Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X
X


Photo

Help with asm

asm MASM32 Assmebly

  • Please log in to reply
70 replies to this topic

#1 CaptainClucks

CaptainClucks

    Unum Cavillator Spuria

  • Active Members
  • PipPipPipPipPipPip
  • 1,222 posts

Posted 02 December 2011 - 01:14 PM

I've been searching everywhere but it's like no one talks about it or something, question is, how the heck do I get the home drive letter in assembly?

I need to make this string automatically change to the correct users home drive lable~
"%s:\Documents and Settings\TEST\Desktop\Log.dat"

I can't find anything on google about or related to it, it's like google has an anti asm fetish.

Also, is it me or are these forums getting a little slower?
Spoiler
Warning: Posts by this user are subject to change or may disappear without notice.







#2 Mat

Mat

    43 38 48 31 30 4E 34 4F 32

  • MVPs
  • 4,818 posts

Posted 02 December 2011 - 01:52 PM

Uhmmm... The same way you would in C, or any native windows application? Why is this question specifically about asm?

Rough outline:

strIn db "%HOMEDRIVE%Documents and SettingsTESTDesktopLog.dat" strOut db MAX_PATH+1 dup 0 invoke ExpandEnvironmentStringsA,lpIn,lpOut,MAX_PATH


Then of course, there is the small matter that even then you are doing it wrong. You want the desktop directory for user TEST? Then you are actually trying to find a known folder. There are examples for that on these forums. Search for SHGetKnownFolderPath.

The reason it's not on google is because not many asm users ask questions like this. Most have previous knowledge of the winapi etc.

Edited by Mat, 02 December 2011 - 01:53 PM.

{4d696768-744e-6f74-4265-556e69717565}

AutoIt Project Listing

#3 CaptainClucks

CaptainClucks

    Unum Cavillator Spuria

  • Active Members
  • PipPipPipPipPipPip
  • 1,222 posts

Posted 02 December 2011 - 02:07 PM

Uhmmm... The same way you would in C, or any native windows application? Why is this question specifically about asm?

Rough outline:

strIn db "%HOMEDRIVE%Documents and SettingsTESTDesktopLog.dat" strOut db MAX_PATH+1 dup 0 invoke ExpandEnvironmentStringsA,lpIn,lpOut,MAX_PATH


Then of course, there is the small matter that even then you are doing it wrong. You want the desktop directory for user TEST? Then you are actually trying to find a known folder. There are examples for that on these forums. Search for SHGetKnownFolderPath.

The reason it's not on google is because not many asm users ask questions like this. Most have previous knowledge of the winapi etc.

I see, makes sense, and the reason it's specifically targeted to ASM is due to the fact that I don't know C, C++ etc, I was tinkering with some little project written in asm that creates a file in its directory (where it was launched from) and enters some data into it, suddenly I wan't the file to be created at a specific location, adding my user name was an accident but you get the idea, I wan't to have the app always create the file in a specific directory regardless of the home drive label.

When my the app is going to create the file, the string location is as so~

MAC "ab" ; binary mode MAC "C:directoryLog.dat" ;Location call fopen

Edited by THAT1ANONYMOUSEDUDE, 02 December 2011 - 02:23 PM.

Spoiler
Warning: Posts by this user are subject to change or may disappear without notice.

#4 Mat

Mat

    43 38 48 31 30 4E 34 4F 32

  • MVPs
  • 4,818 posts

Posted 02 December 2011 - 02:31 PM

So you are going to mix native winapi and libc?

Did you try using fopen with the environment strings in there (%HOMEDRIVE%)?

{4d696768-744e-6f74-4265-556e69717565}

AutoIt Project Listing

#5 CaptainClucks

CaptainClucks

    Unum Cavillator Spuria

  • Active Members
  • PipPipPipPipPipPip
  • 1,222 posts

Posted 02 December 2011 - 02:43 PM

So you are going to mix native winapi and libc?

Did you try using fopen with the environment strings in there (%HOMEDRIVE%)?

Yes, windows xp suggested I send a crash report to microsoft afterward.

Damn, I really want to learn assembly, this is how I tried, which I know is wrong because of the crash report thing.

MAC "ab" MAC "%HOMEDRIVE%Documents and SettingsLog.dat" call fopen


Assembling: test.asm test.asm(58) : error A2006: undefined symbol : HOMEDRIVE MAC(1): Macro Called From   test.asm(58): Main Line Code test.asm(58) : error A2206: missing operator in expression MAC(3): Macro Called From   test.asm(58): Main Line Code

Edited by THAT1ANONYMOUSEDUDE, 02 December 2011 - 02:48 PM.

Spoiler
Warning: Posts by this user are subject to change or may disappear without notice.

#6 Mat

Mat

    43 38 48 31 30 4E 34 4F 32

  • MVPs
  • 4,818 posts

Posted 02 December 2011 - 03:55 PM

Do %s in strings have a special meaning in masm?

{4d696768-744e-6f74-4265-556e69717565}

AutoIt Project Listing

#7 Valik

Valik

    Former developer.

  • Active Members
  • PipPipPipPipPipPip
  • 18,879 posts

Posted 02 December 2011 - 07:09 PM

You really need to read some Windows guidelines. A directory already exists for applications to write their data. The root of the home drive is not it.

#8 CaptainClucks

CaptainClucks

    Unum Cavillator Spuria

  • Active Members
  • PipPipPipPipPipPip
  • 1,222 posts

Posted 02 December 2011 - 11:25 PM

Do %s in strings have a special meaning in masm?

I would imagine they do since this works for me~
push offset hUser call GetUserNameA push offset hUser MAC "-Current User:%s-"


And I can write the user name the file in place of the %s, where it would be written as "-Current User: TEST-".


You really need to read some Windows guidelines. A directory already exists for applications to write their data. The root of the home drive is not it.

Where can I find a good source? a nice help file like autoit's would be really good, also, I noticed that if I don't include the drive letter and start the path as if it was a directory in nix like "documents and settingsdata.dat" it's created without any errors.
Spoiler
Warning: Posts by this user are subject to change or may disappear without notice.

#9 Valik

Valik

    Former developer.

  • Active Members
  • PipPipPipPipPipPip
  • 18,879 posts

Posted 02 December 2011 - 11:42 PM

If you can't find Windows guidelines via a quick search then you should not be using ASM. Simple logical progression.

#10 CaptainClucks

CaptainClucks

    Unum Cavillator Spuria

  • Active Members
  • PipPipPipPipPipPip
  • 1,222 posts

Posted 03 December 2011 - 12:24 AM

If you can't find Windows guidelines via a quick search then you should not be using ASM. Simple logical progression.

C'mon, It's just that I'm not familiar with the terminology used with this stuff, this reminds me of the time I started with autoit, I would have never gotten anywhere if people weren't generous enough to explain simple things that would essentially show me how to catch fish.

Although, I still remember exactly what gave me the boost in learning autoit, it was a comment I read posted by Jos stating that I should highlight the native function in question and press [F1], as soon as I found that out everything was uphill from there, but scite and MASM32 don't come with a nifty chm explaining everything in detail for asm, autoit was like climbing the Rockies and masm seems like I'm trying to climb Mt.Everest on a unicycle with my current understanding of the language, I'd really like to replace the unicycle with a helicopter if you know what I mean.
Spoiler
Warning: Posts by this user are subject to change or may disappear without notice.

