNA
1813LVM_GETITEMTEXT equ LVM_GETITEMTEXTA
1814LVM_SETITEMTEXT equ LVM_SETITEMTEXTA
1815LVM_GETISEARCHSTRING equ LVM_GETISEARCHSTRINGA
1816LVM_EDITLABEL equ LVM_EDITLABELA
1817 endif
1818;
1819;------------------------------------------------------------------------------
1820;
1821; =======================
1822; list view notifications
1823; =======================
1824;
1825LVN_FIRST equ -100
1826LVN_LAST equ LVN_FIRST-99
1827;
1828LVN_ITEMCHANGING equ LVN_FIRST-00
1829LVN_ITEMCHANGED equ LVN_FIRST-01
1830LVN_INSERTITEM equ LVN_FIRST-02
1831LVN_DELETEITEM equ LVN_FIRST-03
1832LVN_DELETEALLITEMS equ LVN_FIRST-04
1833LVN_BEGINLABELEDITA equ LVN_FIRST-05
1834LVN_ENDLABELEDITA equ LVN_FIRST-06
1835LVN_COLUMNCLICK equ LVN_FIRST-08
1836LVN_BEGINDRAG equ LVN_FIRST-09
1837LVN_BEGINRDRAG equ LVN_FIRST-11
1838LVN_GETDISPINFOA equ LVN_FIRST-50
1839LVN_SETDISPINFOA equ LVN_FIRST-51
1840;
1841LVN_BEGINLABELEDITW equ LVN_FIRST-75
1842LVN_ENDLABELEDITW equ LVN_FIRST-76
1843LVN_GETDISPINFOW equ LVN_FIRST-77
1844LVN_SETDISPINFOW equ LVN_FIRST-78
1845;
1846 if UNICODE
1847LVN_BEGINLABELEDIT equ LVN_BEGINLABELEDITW
1848LVN_ENDLABELEDIT equ LVN_ENDLABELEDITW
1849LVN_GETDISPINFO equ LVN_GETDISPINFOW
1850LVN_SETDISPINFO equ LVN_SETDISPINFOW
1851 else
1852LVN_BEGINLABELEDIT equ LVN_BEGINLABELEDITA
1853LVN_ENDLABELEDIT equ LVN_ENDLABELEDITA
1854LVN_GETDISPINFO equ LVN_GETDISPINFOA
1855LVN_SETDISPINFO equ LVN_SETDISPINFOA
1856 endif
1857;
1858;------------------------------------------------------------------------------
1859;
1860; ================
1861; list view styles
1862; ================
1863;
1864LVS_TYPEMASK equ 00000003h
1865LVS_ICON equ 00000000h
1866LVS_REPORT equ 00000001h
1867LVS_SMALLICON equ 00000002h
1868LVS_LIST equ 00000003h
1869;
1870LVS_SINGLESEL equ 00000004h
1871LVS_SHOWSELALWAYS equ 00000008h
1872LVS_SORTASCENDING equ 00000010h
1873LVS_SORTDESCENDING equ 00000020h
1874LVS_SHAREIMAGELISTS equ 00000040h
1875LVS_NOLABELWRAP equ 00000080h
1876LVS_AUTOARRANGE equ 00000100h
1877LVS_EDITLABELS equ 00000200h
1878;
1879LVS_TYPESTYLEMASK equ 0000FC00h
1880;
1881LVS_ALIGNMASK equ 00000C00h
1882LVS_ALIGNTOP equ 00000000h
1883LVS_OWNERDRAWFIXED equ 00000400h
1884LVS_ALIGNLEFT equ 00000800h
1885;
1886LVS_NOSCROLL equ 00002000h
1887LVS_NOCOLUMNHEADER equ 00004000h
1888LVS_NOSORTHEADER equ 00008000h
1889;
1890;------------------------------------------------------------------------------
1891;
1892; ==================
1893; MessageBox() flags
1894; ==================
1895;
1896MB_OK equ 00000000h
1897MB_OKCANCEL equ 00000001h
1898MB_ABORTRETRYIGNORE equ 00000002h
1899MB_YESNOCANCEL equ 00000003h
1900MB_YESNO equ 00000004h
1901MB_RETRYCANCEL equ 00000005h
1902;
1903MB_ICONHAND equ 00000010h
1904MB_ICONQUESTION equ 00000020h
1905MB_ICONEXCLAMATION equ 00000030h
1906MB_ICONASTERISK equ 00000040h
1907;
1908MB_ICONWARNING equ MB_ICONEXCLAMATION
1909MB_ICONERROR equ MB_ICONHAND
1910MB_ICONINFORMATION equ MB_ICONASTERISK
1911MB_ICONSTOP equ MB_ICONHAND
1912;
1913MB_DEFBUTTON1 equ 00000000h
1914MB_DEFBUTTON2 equ 00000100h
1915MB_DEFBUTTON3 equ 00000200h
1916MB_DEFBUTTON4 equ 00000300h
1917;
1918MB_APPLMODAL equ 00000000h
1919MB_SYSTEMMODAL equ 00001000h
1920MB_TASKMODAL equ 00002000h
1921MB_HELP equ 00004000h
1922MB_RIGHT equ 00080000h
1923MB_RTLREADING equ 00100000h
1924;
1925MB_NOFOCUS equ 00008000h
1926MB_SETFOREGROUND equ 00010000h
1927MB_DEFAULT_DESKTOP_ONLY equ 00020000h
1928MB_SERVICE_NOTIFICATION equ 00040000h
1929;
1930MB_TYPEMASK equ 0000000Fh
1931MB_USERICON equ 00000080h
1932MB_ICONMASK equ 000000F0h
1933MB_DEFMASK equ 00000F00h
1934MB_MODEMASK equ 00003000h
1935MB_MISCMASK equ 0000C000h
1936;
1937;------------------------------------------------------------------------------
1938;
1939; ==========
1940; menu flags
1941; ==========
1942;
1943MF_INSERT equ 00000000h
1944MF_CHANGE equ 00000080h
1945MF_APPEND equ 00000100h
1946MF_DELETE equ 00000200h
1947MF_REMOVE equ 00001000h
1948;
1949MF_BYCOMMAND equ 00000000h
1950MF_BYPOSITION equ 00000400h
1951;
1952MF_SEPARATOR equ 00000800h
1953;
1954MF_ENABLED equ 00000000h
1955MF_GRAYED equ 00000001h
1956MF_DISABLED equ 00000002h
1957;
1958MF_UNCHECKED equ 00000000h
1959MF_CHECKED equ 00000008h
1960MF_USECHECKBITMAPS equ 00000200h
1961;
1962MF_STRING equ 00000000h
1963MF_BITMAP equ 00000004h
1964MF_OWNERDRAW equ 00000100h
1965;
1966MF_POPUP equ 00000010h
1967MF_MENUBARBREAK equ 00000020h
1968MF_MENUBREAK equ 00000040h
1969;
1970MF_UNHILITE equ 00000000h
1971MF_HILITE equ 00000080h
1972;
1973MF_DEFAULT equ 00001000h
1974MF_SYSMENU equ 00002000h
1975MF_HELP equ 00004000h
1976MF_RIGHTJUSTIFY equ 00004000h
1977;
1978MF_MOUSESELECT equ 00008000h
1979MF_END equ 00000080h ;obsolete
1980;
1981MFT_STRING equ MF_STRING
1982MFT_BITMAP equ MF_BITMAP
1983MFT_MENUBARBREAK equ MF_MENUBARBREAK
1984MFT_MENUBREAK equ MF_MENUBREAK
1985MFT_OWNERDRAW equ MF_OWNERDRAW
1986MFT_RADIOCHECK equ 00000200h
1987MFT_SEPARATOR equ MF_SEPARATOR
1988MFT_RIGHTORDER equ 00002000h
1989MFT_RIGHTJUSTIFY equ MF_RIGHTJUSTIFY
1990;
1991MFS_GRAYED equ 00000003h
1992MFS_DISABLED equ MFS_GRAYED
1993MFS_CHECKED equ MF_CHECKED
1994MFS_HILITE equ MF_HILITE
1995MFS_ENABLED equ MF_ENABLED
1996MFS_UNCHECKED equ MF_UNCHECKED
1997MFS_UNHILITE equ MF_UNHILITE
1998MFS_DEFAULT equ MF_DEFAULT
1999;
2000;------------------------------------------------------------------------------
2001;
2002; ========================
2003; mouse message key states
2004; ========================
2005;
2006MK_LBUTTON equ 0001h
2007MK_RBUTTON equ 0002h
2008MK_SHIFT equ 0004h
2009MK_CONTROL equ 0008h
2010MK_MBUTTON equ 0010h
2011;
2012;------------------------------------------------------------------------------
2013;
2014; ==================
2015; owner draw actions
2016; ==================
2017;
2018ODA_DRAWENTIRE equ 0001h
2019ODA_SELECT equ 0002h
2020ODA_FOCUS equ 0004h
2021;
2022;------------------------------------------------------------------------------
2023;
2024; =================
2025; owner draw states
2026; =================
2027;
2028ODS_SELECTED equ 0001h
2029ODS_GRAYED equ 0002h
2030ODS_DISABLED equ 0004h
2031ODS_CHECKED equ 0008h
2032ODS_FOCUS equ 0010h
2033ODS_DEFAULT equ 0020h
2034ODS_COMBOBOXEDIT equ 1000h
2035;
2036;------------------------------------------------------------------------------
2037;
2038; ================
2039; owner draw types
2040; ================
2041;
2042ODT_MENU equ 1
2043ODT_LISTBOX equ 2
2044ODT_COMBOBOX equ 3
2045ODT_BUTTON equ 4
2046ODT_STATIC equ 5
2047;
2048;------------------------------------------------------------------------------
2049;
2050; ==================
2051; OPENFILENAME flags
2052; ==================
2053;
2054OFN_READONLY equ 00000001h
2055OFN_OVERWRITEPROMPT equ 00000002h
2056OFN_HIDEREADONLY equ 00000004h
2057OFN_NOCHANGEDIR equ 00000008h
2058OFN_SHOWHELP equ 00000010h
2059OFN_ENABLEHOOK equ 00000020h
2060OFN_ENABLETEMPLATE equ 00000040h
2061OFN_ENABLETEMPLATEHANDLE equ 00000080h
2062OFN_NOVALIDATE equ 00000100h
2063OFN_ALLOWMULTISELECT equ 00000200h
2064OFN_EXTENSIONDIFFERENT equ 00000400h
2065OFN_PATHMUSTEXIST equ 00000800h
2066OFN_FILEMUSTEXIST equ 00001000h
2067OFN_CREATEPROMPT equ 00002000h
2068OFN_SHAREAWARE equ 00004000h
2069OFN_NOREADONLYRETURN equ 00008000h
2070OFN_NOTESTFILECREATE equ 00010000h
2071OFN_NONETWORKBUTTON equ 00020000h
2072OFN_NOLONGNAMES equ 00040000h
2073OFN_EXPLORER equ 00080000h
2074OFN_NODEREFERENCELINKS equ 00100000h
2075OFN_LONGNAMES equ 00200000h
2076;
2077;------------------------------------------------------------------------------
2078;
2079; ==============================
2080; OPENFILENAME hook return codes
2081; ==============================
2082;
2083OFN_SHAREWARN equ 0
2084OFN_SHARENOWARN equ 1
2085OFN_SHAREFALLTHROUGH equ 2
2086;
2087;------------------------------------------------------------------------------
2088;
2089; ================
2090; pipe definitions
2091; ================
2092;
2093PIPE_ACCESS_INBOUND equ 00000001h
2094PIPE_ACCESS_OUTBOUND equ 00000002h
2095PIPE_ACCESS_DUPLEX equ 00000003h
2096;
2097PIPE_CLIENT_END equ 00000000h
2098PIPE_SERVER_END equ 00000001h
2099;
2100PIPE_WAIT equ 00000000h
2101PIPE_NOWAIT equ 00000001h
2102;
2103PIPE_READMODE_BYTE equ 00000000h
2104PIPE_READMODE_MESSAGE equ 00000002h
2105;
2106PIPE_TYPE_BYTE equ 00000000h
2107PIPE_TYPE_MESSAGE equ 00000004h
2108;
2109PIPE_UNLIMITED_INSTANCES equ 255
2110;
2111;------------------------------------------------------------------------------
2112;
2113; ====================
2114; process access flags
2115; ====================
2116;
2117PROCESS_TERMINATE equ 0001h
2118PROCESS_CREATE_THREAD equ 0002h
2119PROCESS_VM_OPERATION equ 0008h
2120PROCESS_VM_READ equ 0010h
2121PROCESS_VM_WRITE equ 0020h
2122PROCESS_DUP_HANDLE equ 0040h
2123PROCESS_CREATE_PROCESS equ 0080h
2124PROCESS_SET_QUOTA equ 0100h
2125PROCESS_SET_INFORMATION equ 0200h
2126PROCESS_QUERY_INFORMATION equ 0400h
2127;
2128PROCESS_ALL_ACCESS equ STANDARD_RIGHTS_REQUIRED+\
2129 SYNCHRONIZE+\
2130 0FFFh
2131;
2132;------------------------------------------------------------------------------
2133;
2134; ========================
2135; binary raster operations
2136; ========================
2137;
2138R2_BLACK equ 1 ;0
2139R2_NOTMERGEPEN equ 2 ;DPon
2140R2_MASKNOTPEN equ 3 ;DPna
2141R2_NOTCOPYPEN equ 4 ;PN
2142R2_MASKPENNOT equ 5 ;PDna
2143R2_NOT equ 6 ;Dn
2144R2_XORPEN equ 7 ;DPx
2145R2_NOTMASKPEN equ 8 ;DPan
2146R2_MASKPEN equ 9 ;DPa
2147R2_NOTXORPEN equ 10 ;DPxn
2148R2_NOP equ 11 ;D
2149R2_MERGENOTPEN equ 12 ;DPno
2150R2_COPYPEN equ 13 ;P
2151R2_MERGEPENNOT equ 14 ;PDno
2152R2_MERGEPEN equ 15 ;DPo
2153R2_WHITE equ 16 ;1
2154R2_LAST equ 16
2155;
2156;------------------------------------------------------------------------------
2157;
2158; =================
2159; network resources
2160; =================
2161;
2162RESOURCE_CONNECTED equ 00000001h
2163RESOURCE_GLOBALNET equ 00000002h
2164RESOURCE_REMEMBERED equ 00000003h
2165RESOURCE_RECENT equ 00000004h
2166RESOURCE_CONTEXT equ 00000005h
2167;
2168RESOURCETYPE_ANY equ 00000000h
2169RESOURCETYPE_DISK equ 00000001h
2170RESOURCETYPE_PRINT equ 00000002h
2171RESOURCETYPE_RESERVED equ 00000008h
2172RESOURCETYPE_UNKNOWN equ -1
2173;
2174RESOURCEUSAGE_CONNECTABLE equ 00000001h
2175RESOURCEUSAGE_CONTAINER equ 00000002h
2176RESOURCEUSAGE_NOLOCALDEVICE equ 00000004h
2177RESOURCEUSAGE_SIBLING equ 00000008h
2178RESOURCEUSAGE_RESERVED equ 80000000h
2179;
2180RESOURCEUSAGE_ALL equ RESOURCEUSAGE_CONNECTABLE+\
2181 RESOURCEUSAGE_CONTAINER
2182;
2183RESOURCEDISPLAYTYPE_GENERIC equ 00000000h
2184RESOURCEDISPLAYTYPE_DOMAIN equ 00000001h
2185RESOURCEDISPLAYTYPE_SERVER equ 00000002h
2186RESOURCEDISPLAYTYPE_SHARE equ 00000003h
2187RESOURCEDISPLAYTYPE_FILE equ 00000004h
2188RESOURCEDISPLAYTYPE_GROUP equ 00000005h
2189RESOURCEDISPLAYTYPE_NETWORK equ 00000006h
2190RESOURCEDISPLAYTYPE_ROOT equ 00000007h
2191RESOURCEDISPLAYTYPE_SHAREADMIN equ 00000008h
2192RESOURCEDISPLAYTYPE_DIRECTORY equ 00000009h
2193RESOURCEDISPLAYTYPE_TREE equ 0000000Ah
2194;
2195;------------------------------------------------------------------------------
2196;
2197; ==========
2198; rgb colors
2199; ==========
2200;
2201RGB_BLACK equ 00000000h
2202RGB_VDKGRAY32 equ 00202020h
2203RGB_DKGRAY equ 00404040h
2204RGB_SOLIDGRAY equ 00808080h
2205RGB_SOLIDLTGRAY equ 00C0C0C0h
2206RGB_EBONY equ 00E0E0E0h
2207RGB_BLUE equ 00FF0000h
2208RGB_GREEN equ 0000FF00h
2209RGB_RED equ 000000FFh
2210;
2211RGB_CYAN equ RGB_BLUE + RGB_GREEN
2212RGB_MAGENTA equ RGB_BLUE + RGB_RED
2213RGB_YELLOW equ RGB_GREEN + RGB_RED
2214RGB_WHITE equ RGB_BLUE + RGB_GREEN + RGB_RED
2215;
2216RGB_DKBLUE equ 00800000h
2217RGB_DKGREEN equ 00008000h
2218RGB_DKRED equ 00000080h
2219;
2220RGB_DKCYAN equ RGB_DKBLUE + RGB_DKGREEN
2221RGB_DKMAGENTA equ RGB_DKBLUE + RGB_DKRED
2222RGB_DKYELLOW equ RGB_DKGREEN + RGB_DKRED
2223;
2224;------------------------------------------------------------------------------
2225;
2226; ===================
2227; CombineRgn() styles
2228; ===================
2229;
2230RGN_AND equ 1
2231RGN_OR equ 2
2232RGN_XOR equ 3
2233RGN_DIFF equ 4
2234RGN_COPY equ 5
2235RGN_MIN equ RGN_AND
2236RGN_MAX equ RGN_COPY
2237;
2238;------------------------------------------------------------------------------
2239;
2240; ====================
2241; scroll bar constants
2242; ====================
2243;
2244SB_HORZ equ 0
2245SB_VERT equ 1
2246SB_CTL equ 2
2247SB_BOTH equ 3
2248;
2249;------------------------------------------------------------------------------
2250;
2251; ===================
2252; scroll bar commands
2253; ===================
2254;
2255SB_LINEUP equ 0
2256SB_LINELEFT equ 0
2257SB_LINEDOWN equ 1
2258SB_LINERIGHT equ 1
2259SB_PAGEUP equ 2
2260SB_PAGELEFT equ 2
2261SB_PAGEDOWN equ 3
2262SB_PAGERIGHT equ 3
2263SB_THUMBPOSITION equ 4
2264SB_THUMBTRACK equ 5
2265SB_TOP equ 6
2266SB_LEFT equ 6
2267SB_BOTTOM equ 7
2268SB_RIGHT equ 7
2269SB_ENDSCROLL equ 8
2270;
2271;------------------------------------------------------------------------------
2272;
2273; ===================
2274; status bar messages
2275; ===================
2276;
2277SB_SETTEXTA equ WM_USER+01
2278SB_GETTEXTA equ WM_USER+02
2279SB_GETTEXTLENGTHA equ WM_USER+03
2280SB_SETPARTS equ WM_USER+04
2281SB_GETPARTS equ WM_USER+06
2282SB_GETBORDERS equ WM_USER+07
2283SB_SETMINHEIGHT equ WM_USER+08
2284SB_SIMPLE equ WM_USER+09
2285SB_GETRECT equ WM_USER+10
2286SB_SETTEXTW equ WM_USER+11
2287SB_GETTEXTLENGTHW equ WM_USER+12
2288SB_GETTEXTW equ WM_USER+13
2289;
2290 if UNICODE
2291SB_GETTEXT equ SB_GETTEXTW
2292SB_SETTEXT equ SB_SETTEXTW
2293SB_GETTEXTLENGTH equ SB_GETTEXTLENGTHW
2294 else
2295SB_GETTEXT equ SB_GETTEXTA
2296SB_SETTEXT equ SB_SETTEXTA
2297SB_GETTEXTLENGTH equ SB_GETTEXTLENGTHA
2298 endif
2299;
2300;------------------------------------------------------------------------------
2301;
2302; ===================
2303; scroll bar messages
2304; ===================
2305;
2306SBM_SETPOS equ 00E0h
2307SBM_GETPOS equ 00E1h
2308SBM_SETRANGE equ 00E2h
2309SBM_GETRANGE equ 00E3h
2310SBM_ENABLE_ARROWS equ 00E4h
2311SBM_SETRANGEREDRAW equ 00E6h
2312SBM_SETSCROLLINFO equ 00E9h
2313SBM_GETSCROLLINFO equ 00EAh
2314;
2315;------------------------------------------------------------------------------
2316;
2317; =================
2318; scroll bar styles
2319; =================
2320;
2321SBS_HORZ equ 0000h
2322SBS_VERT equ 0001h
2323SBS_TOPALIGN equ 0002h
2324SBS_LEFTALIGN equ 0002h
2325SBS_BOTTOMALIGN equ 0004h
2326SBS_RIGHTALIGN equ 0004h
2327SBS_SIZEBOXTOPLEFTALIGN equ 0002h
2328SBS_SIZEBOXBOTTOMRIGHTALIGN equ 0004h
2329SBS_SIZEBOX equ 0008h
2330SBS_SIZEGRIP equ 0010h
2331;
2332;------------------------------------------------------------------------------
2333;
2334; ================
2335; status bar types
2336; ================
2337;
2338SBT_DEFAULT equ 0000h
2339SBT_NOBORDERS equ 0100h
2340SBT_POPOUT equ 0200h
2341SBT_RTLREADING equ 0400h
2342SBT_OWNERDRAW equ 1000h
2343;
2344;------------------------------------------------------------------------------
2345;
2346; ===================
2347; security attributes
2348; ===================
2349;
2350SECURITY_ANONYMOUS equ 00000000h
2351SECURITY_IDENTIFICATION equ 00010000h
2352SECURITY_IMPERSONATION equ 00020000h
2353SECURITY_DELEGATION equ 00030000h
2354;
2355SECURITY_CONTEXT_TRACKING equ 00040000h
2356SECURITY_EFFECTIVE_ONLY equ 00080000h
2357;
2358SECURITY_SQOS_PRESENT equ 00100000h
2359SECURITY_VALID_SQOS_FLAGS equ 001F0000h
2360;
2361;------------------------------------------------------------------------------
2362;
2363; =====================
2364; WM_SIZE wParam values
2365; =====================
2366;
2367SIZE_RESTORED equ 0
2368SIZE_MINIMIZED equ 1
2369SIZE_MAXIMIZED equ 2
2370SIZE_MAXSHOW equ 3
2371SIZE_MAXHIDE equ 4
2372;
2373SIZENORMAL equ SIZE_RESTORED
2374SIZEICONIC equ SIZE_MINIMIZED
2375SIZEFULLSCREEN equ SIZE_MAXIMIZED
2376SIZEZOOMSHOW equ SIZE_MAXSHOW
2377SIZEZOOMHIDE equ SIZE_MAXHIDE
2378;
2379;------------------------------------------------------------------------------
2380;
2381; ========================
2382; GetSystemMetrics() codes
2383; ========================
2384;
2385SM_CXSCREEN equ 0
2386SM_CYSCREEN equ 1
2387SM_CXVSCROLL equ 2
2388SM_CYHSCROLL equ 3
2389SM_CYCAPTION equ 4
2390SM_CXBORDER equ 5
2391SM_CYBORDER equ 6
2392SM_CXDLGFRAME equ 7
2393SM_CYDLGFRAME equ 8
2394SM_CYVTHUMB equ 9
2395SM_CXHTHUMB equ 10
2396SM_CXICON equ 11
2397SM_CYICON equ 12
2398SM_CXCURSOR equ 13
2399SM_CYCURSOR equ 14
2400SM_CYMENU equ 15
2401SM_CXFULLSCREEN equ 16
2402SM_CYFULLSCREEN equ 17
2403SM_CYKANJIWINDOW equ 18
2404SM_MOUSEPRESENT equ 19
2405SM_CYVSCROLL equ 20
2406SM_CXHSCROLL equ 21
2407SM_DEBUG equ 22
2408SM_SWAPBUTTON equ 23
2409SM_RESERVED1 equ 24
2410SM_RESERVED2 equ 25
2411SM_RESERVED3 equ 26
2412SM_RESERVED4 equ 27
2413SM_CXMIN equ 28
2414SM_CYMIN equ 29
2415SM_CXSIZE equ 30
2416SM_CYSIZE equ 31
2417SM_CXFRAME equ 32
2418SM_CYFRAME equ 33
2419SM_CXMINTRACK equ 34
2420SM_CYMINTRACK equ 35
2421SM_CXDOUBLECLK equ 36
2422SM_CYDOUBLECLK equ 37
2423SM_CXICONSPACING equ 38
2424SM_CYICONSPACING equ 39
2425SM_MENUDROPALIGNMENT equ 40
2426SM_PENWINDOWS equ 41
2427SM_DBCSENABLED equ 42
2428SM_CMOUSEBUTTONS equ 43
2429SM_SECURE equ 44
2430SM_CXEDGE equ 45
2431SM_CYEDGE equ 46
2432SM_CXMINSPACING equ 47
2433SM_CYMINSPACING equ 48
2434SM_CXSMICON equ 49
2435SM_CYSMICON equ 50
2436SM_CYSMCAPTION equ 51
2437SM_CXSMSIZE equ 52
2438SM_CYSMSIZE equ 53
2439SM_CXMENUSIZE equ 54
2440SM_CYMENUSIZE equ 55
2441SM_ARRANGE equ 56
2442SM_CXMINIMIZED equ 57
2443SM_CYMINIMIZED equ 58
2444SM_CXMAXTRACK equ 59
2445SM_CYMAXTRACK equ 60
2446SM_CXMAXIMIZED equ 61
2447SM_CYMAXIMIZED equ 62
2448SM_NETWORK equ 63
2449SM_CLEANBOOT equ 67
2450SM_CXDRAG equ 68
2451SM_CYDRAG equ 69
2452SM_SHOWSOUNDS equ 70
2453SM_CXMENUCHECK equ 71
2454SM_CYMENUCHECK equ 72
2455SM_SLOWMACHINE equ 73
2456SM_MIDEASTENABLED equ 74
2457;
2458SM_CXFIXEDFRAME equ SM_CXDLGFRAME
