home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Reverse Code Engineering RCE CD +sandman 2000
/
ReverseCodeEngineeringRceCdsandman2000.iso
/
RCE
/
Mib
/
CMESOUR.ZIP
/
MOREFUNC.ASM
< prev
next >
Wrap
Assembly Source File
|
1998-10-04
|
12KB
|
1,001 lines
;-----------------------------------------
; Some other functions used in CrueMe v1.0
;-----------------------------------------
fakeprot:
cmp al,8
jnz novalid
mov ecx,8
mov esi,offset psw
goagain:
xor byte ptr [esi],050h
inc esi
loop goagain
mov ecx,8
mov esi,offset psw
goagain2:
add byte ptr [esi],cl
inc esi
loop goagain2
xor edi,edi
mov esi,offset psw
mov ecx,4
goagain3:
mov al,byte ptr [esi]
mov bl,byte ptr [esi+1]
xor al,bl
mov fakebuff[edi],al
add esi,2
inc edi
loop goagain3
mov esi,offset fakebuff
mov al,byte ptr [esi]
mov bl,byte ptr [esi+1]
xor al,bl
mov bl,byte ptr [esi+2]
mov cl,byte ptr [esi+3]
xor bl,cl
xor al,bl
test al,al
jz novalid
mov esi,offset psw
mov ecx,8
goagain4:
xor byte ptr [esi],al
inc esi
loop goagain4
mov ecx,16
shr ecx,1
lea esi,psw
lea edi,FileFakePsw+7
goagain5:
mov al,[edi]
xor byte ptr [esi],al
inc edi
inc esi
loop goagain5
push ds
pop es
mov ecx,8
lea edi,FileFakePsw
lea esi,psw
repz
cmpsb
test ecx,ecx
jnz novalid
mov eax,1
jmp fakevalid
novalid:
xor eax,eax
fakevalid:
mov esi,offset psw
mov ecx,8
goagain6:
mov byte ptr [esi],0
inc esi
loop goagain6
ret
FixShutDown:
lea esi,FileMon
mov ecx,18
looping:
ror byte ptr [esi],2
inc esi
loop looping
ret
XorBuffer:
mov ecx,42
mov al,XorSeed
XorLoop:
lea esi,Buffert-1
add esi,ecx
xor byte ptr [esi],al
add al,8
loop XorLoop
ret
choose:
xor ebx,ebx
mov bl,al
mov ecx, dword ptr [esp]
mov return,ecx
add esp,4
lea esi,Buffert+42
sub esi,ebx
mov bl,byte ptr [esi]
dec al
shl al,3
add al,XorSeed
xor al,bl
cmp al,32
je func32
mov bl,al ;Totally useless piece of code!
add al,5 ;Only here to cause confusion.
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,4
je func4
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,1
je func1
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,14
je func14
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,6
je func6
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,42
je func42
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,3
je func3
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,28
je func28
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,39
je func39
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,5
je func5
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,25
je func25
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,9
je func9
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,11
je func11
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,29
je func29
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,8
je func8
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,13
je func13
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,17
je func17
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,34
je func34
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,38
je func38
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,16
je func16
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,36
je func36
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,41
je func41
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,19
je func19
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,2
je func2
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,24
je func24
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,21
je func21
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,7
je func7
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,26
je func26
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,12
je func12
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,20
je func20
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,22
je func22
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,31
je func31
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,10
je func10
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,33
je func33
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,37
je func37
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,30
je func30
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,35
je func35
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,18
je func18
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,40