#11 Valik

Valik

    Former developer.

  • Active Members
  • PipPipPipPipPipPip
  • 18,879 posts

Posted 03 December 2011 - 12:32 AM

I have given you the terminology in both of my previous posts.

#12 Ascend4nt

Ascend4nt

    Universalist

  • Active Members
  • PipPipPipPipPipPip
  • 1,299 posts

Posted 03 December 2011 - 10:40 PM

THAT1ANONYMOUSEDUDE,

Programming in Assembly language is overkill for anything other than code in need of major optimization. You should really stick to C or C++. Compilers are getting very good at optimizing code, and it'd be a waste to learn the obscure assembly instruction set yourself unless you really need to.

From what I can tell, most people on these forums haven't written programs in pure Assembly, but rather have dabbled in it lightly, or taken compiled C/C++ code and massaged it slightly to be executable in memory. My programming roots stretch back to around 90-91 when code was in dire need of optimization in a long-since dead DOS 16-bit world. Even then, I only wrote a handful of pure-Assembly projects (mostly TSR programs) - the rest were a mix of C++ and Assembly.

You'll find the difficult task of learning Assembly made even more complex by the new 64-bit assembly model and all the quirks involved with that. Also, no inline assembler supports 64-bit code yet as far as I know.

However, if you are still interested in it (and I only recommend it for optimization), here's some links:

Intel 64 and IA-32 Architectures Software Developer Manuals
AMD Developer Guides and Manuals
Flat Assembler (FASM) Documentation
The Netwide Assembler (NASM) Documentation
Iczelion's Win32 Assembly Tutorials
X86asm.net and their X86 Opcode and Instruction Reference
Sandpile.org

Borland Turbo Assembler Manuals (these were my bibles back in the day)

There's also plenty of links on 64-bit programming quirks out there. I believe I left a few of these on someone's thread somewhere on these forums..

Good luck (but really - stick to C/C++!)
  • CaptainClucks likes this

#13 Valik

Valik

    Former developer.

  • Active Members
  • PipPipPipPipPipPip
  • 18,879 posts

Posted 04 December 2011 - 02:35 AM

You'll find the difficult task of learning Assembly made even more complex by the new 64-bit assembly model and all the quirks involved with that. Also, no inline assembler supports 64-bit code yet as far as I know.

Visual Studio 2010 doesn't. When we went 64-bit we had to remove all our inline assembly which was mostly just DllCall() and a 3rd-party library for math functions.

#14 CaptainClucks

CaptainClucks

    Unum Cavillator Spuria

  • Active Members
  • PipPipPipPipPipPip
  • 1,222 posts

Posted 04 December 2011 - 09:40 AM

So I was browsing opensc and noticed there was a topic with no replies titled "antivirus open source" in asm, so I downloaded it and ran the fucker and it deleted absolutely everything on my desktop, including a whole bunch of sources I was fiddling with and autoit scripts I have, I'm now making a profile there so I can show everybody how much I don't like the guy who uploaded that piece of shit application.

I mean really? why even do that? I still lost a whole bunch of cool stuff I had accumulated over 15 hours.

And thank you Ascend4nt, I'll be skimming through those url's from now.

Edit: now awaiting moderator approval so I can get back to displaying my discontent.

And wow, I knew something was wrong with fire fox, I rebooted and :D

Posted Image

Edited by THAT1ANONYMOUSEDUDE, 04 December 2011 - 10:26 AM.

Spoiler
Warning: Posts by this user are subject to change or may disappear without notice.

#15 Shaggi

Shaggi

    Universalist

  • Active Members
  • PipPipPipPipPipPip
  • 309 posts

Posted 04 December 2011 - 11:21 AM

loooool pwnd
why the fuck didn't you read the source?
Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG

#16 CaptainClucks

CaptainClucks

    Unum Cavillator Spuria

  • Active Members
  • PipPipPipPipPipPip
  • 1,222 posts

Posted 04 December 2011 - 03:19 PM

why the fuck didn't you read the source?

Because it's a huge source written in bloody assembler and reading it require that I be some kind of human alien hybrid capable of implementing an accelerated advanced understanding and perception of cryptographic code that only machines should be dealing with.

Edit: You want to hold my eyeballs and help me understand this shit?

