Software Recommendations

home *** CD-ROM | disk | FTP | other *** search

/ Software Recommendations - 1998 Season 1 / DNBCD4.iso / share / compress / exe / untiny / CUNP / CUNP.ASM < prev next >

Wrap

Assembly Source File | 1997-08-09 | 24.5 KB | 920 lines

; MASM 6.0, TASM 3.x .model tiny .code .startup .386 DEBUG equ TRUE ;; 4 debugging isSCHARF equ 123 ;; int 21 aktiv? ;; --─────────────────────────────────────────────────────────────────────--- @KBD_On Macro in al, 21h and al, not(2) out 21h, al ENDM ;; --─────────────────────────────────────────────────────────────────────--- @NebelBomb Macro push bx ;; AX = b8, BX = bb, DX = ba db 0bbh ;; Nebelbombe (Mov ax, 03ebh) jmp $+6 ;; für Sourcer pop bx jmp $-3 ;; Lästig für TD db 09Ah ;; Falscher Opcode für TD ;; hier gehts weiter ENDM @NebelBombSmall Macro ;; 10.10.94 jmp $+4 dw $ + 8181h ENDM ;; --─────────────────────────────────────────────────────────────────────--- clear_trap macro @NebelBombSmall push ax pushf pop ax and ax,0feffh push ax popf pop ax endm _start: pushad jmp start orig100 dd 0123456eah lastax dw -3 ; last AX, when invoked Int21 lastip dw -2 lastcs dw -1 scharf dw -1 @NebelBomb introut: pusha ; cs, ip, flags pushf push ds push es mov di,sp nop add di,18h ;di auf sp ; mov ax, ss:[di] ; save IP ; mov cs:lastip, ax mov ax,cs cmp word ptr ss:[di+2],ax ;im eigenen code? je rause mov ax,word ptr cs:[newseg] nop cmp word ptr ss:[di+2],ax ; segment kleiner als entryseg nop ja rause mov ax,word ptr ss:[di] ; offset des rücksprungs cmp ax,word ptr cs:[maxip] ; größer als maxip ja rause cmp ax,word ptr cs:[minip] ; kleiner als minip? jb rause jmp done ; wieder in meine routine zurück rause: clear_trap pop es pop ds popf popa weiter: ret rc_count db 1 ;************************************************************************* ; ; This handler handels int 0, 1, 3 and 24h calls ; ;************************************************************************* IRet_Handler proc far mov al, 3 iret IRet_Handler ENDP ;************************************************************************** ; ; This handler is invoked by the own code, so be carefully by fakeing it ; ;************************************************************************** @NebelBomb int_21: mov cs:lastAX, AX ; save AX, IP push ax push bp cli mov bp, sp mov ax, ss:[bp+4] mov cs:lastIP, AX mov ax, ss:[bp+6] mov cs:lastCS, AX pop bp pop ax cmp cs:scharf, isSCHARF ; 0.17 - April, 8th jne int_21_skip cmp ah, 4ah ; malloc? jz int_21_skip cmp ah, 0bh jz int_21_skip cmp ah, 9h ; print? jnz int_21w1 mov si, dx ; index mode cmp word ptr ds:[si], "iG" ; unrec patch jz done cmp byte ptr ds:[si], "$" ; rcc patch ifdef ELITE jz int_21_skip ; jnz int_21w1 ; cmp cs:lastIp, 8000h ; ja int_21w1 ; dec cs:rc_count ; cmp cs:rc_count, 0 ; jz done else jz done endif int_21w1: ;;---------------------------------------rcc 286/hard-------------------- cmp ah, 2fh jz int_21_skip ifdef ELITE cmp ah, 3dh jz int_21_skip cmp ah, 25h jz int_21_skip ENDIF cmp ah, 35h jz int_21_skip ;;---------------------------------------rcc 286/hard-------------------- cmp ah, 30h ; get dos ver? jz int_21_skip call introut int_21_skip: db 0eah ;farjump old21ofs dw -1 old21seg dw -2 @NebelBomb int_09: call introut db 0eah old09ofs dw 9 old09seg dw 10 @NebelBomb int_10: cmp ah, 3 jz int_10_skip call introut int_10_skip: db 0eah old10ofs dw -3 old10seg dw -4 @NebelBomb int_20: call introut ; jmp nosucc db 0eah old20ofs dw -5 old20seg dw -6 ;******************************************** ; ; The Main Unpacker starts here.... ; ;******************************************** start: clear_trap ; no tracing please! :)) mov dword ptr _start, eax ; for lame COM dumpers @NebelBomb cld mov dx, offset Intro call Write @NebelBomb mov dword ptr start, eax ; for lame COM dumpers xor ax, ax mov al,byte ptr ds:[80h] ;wenn ja al auf die länge cmp ax, 4 ja paramok mov dx, offset help call Write jmp wech paramok: mov di,ax ;dann auf die für [] mov byte ptr [81h+di], ah ;null hinten hin für ah=3dh mov dx,82h ;offset vom parameter(81h=leerzeichen) mov ax,3d02h int 21h jnc okopen mov dx,offset erroropen jmp error okopen: xchg ax,bx mov word ptr [handle],bx ;handle sichern mov ax,4202h xor cx,cx cwd int 21h ;ans ende seeken jc fopen_err or dx,dx je oksize fopen_err: mov dx,offset errorsize jmp error oksize: mov word ptr [filesize],ax ;filesize sichern call saveints call readconf call readfile ; Sets up NewSeg etc.! call setints push ds pop es push cs pop ds mov ah, 9 mov dx, offset FileInfos int 21h mov ax, newseg call printax mov ax, minip call printax mov ax, maxip call printax mov dx, offset SizeDesc mov ah, 9 int 21h sub eax, eax mov ax, filesize call WriteDecimal call SetupEnvIron mov dx,offset jumping int 21h mov dx, word ptr cs:[newseg] mov es, dx mov ds, dx mov ss, dx popad ;; from START mov sp, 0fffeh ;; here bug fix for DOS mov cs:scharf, isSCHARF ;; scharf machen! jmp dword ptr cs:[newofs] ;hinspringen protecterror: pushad push ds push cs pop ds mov dx, offset ProtM_Msg mov ah, 9 int 21h pop ds popad jmp done int22h_handler: ;▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ; By Setting The 0Ah and the 0Ch addresses To This Code, (PSP:0Ah = INT 22) ; When Program Process ends (INT 22) it will return to here pushad push ds mov bx,cs mov ah,50h ; Set current Proccess ID back int 21h ; To Our CODE pop ds popad done: mov sp,0fffeh push cs pop ds push cs pop es push cs pop ss call restoreints push cs pop ds mov dx, offset Back_Msg mov ah, 9 int 21h mov ax, lastAX call printAX mov dx, offset csip mov ah, 9 int 21h mov ax, lastCS call printax mov ax, lastIP call printAX mov ah, 9 mov dx, offset crlf int 21h ;▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ PUSH DS mov ds,word ptr cs:[newseg] mov eax, dword ptr ds:[100h] POP DS cmp eax, cs:orig100 jnz hostchanged mov dx, offset notch jmp error hostchanged: ;; File writeing... mov bx,word ptr cs:[handle] ;handle wieder her mov ax,4200h xor cx,cx cwd int 21h mov ds,word ptr cs:[newseg] mov dx,100h mov cx, word ptr cs:searchlen ;!!!!!!!Filesize!!!!!!! mov si, cx add si, dx ;; -----------------------------------nop's nopscan: dec si cmp byte ptr ds:[si], 90h jnz brk_nopscan dec cx jnz nopscan ;; -----------------------------------nop's brk_nopscan: pusha push cs pop ds mov ah, 9 mov dx, offset