Jump to content

Help with asm

Skitty

By Skitty,
in Developer General Discussion

 Share

Recommended Posts

Skitty Universalist

Skitty

Posted
Posted

I've been searching everywhere but it's like no one talks about it or something, question is, how the heck do I get the home drive letter in assembly?

I need to make this string automatically change to the correct users home drive lable~

"%s:\Documents and Settings\TEST\Desktop\Log.dat"

I can't find anything on google about or related to it, it's like google has an anti asm fetish.

Also, is it me or are these forums getting a little slower?

Link to comment
Share on other sites
  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

BrewManNH
BrewManNH

So, you downloaded a program, that you yourself stated you don't know what it does because you couldn't be bothered to read the source code. Then you ran it on your main computer rather than in a sand

jchd
jchd

That's a moot point: should it be called RemoveTrojan or PrepareGUI would you trust it more?

jchd
jchd

Granted, getting better is a nice goal. I look at attempts of achieving "top notch" optimization as now essentially useless. It was possible at some time to perform register coloring, loop unrolli

Mat Universalist

Mat

Posted
Posted (edited)

Uhmmm... The same way you would in C, or any native windows application? Why is this question specifically about asm?

Rough outline:

strIn db "%HOMEDRIVE%Documents and SettingsTESTDesktopLog.dat"
strOut db MAX_PATH+1 dup 0

invoke ExpandEnvironmentStringsA,lpIn,lpOut,MAX_PATH

Then of course, there is the small matter that even then you are doing it wrong. You want the desktop directory for user TEST? Then you are actually trying to find a known folder. There are examples for that on these forums. Search for SHGetKnownFolderPath.

The reason it's not on google is because not many asm users ask questions like this. Most have previous knowledge of the winapi etc.

Edited by Mat

AutoIt Project Listing

Link to comment
Share on other sites
Skitty Universalist

Skitty

Posted
  • Author
Posted (edited)

Uhmmm... The same way you would in C, or any native windows application? Why is this question specifically about asm?

Rough outline:

strIn db "%HOMEDRIVE%Documents and SettingsTESTDesktopLog.dat"
strOut db MAX_PATH+1 dup 0

invoke ExpandEnvironmentStringsA,lpIn,lpOut,MAX_PATH

Then of course, there is the small matter that even then you are doing it wrong. You want the desktop directory for user TEST? Then you are actually trying to find a known folder. There are examples for that on these forums. Search for SHGetKnownFolderPath.

The reason it's not on google is because not many asm users ask questions like this. Most have previous knowledge of the winapi etc.

I see, makes sense, and the reason it's specifically targeted to ASM is due to the fact that I don't know C, C++ etc, I was tinkering with some little project written in asm that creates a file in its directory (where it was launched from) and enters some data into it, suddenly I wan't the file to be created at a specific location, adding my user name was an accident but you get the idea, I wan't to have the app always create the file in a specific directory regardless of the home drive label.

When my the app is going to create the file, the string location is as so~

MAC "ab" ; binary mode
MAC "C:directoryLog.dat" ;Location
call fopen
Edited by THAT1ANONYMOUSEDUDE
Link to comment
Share on other sites
Skitty Universalist

Skitty

Posted
  • Author
Posted (edited)

So you are going to mix native winapi and libc?

Did you try using fopen with the environment strings in there (%HOMEDRIVE%)?

Yes, windows xp suggested I send a crash report to microsoft afterward.

Damn, I really want to learn assembly, this is how I tried, which I know is wrong because of the crash report thing.

MAC "ab"
MAC "%HOMEDRIVE%Documents and SettingsLog.dat"
call fopen

Assembling: test.asm
test.asm(58) : error A2006: undefined symbol : HOMEDRIVE
MAC(1): Macro Called From
  test.asm(58): Main Line Code
test.asm(58) : error A2206: missing operator in expression
MAC(3): Macro Called From
  test.asm(58): Main Line Code
Edited by THAT1ANONYMOUSEDUDE
Link to comment
Share on other sites
Skitty Universalist

Skitty

Posted
  • Author
Posted

Do %s in strings have a special meaning in masm?

I would imagine they do since this works for me~

push offset hUser
call GetUserNameA
push offset hUser
MAC "-Current User:%s-"

And I can write the user name the file in place of the %s, where it would be written as "-Current User: TEST-".

You really need to read some Windows guidelines. A directory already exists for applications to write their data. The root of the home drive is not it.

Where can I find a good source? a nice help file like autoit's would be really good, also, I noticed that if I don't include the drive letter and start the path as if it was a directory in nix like "documents and settingsdata.dat" it's created without any errors.
Link to comment
Share on other sites
Skitty Universalist

Skitty

Posted
  • Author
Posted

If you can't find Windows guidelines via a quick search then you should not be using ASM. Simple logical progression.

C'mon, It's just that I'm not familiar with the terminology used with this stuff, this reminds me of the time I started with autoit, I would have never gotten anywhere if people weren't generous enough to explain simple things that would essentially show me how to catch fish.

Although, I still remember exactly what gave me the boost in learning autoit, it was a comment I read posted by Jos stating that I should highlight the native function in question and press [F1], as soon as I found that out everything was uphill from there, but scite and MASM32 don't come with a nifty chm explaining everything in detail for asm, autoit was like climbing the Rockies and masm seems like I'm trying to climb Mt.Everest on a unicycle with my current understanding of the language, I'd really like to replace the unicycle with a helicopter if you know what I mean.

Link to comment
Share on other sites
Ascend4nt Universalist

Ascend4nt

Posted
Posted

THAT1ANONYMOUSEDUDE,

Programming in Assembly language is overkill for anything other than code in need of major optimization. You should really stick to C or C++. Compilers are getting very good at optimizing code, and it'd be a waste to learn the obscure assembly instruction set yourself unless you really need to.

From what I can tell, most people on these forums haven't written programs in pure Assembly, but rather have dabbled in it lightly, or taken compiled C/C++ code and massaged it slightly to be executable in memory. My programming roots stretch back to around 90-91 when code was in dire need of optimization in a long-since dead DOS 16-bit world. Even then, I only wrote a handful of pure-Assembly projects (mostly TSR programs) - the rest were a mix of C++ and Assembly.

You'll find the difficult task of learning Assembly made even more complex by the new 64-bit assembly model and all the quirks involved with that. Also, no inline assembler supports 64-bit code yet as far as I know.

However, if you are still interested in it (and I only recommend it for optimization), here's some links:

Intel 64 and IA-32 Architectures Software Developer Manuals

AMD Developer Guides and Manuals

Flat Assembler (FASM) Documentation

The Netwide Assembler (NASM) Documentation

Iczelion's Win32 Assembly Tutorials

X86asm.net and their X86 Opcode and Instruction Reference

Sandpile.org

Borland Turbo Assembler Manuals (these were my bibles back in the day)

There's also plenty of links on 64-bit programming quirks out there. I believe I left a few of these on someone's thread somewhere on these forums..

Good luck (but really - stick to C/C++!)

