home *** CD-ROM | disk | FTP | other *** search
- ;@goto translate
-
-
- .586P
-
- .MODEL FLAT, STDCALL
-
- OPTION CASEMAP: NONE
-
- UNICODE = 0
- INCLUDE WINDOWS.inc
- INCLUDE APIMACRO.mac
-
- INCLUDELIB iKERNEL32.lib
- INCLUDELIB iUSER32.lib
-
- INCLUDE ApiHooks.inc
- INCLUDELIB iApiHooks.lib
-
-
- .DATA?
- OrigMsgBoxA DWORD ?
- OrigMsgBoxW DWORD ?
-
- prinfo PROCESS_INFORMATION <>
- stinfo STARTUPINFO <>
-
-
- .CODE
- TEXTA KERNEL32, <KERNEL32.dll/0>
- TEXTA GetVersion, <GetVersion/0>
-
- TEXTW Cap, <Cap.dll/0>
- TEXTW DllRegSrv, <DllRegisterServer/0>
-
- TEXT Test4, <4Test.exe/0>
-
- TEXTA AlienA, <Alien.dll/0>
- TEXTW AlienW, <Alien.dll/0>
-
- PrimaryThread PROC
- iWin32 GetCurrentProcessId
- MOV EBX, EAX
-
- iWin32 IsModuleLoadedW, sCap, EBX
- iWin32 LoadAndCallW, sCap, EBX, 1, sDllRegSrv
- iWin32 IsModuleLoadedW, sCap, EBX
- iWin32 UnloadModuleW, sCap, EBX, 10
-
- iWin32 IsModuleLoadedA, sKERNEL32, EBX
- iWin32 LoadAndCallA, sKERNEL32, EBX, 1, sGetVersion
- iWin32 UnloadModuleA, sKERNEL32, EBX, 10
-
- iMOV EBX, MessageBoxA
- sWin32 EBX, NULL, smmsgA, smTitleA, MB_ICONINFORMATION
- MOV OrigMsgBoxA, EBX ;save original API address
-
- iMOV EBX, MessageBoxW
- sWin32 EBX, NULL, smmsgW, smTitleW, MB_ICONINFORMATION
- MOV OrigMsgBoxW, EBX ;save original API address
-
- ;change my (ModuleImport==NULL) import
- iWin32 HookApiA, sUSER32A, sMessageBoxA, HOOK_BY_ADDRESS, NULL, NULL, OFFSET NewMessageBoxA, NULL
- iWin32 MessageBoxA, NULL, smmsgA, smTitleA, MB_ICONINFORMATION
-
- iWin32 HookApiW, sUSER32W, sMessageBoxW, HOOK_BY_ADDRESS, NULL, NULL, OFFSET NewMessageBoxW, NULL
- iWin32 MessageBoxW, NULL, smmsgW, smTitleW, MB_ICONINFORMATION
-
- MOV ESI, OFFSET stinfo
- SUB EBP, EBP
- MOV (STARTUPINFO PTR [ESI]).cb, STARTUPINFO
- iWin32i CreateProcess,sTest4, EBP,\
- EBP, EBP, EBP,\
- CREATE_SUSPENDED,\
- EBP, EBP,\
- ESI, OFFSET prinfo
- TEST EAX, EAX
- JE @F
-
- MOV EBX, prinfo.dwProcessId
-
- iWin32 IsModuleLoadedW, sCap, EBX
- iWin32 LoadAndCallW, sCap, EBX, 1, sDllRegSrv
- iWin32 IsModuleLoadedW, sCap, EBX
- iWin32 UnloadModuleW, sCap, EBX, 10
-
- iWin32 IsModuleLoadedA, sKERNEL32, EBX
- iWin32 LoadAndCallA, sKERNEL32, EBX, 1, sGetVersion
- iWin32 UnloadModuleA, sKERNEL32, EBX, 10
-
- iWin32 EstablishApiHooksA, sAlienA, EBX
- iWin32 EstablishApiHooksW, sAlienW, EBX
- iWin32 UnloadModuleA, sAlienA, EBX, 2
-
- iWin32 ResumeThread, prinfo.hThread
- iWin32 CloseHandle, prinfo.hProcess
- iWin32 CloseHandle, prinfo.hThread
-
- @@:
- iWin32 ExitProcess, STATUS_SUCCESS
- PrimaryThread ENDP
-
- TEXTA mTitleA, <WarningA/0>
- TEXTA mmsgA, <This is illegalA./0>
-
- TEXTW mTitleW, <WarningW/0>
- TEXTW mmsgW, <This is illegalW./0>
-
- NewMessageBoxA PROC hWnd, lpText, lpCaption, uType
- MOV EAX, uType
- TEST EAX, MB_ICONINFORMATION
- JE @F
- XOR EAX, MB_ICONINFORMATION OR MB_ICONEXCLAMATION
- @@:
- sWin32 OrigMsgBoxA, hWnd, lpText, lpCaption, EAX
- RET
- NewMessageBoxA ENDP
-
- NewMessageBoxW PROC hWnd, lpText, lpCaption, uType
- MOV EAX, uType
- TEST EAX, MB_ICONINFORMATION
- JE @F
- XOR EAX, MB_ICONINFORMATION OR MB_ICONEXCLAMATION
- @@:
- sWin32 OrigMsgBoxW, hWnd, lpText, lpCaption, EAX
- RET
- NewMessageBoxW ENDP
-
- TEXTA USER32A, <USER32.dll/0>
- TEXTA MessageBoxA, <MessageBoxA/0>
- TEXTW USER32W, <USER32.dll/0>
- TEXTW MessageBoxW, <MessageBoxW/0>
-
- END PrimaryThread
-
- :translate
- @echo off
- ML /c /coff /nologo Test.bat
- eLINK Test /nologo /optidata /IGNORE:4078 /SUBSYSTEM:WINDOWS /MERGE:.rdata=.text
- DEL Test.obj
- PAUSE
- CLS