2459SM_CYFIXEDFRAME equ SM_CYDLGFRAME
2460SM_CXSIZEFRAME equ SM_CXFRAME
2461SM_CYSIZEFRAME equ SM_CYFRAME
2462;
2463;------------------------------------------------------------------------------
2464;
2465; =====================
2466; static control styles
2467; =====================
2468;
2469SS_LEFT equ 0000h
2470SS_CENTER equ 0001h
2471SS_RIGHT equ 0002h
2472SS_ICON equ 0003h
2473SS_BLACKRECT equ 0004h
2474SS_GRAYRECT equ 0005h
2475SS_WHITERECT equ 0006h
2476SS_BLACKFRAME equ 0007h
2477SS_GRAYFRAME equ 0008h
2478SS_WHITEFRAME equ 0009h
2479SS_USERITEM equ 000Ah
2480SS_SIMPLE equ 000Bh
2481SS_LEFTNOWORDWRAP equ 000Ch
2482SS_BITMAP equ 000Eh
2483SS_OWNERDRAW equ 000Dh
2484SS_ENHMETAFILE equ 000Fh
2485SS_ETCHEDHORZ equ 0010h
2486SS_ETCHEDVERT equ 0011h
2487SS_ETCHEDFRAME equ 0012h
2488SS_TYPEMASK equ 001Fh
2489SS_NOPREFIX equ 0080h
2490SS_NOTIFY equ 0100h
2491SS_CENTERIMAGE equ 0200h
2492SS_RIGHTJUST equ 0400h
2493SS_REALSIZEIMAGE equ 0800h
2494SS_SUNKEN equ 1000h
2495;
2496;------------------------------------------------------------------------------
2497;
2498; ================
2499; startup commands
2500; ================
2501;
2502STARTF_USESHOWWINDOW equ 00000001h
2503STARTF_USESIZE equ 00000002h
2504STARTF_USEPOSITION equ 00000004h
2505STARTF_USECOUNTCHARS equ 00000008h
2506STARTF_USEFILLATTRIBUTE equ 00000010h
2507STARTF_RUNFULLSCREEN equ 00000020h ;ignored for non-x86
2508STARTF_FORCEONFEEDBACK equ 00000040h
2509STARTF_FORCEOFFFEEDBACK equ 00000080h
2510STARTF_USESTDHANDLES equ 00000100h
2511STARTF_USEHOTKEY equ 00000200h
2512;
2513;------------------------------------------------------------------------------
2514;
2515; ============
2516; status codes
2517; ============
2518;
2519STATUS_WAIT_0 equ 000000000h
2520STATUS_ABANDONED_WAIT_0 equ 000000080h
2521STATUS_USER_APC equ 0000000C0h
2522STATUS_TIMEOUT equ 000000102h
2523STATUS_PENDING equ 000000103h
2524STATUS_SEGMENT_NOTIFICATION equ 040000005h
2525STATUS_GUARD_PAGE_VIOLATION equ 080000001h
2526STATUS_DATATYPE_MISALIGNMENT equ 080000002h
2527STATUS_BREAKPOINT equ 080000003h
2528STATUS_SINGLE_STEP equ 080000004h
2529STATUS_ACCESS_VIOLATION equ 0C0000005h
2530STATUS_IN_PAGE_ERROR equ 0C0000006h
2531STATUS_NO_MEMORY equ 0C0000017h
2532STATUS_ILLEGAL_INSTRUCTION equ 0C000001Dh
2533STATUS_NONCONTINUABLE_EXCEPTION equ 0C0000025h
2534STATUS_INVALID_DISPOSITION equ 0C0000026h
2535STATUS_ARRAY_BOUNDS_EXCEEDED equ 0C000008Ch
2536STATUS_FLOAT_DENORMAL_OPERAND equ 0C000008Dh
2537STATUS_FLOAT_DIVIDE_BY_ZERO equ 0C000008Eh
2538STATUS_FLOAT_INEXACT_RESULT equ 0C000008Fh
2539STATUS_FLOAT_INVALID_OPERATION equ 0C0000090h
2540STATUS_FLOAT_OVERFLOW equ 0C0000091h
2541STATUS_FLOAT_STACK_CHECK equ 0C0000092h
2542STATUS_FLOAT_UNDERFLOW equ 0C0000093h
2543STATUS_INTEGER_DIVIDE_BY_ZERO equ 0C0000094h
2544STATUS_INTEGER_OVERFLOW equ 0C0000095h
2545STATUS_PRIVILEGED_INSTRUCTION equ 0C0000096h
2546STATUS_STACK_OVERFLOW equ 0C00000FDh
2547STATUS_CONTROL_C_EXIT equ 0C000013Ah
2548;
2549;------------------------------------------------------------------------------
2550;
2551; ========================
2552; toolbar standard bitmaps
2553; ========================
2554;
2555STD_CUT equ 0
2556STD_COPY equ 1
2557STD_PASTE equ 2
2558STD_UNDO equ 3
2559STD_REDOW equ 4
2560STD_DELETE equ 5
2561STD_FILENEW equ 6
2562STD_FILEOPEN equ 7
2563STD_FILESAVE equ 8
2564STD_PRINTPRE equ 9
2565STD_PROPERTIES equ 10
2566STD_HELP equ 11
2567STD_FIND equ 12
2568STD_REPLACE equ 13
2569STD_PRINT equ 14
2570;
2571;------------------------------------------------------------------------------
2572;
2573; =====================
2574; standard file handles
2575; =====================
2576;
2577STD_INPUT_HANDLE equ -10
2578STD_OUTPUT_HANDLE equ -11
2579STD_ERROR_HANDLE equ -12
2580;
2581;------------------------------------------------------------------------------
2582;
2583; =====================
2584; ShowWindow() commands
2585; =====================
2586;
2587SW_HIDE equ 0
2588SW_SHOWNORMAL equ 1
2589SW_NORMAL equ 1
2590SW_SHOWMINIMIZED equ 2
2591SW_SHOWMAXIMIZED equ 3
2592SW_MAXIMIZE equ 3
2593SW_SHOWNOACTIVATE equ 4
2594SW_SHOW equ 5
2595SW_MINIMIZE equ 6
2596SW_SHOWMINNOACTIVE equ 7
2597SW_SHOWNA equ 8
2598SW_RESTORE equ 9
2599SW_SHOWDEFAULT equ 10
2600SW_MAX equ 10
2601;
2602;------------------------------------------------------------------------------
2603;
2604; ====================
2605; SetWindowPos() flags
2606; ====================
2607;
2608SWP_NOSIZE equ 0001h
2609SWP_NOMOVE equ 0002h
2610SWP_NOZORDER equ 0004h
2611SWP_NOREDRAW equ 0008h
2612SWP_NOACTIVATE equ 0010h
2613SWP_FRAMECHANGED equ 0020h
2614SWP_SHOWWINDOW equ 0040h
2615SWP_HIDEWINDOW equ 0080h
2616SWP_NOCOPYBITS equ 0100h
2617SWP_NOOWNERZORDER equ 0200h
2618SWP_NOSENDCHANGING equ 0400h
2619SWP_DEFERERASE equ 2000h
2620SWP_ASYNCWINDOWPOS equ 4000h
2621;
2622SWP_DRAWFRAME equ SWP_FRAMECHANGED
2623SWP_NOREPOSITION equ SWP_NOOWNERZORDER
2624;
2625;------------------------------------------------------------------------------
2626;
2627; ======================
2628; text alignment options
2629; ======================
2630;
2631TA_NOUPDATECP equ 0000h
2632TA_UPDATECP equ 0001h
2633;
2634TA_LEFT equ 0000h
2635TA_RIGHT equ 0002h
2636TA_CENTER equ 0006h
2637;
2638TA_TOP equ 0000h
2639TA_BOTTOM equ 0008h
2640TA_BASELINE equ 0018h
2641TA_RTLREADING equ 0100h
2642TA_MASK equ TA_BASELINE+TA_CENTER+TA_UPDATECP+\
2643 TA_RTLREADING
2644;
2645;------------------------------------------------------------------------------
2646;
2647; ================
2648; toolbar messages
2649; ================
2650;
2651TB_ENABLEBUTTON equ WM_USER+01
2652TB_CHECKBUTTON equ WM_USER+02
2653TB_PRESSBUTTON equ WM_USER+03
2654TB_HIDEBUTTON equ WM_USER+04
2655TB_INDETERMINATE equ WM_USER+05
2656TB_ISBUTTONENABLED equ WM_USER+09
2657TB_ISBUTTONCHECKED equ WM_USER+10
2658TB_ISBUTTONPRESSED equ WM_USER+11
2659TB_ISBUTTONHIDDEN equ WM_USER+12
2660TB_ISBUTTONINDETERMINATE equ WM_USER+13
2661TB_SETSTATE equ WM_USER+17
2662TB_GETSTATE equ WM_USER+18
2663TB_ADDBITMAP equ WM_USER+19
2664TB_ADDBUTTONS equ WM_USER+20
2665TB_INSERTBUTTON equ WM_USER+21
2666TB_DELETEBUTTON equ WM_USER+22
2667TB_GETBUTTON equ WM_USER+23
2668TB_BUTTONCOUNT equ WM_USER+24
2669TB_COMMANDTOINDEX equ WM_USER+25
2670TB_SAVERESTOREA equ WM_USER+26
2671TB_CUSTOMIZE equ WM_USER+27
2672TB_ADDSTRINGA equ WM_USER+28
2673TB_GETITEMRECT equ WM_USER+29
2674TB_BUTTONSTRUCTSIZE equ WM_USER+30
2675TB_SETBUTTONSIZE equ WM_USER+31
2676TB_SETBITMAPSIZE equ WM_USER+32
2677TB_AUTOSIZE equ WM_USER+33
2678TB_GETTOOLTIPS equ WM_USER+35
2679TB_SETTOOLTIPS equ WM_USER+36
2680TB_SETPARENT equ WM_USER+37
2681TB_SETROWS equ WM_USER+39
2682TB_GETROWS equ WM_USER+40
2683TB_GETBITMAPFLAGS equ WM_USER+41
2684TB_SETCMDID equ WM_USER+42
2685TB_CHANGEBITMAP equ WM_USER+43
2686TB_GETBITMAP equ WM_USER+44
2687TB_GETBUTTONTEXTA equ WM_USER+45
2688TB_REPLACEBITMAP equ WM_USER+46
2689;
2690TB_GETBUTTONTEXTW equ WM_USER+75
2691TB_SAVERESTOREW equ WM_USER+76
2692TB_ADDSTRINGW equ WM_USER+77
2693;
2694 if UNICODE
2695TB_GETBUTTONTEXT equ TB_GETBUTTONTEXTW
2696TB_SAVERESTORE equ TB_SAVERESTOREW
2697TB_ADDSTRING equ TB_ADDSTRINGW
2698 else
2699TB_GETBUTTONTEXT equ TB_GETBUTTONTEXTA
2700TB_SAVERESTORE equ TB_SAVERESTOREA
2701TB_ADDSTRING equ TB_ADDSTRINGA
2702 endif
2703;
2704;------------------------------------------------------------------------------
2705;
2706; =====================
2707; toolbar notifications
2708; =====================
2709;
2710TBN_FIRST equ -700
2711TBN_LAST equ TBN_FIRST-20
2712;
2713TBN_GETBUTTONINFOA equ TBN_FIRST-00
2714TBN_BEGINDRAG equ TBN_FIRST-01
2715TBN_ENDDRAG equ TBN_FIRST-02
2716TBN_BEGINADJUST equ TBN_FIRST-03
2717TBN_ENDADJUST equ TBN_FIRST-04
2718TBN_RESET equ TBN_FIRST-05
2719TBN_QUERYINSERT equ TBN_FIRST-06
2720TBN_QUERYDELETE equ TBN_FIRST-07
2721TBN_TOOLBARCHANGE equ TBN_FIRST-08
2722TBN_CUSTHELP equ TBN_FIRST-09
2723TBN_GETBUTTONINFOW equ TBN_FIRST-20
2724;
2725;------------------------------------------------------------------------------
2726;
2727; ==============
2728; toolbar states
2729; ==============
2730;
2731TBSTATE_CHECKED equ 0001h
2732TBSTATE_PRESSED equ 0002h
2733TBSTATE_ENABLED equ 0004h
2734TBSTATE_HIDDEN equ 0008h
2735TBSTATE_INDETERMINATE equ 0010h
2736TBSTATE_WRAP equ 0020h
2737;
2738;------------------------------------------------------------------------------
2739;
2740; ==============
2741; toolbar styles
2742; ==============
2743;
2744TBSTYLE_BUTTON equ 0000h
2745TBSTYLE_SEP equ 0001h
2746TBSTYLE_CHECK equ 0002h
2747TBSTYLE_GROUP equ 0004h
2748TBSTYLE_TOOLTIPS equ 0100h
2749TBSTYLE_WRAPABLE equ 0200h
2750TBSTYLE_ALTDRAG equ 0400h
2751;
2752TBSTYLE_CHECKGROUP equ TBSTYLE_GROUP+TBSTYLE_CHECK
2753;
2754;------------------------------------------------------------------------------
2755;
2756; ===================
2757; thread access flags
2758; ===================
2759;
2760THREAD_TERMINATE equ 0001h
2761THREAD_SUSPEND_RESUME equ 0002h
2762THREAD_GET_CONTEXT equ 0008h
2763THREAD_SET_CONTEXT equ 0010h
2764THREAD_SET_INFORMATION equ 0020h
2765THREAD_QUERY_INFORMATION equ 0040h
2766THREAD_SET_THREAD_TOKEN equ 0080h
2767THREAD_IMPERSONATE equ 0100h
2768THREAD_DIRECT_IMPERSONATION equ 0200h
2769;
2770THREAD_ALL_ACCESS equ STANDARD_RIGHTS_REQUIRED+\
2771 SYNCHRONIZE+\
2772 03FFh
2773;
2774;------------------------------------------------------------------------------
2775;
2776; =================
2777; thread priorities
2778; =================
2779;
2780THREAD_BASE_PRIORITY_IDLE equ -15
2781THREAD_BASE_PRIORITY_MIN equ -2
2782THREAD_BASE_PRIORITY_MAX equ 2
2783THREAD_BASE_PRIORITY_LOWRT equ 15
2784;
2785THREAD_PRIORITY_LOWEST equ THREAD_BASE_PRIORITY_MIN
2786THREAD_PRIORITY_BELOW_NORMAL equ THREAD_PRIORITY_LOWEST+1
2787THREAD_PRIORITY_NORMAL equ 0
2788THREAD_PRIORITY_ABOVE_NORMAL equ THREAD_PRIORITY_HIGHEST-1
2789THREAD_PRIORITY_HIGHEST equ THREAD_BASE_PRIORITY_MAX
2790;
2791THREAD_PRIORITY_TIME_CRITICAL equ THREAD_BASE_PRIORITY_LOWRT
2792THREAD_PRIORITY_IDLE equ THREAD_BASE_PRIORITY_IDLE
2793;
2794THREAD_PRIORITY_ERROR_RETURN equ -1
2795;
2796;------------------------------------------------------------------------------
2797;
2798; ==================
2799; tree view messages
2800; ==================
2801;
2802TVM_FIRST equ 1100h
2803TV_FIRST equ TVM_FIRST
2804;
2805TVM_INSERTITEMA equ TVM_FIRST+00
2806TVM_DELETEITEM equ TVM_FIRST+01
2807TVM_EXPAND equ TVM_FIRST+02
2808TVM_GETITEMRECT equ TVM_FIRST+04
2809TVM_GETCOUNT equ TVM_FIRST+05
2810TVM_GETINDENT equ TVM_FIRST+06
2811TVM_SETINDENT equ TVM_FIRST+07
2812TVM_GETIMAGELIST equ TVM_FIRST+08
2813TVM_SETIMAGELIST equ TVM_FIRST+09
2814TVM_GETNEXTITEM equ TVM_FIRST+10
2815TVM_SELECTITEM equ TVM_FIRST+11
2816TVM_GETITEMA equ TVM_FIRST+12
2817TVM_SETITEMA equ TVM_FIRST+13
2818TVM_EDITLABELA equ TVM_FIRST+14
2819TVM_GETEDITCONTROL equ TVM_FIRST+15
2820TVM_GETVISIBLECOUNT equ TVM_FIRST+16
2821TVM_HITTEST equ TVM_FIRST+17
2822TVM_CREATEDRAGIMAGE equ TVM_FIRST+18
2823TVM_SORTCHILDREN equ TVM_FIRST+19
2824TVM_ENSUREVISIBLE equ TVM_FIRST+20
2825TVM_SORTCHILDRENCB equ TVM_FIRST+21
2826TVM_ENDEDITLABELNOW equ TVM_FIRST+22
2827TVM_GETISEARCHSTRINGA equ TVM_FIRST+23
2828;
2829TVM_INSERTITEMW equ TVM_FIRST+50
2830TVM_GETITEMW equ TVM_FIRST+62
2831TVM_SETITEMW equ TVM_FIRST+63
2832TVM_GETISEARCHSTRINGW equ TVM_FIRST+64
2833TVM_EDITLABELW equ TVM_FIRST+65
2834;
2835 if UNICODE
2836TVM_INSERTITEM equ TVM_INSERTITEMW
2837TVM_GETITEM equ TVM_GETITEMW
2838TVM_SETITEM equ TVM_SETITEMW
2839TVM_GETISEARCHSTRING equ TVM_GETISEARCHSTRINGW
2840TVM_EDITLABEL equ TVM_EDITLABELW
2841 else
2842TVM_INSERTITEM equ TVM_INSERTITEMA
2843TVM_GETITEM equ TVM_GETITEMA
2844TVM_SETITEM equ TVM_SETITEMA
2845TVM_GETISEARCHSTRING equ TVM_GETISEARCHSTRINGA
2846TVM_EDITLABEL equ TVM_EDITLABELA
2847 endif
2848;
2849;------------------------------------------------------------------------------
2850;
2851; =======================
2852; tree view notifications
2853; =======================
2854;
2855TVN_FIRST equ -400
2856TVN_LAST equ TVN_FIRST-99
2857;
2858TVN_SELCHANGINGA equ TVN_FIRST-01
2859TVN_SELCHANGEDA equ TVN_FIRST-02
2860TVN_GETDISPINFOA equ TVN_FIRST-03
2861TVN_SETDISPINFOA equ TVN_FIRST-04
2862TVN_ITEMEXPANDINGA equ TVN_FIRST-05
2863TVN_ITEMEXPANDEDA equ TVN_FIRST-06
2864TVN_BEGINDRAGA equ TVN_FIRST-07
2865TVN_BEGINRDRAGA equ TVN_FIRST-08
2866TVN_DELETEITEMA equ TVN_FIRST-09
2867TVN_ENDLABELEDITA equ TVN_FIRST-11
2868TVN_KEYDOWN equ TVN_FIRST-12
2869;
2870TVN_SELCHANGINGW equ TVN_FIRST-50
2871TVN_SELCHANGEDW equ TVN_FIRST-51
2872TVN_GETDISPINFOW equ TVN_FIRST-52
2873TVN_SETDISPINFOW equ TVN_FIRST-53
2874TVN_ITEMEXPANDINGW equ TVN_FIRST-54
2875TVN_ITEMEXPANDEDW equ TVN_FIRST-55
2876TVN_BEGINDRAGW equ TVN_FIRST-56
2877TVN_BEGINRDRAGW equ TVN_FIRST-57
2878TVN_DELETEITEMW equ TVN_FIRST-58
2879TVN_BEGINLABELEDITA equ TVN_FIRST-10
2880TVN_BEGINLABELEDITW equ TVN_FIRST-59
2881TVN_ENDLABELEDITW equ TVN_FIRST-60
2882;
2883 if UNICODE
2884TVN_SELCHANGING equ TVN_SELCHANGINGW
2885TVN_SELCHANGED equ TVN_SELCHANGEDW
2886TVN_GETDISPINFO equ TVN_GETDISPINFOW
2887TVN_SETDISPINFO equ TVN_SETDISPINFOW
2888TVN_ITEMEXPANDING equ TVN_ITEMEXPANDINGW
2889TVN_ITEMEXPANDED equ TVN_ITEMEXPANDEDW
2890TVN_BEGINDRAG equ TVN_BEGINDRAGW
2891TVN_BEGINRDRAG equ TVN_BEGINRDRAGW
2892TVN_DELETEITEM equ TVN_DELETEITEMW
2893TVN_BEGINLABELEDIT equ TVN_BEGINLABELEDITW
2894TVN_ENDLABELEDIT equ TVN_ENDLABELEDITW
2895 else
2896TVN_SELCHANGING equ TVN_SELCHANGINGA
2897TVN_SELCHANGED equ TVN_SELCHANGEDA
2898TVN_GETDISPINFO equ TVN_GETDISPINFOA
2899TVN_SETDISPINFO equ TVN_SETDISPINFOA
2900TVN_ITEMEXPANDING equ TVN_ITEMEXPANDINGA
2901TVN_ITEMEXPANDED equ TVN_ITEMEXPANDEDA
2902TVN_BEGINDRAG equ TVN_BEGINDRAGA
2903TVN_BEGINRDRAG equ TVN_BEGINRDRAGA
2904TVN_DELETEITEM equ TVN_DELETEITEMA
2905TVN_BEGINLABELEDIT equ TVN_BEGINLABELEDITA
2906TVN_ENDLABELEDIT equ TVN_ENDLABELEDITA
2907 endif
2908;
2909;------------------------------------------------------------------------------
2910;
2911; ================
2912; tree view styles
2913; ================
2914;
2915TVS_HASBUTTONS equ 00000001h
2916TVS_HASLINES equ 00000002h
2917TVS_LINESATROOT equ 00000004h
2918TVS_EDITLABELS equ 00000008h
2919TVS_DISABLEDRAGDROP equ 00000010h
2920TVS_SHOWSELALWAYS equ 00000020h
2921;
2922;------------------------------------------------------------------------------
2923;
2924; ================
2925; os platform id's
2926; ================
2927;
2928VER_PLATFORM_WIN32s equ 0
2929VER_PLATFORM_WIN32_WINDOWS equ 1
2930VER_PLATFORM_WIN32_NT equ 2
2931;
2932;------------------------------------------------------------------------------
2933;
2934; ====================
2935; toolbar view bitmaps
2936; ====================
2937;
2938VIEW_LARGEICONS equ 0
2939VIEW_SMALLICONS equ 1
2940VIEW_LIST equ 2
2941VIEW_DETAILS equ 3
2942VIEW_SORTNAME equ 4
2943VIEW_SORTSIZE equ 5
2944VIEW_SORTDATE equ 6
2945VIEW_SORTTYPE equ 7
2946VIEW_PARENTFOLDER equ 8
2947VIEW_NETCONNECT equ 9
2948VIEW_NETDISCONNECT equ 10
2949VIEW_NEWFOLDER equ 11
2950;
2951;------------------------------------------------------------------------------
2952;
2953; =====================
2954; standard virtual keys
2955; =====================
2956;
2957VK_LBUTTON equ 01h
2958VK_RBUTTON equ 02h
2959VK_CANCEL equ 03h
2960VK_MBUTTON equ 04h
2961;
2962VK_BACK equ 08h
2963VK_TAB equ 09h
2964VK_CLEAR equ 0Ch
2965VK_RETURN equ 0Dh
2966VK_SHIFT equ 10h
2967VK_CONTROL equ 11h
2968VK_MENU equ 12h
2969VK_PAUSE equ 13h
2970VK_CAPITAL equ 14h
2971VK_ESCAPE equ 1Bh
2972;
2973VK_SPACE equ 20h
2974VK_PRIOR equ 21h
2975VK_NEXT equ 22h
2976VK_END equ 23h
2977VK_HOME equ 24h
2978VK_LEFT equ 25h
2979VK_UP equ 26h
2980VK_RIGHT equ 27h
2981VK_DOWN equ 28h
2982VK_SELECT equ 29h
2983VK_PRINT equ 2Ah
2984VK_EXECUTE equ 2Bh
2985VK_SNAPSHOT equ 2Ch
2986VK_INSERT equ 2Dh
2987VK_DELETE equ 2Eh
2988VK_HELP equ 2Fh
2989;
2990VK_LWIN equ 5Bh
2991VK_RWIN equ 5Ch
2992VK_APPS equ 5Dh
2993;
2994VK_NUMPAD0 equ 60h
2995VK_NUMPAD1 equ 61h
2996VK_NUMPAD2 equ 62h
2997VK_NUMPAD3 equ 63h
2998VK_NUMPAD4 equ 64h
2999VK_NUMPAD5 equ 65h
3000VK_NUMPAD6 equ 66h
3001VK_NUMPAD7 equ 67h
3002VK_NUMPAD8 equ 68h
3003VK_NUMPAD9 equ 69h
3004VK_MULTIPLY equ 6Ah
3005VK_ADD equ 6Bh
3006VK_SEPARATOR equ 6Ch
3007VK_SUBTRACT equ 6Dh
3008VK_DECIMAL equ 6Eh
3009VK_DIVIDE equ 6Fh
3010VK_F1 equ 70h
3011VK_F2 equ 71h
3012VK_F3 equ 72h
3013VK_F4 equ 73h
3014VK_F5 equ 74h
3015VK_F6 equ 75h
3016VK_F7 equ 76h
3017VK_F8 equ 77h
3018VK_F9 equ 78h
3019VK_F10 equ 79h
3020VK_F11 equ 7Ah
3021VK_F12 equ 7Bh
3022VK_F13 equ 7Ch
3023VK_F14 equ 7Dh
3024VK_F15 equ 7Eh
3025VK_F16 equ 7Fh
3026VK_F17 equ 80h
3027VK_F18 equ 81h
3028VK_F19 equ 82h
3029VK_F20 equ 83h
3030VK_F21 equ 84h
3031VK_F22 equ 85h
3032VK_F23 equ 86h
3033VK_F24 equ 87h
3034;
3035VK_NUMLOCK equ 90h
3036VK_SCROLL equ 91h
3037;
3038;------------------------------------------------------------------------------
3039;
3040; ====================
3041; special virtual keys
3042; ====================
3043;
3044VK_LSHIFT equ 0A0h
3045VK_RSHIFT equ 0A1h
3046VK_LCONTROL equ 0A2h
3047VK_RCONTROL equ 0A3h
3048VK_LMENU equ 0A4h
3049VK_RMENU equ 0A5h
3050;
3051VK_PROCESSKEY equ 0E5h
3052;
3053VK_ATTN equ 0F6h
3054VK_CRSEL equ 0F7h
3055VK_EXSEL equ 0F8h
3056VK_EREOF equ 0F9h
3057VK_PLAY equ 0FAh
3058VK_ZOOM equ 0FBh
3059VK_NONAME equ 0FCh
3060VK_PA1 equ 0FDh
3061VK_OEM_CLEAR equ 0FEh
3062;
3063;------------------------------------------------------------------------------
3064;
3065; =================
3066; wait status codes
3067; =================
3068;
3069WAIT_FAILED equ -1
3070WAIT_OBJECT_0 equ STATUS_WAIT_0
3071;
3072WAIT_ABANDONED equ STATUS_ABANDONED_WAIT_0
3073WAIT_ABANDONED_0 equ STATUS_ABANDONED_WAIT_0
3074;
3075WAIT_TIMEOUT equ STATUS_TIMEOUT
3076WAIT_IO_COMPLETION equ STATUS_USER_APC
3077STILL_ACTIVE equ STATUS_PENDING
3078;
3079MAXIMUM_WAIT_OBJECTS equ 64
3080MAXIMUM_SUSPEND_COUNT equ 127