Plain Text         
.586 ;.MMX .XMM .model  flat, stdcall option  casemap:none ; ------- Main Include ------- ; include Ansav.inc .code ; ------- Code Start ------- ; Align 16 ; ------- Ansav Initial ------- ; AnsavInitFirst proc uses edi esi ebx IFDEF  DEBUG ; ------- Init for debug ------- ; mov  hFileLog,0 call  InitLog ENDIF IFDEF  ERRORLOG mov  hFileErrorLog,0 mov  ErrorOccured,0 ENDIF mLog "AnsavInitFirst::" xor  eax,eax mov  incmdl,eax mov  NoStealth,eax mov  HaveMMX,eax mov  PluginsCount,eax mov  SomeObjectNeedReboot,eax mov  CmdLineScan,eax ; ------- Init for ansav needed value ------- ; push  0 call  GetModuleHandle mov  hInstance,eax call  GetCommandLine mov  CommandLine,eax call  InitCommonControls ; ------- determine processor is support MMX ? ------- ; inc   eax cpuid test  edx,200000h jz   @F   mov  HaveMMX,1 @@: invoke  MyZeroMemory,ADDR icex,sizeof INITCOMMONCONTROLSEX mov  [icex.dwSize],sizeof INITCOMMONCONTROLSEX ; <-- compability ; mov  [icex.dwICC],ICC_COOL_CLASSES mLog "Loading comctl32.dll::" invoke  LoadLibrary,reparg("comctl32.dll") .if  eax   invoke  GetProcAddress,eax,reparg("InitCommonControlsEx")   .if  eax    mLog "[ok]"    lea  edx,icex    push  edx    call  eax IFDEF  DEBUG   .else    mLog "[failed]" ENDIF   .endif IFDEF  DEBUG .else   mLog "[failed]" ENDIF .endif ; ------- Check for NT Window$ Version ------- ; mLog  "Check for Windows Version" invoke  IsNT .if  eax   mLog  "..Windows is NT/2K/XP"   mov  WinVerNT,1 .else   mLog  "..Windows not NT/2K/XP"   mov  WinVerNT,0 .endif ; ------- Escalate privileges ------- ; call  SetToken ; ------- keep run one instance ------- ; call  IsAnsavRun? .if  eax   invoke  MessageBox,0,     reparg("ANSAV already running..."),     offset szAppName,MB_OK   invoke  ExitProcess,0 .endif ; ------- Buffering, get MyDir, MyPath etc... ------- ; call  GetPathPath ; ------- LOAD CONFIGURATION ------- ; push  1 call  LoadConfig xor  eax,eax ; ------- set null flag ------- ; mov  pBufferVirusInfo,eax mov  BufferVirusInfoSize,eax ; ------- init buffer for last scanned path ------- ; mov  LastScannedPath,eax mov  LastScannedPathSize,eax mov  ArcReady,eax ; ------- componen ------- ; call  LoadComponen ; ------- time for blind sucker ------- ; call  BlindSucker AnsavInitFirstSize equ $ - offset AnsavInitFirst ; ------- build CRC 32 table ------- ; call  crcInit ; ------- VERTICAL LOGO ------- ; invoke  LoadBitmap,hInstance,IMG_VLOGO mov  hVLogoBmp,eax ; ------- decrypt vbd ------- ; IFDEF  RELEASE call  DecryptVDB ENDIF call  IsAlreadyInstalled? mov  AlreadyInstalled,eax .if  !eax   .if  !TimeForBlind    invoke  lstrcat,ADDR szAppName,reparg(" - [ PORTABLE ]")   .endif .endif invoke  LoadIcon,hInstance,IDI_MAIN_ICON mov  hMainIcon,eax ; ------- check for external database ------- ; xor  eax,eax mov  ExternalVdb,eax mov  ExternalVdbSize,eax call  LoadExVdb call  RenewConfigFlags ; ------- check exvdb ver compare ------- ; .if  ExternalVdb && ExternalVdbSize   mov  esi,ExternalVdb   movzx  eax,[esi.EXVDBINFO].wDay   movzx  ecx,[esi.EXVDBINFO].wMonth   movzx  edx,[esi.EXVDBINFO].wYear     cmp  edx,dwRDYear   ja  @F   cmp  ecx,dwRDMonth   ja   @F   cmp  eax,dwRDDay   ja   @F    jmp  @nver   @@:     mov  dwRDYear,edx   mov  dwRDMonth,ecx   mov  dwRDDay,eax .endif @nver: ; ------- immune registry ------- ; call  RegImmune ; get explorer PID, exclude from heuristic engine invoke  FindWindow,0,reparg("Start Menu") .if  eax   invoke  GetWindowThreadProcessId,eax,offset ExplorerPID .endif ; ------- load trusted database ------- ; call  LoadTrustDatabase call  OnLatestUpdate ; ------- check oldiest engine alias kadaluwarsa! ------- ; call IsOldiest? ; ------- check etc host file ------- ; call  CheckEtcHost ; ------- set antidump ------- ; call  AntiDump ret AnsavInitFirst endp Align 16 WndProc PROTO :HWND,:UINT,:WPARAM,:LPARAM ; ------- Win Main procedure ------- ; WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD LOCAL wc:WNDCLASSEX LOCAL msg:MSG mLog  "WinMain enter::" invoke  MyZeroMemory,ADDR wc,sizeof WNDCLASSEX mov  [wc.cbSize],sizeof WNDCLASSEX mov  [wc.style],CS_HREDRAW or CS_VREDRAW mov  [wc.lpfnWndProc],offset WndProc mov  [wc.cbClsExtra],NULL mov  [wc.cbWndExtra],DLGWINDOWEXTRA push hInst pop  [wc.hInstance] mov  [wc.hbrBackground],COLOR_BTNFACE+1 mov  [wc.lpszMenuName],IDM_MAIN_MENU mov  [wc.lpszClassName],offset szClassName mov  eax,hMainIcon mov  [wc.hIcon],eax mov  [wc.hIconSm],eax invoke LoadCursor,NULL,IDC_ARROW mov  wc.hCursor,eax invoke RegisterClassEx,addr wc mErrorTrap eax,"cannot register class",@endl mLog  "CreateDialogParam..." invoke CreateDialogParam,hInstance,IDD_DIALOG,NULL,offset WndProc,NULL mov  hMainWnd,eax mErrorTrap eax,"cannot Create main window",@endl invoke UpdateWindow,hMainWnd invoke  SetLastError,0 invoke  MyZeroMemory,ADDR msg,sizeof MSG invoke  Sleep,100 .while TRUE   invoke  IsWindow,hMainWnd   test  eax,eax   jz   @endl     invoke GetMessage,addr msg,NULL,0,0    .BREAK .if !eax   invoke TranslateMessage,addr msg   invoke DispatchMessage,addr msg .endw mov  eax,[msg.wParam] ret @endl: xor  eax,eax ret WinMain endp align 16 ; ------- Main Window Procedure ------- ; WndProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM LOCAL  ps,hDC,hOld,memDC:DWORD mov  eax,uMsg .if eax==WM_INITDIALOG   ; ------- Initial dialog ------- ;   push hWin   pop  hMainWnd     .if  !TimeForBlind    invoke  SetWindowText,hWin,ADDR szAppName   .else    invoke  SetWindowText,hWin,ADDR szRandomString   .endif     push  ebx   push  esi     mov  ebx,GetDlgItem   mov  esi,hMainWnd     scall  ebx,esi,IDC_MAIN_PB   mov  hMainProgBar,eax   scall  ebx,esi,IDC_EDIT_PATH   mov  hMainEditPath,eax   scall  ebx,esi,IDC_TXT_STATUS   mov  hMainTxtStatus,eax   scall  ebx,esi,IDC_TXT_CHKFILES   mov  hTxtCheckedFiles,eax   scall  ebx,esi,IDC_TXT_THREATDETC   mov  hTxtDetectedThreats,eax   scall  ebx,esi,IDC_TXT_PERCENT   mov  hTxtMainPercent,eax     pop  esi   pop  ebx     invoke  GetMenu,hWin   mov  hMainMenu,eax     ; ------- Build-build ------- ;   call  BuildMainListview   call  BuildMainTxtStatus   call  BuildToolbar   call  BuildMainMenuPic   call  BuildMainPopMenu     call  SetAllMainCtrlState   invoke  SendMessage,hToolBar,     TB_ENABLEBUTTON,IDC_MAINTB_STOP,STATE_DISABLE     ; ------- Create timer to monitor existing rem media ------- ;   call  SetMainTimer     ; ------- Check for existing threat in mem ------- ;   mov  MemCheck,1   call  CheckAndProcessBVI   .if  eax    invoke  SetMainTxtStatus,STATUS_DETECTED    invoke  SetActionTbState,STATE_ENABLE   .else    invoke  SetMainTxtStatus,STATUS_CLEAN    invoke  SetActionTbState,STATE_DISABLE   .endif   mov  MemCheck,0     ; ------- Set status ------- ;   StatusIdleWait   ; make status clr show ttl   call  SetStatusClrTtl     .if  !NoPlugins    call  BuildPlugins   .endif     ; ------- create syncro hook ------- ;     .if  ShowLog    call  ShowLogWindow   .endif     invoke  VerticalTile,hWin,IMG_VREDTILE,70     ; ------- is already installed? ------- ;   call  CheckInstalled     .if  StealthMode && hStealthmMap    mov  eax,hStealthmMap    m2m  [eax.CEST].hMainWnd,hWin    m2m  [eax.CEST].hWnd2,hWin   .endif     invoke  SetTimer,hWin,2194,2000,offset MakeUnkillable     call  SetMenuInstallable       ; ------- auto check update ------- ;   mov  hAutUpdCheckThread,0   lea  eax,AutomaticUpdateCheck   invoke  CreateThread,0,0,eax,0,0,offset brw   mov  hAutUpdCheckThread,eax     call  DontHookme     invoke  SetForegroundWindow,hWin   invoke  SetFocus,hWin     .if  CmdLineScan    invoke  StartScanOnlyDir,CmdLineScan   .endif   .elseif  eax == WM_PAINT   invoke LocalAlloc,LPTR,sizeof PAINTSTRUCT   mov  ps,eax     invoke  BeginPaint,hWin,ps   mov    hDC, eax     invoke  CreateCompatibleDC,hDC   mov    memDC, eax     invoke  SelectObject,memDC,hVLogoBmp   mov    hOld, eax     invoke  BitBlt,hDC,1,1,80,400,memDC,0,0,SRCCOPY     invoke  SelectObject,hDC,hOld   invoke  DeleteDC,memDC     invoke  EndPaint,hWin,ps   invoke  ReleaseDC,hWin,hDC     invoke  LocalFree,ps .elseif  eax == WM_COMMAND  ; ------- Command Control ------- ;   mov  eax,wParam   and  eax,0FFFFh     ; ------- Menu-Menu ------- ;   ; --------------------[ -= MENU =- ]   .if eax==IDM_FILE_EXIT    jmp  @close   .elseif  eax == IDM_FILE_SCAN    call  CheckAndAskIfAvailable    .if  eax     call  StartQuickScan  ; <-- quick scan ;    .endif   .elseif  eax == IDM_FILE_SCAN2    call  StartScanSingleFile    ; <-- Scan single file ;   .elseif  eax == IDM_FILE_SCANMULTIPLEOBJECT    call  CheckAndAskIfAvailable   ; <-- multiple object scan ;    .if  eax     call  MultipleScanObject    .endif   .elseif  eax == IDM_FILE_SCANMEM    