conwrite.bat

Cracker终结者——提供最优秀的软件保护技术

;@GOTO -)
.586P
.MODEL FLAT
INCLUDE WINDOWS.inc
UNICODE=0
INCLUDE APIMACRO.mac
INCLUDE APIHOOKS.inc
INCLUDELIB iKERNEL32
INCLUDELIB iCRTDLL
INCLUDELIB iPrcWorks
INCLUDELIB iApiHooks

.CODE
 
ConWrite    PROC  USES EBX EBP ESI EDI, szTargetName, szMessage
  LOCAL     PID : DWORD
  iWin32i   ProcessName2PID, szTargetName
  MOV       PID, EAX
  iWin32    OpenProcess, PROCESS_VM_OPERATION OR PROCESS_VM_WRITE,\
              FALSE, EAX
  TEST      EAX, EAX
  JE        CantOpen
  MOV       ESI, EAX
  iWin32    GetDefaultRCInfo
  MOV       EBX, EAX
  ASSUME    EBX : PTR RCINFO
  iWin32i   lstrlen, szMessage
  LEA       EAX, [EAX*SIGN]
  PUSH      EAX
  sWin32    [EBX].RtlAllocMem, ESI, EAX
  TEST      EAX, EAX
  POP       ECX
  JE        CantAlloc
  MOV       EDI, EAX
  PUSH      ECX
  iWin32    WriteProcessMemory, ESI, EAX, szMessage, ECX, NULL
  POP       ECX
  TEST      EAX, EAX
  JE        CantWrite
  PUSHc     STD_OUTPUT_HANDLE, EDI, ECX
  iWin32i   LoadAndCall, NULL, szKERNEL32, PID, 5000, 1, sz_lwrite, 3, ESP
  POPp      EDX, EDX, ECX
  CMP       EAX, -1 ;HFILE_ERROR
  JE        lwFailed
  CMP       EAX, ErrorAHTimeOut
  JE        RCDeferred
  CMP       EAX, ErrorAHMin
  JAE       RCFailed
  CMP       EAX, ECX
  JB        lwFailed
  oLEA      EBP, szSuccess
 FreeMem:
  sWin32    [EBX].RtlFreeMem, ESI, EDI
 CloseProc:
  iWin32    CloseHandle, [EBX].hProcess
  ASSUME    EBX : NOTHING
 WriteMsg:
  iWin32    lstrlenA, EBP
  iWin32    _lwrite, STD_OUTPUT_HANDLE, EBP, EAX
  RET 
 lwFailed:
  oLEA      EBP, szlwFailed
  JMP       FreeMem
 RCFailed:
  oLEA      EBP, szRCFailed
  JMP       FreeMem
 RCDeferred:
  oLEA      EBP, szRCDeferred
  JMP       FreeMem
 CantWrite:
  oLEA      EBP, szCantWrite
  JMP       FreeMem
 CantAlloc:
  oLEA      EBP, szCantAlloc
  JMP       CloseProc
 CantOpen:
  oLEA      EBP, szCantOpen
  JMP       WriteMsg

  TEXTA     zKERNEL32,  <KERNEL32.dll/0>
  TEXTA     z_lwrite,   <_lwrite/0>

  TEXTA     zSuccess,   <Message written./0>
  TEXTA     zlwFailed,  <_lwrite failed/: (not CUI app?)/0>
  TEXTA     zRCFailed,  <Can/-t prepare remote execution/:/0>
  TEXTA     zRCDeferred,<Can/-t get result/: (deferred)/0>
  TEXTA     zCantWrite, <Can/-t write to target/-s memory/:/0>
  TEXTA     zCantAlloc, <Can/-t allocate memory in target/:/0>
  TEXTA     zCantOpen,  <Can/-t open target/:/0>
ConWrite    ENDP


  TEXT      zntdll, <ntdll.dll/0>
  TEXTA     zRAP, <RtlAdjustPrivilege/0>

PrimaryThread:
  iWin32i   GetModuleHandle, szntdll
  TEST      EAX, EAX
  JE        @F
  iWin32    GetProcAddress, EAX, szRAP
  TEST      EAX, EAX
  JE        @F
  PUSH      ECX 
  sWin32    EAX, 20, TRUE, 0, ESP
  POP       ECX
 @@:

  PUSH      EAX
  MOV       EDX, ESP
  PUSH      EAX
  MOV       ECX, ESP
  PUSH      EBX
  MOV       EAX, ESP
  icWin32   __GetMainArgs, EAX, ECX, EDX, FALSE
  POP       ECX
  POP       EAX
  POP       EDX
  CMP       ECX, 2
  JNE       PrintUsage
  sWin32    ConWrite, [EAX+4], szMsg
 @@:
  iWin32    _lread, STD_INPUT_HANDLE, ESP, 4 
  iWin32    ExitProcess, EAX

  TEXTA     zMsg, <Hello, Console/:/0>
  TEXTA     Usage, <Usage: ConWrite /(CUIApp/)>

 PrintUsage:
  iWin32    _lwrite, STD_OUTPUT_HANDLE, sUsage, LUsage
  JMP       @B


  ALIGN     4
END  PrimaryThread
:-)
@ECHO OFF
ML /c /coff /Gz /Cp /nologo ConWrite.bat
eLINK ConWrite /IGNORE:4078 /nologo /SUBSYSTEM:CONSOLE /OPTidata /MERGE:.rdata=.text
DEL ConWrite.obj
PAUSE
CLS