3081INFINITE equ -1
3082;
3083;------------------------------------------------------------------------------
3084;
3085; ===============
3086; window messages
3087; ===============
3088;
3089WM_NULL equ 0000h
3090WM_CREATE equ 0001h
3091WM_DESTROY equ 0002h
3092WM_MOVE equ 0003h
3093WM_SIZE equ 0005h
3094WM_ACTIVATE equ 0006h
3095WM_SETFOCUS equ 0007h
3096WM_KILLFOCUS equ 0008h
3097WM_ENABLE equ 000Ah
3098WM_SETREDRAW equ 000Bh
3099WM_SETTEXT equ 000Ch
3100WM_GETTEXT equ 000Dh
3101WM_GETTEXTLENGTH equ 000Eh
3102WM_PAINT equ 000Fh
3103WM_CLOSE equ 0010h
3104WM_QUERYENDSESSION equ 0011h
3105WM_QUIT equ 0012h
3106WM_QUERYOPEN equ 0013h
3107WM_ERASEBKGND equ 0014h
3108WM_SYSCOLORCHANGE equ 0015h
3109WM_ENDSESSION equ 0016h
3110WM_SHOWWINDOW equ 0018h
3111WM_WININICHANGE equ 001Ah
3112WM_SETTINGCHANGE equ WM_WININICHANGE
3113WM_DEVMODECHANGE equ 001Bh
3114WM_ACTIVATEAPP equ 001Ch
3115WM_FONTCHANGE equ 001Dh
3116WM_TIMECHANGE equ 001Eh
3117WM_CANCELMODE equ 001Fh
3118WM_SETCURSOR equ 0020h
3119WM_MOUSEACTIVATE equ 0021h
3120WM_CHILDACTIVATE equ 0022h
3121WM_QUEUESYNC equ 0023h
3122WM_GETMINMAXINFO equ 0024h
3123WM_PAINTICON equ 0026h
3124WM_ICONERASEBKGND equ 0027h
3125WM_NEXTDLGCTL equ 0028h
3126WM_SPOOLERSTATUS equ 002Ah
3127WM_DRAWITEM equ 002Bh
3128WM_MEASUREITEM equ 002Ch
3129WM_DELETEITEM equ 002Dh
3130WM_VKEYTOITEM equ 002Eh
3131WM_CHARTOITEM equ 002Fh
3132WM_SETFONT equ 0030h
3133WM_GETFONT equ 0031h
3134WM_SETHOTKEY equ 0032h
3135WM_GETHOTKEY equ 0033h
3136WM_QUERYDRAGICON equ 0037h
3137WM_COMPAREITEM equ 0039h
3138WM_COMPACTING equ 0041h
3139WM_COMMNOTIFY equ 0044h ;no longer suported
3140WM_WINDOWPOSCHANGING equ 0046h
3141WM_WINDOWPOSCHANGED equ 0047h
3142WM_POWER equ 0048h
3143WM_COPYDATA equ 004Ah
3144WM_CANCELJOURNAL equ 004Bh
3145WM_NOTIFY equ 004Eh
3146WM_INPUTLANGCHANGEREQUEST equ 0050h
3147WM_INPUTLANGCHANGE equ 0051h
3148WM_TCARD equ 0052h
3149WM_HELP equ 0053h
3150WM_USERCHANGED equ 0054h
3151WM_NOTIFYFORMAT equ 0055h
3152WM_CONTEXTMENU equ 007Bh
3153WM_STYLECHANGING equ 007Ch
3154WM_STYLECHANGED equ 007Dh
3155WM_DISPLAYCHANGE equ 007Eh
3156WM_GETICON equ 007Fh
3157WM_SETICON equ 0080h
3158WM_NCCREATE equ 0081h
3159WM_NCDESTROY equ 0082h
3160WM_NCCALCSIZE equ 0083h
3161WM_NCHITTEST equ 0084h
3162WM_NCPAINT equ 0085h
3163WM_NCACTIVATE equ 0086h
3164WM_GETDLGCODE equ 0087h
3165;
3166WM_NCMOUSEMOVE equ 00A0h
3167WM_NCLBUTTONDOWN equ 00A1h
3168WM_NCLBUTTONUP equ 00A2h
3169WM_NCLBUTTONDBLCLK equ 00A3h
3170WM_NCRBUTTONDOWN equ 00A4h
3171WM_NCRBUTTONUP equ 00A5h
3172WM_NCRBUTTONDBLCLK equ 00A6h
3173WM_NCMBUTTONDOWN equ 00A7h
3174WM_NCMBUTTONUP equ 00A8h
3175WM_NCMBUTTONDBLCLK equ 00A9h
3176;
3177WM_KEYFIRST equ 0100h
3178WM_KEYDOWN equ 0100h
3179WM_KEYUP equ 0101h
3180WM_CHAR equ 0102h
3181WM_DEADCHAR equ 0103h
3182WM_SYSKEYDOWN equ 0104h
3183WM_SYSKEYUP equ 0105h
3184WM_SYSCHAR equ 0106h
3185WM_SYSDEADCHAR equ 0107h
3186WM_KEYLAST equ 0108h
3187;
3188WM_IME_STARTCOMPOSITION equ 010Dh
3189WM_IME_ENDCOMPOSITION equ 010Eh
3190WM_IME_COMPOSITION equ 010Fh
3191WM_IME_KEYLAST equ 010Fh
3192WM_INITDIALOG equ 0110h
3193WM_COMMAND equ 0111h
3194WM_SYSCOMMAND equ 0112h
3195WM_TIMER equ 0113h
3196WM_HSCROLL equ 0114h
3197WM_VSCROLL equ 0115h
3198WM_INITMENU equ 0116h
3199WM_INITMENUPOPUP equ 0117h
3200WM_MENUSELECT equ 011Fh
3201WM_MENUCHAR equ 0120h
3202WM_ENTERIDLE equ 0121h
3203WM_CTLCOLORMSGBOX equ 0132h
3204WM_CTLCOLOREDIT equ 0133h
3205WM_CTLCOLORLISTBOX equ 0134h
3206WM_CTLCOLORBTN equ 0135h
3207WM_CTLCOLORDLG equ 0136h
3208WM_CTLCOLORSCROLLBAR equ 0137h
3209WM_CTLCOLORSTATIC equ 0138h
3210;
3211WM_MOUSEFIRST equ 0200h
3212WM_MOUSEMOVE equ 0200h
3213WM_LBUTTONDOWN equ 0201h
3214WM_LBUTTONUP equ 0202h
3215WM_LBUTTONDBLCLK equ 0203h
3216WM_RBUTTONDOWN equ 0204h
3217WM_RBUTTONUP equ 0205h
3218WM_RBUTTONDBLCLK equ 0206h
3219WM_MBUTTONDOWN equ 0207h
3220WM_MBUTTONUP equ 0208h
3221WM_MBUTTONDBLCLK equ 0209h
3222WM_MOUSELAST equ 0209h
3223;
3224WM_PARENTNOTIFY equ 0210h
3225WM_ENTERMENULOOP equ 0211h
3226WM_EXITMENULOOP equ 0212h
3227WM_NEXTMENU equ 0213h
3228WM_SIZING equ 0214h
3229WM_CAPTURECHANGED equ 0215h
3230WM_MOVING equ 0216h
3231WM_POWERBROADCAST equ 0218h
3232WM_DEVICECHANGE equ 0219h
3233WM_MDICREATE equ 0220h
3234WM_MDIDESTROY equ 0221h
3235WM_MDIACTIVATE equ 0222h
3236WM_MDIRESTORE equ 0223h
3237WM_MDINEXT equ 0224h
3238WM_MDIMAXIMIZE equ 0225h
3239WM_MDITILE equ 0226h
3240WM_MDICASCADE equ 0227h
3241WM_MDIICONARRANGE equ 0228h
3242WM_MDIGETACTIVE equ 0229h
3243WM_MDISETMENU equ 0230h
3244WM_ENTERSIZEMOVE equ 0231h
3245WM_EXITSIZEMOVE equ 0232h
3246WM_DROPFILES equ 0233h
3247WM_MDIREFRESHMENU equ 0234h
3248;
3249WM_IME_SETCONTEXT equ 0281h
3250WM_IME_NOTIFY equ 0282h
3251WM_IME_CONTROL equ 0283h
3252WM_IME_COMPOSITIONFULL equ 0284h
3253WM_IME_SELECT equ 0285h
3254WM_IME_CHAR equ 0286h
3255WM_IME_KEYDOWN equ 0290h
3256WM_IME_KEYUP equ 0291h
3257;
3258WM_CUT equ 0300h
3259WM_COPY equ 0301h
3260WM_PASTE equ 0302h
3261WM_CLEAR equ 0303h
3262WM_UNDO equ 0304h
3263WM_RENDERFORMAT equ 0305h
3264WM_RENDERALLFORMATS equ 0306h
3265WM_DESTROYCLIPBOARD equ 0307h
3266WM_DRAWCLIPBOARD equ 0308h
3267WM_PAINTCLIPBOARD equ 0309h
3268WM_VSCROLLCLIPBOARD equ 030Ah
3269WM_SIZECLIPBOARD equ 030Bh
3270WM_ASKCBFORMATNAME equ 030Ch
3271WM_CHANGECBCHAIN equ 030Dh
3272WM_HSCROLLCLIPBOARD equ 030Eh
3273WM_QUERYNEWPALETTE equ 030Fh
3274WM_PALETTEISCHANGING equ 0310h
3275WM_PALETTECHANGED equ 0311h
3276WM_HOTKEY equ 0312h
3277WM_PRINT equ 0317h
3278WM_PRINTCLIENT equ 0318h
3279;
3280WM_HANDHELDFIRST equ 0358h
3281WM_HANDHELDLAST equ 035Fh
3282;
3283WM_AFXFIRST equ 0360h
3284WM_AFXLAST equ 037Fh
3285;
3286WM_PENWINFIRST equ 0380h
3287WM_PENWINLAST equ 038Fh
3288;
3289WM_DDE_FIRST equ 03E0h
3290WM_DDE_INITIATE equ WM_DDE_FIRST
3291WM_DDE_TERMINATE equ WM_DDE_FIRST+1
3292WM_DDE_ADVISE equ WM_DDE_FIRST+2
3293WM_DDE_UNADVISE equ WM_DDE_FIRST+3
3294WM_DDE_ACK equ WM_DDE_FIRST+4
3295WM_DDE_DATA equ WM_DDE_FIRST+5
3296WM_DDE_REQUEST equ WM_DDE_FIRST+6
3297WM_DDE_POKE equ WM_DDE_FIRST+7
3298WM_DDE_EXECUTE equ WM_DDE_FIRST+8
3299WM_DDE_LAST equ 03E8h
3300;
3301WM_USER equ 0400h
3302WM_APP equ 8000h
3303;
3304;------------------------------------------------------------------------------
3305;
3306; ====================
3307; WNet*() status codes
3308; ====================
3309;
3310WN_SUCCESS equ NO_ERROR
3311WN_NO_ERROR equ NO_ERROR
3312;
3313WN_NOT_SUPPORTED equ ERROR_NOT_SUPPORTED
3314WN_CANCEL equ ERROR_CANCELLED
3315WN_RETRY equ ERROR_RETRY
3316WN_NET_ERROR equ ERROR_UNEXP_NET_ERR
3317WN_MORE_DATA equ ERROR_MORE_DATA
3318WN_BAD_POINTER equ ERROR_INVALID_ADDRESS
3319WN_BAD_VALUE equ ERROR_INVALID_PARAMETER
3320WN_BAD_USER equ ERROR_BAD_USERNAME
3321WN_BAD_PASSWORD equ ERROR_INVALID_PASSWORD
3322WN_ACCESS_DENIED equ ERROR_ACCESS_DENIED
3323WN_FUNCTION_BUSY equ ERROR_BUSY
3324WN_WINDOWS_ERROR equ ERROR_UNEXP_NET_ERR
3325WN_OUT_OF_MEMORY equ ERROR_NOT_ENOUGH_MEMORY
3326WN_NO_NETWORK equ ERROR_NO_NETWORK
3327WN_EXTENDED_ERROR equ ERROR_EXTENDED_ERROR
3328WN_BAD_LEVEL equ ERROR_INVALID_LEVEL
3329WN_BAD_HANDLE equ ERROR_INVALID_HANDLE
3330WN_NOT_INITIALIZING equ ERROR_ALREADY_INITIALIZED
3331WN_NO_MORE_DEVICES equ ERROR_NO_MORE_DEVICES
3332;
3333WN_NOT_CONNECTED equ ERROR_NOT_CONNECTED
3334WN_OPEN_FILES equ ERROR_OPEN_FILES
3335WN_DEVICE_IN_USE equ ERROR_DEVICE_IN_USE
3336WN_BAD_NETNAME equ ERROR_BAD_NET_NAME
3337WN_BAD_LOCALNAME equ ERROR_BAD_DEVICE
3338WN_ALREADY_CONNECTED equ ERROR_ALREADY_ASSIGNED
3339WN_DEVICE_ERROR equ ERROR_GEN_FAILURE
3340WN_CONNECTION_CLOSED equ ERROR_CONNECTION_UNAVAIL
3341WN_NO_NET_OR_BAD_PATH equ ERROR_NO_NET_OR_BAD_PATH
3342WN_BAD_PROVIDER equ ERROR_BAD_PROVIDER
3343WN_CANNOT_OPEN_PROFILE equ ERROR_CANNOT_OPEN_PROFILE
3344WN_BAD_PROFILE equ ERROR_BAD_PROFILE
3345WN_BAD_DEV_TYPE equ ERROR_BAD_DEV_TYPE
3346WN_DEVICE_ALREADY_REMEMBERED equ ERROR_DEVICE_ALREADY_REMEMBERED
3347;
3348WN_NO_MORE_ENTRIES equ ERROR_NO_MORE_ITEMS
3349WN_NOT_CONTAINER equ ERROR_NOT_CONTAINER
3350;
3351WN_NOT_AUTHENTICATED equ ERROR_NOT_AUTHENTICATED
3352WN_NOT_LOGGED_ON equ ERROR_NOT_LOGGED_ON
3353WN_NOT_VALIDATED equ ERROR_NO_LOGON_SERVERS
3354;
3355;------------------------------------------------------------------------------
3356;
3357; =============
3358; network types
3359; =============
3360;
3361WNNC_NET_MSNET equ 00010000h
3362WNNC_NET_LANMAN equ 00020000h
3363WNNC_NET_NETWARE equ 00030000h
3364WNNC_NET_VINES equ 00040000h
3365WNNC_NET_10NET equ 00050000h
3366WNNC_NET_LOCUS equ 00060000h
3367WNNC_NET_SUN_PC_NFS equ 00070000h
3368WNNC_NET_LANSTEP equ 00080000h
3369WNNC_NET_9TILES equ 00090000h
3370WNNC_NET_LANTASTIC equ 000A0000h
3371WNNC_NET_AS400 equ 000B0000h
3372WNNC_NET_FTP_NFS equ 000C0000h
3373WNNC_NET_PATHWORKS equ 000D0000h
3374WNNC_NET_LIFENET equ 000E0000h
3375WNNC_NET_POWERLAN equ 000F0000h
3376WNNC_NET_BWNFS equ 00100000h
3377WNNC_NET_COGENT equ 00110000h
3378WNNC_NET_FARALLON equ 00120000h
3379WNNC_NET_APPLETALK equ 00130000h
3380;
3381;------------------------------------------------------------------------------
3382;
3383; =============
3384; window styles
3385; =============
3386;
3387WS_OVERLAPPED equ 00000000h
3388WS_TABSTOP equ 00010000h
3389WS_GROUP equ 00020000h
3390WS_MAXIMIZEBOX equ 00010000h
3391WS_MINIMIZEBOX equ 00020000h
3392WS_THICKFRAME equ 00040000h
3393WS_SYSMENU equ 00080000h
3394WS_HSCROLL equ 00100000h
3395WS_VSCROLL equ 00200000h
3396WS_DLGFRAME equ 00400000h
3397WS_BORDER equ 00800000h
3398WS_MAXIMIZE equ 01000000h
3399WS_CLIPCHILDREN equ 02000000h
3400WS_CLIPSIBLINGS equ 04000000h
3401WS_DISABLED equ 08000000h
3402WS_VISIBLE equ 10000000h
3403WS_MINIMIZE equ 20000000h
3404WS_CHILD equ 40000000h
3405WS_POPUP equ 80000000h
3406;
3407WS_CAPTION equ WS_BORDER+WS_DLGFRAME
3408WS_POPUPWINDOW equ WS_POPUP+WS_BORDER+WS_SYSMENU
3409WS_MODAL equ WS_CAPTION+WS_SYSMENU+WS_VISIBLE
3410WS_MODELESS equ WS_CAPTION+WS_SYSMENU+WS_VISIBLE
3411WS_CONTROL equ WS_CHILD+WS_VISIBLE
3412WS_OVERLAPPEDWINDOW equ WS_OVERLAPPED+WS_CAPTION+WS_SYSMENU+\
3413 WS_THICKFRAME+WS_MINIMIZEBOX+\
3414 WS_MAXIMIZEBOX
3415;
3416WS_TILED equ WS_OVERLAPPED
3417WS_CHILDWINDOW equ WS_CHILD
3418WS_ICONIC equ WS_MINIMIZE
3419WS_SIZEBOX equ WS_THICKFRAME
3420WS_TILEDWINDOW equ WS_OVERLAPPEDWINDOW
3421;
3422;------------------------------------------------------------------------------
3423;
3424; ======================
3425; extended window styles
3426; ======================
3427;
3428WS_EX_NONE equ 00000000h
3429WS_EX_DLGMODALFRAME equ 00000001h
3430WS_EX_NOPARENTNOTIFY equ 00000004h
3431WS_EX_TOPMOST equ 00000008h
3432WS_EX_ACCEPTFILES equ 00000010h
3433WS_EX_TRANSPARENT equ 00000020h
3434WS_EX_MDICHILD equ 00000040h
3435WS_EX_TOOLWINDOW equ 00000080h
3436WS_EX_WINDOWEDGE equ 00000100h
3437WS_EX_CLIENTEDGE equ 00000200h
3438WS_EX_CONTEXTHELP equ 00000400h
3439WS_EX_RIGHT equ 00001000h
3440WS_EX_LEFT equ 00000000h
3441WS_EX_RTLREADING equ 00002000h
3442WS_EX_LTRREADING equ 00000000h
3443WS_EX_LEFTSCROLLBAR equ 00004000h
3444WS_EX_RIGHTSCROLLBAR equ 00000000h
3445WS_EX_CONTROLPARENT equ 00010000h
3446WS_EX_STATICEDGE equ 00020000h
3447WS_EX_APPWINDOW equ 00040000h
3448;
3449WS_EX_OVERLAPPEDWINDOW equ 00000300h
3450WS_EX_PALETTEWINDOW equ 00000188h
3451;
3452;------------------------------------------------------------------------------
3453;
3454; ================
3455; background modes
3456; ================
3457;
3458TRANSPARENT equ 1
3459OPAQUE equ 2
3460BKMODE_LAST equ 2
3461;
3462;------------------------------------------------------------------------------
3463;
3464; ====================
3465; CreateFile() actions
3466; ====================
3467;
3468CREATE_NEW equ 1
3469CREATE_ALWAYS equ 2
3470OPEN_EXISTING equ 3
3471OPEN_ALWAYS equ 4
3472TRUNCATE_EXISTING equ 5
3473;
3474;------------------------------------------------------------------------------
3475;
3476; =====================
3477; CreateProcess() flags
3478; =====================
3479;
3480DEBUG_PROCESS equ 00000001h
3481DEBUG_ONLY_THIS_PROCESS equ 00000002h
3482CREATE_SUSPENDED equ 00000004h
3483DETACHED_PROCESS equ 00000008h
3484CREATE_NEW_CONSOLE equ 00000010h
3485NORMAL_PRIORITY_CLASS equ 00000020h
3486IDLE_PRIORITY_CLASS equ 00000040h
3487HIGH_PRIORITY_CLASS equ 00000080h
3488REALTIME_PRIORITY_CLASS equ 00000100h
3489;
3490CREATE_NEW_PROCESS_GROUP equ 00000200h
3491CREATE_UNICODE_ENVIRONMENT equ 00000400h
3492CREATE_SEPARATE_WOW_VDM equ 00000800h
3493CREATE_SHARED_WOW_VDM equ 00001000h
3494CREATE_DEFAULT_ERROR_MODE equ 04000000h
3495CREATE_NO_WINDOW equ 08000000h
3496;
3497PROFILE_USER equ 10000000h
3498PROFILE_KERNEL equ 20000000h
3499PROFILE_SERVER equ 40000000h
3500;
3501;------------------------------------------------------------------------------
3502;
3503; ===============
3504; gdi error codes
3505; ===============
3506;
3507GDI_ERROR equ -1
3508HGDI_ERROR equ -1
3509;
3510;------------------------------------------------------------------------------
3511;
3512; =================
3513; memory attributes
3514; =================
3515;
3516PAGE_NOACCESS equ 00000001h
3517PAGE_READONLY equ 00000002h
3518PAGE_READWRITE equ 00000004h
3519PAGE_WRITECOPY equ 00000008h
3520PAGE_EXECUTE equ 00000010h
3521PAGE_EXECUTE_READ equ 00000020h
3522PAGE_EXECUTE_READWRITE equ 00000040h
3523PAGE_EXECUTE_WRITECOPY equ 00000080h
3524PAGE_GUARD equ 00000100h
3525PAGE_NOCACHE equ 00000200h
3526;
3527MEM_COMMIT equ 00001000h
3528MEM_RESERVE equ 00002000h
3529MEM_DECOMMIT equ 00004000h
3530MEM_RELEASE equ 00008000h
3531MEM_FREE equ 00010000h
3532MEM_PRIVATE equ 00020000h
3533MEM_MAPPED equ 00040000h
3534MEM_TOP_DOWN equ 00100000h
3535;
3536SEC_FILE equ 00800000h
3537SEC_IMAGE equ 01000000h
3538SEC_RESERVE equ 04000000h
3539SEC_COMMIT equ 08000000h
3540SEC_NOCACHE equ 10000000h
3541;
3542MEM_IMAGE equ SEC_IMAGE
3543;
3544SECTION_QUERY equ 00000001h
3545SECTION_MAP_WRITE equ 00000002h
3546SECTION_MAP_READ equ 00000004h
3547SECTION_MAP_EXECUTE equ 00000008h
3548SECTION_EXTEND_SIZE equ 00000010h
3549;
3550SECTION_ALL_ACCESS equ STANDARD_RIGHTS_REQUIRED+\
3551 SECTION_QUERY+\
3552 SECTION_MAP_WRITE+\
3553 SECTION_MAP_READ+\
3554 SECTION_MAP_EXECUTE+\
3555 SECTION_EXTEND_SIZE
3556;
3557FILE_MAP_COPY equ SECTION_QUERY
3558FILE_MAP_WRITE equ SECTION_MAP_WRITE
3559FILE_MAP_READ equ SECTION_MAP_READ
3560FILE_MAP_ALL_ACCESS equ SECTION_ALL_ACCESS
3561;
3562;------------------------------------------------------------------------------
3563;
3564; ================
3565; PolyFill() modes
3566; ================
3567;
3568ALTERNATE equ 1
3569WINDING equ 2
3570POLYFILL_LAST equ 2
3571;
3572;------------------------------------------------------------------------------
3573;
3574; ============
3575; region flags
3576; ============
3577;
3578ERROR equ 0
3579NULLREGION equ 1
3580SIMPLEREGION equ 2
3581COMPLEXREGION equ 3
3582RGN_ERROR equ ERROR
3583;
3584;------------------------------------------------------------------------------
3585;
3586; =====================
3587; standard access types
3588; =====================
3589;
3590DELETE equ 00010000h
3591READ_CONTROL equ 00020000h
3592WRITE_DAC equ 00040000h
3593WRITE_OWNER equ 00080000h
3594SYNCHRONIZE equ 00100000h
3595;
3596SPECIFIC_RIGHTS_ALL equ 0000FFFFh
3597STANDARD_RIGHTS_REQUIRED equ 000F0000h
3598STANDARD_RIGHTS_ALL equ 001F0000h
3599;
3600STANDARD_RIGHTS_READ equ READ_CONTROL
3601STANDARD_RIGHTS_WRITE equ READ_CONTROL
3602STANDARD_RIGHTS_EXECUTE equ READ_CONTROL
3603;
3604;------------------------------------------------------------------------------
3605;
3606; =====================
3607; stock logical objects
3608; =====================
3609;
3610WHITE_BRUSH equ 0
3611LTGRAY_BRUSH equ 1
3612GRAY_BRUSH equ 2
3613DKGRAY_BRUSH equ 3
3614BLACK_BRUSH equ 4
3615NULL_BRUSH equ 5
3616WHITE_PEN equ 6
3617BLACK_PEN equ 7
3618NULL_PEN equ 8
3619OEM_FIXED_FONT equ 10
3620ANSI_FIXED_FONT equ 11
3621ANSI_VAR_FONT equ 12
3622SYSTEM_FONT equ 13
3623DEVICE_DEFAULT_FONT equ 14
3624DEFAULT_PALETTE equ 15
3625SYSTEM_FIXED_FONT equ 16
3626DEFAULT_GUI_FONT equ 17
3627;
3628HOLLOW_BRUSH equ NULL_BRUSH
3629;
3630;------------------------------------------------------------------------------
3631;
3632; ==================
3633; StretchBlt() modes
3634; ==================
3635;
3636BLACKONWHITE equ 1
3637WHITEONBLACK equ 2
3638COLORONCOLOR equ 3
3639HALFTONE equ 4
3640MAXSTRETCHBLTMODE equ 4
3641;
3642STRETCH_ANDSCANS equ BLACKONWHITE
3643STRETCH_ORSCANS equ WHITEONBLACK
3644STRETCH_DELETESCANS equ COLORONCOLOR
3645STRETCH_HALFTONE equ HALFTONE
3646;
3647;------------------------------------------------------------------------------
3648;
3649; =========================
3650; ternary raster operations
3651; =========================
3652;
3653SRCCOPY equ 00CC0020h ;dest = src
3654SRCPAINT equ 00EE0086h ;dest = src or dest
3655SRCAND equ 008800C6h ;dest = src and dest
3656SRCINVERT equ 00660046h ;dest = src xor dest
3657SRCERASE equ 00440328h ;dest = src and -dest
3658NOTSRCCOPY equ 00330008h ;dest = -src
3659NOTSRCERASE equ 001100A6h ;dest = -src and -dest
3660MERGECOPY equ 00C000CAh ;dest = src and pat
3661MERGEPAINT equ 00BB0226h ;dest = -src or dest
3662PATCOPY equ 00F00021h ;dest = pat
3663PATPAINT equ 00FB0A09h ;dest = DPSnoo
3664PATINVERT equ 005A0049h ;dest = pat xor dest
3665DSTINVERT equ 00550009h ;dest = -dest
3666BLACKNESS equ 00000042h ;dest = black
3667WHITENESS equ 00FF0062h ;dest = white
3668;
3669;;==============================================================================
3670;
3671; STRUCTURES
3672;
3673;==============================================================================
3674;
3675STARTUPINFOA STRUCT
3676 cb DWORD ?
3677 lpReserved LPSTR ?
3678 lpDesktop LPSTR ?
3679 lpTitle LPSTR ?
3680 dwX DWORD ?
3681 dwY DWORD ?
3682 dwXSize DWORD ?
3683 dwYSize DWORD ?
3684 dwXCountChars DWORD ?
3685 dwYCountChars DWORD ?
3686 dwFillAttribute DWORD ?
3687 dwFlags DWORD ?
3688 wShowWindow WORD ?
3689 cbReserved2 WORD ?