call  CheckAndAskIfAvailable    .if  eax     call  QuickScanMem    .endif   .elseif  eax == IDM_FILE_SCANALLREM  ; <-- Scan all removable media ;    call  CheckAndAskIfAvailable    .if  eax     call  StartScanAllRemovableMedia    .endif   .elseif  eax == IDM_FILE_SCANALLHARDISK  ; <-- Scan all hardisk partition ;    call  CheckAndAskIfAvailable    .if  eax     call  StartScanAllHardisk    .endif   .elseif  eax == IDM_FILE_SCANONLYWINDIR ; <-- scan only windows directory ;    call  CheckAndAskIfAvailable    .if  eax         invoke  StartScanOnlyDir,offset szWinDir    .endif   .elseif  eax == IDM_FILE_SCANSYSDIR    call  CheckAndAskIfAvailable    .if  eax     invoke  StartScanOnlyDir,offset szSysDir    .endif   .elseif  eax == IDM_VIEW_RESULT    call  ViewResult   .elseif  eax == IDM_VIEW_CONSOLELOG  ; <-- Console style LOG ;    call  ShowLogWindow   .elseif  eax == IDM_VIEW_VDB    invoke  DialogBoxParam,hInstance,IDD_ANVDB,hWin,ADDR AnvdbDlgProc,0    invoke  ShowWindow,eax,SW_SHOW   .elseif  eax == IDM_VIEW_QUARZONE ; <-- view quarantine ;    call  ViewQuarantine   .elseif  eax == IDM_VIEW_TRUSTZONE    call  StartTrustZone   .elseif  eax == IDM_ADVANCED_ASHUT ; <-- Auto shutdown after scan finished ;    .if  !ShutdownAfterScan     mov  ShutdownAfterScan,1     invoke  CheckMenuItem,hMainMenu,IDM_ADVANCED_ASHUT,MF_CHECKED    .else     mov  ShutdownAfterScan,0     invoke  CheckMenuItem,hMainMenu,IDM_ADVANCED_ASHUT,MF_UNCHECKED    .endif   .elseif  eax == IDM_VIEW_CLEARLIST    mov  [LastScannedInfo.wStatus],STATUS_TAKEACTION    invoke  SendMessage,hMainList,LVM_DELETEALLITEMS,0,0    invoke  SetActionTbState,STATE_DISABLE   .elseif  eax == IDM_ADVANCED_CONFIG    call  StartConfigDlg   .elseif  eax == IDM_HELP_INSTALL  ; <-- INSTALL ;    call  InstallUninstallAnsav   .elseif  eax==IDM_HELP_ABOUT   ; ------- About ------- ;    push  hWin    call  ShowAboutDialog   .elseif  eax==IDM_HELP_README    call  Readme   .elseif  eax == IDM_HELP_UPDATE ; <-- UPDATE ;    .if  AlreadyInstalled     call  Update    .else     invoke  MessageBox,hWin,     reparg("Please install ANSAV first to use this feature"),     offset szAppName,MB_OK    .endif     .elseif  eax == IDM_HELP_SUBMITTHREAT    invoke  ShellExecute,hWin,offset szOpen,reparg("<a href='http://ansav.com/content/view/15/34/' class='bbc_url' title='External link' rel='nofollow external'>http://ansav.com/content/view/15/34/"</a>),0,0,SW_MAXIMIZE   ; ------- popup menu ------- ;   ; --------------------[ -= POPUP MENU =- ]   .elseif  eax == IDM_MPM_PROPERTIES    call  ObjectProperties   .elseif  eax == IDM_MPM_GOTOOBJL    call  GotoObjectLocation   .elseif  eax == IDM_MPM_SELECTALL    call  SelectAllObject   .elseif  eax == IDM_MPM_CLEAN  ; <-- clean selected object ;    mov  ForFix,1    push  1 ; <-- clean only selected object ;    call  StartCleanNow   .elseif  eax == IDM_MPM_DELETE  ; <-- delete selected object ;    push  1 ; <-- clean only selected object ;    call  StartCleanNow   .elseif  eax == IDM_MPM_QUARANTINE  ; <-- quarantine selected object ;    push  1 ; <-- quarantine only selected object ;    call  StartQuarantineNow   .elseif  eax == IDM_MPM_SIGNASTRUST    call  DoSignAsTrust   .elseif  eax == IDM_MPM_COPYTHREATN    push  1    call  ClipboardCopyObject ; <-- threat name ;   .elseif  eax == IDM_MPM_COPYOBJPATH    push  2    call  ClipboardCopyObject ; <-- object path ;     ; ------- Button-Button ------- ;   ; --------------------[ -= BUTTON/TOOLBAR =- ]   .elseif  eax == IDC_MAINTB_EXIT    jmp  @close   .elseif  eax == IDC_MAINTB_SCAN    call  CheckAndAskIfAvailable    .if  eax     mov  eax,MainScanButton     .if  eax == 1      call  StartQuickScan     .elseif  eax == 2      call  ScanSingleFile     .elseif  eax == 3      call  MultipleScanObject     .else      call  StartQuickScan     .endif    .endif   .elseif  eax == IDC_MAINTB_STOP    mov  StopScan,1    mov  StopClean,1   .elseif  eax == IDC_MAINTB_CLEAN    ; confirm    cmp  NoActConfirm,1    je   @F    invoke  MessageBox,hWin,      reparg("Are you sure to clean all detected object?"),      ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL    .if  eax == IDOK     @@:     mov  ForFix,1     push  0    ; <-- clean all object in list and try to clean first;     call  StartCleanNow    .endif   .elseif  eax == IDC_MAINTB_DELETE    ; confirm    cmp  NoActConfirm,1    je   @F    invoke  MessageBox,hWin,      reparg("Are you sure to delete all detected object?"),      ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL    .if  eax == IDOK     @@:     push  0    ; <-- delete all object ;     call  StartCleanNow    .endif   .elseif  eax == IDC_MAINTB_QUARANTINE    ; confirm    cmp  NoActConfirm,1    je   @F    invoke  MessageBox,hWin,      reparg("Are you sure to quarantine all detected object?"),      ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL    .if  eax == IDOK     @@:     push  0    ; <-- quarantine all object ;     call  StartQuarantineNow    .endif   .elseif  eax == IDC_MAINTB_VIEWRES    call  ViewResult   .endif   ;-------------------------------------- PLUGINS ----------------------------------------;   mov  eax,[wParam]   .if   eax >= DynPluginsMenuMin &&     eax <= DynPluginsMenuMax     push  eax     call  ProcessPlugins   .endif   ;;-------------------------------------- HOOK CODE ----------------------------------------; ; ;.elseif  eax == WM_USER+777h ; ;  ;invoke  ProcessThisMessage,wParam,lParam ;  ;ret ; ;;-------------------------------------- end of hook code ----------------------------------------; .elseif  eax==WM_SIZE   call  RepositionMainWnd .elseif  eax == WM_NOTIFY  ; <-- notify ;     push  ebx    mov   ebx,lParam    mov  eax,[ebx.NMHDR].hwndFrom    .if  eax == hMainList     .if  [ebx.NMHDR].code == NM_RCLICK      call  ReleaseCapture      call  MainPopMenu     .endif    .endif   pop  ebx   .elseif eax==WM_CLOSE   ; ------- If Close ------- ; @close:   ; ------- confirm if scan process running ------- ;   .if  InScanning || InAction    .if  InScanning     mov  edx,reparg("Do you want to stop current scanning process?")    .else     mov  edx,reparg("Do you want to stop current action process?")    .endif    invoke  MessageBox,hWin,edx,ADDR szAppName,MB_YESNO or MB_ICONQUESTION        cmp  eax,IDNO    je   @F   .endif   call  MainWndCleanUp     ; ------- check uncleanable object ------- ;   .if  SomeObjectNeedReboot    invoke  wsprintf,offset szUtilsBuff,offset szUncleanNdtrbF,SomeObjectNeedReboot    invoke  MessageBox,hWin,offset szUtilsBuff,offset szAppName,MB_YESNO or MB_ICONQUESTION    .if  eax==IDYES     invoke  MessageBox,hWin,offset szPleaseSave,offset szAppName,MB_OK or MB_ICONINFORMATION     call  DoReboot    .endif   .endif     invoke  DestroyWindow,hWin     jmp  @endl   @@:   mov  uMsg,0 ; <-- reset ; bug fixed .elseif eax==WM_DESTROY  ; ------- If Destroy ------- ;   invoke PostQuitMessage,NULL .endif @endl: invoke DefWindowProc,hWin,uMsg,wParam,lParam ret WndProc endp align 16 .data .code ; ------- ENTRYPOINT ------- ; ;--------------------------------------------------------------------------------                                                                               ; start:          ; ------- Entry Point ------- ;|                                                                                   ;/                                                                                  ;/ ;--------------------------------------------------------------------------------/ IFDEF  RELEASE ; ------- Initial First ------- ; call  AnsavInitFirst call  FillJunk ENDIF ; ------- process command line ------- ; call  ProcessCommandLine   ; ------- Make sure memory is clean ------- ; .if  !incmdl   .if  !NoScanMem    call  StartCheckMemoryFirst   .endif .endif ; ------- Make main window ------- ; .if  !incmdl   invoke  WinMain,hInstance,NULL,CommandLine,SW_SHOWDEFAULT .endif GlobalExit:: ; ------- free last scanned path buffer ------- ; call  FreeLastScannedPathBuffer ; ------- free CmdLine buffer ------- ; mov  eax,CmdLineScan cmp  eax,0 je   @F   anfree  eax @@: ; ------- free exvdb is available ------- ; call  CloseExVdb ; ------- if stealth hook, free hook ------- ; call  UnStealth ; ------- immune registry ------- ; call  RegImmune mov  ebx,FreeLibrary ; ------- unload all module ------- ; mov  eax,hArcMod .if  eax   scall  ebx,eax .endif mov  eax,hFixerMod .if  eax   scall  ebx,eax .endif ; ------- unload plugins ------- ; call  CleanupPlugins IFDEF  DEBUG ; ------- Log needed ------- ; call  CloseLog ENDIF IFDEF  ERRORLOG ; ------- Error Log needed ------- ; call  CloseErrorLog ENDIF push 0 call ExitProcess end start