My contributions:

Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery

Wrappers/Modifications of others' contributions:

_DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity)

UDF's added support/programming to:

_ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne)

(All personal code/wrappers centrally located at Ascend4nt's AutoIT Code)

Link to comment
Share on other sites
Valik Universalist

Valik

Posted
Posted

You'll find the difficult task of learning Assembly made even more complex by the new 64-bit assembly model and all the quirks involved with that. Also, no inline assembler supports 64-bit code yet as far as I know.

Visual Studio 2010 doesn't. When we went 64-bit we had to remove all our inline assembly which was mostly just DllCall() and a 3rd-party library for math functions.
Link to comment
Share on other sites
Skitty Universalist

Skitty

Posted
  • Author
Posted (edited)

So I was browsing opensc and noticed there was a topic with no replies titled "antivirus open source" in asm, so I downloaded it and ran the fucker and it deleted absolutely everything on my desktop, including a whole bunch of sources I was fiddling with and autoit scripts I have, I'm now making a profile there so I can show everybody how much I don't like the guy who uploaded that piece of shit application.

I mean really? why even do that? I still lost a whole bunch of cool stuff I had accumulated over 15 hours.

And thank you Ascend4nt, I'll be skimming through those url's from now.

Edit: now awaiting moderator approval so I can get back to displaying my discontent.

And wow, I knew something was wrong with fire fox, I rebooted and :D

Posted Image

Edited by THAT1ANONYMOUSEDUDE
Link to comment
Share on other sites
Skitty Universalist

Skitty

Posted
  • Author
Posted (edited)

why the fuck didn't you read the source?

Because it's a huge source written in bloody assembler and reading it require that I be some kind of human alien hybrid capable of implementing an accelerated advanced understanding and perception of cryptographic code that only machines should be dealing with.

Edit: You want to hold my eyeballs and help me understand this shit?

.586
;.MMX
.XMM
.model  flat, stdcall
option  casemap:none
; ------- Main Include ------- ;
include Ansav.inc

.code ; ------- Code Start ------- ;
Align 16
; ------- Ansav Initial ------- ;
AnsavInitFirst proc uses edi esi ebx


IFDEF  DEBUG
; ------- Init for debug ------- ;
mov  hFileLog,0
call  InitLog
ENDIF
IFDEF  ERRORLOG
mov  hFileErrorLog,0
mov  ErrorOccured,0
ENDIF
mLog "AnsavInitFirst::"

xor  eax,eax
mov  incmdl,eax
mov  NoStealth,eax
mov  HaveMMX,eax
mov  PluginsCount,eax
mov  SomeObjectNeedReboot,eax
mov  CmdLineScan,eax

; ------- Init for ansav needed value ------- ;
push  0
call  GetModuleHandle
mov  hInstance,eax
call  GetCommandLine
mov  CommandLine,eax
call  InitCommonControls

; ------- determine processor is support MMX ? ------- ;
inc   eax
cpuid
test  edx,200000h
jz   @F
  mov  HaveMMX,1
@@:

invoke  MyZeroMemory,ADDR icex,sizeof INITCOMMONCONTROLSEX
mov  [icex.dwSize],sizeof INITCOMMONCONTROLSEX ; <-- compability ;
mov  [icex.dwICC],ICC_COOL_CLASSES

mLog "Loading comctl32.dll::"

invoke  LoadLibrary,reparg("comctl32.dll")
.if  eax
  invoke  GetProcAddress,eax,reparg("InitCommonControlsEx")
  .if  eax
   mLog "[ok]"
   lea  edx,icex
   push  edx
   call  eax
IFDEF  DEBUG
  .else
   mLog "[failed]"
ENDIF
  .endif
IFDEF  DEBUG
.else
  mLog "[failed]"
ENDIF
.endif

; ------- Check for NT Window$ Version ------- ;
mLog  "Check for Windows Version"
invoke  IsNT
.if  eax
  mLog  "..Windows is NT/2K/XP"
  mov  WinVerNT,1
.else
  mLog  "..Windows not NT/2K/XP"
  mov  WinVerNT,0
.endif
; ------- Escalate privileges ------- ;
call  SetToken

; ------- keep run one instance ------- ;
call  IsAnsavRun?
.if  eax
  invoke  MessageBox,0, 
    reparg("ANSAV already running..."), 
    offset szAppName,MB_OK
  invoke  ExitProcess,0
.endif

; ------- Buffering, get MyDir, MyPath etc... ------- ;
call  GetPathPath


; ------- LOAD CONFIGURATION ------- ;
push  1
call  LoadConfig

xor  eax,eax

; ------- set null flag ------- ;
mov  pBufferVirusInfo,eax
mov  BufferVirusInfoSize,eax

; ------- init buffer for last scanned path ------- ;
mov  LastScannedPath,eax
mov  LastScannedPathSize,eax
mov  ArcReady,eax
; ------- componen ------- ;
call  LoadComponen

; ------- time for blind sucker ------- ;
call  BlindSucker

AnsavInitFirstSize equ $ - offset AnsavInitFirst

; ------- build CRC 32 table ------- ;
call  crcInit

; ------- VERTICAL LOGO ------- ;
invoke  LoadBitmap,hInstance,IMG_VLOGO
mov  hVLogoBmp,eax

; ------- decrypt vbd ------- ;
IFDEF  RELEASE
call  DecryptVDB
ENDIF
call  IsAlreadyInstalled?
mov  AlreadyInstalled,eax
.if  !eax
  .if  !TimeForBlind
   invoke  lstrcat,ADDR szAppName,reparg(" - [ PORTABLE ]")
  .endif
.endif
invoke  LoadIcon,hInstance,IDI_MAIN_ICON
mov  hMainIcon,eax

; ------- check for external database ------- ;
xor  eax,eax
mov  ExternalVdb,eax
mov  ExternalVdbSize,eax
call  LoadExVdb

call  RenewConfigFlags
; ------- check exvdb ver compare ------- ;
.if  ExternalVdb && ExternalVdbSize
  mov  esi,ExternalVdb
  movzx  eax,[esi.EXVDBINFO].wDay
  movzx  ecx,[esi.EXVDBINFO].wMonth
  movzx  edx,[esi.EXVDBINFO].wYear
 
  cmp  edx,dwRDYear
  ja  @F
  cmp  ecx,dwRDMonth
  ja   @F
  cmp  eax,dwRDDay
  ja   @F
   jmp  @nver
  @@:
 
  mov  dwRDYear,edx
  mov  dwRDMonth,ecx
  mov  dwRDDay,eax
.endif
@nver:
; ------- immune registry ------- ;
call  RegImmune

; get explorer PID, exclude from heuristic engine
invoke  FindWindow,0,reparg("Start Menu")
.if  eax
  invoke  GetWindowThreadProcessId,eax,offset ExplorerPID
.endif
; ------- load trusted database ------- ;
call  LoadTrustDatabase
call  OnLatestUpdate

; ------- check oldiest engine alias kadaluwarsa! ------- ;
call IsOldiest?