3690 lpReserved2 LPBYTE ?
3691 hStdInput HANDLE ?
3692 hStdOutput HANDLE ?
3693 hStdError HANDLE ?
3694STARTUPINFOA ENDS
3695
3696
3697
3698
3699;
3700BITMAPFILEHEADER struct
3701bf_bfType WORD 0 ;file type
3702bf_bfSize DWORD 0 ;file size
3703bf_bfReserved1 WORD 0 ;(reserved)
3704bf_bfReserved2 WORD 0 ;(reserved)
3705bf_bfOffBits DWORD 0 ;data offset
3706BITMAPFILEHEADER ends
3707BITMAPFILEHEADER_ equ 2+4+2+2+4
3708;
3709;------------------------------------------------------------------------------
3710;
3711BITMAPINFOHEADER struct
3712bi_biSize DWORD 0 ;structure size
3713bi_biWidth LONG 0 ;bitmap width
3714bi_biHeight LONG 0 ;bitmap height
3715bi_biPlanes WORD 0 ;number of color planes
3716bi_biBitCount WORD 0 ;number of bits per pixel
3717bi_biCompression DWORD 0 ;compression type
3718bi_biSizeImage DWORD 0 ;number of data bytes
3719bi_biXPelsPerMeter LONG 0 ;horizontal resolution
3720bi_biYPelsPerMeter LONG 0 ;vertical resolution
3721bi_biClrUsed DWORD 0 ;number of used colors
3722bi_biClrImportant DWORD 0 ;number of important colors
3723BITMAPINFOHEADER ends
3724BITMAPINFOHEADER_ equ 4+4+4+2+2+4+4+4+4+4+4
3725;
3726;------------------------------------------------------------------------------
3727;
3728BITMAP struct
3729bm_bmType LONG 0 ;bitmap type
3730bm_bmWidth LONG 0 ;bitmap width
3731bm_bmHeight LONG 0 ;bitmap height
3732bm_bmWidthBytes LONG 0 ;bytes per scan line
3733bm_bmPlanes WORD 0 ;number of color planes
3734bm_bmBitsPixel WORD 0 ;number of bits per pixel
3735bm_bmBits LPVOID 0 ;data pointer
3736BITMAP ends
3737BITMAP_ equ 4+4+4+4+2+2+4
3738;
3739;------------------------------------------------------------------------------
3740;
3741COPYDATASTRUCT struct
3742cd_dwData DWORD 0 ;32-bit data
3743cd_cbData DWORD 0 ;number of data bytes
3744cd_lpData PVOID 0 ;data bytes
3745COPYDATASTRUCT ends
3746COPYDATASTRUCT_ equ 4+4+4
3747;
3748;------------------------------------------------------------------------------
3749;
3750CONTEXT struct
3751;
3752cx_ContextFlags DWORD 0 ;context flags
3753;
3754; CONTEXT_DEBUG_REGISTERS
3755;
3756cx_Dr0 DWORD 0 ;debug register #0
3757cx_Dr1 DWORD 0 ;debug register #1
3758cx_Dr2 DWORD 0 ;debug register #2
3759cx_Dr3 DWORD 0 ;debug register #3
3760cx_Dr6 DWORD 0 ;debug register #6
3761cx_Dr7 DWORD 0 ;debug register #7
3762;
3763; CONTEXT_FLOATING_POINT
3764;
3765cx_ControlWord DWORD 0 ;fpu context
3766cx_StatusWord DWORD 0
3767cx_TagWord DWORD 0
3768cx_ErrorOffset DWORD 0
3769cx_ErrorSelector DWORD 0
3770cx_DataOffset DWORD 0
3771cx_DataSelector DWORD 0
3772cx_RegisterArea BYTE SIZE_OF_80387_REGISTERS dup (0)
3773cx_Cr0NpxState DWORD 0
3774;
3775; CONTEXT_SEGMENTS
3776;
3777cx_SegGs DWORD 0 ;gs register
3778cx_SegFs DWORD 0 ;fs register
3779cx_SegEs DWORD 0 ;es register
3780cx_SegDs DWORD 0 ;ds register
3781;
3782; CONTEXT_INTEGER
3783;
3784cx_Edi DWORD 0 ;edi register
3785cx_Esi DWORD 0 ;esi register
3786cx_Ebx DWORD 0 ;ebx register
3787cx_Edx DWORD 0 ;edx register
3788cx_Ecx DWORD 0 ;ecx register
3789cx_Eax DWORD 0 ;eax register
3790;
3791; CONTEXT_CONTROL
3792;
3793cx_Ebp DWORD 0 ;ebp register
3794cx_Eip DWORD 0 ;eip register
3795cx_SegCs DWORD 0 ;cs register
3796cx_EFlags DWORD 0 ;eflags register
3797cx_Esp DWORD 0 ;esp register
3798cx_SegSs DWORD 0 ;ss register
3799;
3800CONTEXT ends
3801;
3802CONTEXT_FLAGS_ equ 4
3803CONTEXT_DEBUG_REGISTERS_ equ 4+4+4+4+4+4
3804CONTEXT_FLOATING_POINT_ equ 4+4+4+4+4+4+4+SIZE_OF_80387_REGISTERS+4
3805CONTEXT_SEGMENTS_ equ 4+4+4+4
3806CONTEXT_INTEGER_ equ 4+4+4+4+4+4
3807CONTEXT_CONTROL_ equ 4+4+4+4+4+4
3808;
3809CONTEXT_FULL_ equ CONTEXT_FLAGS_+\
3810 CONTEXT_SEGMENTS_+\
3811 CONTEXT_INTEGER_+\
3812 CONTEXT_CONTROL_
3813;
3814;------------------------------------------------------------------------------
3815;
3816DIALOGATTRIBUTES struct
3817da_Palette DWORD 0 ;palette pointer
3818da_TextBox DWORD 0 ;text box list pointer
3819DIALOGATTRIBUTES ends
3820DIALOGATTRIBUTES_ equ 4+4
3821;
3822;------------------------------------------------------------------------------
3823;
3824DIALOGPALETTE struct
3825dp_DlgText COLORREF 0 ;dialog text color
3826dp_DlgBk COLORREF 0 ;dialog background color
3827dp_StaticText COLORREF 0 ;static text color
3828dp_StaticBk COLORREF 0 ;static background color
3829dp_TextBoxText COLORREF 0 ;text box text color
3830dp_TextBoxBk COLORREF 0 ;text box background color
3831dp_EditText COLORREF 0 ;edit text color
3832dp_EditBk COLORREF 0 ;edit background color
3833dp_ListBoxText COLORREF 0 ;list box text color
3834dp_ListBoxBk COLORREF 0 ;list box background color
3835DIALOGPALETTE ends
3836DIALOGPALETTE_ equ 4+4+4+4+4+4+4+4+4+4
3837;
3838;------------------------------------------------------------------------------
3839;
3840DIALOGRECORD struct
3841dr_hWnd HWND 0 ;dialog window handle
3842dr_fModeless BOOL FALSE ;mode flag
3843dr_Attributes DWORD 0 ;dialog window attributes list
3844dr_Data DWORD 0 ;dialog data
3845dr_hDlgBrush HBRUSH 0 ;dialog brush handle
3846dr_hStaticBrush HBRUSH 0 ;static brush handle
3847dr_hTextBoxBrush HBRUSH 0 ;text box brush handle
3848dr_hEditBrush HBRUSH 0 ;edit brush handle
3849dr_hListBoxBrush HBRUSH 0 ;list box brush handle
3850DIALOGRECORD ends
3851DIALOGRECORD_ equ 4+4+4+4+4+4+4+4+4
3852;
3853;------------------------------------------------------------------------------
3854;
3855WIN32_FIND_DATA_ equ 4+8+8+8+4+4+4+4+(MAX_PATH*CHAR_)+(14*CHAR_)
3856WIN32_FIND_DATA struct
3857fd_dwFileAttributes DWORD 0 ;file attributes
3858fd_ftCreationTime DWORD 0, 0 ;time of file creation
3859fd_ftLastAccessTime DWORD 0, 0 ;time of last file access
3860fd_ftLastWriteTime DWORD 0, 0 ;time of last write access
3861fd_nFileSizeHigh DWORD 0 ;high-order word of file size
3862fd_nFileSizeLow DWORD 0 ;low-order word of file size
3863fd_dwReserved0 DWORD 0 ;(reserved)
3864fd_dwReserved1 DWORD 0 ;(reserved)
3865fd_cFileName CHAR MAX_PATH dup(0) ;matching file name
3866fd_cAlternateFileName CHAR 14 dup(0) ;8.3 alias name
3867WIN32_FIND_DATA ends
3868;
3869;------------------------------------------------------------------------------
3870;
3871BY_HANDLE_FILE_INFORMATION struct
3872fi_dwFileAttributes DWORD 0 ;file attributes
3873fi_ftCreationTime DWORD 0, 0 ;time of file creation
3874fi_ftLastAccessTime DWORD 0, 0 ;time of last file access
3875fi_ftLastWriteTime DWORD 0, 0 ;time of last write access
3876fi_dwVolumeSerialNumber DWORD 0 ;volume serial number
3877fi_nFileSizeHigh DWORD 0 ;high-order word of file size
3878fi_nFileSizeLow DWORD 0 ;low-order word of file size
3879fi_nNumberOfLinks DWORD 0 ;number of links to the file
3880fi_nFileIndexHigh DWORD 0 ;high-order word of identifier
3881fi_nFileIndexLow DWORD 0 ;low-order word of identifier
3882BY_HANDLE_FILE_INFORMATION ends
3883BY_HANDLE_FILE_INFORMATION_ equ 4+8+8+8+4+4+4+4+4+4
3884;
3885;------------------------------------------------------------------------------
3886;
3887FILETIME struct
3888ft_dwLowDateTime DWORD 0 ;low-order 32 bits
3889ft_dwHighDateTime DWORD 0 ;high-order 32 bits
3890FILETIME ends
3891FILETIME_ equ 4+4
3892;
3893;------------------------------------------------------------------------------
3894;
3895MSG struct
3896ms_hwnd HWND 0 ;window handle
3897ms_message UINT 0 ;message id
3898ms_wParam WPARAM 0 ;additional parameter
3899ms_lParam LPARAM 0 ;additional parameter
3900ms_time DWORD 0 ;time stamp
3901ms_x LONGINT 0 ;x coordinate
3902ms_y LONGINT 0 ;y coordinate
3903MSG ends
3904MSG_ equ 4+4+4+4+4+4+4
3905;
3906;------------------------------------------------------------------------------
3907;
3908NETRESOURCE struct
3909nr_dwScope DWORD 0 ;resource scope
3910nr_dwType DWORD 0 ;resource type
3911nr_dwDisplayType DWORD 0 ;display type
3912nr_dwUsage DWORD 0 ;resource usage
3913nr_lpLocalName LPSTR 0 ;redirected local device
3914nr_lpRemoteName LPSTR 0 ;remote name
3915nr_lpComment LPSTR 0 ;provider supplied comment
3916nr_lpProvider LPSTR 0 ;name of provider
3917NETRESOURCE ends
3918NETRESOURCE_ equ 4+4+4+4+4+4+4+4
3919;
3920;------------------------------------------------------------------------------
3921;
3922OFSTRUCT_ equ 1+1+2+2+2+OFS_MAXPATHNAME
3923OFSTRUCT struct
3924of_cBytes BYTE 0 ;structure size
3925of_fFixedDisk BYTE 0 ;fixed-disk flag
3926of_nErrCode WORD 0 ;error code
3927of_Reserved1 WORD 0 ;(reserved)
3928of_Reserved2 WORD 0 ;(reserved)
3929of_szPathName BYTE OFS_MAXPATHNAME dup (0) ;path name
3930OFSTRUCT ends
3931;
3932;------------------------------------------------------------------------------
3933;
3934OPENFILENAME_ equ 4+4+4+4+4+4+4+4+4+4+4+4+4+4+2+2+4+4+4+4
3935OPENFILENAME struct
3936on_lStructSize DWORD OPENFILENAME_ ;number of bytes
3937on_hwndOwner HWND 0 ;dialog box owner
3938on_hInstance HINSTANCE 0 ;dialog box template id
3939on_lpstrFilter LPCSTR 0 ;filter strings
3940on_lpstrCustomFilter LPSTR 0 ;user-defined filter stings
3941on_nMaxCustFilter DWORD 0 ;size of custom filter buffer
3942on_nFilterIndex DWORD 0 ;index into the filter buffer
3943on_lpstrFile LPSTR 0 ;default file name buffer
3944on_nMaxFile DWORD 0 ;size of the file name buffer
3945on_lpstrFileTitle LPSTR 0 ;file title buffer
3946on_nMaxFileTitle DWORD 0 ;size of the file title buffer
3947on_lpstrInitialDir LPCSTR 0 ;initial directory
3948on_lpstrTitle LPCSTR 0 ;dialog box title
3949on_Flags DWORD 0 ;dialog box creation flags
3950on_nFileOffset WORD 0 ;file name offset in lpstrFile
3951on_nFileExtension WORD 0 ;file ext offset in lpstrFile
3952on_lpstrDefExt LPCSTR 0 ;default extension
3953on_lCustData LPARAM 0 ;application-defined hook data
3954on_lpfnHook LPFN 0 ;hook function
3955on_lpTemplateName LPCSTR 0 ;dialog box template name
3956OPENFILENAME ends
3957;
3958;------------------------------------------------------------------------------
3959;
3960OSVERSIONINFO_ equ 4+4+4+4+4+(128*CHAR_)
3961OSVERSIONINFO struct
3962ov_dwOSVersionInfoSize DWORD OSVERSIONINFO_ ;structure size
3963ov_dwMajorVersion DWORD 0 ;major version number
3964ov_dwMinorVersion DWORD 0 ;minor version number
3965ov_dwBuildNumber DWORD 0 ;build number
3966ov_dwPlatformId DWORD 0 ;platform id
3967ov_szCSDVersion CHAR 128 dup (0) ;info string
3968OSVERSIONINFO ends
3969;
3970;------------------------------------------------------------------------------
3971;
3972PAINTSTRUCT struct
3973ps_hdc HDC 0 ;device context handle
3974ps_fErase BOOL FALSE ;background erase flag
3975ps_leftPaint LONGINT 0 ;left margin of clipping rect
3976ps_topPaint LONGINT 0 ;top margin of clipping rect
3977ps_rightPaint LONGINT 0 ;right margin of clipping rect
3978ps_bottomPaint LONGINT 0 ;bottom margin of clipping rect
3979ps_fRestore BOOL FALSE ;(reserved)
3980ps_fIncUpdate BOOL FALSE ;(reserved)
3981ps_rgbReserved BYTE 32 dup (0) ;(reserved)
3982PAINTSTRUCT ends
3983PAINTSTRUCT_ equ 4+4+4+4+4+4+4+4+32
3984;
3985;------------------------------------------------------------------------------
3986;
3987PROCESS_INFORMATION struct
3988pi_hProcess HANDLE 0 ;process handle
3989pi_hThread HANDLE 0 ;thread handle
3990pi_dwProcessId DWORD 0 ;process id
3991pi_dwThreadId DWORD 0 ;thread id
3992PROCESS_INFORMATION ends
3993PROCESS_INFORMATION_ equ 4+4+4+4
3994;
3995;------------------------------------------------------------------------------
3996;
3997POINT struct
3998pt_x LONGINT 0 ;x coordinate
3999pt_y LONGINT 0 ;y coordinate
4000POINT ends
4001POINT_ equ 4+4
4002;
4003;------------------------------------------------------------------------------
4004;
4005RECT struct
4006rc_left LONGINT 0 ;left margin
4007rc_top LONGINT 0 ;top margin
4008rc_right LONGINT 0 ;right margin
4009rc_bottom LONGINT 0 ;bottom margin
4010RECT ends
4011RECT_ equ 4+4+4+4
4012;
4013;------------------------------------------------------------------------------
4014;
4015RGBQUAD struct
4016rq_rgbBlue BYTE 0 ;intensity of blue component
4017rq_rgbGreen BYTE 0 ;intensity of green component
4018rq_rgbRed BYTE 0 ;intensity of red component
4019rq_rgbReserved BYTE 0 ;(reserved)
4020RGBQUAD ends
4021RGBQUAD_ equ 1+1+1+1
4022;
4023;------------------------------------------------------------------------------
4024;
4025SECURITY_ATTRIBUTES_ equ 4+4+4
4026SECURITY_ATTRIBUTES struct
4027sa_nLength DWORD SECURITY_ATTRIBUTES_ ;structure size
4028sa_lpSecurityDescriptor LPVOID 0 ;security descriptor
4029sa_bInheritHandle BOOL FALSE ;handle inheritance flag
4030SECURITY_ATTRIBUTES ends
4031;
4032;------------------------------------------------------------------------------
4033;
4034STARTUPINFO struct
4035si_cb DWORD 0 ;structure size
4036si_lpReserved LPSTR 0 ;(reserved)
4037si_lpDesktop LPSTR 0 ;desktop name
4038sl_lpTitle LPSTR 0 ;console window title
4039si_dwX DWORD 0 ;window origin (column)
4040si_dwY DWORD 0 ;window origin (row)
4041si_dwXSize DWORD 0 ;window width
4042si_dwYSize DWORD 0 ;window height
4043si_dwXCountChars DWORD 0 ;screen buffer width
4044si_dwYCountChars DWORD 0 ;screen buffer height
4045si_dwFillAttribute DWORD 0 ;console window initialization
4046si_dwFlags DWORD 0 ;structure member flags
4047si_wShowWindow WORD 0 ;ShowWindow() parameter
4048si_cbReserved2 WORD 0 ;(reserved)
4049si_lpReserved2 LPBYTE 0 ;(reserved)
4050si_hStdInput HANDLE 0 ;standard input handle
4051si_hStdOutput HANDLE 0 ;standard output handle
4052si_hStdError HANDLE 0 ;standard error handle
4053STARTUPINFO ends
4054STARTUPINFO_ equ 4+4+4+4+4+4+4+4+4+4+4+4+2+2+4+4+4+4
4055;
4056;------------------------------------------------------------------------------
4057;
4058SYSTEMTIME struct
4059st_wYear WORD 0 ;current year
4060st_wMonth WORD 0 ;current month (1..12)
4061st_wDayOfWeek WORD 0 ;day of week (0 = sunday)
4062st_wDay WORD 0 ;current day of the month
4063st_wHour WORD 0 ;current hour
4064st_wMinute WORD 0 ;current minute
4065st_wSecond WORD 0 ;current second
4066st_wMilliseconds WORD 0 ;current millisecond
4067SYSTEMTIME ends
4068SYSTEMTIME_ equ 2+2+2+2+2+2+2+2
4069;
4070;------------------------------------------------------------------------------
4071;
4072TBADDBITMAP struct
4073ta_hInst HINSTANCE 0 ;resource module instance
4074ta_nID UINT 0 ;resource id
4075TBADDBITMAP ends
4076TBADDBITMAP_ equ 4+4
4077;
4078;------------------------------------------------------------------------------
4079;
4080TBBUTTON struct
4081tb_iBitmap INTEGER 0 ;zero-based button image index
4082tb_idCommand INTEGER 0 ;button command id
4083tb_fsState BYTE 0 ;button state flags
4084tb_fsStyle BYTE 0 ;button style
4085tb_bReserved BYTE 0, 0 ;(reserved)
4086tb_dwData DWORD 0 ;application defined value
4087tb_iString INTEGER 0 ;zero-based button string index
4088TBBUTTON ends
4089TBBUTTON_ equ 4+4+1+1+(1+1)+4+4
4090;
4091;------------------------------------------------------------------------------
4092;
4093TEXTMETRIC struct
4094tm_tmHeight LONGINT 0 ;char height (ascent+descent)
4095tm_tmAscent LONGINT 0 ;units above baseline
4096tm_tmDescent LONGINT 0 ;units below baseline
4097tm_tmInternalLeading LONGINT 0 ;space included in tmHeight
4098tm_tmExternalLeading LONGINT 0 ;extra space between rows
4099tm_tmAveCharWidth LONGINT 0 ;average character width ('x')
4100tm_tmMaxCharWidth LONGINT 0 ;maximum character width
4101tm_tmWeight LONGINT 0 ;font weight
4102tm_tmOverhang LONGINT 0 ;italic flag
4103tm_tmDigitizedAspectX LONGINT 0 ;horizontal device aspect
4104tm_tmDigitizedAspectY LONGINT 0 ;vertical device aspect
4105tm_tmFirstChar CHAR 0 ;first font character value
4106tm_tmLastChar CHAR 0 ;last font character value
4107tm_tmDefaultChar CHAR 0 ;default substitution character
4108tm_tmBreakChar CHAR 0 ;word break character
4109tm_tmItalic BYTE 0 ;italic font
4110tm_tmUnderlined BYTE 0 ;underline font
4111tm_tmStruckOut BYTE 0 ;strikeout font
4112tm_tmPitchAndFamily BYTE 0 ;font pitch/family
4113tm_tmCharSet BYTE 0 ;font character set
4114TEXTMETRIC ends
4115TEXTMETRIC_ equ 4+4+4+4+4+4+4+4+4+4+4+\
4116 CHAR_+CHAR_+CHAR_+CHAR_+\
4117 1+1+1+1+1
4118;
4119;------------------------------------------------------------------------------
4120;
4121WNDCLASS struct
4122w_style UINT 0 ;class style
4123w_lpfnWndProc WNDPROC 0 ;window procedure
4124w_cbClsExtra INTEGER 0 ;class extra data
4125w_cbWndExtra INTEGER 0 ;window extra data
4126w_hInstance HINSTANCE 0 ;class owner
4127w_hIcon HICON 0 ;icon handle
4128w_hCursor HCURSOR 0 ;cursor handle
4129w_hbrBackground HBRUSH 0 ;background color
4130w_lpszMenuName LPCSTR 0 ;menu name
4131w_lpszClassName LPCSTR 0 ;class name
4132WNDCLASS ends
4133WNDCLASS_ equ 4+4+4+4+4+4+4+4+4+4
4134;
4135;------------------------------------------------------------------------------
4136;
4137WNDPARAMETERS struct
4138wp_hWnd HWND 0 ;window handle
4139wp_FontId DWORD 0 ;font id
4140wp_TextColor COLORREF 0 ;text color
4141wp_BkColor COLORREF 0 ;background color
4142wp_BkMode DWORD 0 ;background mode
4143WNDPARAMETERS ends
4144WNDPARAMETERS_ equ 4+4+4+4+4
4145;
4146;==============================================================================
4147;
4148; DDE STRUCTURES
4149;
4150;==============================================================================
4151;
4152DDEACK struct
4153ddeack_Status WORD 0 ;status
4154DDEACK ends
4155DDEACK_ equ 2
4156;
4157;------------------------------------------------------------------------------
4158;
4159DDEADVISE struct
4160ddeadvise_Status WORD 0 ;status
4161ddeadvise_cfFormat WORD 0 ;clipboard data format
4162DDEADVISE ends
4163DDEADVISE_ equ 2+2
4164;
4165;------------------------------------------------------------------------------
4166;
4167DDEDATA struct
4168ddedata_Status WORD 0 ;status
4169ddedata_cfFormat WORD 0 ;clipboard data format
4170ddedata_Value BYTE 0 ;data item
4171DDEDATA ends
4172DDEDATA_ equ 2+2+1
4173;
4174;------------------------------------------------------------------------------
4175;
4176DDEPOKE struct
4177ddepoke_Status WORD 0 ;status
4178ddepoke_cfFormat WORD 0 ;clipboard data format
4179ddepoke_Value BYTE 0 ;data item
4180DDEPOKE ends
4181DDEPOKE_ equ 2+2+1
4182;
4183;==============================================================================
4184
4185;*bk*
4186;be careful from here on. This stuff assumes ansi, not unicode.
4187;for example, StartDoc is equated to StartDocA, the ansi API
4188;function. The unicode equivalent is StartDocB.
4189
4190
4191
4192LPSECURITY_ATTRIBUTES TYPEDEF PTR SECURITY_ATTRIBUTES
4193LPRECT TYPEDEF PTR RECT
4194LPPOINT TYPEDEF PTR POINT
4195LPPAINTSTRUCT TYPEDEF PTR PAINTSTRUCT
4196HGDIOBJ TYPEDEF DWORD
4197LPPROCESS_INFORMATION TYPEDEF PTR PROCESS_INFORMATION
4198LPSTARTUPINFO TYPEDEF PTR STARTUPINFOA
4199LPCTBBUTTON TYPEDEF PTR TBBUTTON
4200
4201;*******************************************************************************
4202;* WINDEF.H ****************************************
4203;*******************************************************************************
4204
4205MAX_PATH EQU 0104h
4206
4207NULL EQU 0h
4208FALSE EQU 0h
4209TRUE EQU 1h
4210
4211;CALLBACK TYPEDEF PROTO STDCALL
4212CALLBACK TEXTEQU <STDCALL>
4213;WINAPI TYPEDEF PROTO STDCALL
4214WINAPI TEXTEQU <STDCALL>
4215
4216
4217
4218
4219;*******************************************************************************
4220;* WINNT.H ****************************************
4221;*******************************************************************************
4222
4223LPSTR TYPEDEF DWORD
4224LPCSTR TYPEDEF DWORD
4225
4226FILE_ATTRIBUTE_READONLY EQU 0001h
4227FILE_ATTRIBUTE_HIDDEN EQU 0002h
4228FILE_ATTRIBUTE_SYSTEM EQU 0004h
4229FILE_ATTRIBUTE_DIRECTORY EQU 0010h
4230FILE_ATTRIBUTE_ARCHIVE EQU 0020h
4231FILE_ATTRIBUTE_NORMAL EQU 0080h
4232FILE_ATTRIBUTE_TEMPORARY EQU 0100h
4233FILE_ATTRIBUTE_COMPRESSED EQU 0800h
4234
4235GENERIC_READ EQU 080000000h
4236GENERIC_WRITE EQU 040000000h
4237GENERIC_EXECUTE EQU 020000000h
4238GENERIC_ALL EQU 010000000h
4239
4240DLL_PROCESS_ATTACH EQU 01h
4241DLL_THREAD_ATTACH EQU 02h
4242DLL_THREAD_DETACH EQU 03h
4243DLL_PROCESS_DETACH EQU 00h
4244
4245RtlMoveMemory PROCDESC STDCALL :DWORD, :DWORD, :DWORD
4246MoveMemory TEXTEQU <RtlMoveMemory>
4247RtlFillMemory PROCDESC STDCALL :DWORD, :DWORD, :BYTE
4248FillMemory TEXTEQU <RtlFillMemory>
4249
4250;*******************************************************************************
4251;* WINERROR.H ****************************************
4252;*******************************************************************************
4253
4254ERROR_SUCCESS EQU 000h
4255ERROR_INVALID_HANDLE EQU 006h
4256ERROR_ALREADY_EXISTS EQU 0B7h
4257
4258
4259;*******************************************************************************
4260;* KERNEL32.LIB WINBASE.H ****************************************
4261;*******************************************************************************
4262
4263;INVALID_HANDLE_VALUE EQU -1
4264
4265CREATE_NEW EQU 01h
4266CREATE_ALWAYS EQU 02h
4267OPEN_EXISTING EQU 03h
4268OPEN_ALWAYS EQU 04h
4269TRUNCATE_EXISTING EQU 05h
4270
4271OVERLAPPED STRUCT
4272 Internal DWORD ?
4273 InternalHigh DWORD ?
4274 _Offset DWORD ?