je func40
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,27
je func27
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,15
je func15
mov bl,al
add al,5
lea eax,[eax*4]
add eax,eax
dec eax
push eax
xor eax,eax
add al,bl
add esp,4
cmp al,23
je func23
xor eax,eax
jmp readu
func1:
call GetMessage
jmp readu
func2:
call GetPrivateProfileStringA
jmp readu
func3:
call CompareFileTime
jmp readu
func4:
call SetDlgItemTextA
jmp readu
func5:
call GetCurrentProcess
jmp readu
func6:
call SendDlgItemMessageA
jmp readu
func7:
call CloseHandle
jmp readu
func8:
Call CreateFileA
jmp readu
func9:
Call TranslateMessage
jmp readu
func10:
call GetModuleHandle
jmp readu
func11:
call GetExitCodeProcess
jmp readu
func12:
call WriteFile
jmp readu
func13:
call WriteProcessMemory
jmp readu
func14:
call ReadFile
jmp readu
func15:
call DispatchMessage
jmp readu
func16:
call GetVolumeInformationA
jmp readu
func17:
call OpenProcess
jmp readu
func18:
call LoadIcon
jmp readu
func19:
call DefWindowProc
jmp readu
func20:
call DialogBoxParamA
jmp readu
func21:
call TextOut
jmp readu
func22:
Call FindWindowA
jmp readu
func23:
call GetWindowThreadProcessId
jmp readu
func24:
call LocalSize
jmp readu
func25:
call lstrcmp
jmp readu
func26:
call SetWindowPos
jmp readu
func27:
call VirtualProtect
jmp readu
func28:
call Beep
jmp readu
func29:
call SetCapture
jmp readu
func30:
Call EndDialog
jmp readu
func31:
call ExitThread
jmp readu
func32:
call LoadCursor
jmp readu
func33:
call MessageBoxA
jmp readu
func34:
call ExitProcess
jmp readu
func35:
call Escape
jmp readu
func36:
call GetWindowTextA
jmp readu
func37:
call SetServiceObjectSecurity
jmp readu
func38:
call GetLocalTime
jmp readu
func39:
call SetTextColor
jmp readu
func40:
call TerminateProcess
jmp readu
func41:
call ToAscii
jmp readu
func42:
call QueryPerformanceCounter
;jmp readu
readu:
mov para1,eax
push [return]
ret
PolySetup:
mov al,28
call [chooseofs] ;GetCurrentProcess = 5
mov pseudo,eax
push offset oldprot
push L PAGE_EXECUTE_READWRITE
push L regsize
push L paddress
mov al,24
call [chooseofs] ;VirtualProtect = 27
ret
PolyWrite:
push offset byteswritten
push L 37
cmp edi,1
je DoFirstWrite
push offset RealRoutine
jmp continurehere
DoFirstWrite:
push offset FakeRoutine
continurehere:
push [patchhere]
push L pseudo
mov al,4
call [chooseofs] ;WriteProcessMemory = 13
ret
RealProt:
xor edi,edi
xor esi,esi
test eax,eax
je Nogood
mov length,eax
lea ebx,psw
MoreEnc:
mov ecx,0ffh
TheLoop:
mov eax,[ebx]
add eax,01234567
add eax,[ebx+8]
sub eax,11111
xor edx,edx
mul length
mov edx,[ebx+4]
add edx,76543210
xor eax,edx
mov edx,[ebx+8]
sub edx,12344321
sub edx,[ebx]
add edx,11111
xor eax,edx
or eax,43211234
add edi,eax
and edi,WhyNot1
mov eax,[ebx]
sub eax,01234567
sub eax,[ebx+8]
add eax,22222
xor edx,edx
div length
mov edx,[ebx+4]
sub edx,76543210
xor eax,edx
mov edx,[ebx+8]
add edx,12344321
add edx,[ebx]
sub edx,22222
xor eax,edx
and eax,43211234
add esi,eax
or esi,WhyNot2
Loop TheLoop
add edi,0911h
sub esi,0911h
dec loopindex
cmp loopindex,0
jne MoreEnc
mov loopindex,0ffh
lea ebx,psw
mov ecx,14
zerofirst:
mov byte ptr [ebx],0
inc ebx
loop zerofirst
add edi,0EFFDE3AFh ;If we have a correct password there two
jnz Nogood
add esi,0A4948D23h ;registers will be zero after this
jnz Nogood
lea esi,statyes-10
add esi,10
lea edi,statyescopy
mov ecx,29
rep movsb
push offset statyescopy
push IDD_STAT
push [hwnd]
mov al,21
call [chooseofs] ;SetDlgItemTextA = 4
xor eax,eax
jmp NotFalse
Nogood:
mov eax,1
NotFalse:
ret
;_________________ Function list ______________________
;
;1 - GetMessage
;2 - GetPrivateProfileString
;3 - CompareFileTime
;4 - SetDlgItemTextA
;5 - GetCurrentProccess
;6 - SendDlgItemMessageA
;7 - CloseHandle
;8 - CreateFileA
;9 - TranslateMessage
;10 - GetModuleHandle
;11 - GetExitCodeProcess
;12 - WriteFile
;13 - WriteProcessMemory
;14 - ReadFile
;15 - DispatchMessage
;16 - GetVolumeInformation
;17 - OpenProcess
;18 - LoadIcon
;19 - DefWindowProc
;20 - DialogBoxParamA
;21 - TextOut
;22 - FindWindowA
;23 - GetWindowThreadProcessId
;24 - LocalSize
;25 - lstrcmp
;26 - SetWindowPos
;27 - VirtualProtect
;28 - Beep
;29 - SetCapture
;30 - EndDialog
;31 - ExitThread
;32 - LoadCursor
;33 - MessageBoxA
;34 - ExitProcess
;35 - Escape
;36 - GetWindowText
;37 - SetServiceObjectSecurity
;38 - GetLocalTime
;39 - SetTextColor
;40 - TerminateProcess
;41 - ToAscii
;42 - QueryPerformanceCounter