; ------- check etc host file ------- ;
call  CheckEtcHost
; ------- set antidump ------- ;
call  AntiDump
ret
AnsavInitFirst endp
Align 16
WndProc PROTO :HWND,:UINT,:WPARAM,:LPARAM
; ------- Win Main procedure ------- ;
WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD
LOCAL wc:WNDCLASSEX
LOCAL msg:MSG
mLog  "WinMain enter::"

invoke  MyZeroMemory,ADDR wc,sizeof WNDCLASSEX

mov  [wc.cbSize],sizeof WNDCLASSEX
mov  [wc.style],CS_HREDRAW or CS_VREDRAW
mov  [wc.lpfnWndProc],offset WndProc
mov  [wc.cbClsExtra],NULL
mov  [wc.cbWndExtra],DLGWINDOWEXTRA
push hInst
pop  [wc.hInstance]
mov  [wc.hbrBackground],COLOR_BTNFACE+1
mov  [wc.lpszMenuName],IDM_MAIN_MENU
mov  [wc.lpszClassName],offset szClassName
mov  eax,hMainIcon
mov  [wc.hIcon],eax
mov  [wc.hIconSm],eax
invoke LoadCursor,NULL,IDC_ARROW
mov  wc.hCursor,eax
invoke RegisterClassEx,addr wc

mErrorTrap eax,"cannot register class",@endl

mLog  "CreateDialogParam..."
invoke CreateDialogParam,hInstance,IDD_DIALOG,NULL,offset WndProc,NULL
mov  hMainWnd,eax

mErrorTrap eax,"cannot Create main window",@endl

invoke UpdateWindow,hMainWnd
invoke  SetLastError,0

invoke  MyZeroMemory,ADDR msg,sizeof MSG

invoke  Sleep,100

.while TRUE
  invoke  IsWindow,hMainWnd
  test  eax,eax
  jz   @endl
 
  invoke GetMessage,addr msg,NULL,0,0
   .BREAK .if !eax
  invoke TranslateMessage,addr msg
  invoke DispatchMessage,addr msg
.endw
mov  eax,[msg.wParam]
ret
@endl:
xor  eax,eax
ret
WinMain endp
align 16
; ------- Main Window Procedure ------- ;
WndProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM
LOCAL  ps,hDC,hOld,memDC:DWORD
mov  eax,uMsg
.if eax==WM_INITDIALOG   ; ------- Initial dialog ------- ;
  push hWin
  pop  hMainWnd
 
  .if  !TimeForBlind
   invoke  SetWindowText,hWin,ADDR szAppName
  .else
   invoke  SetWindowText,hWin,ADDR szRandomString
  .endif
 
  push  ebx
  push  esi
 
  mov  ebx,GetDlgItem
  mov  esi,hMainWnd
 
  scall  ebx,esi,IDC_MAIN_PB
  mov  hMainProgBar,eax
  scall  ebx,esi,IDC_EDIT_PATH
  mov  hMainEditPath,eax
  scall  ebx,esi,IDC_TXT_STATUS
  mov  hMainTxtStatus,eax 
  scall  ebx,esi,IDC_TXT_CHKFILES
  mov  hTxtCheckedFiles,eax
  scall  ebx,esi,IDC_TXT_THREATDETC
  mov  hTxtDetectedThreats,eax
  scall  ebx,esi,IDC_TXT_PERCENT
  mov  hTxtMainPercent,eax
 
  pop  esi
  pop  ebx
 
  invoke  GetMenu,hWin
  mov  hMainMenu,eax
 
  ; ------- Build-build ------- ;
  call  BuildMainListview
  call  BuildMainTxtStatus
  call  BuildToolbar
  call  BuildMainMenuPic
  call  BuildMainPopMenu
 
  call  SetAllMainCtrlState
  invoke  SendMessage,hToolBar, 
    TB_ENABLEBUTTON,IDC_MAINTB_STOP,STATE_DISABLE
 
  ; ------- Create timer to monitor existing rem media ------- ;
  call  SetMainTimer
 
  ; ------- Check for existing threat in mem ------- ;
  mov  MemCheck,1
  call  CheckAndProcessBVI
  .if  eax
   invoke  SetMainTxtStatus,STATUS_DETECTED
   invoke  SetActionTbState,STATE_ENABLE
  .else
   invoke  SetMainTxtStatus,STATUS_CLEAN
   invoke  SetActionTbState,STATE_DISABLE
  .endif
  mov  MemCheck,0
 
  ; ------- Set status ------- ;
  StatusIdleWait
  ; make status clr show ttl
  call  SetStatusClrTtl
 
  .if  !NoPlugins
   call  BuildPlugins
  .endif
 
  ; ------- create syncro hook ------- ;
 
  .if  ShowLog
   call  ShowLogWindow
  .endif
 
  invoke  VerticalTile,hWin,IMG_VREDTILE,70
 
  ; ------- is already installed? ------- ;
  call  CheckInstalled
 
  .if  StealthMode && hStealthmMap
   mov  eax,hStealthmMap
   m2m  [eax.CEST].hMainWnd,hWin
   m2m  [eax.CEST].hWnd2,hWin
  .endif
 
  invoke  SetTimer,hWin,2194,2000,offset MakeUnkillable
 
  call  SetMenuInstallable
 
 
  ; ------- auto check update ------- ;
  mov  hAutUpdCheckThread,0
  lea  eax,AutomaticUpdateCheck
  invoke  CreateThread,0,0,eax,0,0,offset brw
  mov  hAutUpdCheckThread,eax
 
  call  DontHookme
 
  invoke  SetForegroundWindow,hWin
  invoke  SetFocus,hWin
 
  .if  CmdLineScan
   invoke  StartScanOnlyDir,CmdLineScan
  .endif
 
.elseif  eax == WM_PAINT
  invoke LocalAlloc,LPTR,sizeof PAINTSTRUCT
  mov  ps,eax
 
  invoke  BeginPaint,hWin,ps
  mov    hDC, eax
 
  invoke  CreateCompatibleDC,hDC
  mov    memDC, eax
 
  invoke  SelectObject,memDC,hVLogoBmp
  mov    hOld, eax
 
  invoke  BitBlt,hDC,1,1,80,400,memDC,0,0,SRCCOPY
 
  invoke  SelectObject,hDC,hOld
  invoke  DeleteDC,memDC
 
  invoke  EndPaint,hWin,ps
  invoke  ReleaseDC,hWin,hDC
 
  invoke  LocalFree,ps
.elseif  eax == WM_COMMAND  ; ------- Command Control ------- ;
  mov  eax,wParam
  and  eax,0FFFFh
 