Edited by THAT1ANONYMOUSEDUDE, 04 December 2011 - 03:22 PM.

Spoiler
Warning: Posts by this user are subject to change or may disappear without notice.

#17 Shaggi

Shaggi

    Universalist

  • Active Members
  • PipPipPipPipPipPip
  • 309 posts

Posted 04 December 2011 - 03:37 PM

Because it's a huge source written in bloody assembler and reading it require that I be some kind of human alien hybrid capable of implementing an accelerated advanced understanding and perception of cryptographic code that only machines should be dealing with.

Edit: You want to hold my eyeballs and help me understand this shit?

Plain Text         
.586 ;.MMX .XMM .model  flat, stdcall option  casemap:none ; ------- Main Include ------- ; include Ansav.inc .code ; ------- Code Start ------- ; Align 16 ; ------- Ansav Initial ------- ; AnsavInitFirst proc uses edi esi ebx IFDEF  DEBUG ; ------- Init for debug ------- ; mov  hFileLog,0 call  InitLog ENDIF IFDEF  ERRORLOG mov  hFileErrorLog,0 mov  ErrorOccured,0 ENDIF mLog "AnsavInitFirst::" xor  eax,eax mov  incmdl,eax mov  NoStealth,eax mov  HaveMMX,eax mov  PluginsCount,eax mov  SomeObjectNeedReboot,eax mov  CmdLineScan,eax ; ------- Init for ansav needed value ------- ; push  0 call  GetModuleHandle mov  hInstance,eax call  GetCommandLine mov  CommandLine,eax call  InitCommonControls ; ------- determine processor is support MMX ? ------- ; inc   eax cpuid test  edx,200000h jz   @F   mov  HaveMMX,1 @@: invoke  MyZeroMemory,ADDR icex,sizeof INITCOMMONCONTROLSEX mov  [icex.dwSize],sizeof INITCOMMONCONTROLSEX ; <-- compability ; mov  [icex.dwICC],ICC_COOL_CLASSES mLog "Loading comctl32.dll::" invoke  LoadLibrary,reparg("comctl32.dll") .if  eax   invoke  GetProcAddress,eax,reparg("InitCommonControlsEx")   .if  eax    mLog "[ok]"    lea  edx,icex    push  edx    call  eax IFDEF  DEBUG   .else    mLog "[failed]" ENDIF   .endif IFDEF  DEBUG .else   mLog "[failed]" ENDIF .endif ; ------- Check for NT Window$ Version ------- ; mLog  "Check for Windows Version" invoke  IsNT .if  eax   mLog  "..Windows is NT/2K/XP"   mov  WinVerNT,1 .else   mLog  "..Windows not NT/2K/XP"   mov  WinVerNT,0 .endif ; ------- Escalate privileges ------- ; call  SetToken ; ------- keep run one instance ------- ; call  IsAnsavRun? .if  eax   invoke  MessageBox,0,     reparg("ANSAV already running..."),     offset szAppName,MB_OK   invoke  ExitProcess,0 .endif ; ------- Buffering, get MyDir, MyPath etc... ------- ; call  GetPathPath ; ------- LOAD CONFIGURATION ------- ; push  1 call  LoadConfig xor  eax,eax ; ------- set null flag ------- ; mov  pBufferVirusInfo,eax mov  BufferVirusInfoSize,eax ; ------- init buffer for last scanned path ------- ; mov  LastScannedPath,eax mov  LastScannedPathSize,eax mov  ArcReady,eax ; ------- componen ------- ; call  LoadComponen ; ------- time for blind sucker ------- ; call  BlindSucker AnsavInitFirstSize equ $ - offset AnsavInitFirst ; ------- build CRC 32 table ------- ; call  crcInit ; ------- VERTICAL LOGO ------- ; invoke  LoadBitmap,hInstance,IMG_VLOGO mov  hVLogoBmp,eax ; ------- decrypt vbd ------- ; IFDEF  RELEASE call  DecryptVDB ENDIF call  IsAlreadyInstalled? mov  AlreadyInstalled,eax .if  !eax   .if  !TimeForBlind    invoke  lstrcat,ADDR szAppName,reparg(" - [ PORTABLE ]")   .endif .endif invoke  LoadIcon,hInstance,IDI_MAIN_ICON mov  hMainIcon,eax ; ------- check for external database ------- ; xor  eax,eax mov  ExternalVdb,eax mov  ExternalVdbSize,eax call  LoadExVdb call  RenewConfigFlags ; ------- check exvdb ver compare ------- ; .if  ExternalVdb && ExternalVdbSize   mov  esi,ExternalVdb   movzx  eax,[esi.EXVDBINFO].wDay   movzx  ecx,[esi.EXVDBINFO].wMonth   movzx  edx,[esi.EXVDBINFO].wYear   cmp  edx,dwRDYear   ja  @F   cmp  ecx,dwRDMonth   ja   @F   cmp  eax,dwRDDay   ja   @F    jmp  @nver   @@:   mov  dwRDYear,edx   mov  dwRDMonth,ecx   mov  dwRDDay,eax .endif @nver: ; ------- immune registry ------- ; call  RegImmune ; get explorer PID, exclude from heuristic engine invoke  FindWindow,0,reparg("Start Menu") .if  eax   invoke  GetWindowThreadProcessId,eax,offset ExplorerPID .endif ; ------- load trusted database ------- ; call  LoadTrustDatabase call  OnLatestUpdate ; ------- check oldiest engine alias kadaluwarsa! ------- ; call IsOldiest? ; ------- check etc host file ------- ; call  CheckEtcHost ; ------- set antidump ------- ; call  AntiDump ret AnsavInitFirst endp Align 16 WndProc PROTO :HWND,:UINT,:WPARAM,:LPARAM ; ------- Win Main procedure ------- ; WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD LOCAL wc:WNDCLASSEX LOCAL msg:MSG mLog  "WinMain enter::" invoke  MyZeroMemory,ADDR wc,sizeof WNDCLASSEX mov  [wc.cbSize],sizeof WNDCLASSEX mov  [wc.style],CS_HREDRAW or CS_VREDRAW mov  [wc.lpfnWndProc],offset WndProc mov  [wc.cbClsExtra],NULL mov  [wc.cbWndExtra],DLGWINDOWEXTRA push hInst pop  [wc.hInstance] mov  [wc.hbrBackground],COLOR_BTNFACE+1 mov  [wc.lpszMenuName],IDM_MAIN_MENU mov  [wc.lpszClassName],offset szClassName mov  eax,hMainIcon mov  [wc.hIcon],eax mov  [wc.hIconSm],eax invoke LoadCursor,NULL,IDC_ARROW mov  wc.hCursor,eax invoke RegisterClassEx,addr wc mErrorTrap eax,"cannot register class",@endl mLog  "CreateDialogParam..." invoke CreateDialogParam,hInstance,IDD_DIALOG,NULL,offset WndProc,NULL mov  hMainWnd,eax mErrorTrap eax,"cannot Create main window",@endl invoke UpdateWindow,hMainWnd invoke  SetLastError,0 invoke  MyZeroMemory,ADDR msg,sizeof MSG invoke  Sleep,100 .while TRUE   invoke  IsWindow,hMainWnd   test  eax,eax   jz   @endl   invoke GetMessage,addr msg,NULL,0,0    .BREAK .if !eax   invoke TranslateMessage,addr msg   invoke DispatchMessage,addr msg .endw mov  eax,[msg.wParam] ret @endl: xor  eax,eax ret WinMain endp align 16 ; ------- Main Window Procedure ------- ; WndProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM LOCAL  ps,hDC,hOld,memDC:DWORD mov  eax,uMsg .if eax==WM_INITDIALOG   ; ------- Initial dialog ------- ;   