4275 OffsetHigh DWORD ?
4276 hEvent HANDLE ?
4277OVERLAPPED ENDS
4278LPOVERLAPPED TYPEDEF PTR OVERLAPPED
4279
4280
4281GMEM_FIXED EQU 00000h
4282GMEM_MOVEABLE EQU 00002h
4283GMEM_ZEROINIT EQU 00040h
4284GMEM_SHARE EQU 02000h
4285
4286DEBUG_PROCESS EQU 001h
4287DEBUG_ONLY_THIS_PROCESS EQU 002h
4288CREATE_SUSPENDED EQU 004h
4289DETACHED_PROCESS EQU 008h
4290CREATE_NEWE_CONSOLE EQU 010h
4291NORMAL_PRIORITY_CLASS EQU 020h
4292
4293WinMain PROCDESC WINAPI :HINSTANCE, :HINSTANCE, :LPSTR, :SDWORD
4294GlobalAlloc PROCDESC WINAPI :UINT, :DWORD
4295GlobalLock PROCDESC WINAPI :HGLOBAL
4296GlobalUnlock PROCDESC WINAPI :HGLOBAL
4297GlobalFree PROCDESC WINAPI :HGLOBAL
4298ExitProcess PROCDESC WINAPI :DWORD
4299GetLastError PROCDESC WINAPI
4300DebugBreak PROCDESC WINAPI
4301Sleep PROCDESC WINAPI :DWORD
4302LoadResource PROCDESC WINAPI :HINSTANCE, :HRSRC
4303GetFileSize PROCDESC WINAPI :HANDLE, :LPDWORD
4304WriteFile PROCDESC WINAPI :HANDLE, :LPCVOID, :DWORD, :LPDWORD, :LPOVERLAPPED
4305ReadFile PROCDESC WINAPI :HANDLE, :LPVOID, :DWORD, :LPDWORD, :LPOVERLAPPED
4306CloseHandle PROCDESC WINAPI :HANDLE
4307SetFilePointer PROCDESC WINAPI :HANDLE, :DWORD, :LPDWORD, :DWORD
4308SetEndOfFile PROCDESC WINAPI :HANDLE
4309
4310
4311Beep PROCDESC WINAPI :DWORD, :DWORD
4312lstrlenA PROCDESC WINAPI :LPCSTR
4313lstrlen TEXTEQU <lstrlenA>
4314
4315STARTF_USESHOWWINDOW EQU 0001h
4316STARTF_USESIZE EQU 0002h
4317STARTF_USEPOSITION EQU 0004h
4318STARTF_USECOUNTCHARS EQU 0008h
4319STARTF_USEFILLATTRIBUTE EQU 0010h
4320STARTF_RUNFULLSCREEN EQU 0020h
4321STARTF_FORCEONFEEDBACK EQU 0040h
4322STARTF_FORCEOFFFEEDBACK EQU 0080h
4323STARTF_USESTDHANDLES EQU 0100h
4324STARTF_USEHOTKEY EQU 0200h
4325
4326
4327CreateSemaphoreA PROCDESC WINAPI :LPSECURITY_ATTRIBUTES, :LONG, :LONG, :LPCSTR
4328CreateSemaphore TEXTEQU <CreateSemaphoreA>
4329
4330GetModuleHandleA PROCDESC WINAPI :DWORD
4331GetModuleHandle TEXTEQU <GetModuleHandleA>
4332CreateProcessA PROCDESC STDCALL :LPCSTR, :LPSTR,\
4333 :LPSECURITY_ATTRIBUTES,\
4334 :LPSECURITY_ATTRIBUTES,\
4335 :BOOL, :DWORD, :LPVOID, :LPCSTR,\
4336 :LPSTARTUPINFO,\
4337 :LPPROCESS_INFORMATION
4338CreateProcess TEXTEQU <CreateProcessA>
4339GetStartupInfoA PROCDESC WINAPI :LPSTARTUPINFO
4340GetStartupInfo TEXTEQU <GetStartupInfoA>
4341GetCommandLineA PROCDESC WINAPI
4342GetCommandLine TEXTEQU <GetCommandLineA>
4343OutputDebugStringA PROCDESC WINAPI :LPCSTR
4344OutputDebugString TEXTEQU <OutputDebugStringA>
4345FindResourceA PROCDESC WINAPI :HINSTANCE, :LPCSTR, :LPCSTR
4346FindResource TEXTEQU <FindResourceA>
4347CreateFileA PROCDESC WINAPI :LPCSTR, :DWORD, :DWORD,\
4348 :LPSECURITY_ATTRIBUTES,\
4349 :DWORD, :DWORD, :HANDLE
4350CreateFile TEXTEQU <CreateFileA>
4351QueryPerformanceCounter PROCDESC WINAPI :DWORD
4352QueryPerformanceFrequency PROCDESC WINAPI :DWORD
4353
4354CreateFileMappingA PROCDESC :HANDLE, :LPSECURITY_ATTRIBUTES, :DWORD, :DWORD, :DWORD, :LPCTSTR
4355CreateFileMapping TEXTEQU <CreateFileMappingA>
4356MapViewOfFile PROCDESC :HANDLE, :DWORD, :DWORD, :DWORD, :DWORD
4357UnmapViewOfFile PROCDESC :LPVOID
4358FlushViewOfFile PROCDESC :LPCVOID, :DWORD
4359CopyFileA PROCDESC :LPTSTR, :LPTSTR, :BOOL
4360CopyFile TEXTEQU <CopyFileA>
4361;*******************************************************************************
4362;* GDI32.LIB WINGDI.H ****************************************
4363;*******************************************************************************
4364
4365SRCCOPY EQU 00CC0020h ;dest = source
4366SRCPAINT EQU 00EE0086h ;dest = source OR dest
4367SRCAND EQU 008800C6h ;dest = source AND dest
4368SRCINVERT EQU 00660046h ;dest = source XOR dest
4369SRCERASE EQU 00440328h ;dest = source AND (NOT dest)
4370
4371TA_LEFT EQU 000h
4372TA_RIGHT EQU 002h
4373TA_CENTER EQU 006h
4374TA_TOP EQU 000h
4375TA_BOTTOM EQU 008h
4376TA_BASELINE EQU 018h
4377
4378SP_ERROR EQU -1
4379
4380
4381DRAFT_QUALITY EQU 002h
4382PROOF_QUALITY EQU 003h
4383FIXED_PITCH EQU 001h
4384VARIABLE_PITCH EQU 002h
4385FW_NORMAL EQU 400
4386FW_BOLD EQU 700
4387FF_ROMAN EQU 010h
4388FF_MODERN EQU 030h
4389
4390TRANSPARENT EQU 01h
4391OPAQUE EQU 02h
4392
4393WHITE_BRUSH EQU 00h
4394LTGRAY_BRUSH EQU 01h
4395GRAY_BRUSH EQU 02h
4396DKGRAY_BRUSH EQU 03h
4397BLACK_BRUSH EQU 04h
4398
4399BitBlt PROCDESC WINAPI :HDC, :DWORD, :DWORD, :DWORD, :DWORD,\
4400 :HDC, :DWORD, :DWORD, :DWORD
4401CreateCompatibleDC PROCDESC WINAPI :HDC
4402CreateFontA PROCDESC WINAPI :SDWORD, :SDWORD, :SDWORD, :SDWORD, :SDWORD, :DWORD, :DWORD,\
4403 :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :LPCSTR
4404CreateFont TEXTEQU <CreateFontA>
4405CreateSolidBrush PROCDESC WINAPI :COLORREF
4406DeleteDC PROCDESC WINAPI :HDC
4407DeleteObject PROCDESC WINAPI :HGDIOBJ
4408GetStockObject PROCDESC WINAPI :SDWORD
4409LineTo PROCDESC WINAPI :HDC, :UINT, :UINT
4410RectVisible PROCDESC WINAPI :HDC, :LPRECT
4411SelectObject PROCDESC WINAPI :HDC, :HGDIOBJ
4412SetBkColor PROCDESC WINAPI :HDC, :COLORREF
4413SetBkMode PROCDESC WINAPI :HDC, :SDWORD
4414
4415CLR_INVALID EQU 0FFFFFFFFh
4416
4417
4418StretchBlt PROCDESC WINAPI :HDC, :SDWORD, :SDWORD, :SDWORD, :SDWORD,\
4419 :HDC, :SDWORD, :SDWORD, :SDWORD, :SDWORD, :DWORD
4420SetTextColor PROCDESC WINAPI :HDC, :COLORREF
4421SetTextAlign PROCDESC WINAPI :HDC, :UINT
4422
4423;ABORTPROC TYPEDEF PROCDESC STDCALL
4424ABORTPROC TEXTEQU <STDCALL>
4425
4426DOCINFOA STRUCT
4427 cbSize SDWORD ?
4428 lpszDocName LPCSTR ?
4429 lpszOutput LPCSTR ?
4430 lpszDataType LPCSTR ?
4431 fwType DWORD ?
4432DOCINFOA ENDS
4433LPDOCINFO TYPEDEF PTR DOCINFOA
4434DOCINFO TEXTEQU <DOCINFOA>
4435
4436StartDocA PROCDESC WINAPI :HDC, :LPDOCINFO
4437StartDoc TEXTEQU <StartDocA>
4438EndDoc PROCDESC WINAPI :HDC
4439StartPage PROCDESC WINAPI :HDC
4440EndPage PROCDESC WINAPI :HDC
4441AbortDoc PROCDESC WINAPI :HDC
4442;SetAbortProc PROCDESC WINAPI :HDC, :ABORTPROC
4443SetAbortProc PROCDESC WINAPI :HDC, :DWORD
4444
4445MoveToEx PROCDESC WINAPI :HDC, :UINT, :UINT, :LPPOINT
4446TextOutA PROCDESC WINAPI :HDC, :DWORD, :DWORD, :LPCSTR, :DWORD
4447TextOut TEXTEQU <TextOutA>
4448
4449
4450;*******************************************************************************
4451;* USER32.LIB WINUSER.H ****************************************
4452;*******************************************************************************
4453
4454;DLGPROC TYPEDEF PROCDESC STDCALL
4455DLGPROC TEXTEQU <STDCALL>
4456
4457SB_HORZ EQU 0
4458SB_VERT EQU 1
4459SB_CTL EQU 2
4460SB_BOTH EQU 3
4461SB_THUMBPOSITION EQU 4
4462SB_ENDSCROLL EQU 8
4463
4464SW_HIDE EQU 00h
4465SW_SHOWNORMAL EQU 01h
4466SW_SHOWMINIMIZED EQU 02h
4467SW_SHOWMAXIMIZED EQU 03h
4468SW_SHOW EQU 05h
4469SW_RESTORE EQU 09h
4470SW_SHOWDEFAULT EQU 0Ah
4471
4472WNDCLASSEX_ EQU 4*12
4473WNDCLASSEXA STRUCT
4474 wc_cbSize UINT ?
4475 wc_style UINT ?
4476 wc_lpfnWndProc DWORD ?
4477 wc_cbClsExtra SDWORD ?
4478 wc_cbWndExtra SDWORD ?
4479 wc_hInstance HINSTANCE ?
4480 wc_hIcon HICON ?
4481 wc_hCursor HCURSOR ?
4482 wc_hbrBackground HBRUSH ?
4483 wc_lpszMenuName LPCSTR ?
4484 wc_lpszClassName LPCSTR ?
4485 wc_hIconSm HICON ?
4486WNDCLASSEXA ENDS
4487WNDCLASSEX TEXTEQU <WNDCLASSEXA>
4488
4489LPMSG TYPEDEF DWORD
4490
4491;GWL_ID EQU 0FFFFFFF4h
4492
4493WM_CREATE EQU 0001h
4494WM_DESTROY EQU 0002h
4495WM_SIZE EQU 0005h
4496WM_SETTEXT EQU 000Ch
4497WM_PAINT EQU 000Fh
4498WM_CLOSE EQU 0010h
4499WM_ERASEBKGND EQU 0014h
4500WM_NOTIFY EQU 004Eh
4501WM_HELP EQU 0053h
4502WM_CHAR EQU 0102h
4503WM_INITDIALOG EQU 0110h
4504WM_COMMAND EQU 0111h
4505WM_TIMER EQU 0113h
4506WM_HSCROLL EQU 0114h
4507WM_VSCROLL EQU 0115h
4508WM_MENUSELECT EQU 011Fh
4509WM_CTLCOLORDLG EQU 0136h
4510WM_MOUSEMOVE EQU 0200h
4511WM_LBUTTONDOWN EQU 0201h
4512WM_LBUTTONUP EQU 0202h
4513WM_LBUTTONDBLCLK EQU 0203h
4514WM_RBUTTONDOWN EQU 0204h
4515WM_RBUTTONUP EQU 0205h
4516WM_RBUTTONDBLCLK EQU 0206h
4517WM_CUT EQU 0300h
4518WM_COPY EQU 0301h
4519WM_PASTE EQU 0302h
4520WM_CLEAR EQU 0303h
4521WM_UNDO EQU 0304h
4522WM_USER EQU 0400h
4523
4524WS_POPUP EQU 080000000h
4525WS_CHILD EQU 040000000h
4526WS_MINIMIZE EQU 020000000h
4527WS_VISIBLE EQU 010000000h
4528WS_MAXIMIZE EQU 001000000h
4529WS_CAPTION EQU 000C00000h
4530WS_BORDER EQU 000800000h
4531WS_DLGFRAME EQU 000400000h
4532WS_VSCROLL EQU 000200000h
4533WS_HSCROLL EQU 000100000h
4534WS_SYSMENU EQU 000080000h
4535;WS_SIZEBOX EQU 000040000h
4536WS_MINIMIZEBOX EQU 000020000h
4537WS_MAXIMIZEBOX EQU 000010000h
4538WS_OVERLAPPEDWINDOW EQU 000CF0000h
4539WS_EX_NOPARENTNOTIFY EQU 000000004h
4540WS_EX_WINDOWEDGE EQU 000000100h
4541WS_EX_CLIENTEDGE EQU 000000200h
4542WS_EX_OVERLAPPEDWINDOW EQU WS_EX_WINDOWEDGE + WS_EX_CLIENTEDGE
4543
4544CS_VREDRAW EQU 00001h
4545CS_HREDRAW EQU 00002h
4546CS_PARENTDC EQU 00080h
4547CS_BYTEALIGNWINDOW EQU 02000h
4548
4549BDR_RAISEDOUTER EQU 01h
4550BDR_SUNKENOUTER EQU 02h
4551BDR_RAISEDINNER EQU 04h
4552BDR_SUNKENINNER EQU 08h
4553EDGE_RAISED EQU BDR_RAISEDOUTER + BDR_RAISEDINNER
4554EDGE_SUNKEN EQU BDR_SUNKENOUTER + BDR_SUNKENINNER
4555EDGE_ETCHED EQU BDR_SUNKENOUTER + BDR_RAISEDINNER
4556EDGE_BUMP EQU BDR_RAISEDOUTER + BDR_SUNKENINNER
4557BF_LEFT EQU 01h
4558BF_TOP EQU 02h
4559BF_RIGHT EQU 04h
4560BF_BOTTOM EQU 08h
4561BF_RECT EQU BF_LEFT + BF_TOP + BF_RIGHT + BF_BOTTOM
4562DrawEdge PROCDESC WINAPI :HDC, :LPRECT, :UINT, :UINT
4563
4564
4565NMHDR STRUCT
4566 hwndFrom HWND ?
4567 idFrom UINT ?
4568 code UINT ?
4569NMHDR ENDS
4570
4571GetMessageA PROCDESC WINAPI :LPMSG, :HWND, :UINT, :UINT
4572GetMessage TEXTEQU <GetMessageA>
4573TranslateMessage PROCDESC WINAPI :LPMSG
4574DispatchMessageA PROCDESC WINAPI :LPMSG
4575DispatchMessage TEXTEQU <DispatchMessageA>
4576
4577PeekMessageA PROCDESC WINAPI :LPMSG, :HWND, :UINT, :UINT, :UINT
4578PeekMessage TEXTEQU <PeekMessageA>
4579PM_NOREMOVE EQU 00h
4580PM_REMOVE EQU 01h
4581PM_NOYIELD EQU 02h
4582
4583SendMessageA PROCDESC WINAPI :HWND, :UINT, :WPARAM, :LPARAM
4584SendMessage TEXTEQU <SendMessageA>
4585PostMessageA PROCDESC WINAPI :HWND, :UINT, :WPARAM, :LPARAM
4586PostMessage TEXTEQU <PostMessageA>
4587DefWindowProcA PROCDESC WINAPI :HWND, :UINT, :WPARAM, :LPARAM
4588DefWindowProc TEXTEQU <DefWindowProcA>
4589PostQuitMessage PROCDESC WINAPI :SWORD
4590RegisterClassA PROCDESC WINAPI :DWORD
4591RegisterClass TEXTEQU <RegisterClassA>
4592RegisterClassExA PROCDESC WINAPI :DWORD
4593RegisterClassEx TEXTEQU <RegisterClassExA>
4594CreateWindowA PROCDESC WINAPI :LPCTSTR, :LPCTSTR, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :HWND, :HMENU, :HANDLE, :DWORD
4595CreateWindow TEXTEQU <CreateWindowA>
4596CreateWindowExA PROCDESC WINAPI :DWORD, :LPCSTR, :LPCSTR, :DWORD, :SDWORD, :SDWORD,\
4597 :SDWORD, :SDWORD, :HWND, :HMENU, :HINSTANCE, :DWORD
4598CreateWindowEx TEXTEQU <CreateWindowExA>
4599DestroyWindow PROCDESC WINAPI :HWND
4600ShowWindow PROCDESC WINAPI :HWND, :SDWORD
4601MoveWindow PROCDESC WINAPI :HWND, :UINT, :UINT, :UINT, :UINT, :BOOL
4602SetWindowPos PROCDESC WINAPI :HWND, :HWND, :UINT, :UINT, :UINT, :UINT, :UINT
4603IsIconic PROCDESC WINAPI :HWND
4604
4605SWP_NOSIZE EQU 001h
4606SWP_NOMOVE EQU 002h
4607SWP_NOZORDER EQU 004h
4608SWP_FRAMECHANGED EQU 020h
4609SWP_DRAWFRAME EQU SWP_FRAMECHANGED
4610HWND_TOP EQU 000h
4611
4612DLGTEMPLATE STRUCT
4613 style DWORD ?
4614 dwExtendedStyle DWORD ?
4615 cdit WORD ?
4616 x SWORD ?
4617 y SWORD ?
4618 nx SWORD ?
4619 ny SWORD ?
4620DLGTEMPLATE ENDS
4621;LPCDLGTEMPLATE TYPEDEF PTR LPDLGTEMPLATE
4622
4623;CreateDialogParamA PROCDESC WINAPI :HINSTANCE, :LPCSTR, :HWND, :DLGPROC, :LPARAM
4624CreateDialogParamA PROCDESC WINAPI :HINSTANCE, :LPCSTR, :HWND, :DWORD, :LPARAM
4625CreateDialogParam TEXTEQU <CreateDialogParamA>
4626;DialogBoxParamA PROCDESC WINAPI :HINSTANCE, :LPCSTR, :HWND, :DLGPROC, :LPARAM
4627DialogBoxParamA PROCDESC WINAPI :HINSTANCE, :LPCSTR, :HWND, :DWORD, :LPARAM
4628DialogBoxParam TEXTEQU <DialogBoxParamA>
4629EndDialog PROCDESC WINAPI :HWND, :UINT
4630GetDlgItem PROCDESC WINAPI :HWND, :UINT
4631GetDlgItemTextA PROCDESC WINAPI :HWND, :UINT, :LPCSTR, : UINT
4632GetDlgItemText TEXTEQU <GetDlgItemTextA>
4633SetDlgItemTextA PROCDESC WINAPI :HWND, :SDWORD, :LPCSTR
4634SetDlgItemText TEXTEQU <SetDlgItemTextA>
4635SendDlgItemMessageA PROCDESC WINAPI :HWND, :UINT, :UINT, :WPARAM, :LPARAM
4636SendDlgItemMessage TEXTEQU <SendDlgItemMessageA>
4637DefDlgProcA PROCDESC WINAPI :HWND, :UINT, :WPARAM, :LPARAM
4638DefDlgProc TEXTEQU <DefDlgProcA>
4639DLGWINDOWEXTRA EQU 00000001Eh
4640
4641SetFocus PROCDESC WINAPI :HWND
4642SetTimer PROCDESC WINAPI :HWND, :UINT, :UINT, :PTR DWORD
4643KillTimer PROCDESC WINAPI :HWND, :UINT
4644EnableWindow PROCDESC WINAPI :HWND, :BOOL
4645LoadAcceleratorsA PROCDESC WINAPI :HINSTANCE, :LPCSTR
4646LoadAccelerators TEXTEQU <LoadAcceleratorsA>
4647TranslateAcceleratorA PROCDESC WINAPI :HWND, :HACCEL, :LPMSG
4648TranslateAccelerator TEXTEQU <TranslateAcceleratorA>
4649
4650SM_CXSCREEN EQU 000h
4651SM_CYSCREEN EQU 001h
4652SM_CXFULLSCREEN EQU 010h
4653SM_CYFULLSCREEN EQU 011h
4654GetSystemMetrics PROCDESC WINAPI :UINT
4655DrawTextA PROCDESC WINAPI :HDC, :LPCSTR, :UINT, :LPRECT, :UINT
4656DrawText TEXTEQU <DrawTextA>
4657UpdateWindow PROCDESC WINAPI :HWND
4658SetForegroundWindow PROCDESC WINAPI :HWND
4659GetDC PROCDESC WINAPI :HWND
4660ReleaseDC PROCDESC WINAPI :HWND, :HDC
4661BeginPaint PROCDESC WINAPI :HWND, :LPPAINTSTRUCT
4662EndPaint PROCDESC WINAPI :HWND, :LPPAINTSTRUCT
4663InvalidateRect PROCDESC WINAPI :HWND, :LPRECT, :UINT
4664InvalidateRgn PROCDESC WINAPI :HWND, :HRGN, :BOOL
4665GetScrollPos PROCDESC WINAPI :HWND, :UINT
4666SetWindowTextA PROCDESC WINAPI :HWND, :LPCSTR
4667SetWindowText TEXTEQU <SetWindowTextA>
4668GetClientRect PROCDESC WINAPI :HWND, :LPRECT
4669GetWindowRect PROCDESC WINAPI :HWND, :LPRECT
4670
4671MB_OK EQU 000h
4672MB_OKCANCEL EQU 001h
4673MB_ABORTRETRYIGNORE EQU 002h
4674MB_YESNOCANCEL EQU 003h
4675MB_YESNO EQU 004h
4676MB_RETRYCANCEL EQU 005h
4677;MB_ICONERROR EQU 010h
4678;MB_ICONWARNING EQU 030h
4679MessageBoxA PROCDESC WINAPI :HWND, :LPCSTR, :LPCSTR, :UINT
4680MessageBox TEXTEQU <MessageBoxA>
4681
4682COLOR_BACKGROUND EQU 001h
4683COLOR_WINDOW EQU 005h
4684;COLOR_3DFACE EQU 00Fh
4685;COLOR_3DSHADOW EQU 010h
4686COLOR_APPWORKSPACE EQU 00Ch
4687COLOR_3DLIGHT EQU 016h
4688GetSysColor PROCDESC WINAPI :UINT
4689FillRect PROCDESC WINAPI :HDC, :LPRECT, :HBRUSH
4690GetWindowLongA PROCDESC WINAPI :HWND, :DWORD
4691GetWindowLong TEXTEQU <GetWindowLongA>
4692GetDesktopWindow PROCDESC WINAPI
4693FindWindowA PROCDESC WINAPI :LPCSTR, :LPCSTR
4694FindWindow TEXTEQU <FindWindowA>
4695GetLastActivePopup PROCDESC WINAPI :HWND
4696
4697MF_POPUP EQU 00010h
4698MF_SYSMENU EQU 02000h
4699;MFT_SEPARATOR EQU 00800h
4700
4701SC_SIZE EQU 0F000h
4702SC_MOVE EQU 0F010h
4703SC_MINIMIZE EQU 0F020h
4704SC_MAXIMIZE EQU 0F030h
4705SC_CLOSE EQU 0F060h
4706SC_RESTORE EQU 0F120h
4707
4708LoadBitmapA PROCDESC WINAPI :HINSTANCE, :LPCSTR
4709LoadBitmap TEXTEQU <LoadBitmapA>
4710LoadCursorA PROCDESC WINAPI :HINSTANCE, :LPCSTR
4711LoadCursor TEXTEQU <LoadCursorA>
4712LoadIconA PROCDESC WINAPI :HINSTANCE, :LPCSTR
4713LoadIcon TEXTEQU <LoadIconA>
4714
4715IMAGE_BITMAP EQU 00000h
4716IMAGE_ICON EQU 00001h
4717IMAGE_CURSOR EQU 00002h
4718LR_LOADTRANSPARENT EQU 00020h
4719LR_LOADMAP3DCOLORS EQU 01000h
4720LoadImageA PROCDESC WINAPI :HINSTANCE, :LPCSTR, :UINT, :UINT, :UINT, :UINT
4721LoadImage TEXTEQU <LoadImageA>
4722
4723IDC_ARROW EQU 07f00h
4724
4725LoadStringA PROCDESC WINAPI :HINSTANCE, :UINT, :LPCSTR, :UINT
4726LoadString TEXTEQU <LoadStringA>
4727
4728IDOK EQU 01h
4729IDCANCEL EQU 02h
4730IDABORT EQU 03h
4731IDRETRY EQU 04h
4732IDIGNORE EQU 05h
4733IDYES EQU 06h
4734IDNO EQU 07h
4735IDCLOSE EQU 08h
4736IDHELP EQU 09h
4737
4738ES_LEFT EQU 000h
4739ES_MULTILINE EQU 004h
4740ES_AUTOVSCROLL EQU 040h
4741
4742BM_GETCHECK EQU 0F0h
4743BM_SETCHECK EQU 0F1h
4744BM_CLICK EQU 0F5h
4745BM_SETIMAGE EQU 0F7h
4746
4747BST_UNCHECKED EQU 00h
4748BST_CHECKED EQU 01h
4749BST_INDETERMINATE EQU 02h
4750
4751SS_LEFT EQU 00h
4752SS_CENTER EQU 01h
4753SS_RIGHT EQU 02h
4754SS_ICON EQU 03h
4755SS_BLACKFRAME EQU 07h
4756
4757IsDialogMessageA PROCDESC WINAPI :HWND, :LPMSG
4758IsDialogMessage TEXTEQU <IsDialogMessageA>
4759
4760DS_MODALFRAME EQU 0080h
4761DS_NOIDLEMSG EQU 0100h
4762DS_3DLOOK EQU 0004h
4763
4764HELP_CONTEXT EQU 01h
4765HELP_QUIT EQU 02h
4766HELP_INDEX EQU 03h
4767HELP_CONTENTS EQU 03h
4768HELP_HELPONHELP EQU 04h
4769HELP_CONTEXTMENU EQU 0Ah
4770HELP_FINDER EQU 0Bh
4771HELP_WM_HELP EQU 0Ch
4772
4773WinHelpA PROCDESC WINAPI :HWND, :LPCSTR, :UINT, :DWORD
4774WinHelp TEXTEQU <WinHelpA>
4775
4776
4777;*******************************************************************************
4778;* COMDLG32.LIB COMMDLG.H ****************************************
4779;*******************************************************************************
4780
4781OPENFILENAMEA STRUCT
4782 op_lStructSize DWORD ?
