alternativeexe.bat

Cracker终结者——提供最优秀的软件保护技术

;@goto translate


.586P

.MODEL            FLAT, STDCALL

   OPTION         CASEMAP: NONE

   UNICODE        = 1
   INCLUDE        WINDOWS.inc
   INCLUDE        APIMACRO.mac

   INCLUDELIB     iKERNEL32.lib
   INCLUDELIB     iUSER32.lib
   INCLUDELIB     iApiHooks.lib


.CODE

 PrimaryThread PROC
   iWin32     GetCurrentProcessId 
; loaded statically
   iWin32i    LoadAndCall, sAlternativeDll, EAX, 1, NULL
;   TEST      EAX, EAX 
;   JNE       Failed

; or dynamic loading
;   iWin32i   LoadLibrary, sApiHooks
;   TEST      EAX, EAX
;   JE        Exit
;   iWin32    GetProcAddress, EAX, sLoadAndCall
;   TEST      EAX, EAX
;   JE        Exit
;   sWin32    EAX, sAlternativeDll, prinfo.dwProcessId
;   TEST      EAX, EAX 
;   JNE       Failed

   iWin32    MessageBoxA, NULL, sAlternativeMsg, sAlternativeTitle, MB_OK
   iWin32    GetCurrentProcessId 
   iWin32    UnloadModuleA, sAlternativeDllA, EAX, 10
  Failed:
   iWin32    ExitProcess, STATUS_SUCCESS


 PrimaryThread ENDP

   TEXT     AlternativeDll,   <Alternative.dll/0>
   TEXTA    AlternativeDllA,  <Alternative.dll/0>
   TEXTA    AlternativeTitle, <MessageBox/0>   
   TEXTA    AlternativeMsg,   <From .EXE/0>   
;   TEXT     ApiHooks,         <ApiHooks.dll/0>
;   TEXT     LoadAndCall,       <LoadAndCall>
;    IF UNICODE
;       CHAR 'W'
;    ELSE
;       CHAR 'A'
;    ENDIF
;       CHAR  0
END PrimaryThread

:translate
@echo off
ML    /c /coff /nologo AlternativeEXE.bat
eLINK AlternativeEXE /out:Alternative.exe /nologo /SUBSYSTEM:WINDOWS /optidata /MERGE:.rdata=.text /BASE:0X32890000 /IGNORE:4078
DEL   AlternativeEXE.obj
PAUSE
CLS