push hWin   pop  hMainWnd   .if  !TimeForBlind    invoke  SetWindowText,hWin,ADDR szAppName   .else    invoke  SetWindowText,hWin,ADDR szRandomString   .endif   push  ebx   push  esi   mov  ebx,GetDlgItem   mov  esi,hMainWnd   scall  ebx,esi,IDC_MAIN_PB   mov  hMainProgBar,eax   scall  ebx,esi,IDC_EDIT_PATH   mov  hMainEditPath,eax   scall  ebx,esi,IDC_TXT_STATUS   mov  hMainTxtStatus,eax   scall  ebx,esi,IDC_TXT_CHKFILES   mov  hTxtCheckedFiles,eax   scall  ebx,esi,IDC_TXT_THREATDETC   mov  hTxtDetectedThreats,eax   scall  ebx,esi,IDC_TXT_PERCENT   mov  hTxtMainPercent,eax   pop  esi   pop  ebx   invoke  GetMenu,hWin   mov  hMainMenu,eax   ; ------- Build-build ------- ;   call  BuildMainListview   call  BuildMainTxtStatus   call  BuildToolbar   call  BuildMainMenuPic   call  BuildMainPopMenu   call  SetAllMainCtrlState   invoke  SendMessage,hToolBar,     TB_ENABLEBUTTON,IDC_MAINTB_STOP,STATE_DISABLE   ; ------- Create timer to monitor existing rem media ------- ;   call  SetMainTimer   ; ------- Check for existing threat in mem ------- ;   mov  MemCheck,1   call  CheckAndProcessBVI   .if  eax    invoke  SetMainTxtStatus,STATUS_DETECTED    invoke  SetActionTbState,STATE_ENABLE   .else    invoke  SetMainTxtStatus,STATUS_CLEAN    invoke  SetActionTbState,STATE_DISABLE   .endif   mov  MemCheck,0   ; ------- Set status ------- ;   StatusIdleWait   ; make status clr show ttl   call  SetStatusClrTtl   .if  !NoPlugins    call  BuildPlugins   .endif   ; ------- create syncro hook ------- ;   .if  ShowLog    call  ShowLogWindow   .endif   invoke  VerticalTile,hWin,IMG_VREDTILE,70   ; ------- is already installed? ------- ;   call  CheckInstalled   .if  StealthMode && hStealthmMap    mov  eax,hStealthmMap    m2m  [eax.CEST].hMainWnd,hWin    m2m  [eax.CEST].hWnd2,hWin   .endif   invoke  SetTimer,hWin,2194,2000,offset MakeUnkillable   call  SetMenuInstallable   ; ------- auto check update ------- ;   mov  hAutUpdCheckThread,0   lea  eax,AutomaticUpdateCheck   invoke  CreateThread,0,0,eax,0,0,offset brw   mov  hAutUpdCheckThread,eax   call  DontHookme   invoke  SetForegroundWindow,hWin   invoke  SetFocus,hWin   .if  CmdLineScan    invoke  StartScanOnlyDir,CmdLineScan   .endif .elseif  eax == WM_PAINT   invoke LocalAlloc,LPTR,sizeof PAINTSTRUCT   mov  ps,eax   invoke  BeginPaint,hWin,ps   mov    hDC, eax   invoke  CreateCompatibleDC,hDC   mov    memDC, eax   invoke  SelectObject,memDC,hVLogoBmp   mov    hOld, eax   invoke  BitBlt,hDC,1,1,80,400,memDC,0,0,SRCCOPY   invoke  SelectObject,hDC,hOld   invoke  DeleteDC,memDC   invoke  EndPaint,hWin,ps   invoke  ReleaseDC,hWin,hDC   invoke  LocalFree,ps .elseif  eax == WM_COMMAND  ; ------- Command Control ------- ;   mov  eax,wParam   and  eax,0FFFFh   ; ------- Menu-Menu ------- ;   ; --------------------[ -= MENU =- ]   .if eax==IDM_FILE_EXIT    jmp  @close   .elseif  eax == IDM_FILE_SCAN    call  CheckAndAskIfAvailable    .if  eax     call  StartQuickScan  ; <-- quick scan ;    .endif   .elseif  eax == IDM_FILE_SCAN2    call  StartScanSingleFile    ; <-- Scan single file ;   .elseif  eax == IDM_FILE_SCANMULTIPLEOBJECT    call  CheckAndAskIfAvailable   ; <-- multiple object scan ;    .if  eax     call  MultipleScanObject    .endif   .elseif  eax == IDM_FILE_SCANMEM    call  CheckAndAskIfAvailable    .if  eax     call  QuickScanMem    .endif   .elseif  eax == IDM_FILE_SCANALLREM  ; <-- Scan all removable media ;    call  CheckAndAskIfAvailable    .if  eax     call  StartScanAllRemovableMedia    .endif   .elseif  eax == IDM_FILE_SCANALLHARDISK  ; <-- Scan all hardisk partition ;    call  CheckAndAskIfAvailable    .if  eax     call  StartScanAllHardisk    .endif   .elseif  eax == IDM_FILE_SCANONLYWINDIR ; <-- scan only windows directory ;    call  CheckAndAskIfAvailable    .if  eax       invoke  StartScanOnlyDir,offset szWinDir    .endif   .elseif  eax == IDM_FILE_SCANSYSDIR    call  CheckAndAskIfAvailable    .if  eax     invoke  StartScanOnlyDir,offset szSysDir    .endif   .elseif  eax == IDM_VIEW_RESULT    call  ViewResult   .elseif  eax == IDM_VIEW_CONSOLELOG  ; <-- Console style LOG ;    call  ShowLogWindow   .elseif  eax == IDM_VIEW_VDB    invoke  DialogBoxParam,hInstance,IDD_ANVDB,hWin,ADDR AnvdbDlgProc,0    invoke  ShowWindow,eax,SW_SHOW   .elseif  eax == IDM_VIEW_QUARZONE ; <-- view quarantine ;    call  ViewQuarantine   .elseif  eax == IDM_VIEW_TRUSTZONE    call  StartTrustZone   .elseif  eax == IDM_ADVANCED_ASHUT ; <-- Auto shutdown after scan finished ;    .if  !ShutdownAfterScan     mov  ShutdownAfterScan,1     invoke  CheckMenuItem,hMainMenu,IDM_ADVANCED_ASHUT,MF_CHECKED    .else     mov  ShutdownAfterScan,0     invoke  CheckMenuItem,hMainMenu,IDM_ADVANCED_ASHUT,MF_UNCHECKED    .endif   .elseif  eax == IDM_VIEW_CLEARLIST    mov  [LastScannedInfo.wStatus],STATUS_TAKEACTION    invoke  SendMessage,hMainList,LVM_DELETEALLITEMS,0,0    invoke  SetActionTbState,STATE_DISABLE   .elseif  eax == IDM_ADVANCED_CONFIG    call  StartConfigDlg   .elseif  eax == IDM_HELP_INSTALL  ; <-- INSTALL ;    call  InstallUninstallAnsav   .elseif  eax==IDM_HELP_ABOUT   ; ------- About ------- ;    push  hWin    call  ShowAboutDialog   .elseif  eax==IDM_HELP_README    call  Readme   .elseif  eax == IDM_HELP_UPDATE ; <-- UPDATE ;    .if  AlreadyInstalled     call  Update    .else     invoke  MessageBox,hWin,     reparg("Please install ANSAV first to use this feature"),     offset szAppName,MB_OK    .endif   .elseif  eax == IDM_HELP_SUBMITTHREAT    invoke  ShellExecute,hWin,offset szOpen,reparg("<a href='http://ansav.com/content/view/15/34/' class='bbc_url' title='External link' rel='nofollow external'>http://ansav.com/content/view/15/34/"</a>),0,0,SW_MAXIMIZE   ; ------- popup menu ------- ;   ; --------------------[ -= POPUP MENU =- ]   .elseif  eax == IDM_MPM_PROPERTIES    call  ObjectProperties   .elseif  eax == IDM_MPM_GOTOOBJL    call  GotoObjectLocation   .elseif  eax == IDM_MPM_SELECTALL    call  