newCX int 21h sub eax,eax mov ax, cx call WriteDecimal mov dx, offset crlf mov ah, 9 int 21h popa mov ds,word ptr cs:[newseg] mov ah,40h int 21h mov ah,3eh int 21h ;datei schliessen push cs pop ds mov ah,09 mov dx,offset unpacked int 21h mov dx,offset term mov ah,09 int 21h jmp wech error2: pusha call RestoreInts popa error: push cs pop ds mov ah,09 int 21h wech: in al,21h and al,0fdh out 21h,al mov al, 0aeh out 64h, al mov ax, 4c00h int 21h nosucc: push cs pop ds push cs pop es push cs pop ss mov sp,0fffeh call restoreints in al,21h and al,0fdh out 21h,al mov ah,09 push cs pop ds mov dx,offset nothin int 21h jmp wech ; ---=[ Functions ]=--------------------------------------------------- saveints: push 0 pop ds xor si,si mov di,offset inttab ;ES points to DATA mov cx,100h ;komplette int-tab cli rep movsd sti push cs pop ds mov ax,3509h ;benutzte ints int 21h ;getrennt sichern mov word ptr [old09ofs],bx mov word ptr [old09seg],es mov ax,3510h ;benutzte ints int 21h ;getrennt sichern mov word ptr [old10ofs],bx mov word ptr [old10seg],es mov al,20h int 21h mov word ptr [old20ofs],bx mov word ptr [old20seg],es mov al,21h int 21h mov word ptr [old21ofs],bx mov word ptr [old21seg],es ret ; ---=[ Functions ]=--------------------------------------------------- setints: push cs pop ds mov ah,09 mov dx,offset setting int 21h mov ax,2509h ;keyb int setzen mov dx,offset int_09 int 21h mov ax,2510h ;video int setzen mov dx,offset int_10 int 21h mov al,20h ;int 20h mov dx,offset int_20 int 21h mov al,21h ;int 21h mov dx,offset int_21 int 21h ;----------------------------------------Protected Mode Handler--------- mov ax, 2506h mov dx, offset protecterror int 21h mov al, 0dh int 21h mov al, 0ch int 21h ;----------------------------------------Int 01h, int 03h Handler------- mov ax, 2500h mov dx, offset iret_handler int 21h ifndef DEBUG mov al, 1 int 21h ; debugging int mov al, 3 int 21h endif mov al, 24h int 21h ;----------------------------------------Int 20h, int 22h Handler------- mov al, 22h mov dx, offset int22h_handler int 21h mov al, 20h int 21h ret ; ----=[ Setup Env ]=--------------------Set up the Environment--------- SetupEnvIron proc near push cs pop ds mov dx,offset trans mov ah,09 int 21h mov ax, newseg call printax mov ah, 9 mov dx, offset crlf int 21h mov ah,26h ; Create New PSP mov dx, newseg ; Seg. of Allocated Mem int 21h mov bx,word ptr cs:newseg mov ah,50h ; Set current Proccess ID int 21h ; to COMFILE's PSP push cs pop ds mov ax,word ptr ds:newseg mov es,ax xor si,si xor di,di mov cx,100h rep movsb ;psp übertragen mov byte ptr es:[80h],0 ;parameter auf 0 mov word ptr es:0Ah, offset int22h_handler ; COMFile-1:0001h = COMFile Seg. mov word ptr es:0Ch,cs ; On CONTINUE: ; mov word ptr es:[080h],0D00h ret SetUpEnvIron ENDP ; ---=[ Functions ]=--------------------------------------------------- RestoreInts: ;int 3 pushad ;; Restore INT 21h 4 printing mov eax, dword ptr cs:[old21ofs] push 0 pop ds mov dword ptr ds:[21h*4], eax push cs pop ds mov ah,09 mov dx,offset restoring int 21h cli push 0 pop es xor di,di mov si,offset inttab mov cx,100h cld rep movsd sti popad ret ; ---=[ Functions ]=--------------------------------------------------- readconf proc near, mov ah,09 mov dx,offset rconf int 21h mov ax,3d00h mov dx,offset cfile int 21h jnc okopen2 readc_err1: mov dx,offset erroropen2 mov ah, 9 int 21h jmp readc_err okopen2: xchg ax,bx mov ah,3fh mov cx, 7 mov dx,offset minip ;min und max einlesen int 21h jc readc_err1 readc_err: mov ah,3eh ;datei schliessen int 21h ret ReadConf ENDP ; ---=[ Functions ]=--------------------------------------------------- readfile proc near ; reads host push cs pop ds mov ah,09h mov dx,offset reading int 21h mov bx,word ptr [handle] ;handle wieder her mov ax,4200h xor cx,cx cwd int 21h ;zum anfang seeken mov cx, word ptr [filesize] mov dx, offset errorsize ; mov ax, 0fdf0h ; sub ax, offset lastbyte ; fucking TASM! cmp cx, 0fd00h jae error2 mov dx,100h mov ax,ds add ax,0ffffh / 16 +1 ;1 Segment above! mov ds,ax ;segmente richten mov word ptr cs:[newseg],ds mov ah,3fh int 21h ;Datei einlesen ;; -[EXE-Head?]-------------------------------------------- mov ax, word ptr ds:[100h] mov dx, offset noexe cmp ax, "MZ" jz error2 cmp ax, "ZM" jz error2 mov eax, dword ptr ds:[100h] mov cs:orig100, eax ;; -------------------------- Noppen mov si, 101h add si, cs:[filesize] mov cx, 0fef0h sub cx, si cmp cx, 0f800h ja readnop_ret readnop: mov byte ptr ds:[si], 90h inc si loop readnop readnop_ret: ret readfile endp ; ; This routine prints the contents of AX as a four-byte hex number. ; ; ---=[ Functions ]=--------------------------------------------------- printax proc near, push ax call print_hex pop ax xchg ah, al call print_hex mov dl, "h" int 21h mov dl, 32 int 21h ret print_hex: mov al,ah shr ah,4 cmp ah,9 jbe next1 add ah,7 next1: add ah,'0' and al,0fh cmp al,9 jbe next2 add al,7 next2: add al,'0' push cx mov cl,ah mov ch,al mov Ah,02 mov Dl,cl int 21h mov Ah,02 mov Dl,ch int 21h pop cx ret printax endp .DATA restoring: db " ■ Restoring interrupts 00h to 0FFh",0ah,0dh,"$" term: db " ■ Program terminated.",0ah,0dh,"$" unpacked: db " ■ Writing now the decrypted file to disk :-)",0ah,0dh db " ■ File sucessfully unpacked!?",0ah,0dh,"$" trans: db 13, 10, " ■ Transfering PSP/PID to $" nothin: db " ■ Could not unpack the file successful!",0ah,0dh,"$" FileInfos: db " ■ CS, Min IP, Max IP, filelength: $" newCX: db " ■ New file length calculated: $" noexe: db " ■ EXE file header detected. Sorry, no EXE files yet supported!", 7 crlf: db 13, 10, "$" notch: db " ■ Sorry, host file can't be unpacked (unchanged)! Aborting!", 7, 13, 10, 7, "$" ProtM_Msg: db " ■ pROTECTED mODE fATAL eRROR - Unpacking stopped!", 7, 13, 10, 7, "$" Back_Msg: db " ■ Control passed back to your handler!", 13, 10 db " ■ Last iNT 21h call was AX=$" csip: db "CS:IP=$" inttab: db 400h dup (0), " thnkx to rand0m " filename: db "CUNP_CRK.COM",0,13,10,"$" handle: dw 0 filesize dw 0 minip dw 100h maxip dw 0f600h searchlen dw 0f600h use386 db 0 newofs dw 100h newseg dw 0 .code write proc near, pusha push ds pop es mov si, dx lea bp, [volne] mov ah, 0fh int 10h ; Get current video mode ; BH - cislo aktivnej stranky zopakuj: mov di, bp xor cx, cx zoberznak: lodsb cmp al, '$' je kresli or al, al ; 0 -> new color jnz zapis