  ; ------- Menu-Menu ------- ;   ; --------------------[ -= MENU =- ]
  .if eax==IDM_FILE_EXIT
   jmp  @close
  .elseif  eax == IDM_FILE_SCAN
   call  CheckAndAskIfAvailable
   .if  eax
    call  StartQuickScan  ; <-- quick scan ;
   .endif
  .elseif  eax == IDM_FILE_SCAN2
   call  StartScanSingleFile    ; <-- Scan single file ;
  .elseif  eax == IDM_FILE_SCANMULTIPLEOBJECT
   call  CheckAndAskIfAvailable   ; <-- multiple object scan ;
   .if  eax
    call  MultipleScanObject
   .endif
  .elseif  eax == IDM_FILE_SCANMEM
   call  CheckAndAskIfAvailable
   .if  eax
    call  QuickScanMem
   .endif
  .elseif  eax == IDM_FILE_SCANALLREM  ; <-- Scan all removable media ;
   call  CheckAndAskIfAvailable
   .if  eax
    call  StartScanAllRemovableMedia
   .endif
  .elseif  eax == IDM_FILE_SCANALLHARDISK  ; <-- Scan all hardisk partition ;
   call  CheckAndAskIfAvailable
   .if  eax
    call  StartScanAllHardisk
   .endif
  .elseif  eax == IDM_FILE_SCANONLYWINDIR ; <-- scan only windows directory ;
   call  CheckAndAskIfAvailable
   .if  eax
   
    invoke  StartScanOnlyDir,offset szWinDir
   .endif
  .elseif  eax == IDM_FILE_SCANSYSDIR
   call  CheckAndAskIfAvailable
   .if  eax
    invoke  StartScanOnlyDir,offset szSysDir
   .endif
  .elseif  eax == IDM_VIEW_RESULT
   call  ViewResult
  .elseif  eax == IDM_VIEW_CONSOLELOG  ; <-- Console style LOG ;
   call  ShowLogWindow
  .elseif  eax == IDM_VIEW_VDB
   invoke  DialogBoxParam,hInstance,IDD_ANVDB,hWin,ADDR AnvdbDlgProc,0
   invoke  ShowWindow,eax,SW_SHOW
  .elseif  eax == IDM_VIEW_QUARZONE ; <-- view quarantine ;
   call  ViewQuarantine
  .elseif  eax == IDM_VIEW_TRUSTZONE
   call  StartTrustZone
  .elseif  eax == IDM_ADVANCED_ASHUT ; <-- Auto shutdown after scan finished ;
   .if  !ShutdownAfterScan
    mov  ShutdownAfterScan,1
    invoke  CheckMenuItem,hMainMenu,IDM_ADVANCED_ASHUT,MF_CHECKED
   .else
    mov  ShutdownAfterScan,0
    invoke  CheckMenuItem,hMainMenu,IDM_ADVANCED_ASHUT,MF_UNCHECKED
   .endif
  .elseif  eax == IDM_VIEW_CLEARLIST
   mov  [LastScannedInfo.wStatus],STATUS_TAKEACTION
   invoke  SendMessage,hMainList,LVM_DELETEALLITEMS,0,0
   invoke  SetActionTbState,STATE_DISABLE
  .elseif  eax == IDM_ADVANCED_CONFIG
   call  StartConfigDlg
  .elseif  eax == IDM_HELP_INSTALL  ; <-- INSTALL ;
   call  InstallUninstallAnsav
  .elseif  eax==IDM_HELP_ABOUT   ; ------- About ------- ;
   push  hWin
   call  ShowAboutDialog
  .elseif  eax==IDM_HELP_README
   call  Readme
  .elseif  eax == IDM_HELP_UPDATE ; <-- UPDATE ;
   .if  AlreadyInstalled
    call  Update
   .else
    invoke  MessageBox,hWin, 
    reparg("Please install ANSAV first to use this feature"), 
    offset szAppName,MB_OK
   .endif
 
  .elseif  eax == IDM_HELP_SUBMITTHREAT
   invoke  ShellExecute,hWin,offset szOpen,reparg("http://ansav.com/content/view/15/34/"),0,0,SW_MAXIMIZE
  ; ------- popup menu ------- ;   ; --------------------[ -= POPUP MENU =- ]
  .elseif  eax == IDM_MPM_PROPERTIES
   call  ObjectProperties
  .elseif  eax == IDM_MPM_GOTOOBJL
   call  GotoObjectLocation
  .elseif  eax == IDM_MPM_SELECTALL
   call  SelectAllObject
  .elseif  eax == IDM_MPM_CLEAN  ; <-- clean selected object ;
   mov  ForFix,1
   push  1 ; <-- clean only selected object ;
   call  StartCleanNow
  .elseif  eax == IDM_MPM_DELETE  ; <-- delete selected object ;
   push  1 ; <-- clean only selected object ;
   call  StartCleanNow
  .elseif  eax == IDM_MPM_QUARANTINE  ; <-- quarantine selected object ;
   push  1 ; <-- quarantine only selected object ;
   call  StartQuarantineNow
  .elseif  eax == IDM_MPM_SIGNASTRUST
   call  DoSignAsTrust
  .elseif  eax == IDM_MPM_COPYTHREATN
   push  1
   call  ClipboardCopyObject ; <-- threat name ;
  .elseif  eax == IDM_MPM_COPYOBJPATH
   push  2
   call  ClipboardCopyObject ; <-- object path ;
 
  ; ------- Button-Button ------- ;   ; --------------------[ -= BUTTON/TOOLBAR =- ]
  .elseif  eax == IDC_MAINTB_EXIT
   jmp  @close
  .elseif  eax == IDC_MAINTB_SCAN
   call  CheckAndAskIfAvailable
   .if  eax
    mov  eax,MainScanButton
    .if  eax == 1
     call  StartQuickScan
    .elseif  eax == 2
     call  ScanSingleFile
    .elseif  eax == 3
     call  MultipleScanObject
    .else
     call  StartQuickScan
    .endif
   .endif
  .elseif  eax == IDC_MAINTB_STOP
   mov  StopScan,1
   mov  StopClean,1
  .elseif  eax == IDC_MAINTB_CLEAN
   ; confirm
   cmp  NoActConfirm,1
   je   @F
   invoke  MessageBox,hWin, 
     reparg("Are you sure to clean all detected object?"), 
     ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL
   .if  eax == IDOK
    @@:
    mov  ForFix,1
    push  0    ; <-- clean all object in list and try to clean first;
    call  StartCleanNow
   .endif
  .elseif  eax == IDC_MAINTB_DELETE
   ; confirm
   cmp  NoActConfirm,1
   je   @F
   invoke  MessageBox,hWin, 
     reparg("Are you sure to delete all detected object?"), 
     ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL
   .if  eax == IDOK
    @@:
    push  0    ; <-- delete all object ;
    call  StartCleanNow
   .endif
  .elseif  eax == IDC_MAINTB_QUARANTINE
   ; confirm
   cmp  NoActConfirm,1
   je   @F
   invoke  MessageBox,hWin, 
     reparg("Are you sure to quarantine all detected object?"), 
     ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL
   .if  eax == IDOK
    @@:
    push  0    ; <-- quarantine all object ;
    call  StartQuarantineNow
   .endif
  .elseif  eax == IDC_MAINTB_VIEWRES
   call  ViewResult
  .endif
 
;-------------------------------------- PLUGINS ----------------------------------------;
  mov  eax,[wParam]
  .if   eax >= DynPluginsMenuMin && 
    eax <= DynPluginsMenuMax
    push  eax
    call  ProcessPlugins
  .endif
 