SelectAllObject   .elseif  eax == IDM_MPM_CLEAN  ; <-- clean selected object ;    mov  ForFix,1    push  1 ; <-- clean only selected object ;    call  StartCleanNow   .elseif  eax == IDM_MPM_DELETE  ; <-- delete selected object ;    push  1 ; <-- clean only selected object ;    call  StartCleanNow   .elseif  eax == IDM_MPM_QUARANTINE  ; <-- quarantine selected object ;    push  1 ; <-- quarantine only selected object ;    call  StartQuarantineNow   .elseif  eax == IDM_MPM_SIGNASTRUST    call  DoSignAsTrust   .elseif  eax == IDM_MPM_COPYTHREATN    push  1    call  ClipboardCopyObject ; <-- threat name ;   .elseif  eax == IDM_MPM_COPYOBJPATH    push  2    call  ClipboardCopyObject ; <-- object path ;   ; ------- Button-Button ------- ;   ; --------------------[ -= BUTTON/TOOLBAR =- ]   .elseif  eax == IDC_MAINTB_EXIT    jmp  @close   .elseif  eax == IDC_MAINTB_SCAN    call  CheckAndAskIfAvailable    .if  eax     mov  eax,MainScanButton     .if  eax == 1      call  StartQuickScan     .elseif  eax == 2      call  ScanSingleFile     .elseif  eax == 3      call  MultipleScanObject     .else      call  StartQuickScan     .endif    .endif   .elseif  eax == IDC_MAINTB_STOP    mov  StopScan,1    mov  StopClean,1   .elseif  eax == IDC_MAINTB_CLEAN    ; confirm    cmp  NoActConfirm,1    je   @F    invoke  MessageBox,hWin,      reparg("Are you sure to clean all detected object?"),      ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL    .if  eax == IDOK     @@:     mov  ForFix,1     push  0    ; <-- clean all object in list and try to clean first;     call  StartCleanNow    .endif   .elseif  eax == IDC_MAINTB_DELETE    ; confirm    cmp  NoActConfirm,1    je   @F    invoke  MessageBox,hWin,      reparg("Are you sure to delete all detected object?"),      ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL    .if  eax == IDOK     @@:     push  0    ; <-- delete all object ;     call  StartCleanNow    .endif   .elseif  eax == IDC_MAINTB_QUARANTINE    ; confirm    cmp  NoActConfirm,1    je   @F    invoke  MessageBox,hWin,      reparg("Are you sure to quarantine all detected object?"),      ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL    .if  eax == IDOK     @@:     push  0    ; <-- quarantine all object ;     call  StartQuarantineNow    .endif   .elseif  eax == IDC_MAINTB_VIEWRES    call  ViewResult   .endif ;-------------------------------------- PLUGINS ----------------------------------------;   mov  eax,[wParam]   .if   eax >= DynPluginsMenuMin &&     eax <= DynPluginsMenuMax     push  eax     call  ProcessPlugins   .endif ;;-------------------------------------- HOOK CODE ----------------------------------------; ; ;.elseif  eax == WM_USER+777h ; ;  ;invoke  ProcessThisMessage,wParam,lParam ;  ;ret ; ;;-------------------------------------- end of hook code ----------------------------------------; .elseif  eax==WM_SIZE   call  RepositionMainWnd .elseif  eax == WM_NOTIFY  ; <-- notify ;   push  ebx    mov   ebx,lParam    mov  eax,[ebx.NMHDR].hwndFrom    .if  eax == hMainList     .if  [ebx.NMHDR].code == NM_RCLICK      call  ReleaseCapture      call  MainPopMenu     .endif    .endif   pop  ebx .elseif eax==WM_CLOSE   ; ------- If Close ------- ; @close:   ; ------- confirm if scan process running ------- ;   .if  InScanning || InAction    .if  InScanning     mov  edx,reparg("Do you want to stop current scanning process?")    .else     mov  edx,reparg("Do you want to stop current action process?")    .endif    invoke  MessageBox,hWin,edx,ADDR szAppName,MB_YESNO or MB_ICONQUESTION      cmp  eax,IDNO    je   @F   .endif   call  MainWndCleanUp   ; ------- check uncleanable object ------- ;   .if  SomeObjectNeedReboot    invoke  wsprintf,offset szUtilsBuff,offset szUncleanNdtrbF,SomeObjectNeedReboot    invoke  MessageBox,hWin,offset szUtilsBuff,offset szAppName,MB_YESNO or MB_ICONQUESTION    .if  eax==IDYES     invoke  MessageBox,hWin,offset szPleaseSave,offset szAppName,MB_OK or MB_ICONINFORMATION     call  DoReboot    .endif   .endif   invoke  DestroyWindow,hWin   jmp  @endl   @@:   mov  uMsg,0 ; <-- reset ; bug fixed .elseif eax==WM_DESTROY  ; ------- If Destroy ------- ;   invoke PostQuitMessage,NULL .endif @endl: invoke DefWindowProc,hWin,uMsg,wParam,lParam ret WndProc endp align 16 .data .code ; ------- ENTRYPOINT ------- ; ;--------------------------------------------------------------------------------                                                                               ; start:          ; ------- Entry Point ------- ;|                                                                                   ;/                                                                                  ;/ ;--------------------------------------------------------------------------------/ IFDEF  RELEASE ; ------- Initial First ------- ; call  AnsavInitFirst call  FillJunk ENDIF ; ------- process command line ------- ; call  ProcessCommandLine ; ------- Make sure memory is clean ------- ; .if  !incmdl   .if  !NoScanMem    call  StartCheckMemoryFirst   .endif .endif ; ------- Make main window ------- ; .if  !incmdl   invoke  WinMain,hInstance,NULL,CommandLine,SW_SHOWDEFAULT .endif GlobalExit:: ; ------- free last scanned path buffer ------- ; call  FreeLastScannedPathBuffer ; ------- free CmdLine buffer ------- ; mov  eax,CmdLineScan cmp  eax,0 je   @F   anfree  eax @@: ; ------- free exvdb is available ------- ; call  CloseExVdb ; ------- if stealth hook, free hook ------- ; call  UnStealth ; ------- immune registry ------- ; call  RegImmune mov  ebx,FreeLibrary ; ------- unload all module ------- ; mov  eax,hArcMod .if  eax   scall  ebx,eax .endif mov  eax,hFixerMod .if  eax   scall  ebx,eax .endif ; ------- unload plugins ------- ; call  CleanupPlugins IFDEF  DEBUG ; ------- Log needed ------- ; call  CloseLog ENDIF IFDEF  ERRORLOG ; ------- Error Log needed ------- ; call  CloseErrorLog ENDIF push 0 call ExitProcess end start