4783 op_hwndOwner HWND ?
4784 op_hInstance HINSTANCE ?
4785 op_lpstrFilter LPCSTR ?
4786 op_lpstrCustomFilter LPSTR ?
4787 op_nMaxCustFilter DWORD ?
4788 op_nFilterIndex DWORD ?
4789 op_lpstrFile LPSTR ?
4790 op_nMaxFile DWORD ?
4791 op_lpstrFileTitle LPSTR ?
4792 op_nMaxFileTitle DWORD ?
4793 op_lpstrInitialDir LPCSTR ?
4794 op_lpstrTitle LPCSTR ?
4795 op_Flags DWORD ?
4796 op_nFileOffset WORD ?
4797 op_nFileExtension WORD ?
4798 op_lpstrDefExt LPCSTR ?
4799 op_lCustData LPARAM ?
4800 op_lpfnHook DWORD ?
4801 op_lpTemplateName LPCSTR ?
4802OPENFILENAMEA ENDS
4803LPOPENFILENAME TYPEDEF PTR OPENFILENAMEA
4804
4805GetOpenFileNameA PROCDESC WINAPI :LPOPENFILENAME
4806GetOpenFileName TEXTEQU <GetOpenFileNameA>
4807GetSaveFileNameA PROCDESC WINAPI :LPOPENFILENAME
4808GetSaveFileName TEXTEQU <GetSaveFileNameA>
4809
4810OFN_READONLY EQU 00000001h
4811OFN_OVERWRITEPROMPT EQU 00000002h
4812OFN_HIDEREADONLY EQU 00000004h
4813OFN_NOCHANGEDIR EQU 00000008h
4814OFN_SHOWHELP EQU 00000010h
4815OFN_ENABLEHOOK EQU 00000020h
4816OFN_ENABLETEMPLATE EQU 00000040h
4817OFN_ENABLETEMPLATEHANDLE EQU 00000080h
4818OFN_NOVALIDATE EQU 00000100h
4819OFN_ALLOWMULTISELECT EQU 00000200h
4820OFN_EXTENSIONDIFFERENT EQU 00000400h
4821OFN_PATHMUSTEXIST EQU 00000800h
4822OFN_FILEMUSTEXIST EQU 00001000h
4823OFN_CREATEPROMPT EQU 00002000h
4824OFN_SHAREAWARE EQU 00004000h
4825OFN_NOREADONLYRETURN EQU 00008000h
4826OFN_NOTESTFILECREATE EQU 00010000h
4827OFN_NONETWORKBUTTON EQU 00020000h
4828OFN_NOLONGNAMES EQU 00040000h
4829OFN_EXPLORER EQU 00080000h
4830OFN_NODEREFERENCELINKS EQU 00100000h
4831OFN_LONGNAMES EQU 00200000h
4832
4833PRINTDLGA STRUCT
4834 pr_lStructSize DWORD ?
4835 pr_hwndOwner HWND ?
4836 pr_hDevMode HGLOBAL ?
4837 pr_hDevNames HGLOBAL ?
4838 pr_hDC HDC ?
4839 pr_Flags DWORD ?
4840 pr_nFromPage WORD ?
4841 pr_nToPage WORD ?
4842 pr_nMinPage WORD ?
4843 pr_nMaxPage WORD ?
4844 pr_nCopies WORD ?
4845 pr_hInstance HINSTANCE ?
4846 pr_lCustData DWORD ?
4847 pr_lpfnPrintHook DWORD ?
4848 pr_lpfnSetupHook DWORD ?
4849 pr_lpPrintTemplateName LPCSTR ?
4850 pr_lpSetupTemplateName LPCSTR ?
4851 pr_hPrintTemplate HGLOBAL ?
4852 pr_hSetupTemplate HGLOBAL ?
4853PRINTDLGA ENDS
4854LPPRINTDLG TYPEDEF PTR PRINTDLGA
4855
4856PrintDlg PROCDESC WINAPI :LPPRINTDLG
4857
4858PD_ALLPAGES EQU 00000h
4859PD_SELECTION EQU 00001h
4860PD_PAGENUMS EQU 00002h
4861PD_NOSELECTION EQU 00004h
4862PD_NOPAGENUMS EQU 00008h
4863PD_COLLATE EQU 00010h
4864PD_PRINTTOFILE EQU 00020h
4865PD_PRINTSETUP EQU 00040h
4866PD_NOWARNING EQU 00080h
4867PD_RETURNDC EQU 00100h
4868PD_RETURNIC EQU 00200h
4869PD_RETURNDEFAULT EQU 00400h
4870PD_SHOWHELP EQU 00800h
4871PD_ENABLEPRINTHOOK EQU 01000h
4872PD_ENABLESETUPHOOK EQU 02000h
4873PD_ENABLEPRINTTEMPLATE EQU 04000h
4874PD_ENABLESETUPTEMPLATE EQU 08000h
4875PD_ENABLEPRINTTEMPLATEHANDLE EQU 0010000h
4876PD_ENABLESETUPTEMPLATEHANDLE EQU 0020000h
4877PD_USEDEVMODECOPIES EQU 0040000h
4878PD_USEDEVMODECOPIESANDCOLLATE EQU 0040000h
4879PD_DISABLEPRINTTOFILE EQU 0080000h
4880PD_HIDEPRINTTOFILE EQU 0100000h
4881PD_NONETWORKBUTTON EQU 0200000h
4882
4883CommDlgExtendedError PROCDESC WINAPI
4884
4885PAGESETUPDLGA STRUCT
4886 pa_lStructSize DWORD ?
4887 pa_hwndOwner HWND ?
4888 pa_hDevMode HGLOBAL ?
4889 pa_hDevNames HGLOBAL ?
4890 pa_Flags DWORD ?
4891 pa_ptPaperSize POINT <>
4892 pa_rtMinMargin RECT <>
4893 pa_rtMargin RECT <>
4894 pa_hInstance HINSTANCE ?
4895 pa_lCustData LPARAM ?
4896 pa_lpfnPageSetupHook DWORD ?
4897 pa_lpfnPagePaintHook DWORD ?
4898 pa_lpPageSetupTemplateName LPCSTR ?
4899 pa_hPageSetupTemplate HGLOBAL ?
4900PAGESETUPDLGA ENDS
4901LPPAGESETUPDLG TYPEDEF PTR PAGESETUPDLGA
4902
4903PageSetupDlg PROCDESC WINAPI :LPPAGESETUPDLG
4904
4905PSD_DEFAULTMINMARGINS EQU 0000000h
4906PSD_MINMARGINS EQU 0000001h
4907PSD_MARGINS EQU 0000002h
4908PSD_INTHOUSANDTHSOFINCHES EQU 0000004h
4909PSD_INHUNDREDTHSOFMILLIMETERS EQU 0000008h
4910PSD_DISABLEMARGINS EQU 0000010h
4911PSD_DISABLEPRINTER EQU 0000020h
4912PSD_NOWARNING EQU 0000080h
4913PSD_DISABLEORIENTATION EQU 0000100h
4914PSD_DISABLEPAPER EQU 0000200h
4915PSD_RETURNDEFAULT EQU 0000400h
4916PSD_SHOWHELP EQU 0000800h
4917PSD_ENABLEPAGESETUPHOOK EQU 0002000h
4918PSD_ENABLEPAGESETUPTEMPLATE EQU 0008000h
4919PSD_ENABLEPAGESETUPTEMPLATEHANDLE EQU 0020000h
4920PSD_ENABLEPAGEPAINTHOOK EQU 0040000h
4921PSD_DISABLEPAGEPAINTING EQU 0080000h
4922PSD_NONETWORKBUTTON EQU 0200000h
4923
4924
4925;*******************************************************************************
4926;* COMCTL32.LIB COMMCTRL.H ****************************************
4927;*******************************************************************************
4928
4929InitCommonControls PROCDESC WINAPI
4930
4931
4932CreateToolbarEx PROCDESC WINAPI :HWND, :DWORD, :UINT, :SDWORD,\
4933 :HINSTANCE, :UINT, :LPCTBBUTTON,\
4934 :SDWORD, :SDWORD, :SDWORD,\
4935 :SDWORD, :SDWORD, :UINT
4936TBSTATE_ENABLED EQU 4h
4937TBSTYLE_BUTTON EQU 0h
4938TBSTYLE_SEP EQU 1h
4939TBSTYLE_TOOLTIPS EQU 0100h
4940
4941TB_ADDBITMAP EQU WM_USER + 13h
4942
4943
4944HINST_COMMCTRL EQU -1h
4945IDB_STD_SMALL_COLOR EQU 00h
4946
4947STD_CUT EQU 00h
4948STD_COPY EQU 01h
4949STD_PASTE EQU 02h
4950STD_UNDO EQU 03h
4951STD_REDOW EQU 04h
4952STD_DELETE EQU 05h
4953STD_FILENEW EQU 06h
4954STD_FILEOPEN EQU 07h
4955STD_FILESAVE EQU 08h
4956STD_PRINTPRE EQU 09h
4957STD_PROPERTIES EQU 0Ah
4958STD_HELP EQU 0Bh
4959STD_FIND EQU 0Ch
4960STD_REPLACE EQU 0Dh
4961STD_PRINT EQU 0Eh
4962
4963TTN_FIRST EQU -520
4964TTN_NEEDTEXT EQU TTN_FIRST - 0
4965
4966TOOLTIPTEXTA STRUCT
4967 hdr NMHDR <>
4968 lpszText LPSTR ?
4969 szText SBYTE 80 DUP (?)
4970 hinst HINSTANCE ?
4971 uFlags UINT ?
4972TOOLTIPTEXTA ENDS
4973LPTOOLTIPTEXT TYPEDEF PTR TOOLTIPTEXTA
4974TOOLTIPTEXT TEXTEQU <TOOLTIPTEXTA>
4975
4976CreateStatusWindow PROCDESC WINAPI :LONG, :LPCSTR, :HWND, :UINT
4977
4978SB_SETTEXTA EQU (WM_USER+1)
4979SB_SETTEXT EQU SB_SETTEXTA
4980SB_SIMPLE EQU (WM_USER+9)
4981SBT_NOBORDERS EQU 0100h
4982SBT_POPOUT EQU 0200h
4983
4984TBM_GETPOS EQU (WM_USER)
4985TBM_SETPOS EQU (WM_USER+5)
4986TBM_SETRANGE EQU (WM_USER+6)
4987TBM_SETTICFREQ EQU (WM_USER+20)
4988TBM_SETPAGESIZE EQU (WM_USER+21)
4989TB_LINEUP EQU 00h
4990TB_LINEDOWN EQU 01h
4991TB_PAGEUP EQU 02h
4992TB_PAGEDOWN EQU 03h
4993TB_THUMBPOSITION EQU 04h
4994TB_THUMBTRACK EQU 05h
4995TB_TOP EQU 06h
4996TB_BOTTOM EQU 07h
4997TB_ENDTRACK EQU 08h
4998
4999UDM_SETRANGE EQU (WM_USER+101)
5000UDM_SETPOS EQU (WM_USER+103)
5001UDM_GETPOS EQU (WM_USER+104)
5002
5003
5004
5005;............................
5006;Added 21 Feb 97
5007
5008IDI_APPLICATION EQU 32512
5009IDI_HAND EQU 32513
5010IDI_QUESTION EQU 32514
5011IDI_EXCLAMATION EQU 32515
5012IDI_ASTERISK EQU 32516
5013
5014MB_ICONHAND EQU 00000010h
5015MB_ICONQUESTION EQU 00000020h
5016MB_ICONEXCLAMATION EQU 00000030h
5017MB_ICONASTERISK EQU 00000040h
5018
5019;taken from WINGDI.H:
5020OEM_FIXED_FONT EQU 10
5021ANSI_FIXED_FONT EQU 11
5022ANSI_VAR_FONT EQU 12
5023SYSTEM_FONT EQU 13
5024DEVICE_DEFAULT_FONT EQU 14
5025DEFAULT_PALETTE EQU 15
5026SYSTEM_FIXED_FONT EQU 16
5027
5028
5029MessageBeep PROCDESC WINAPI :DWORD
5030
5031MINMAXINFO struc
5032 res_x dd ?
5033 res_y dd ?
5034 maxsize_x dd ?
5035 maxsize_y dd ?
5036 maxposition_x dd ?
5037 maxposition_y dd ?
5038 mintrackposition_x dd ?
5039 mintrackposition_y dd ?
5040 maxtrackposition_x dd ?
5041 maxtrackposition_y dd ?
5042MINMAXINFO ends
diff --git a/other/burneye/tmp/deburneye-1.0-final.c b/other/burneye/tmp/deburneye-1.0-final.c
new file mode 100644
index 0000000..7ab5f81
--- /dev/null
+++ b/other/burneye/tmp/deburneye-1.0-final.c
@@ -0,0 +1,257 @@
1/*
2 * Burneye Decryptor v0.1.0
3 * Copyright 2001 PM <pm@coredump.cx>
4 * All rights reserved
5 *
6 * THIS IS PRIVATE SOURCE CODE. YOU'RE NOT ALLOWED TO
7 * DISTRIBUTE IT. I DO NOT WANT TO SEE THIS SHOW UP IN
8 * A PUBLIC FORUM SUCH AS HACK.CO.ZA OR BUGTRAQ.
9 *
10 * v0.1.0 (2002/01/04)
11 * Initial Release
12 */
13#include <sys/types.h>
14#include <sys/ptrace.h>
15#include <sys/wait.h>
16#include <sys/user.h>
17#include <errno.h>
18#include <unistd.h>
19#include <stdlib.h>
20#include <stdio.h>
21
22/*
23 * Global Variables
24 */
25pid_t pid;
26unsigned debug = 0;
27unsigned short killapp = 0, quiet = 0;
28struct user regs;
29
30/*
31 * Function Declarations
32 */
33void print_usage(const char *);
34void ptrace_until_eip(const unsigned long);
35unsigned long ptrace_read_data(const unsigned long);
36void ptrace_write_data(const unsigned long, const unsigned long);
37void ptrace_read_regs();
38
39/*
40 * Main Application
41 */
42int main(int argc, char *argv[])
43{
44 unsigned long data;
45 unsigned long filesize,i,pos;
46 FILE *fp;
47 char *outfile = 0, *infile = 0;
48 int opt;
49
50 /* Check Arguments */
51 while ((opt = getopt(argc, argv, "i:o:d:kq")) > 0) {
52 switch (opt) {
53 case 'i':
54 infile = optarg;
55 break;
56 case 'o':
57 outfile = optarg;
58 break;
59 case 'd':
60 debug = atoi(optarg);
61 break;
62 case 'k':
63 killapp++;
64 break;
65 case 'q':
66 quiet++;
67 break;
68 }
69 }
70 if (!quiet) {
71 printf( "Burneye Decryptor v0.1.0\n"
72 "Copyright 2001 PM <pm@coredump.cx>\n"
73 "All rights reserved, do not distribute!\n\n"
74 );
75 }
76 if (!infile) {
77 print_usage(argv[0]);
78 }
79 if (!outfile) {
80 outfile = "output";
81 }
82
83 /* Fork */
84 pid = fork();
85 if (pid < 0) {
86 perror("fork");
87 exit(EXIT_FAILURE);
88 }
89
90 /* Setup ptrace on child */
91 if (pid == 0) {
92 if (ptrace(PTRACE_TRACEME, 0, NULL, NULL)) {
93 perror("ptrace PTRACE_TRACEME");
94 exit(EXIT_FAILURE);
95 }
96 if (debug) fprintf(stderr, "debug: child is executing: %s\n",
97 infile);
98 close(1);
99 dup2(2, 1);
100 execl(infile,infile,NULL);
101 perror("execl");
102 exit(EXIT_FAILURE);
103 }
104 wait(NULL);
105
106 /* Print entry point */
107 if (debug) {
108 ptrace_read_regs();
109 fprintf(stderr,"debug: entrypoint: %.8lX\n", regs.regs.eip);
110 }
111
112 /* Run until after decryption phase #1 */
113 if (!quiet) printf("Decrypting. Be patient\n");
114 if (debug) fprintf(stderr,"debug: decryption phase #1\n");
115 ptrace_until_eip(0x053710AB);
116
117 /* Remove anti debugging tricks */
118 if (debug) fprintf(stderr,"debug: removing anti-debug code\n");
119 data = ptrace_read_data(0x053714CC);
120 data &= 0xFF00FFFF; data += 0xEB0000;
121 ptrace_write_data(0x053714CC,data);
122
123 /* Find startpos */
124 if (debug) fprintf(stderr,"debug: find elf header\n");
125 ptrace_until_eip(0x05371A07);
126 ptrace_read_regs();
127 data = ptrace_read_data(regs.regs.ebp-0x2E0);
128
129 /* Still not always correct, search for elf header */
130 pos = data-1;
131 do {
132 data = ptrace_read_data(++pos);
133 } while (data != 0x464C457F);
134
135 /* Continue until end of burneye stub */
136 ptrace_until_eip(0x053710FC);
137
138 /* Get filesize, and calculate output filesize */
139 if (debug) fprintf(stderr,"debug: dumping data\n");
140 fp = fopen(infile,"r");
141 fseek(fp,0,SEEK_END);
142 filesize = ftell(fp)-(pos-0x05370000);
143 fclose(fp);
144 if (debug) fprintf(stderr,"debug: output filesize %ld\n",filesize);
145
146 /* Write output file */
147 if (debug) fprintf(stderr,"debug: dumping to file");
148 fp = fopen(outfile,"w");
149 if (!fp) {
150 perror("fopen outputfile");
151 exit(EXIT_FAILURE);
152 }
153 for(i=0; i<filesize; i+=4) {
154 data = ptrace_read_data(pos+i);
155 fwrite(&data,4,1,fp);
156 }
157 fseek(fp,0,0);
158 ftruncate(fileno(fp),filesize);
159 fclose(fp);
160
161 /* Kill process or let go of it */
162 if (killapp) {
163 if (debug) fprintf(stderr,"debug: killing application\n");
164 if (ptrace(PTRACE_KILL, pid, NULL, NULL) < 0) {
165 perror("ptrace PTRACE_KILL");
166 exit(EXIT_FAILURE);
167 }
168 } else {
169 if (debug) fprintf(stderr,"debug: let application run\n");
170 if (ptrace(PTRACE_DETACH, pid, NULL, NULL) < 0) {
171 perror("ptrace PTRACE_DETACH");
172 exit(EXIT_FAILURE);
173 }
174 }
175
176 /* Everything done */
177 if (!quiet) printf("Done, decryption completed\n");
178 exit(EXIT_SUCCESS);
179}
180
181/*
182 * Print application usage and quit
183 */
184void print_usage(const char *argv0)
185{
186 printf("usage: %s <arguments>\n", argv0);
187 printf("-i infile input file (required)\n"
188 "-o outfile output file (default: output)\n"
189 "-k kill application after decryption\n"
190 "-q quiet mode, display errors only\n"
191 "-d debuglevel debug level (1-debug info, 2-ptrace info)\n"
192 );
193 exit(EXIT_FAILURE);
194}
195
196/*
197 * Single step until a given EIP
198 */
199void ptrace_until_eip(const unsigned long eip)
200{
201 do {
202 if (ptrace(PTRACE_SINGLESTEP, pid, NULL, NULL) < 0) {
203 perror("ptrace PTRACE_SINGLESTEP");
204 exit(EXIT_FAILURE);
205 }
206 wait(NULL);
207 ptrace_read_regs();
208 } while (regs.regs.eip != eip);
209}
210
211/*
212 * Read registers
213 */
214void ptrace_read_regs()
215{
216 memset (&regs, 0, sizeof (regs));
217 if (ptrace(PTRACE_GETREGS, pid, NULL, &regs) < 0) {
218 perror("ptrace PTRACE_GETREGS");
219 exit(EXIT_FAILURE);
220 }
221}
222
223/*
224 * Read data from process
225 */
226unsigned long ptrace_read_data(const unsigned long addr)
227{
228 unsigned long data;
229 errno = 0;
230 data = ptrace(PTRACE_PEEKDATA, pid, addr, NULL);
231 if (errno) {
232 perror("ptrace PTRACE_PEEKDATA");
233 exit(EXIT_FAILURE);
234 }
235 if (debug > 1) {
236 fprintf(stderr,"ptrace_read_data: read %.8lX from %.8lX\n",
237 data, addr);
238 }
239 return data;
240}
241
242/*
243 * Write data to process
244 */
245void ptrace_write_data(const unsigned long addr, const unsigned long data)
246{
247 if (ptrace(PTRACE_POKEDATA, pid, addr, data) < 0) {
248 perror("ptrace PTRACE_POKEDATA");
249 exit(EXIT_FAILURE);
250 }
251 if (debug > 1) {
252 fprintf(stderr,"ptrace_write_data: wrote %.8lX to %.8lX\n",
253 data, addr);
254 }
255}
256
257
diff --git a/other/burneye/tmp/deburneye-2.0-trap.c b/other/burneye/tmp/deburneye-2.0-trap.c
new file mode 100644
index 0000000..527cd69
--- /dev/null
+++ b/other/burneye/tmp/deburneye-2.0-trap.c
@@ -0,0 +1,435 @@
1/*
2 * Burneye Decryptor v0.2.0
3 * Copyright 2002 PM <pm@coredump.cx>
4 * All rights reserved
5 *
6 * THIS IS PRIVATE SOURCE CODE. YOU'RE NOT ALLOWED TO
7 * DISTRIBUTE IT. I DO NOT WANT TO SEE THIS SHOW UP IN
8 * A PUBLIC FORUM SUCH AS HACK.CO.ZA OR BUGTRAQ.