;;-------------------------------------- HOOK CODE ----------------------------------------;
; ;.elseif  eax == WM_USER+777h
; 
;  ;invoke  ProcessThisMessage,wParam,lParam
;  ;ret
; 
;;-------------------------------------- end of hook code ----------------------------------------;
.elseif  eax==WM_SIZE
  call  RepositionMainWnd
.elseif  eax == WM_NOTIFY  ; <-- notify ;
 
  push  ebx
   mov   ebx,lParam
   mov  eax,[ebx.NMHDR].hwndFrom
   .if  eax == hMainList
    .if  [ebx.NMHDR].code == NM_RCLICK
     call  ReleaseCapture
     call  MainPopMenu
    .endif
   .endif
  pop  ebx
 
.elseif eax==WM_CLOSE   ; ------- If Close ------- ;
@close:
  ; ------- confirm if scan process running ------- ;
  .if  InScanning || InAction
   .if  InScanning
    mov  edx,reparg("Do you want to stop current scanning process?")
   .else
    mov  edx,reparg("Do you want to stop current action process?")
   .endif
   invoke  MessageBox,hWin,edx,ADDR szAppName,MB_YESNO or MB_ICONQUESTION
   
   cmp  eax,IDNO
   je   @F
  .endif
  call  MainWndCleanUp
 
  ; ------- check uncleanable object ------- ;
  .if  SomeObjectNeedReboot
   invoke  wsprintf,offset szUtilsBuff,offset szUncleanNdtrbF,SomeObjectNeedReboot
   invoke  MessageBox,hWin,offset szUtilsBuff,offset szAppName,MB_YESNO or MB_ICONQUESTION
   .if  eax==IDYES
    invoke  MessageBox,hWin,offset szPleaseSave,offset szAppName,MB_OK or MB_ICONINFORMATION
    call  DoReboot
   .endif
  .endif
 
  invoke  DestroyWindow,hWin
 
  jmp  @endl
  @@:
  mov  uMsg,0 ; <-- reset ; bug fixed
.elseif eax==WM_DESTROY  ; ------- If Destroy ------- ;
  invoke PostQuitMessage,NULL
.endif

@endl:
invoke DefWindowProc,hWin,uMsg,wParam,lParam
ret
WndProc endp
align 16
.data

.code ; ------- ENTRYPOINT ------- ;
;--------------------------------------------------------------------------------
                                                                              ;
start:          ; ------- Entry Point ------- ;|
                                                                                  ;/
                                                                                 ;/
;--------------------------------------------------------------------------------/
IFDEF  RELEASE
; ------- Initial First ------- ;
call  AnsavInitFirst
call  FillJunk

ENDIF
; ------- process command line ------- ;
call  ProcessCommandLine
 
; ------- Make sure memory is clean ------- ;
.if  !incmdl
  .if  !NoScanMem
   call  StartCheckMemoryFirst
  .endif
.endif

; ------- Make main window ------- ;
.if  !incmdl
  invoke  WinMain,hInstance,NULL,CommandLine,SW_SHOWDEFAULT
.endif
GlobalExit::
; ------- free last scanned path buffer ------- ;
call  FreeLastScannedPathBuffer
; ------- free CmdLine buffer ------- ;
mov  eax,CmdLineScan
cmp  eax,0
je   @F
  anfree  eax
@@:
; ------- free exvdb is available ------- ;
call  CloseExVdb
; ------- if stealth hook, free hook ------- ;
call  UnStealth

; ------- immune registry ------- ;
call  RegImmune

mov  ebx,FreeLibrary

; ------- unload all module ------- ;
mov  eax,hArcMod
.if  eax
  scall  ebx,eax
.endif
mov  eax,hFixerMod
.if  eax
  scall  ebx,eax
.endif

; ------- unload plugins ------- ;
call  CleanupPlugins

IFDEF  DEBUG
; ------- Log needed ------- ;
call  CloseLog
ENDIF
IFDEF  ERRORLOG
; ------- Error Log needed ------- ;
call  CloseErrorLog
ENDIF

push 0
call ExitProcess
end start
Edited by THAT1ANONYMOUSEDUDE
Link to comment
Share on other sites
Shaggi Universalist

Shaggi

Posted
Posted

Because it's a huge source written in bloody assembler and reading it require that I be some kind of human alien hybrid capable of implementing an accelerated advanced understanding and perception of cryptographic code that only machines should be dealing with.

Edit: You want to hold my eyeballs and help me understand this shit?

.586
;.MMX
.XMM
.model  flat, stdcall
option  casemap:none
; ------- Main Include ------- ;
include Ansav.inc

.code ; ------- Code Start ------- ;
Align 16
; ------- Ansav Initial ------- ;
AnsavInitFirst proc uses edi esi ebx


IFDEF  DEBUG
; ------- Init for debug ------- ;
mov  hFileLog,0
call  InitLog
ENDIF
IFDEF  ERRORLOG
mov  hFileErrorLog,0
mov  ErrorOccured,0
ENDIF
mLog "AnsavInitFirst::"

xor  eax,eax
mov  incmdl,eax
mov  NoStealth,eax
mov  HaveMMX,eax
mov  PluginsCount,eax
mov  SomeObjectNeedReboot,eax
mov  CmdLineScan,eax

; ------- Init for ansav needed value ------- ;
push  0
call  GetModuleHandle
mov  hInstance,eax
call  GetCommandLine
mov  CommandLine,eax
call  InitCommonControls

; ------- determine processor is support MMX ? ------- ;
inc   eax
cpuid
test  edx,200000h
jz   @F
  mov  HaveMMX,1
@@:

invoke  MyZeroMemory,ADDR icex,sizeof INITCOMMONCONTROLSEX
mov  [icex.dwSize],sizeof INITCOMMONCONTROLSEX ; <-- compability ;
mov  [icex.dwICC],ICC_COOL_CLASSES

mLog "Loading comctl32.dll::"

invoke  LoadLibrary,reparg("comctl32.dll")
.if  eax
  invoke  GetProcAddress,eax,reparg("InitCommonControlsEx")
  .if  eax
   mLog "[ok]"
   lea  edx,icex
   push  edx
   call  eax
IFDEF  DEBUG
  .else
   mLog "[failed]"
ENDIF
  .endif
IFDEF  DEBUG
.else
  mLog "[failed]"
ENDIF
.endif

; ------- Check for NT Window$ Version ------- ;
mLog  "Check for Windows Version"
invoke  IsNT
.if  eax
  mLog  "..Windows is NT/2K/XP"
  mov  WinVerNT,1
.else
  mLog  "..Windows not NT/2K/XP"
  mov  WinVerNT,0
.endif
; ------- Escalate privileges ------- ;
call  SetToken

; ------- keep run one instance ------- ;
call  IsAnsavRun?
.if  eax
  invoke  MessageBox,0, 
    reparg("ANSAV already running..."), 
    offset szAppName,MB_OK
  invoke  ExitProcess,0
.endif

; ------- Buffering, get MyDir, MyPath etc... ------- ;
call  GetPathPath


; ------- LOAD CONFIGURATION ------- ;
push  1
call  LoadConfig

xor  eax,eax

; ------- set null flag ------- ;
mov  pBufferVirusInfo,eax
mov  BufferVirusInfoSize,eax

; ------- init buffer for last scanned path ------- ;
mov  LastScannedPath,eax
mov  LastScannedPathSize,eax
mov  ArcReady,eax
; ------- componen ------- ;
call  LoadComponen