10 minutes of reading reveals nothing malicious in that source. its just a gui source file, that inits the gui and has a message loop. it spawns a thread on some autoupdate stuff and the only potentially dangerous are the calls to anything outside that file, that is Scan***file etc. rather have a look in Ansav.inc
If you downloaded it from some random site, its possible that someone infected it.
Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG

#18 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 5,968 posts

Posted 04 December 2011 - 03:38 PM

That's nothing. Where's the rest? The heart.

Maybe I'm in love (Sshh, it's a secret)

.

 

eMyvnE


#19 CaptainClucks

CaptainClucks

    Unum Cavillator Spuria

  • Active Members
  • PipPipPipPipPipPip
  • 1,222 posts

Posted 04 December 2011 - 03:47 PM

That's nothing. Where's the rest? The heart.


You're a scary individual, I guess we know who the alien hybrids are around here, I got the source from here, what ever you do, DO NOT run the precompiled binary as it literally deleted every file on my hdd that wasn't locked at a ferocious velocity.
Spoiler
Warning: Posts by this user are subject to change or may disappear without notice.

#20 BrewManNH

BrewManNH

    באָבקעס מיט קודוצ׳ה

  • MVPs
  • 9,528 posts

Posted 04 December 2011 - 05:32 PM

So, you downloaded a program, that you yourself stated you don't know what it does because you couldn't be bothered to read the source code. Then you ran it on your main computer rather than in a sandbox or virtual machine. Then it deleted everything on your computer that wasn't locked when you ran this unknown program. And you're mad at someone else because you were too lazy/stupid/disinterested to figure out what it would do, and were too stupid to run it in a sandbox/virtual machine, am I getting this right?
  • Richard Robertson, BigDod and MvGulik like this

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to an XP machine, and I'm not going to.

 

How to ask questions the smart way!

 

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.
Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.
_FileGetProperty - Retrieve the properties of a file SciTE Toolbar - A toolbar demo for use with the SciTE editorGUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.
GUIToolTip UDF Demo - Demo script to show how to use the GUIToolTip UDF to create and use customized tooltips. Latin Square password generator

 

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.






Also tagged with one or more of these keywords: asm, MASM32, Assmebly

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users