summaryrefslogtreecommitdiff
path: root/other/burneye/tmp/PE-Crypt-1.02/pe-crypt.asm
blob: 314a46ab3a6e33beb5645303e4d40b18fdb09664 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
         .486P
	LOCALS
	JUMPS
         .Model  Flat,StdCall
         %nolist
         %list

UNICODE=0

WriteConsole2 Macro oText
 pusha
 call TextBoxWrite, offset oText, 0
 popa
EndM

F1CKEN Macro _Byte
 Jmp $+3
 db _Byte
EndM

F1CKEN2 Macro _Byte
 jmp $+4
 int 20h
 jmp $+5
 db _Byte
 int 20h
EndM

F1CKEN3 Macro _Byte
 call $+8
 int 20h
 db _Byte
EndM

F1CKEN4 Macro _Byte
 push eax
 call $+13
 db _Byte
 db 0FFh
 pop eax
 jmp $+26
 F1CKEN 0Fh
 F1CKEN2 _Byte
 pop eax
 inc eax
 F1CKEN 8Bh
 inc eax
 jmp $+4
 db 36h
 db 83h
 push eax
 ret
EndM

F1CKEN5 Macro
 test eax,eax
 jnc $+4
 db 0F7h
 db 05h
EndM


CONFUSE Macro _Byte
 jmp $+8
 int 20h
 db _Byte
 db 00h
 db 05h
 db 00h
 jmp $+6
 int 20h
 db 06h
 db 00h
 jmp $+6
 int 20h
 db 05h
 db 00h
EndM

CONFUSE2 Macro _Byte
 jmp $+6
 jmp $+6
 jmp $+12
 jmp $-4
 jmp $-4
 int 20h
 db _Byte
 db 00H
 db 05h
 db 00h
EndM

SEH_TRICK1 Macro _Byte
 CONFUSE 0EAh
 mov edx,(offset $+30 - offset ToAdd)
 CONFUSE 08Dh
 add edx,ebx
 dw 0FFFFh
 db _Byte
 mov ebp,ebx
EndM

CheckforHookedFunctions Macro
 pushad
 mov al,byte ptr [(offset Thunktable+4+3 - offset ToAdd)+ebx]
 F1CKEN2 0EAh
 cmp al,byte ptr [(offset Thunktable+4+4+3 - offset ToAdd)+ebx]
 jnz DeCompressResources
 mov al,byte ptr [(Thunktable - offset ToAdd)+3+ebx]
 F1CKEN2 0EFh
 cmp al,byte ptr [(offset Thunktable+4+4+3 - offset ToAdd)+ebx]
 jnz DeCompressResources
 mov edx,(offset ModuleDLL - offset ToAdd)
 add edx,ebx
 F1CKEN2 0FFh
 push edx
 call dword ptr [(offset Thunktable+4 - offset ToAdd)+ebx] ; call "GetmoduleHandle"
 shr eax,32-8
 cmp al,byte ptr [(Thunktable - offset ToAdd)+3+ebx]
 F1CKEN2 0E9h
 jnz DeCompressResources
 cmp al,byte ptr [(offset Thunktable+4+4+3 - offset ToAdd)+ebx]
 F1CKEN2 0C7h
 jnz DeCompressResources
 cmp al,byte ptr [(offset Thunktable+4+3 - offset ToAdd)+ebx]
 F1CKEN2 0C8h
 jnz DeCompressResources
 popad
EndM


include w32.inc
Include k-data.inc
include	r-data.inc
Include r-loader.inc
include k-engine.asm

.Code

PeCryptAsm_Start:

;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
; Fixed ;) Now it acts da right way and we have a REAL win95 task
; means we have only one task even if several dilaog are active
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Main:
 call    FindWindow, offset szClassPE, offset DialogTitle
 test    eax, eax
 jnz     Already_Open

 pusha
 push 4
 push 1000h
 push (ToAdd_END - offset CRC_Block1)
 push 0
 call VirtualAlloc
 mov dword ptr [MemStart6],eax

 mov ecx,(ToAdd_END - offset CRC_Block1)
 mov esi,offset CRC_Block1
 mov edi,dword ptr [MemStart6]
 rep movsb
 popa

 push offset SEH_Handler  ; push the new SEH handler
 push dword ptr fs:[0]    ; push the previous one
 mov dword ptr fs:[0],esp ; save the new handler (install it)


	call    GetModuleHandle, 0         ; get hmod (in eax)
	mov     hInst, eax            ; hInstance is same as HMODULE in the Win32 world

        call InitCommonControls

;	mov	dword ptr muttafick, offset FakeProc
;	mov	dword ptr lpszClassName, offset szClassKI
;	call	RegisterClass, offset bla
;	call	CreateWindowEx,0, offset szClassKI, offset szClassKI, 0, 0, 0, 0, 0, 0, 0, hInst, 0
;	mov	dword ptr lpszClassName, offset szClassRA
;	call	RegisterClass, offset bla
;	call	CreateWindowEx,0, offset szClassRA, offset szClassRA, 0, 0, 0, 0, 0, 0, 0, hInst, 0
;	mov	dword ptr lpszClassName, offset szClassPE
;	call	RegisterClass, offset bla
;	call	CreateWindowEx,0, offset szClassPE, offset szClassPE, 0, 0, 0, 0, 0, 0, 0, hInst, 0