; ------- time for blind sucker ------- ;
call  BlindSucker

AnsavInitFirstSize equ $ - offset AnsavInitFirst

; ------- build CRC 32 table ------- ;
call  crcInit

; ------- VERTICAL LOGO ------- ;
invoke  LoadBitmap,hInstance,IMG_VLOGO
mov  hVLogoBmp,eax

; ------- decrypt vbd ------- ;
IFDEF  RELEASE
call  DecryptVDB
ENDIF
call  IsAlreadyInstalled?
mov  AlreadyInstalled,eax
.if  !eax
  .if  !TimeForBlind
   invoke  lstrcat,ADDR szAppName,reparg(" - [ PORTABLE ]")
  .endif
.endif
invoke  LoadIcon,hInstance,IDI_MAIN_ICON
mov  hMainIcon,eax

; ------- check for external database ------- ;
xor  eax,eax
mov  ExternalVdb,eax
mov  ExternalVdbSize,eax
call  LoadExVdb

call  RenewConfigFlags
; ------- check exvdb ver compare ------- ;
.if  ExternalVdb && ExternalVdbSize
  mov  esi,ExternalVdb
  movzx  eax,[esi.EXVDBINFO].wDay
  movzx  ecx,[esi.EXVDBINFO].wMonth
  movzx  edx,[esi.EXVDBINFO].wYear

  cmp  edx,dwRDYear
  ja  @F
  cmp  ecx,dwRDMonth
  ja   @F
  cmp  eax,dwRDDay
  ja   @F
   jmp  @nver
  @@:

  mov  dwRDYear,edx
  mov  dwRDMonth,ecx
  mov  dwRDDay,eax
.endif
@nver:
; ------- immune registry ------- ;
call  RegImmune

; get explorer PID, exclude from heuristic engine
invoke  FindWindow,0,reparg("Start Menu")
.if  eax
  invoke  GetWindowThreadProcessId,eax,offset ExplorerPID
.endif
; ------- load trusted database ------- ;
call  LoadTrustDatabase
call  OnLatestUpdate

; ------- check oldiest engine alias kadaluwarsa! ------- ;
call IsOldiest?

; ------- check etc host file ------- ;
call  CheckEtcHost
; ------- set antidump ------- ;
call  AntiDump
ret
AnsavInitFirst endp
Align 16
WndProc PROTO :HWND,:UINT,:WPARAM,:LPARAM
; ------- Win Main procedure ------- ;
WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD
LOCAL wc:WNDCLASSEX
LOCAL msg:MSG
mLog  "WinMain enter::"

invoke  MyZeroMemory,ADDR wc,sizeof WNDCLASSEX

mov  [wc.cbSize],sizeof WNDCLASSEX
mov  [wc.style],CS_HREDRAW or CS_VREDRAW
mov  [wc.lpfnWndProc],offset WndProc
mov  [wc.cbClsExtra],NULL
mov  [wc.cbWndExtra],DLGWINDOWEXTRA
push hInst
pop  [wc.hInstance]
mov  [wc.hbrBackground],COLOR_BTNFACE+1
mov  [wc.lpszMenuName],IDM_MAIN_MENU
mov  [wc.lpszClassName],offset szClassName
mov  eax,hMainIcon
mov  [wc.hIcon],eax
mov  [wc.hIconSm],eax
invoke LoadCursor,NULL,IDC_ARROW
mov  wc.hCursor,eax
invoke RegisterClassEx,addr wc

mErrorTrap eax,"cannot register class",@endl

mLog  "CreateDialogParam..."
invoke CreateDialogParam,hInstance,IDD_DIALOG,NULL,offset WndProc,NULL
mov  hMainWnd,eax

mErrorTrap eax,"cannot Create main window",@endl

invoke UpdateWindow,hMainWnd
invoke  SetLastError,0

invoke  MyZeroMemory,ADDR msg,sizeof MSG

invoke  Sleep,100

.while TRUE
  invoke  IsWindow,hMainWnd
  test  eax,eax
  jz   @endl

  invoke GetMessage,addr msg,NULL,0,0
   .BREAK .if !eax
  invoke TranslateMessage,addr msg
  invoke DispatchMessage,addr msg
.endw
mov  eax,[msg.wParam]
ret
@endl:
xor  eax,eax
ret
WinMain endp
align 16
; ------- Main Window Procedure ------- ;
WndProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM
LOCAL  ps,hDC,hOld,memDC:DWORD
mov  eax,uMsg
.if eax==WM_INITDIALOG   ; ------- Initial dialog ------- ;
  push hWin
  pop  hMainWnd

  .if  !TimeForBlind
   invoke  SetWindowText,hWin,ADDR szAppName
  .else
   invoke  SetWindowText,hWin,ADDR szRandomString
  .endif

  push  ebx
  push  esi

  mov  ebx,GetDlgItem
  mov  esi,hMainWnd

  scall  ebx,esi,IDC_MAIN_PB
  mov  hMainProgBar,eax
  scall  ebx,esi,IDC_EDIT_PATH
  mov  hMainEditPath,eax
  scall  ebx,esi,IDC_TXT_STATUS
  mov  hMainTxtStatus,eax
  scall  ebx,esi,IDC_TXT_CHKFILES
  mov  hTxtCheckedFiles,eax
  scall  ebx,esi,IDC_TXT_THREATDETC
  mov  hTxtDetectedThreats,eax
  scall  ebx,esi,IDC_TXT_PERCENT
  mov  hTxtMainPercent,eax

  pop  esi
  pop  ebx

  invoke  GetMenu,hWin
  mov  hMainMenu,eax

  ; ------- Build-build ------- ;
  call  BuildMainListview
  call  BuildMainTxtStatus
  call  BuildToolbar
  call  BuildMainMenuPic
  call  BuildMainPopMenu

  call  SetAllMainCtrlState
  invoke  SendMessage,hToolBar, 
    TB_ENABLEBUTTON,IDC_MAINTB_STOP,STATE_DISABLE

  ; ------- Create timer to monitor existing rem media ------- ;
  call  SetMainTimer

  ; ------- Check for existing threat in mem ------- ;
  mov  MemCheck,1
  call  CheckAndProcessBVI
  .if  eax
   invoke  SetMainTxtStatus,STATUS_DETECTED
   invoke  SetActionTbState,STATE_ENABLE
  .else
   invoke  SetMainTxtStatus,STATUS_CLEAN
   invoke  SetActionTbState,STATE_DISABLE
  .endif
  mov  MemCheck,0

  ; ------- Set status ------- ;
  StatusIdleWait
  ; make status clr show ttl
  call  SetStatusClrTtl

  .if  !NoPlugins
   call  BuildPlugins
  .endif

  ; ------- create syncro hook ------- ;

