refilter2.bat

Cracker终结者——提供最优秀的软件保护技术

;@goto translate

   ;Generally this example is bad, because I don't know what I'm working
   ;with.


.586P

.MODEL           FLAT, STDCALL

   OPTION        CASEMAP: NONE

   INCLUDE       WINDOWS.inc
   UNICODE       = FALSE
   INCLUDE       APIMACRO.mac

   INCLUDELIB    iKERNEL32.lib
   INCLUDELIB    iUSER32.lib
   INCLUDELIB    iNTDLL.lib
   INCLUDELIB    iApiHooks.lib

   INCLUDE       ApiHooks.inc


.DATA?
   ExcludeModules DWORD ?, ?
   Processes     DWORD  ?
   PIDarraysize  EQU    1000H
   PIDarray      DWORD  PIDarraysize/4 DUP (?) 
   PathHooks     SIGN   MAX_PATH DUP (?)
   Attached      BYTE   ?

.CODE
   TEXT      zTitle,    <Refiltration/0> 
   TEXT      GAPFailed, <Can/-t retrieve process IDs./0> 
   TEXT      Done,      </#u of /#u processes are clean./0>

 Start:
;=================================================
   SUB       EBP, EBP
   MOV       EDI, OFFSET PathHooks 
   iWin32i   GetModuleHandle, EBP
   iWin32i   GetModuleFileName, EAX, EDI, MAX_PATH
   MOV       WORD PTR [EDI+EAX-14], "nI"
   MOV       DWORD PTR [EDI+EAX-04], "LLD."
;=================================================
   ;Get identificators of all currently running processes.

   MOV       ESI, OFFSET PIDarray
   sWin32    GetCurrentPIDs, ESI, SIZEOF PIDarray
   TEST      EAX, EAX
   MOV       EBX, sGAPFailed
   JE        MsgBox
   MOV       EBX, EAX       ;total number of processes
   MOV       Processes, EAX ;total number of processes    
;=================================================

   iWin32    GetVersion
   TEST      EAX, EAX
   JNS       NextPID
   ;exclude W9X KERNEL32.DLL process for time reasons
   LODSD
   DEC       EBX     
  NextPID:
   LODSD     ;get PID

 IFDEF BMETHOD 
   PUSH      EAX
   iWin32i   IsModuleLoaded, EDI, EAX
   TEST      EAX, EAX
   POP       ECX 
   JE        Unloaded
   CMP       EAX, ErrorTimeOut
   JBE       @F
   PUSH      ECX 
   iWin32i   LoadAndCall,  EDI, ECX, 1, 1
   POP       EAX 
 ENDIF
   iWin32i   UnloadModule, EDI, EAX, 2
   TEST      EAX, EAX
   JE        Unloaded
   CMP       EAX, ErrorTimeOut
   JBE       @F
  Unloaded:
   INC       EBP
  @@:
   DEC       EBX
   JG        NextPID
;=================================================
   MOV       EBX, OFFSET PIDarray
   icWin32i  wsprintf, EBX, sDone, EBP, Processes
  MsgBox:
   iWin32i   MessageBox, NULL, EBX, szTitle, MB_ICONINFORMATION 
   iWin32    ExitProcess, NULL

INCLUDE GetPIDs.inc


END Start

:translate
@echo off
ML   /c /coff /nologo ReFilter2.bat
eLINK ReFilter2 /OUT:Refilter2A.exe /nologo /optidata /base:0x37280000 /SUBSYSTEM:WINDOWS /MERGE:.rdata=.text /IGNORE:4078 /FIXED:NO
COPY  Refilter2A.exe Refilter2C.exe >NUL
ML   /c /coff /nologo /DBMETHOD ReFilter2.bat
eLINK ReFilter2 /OUT:Refilter2B.exe /nologo /optidata /base:0x37280000 /SUBSYSTEM:WINDOWS /MERGE:.rdata=.text /IGNORE:4078 /FIXED:NO
DEL  ReFilter2.obj
PAUSE
CLS