Splash:
	call    DialogBoxParamA, hInst , DLG_SPLASH, NULL , offset SplashProc, 0

Splash_End:
	call	GetCommandLine
; parse the command line - we want just the parameters
	mov	edi, eax
; Resolution of "can't open file pb" Command fucked up ;)
; Start of modification - G-RoM 08/07/98
	mov	COMMANDLINE, 0  ; Never forget it, NT dislike ;)
	xor	eax, eax
	xor     ecx, ecx
	dec	ecx
	push	edi
	cld
	repnz	scasb
	pop	edi
	not	ecx
	mov 	al,20h
	repnz 	scasb
	repz 	scasb
	test    ecx, ecx
	jz	EndCL
	dec 	edi
; End of modification - G-RoM 08/07/98
EndGCL:
	mov	COMMANDLINE, 1
	mov	esi, edi
	lea	edi, FileName2
	call	lstrlen, esi
	mov	ecx, eax
	repz	movsb
	lea	esi, FileName2
	lea	edi, CryptFile
	call	lstrlen, esi
	mov	ecx, eax
	repz	movsb
EndCL:

; initialize the WndClass (Window Class) structure
; Actually, we'll get the window class from a DIALOG resource (with CLASS directive)
;int 3
	mov	wc.wc_cbSize, WNDCLASSEX_
	mov	wc.wc_style, CS_HREDRAW + CS_VREDRAW
	mov	wc.wc_lpfnWndProc, offset DlgProc
	mov	wc.wc_cbClsExtra, 0
	mov	wc.wc_cbWndExtra, DLGWINDOWEXTRA	; necessary to use a DialogBox as
							; an window class
	mov	eax, hInst
	mov	wc.wc_hInstance, eax

; load main icon from resource
	call 	LoadIcon, hInst, ICON_MAIN
	mov	wc.wc_hIcon, eax
	mov	wc.wc_hIconSm, eax
; load a default cursor
  	call 	LoadCursor,NULL, IDC_ARROW
	mov	wc.wc_hCursor, eax

	mov	wc.wc_hbrBackground, COLOR_WINDOW
	mov	wc.wc_lpszMenuName, MENU_MENU
	mov	wc.wc_lpszClassName, offset szClassPE
;int 3
  	call 	RegisterClassEx, offset wc

; create main window
	call	CreateDialogParam, hInst, offset szClassPE, 0, NULL, 0
	mov	[hMain], eax		; We have now owner

	call	CreateToolbarEx, hMain, TBSTYLE_TOOLTIPS+WS_CHILD, 0, 8, hInst, 110, offset tdbutton, 8, 16, 16, 16, 16, 18
	mov	hToolBar, eax
	call	ShowWindow, eax, TRUE
	call	SendMessageA, hToolBar, TB_ENABLEBUTTON , ITEM_PROT, FALSE
	call	ListViewIni, hMain, 1015
	call	ListViewAddCol,60,offset SecName
	call	ListViewAddCol,75,offset SecVadd
	call	ListViewAddCol,85, offset SecVsize
	call	ListViewAddCol,75, offset SecRoff
	call	ListViewAddCol,85, offset SecRsize
	call	ListViewAddCol,90, offset SecRchar
	call	ListViewAddCol,60, offset SecRstate

        	call    TextBoxIni, [hMain], CTL_EDBOX		; EditBox Identifier given to Routine
	call	GetDlgItem, [hMain], CTL_PROGBAR	; Handle for progressbar
	mov	hPrgrs, eax
	cmp	COMMANDLINE, 1
	jnz	msg_loop
	mov	COMMANDLINE2, 1
	mov	COMMANDLINE, 0
msg_loop:
    	call 	GetMessage, offset msg, 0,0,0
	cmp	ax, 0
        	je      end_loop
	call	IsDialogMessage, [hMain], offset msg	; put this if you want to let the
	cmp	eax, TRUE				; system handle TAB, ENTER, etc
	jz	msg_loop

    	call 	TranslateMessage, offset msg
    	call 	DispatchMessage, offset msg
	jmp	msg_loop

end_loop:


 Push 2
 push (ToAdd_END - offset CRC_Block1)
 Push DWord Ptr [MemStart6]
 Call VirtualFree
 or eax,eax
 jne dealloc_error

Already_Open:

 call    SetForegroundWindow, eax
 call    ExitProcess, msg.ms_wParam


GeouttaHere:
 Push LARGE-1
 Call ExitProcess
CryptIT:

FakeProc proc uses ebx edi esi, hwnd:DWORD, wmsg:DWORD, wparam:DWORD, lparam:DWORD
xor eax, eax
ret
FakeProc	endp
PeCryptAsm_End:

Pecrypt_End:
 include r-seh.inc
End Main