lodsb mov ah, al ; fetch new color jmp zoberznak zapis: inc cx cmp al, 20h jnb znak stosb ; toto bude kod jmp co_dalej znak: stosw ; a toto znak co_dalej: cmp di, offset volne+78 jna zoberznak kresli: push ax push cx mov ah, 03h ; read cursor pos int 10h pop cx mov ax, 1303h ; write string int 10h pop ax cmp al, '$' jne zopakuj ; retazec je vypisany popa ret write endp WriteDecimal proc near push eax push ebx push ecx push edx test eax, 10000000000000000000000000000000b ; negative je short @@3 neg eax ; reverse the number push eax mov ah, 02h mov dl, '-' ; print a '-' int 21h pop eax @@3: mov ebx, 10 xor cx, cx @@1: xor edx, edx div ebx ; (exd:eax) / 10 push dx ; the lowest decimal number inc cx or eax, eax ; eax=0 ? jne @@1 mov ah, 02h @@2: pop dx ; number in dans dl add dl, '0' int 21h dec cx or cx, cx jne @@2 pop edx pop ecx pop ebx pop eax ret WriteDecimal endp .data volne db 256 dup (7h) lastbyte equ $ Intro: db 13, 10, 0, 14 db '─┼─────── ── ─ ─ ∙· ° . ° ·-·- -=[',0,3+16," 1996-97 ",0,14,']=- -·', 13, 10 db ' │ ° ° ∙', 13, 10 db " . ─═■ ",0,3+16," ROSE's Generic COM file unpacker 0.16ß ",0,14," ■═─ │", 13, 10 db " │ ─═■",0,3," Basic concept by [Ka0t & ROSE]",0,14," ■═─ .", 13, 10 db " ∙ ° ─═■",0,3," Unpacks almost EVERY real COM file ",0,14,"■═─ ° │", 13, 10 db " │ ° ",0,3," eLiTE vERSi0N?: ", 0,14 ifdef ELITE db "YES" else db "No!" endif db 0,14," ° ∙", 13, 10 db " · - -=[",0,3+16," 386++ required! ",0,14,"]=- ° . ° ·∙ ─ ─ ── ──────┼─", 13, 10 db 0,3," Immune against anti load and generic anti debugger tricks",0,14," |", 0, 7 db 13, 10, "$" help: db 0, 3 db " (C) by ROSE Softwareentwicklung, Dipl.-Ing. (FH) Ralph Roth, ", 13, 10 db " Finkenweg 24, D 78658 Zimmern, FAX: +49.741-32647, Fido: 2:246/2101.2" db 13, 10, 0, 7, 13, 10 db "This sucker can unpack/unprotect at least:", 13, 10 db 0, 14 db " - Protect/COM: 2.0, 4.0, 5.0, 5.5, 5.6 & 6.0", 13, 10 db " - [GENERIC] Scrambler/Crypters: ComLock, Moshe, Rand0m, NSP,", 13, 10 db " Cryptcom, Rcrypt, Scramble, HDKiller, etc.", 13, 10 db " - Pklite 1.00 - 2.01 & Scrunch 1.0x: Perfect unpacking!", 13, 10 db " - Diet/COM 1.00 - 1.45f, Elite/COM 2.00, EXECode 1.00", 13, 10 db " - Compack, AVPack etc.", 13, 10 db " - ICE, Shrink, Synopsis COM Protect, Iceman Protection etc.", 13, 10 db 0, 7 db 13, 10 db "To get the best results for Protect 5.6/6.0 etc. use the config file editor!" db 13, 10 ifndef ELITE db "Note... Cunp CAN UNPACK HACKSTOP and RC286 from ROSE - but NOT in this", 13, 10 db " public release... " endif db "$" ;;----------------------------------------------------------------------------- jumping: db " ■ Executing now the encrypted code...",0ah,0dh,"$" setting: db " ■ Setting INTs 10h, 20h, 21h, 22h etc. Setting Protect Mode Handlers.",0ah,0dh,"$" reading: db " ■ Reading file in buffer...",0ah,0dh,"$" rconf: db " ■ Reading config file " cfile: db "CUNP.CFG",0, 0ah,0dh,"$" SizeDesc: db " Length: $" errorsize: db " ■ Sorry, files only files smaller than approx. 60 KB allowed!",0ah,0dh,"$" erroropen: db " ■ Sorry, can't open this fuckin' filez...",0ah,0dh,"$" erroropen2: db " ■ Sorry, can't open config file! - Using default values!",0ah,0dh,"$" end