复件 longzoro.asm

石器客端图形补丁编译环境RH9,GCC

;----------------
;编译模式="DLL"
;----------------
;所有的过程都必须在code之前与END LibMain之间、LibMain过程之外.(LibMain过程可以不要)
;编译DLL需要建立一个DEF文件定义信息,如定义要输出的函数
;如果在编译DLL时目录下不存在DEF文件批处理将创建一个默认的DEF同名文件,您可以修改它来进行定制.
;-------------------------------------------------------------------------------------------
.386
.model flat, stdcall
option casemap :none   ; 不区分大小写(只对宏指令有效)
;-------------------------------------------------------------------------------------------
INClude windows.INC
INClude user32.INC
INClude kernel32.INC
INClude wininet.INC

INCludelib user32.lib
INCludelib kernel32.lib
INCludelib wininet.lib
;-------------------------------------------------------------------------------------------
DlgProc proto :DWORD,:DWORD,:DWORD,:DWORD 
;-------------------------------------------------------------------------------------------
.data

a5 db 4EH,41H,4AH,27H,04DH,1DH,35H,2BH,48H,01H,0CEH,30H,20H,0,0,0
a1 db 4EH,41H,4AH,27H,04DH,1DH,35H,2BH,48H,01H,0CEH,30H,20H,0,0,0
a2 db 0CEH,0CEH,0CDH,0C8H,0D1H,0CFH,0D1H,0CFH,0D1H,0CEH,0,0,0,0,0,0,10H dup (?)
a4 db 0C6H,0CFH,0C9H,0CAH,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0

tmp2 db 240H dup (?)
ReJmp dd 0045F1F0h
dllstart db 0,0,0,0

call1 dd 00499240h
call2 dd 00492214h

RetCli dd 0048A5D4h
.data?

.CODE

LibMain proc hInstDLL:DWORD, reason:DWORD, unused:DWORD
.if reason == DLL_PROCESS_ATTACH			;DLL创建,类似于WM_CREATE

CodeStart:

	MOV EBX,0

go1:

	IMUL  EDX, EBX, 10h

	LEA EAX, a1+DWORD PTR [EDX]
	CMP BYTE PTR [EAX], 0h
	JE next

	LEA EAX, a1+DWORD PTR [EDX]
GetNextChar1:
	XOR BYTE PTR [EAX], 0FFh
	INC EAX
	CMP BYTE PTR [EAX], 0
	JNZ GetNextChar1

next:

	INC EBX
	CMP EBX, 40
	JE CodeEnd

	JMP go1

CodeEnd:

	mov eax,TRUE	;成功被加载
	ret
.elseif reason == DLL_PROCESS_DETACH	;DLL销毁,类似于WM_DESTROY

.elseif reason == DLL_THREAD_ATTACH		;开始创建进程并分配内存

.elseif reason == DLL_THREAD_DETACH		;DLL卸载代码,类似于WM_CLOSE

  ;添加处理代码
.endif

ret
LibMain Endp

longzoro proc

	PUSH  EBX
	PUSH  EBP
	PUSH  ESI
	PUSH  EDI

	MOV   EBX,  0h
	mov BYTE PTR [dllstart],1
	
go:

	IMUL  EDX, EBX, 40h

	LEA ECX, a1+DWORD PTR [EDX]
	CMP BYTE PTR [ECX], 0h
	JE over

	IMUL  EDX,  EBX, 40h
	LEA   EAX,  a1+DWORD PTR [EDX]
	PUSH  EAX
	MOV   EDX,  EBX
	SHL   EDX,  8h
	LEA   EAX,  [EDX+45F5CB8h]
	PUSH  EAX
	CALL  call1
	ADD   ESP,  8h

	IMUL  EDX,  EBX, 40h
	LEA   EAX,  a1+DWORD PTR [EDX]+10h
	PUSH  EAX
	MOV   EDX,  EBX
	SHL   EDX,  8h
	LEA   EAX,  [EDX+45F5BF8h]
	PUSH  EAX
	CALL  call1
	ADD   ESP,  8h

	IMUL  EDX,  EBX, 40h
	LEA   EAX,  a1+DWORD PTR [EDX]+30h
	PUSH  EAX
	MOV   EDX,  EBX
	SHL   EDX,  8h
	LEA   EAX,  [EDX+45F5C78h]
	PUSH  EAX
	CALL  call1
	ADD   ESP,  8h

	INC   EBX
	CMP   EBX,  10
	JE over

	JMP go

over:
	mov BYTE PTR [dllstart+1h],1

	SUB   ESP,170h

	MOV   ECX, 0
	MOV   DWORD PTR [ECX+4EBED29h], EBX
	LEA   EAX,  a5
	PUSH  EAX
	ADD   ECX,  4EBED30h
	PUSH  ECX
	CALL  call1
	ADD   ESP,  8h

	mov BYTE PTR [dllstart+2h],1

	PUSH  4EBE8d8h
	CALL  call2
	ADD   ESP,  4h
	MOV   EAX,  1h
	ADD   ESP,  170h

	mov BYTE PTR [dllstart+3h],1

	POP   EDI
	POP   ESI
	POP   EBP
	POP   EBX
	RET
longzoro Endp

login proc

	CMP BYTE PTR [dllstart], 1
	JNE D_Err
	

	ADD   ESI,9

	CMP   BYTE  PTR [ESI],52h
	JNZ   D_Err
	CMP   BYTE  PTR [ESI+1h],44h
	JNZ   D_Err

	CMP BYTE PTR [dllstart+1h], 1
	JNE D_Err

	MOV   AL,   BYTE PTR [ESI+2h]

	MOV   EBX,  DWORD PTR [ESI+4h]

	MOV   ECX,  DWORD PTR [ESI+8h]

	ADD   ECX,  9

	ADD   EBX,  ECX

	CMP BYTE PTR [dllstart+2h], 1
	JNE D_Err

	MOV   DWORD PTR [ESP+18h],EBX

	TEST  AL,AL

	MOV   DWORD PTR [ESP+10h],ECX

	CMP BYTE PTR [dllstart+3h], 1
	JNE D_Err

	JMP   RetCli

D_Err:
	POP   EDI
	POP   ESI
	POP   EBP
	XOR   EAX,  EAX
	POP   EBX
	ADD   ESP,  10h
	RET

login Endp

check proc
	JMP   ReJmp
check Endp
End LibMain
.CODE?