  .if  ShowLog
   call  ShowLogWindow
  .endif

  invoke  VerticalTile,hWin,IMG_VREDTILE,70

  ; ------- is already installed? ------- ;
  call  CheckInstalled

  .if  StealthMode && hStealthmMap
   mov  eax,hStealthmMap
   m2m  [eax.CEST].hMainWnd,hWin
   m2m  [eax.CEST].hWnd2,hWin
  .endif

  invoke  SetTimer,hWin,2194,2000,offset MakeUnkillable

  call  SetMenuInstallable


  ; ------- auto check update ------- ;
  mov  hAutUpdCheckThread,0
  lea  eax,AutomaticUpdateCheck
  invoke  CreateThread,0,0,eax,0,0,offset brw
  mov  hAutUpdCheckThread,eax

  call  DontHookme

  invoke  SetForegroundWindow,hWin
  invoke  SetFocus,hWin

  .if  CmdLineScan
   invoke  StartScanOnlyDir,CmdLineScan
  .endif

.elseif  eax == WM_PAINT
  invoke LocalAlloc,LPTR,sizeof PAINTSTRUCT
  mov  ps,eax

  invoke  BeginPaint,hWin,ps
  mov    hDC, eax

  invoke  CreateCompatibleDC,hDC
  mov    memDC, eax

  invoke  SelectObject,memDC,hVLogoBmp
  mov    hOld, eax

  invoke  BitBlt,hDC,1,1,80,400,memDC,0,0,SRCCOPY

  invoke  SelectObject,hDC,hOld
  invoke  DeleteDC,memDC

  invoke  EndPaint,hWin,ps
  invoke  ReleaseDC,hWin,hDC

  invoke  LocalFree,ps
.elseif  eax == WM_COMMAND  ; ------- Command Control ------- ;
  mov  eax,wParam
  and  eax,0FFFFh

  ; ------- Menu-Menu ------- ;   ; --------------------[ -= MENU =- ]
  .if eax==IDM_FILE_EXIT
   jmp  @close
  .elseif  eax == IDM_FILE_SCAN
   call  CheckAndAskIfAvailable
   .if  eax
    call  StartQuickScan  ; <-- quick scan ;
   .endif
  .elseif  eax == IDM_FILE_SCAN2
   call  StartScanSingleFile    ; <-- Scan single file ;
  .elseif  eax == IDM_FILE_SCANMULTIPLEOBJECT
   call  CheckAndAskIfAvailable   ; <-- multiple object scan ;
   .if  eax
    call  MultipleScanObject
   .endif
  .elseif  eax == IDM_FILE_SCANMEM
   call  CheckAndAskIfAvailable
   .if  eax
    call  QuickScanMem
   .endif
  .elseif  eax == IDM_FILE_SCANALLREM  ; <-- Scan all removable media ;
   call  CheckAndAskIfAvailable
   .if  eax
    call  StartScanAllRemovableMedia
   .endif
  .elseif  eax == IDM_FILE_SCANALLHARDISK  ; <-- Scan all hardisk partition ;
   call  CheckAndAskIfAvailable
   .if  eax
    call  StartScanAllHardisk
   .endif
  .elseif  eax == IDM_FILE_SCANONLYWINDIR ; <-- scan only windows directory ;
   call  CheckAndAskIfAvailable
   .if  eax
  
    invoke  StartScanOnlyDir,offset szWinDir
   .endif
  .elseif  eax == IDM_FILE_SCANSYSDIR
   call  CheckAndAskIfAvailable
   .if  eax
    invoke  StartScanOnlyDir,offset szSysDir
   .endif
  .elseif  eax == IDM_VIEW_RESULT
   call  ViewResult
  .elseif  eax == IDM_VIEW_CONSOLELOG  ; <-- Console style LOG ;
   call  ShowLogWindow
  .elseif  eax == IDM_VIEW_VDB
   invoke  DialogBoxParam,hInstance,IDD_ANVDB,hWin,ADDR AnvdbDlgProc,0
   invoke  ShowWindow,eax,SW_SHOW
  .elseif  eax == IDM_VIEW_QUARZONE ; <-- view quarantine ;
   call  ViewQuarantine
  .elseif  eax == IDM_VIEW_TRUSTZONE
   call  StartTrustZone
  .elseif  eax == IDM_ADVANCED_ASHUT ; <-- Auto shutdown after scan finished ;
   .if  !ShutdownAfterScan
    mov  ShutdownAfterScan,1
    invoke  CheckMenuItem,hMainMenu,IDM_ADVANCED_ASHUT,MF_CHECKED
   .else
    mov  ShutdownAfterScan,0
    invoke  CheckMenuItem,hMainMenu,IDM_ADVANCED_ASHUT,MF_UNCHECKED
   .endif
  .elseif  eax == IDM_VIEW_CLEARLIST
   mov  [LastScannedInfo.wStatus],STATUS_TAKEACTION
   invoke  SendMessage,hMainList,LVM_DELETEALLITEMS,0,0
   invoke  SetActionTbState,STATE_DISABLE
  .elseif  eax == IDM_ADVANCED_CONFIG
   call  StartConfigDlg
  .elseif  eax == IDM_HELP_INSTALL  ; <-- INSTALL ;
   call  InstallUninstallAnsav
  .elseif  eax==IDM_HELP_ABOUT   ; ------- About ------- ;
   push  hWin
   call  ShowAboutDialog
  .elseif  eax==IDM_HELP_README
   call  Readme
  .elseif  eax == IDM_HELP_UPDATE ; <-- UPDATE ;
   .if  AlreadyInstalled
    call  Update
   .else
    invoke  MessageBox,hWin, 
    reparg("Please install ANSAV first to use this feature"), 
    offset szAppName,MB_OK
   .endif

  .elseif  eax == IDM_HELP_SUBMITTHREAT
   invoke  ShellExecute,hWin,offset szOpen,reparg("http://ansav.com/content/view/15/34/"),0,0,SW_MAXIMIZE
  ; ------- popup menu ------- ;   ; --------------------[ -= POPUP MENU =- ]
  .elseif  eax == IDM_MPM_PROPERTIES
   call  ObjectProperties
  .elseif  eax == IDM_MPM_GOTOOBJL
   call  GotoObjectLocation
  .elseif  eax == IDM_MPM_SELECTALL
   call  SelectAllObject
  .elseif  eax == IDM_MPM_CLEAN  ; <-- clean selected object ;
   mov  ForFix,1
   push  1 ; <-- clean only selected object ;
   call  StartCleanNow
  .elseif  eax == IDM_MPM_DELETE  ; <-- delete selected object ;
   push  1 ; <-- clean only selected object ;
   call  StartCleanNow
  .elseif  eax == IDM_MPM_QUARANTINE  ; <-- quarantine selected object ;
   push  1 ; <-- quarantine only selected object ;
   call  StartQuarantineNow
  .elseif  eax == IDM_MPM_SIGNASTRUST
   call  DoSignAsTrust
  .elseif  eax == IDM_MPM_COPYTHREATN
   push  1
   call  ClipboardCopyObject ; <-- threat name ;
  .elseif  eax == IDM_MPM_COPYOBJPATH
   push  2
   call  ClipboardCopyObject ; <-- object path ;

