home *** CD-ROM | disk | FTP | other *** search
/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / Library / +ORC / Orc pac 5 / FILEZ.ZIP / SKY.ZIP / REACHLDR.ZIP / SKYLOAD.ASM < prev    next >
Assembly Source File  |  1997-06-13  |  4KB  |  134 lines
  1. ;/***************************************************************************\
  2. ;                       Loader for Reach For The Sky
  3. ;                 Full Source Tested With TASM 4.0 and 5.0
  4. ;                                +gthorne'97
  5. ;\***************************************************************************/
  6.  
  7. .model small
  8. .code
  9. org 100h
  10.  
  11. start:
  12.  
  13. int_service     equ     03Dh    ; the interrupt service to be hooked
  14.  
  15.                 jmp     real_start        
  16.  
  17. filename        db      'reach.exe', 0          ; file to crack
  18.  
  19. int_entry:                                  
  20.                 push    bp                      ; Push All
  21.         mov    bp,sp
  22.         push    ax
  23.         push    dx
  24.         push    ds
  25.                 pushf                           
  26.  
  27. ;/***********************************************\
  28. ;  Code specific to the target program goes here
  29. ;\***********************************************/
  30.  
  31.                 cmp     ah,int_service  
  32.                 jne     time_to_go
  33.  
  34.                 cmp     dx, 13CEh  ; Does it attempt to open a file at 13CE?
  35.                 jnz     time_to_go
  36.  
  37.                 mov     ax,[bp+4]        ; get data segment 
  38.         mov    ds,ax
  39.  
  40.                 ;***********************;
  41.                 ; LOOK FOR BYTE PATTERN ;
  42.                 ;***********************;
  43.  
  44.                 cmp     byte ptr ds:0B6DAh, 74h
  45.                 jne     time_to_go
  46.  
  47.                 cmp     byte ptr ds:0B6DBh, 0Fh 
  48.                 jne     time_to_go
  49.  
  50.                 cmp     byte ptr ds:0B6DCh, 80h 
  51.                 jne     time_to_go
  52.  
  53.                 ;****************************;
  54.                 ; APPLY THE CRACK ON THE FLY ;
  55.                 ;****************************;
  56.  
  57.                 mov     byte ptr ds:0B6DAh, 0EBh
  58.                 mov     byte ptr ds:0B697h, 90h 
  59.                 mov     byte ptr ds:0B698h, 90h 
  60.                 mov     byte ptr ds:0B699h, 90h 
  61.                 mov     byte ptr ds:0B69Ah, 90h 
  62.                 mov     byte ptr ds:0B69Bh, 90h 
  63.  
  64.                 mov     dx,cs:data_9            ; Restore old int 21 ds:dx
  65.                 mov     ds,word ptr cs:data_9+2
  66.         mov    ax,2521h
  67.         int    21h            ; DOS Services  ah=function 25h
  68.                                                 ;  set intrpt vector 21 to ds:dx
  69. ;/*****************************\;
  70. ;  End of user-defined payload  ;
  71. ;\*****************************/;
  72.  
  73. time_to_go:
  74.                 popf                            ; Pop All
  75.         pop    ds
  76.         pop    dx
  77.         pop    ax
  78.         pop    bp
  79.  
  80.                 jmp     dword ptr cs:data_9     ; Jump to normal int 21 now
  81.  
  82. standard_data_block:
  83.  
  84. data_9          dw      0
  85.                 dw      8758h
  86. data_12         dw      0
  87.                 dw      01B2h
  88. data_13         dw      8758h                  
  89.                 dw      01B2h
  90. data_14         dw      8758h                  
  91.                 dw      01B2h
  92. data_15         dw      8758h                  
  93.                 dw      0
  94.  
  95. real_start:                                     
  96.         cli                ; Disable interrupts
  97.         push    cs
  98.         pop    ds
  99.         mov    sp,3B4h
  100.         sti                ; Enable interrupts
  101.  
  102.                 mov     data_13,ds              ; Store ds 3 times
  103.                 mov     data_14,ds              ; 
  104.                 mov     data_15,ds              ; 
  105.  
  106.         mov    ax,3521h
  107.         int    21h            ; DOS Services  ah=function 35h
  108.                         ;  get intrpt vector al in es:bx
  109.                 mov     data_9,bx               
  110.                 mov     word ptr data_9+2,es    
  111.                 mov     dx,offset int_entry
  112.         mov    ax,2521h
  113.         int    21h            ; DOS Services  ah=function 25h
  114.                         ;  set intrpt vector al to ds:dx
  115.         push    cs
  116.         pop    es
  117.  
  118.         mov    bx,3B4h
  119.         add    bx,0Fh
  120.         mov    cl,4
  121.         shr    bx,cl            ; Shift w/zeros fill
  122.         mov    ax,4A00h
  123.         int    21h            ; DOS Services  ah=function 4Ah
  124.                         ;  change memory allocation
  125.                         ;   bx=bytes/16, es=mem segment
  126.                 mov     dx,offset filename      
  127.                 mov     bx,offset data_12       
  128.         mov    ax,4B00h
  129.         int    21h            ; DOS Services  ah=function 4Bh
  130.                         ;  run progm @ds:dx, parm @es:bx
  131.  
  132. exit:           int 20h                         ; Quit Happily
  133.                 end start
  134.