infilter2.bat

Cracker终结者——提供最优秀的软件保护技术

;@goto translate

   ;Generally this example is bad, because I don't know what I'm working
   ;with.


.586P

.MODEL           FLAT, STDCALL

   OPTION        CASEMAP: NONE

   INCLUDE       WINDOWS.inc
   UNICODE       = FALSE
   INCLUDE       APIMACRO.mac

   INCLUDELIB    iKERNEL32.lib
   INCLUDELIB    iUSER32.lib
   INCLUDELIB    iNTDLL.lib
   INCLUDELIB    iApiHooks.lib

   INCLUDE       ApiHooks.inc


.DATA?
   Processes     DWORD  ?
   PIDarraysize  EQU    1000H
   PIDarray      DWORD  PIDarraysize/4 DUP (?) 
   PathHooks     SIGN   MAX_PATH DUP (?)

.CODE
   TEXT      zTitle,    <Infiltration/0> 
   TEXT      GAPFailed, <Can/-t retrieve process IDs./0> 
   TEXT      Done,      </#u of /#u processes infiltered./0>

 Start:
;=================================================
   SUB       EBP, EBP
   MOV       EDI, OFFSET PathHooks 
   iWin32i   GetModuleHandle, EBP
   iWin32i   GetModuleFileName, EAX, EDI, MAX_PATH
   MOV       DWORD PTR [EDI+EAX-4], "LLD." 
;=================================================
   ;Get identificators of all currently running processes.

   MOV       ESI, OFFSET PIDarray
   sWin32    GetCurrentPIDs, ESI, SIZEOF PIDarray
   TEST      EAX, EAX
   MOV       EBX, sGAPFailed
   JE        MsgBox
   MOV       EBX, EAX       ;total number of processes
   MOV       Processes, EAX ;total number of processes    
;=================================================
   LODSD
   DEC       EBX     
  NextPID:
   LODSD     ;get PID

  IFDEF     CMETHOD
   iWin32i   LoadAndCall, EDI, EAX, 1, NULL
   CMP       EAX, ErrorTimeOut
   JBE       @F
  ENDIF
  IFDEF     BMETHOD 
   iWin32i   LoadAndCall, EDI, EAX, 1, 1
   CMP       EAX, ErrorTimeOut
   JBE       @F
  ENDIF
  IFDEF     AMETHOD 
   iWin32i   EstablishApiHooksTimeNT, EDI, EAX, 10000
   TEST      EAX, EAX
   JNE       @F
  ENDIF

   INC       EBP  ;hooks were applied
  @@:
   DEC       EBX
   JG        NextPID
;=================================================

   MOV       EBX, OFFSET PIDarray
   icWin32i  wsprintf, EBX, sDone, EBP, Processes
  MsgBox:
   iWin32i   MessageBox, NULL, EBX, szTitle, MB_ICONINFORMATION 
   iWin32    ExitProcess, NULL

INCLUDE GetPIDs.inc


END Start

:translate
@echo off
ML   /c /coff /nologo /DAMETHOD InFilter2.bat
eLINK InFilter2 /OUT:Infilter2A.exe /nologo /optidata /SUBSYSTEM:WINDOWS /MERGE:.rdata=.text /IGNORE:4078
ML   /c /coff /nologo /DBMETHOD InFilter2.bat
eLINK InFilter2 /OUT:Infilter2B.exe /nologo /optidata /SUBSYSTEM:WINDOWS /MERGE:.rdata=.text /IGNORE:4078
ML   /c /coff /nologo /DCMETHOD InFilter2.bat
eLINK InFilter2 /OUT:Infilter2C.exe /nologo /optidata /SUBSYSTEM:WINDOWS /MERGE:.rdata=.text /IGNORE:4078
DEL InFilter2.obj
PAUSE
CLS