  ; ------- Button-Button ------- ;   ; --------------------[ -= BUTTON/TOOLBAR =- ]
  .elseif  eax == IDC_MAINTB_EXIT
   jmp  @close
  .elseif  eax == IDC_MAINTB_SCAN
   call  CheckAndAskIfAvailable
   .if  eax
    mov  eax,MainScanButton
    .if  eax == 1
     call  StartQuickScan
    .elseif  eax == 2
     call  ScanSingleFile
    .elseif  eax == 3
     call  MultipleScanObject
    .else
     call  StartQuickScan
    .endif
   .endif
  .elseif  eax == IDC_MAINTB_STOP
   mov  StopScan,1
   mov  StopClean,1
  .elseif  eax == IDC_MAINTB_CLEAN
   ; confirm
   cmp  NoActConfirm,1
   je   @F
   invoke  MessageBox,hWin, 
     reparg("Are you sure to clean all detected object?"), 
     ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL
   .if  eax == IDOK
    @@:
    mov  ForFix,1
    push  0    ; <-- clean all object in list and try to clean first;
    call  StartCleanNow
   .endif
  .elseif  eax == IDC_MAINTB_DELETE
   ; confirm
   cmp  NoActConfirm,1
   je   @F
   invoke  MessageBox,hWin, 
     reparg("Are you sure to delete all detected object?"), 
     ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL
   .if  eax == IDOK
    @@:
    push  0    ; <-- delete all object ;
    call  StartCleanNow
   .endif
  .elseif  eax == IDC_MAINTB_QUARANTINE
   ; confirm
   cmp  NoActConfirm,1
   je   @F
   invoke  MessageBox,hWin, 
     reparg("Are you sure to quarantine all detected object?"), 
     ADDR szAppName,MB_ICONQUESTION or MB_OKCANCEL
   .if  eax == IDOK
    @@:
    push  0    ; <-- quarantine all object ;
    call  StartQuarantineNow
   .endif
  .elseif  eax == IDC_MAINTB_VIEWRES
   call  ViewResult
  .endif

;-------------------------------------- PLUGINS ----------------------------------------;
  mov  eax,[wParam]
  .if   eax >= DynPluginsMenuMin && 
    eax <= DynPluginsMenuMax
    push  eax
    call  ProcessPlugins
  .endif

;;-------------------------------------- HOOK CODE ----------------------------------------;
; ;.elseif  eax == WM_USER+777h
;
;  ;invoke  ProcessThisMessage,wParam,lParam
;  ;ret
;
;;-------------------------------------- end of hook code ----------------------------------------;
.elseif  eax==WM_SIZE
  call  RepositionMainWnd
.elseif  eax == WM_NOTIFY  ; <-- notify ;

  push  ebx
   mov   ebx,lParam
   mov  eax,[ebx.NMHDR].hwndFrom
   .if  eax == hMainList
    .if  [ebx.NMHDR].code == NM_RCLICK
     call  ReleaseCapture
     call  MainPopMenu
    .endif
   .endif
  pop  ebx

.elseif eax==WM_CLOSE   ; ------- If Close ------- ;
@close:
  ; ------- confirm if scan process running ------- ;
  .if  InScanning || InAction
   .if  InScanning
    mov  edx,reparg("Do you want to stop current scanning process?")
   .else
    mov  edx,reparg("Do you want to stop current action process?")
   .endif
   invoke  MessageBox,hWin,edx,ADDR szAppName,MB_YESNO or MB_ICONQUESTION
  
   cmp  eax,IDNO
   je   @F
  .endif
  call  MainWndCleanUp

  ; ------- check uncleanable object ------- ;
  .if  SomeObjectNeedReboot
   invoke  wsprintf,offset szUtilsBuff,offset szUncleanNdtrbF,SomeObjectNeedReboot
   invoke  MessageBox,hWin,offset szUtilsBuff,offset szAppName,MB_YESNO or MB_ICONQUESTION
   .if  eax==IDYES
    invoke  MessageBox,hWin,offset szPleaseSave,offset szAppName,MB_OK or MB_ICONINFORMATION
    call  DoReboot
   .endif
  .endif

  invoke  DestroyWindow,hWin

  jmp  @endl
  @@:
  mov  uMsg,0 ; <-- reset ; bug fixed
.elseif eax==WM_DESTROY  ; ------- If Destroy ------- ;
  invoke PostQuitMessage,NULL
.endif

@endl:
invoke DefWindowProc,hWin,uMsg,wParam,lParam
ret
WndProc endp
align 16
.data

.code ; ------- ENTRYPOINT ------- ;
;--------------------------------------------------------------------------------
                                                                              ;
start:          ; ------- Entry Point ------- ;|
                                                                                  ;/
                                                                                 ;/
;--------------------------------------------------------------------------------/
IFDEF  RELEASE
; ------- Initial First ------- ;
call  AnsavInitFirst
call  FillJunk

ENDIF
; ------- process command line ------- ;
call  ProcessCommandLine

; ------- Make sure memory is clean ------- ;
.if  !incmdl
  .if  !NoScanMem
   call  StartCheckMemoryFirst
  .endif
.endif

; ------- Make main window ------- ;
.if  !incmdl
  invoke  WinMain,hInstance,NULL,CommandLine,SW_SHOWDEFAULT
.endif
GlobalExit::
; ------- free last scanned path buffer ------- ;
call  FreeLastScannedPathBuffer
; ------- free CmdLine buffer ------- ;
mov  eax,CmdLineScan
cmp  eax,0
je   @F
  anfree  eax
@@:
; ------- free exvdb is available ------- ;
call  CloseExVdb
; ------- if stealth hook, free hook ------- ;
call  UnStealth

; ------- immune registry ------- ;
call  RegImmune

mov  ebx,FreeLibrary

; ------- unload all module ------- ;
mov  eax,hArcMod
.if  eax
  scall  ebx,eax
.endif
mov  eax,hFixerMod
.if  eax
  scall  ebx,eax
.endif

; ------- unload plugins ------- ;
call  CleanupPlugins

IFDEF  DEBUG
; ------- Log needed ------- ;
call  CloseLog
ENDIF
IFDEF  ERRORLOG
; ------- Error Log needed ------- ;
call  CloseErrorLog
ENDIF

push 0
call ExitProcess
end start

10 minutes of reading reveals nothing malicious in that source. its just a gui source file, that inits the gui and has a message loop. it spawns a thread on some autoupdate stuff and the only potentially dangerous are the calls to anything outside that file, that is Scan***file etc. rather have a look in Ansav.inc

If you downloaded it from some random site, its possible that someone infected it.

Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG

Link to comment
Share on other sites
Skitty Universalist

Skitty

Posted
  • Author
Posted

That's nothing. Where's the rest? The heart.

You're a scary individual, I guess we know who the alien hybrids are around here, I got the source from here, what ever you do, DO NOT run the precompiled binary as it literally deleted every file on my hdd that wasn't locked at a ferocious velocity.

Link to comment
Share on other sites
BrewManNH Universalist

BrewManNH

Posted
Posted

So, you downloaded a program, that you yourself stated you don't know what it does because you couldn't be bothered to read the source code. Then you ran it on your main computer rather than in a sandbox or virtual machine. Then it deleted everything on your computer that wasn't locked when you ran this unknown program. And you're mad at someone else because you were too lazy/stupid/disinterested to figure out what it would do, and were too stupid to run it in a sandbox/virtual machine, am I getting this right?

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...