9 *
10 * v0.2.0 (2002/01/06)
11 * Added decryption trap
12 *
13 * v0.1.0 (2002/01/04)
14 * Initial Release
15 */
16#include <sys/types.h>
17#include <sys/ptrace.h>
18#include <sys/wait.h>
19#include <sys/user.h>
20#include <errno.h>
21#include <unistd.h>
22#include <stdlib.h>
23#include <stdio.h>
24#include <string.h>
25
26/*
27 * Global Variables
28 */
29pid_t pid;
30unsigned debug = 0;
31unsigned short killapp = 0, quiet = 0;
32struct user regs;
33
34/*
35 * Code for use with the trap function
36 * Full NASM source is appended at the end
37 */
38#define TRAPSTARTUP_SIZE 9
39unsigned char trapstartup[TRAPSTARTUP_SIZE] = {
40 0x67,0xBF,0x00,0x1E,0x37,0x05,0x67,0xFF,0xE7
41};
42#define TRAPCODE_SIZE 174
43unsigned char trapcode[TRAPCODE_SIZE] = {
44 0x9C,0x60,0xB8,0x05,0x00,0x00,0x00,0xBB,0x04,0x1F,0x37,0x05,
45 0xB9,0x41,0x00,0x00,0x00,0xBA,0x80,0x01,0x00,0x00,0xCD,0x80,
46 0x89,0xC7,0xBE,0x0B,0x5A,0x37,0x05,0x46,0x81,0x3E,0x7F,0x45,
47 0x4C,0x46,0x75,0xF7,0xB8,0x00,0x1F,0x37,0x05,0x8B,0x10,0xB8,
48 0x04,0x00,0x00,0x00,0x89,0xFB,0x89,0xF1,0x29,0xF2,0xCD,0x80,
49 0xB8,0x06,0x00,0x00,0x00,0x89,0xFB,0xCD,0x80,0xB8,0x80,0x1F,
50 0x37,0x05,0x80,0x38,0x00,0x0F,0x84,0x3E,0x00,0x00,0x00,0xB8,
51 0x02,0x00,0x00,0x00,0xCD,0x80,0x09,0xC0,0x0F,0x85,0x2F,0x00,
52 0x00,0x00,0xB8,0x80,0x1F,0x37,0x05,0xBF,0xF0,0x1F,0x37,0x05,
53 0xAB,0xB8,0x00,0x00,0x00,0x00,0xAB,0xAB,0xB8,0x0B,0x00,0x00,
54 0x00,0xBB,0x80,0x1F,0x37,0x05,0xB9,0xF0,0x1F,0x37,0x05,0xBA,
55 0xF8,0x1F,0x37,0x05,0xCD,0x80,0xB8,0x01,0x00,0x00,0x00,0xCD,
56 0x80,0xBF,0xD8,0x10,0x37,0x05,0xB8,0x50,0x8D,0xBC,0x24,0xAB,
57 0xB8,0x00,0xF0,0xFF,0xFF,0xAB,0xC6,0x07,0x60,0x61,0x9D,0xBF,
58 0xD8,0x10,0x37,0x05,0xFF,0xE7
59};
60
61/*
62 * Function Declarations
63 */
64void print_usage(const char *);
65void ptrace_until_eip(const unsigned long);
66unsigned long ptrace_read_data(const unsigned long);
67void ptrace_write_data(const unsigned long, const unsigned long);
68void ptrace_read_regs();
69
70/*
71 * Main Application
72 */
73int main(int argc, char *argv[])
74{
75 unsigned long data;
76 unsigned long filesize,i,pos;
77 FILE *fp;
78 char *outfile = 0, *infile = 0;
79 char *trapfile = 0, *trapapp = 0;
80 int opt;
81
82 /* Check Arguments */
83 while ((opt = getopt(argc, argv, "i:o:d:kqt:r:")) > 0) {
84 switch (opt) {
85 case 'i':
86 infile = optarg;
87 break;
88 case 'o':
89 outfile = optarg;
90 break;
91 case 'd':
92 debug = atoi(optarg);
93 break;
94 case 'k':
95 killapp++;
96 break;
97 case 'q':
98 quiet++;
99 break;
100 case 't':
101 trapfile = optarg;
102 break;
103 case 'r':
104 trapapp = optarg;
105 break;
106 }
107 }
108 if (!quiet) {
109 printf("Burneye Decryptor v0.2.0\n"
110 "Copyright 2002 PM <pm@coredump.cx>\n"
111 "All rights reserved, do not distribute!\n"
112 );
113 }
114 if (!infile) {
115 print_usage(argv[0]);
116 }
117 if (!outfile) {
118 outfile = "output";
119 }
120 if (trapfile && strlen(trapfile) > 64) {
121 fprintf(stderr,"Trap output filename may only be 64 "
122 "characters long");
123 exit(EXIT_FAILURE);
124 }
125 if (trapapp && strlen(trapapp) > 64) {
126 fprintf(stderr,"Trap application name may only be 64 "
127 "characters long");
128 exit(EXIT_FAILURE);
129 }
130
131 /* Fork */
132 pid = fork();
133 if (pid < 0) {
134 perror("fork");
135 exit(EXIT_FAILURE);
136 }
137
138 /* Setup ptrace on child */
139 if (pid == 0) {
140 if (ptrace(PTRACE_TRACEME, 0, NULL, NULL)) {
141 perror("ptrace PTRACE_TRACEME");
142 exit(EXIT_FAILURE);
143 }
144 if (debug) fprintf(stderr, "debug: child is executing: %s\n",
145 infile);
146 close(1);
147 dup2(2, 1);
148 execl(infile,infile,NULL);
149 perror("execl");
150 exit(EXIT_FAILURE);
151 }
152 wait(NULL);
153
154 /* Print entry point */
155 if (debug) {
156 ptrace_read_regs();
157 fprintf(stderr,"debug: entrypoint: %.8lX\n", regs.regs.eip);
158 }
159
160 /* Run until after decryption phase #1 */
161 if (!quiet) printf("Decrypting. Be patient\n");
162 if (debug) fprintf(stderr,"debug: decryption phase #1\n");
163 ptrace_until_eip(0x053710AB);
164
165 if (!trapfile) {
166
167 /* Remove anti debugging tricks */
168 if (debug) fprintf(stderr,"debug: removing anti-debug code\n");
169 data = ptrace_read_data(0x053714CC);
170 data &= 0xFF00FFFF; data += 0xEB0000;
171 ptrace_write_data(0x053714CC,data);
172
173 /* Find startpos */
174 if (debug) fprintf(stderr,"debug: find elf header\n");
175 ptrace_until_eip(0x05371A07);
176 ptrace_read_regs();
177 data = ptrace_read_data(regs.regs.ebp-0x2E0);
178
179 /* Still not always correct, search for elf header */
180 pos = data-1;
181 do {
182 data = ptrace_read_data(++pos);
183 } while (data != 0x464C457F);
184
185 /* Continue until end of burneye stub */
186 ptrace_until_eip(0x053710FC);
187
188 } else {
189
190 pos = 0x05370000;
191
192 }
193
194 /* Get filesize, and calculate output filesize */
195 if (debug) fprintf(stderr,"debug: dumping data\n");
196 fp = fopen(infile,"r");
197 fseek(fp,0,SEEK_END);
198 if (!trapfile) {
199 filesize = ftell(fp)-(pos-0x05370000);
200 } else {
201 filesize = ftell(fp);
202 }
203 fclose(fp);
204 if (debug) fprintf(stderr,"debug: output filesize %ld\n",filesize);
205
206 /* Write output file */
207 if (debug) fprintf(stderr,"debug: dumping to file");
208 fp = fopen(outfile,"w");
209 if (!fp) {
210 perror("fopen outputfile");
211 exit(EXIT_FAILURE);
212 }
213 for(i=0; i<filesize; i+=4) {
214 data = ptrace_read_data(pos+i);
215 fwrite(&data,4,1,fp);
216 }
217 fseek(fp,0,SEEK_SET);
218 ftruncate(fileno(fp),filesize);
219 if (!trapfile) {
220 fclose(fp);
221 }
222
223 /* Kill process or let go of it */
224 if (killapp || trapfile) {
225 if (debug) fprintf(stderr,"debug: killing application\n");
226 if (ptrace(PTRACE_KILL, pid, NULL, NULL) < 0) {
227 perror("ptrace PTRACE_KILL");
228 exit(EXIT_FAILURE);
229 }
230 } else {
231 if (debug) fprintf(stderr,"debug: let application run\n");
232 if (ptrace(PTRACE_DETACH, pid, NULL, NULL) < 0) {
233 perror("ptrace PTRACE_DETACH");
234 exit(EXIT_FAILURE);
235 }
236 }
237
238 /* Insert Trap Code */
239 if (trapfile) {
240 if (debug) fprintf(stderr,"debug: installing trap\n");
241 fseek(fp,0x107B,SEEK_SET);
242 fputc(0x90,fp);
243 fseek(fp,0x10D8,SEEK_SET);
244 fwrite(trapstartup,TRAPSTARTUP_SIZE,1,fp);
245 fseek(fp,0x1E00,SEEK_SET);
246 fwrite(trapcode,TRAPCODE_SIZE,1,fp);
247 fseek(fp,0x1F00,SEEK_SET);
248 filesize += 0x05370000;
249 fwrite(&filesize,4,1,fp);
250 fseek(fp,0x1F04,SEEK_SET);
251 fwrite(trapfile,strlen(trapfile)+1,1,fp);
252 fseek(fp,0x1F80,SEEK_SET);
253 if (trapapp) {
254 fwrite(trapapp,strlen(trapapp)+1,1,fp);
255 } else {
256 fputc(0,fp);
257 }
258 }
259
260 /* Everything done */
261 if (!quiet && !trapfile) printf("Done, decryption completed\n");
262 if (!quiet && trapfile) printf("Done, trapcode planted\n");
263 exit(EXIT_SUCCESS);
264}
265
266/*
267 * Print application usage and quit
268 */
269void print_usage(const char *argv0)
270{
271 printf("usage: %s <arguments>\n", argv0);
272 printf("-i infile input file (required)\n"
273 "-o outfile output file (default: output)\n"
274 "-t outfile install a decryption trap\n"
275 "-r application run an application after decryption trap\n"
276 "-k kill application after decryption\n"
277 "-q quiet mode, display errors only\n"
278 "-d debuglevel debug level (1-debug info, 2-ptrace info)\n"
279 );
280 exit(EXIT_FAILURE);
281}
282
283/*
284 * Single step until a given EIP
285 */
286void ptrace_until_eip(const unsigned long eip)
287{
288 do {
289 if (ptrace(PTRACE_SINGLESTEP, pid, NULL, NULL) < 0) {
290 perror("ptrace PTRACE_SINGLESTEP");
291 exit(EXIT_FAILURE);
292 }
293 wait(NULL);
294 ptrace_read_regs();
295 } while (regs.regs.eip != eip);
296}
297
298/*
299 * Read registers
300 */
301void ptrace_read_regs()
302{
303 memset (&regs, 0, sizeof (regs));
304 if (ptrace(PTRACE_GETREGS, pid, NULL, &regs) < 0) {
305 perror("ptrace PTRACE_GETREGS");
306 exit(EXIT_FAILURE);
307 }
308}
309
310/*
311 * Read data from process
312 */
313unsigned long ptrace_read_data(const unsigned long addr)
314{
315 unsigned long data;
316 errno = 0;
317 data = ptrace(PTRACE_PEEKDATA, pid, addr, NULL);
318 if (errno) {
319 perror("ptrace PTRACE_PEEKDATA");
320 exit(EXIT_FAILURE);
321 }
322 if (debug > 1) {
323 fprintf(stderr,"ptrace_read_data: read %.8lX from %.8lX\n",
324 data, addr);
325 }
326 return data;
327}
328
329/*
330 * Write data to process
331 */
332void ptrace_write_data(const unsigned long addr, const unsigned long data)
333{
334 if (ptrace(PTRACE_POKEDATA, pid, addr, data) < 0) {
335 perror("ptrace PTRACE_POKEDATA");
336 exit(EXIT_FAILURE);
337 }
338 if (debug > 1) {
339 fprintf(stderr,"ptrace_write_data: wrote %.8lX to %.8lX\n",
340 data, addr);
341 }
342}
343
344/*
345 * NASM Source code for the trap code
346 * compile with:
347 * nasm -f bin trapcode.asm
348 */
349
350/*
351 BITS 32
352
353 pushf
354 pushad
355
356 ;
357 ; Dump decrypted file to disk
358 ;
359
360 ; open file for writing
361 mov eax, 5 ; sys_open
362 mov ebx, 05371F04h ; ptr to filename
363 mov ecx, 65 ; write only / create file
364 mov edx, 0600q ; file mode
365 int 80h
366 mov edi, eax
367 ; find elf header
368 mov esi, 05375A0Ch-1
369ElfLoop:
370 inc esi
371 cmp dword [esi], 0464C457Fh
372 jnz short ElfLoop
373 ; write to file
374 mov eax, 05371F00h
375 mov edx, dword [eax]
376 mov eax, 4 ; sys_write
377 mov ebx, edi ; filedesc
378 mov ecx, esi ; buffer
379 sub edx, esi
380 int 80h
381 ; close file
382 mov eax, 6 ; sys_close
383 mov ebx, edi ; filedesc
384 int 80h
385
386 ;
387 ; Run command
388 ;
389
390 ; really run?
391 mov eax, 05371F80h
392 cmp byte [eax], 0
393 jz NoExec
394 ; fork
395 mov eax, 2 ; sys_fork
396 int 80h
397 or eax, eax ; parent?
398 jnz NoExec ; continue
399 ; prepare execve
400 mov eax, 05371F80h
401 mov edi, 05371FF0h
402 stosd
403 mov eax, 0
404 stosd
405 stosd
406 ; execve
407 mov eax, 11 ; sys_execve
408 mov ebx, 05371F80h ; ptr to arg0
409 mov ecx, 05371FF0h ; ptr to args
410 mov edx, 05371FF8h ; ptr to env
411 int 80h
412 ; kill child (if execve failed)
413 mov eax, 1
414 int 80h
415NoExec:
416
417 ;
418 ; Cleanup and return
419 ;
420
421 ; restore original code
422 mov edi, 053710D8h
423 mov eax, 024BC8D50h
424 stosd
425 mov eax, 0FFFFF000h
426 stosd
427 mov byte [edi], 060h
428 popad
429 popf
430 ; Return to application
431 mov edi, 053710D8h
432 jmp edi
433
434*/
435
diff --git a/other/burneye/tmp/dl_libv2.c b/other/burneye/tmp/dl_libv2.c
new file mode 100644
index 0000000..5a0aad5
--- /dev/null
+++ b/other/burneye/tmp/dl_libv2.c
@@ -0,0 +1,485 @@
1/*
2 * Copyright the grugq, 2001.
3 */
4
5#include <linux/types.h>
6#include <asm/unistd.h>
7#include <linux/fcntl.h>
8#include <linux/mman.h>
9#include <linux/dirent.h>
10
11#include "dl_libv2.h"
12
13
14static void * lib_open(const char *lib_name, void *head, void *handle);
15
16inline __syscall1(int, close, int, fd);
17inline __syscall3(int, open, const char *, file, int, flag, int, mode);
18inline __syscall3(ssize_t, read, int, fd, void *, buf, size_t, count);
19inline __syscall3(ssize_t, write, int, fd, const void *, buf, size_t, count);
20
21/*
22 * Elf hash function from the ABI.
23 */
24static unsigned long
25elf_hash(const unsigned char *name)
26{
27 unsigned long h = 0,
28 g;
29
30 while (*name) {
31 h = (h << 4) + *name++;
32 if ((g = h & 0xf0000000))
33 h ^= g >> 24;
34 h &= ~g;
35 }
36 return h;
37}
38
39/*
40 * turn a string (i.e. "0401b000") into a pointer
41 */
42static void *
43my_strtop(unsigned char *str, char **end)
44{
45 register unsigned char c,
46 *s;
47 register long r = 0;
48
49 s = str;
50 for (c = *s; c != '\0'; c = *s++) {
51 /* based on ASCII table order ;) */
52 if ((c >= '0') && (c <= '9'))
53 c -= '0';
54 else if ((c >= 'A') && (c <= 'F'))
55 c = (c - 'A') + 10;
56 else if ((c >= 'a') && (c <= 'f'))
57 c = (c - 'a') + 10;
58 else
59 break;
60 r *= 16;
61 r += c;
62 }
63 if (end)
64 *end = s;
65 return (void *)r;
66}
67
68/*
69 * a simplistic non optimized strncmp(3)
70 */
71static int
72my_strncmp(const char *s, const char *t, int len)
73{
74 register int i;
75
76 for (i = 0; (*s == *t) && (i <= len); s++, t++, i++)
77 if ((*s == '\0') || (i == len))
78 return 0;
79 return *s - *t;
80}
81
82static void *
83add_node(LibDesc *head, LibDesc *ld)
84{
85 int f = 0;
86 char name[7];
87 LibDesc * ret,
88 * n;
89
90 if (!head) {
91 f = 1;
92 head = ld;
93 head->l_prev = NULL;
94
95 name[0] = 'm';
96 name[1] = 'a';
97 name[2] = 'l';
98 name[3] = 'l';
99 name[4] = 'o';
100 name[5] = 'c';
101 name[6] = 0;
102
103 if ((head->malloc = dl_lib_sym(name, head)) == NULL)
104 return NULL;
105 }
106 else
107 while (head->l_prev)
108 head = head->l_prev;
109
110 if ((ret = head->malloc(sizeof (LibDesc))) == NULL)
111 return NULL;
112
113 /* -O will make this inline asm... */
114 memcpy(ret, ld, sizeof(LibDesc));
115
116 n = head;
117 while (n->l_next)
118 n = n->l_next;
119
120 n->l_next = ret;
121 /* ugly hack to save the head of the list */
122 if (!f)
123 ret->l_prev = n;
124 ret->l_next = NULL;
125
126 return ret;
127}
128
129static void *
130lib_open(const char *lib_name, void *head, void *lib_handle)
131{
132 int fd,
133 nread,
134 i;
135 char name[16], /* name buffer */
136 buf[BUFSIZ * 2], /* read buffer */
137 * text_start = NULL, /* store for the .text addr */
138 * p, /* walking pointer */
139 * q, /* standing pointer */
140 * s; /* store for strcmp() */
141 Elf32_Ehdr * ehdr;
142 Elf32_Phdr * phdr;
143 Elf32_Dyn * dyn;
144 LibDesc * libd;
145
146 /* enable pointer semantics */
147 libd = alloca(sizeof(LibDesc));
148 memset(libd, 0x00, sizeof(LibDesc));
149
150 /* wish there was a cleaner way of not using .rodata... :-/ */
151 /* actually there is, using a few shifts to make an int of
152 * every four char's then assigning that to a walking int ptr*/
153 name[ 0] = '/';
154 name[ 1] = 'p';
155 name[ 2] = 'r';
156 name[ 3] = 'o';
157 name[ 4] = 'c';
158 name[ 5] = '/';
159 name[ 6] = 's';
160 name[ 7] = 'e';
161 name[ 8] = 'l';
162 name[ 9] = 'f';
163 name[10] = '/';
164 name[11] = 'm';
165 name[12] = 'a';
166 name[13] = 'p';
167 name[14] = 's';
168 name[15] = '\0';
169
170 if ((fd = _open(name, O_RDONLY, 0)) <0)
171 return NULL;
172
173 /* memset becomes inline ASM with -O */
174 memset(buf, 0x00, sizeof(buf));
175
176 /* we read because we can't mmap(2) /proc... */
177 if ((nread = _read(fd, buf, sizeof buf)) < 0)
178 return NULL;
179 /* tidy up, need to leave the exec's environment as clean as possible */
180 (void)_close(fd);
181
182 /*
183 * here begins the hairy algo.
184 *
185 * We parse out a line of /proc/self/maps
186 * then we check to see if it is our library, if it is, then we
187 * need to save pointers to its .text string...
188 *
189 * later we can parse the string and determine pointers..
190 */
191 for (i=0; i < nread; i++) {
192 int in_lib = 0;
193
194 s = q = buf + i;
195 /* find end of string without walking off the stack... */
196 while ((*q != '\n') && (*q != '\0') && (i < nread)) {
197 q++;
198 i++;
199 }
200 *q = 0x00; /* terminate the string, for debugging */
201
202 /* check to see if we match the string */
203 for (p = q; (p > s) && (*p != ' '); p--) {
204 if (! my_strncmp(lib_name, p, strlen(lib_name)-1)) {
205 in_lib = 1;
206 break;
207 }
208 }
209
210 /* accounting is all updated, so just try again... */
211 if (!in_lib)
212 continue;
213
214 /* seek past the '04xxx-04xxx' to the first space */
215 for (p = s; (p < q) && (*p != ' '); p++)
216 ;
217 /* point to the protection string */
218 p++;
219
220 /* determine if we are looking at a .text segment,
221 * or a .data segment... */
222 if ((p[0] == 'r') && (p[1] == '-') && (p[2] == 'x'))
223 text_start = s;
224 else
225 ;
226
227 /* if we got what we come for, piss off */
228 if (text_start)
229 break;
230 }
231
232 /* the .data segment has the PT_DYNAMIC and has to follow the .text
233 * segment. This is a "feature", rather than a hard and fast rule, but
234 * it is reliable enough for almost all cases. This need not be true
235 * for PIC code (as in a library) and that bastard the owl might go
236 * and make this very annoying, but I don't think that is enough of
237 * an incentive to alter this code.
238 *
239 * It is, of course, quite trivial to add support for searching for the
240 * .data, in fact I have taken code out which did just that. The code
241 * was not needed and I felt it more imporant that this code be clear,
242 * rather than comprehensive.
243 *
244 * It is sufficient for now.
245 *
246 * the .text segment has the elf and program headers, and the .data
247 * should follow immediatly afterwards. The .data will have the
248 * dynamic linkage pointers so we can locate the hash table, string
249 * table, etc. etc.
250 */
251
252 libd->l_load_addr = my_strtop(text_start, &p);
253
254 ehdr =(Elf32_Ehdr *) libd->l_load_addr;
255 phdr =(Elf32_Phdr *)(libd->l_load_addr + ehdr->e_phoff);
256
257 while (phdr->p_type != PT_DYNAMIC)
258 phdr++;
259
260 /* the .dynamic is in the .data segment, but we can just use the
261 * load address to locate it in memory. non-portable? */
262 /* The correct way to do this is to use p_offset and p_align to
263 * calculate the location of the start of the .data and .dynamic
264 * segments... but this way works quite nicely */
265 dyn = (Elf32_Dyn *) (libd->l_load_addr + phdr->p_vaddr);
266
267 /*
268 * I can't understand why l_hash needs the load_addr added to it,
269 * and the other locations don't. It seems they are intialized
270 * by the rtdl and DT_HASH isn't; but I can't say for sure...
271 */
272 for (; dyn->d_tag != DT_NULL; dyn++) {
273 /* in retrospect this should have been a switch(). doh! */
274 if (dyn->d_tag == DT_HASH)
275 libd->l_buckets = (void *)((long)dyn->d_un.d_ptr +
276 (long)libd->l_load_addr);
277 else if (dyn->d_tag == DT_SYMTAB)
278 libd->l_symtab = (void *)dyn->d_un.d_ptr;
279 else if (dyn->d_tag == DT_STRTAB)
280 libd->l_strtab = (void *)dyn->d_un.d_ptr;
281 else
282 continue;
283 }
284
285 libd->l_nbuckets = *libd->l_buckets++;
286 libd->l_nchain = *libd->l_buckets++;
287 libd->l_chain = &(libd->l_buckets[libd->l_nbuckets]);
288
289 libd->l_handle = lib_handle;
290
291 return (add_node(head, libd));
292}
293
294void *
295dl_lib_init(void)
296{
297 char name[10];
298 LibDesc *head;
299
300 name[0] = '/';
301 name[1] = 'l';
302 name[2] = 'i';
303 name[3] = 'b';
304 name[4] = 'c';
305 name[5] = '-';
306 name[6] = 0;
307
308 if ((head =(LibDesc *)lib_open(name, NULL, NULL)) == NULL)
309 return NULL;
310 /* we resolve almost all of the functions we will need right here,
311 * this will save some execution time for apps which do multiple
312 * dl_lib_open()s...
313 *
314 * The penalty for code which only does a single dl_lib_init() is
315 * minimal, so I don't mind this sacrifice.
316 *
317 * The only thing that needs to be pointed out is that this is not OOP.
318 * Don't even think about accusing me of that malarky.
319 */
320
321 name[0] = 'f';
322 name[1] = 'r';
323 name[2] = 'e';
324 name[3] = 'e';
325 name[4] = 0;
326
327 if ((head->free = dl_lib_sym(name, head)) == NULL)
328 return NULL;
329
330 name[0] = '_';
331 name[1] = 'd';
332 name[2] = 'l';
333 name[3] = '_';
334 name[4] = 'o';
335 name[5] = 'p';
336 name[6] = 'e';
337 name[7] = 'n';
338 name[8] = 0;
339
340 if ((head->dlopen = dl_lib_sym(name, head)) == NULL)
341 return NULL;
342
343 name[0] = '_';
344 name[1] = 'd';
345 name[2] = 'l';
346 name[3] = '_';
347 name[4] = 'c';
348 name[5] = 'l';
349 name[6] = 'o';
350 name[7] = 's';
351 name[8] = 'e';
352 name[9] = 0;
353
354 if ((head->dlclose = dl_lib_sym(name, head)) == NULL)
355 return NULL;
356
357 return ((void *)head);
358}
359
360void
361dl_lib_fini(void *h)
362{
363 LibDesc *head,
364 *node;
365
366 head = (LibDesc *)h;
367
368 if (!head)
369 return;
370
371 while (head->l_prev)
372 head = head->l_prev;
373
374 /* seek the tail of the list */
375 for (node = head; node->l_next; node = node->l_next)
376 ;
377
378 /* walk up backwards, closing everything */
379 for (; node; node = node->l_prev)
380 dl_lib_close(node, head);
381
382 /* it should all be done */
383 return;
384}
385
386void
387dl_lib_close(void *l, void *h)
388{
389 LibDesc *head,
390 *fn,
391 *bn,
392 *ld;
393
394 ld = (LibDesc *)l;
395 head = (LibDesc *)h;
396 if (!ld || !h)
397 return;
398
399 while (head->l_prev)
400 head = head->l_prev;
401
402 /* if we have a dlopen() handle, we can close it */
403 if (ld->l_handle)
404 head->dlclose(ld->l_handle);
405
406 bn = ld->l_prev;
407 fn = ld->l_next;
408
409 /* iff we aren't the head of the list, then we need to remove ourselves
410 * and fix up the list:
411 *
412 * iff there is a previous node, point it to our l_next
413 * iff there is a next node, point it to our l_prev
414 * */
415 if (bn)
416 bn->l_next = fn;
417 if (fn)
418 fn->l_prev = bn;
419
420 head->free(ld);
421 ld = NULL; /* prevent silliness */
422
423 return;
424}
425
426void *
427dl_lib_open(char *lib_name, void *h)
428{
429 int foo = 1;
430 void * handle;
431 LibDesc * head;
432
433 head = (LibDesc *)h;
434
435 if (!lib_name || !head)
436 return NULL;
437
438 /* seek the head of the linked list */
439 while (head->l_prev)
440 head = head->l_prev;
441
442 if ((handle = head->dlopen(lib_name, 1, __builtin_return_address(0)))
443 == NULL)
444 return NULL;
445 /* we have successfully mapped the library into our space, now
446 * all we need to do is intialize our usual LibDesc for it */
447 return (lib_open(lib_name, head, handle));
448}
449
450
451void *
452dl_lib_sym(char *sym_name, void *handler)
453{
454 Elf32_Sym * sym,
455 * symtab;
456 int hn,
457 ndx;
458 char * strs;
459 LibDesc * libd = (LibDesc *)handler;
460
461 if (!sym_name || !libd)
462 return NULL;
463
464 strs = libd->l_strtab;
465 symtab = libd->l_symtab;
466
467 hn = elf_hash(sym_name) % libd->l_nbuckets;
468
469 /* we need to "follow the chain" until we find our function... */
470 for (ndx = libd->l_buckets[hn]; ndx; ndx = libd->l_chain[ndx]) {
471 sym = symtab + ndx;
472
473 if ((ELF32_ST_TYPE(sym->st_info) == STT_FUNC) &&
474 (!my_strncmp(strs + sym->st_name, sym_name,
475 strlen(sym_name) - 1))) {
476 /* we found it! rejoice the king has cum. */
477 return ((void *)((long)sym->st_value +
478 (long)libd->l_load_addr));
479 }
480 }
481
482 /* we have totally bombed out. There is no symbol by that name in the
483 * symtab... sorry :-( */
484 return NULL;
485}
diff --git a/other/burneye/tmp/dl_libv2.h b/other/burneye/tmp/dl_libv2.h
new file mode 100644
index 0000000..86f798c
--- /dev/null
+++ b/other/burneye/tmp/dl_libv2.h
@@ -0,0 +1,82 @@
1/*
2 * dl_libv2.h :
3 * defines and function defs for dl_libv2.c
4 *
5 * libdl.o needs to be linked in with the other object code to be loaded,
6 * in order to provide its fucktionality.
7 *
8 * dl_libv2.o will allow the dynamic linking against libraries that the
9 * runtime dynamic linker can find an mmap in... this means that you can
10 * use system libraries, or the full path to another library.
11 *
12 * The interface is described below.
13 * !! BE AWARE that this version of libdl uses the heap !!
14 * if you require a stack based libdl, then uses libdl_stack, which
15 * is availble in this distro.. (actually, dl_lib_stack.c was rm'd by
16 * accident... it requires too much work with alloca in main() anyway....
17 * just use the damn heap!)
18 *
19 *
20 * Copyright the grugq, 2001.
21 */
22
23#ifndef _LIB_DYN_LINKER__H
24#define _LIB_DYN_LINKER__H
25
26#include <elf.h>
27
28#define __syscall1(type,name,type1,arg1) \
29type _##name(type1 arg1) \
30{ \
31long __res; \
32__asm__ volatile ("int $0x80" \
33 : "=a" (__res) \
34 : "0" (__NR_##name),"b" ((long)(arg1))); \
35 return (type) __res; \
36}
37
38#define __syscall3(type,name,type1,arg1,type2,arg2,type3,arg3) \
39type _##name(type1 arg1,type2 arg2,type3 arg3) \
40{ \
41long __res; \
42__asm__ volatile ("int $0x80" \
43 : "=a" (__res) \
44 : "0" (__NR_##name),"b" ((long)(arg1)),"c" ((long)(arg2)), \
45 "d" ((long)(arg3))); \
46 return (type) __res; \
47}
48
49#define NULL ((void *)0) /* to avoid stdio.h */
50#define BUFSIZ 4096 /* should be plenty */
51
52struct lib_desc
53{
54 Elf32_Word * l_buckets; /* addr of the hash table */
55 Elf32_Word l_nbuckets; /* number of buckets in hash tab */
56 Elf32_Word l_nchain; /* number of elements in chain */
57 Elf32_Word * l_chain; /* addr of the chain */
58 Elf32_Sym * l_symtab; /* ptr to symbol table */
59 char * l_strtab; /* ptr to string table */
60 char * l_load_addr; /* load address of the library */
61 void * l_handle; /* handle from dlopen(), for dlcose() */
62 struct lib_desc * l_prev; /* pointer to previous LibDesc */
63 struct lib_desc * l_next; /* pointer to next LibDesc */
64 /* These values are only intialized for the head of the list */
65 void *(*malloc)(unsigned long); /* fct ptr to malloc(3) */
66 void (*free)(void *); /* fct ptr to free(3) */
67 void *(*dlopen)(char *, int, void *)
68 __attribute__ ((regparm(3))); /* fct ptr to _dl_open() */
69 void (*dlclose)(void *)
70 __attribute__ ((regparm(1))); /* fct ptr to _dl_close() */
71};
72
73typedef struct lib_desc LibDesc;
74
75/* PROTOTYPES */
76void * dl_lib_init(void);
77void dl_lib_fini(void *h);
78void * dl_lib_open(char *lib_name, void *head);
79void * dl_lib_sym(char *sym_name, void *handler);
80void dl_lib_close(void *lib, void *head);
81
82#endif /* _LIB_DYN_LINKER__H */
diff --git a/other/burneye/tmp/macro.gdb b/other/burneye/tmp/macro.gdb
new file mode 100644
index 0000000..cc24986
--- /dev/null
+++ b/other/burneye/tmp/macro.gdb
@@ -0,0 +1,10 @@
1define g
2stepi
3x/i $pc
4end
5define h
6x/2i $pc
7tbreak *$_
8continue
9x/i $pc
10end
diff --git a/other/burneye/tmp/upx/fold_elf86.asm b/other/burneye/tmp/upx/fold_elf86.asm
new file mode 100644
index 0000000..bf56800
--- /dev/null
+++ b/other/burneye/tmp/upx/fold_elf86.asm
@@ -0,0 +1,133 @@
1; fold_elf86.asm -- linkage to C code to process Elf binary
2;
3; This file is part of the UPX executable compressor.
4;
5; Copyright (C) 2000-2001 John F. Reiser
6; All Rights Reserved.
7;
8; UPX and the UCL library are free software; you can redistribute them
9; and/or modify them under the terms of the GNU General Public License as
10; published by the Free Software Foundation; either version 2 of
11; the License, or (at your option) any later version.
12;
13; This program is distributed in the hope that it will be useful,
14; but WITHOUT ANY WARRANTY; without even the implied warranty of
15; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16; GNU General Public License for more details.
17;
18; You should have received a copy of the GNU General Public License
19; along with this program; see the file COPYING.
20; If not, write to the Free Software Foundation, Inc.,
21; 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22;
23; Markus F.X.J. Oberhumer Laszlo Molnar John F. Reiser
24; markus@oberhumer.com ml1050@cdata.tvnet.hu jreiser@BitWagon.com
25;
26
27%define szElf32_Ehdr 0x34
28%define szElf32_Phdr 8*4
29%define e_entry (16 + 2*2 + 4)
30%define p_memsz 5*4
31%define szb_info 12
32%define szl_info 12
33%define szp_info 12
34%define a_val 4
35
36%define __NR_munmap 91
37
38;; control just falls through, after this part and compiled C code
39;; are uncompressed.
40
41fold_begin: ; enter: %ebx= &Elf32_Ehdr of this program
42 ; patchLoader will modify to be
43 ; dword sz_uncompressed, sz_compressed
44 ; byte compressed_data...
45
46 pop eax ; discard &sz_uncompressed
47 pop eax ; discard sz_uncompressed
48
49; Move argc,argv,envp down so that we can insert more Elf_auxv entries.
50; ld-linux.so.2 depends on AT_PHDR and AT_ENTRY, for instance
51
52%define PAGE_SIZE ( 1<<12)
53%define OVERHEAD 2048
54%define MAX_ELF_HDR 512
55
56 mov esi, esp
57 sub esp, byte 6*8 ; AT_PHENT, AT_PHNUM, AT_PAGESZ, AT_ENTRY, AT_PHDR, AT_NULL
58 mov edi, esp
59 call do_auxv
60
61 push ebx ; save &Elf32_Ehdr of this stub
62 sub esp, dword MAX_ELF_HDR + OVERHEAD
63 lea eax, [szElf32_Ehdr + 2*szElf32_Phdr + szl_info + szp_info + ebx] ; 1st &b_info
64 mov esi, [e_entry + ebx] ; beyond compressed data
65 sub esi, eax ; length of compressed data
66 mov ebx, [ eax] ; length of uncompressed ELF headers
67 mov edx, esp ;
68 mov ecx, [4+ eax] ; length of compressed ELF headers
69 add ecx, byte szb_info
70 pusha ; (AT_next, sz_cpr, f_expand, &tmp_ehdr, {sz_unc, &tmp}, {sz_cpr, &b1st_info} )
71EXTERN upx_main
72 call upx_main ; returns entry address
73 add esp, dword 8*4 + MAX_ELF_HDR + OVERHEAD ; remove 8 params, temp space
74 pop ebx ; &Elf32_Ehdr of this stub
75 push eax ; save entry address
76
77 mov edi, [a_val + edi] ; AT_PHDR
78find_hatch:
79 push edi
80EXTERN make_hatch
81 call make_hatch ; find hatch = make_hatch(phdr)
82 pop ecx ; junk the parameter
83 add edi, byte szElf32_Phdr ; prepare to try next Elf32_Phdr
84 test eax,eax
85 jz find_hatch
86 xchg eax,edx ; edx= &hatch
87
88; _dl_start and company (ld-linux.so.2) assumes that it has virgin stack,
89; and does not initialize all its stack local variables to zero.
90; Ulrich Drepper (drepper@cyngus.com) has refused to fix the bugs.
91; See GNU wwwgnats libc/1165 .
92
93%define N_STKCLR (0x100 + MAX_ELF_HDR + OVERHEAD)/4
94 lea edi, [esp - 4*N_STKCLR]
95 pusha ; values will be zeroed
96 mov ecx, N_STKCLR
97 xor eax,eax
98 rep stosd
99
100 xor ecx, ecx ; 0
101 mov ch, PAGE_SIZE>>8 ; 0x1000
102 add ecx, [p_memsz + szElf32_Ehdr + ebx] ; length to unmap
103 mov bh, 0 ; from 0x401000 to 0x400000
104 push byte __NR_munmap
105 pop eax
106 jmp edx ; unmap ourselves via escape hatch, then goto entry
107
108do_auxv: ; entry: %esi=src = &argc; %edi=dst. exit: %edi= &AT_NULL
109 ; cld
110
111L10: ; move argc+argv
112 lodsd
113 stosd
114 test eax,eax
115 jne L10
116
117L20: ; move envp
118 lodsd
119 stosd
120 test eax,eax
121 jne L20
122
123L30: ; move existing Elf32_auxv
124 lodsd
125 stosd
126 test eax,eax ; AT_NULL ?
127 lodsd
128 stosd
129 jne L30
130
131 sub edi, byte 8 ; point to AT_NULL
132 ret
133
diff --git a/other/burneye/tmp/upx/l_lx_elf.c b/other/burneye/tmp/upx/l_lx_elf.c
new file mode 100644
index 0000000..4ac84cc
--- /dev/null
+++ b/other/burneye/tmp/upx/l_lx_elf.c
@@ -0,0 +1,379 @@
1/* l_lx_elf.c -- stub loader for Linux x86 ELF executable
2
3 This file is part of the UPX executable compressor.
4
5 Copyright (C) 1996-2001 Markus Franz Xaver Johannes Oberhumer
6 Copyright (C) 1996-2001 Laszlo Molnar
7 Copyright (C) 2000-2001 John F. Reiser
8 All Rights Reserved.
9
10 UPX and the UCL library are free software; you can redistribute them
11 and/or modify them under the terms of the GNU General Public License as
12 published by the Free Software Foundation; either version 2 of
13 the License, or (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; see the file COPYING.
22 If not, write to the Free Software Foundation, Inc.,
23 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24
25 Markus F.X.J. Oberhumer Laszlo Molnar John F. Reiser
26 markus@oberhumer.com ml1050@cdata.tvnet.hu jreiser@BitWagon.com
27 */
28
29
30#include "linux.hh"
31
32
33/*************************************************************************
34// configuration section
35**************************************************************************/
36
37// In order to make it much easier to move this code at runtime and execute
38// it at an address different from it load address: there must be no
39// static data, and no string constants.
40
41#define MAX_ELF_HDR 512 // Elf32_Ehdr + n*Elf32_Phdr must fit in this
42
43
44/*************************************************************************
45// "file" util
46**************************************************************************/
47
48struct Extent {
49 size_t size; // must be first to match size[0] uncompressed size
50 char *buf;
51};
52
53
54static void
55xread(struct Extent *x, char *buf, size_t count)
56{
57 char *p=x->buf, *q=buf;
58 size_t j;
59 if (x->size < count) {
60 exit(127);
61 }
62 for (j = count; 0!=j--; ++p, ++q) {
63 *q = *p;
64 }
65 x->buf += count;
66 x->size -= count;
67}
68
69
70/*************************************************************************
71// util
72**************************************************************************/
73
74#if 1 //{ save space
75#define ERR_LAB error: exit(127);
76#define err_exit(a) goto error
77#else //}{ save debugging time
78#define ERR_LAB
79static void
80err_exit(int a)
81{
82 (void)a; // debugging convenience
83 exit(127);
84}
85#endif //}
86
87static void *
88do_brk(void *addr)
89{
90 return brk(addr);
91}
92
93static char *
94do_mmap(void *addr, size_t len, int prot, int flags, int fd, off_t offset)
95{
96 (void)len; (void)prot; (void)flags; (void)fd; (void)offset;
97 return mmap((int *)&addr);
98}
99
100
101/*************************************************************************
102// UPX & NRV stuff
103**************************************************************************/
104
105typedef void f_unfilter(
106 nrv_byte *, // also addvalue
107 nrv_uint,
108 unsigned cto8 // junk in high 24 bits
109);
110typedef int f_expand(
111 const nrv_byte *, nrv_uint,
112 nrv_byte *, nrv_uint * );
113
114static void
115unpackExtent(
116 struct Extent *const xi, // input
117 struct Extent *const xo, // output
118 f_expand *const f_decompress,
119 f_unfilter *f_unf
120)
121{
122 while (xo->size) {
123 struct b_info h;
124 // Note: if h.sz_unc == h.sz_cpr then the block was not
125 // compressible and is stored in its uncompressed form.
126
127 // Read and check block sizes.
128 xread(xi, (char *)&h, sizeof(h));
129 if (h.sz_unc == 0) { // uncompressed size 0 -> EOF
130 if (h.sz_cpr != UPX_MAGIC_LE32) // h.sz_cpr must be h->magic
131 err_exit(2);
132 if (xi->size != 0) // all bytes must be written
133 err_exit(3);
134 break;
135 }
136 if (h.sz_cpr <= 0) {
137 err_exit(4);
138ERR_LAB
139 }
140 if (h.sz_cpr > h.sz_unc
141 || h.sz_unc > xo->size ) {
142 err_exit(5);
143 }
144 // Now we have:
145 // assert(h.sz_cpr <= h.sz_unc);
146 // assert(h.sz_unc > 0 && h.sz_unc <= blocksize);
147 // assert(h.sz_cpr > 0 && h.sz_cpr <= blocksize);
148
149 if (h.sz_cpr < h.sz_unc) { // Decompress block
150 nrv_uint out_len;
151 int const j = (*f_decompress)(xi->buf, h.sz_cpr, xo->buf, &out_len);
152 if (j != 0 || out_len != (nrv_uint)h.sz_unc)
153 err_exit(7);
154 // Skip Ehdr+Phdrs: separate 1st block, not filtered
155 if (f_unf // have filter
156 && ((512 < out_len) // this block is longer than Ehdr+Phdrs
157 || (xo->size==(unsigned)h.sz_unc) ) // block is last in Extent
158 ) {
159 (*f_unf)(xo->buf, out_len, h.b_cto8);
160 }
161 xi->buf += h.sz_cpr;
162 xi->size -= h.sz_cpr;
163 }
164 else { // copy literal block
165 xread(xi, xo->buf, h.sz_cpr);
166 }
167 xo->buf += h.sz_unc;
168 xo->size -= h.sz_unc;
169 }
170}
171
172// Create (or find) an escape hatch to use when munmapping ourselves the stub.
173// Called by do_xmap to create it, and by assembler code to find it.
174void *
175make_hatch(Elf32_Phdr const *const phdr)
176{
177 if (phdr->p_type==PT_LOAD && phdr->p_flags & PF_X) {
178 unsigned *hatch;
179 // The format of the 'if' is
180 // if ( ( (hatch = loc1), test_loc1 )
181 // || ( (hatch = loc2), test_loc2 ) ) {
182 // action
183 // }
184 // which uses the comma to save bytes when test_locj involves locj
185 // and the action is the same when either test succeeds.
186
187 // Try page fragmentation just beyond .text .
188 if ( ( (hatch = (void *)(phdr->p_memsz + phdr->p_vaddr)),
189 ( phdr->p_memsz==phdr->p_filesz // don't pollute potential .bss
190 && 4<=(~PAGE_MASK & -(int)hatch) ) ) // space left on page
191 // Try Elf32_Ehdr.e_ident[12..15] . warning: 'const' cast away
192 || ( (hatch = (void *)(&((Elf32_Ehdr *)phdr->p_vaddr)->e_ident[12])),
193 (phdr->p_offset==0) ) ) {
194 // Omitting 'const' saves repeated literal in gcc.
195 unsigned /*const*/ escape = 0xc36180cd; // "int $0x80; popa; ret"
196 // Don't store into read-only page if value is already there.
197 if (*hatch != escape) {
198 *hatch = escape;
199 }
200 return hatch;
201 }
202 }
203 return 0;
204}
205
206static void
207bzero(char *p, size_t len)
208{
209 if (len) do {
210 *p++= 0;
211 } while (--len);
212}
213
214
215static Elf32_Addr // entry address
216do_xmap(int const fdi, Elf32_Ehdr const *const ehdr, struct Extent *const xi,
217 Elf32_auxv_t *const a)
218{
219 Elf32_Phdr const *phdr = (Elf32_Phdr const *) (ehdr->e_phoff +
220 (char const *)ehdr);
221 unsigned long base = (ET_DYN==ehdr->e_type) ? 0x40000000 : 0;
222 int j;
223 for (j=0; j < ehdr->e_phnum; ++phdr, ++j)
224 if (PT_PHDR==phdr->p_type) {
225 a->a_un.a_val = phdr->p_vaddr;
226 }
227 else if (PT_LOAD==phdr->p_type) {
228 struct Extent xo;
229 size_t mlen = xo.size = phdr->p_filesz;
230 char *addr = xo.buf = (char *)phdr->p_vaddr;
231 char *haddr = phdr->p_memsz + (char *)phdr->p_vaddr;
232 size_t frag = (int)addr &~ PAGE_MASK;
233 mlen += frag;
234 addr -= frag;
235 if (ET_DYN==ehdr->e_type) {
236 addr += base;
237 haddr += base;
238 }
239 else { // There is only one brk, the one for the ET_EXEC
240 // Not needed if compressed a.elf is invoked directly.
241 // Needed only if compressed shell script invokes compressed shell.
242 do_brk(haddr+OVERHEAD); // Also takes care of whole pages of .bss
243 }
244 // Decompressor can overrun the destination by 3 bytes.
245 if (addr != do_mmap(addr, mlen + (xi ? 3 : 0), PROT_READ | PROT_WRITE,
246 MAP_FIXED | MAP_PRIVATE | (xi ? MAP_ANONYMOUS : 0),
247 fdi, phdr->p_offset - frag) ) {
248 err_exit(8);
249 }
250 if (0==base) {
251 base = (unsigned long)addr;
252 }
253 if (xi) {
254 unpackExtent(xi, &xo, (f_expand *)fdi,
255 ((phdr->p_flags & PF_X) ? (f_unfilter *)(2+ fdi) : 0));
256 }
257 bzero(addr, frag); // fragment at lo end
258 frag = (-mlen) &~ PAGE_MASK; // distance to next page boundary
259 bzero(mlen+addr, frag); // fragment at hi end
260 if (xi) {
261 make_hatch(phdr);
262 }
263 if (phdr->p_memsz != phdr->p_filesz) { // .bss
264 if (ET_DYN==ehdr->e_type) { // PT_INTERP whole pages of .bss?
265 addr += frag + mlen;
266 mlen = haddr - addr;
267 if (0 < (int)mlen) { // need more pages, too
268 if (addr != do_mmap(addr, mlen, PROT_READ | PROT_WRITE,
269 MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, 0, 0 ) ) {
270 err_exit(9);
271ERR_LAB
272 }
273 }
274 }
275 }
276 else { // no .bss
277 int prot = 0;
278 if (phdr->p_flags & PF_X) { prot |= PROT_EXEC; }
279 if (phdr->p_flags & PF_W) { prot |= PROT_WRITE; }
280 if (phdr->p_flags & PF_R) { prot |= PROT_READ; }
281 if (0!=mprotect(addr, mlen, prot)) {
282 err_exit(10);
283 }
284 if (xi) { // cleanup if decompressor overrun crosses page boundary
285 mlen += 3;
286 addr += mlen;
287 mlen &= ~PAGE_MASK;
288 if (mlen<=3) { // page fragment was overrun buffer only
289 munmap(addr - mlen, mlen);
290 }
291 }
292 }
293 if (ET_DYN!=ehdr->e_type) {
294 // Needed only if compressed shell script invokes compressed shell.
295 do_brk(haddr);
296 }
297 }
298 if (!xi) {
299 if (0!=close(fdi)) {
300 err_exit(11);
301 }
302 }
303 if (ET_DYN==ehdr->e_type) {
304 return ehdr->e_entry + base;
305 }
306 else {
307 return ehdr->e_entry;
308 }
309}
310
311
312/*************************************************************************
313// upx_main - called by our entry code
314//
315// This function is optimized for size.
316**************************************************************************/
317
318void *upx_main(
319 Elf32_auxv_t *const av,
320 unsigned const sz_compressed,
321 f_expand *const f_decompress,
322 Elf32_Ehdr *const ehdr,
323 struct Extent xo,
324 struct Extent xi
325) __asm__("upx_main");
326
327void *upx_main(
328 Elf32_auxv_t *const av,
329 unsigned const sz_compressed,
330 f_expand *const f_decompress,
331 Elf32_Ehdr *const ehdr, // temp char[MAX_ELF_HDR+OVERHEAD]
332 struct Extent xo, // {sz_unc, ehdr} for ELF headers
333 struct Extent xi // {sz_cpr, &b_info} for ELF headers
334)
335{
336 Elf32_Phdr const *phdr = (Elf32_Phdr const *)(1+ ehdr);
337 Elf32_Addr entry;
338
339 // sizeof(Ehdr+Phdrs), compressed; including b_info header
340 size_t const sz_pckhdrs = xi.size;
341
342 // Uncompress Ehdr and Phdrs.
343 unpackExtent(&xi, &xo, f_decompress, 0);
344
345 // Prepare to decompress the Elf headers again, into the first PT_LOAD.
346 xi.buf -= sz_pckhdrs;
347 xi.size = sz_compressed;
348
349 // av[0].a_un.a_val is set again by do_xmap if PT_PHDR is present.
350 // Caller of upx_main assumes that AT_PHDR will be set into av[0] .
351 av[0].a_type = AT_PHDR; av[0].a_un.a_ptr = 1+(Elf32_Ehdr *)phdr->p_vaddr;
352 av[1].a_type = AT_PHENT; av[1].a_un.a_val = ehdr->e_phentsize;
353 av[2].a_type = AT_PHNUM; av[2].a_un.a_val = ehdr->e_phnum;
354 av[3].a_type = AT_PAGESZ; av[3].a_un.a_val = PAGE_SIZE;
355 av[4].a_type = AT_ENTRY; av[4].a_un.a_val = ehdr->e_entry;
356 av[5].a_type = AT_NULL;
357 entry = do_xmap((int)f_decompress, ehdr, &xi, av);
358
359 { // Map PT_INTERP program interpreter
360 int j;
361 for (j=0; j < ehdr->e_phnum; ++phdr, ++j) if (PT_INTERP==phdr->p_type) {
362 char const *const iname = (char const *)phdr->p_vaddr;
363 int const fdi = open(iname, O_RDONLY, 0);
364 if (0 > fdi) {
365 err_exit(18);
366 }
367 if (MAX_ELF_HDR!=read(fdi, (void *)ehdr, MAX_ELF_HDR)) {
368ERR_LAB
369 err_exit(19);
370 }
371 entry = do_xmap(fdi, ehdr, 0, 0);
372 break;
373 }
374 }
375
376 return (void *)entry;
377}
378
379
diff --git a/other/burneye/tmp/upx/l_lx_elf86.asm b/other/burneye/tmp/upx/l_lx_elf86.asm
new file mode 100644
index 0000000..7d2dedb
--- /dev/null
+++ b/other/burneye/tmp/upx/l_lx_elf86.asm
@@ -0,0 +1,179 @@
1; l_lx_elf86.asm -- Linux program entry point & decompressor (Elf binary)
2;
3; This file is part of the UPX executable compressor.
4;
5; Copyright (C) 1996-2001 Markus Franz Xaver Johannes Oberhumer
6; Copyright (C) 1996-2001 Laszlo Molnar
7; Copyright (C) 2000-2001 John F. Reiser
8; All Rights Reserved.
9;
10; UPX and the UCL library are free software; you can redistribute them
11; and/or modify them under the terms of the GNU General Public License as
12; published by the Free Software Foundation; either version 2 of
13; the License, or (at your option) any later version.
14;
15; This program is distributed in the hope that it will be useful,
16; but WITHOUT ANY WARRANTY; without even the implied warranty of
17; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18; GNU General Public License for more details.
19;
20; You should have received a copy of the GNU General Public License
21; along with this program; see the file COPYING.
22; If not, write to the Free Software Foundation, Inc.,
23; 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24;
25; Markus F.X.J. Oberhumer Laszlo Molnar John F. Reiser
26; markus@oberhumer.com ml1050@cdata.tvnet.hu jreiser@BitWagon.com
27;
28
29
30 BITS 32
31 SECTION .text
32
33%define jmps jmp short
34%define jmpn jmp near
35
36; /*************************************************************************
37; // program entry point
38; // see glibc/sysdeps/i386/elf/start.S
39; **************************************************************************/
40
41GLOBAL _start
42;__LEXEC000__
43_start:
44 int3
45;; How to debug this code: Uncomment the 'int3' breakpoint instruction above.
46;; Build the stubs and upx. Compress a testcase, such as a copy of /bin/date.
47;; Invoke gdb, and give a 'run' command. Define a single-step macro such as
48;; define g
49;; stepi
50;; x/i $pc
51;; end
52;; and a step-over macro such as
53;; define h
54;; x/2i $pc
55;; tbreak *$_
56;; continue
57;; x/i $pc
58;; end
59;; Step through the code; remember that <Enter> repeats the previous command.
60;;
61 xor ebx, ebx
62 mov eax, 45
63 int 0x80
64 int3
65 call main ; push address of decompress subroutine
66decompress:
67
68; /*************************************************************************
69; // C callable decompressor
70; **************************************************************************/
71
72%define INP dword [esp+8*4+4]
73%define INS dword [esp+8*4+8]
74%define OUTP dword [esp+8*4+12]
75%define OUTS dword [esp+8*4+16]
76
77;__LEXEC009__
78 ;; empty section for commonality with l_lx_exec86.asm
79;__LEXEC010__
80 pusha
81 ; cld
82
83 mov esi, INP
84 mov edi, OUTP
85
86 or ebp, byte -1
87;;; align 8
88
89%include "n2b_d32.ash"
90%include "n2d_d32.ash"
91%include "macros.ash"
92 cjt32 0
93
94;__LEXEC015__
95 ; eax is 0 from decompressor code
96 ;xor eax, eax ; return code
97
98; check compressed size
99 mov edx, INP
100 add edx, INS
101 cmp esi, edx
102 jz .ok
103 dec eax
104.ok:
105
106; write back the uncompressed size
107 sub edi, OUTP
108 mov edx, OUTS
109 mov [edx], edi
110
111 mov [7*4 + esp], eax
112 popa
113 ret
114
115 ctojr32
116 ckt32 dl
117;__LEXEC017__
118 popa
119 ret
120
121;__LEXEC020__
122
123%define PAGE_SIZE ( 1<<12)
124
125%define MAP_FIXED 0x10
126%define MAP_PRIVATE 0x02
127%define MAP_ANONYMOUS 0x20
128%define PROT_READ 1
129%define PROT_WRITE 2
130%define PROT_EXEC 4
131%define __NR_mmap 90
132
133; Decompress the rest of this loader, and jump to it
134unfold:
135 pop esi ; &{ sz_uncompressed, sz_compressed, compressed_data...}
136 cld
137 lodsd
138 push eax ; sz_uncompressed (junk, actually)
139 push esp ; &sz_uncompressed
140 mov eax, 0x400000
141 push eax ; &destination
142
143 ; mmap a page to hold the decompressed program
144 xor ecx, ecx
145 push ecx
146 push ecx
147 mov ch, PAGE_SIZE >> 8
148 push byte MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS
149 push byte PROT_READ | PROT_WRITE | PROT_EXEC
150 push ecx ; length
151 push eax ; destination
152 mov ebx, esp ; address of parameter vector for __NR_mmap
153 push byte __NR_mmap
154 pop eax
155 int 0x80
156 xchg eax, ebx
157 mov bh, PAGE_SIZE>>8 ; ebx= 0x401000
158 add esp, byte 6*4 ; discard args to mmap
159
160 lodsd
161 push eax ; sz_compressed
162 lodsd ; junk cto8, algo, unused[2]
163 push esi ; &compressed_data
164 call ebp ; decompress(&src, srclen, &dst, &dstlen)
165 pop eax ; discard &compressed_data
166 pop eax ; discard sz_compressed
167 ret ; &destination
168main:
169 pop ebp ; &decompress
170 call unfold
171
172eof:
173; __XTHEENDX__
174 section .data
175 dd -1
176 dw eof
177
178; vi:ts=8:et:nowrap
179
diff --git a/other/burneye/tmp/upx/l_lx_elf86.lds b/other/burneye/tmp/upx/l_lx_elf86.lds
new file mode 100644
index 0000000..8f891b0
--- /dev/null
+++ b/other/burneye/tmp/upx/l_lx_elf86.lds
@@ -0,0 +1,51 @@
1/* l_lx_elf86.lds --
2
3 This file is part of the UPX executable compressor.
4
5 Copyright (C) 2000-2001 John F. Reiser
6 All Rights Reserved.
7
8 UPX and the UCL library are free software; you can redistribute them
9 and/or modify them under the terms of the GNU General Public License as
10 published by the Free Software Foundation; either version 2 of
11 the License, or (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; see the file COPYING.
20 If not, write to the Free Software Foundation, Inc.,
21 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22
23 Markus F.X.J. Oberhumer Laszlo Molnar John F. Reiser
24 markus@oberhumer.com ml1050@cdata.tvnet.hu jreiser@BitWagon.com
25 */
26
27
28OUTPUT_FORMAT("elf32-i386", "elf32-i386", "elf32-i386")
29OUTPUT_ARCH(i386)
30/*ENTRY(_start)*/
31PHDRS
32{
33 text PT_LOAD FILEHDR PHDRS ;
34 data PT_LOAD ; /* for setting brk(0) */
35 /* 3rd Phdr was not worth it; use "upx -d" first, then apply ldd */
36 /*null PT_NULL;*/ /* changed to PT_DYNAMIC for ldd */
37}
38SECTIONS
39{
40 /* 0x00401000: l_lx_elf86.asm assumes 1 page up from 64KB boundary */
41 . = 0x00401000 + SIZEOF_HEADERS + 12; /* 12==sizeof(l_info) */
42 .text : {
43 *(.text)
44 *(.data)
45 } : text
46 /* 0x08048000: customary Linux/x86 Elf .text start */
47 /* PackLinuxI386::buildLinuxLoader will overwrite the address anyway. */
48 . = 0x08048000 + (0xfff & .);
49 .data : {
50 } : data
51}