1427 lines
22 KiB
NASM
Raw Normal View History

format PE GUI 4.0
section '.text' code readable executable
entry start
start:
xor ebx, ebx
push ofn
call [GetOpenFileNameA]
test eax, eax
jnz @f
push ebx
call [ExitProcess]
@@:
call [GetVersion]
test eax, eax
sets [b9x]
js install_9x
mov [img_name+2], bl
push ebx
push ebx
push 3
push ebx
push 3
push 80000000h
push dn
call [CreateFileA]
inc eax
jnz @f
norights:
push 10h
push ebx
push norightsmsg
mbx:
push ebx
call [MessageBoxA]
push ebx
call [ExitProcess]
@@:
lea esi, [eax-1]
push ebx
push tmp
push 12
push sdn
push ebx
push ebx
push 0x2D1080
push esi
call [DeviceIoControl]
test eax, eax
jnz @f
cnr:
push esi
call [CloseHandle]
jmp norights
@@:
push ebx
push tmp
push 20h
push pi
push ebx
push ebx
push 0x74004
push esi
call [DeviceIoControl]
test eax, eax
jz cnr
push esi
call [CloseHandle]
cmp [sdn], 7
jz @f
push 10h
push 0
push nohd
jmp mbx
@@:
mov al, byte [sdn+4]
or al, 80h
mov [mtldr_code+7], al
mov eax, [pi]
mov edx, [pi+4]
shrd eax, edx, 9
shr edx, 9
jz @f
m1e: push 10h
push ebx
push m1
jmp mbx
@@:
install_cmn:
mov [mtldr_code+8], eax
mov esi, img_name
mov edi, img_real_name
mov byte [esi+2], '\'
push 256
push edi
push esi
call [GetShortPathNameA]
cmp eax, 256
jb @f
push 10h
push ebx
push ptl
jmp mbx
@@:
test eax, eax
jnz @f
push esi edi
mov ecx, 256/4
rep movsd
pop edi esi
@@:
cmp byte [edi], 0
jz lcd
cmp byte [edi], 'A'
jb lcc
cmp byte [edi], 'Z'
ja lcc
add byte [edi], 20h
lcc:
inc edi
jmp @b
lcd:
mov esi, img_real_name
cmp [b9x], 0
jnz @f
cmp byte [esi], 'c'
jnz notc
@@:
push 256/4
pop ecx
lea edi, [esi+ecx*4]
rep movsd
mov edi, esi
xor eax, eax
or ecx, -1
repnz scasb
dec edi
std
mov al, '\'
repnz scasb
cld
inc edi
inc edi
mov eax, 'mtld'
stosd
mov al, 'r'
stosb
jmp cmn
notc:
mov dword [mtldr_name], 'C:\m'
mov dword [mtldr_name+4], 'tldr'
mov edi, mtldr_name+8
cmn:
and word [edi], 0
mf:
push mtldr_name
call [GetFileAttributesA]
inc eax
jnz @f
call [GetLastError]
cmp eax, 2
jz fo
@@:
cmp byte [edi], 0
jnz @f
mov byte [edi], '0'
jmp mf
@@:
cmp byte [edi], '9'
jae @f
mfi:
inc byte [edi]
jmp mf
@@:
ja @f
mov byte [edi], 'A'
jmp mf
@@:
cmp byte [edi], 'Z'
jb mfi
nomx: push 10h
push ebx
push nom
jmp mbx
fo:
cmp [b9x], 0
jnz install_9x_2
call write_mtldr1
push ecx
call [GetVersion]
pop ecx
cmp al, 6
jae install_vista
mov al, 2
mov edi, tmp_data
neg ecx
add ecx, 2000h - mtldr_code_size
push ebx
push tmp
push ecx
push edi
push esi
rep stosb
call [WriteFile]
push esi
call [CloseHandle]
push bootini
mov edi, systitle+1
mov esi, ostitle
mov byte [edi-1], '"'
@@:
lodsb
test al, al
jz @f
stosb
jmp @b
@@:
mov word [edi], '"'
push bootini
call [GetFileAttributesA]
push eax
and al, not 1
push eax
push bootini
call [SetFileAttributesA]
push bootini
push systitle
push mtldr_name
push mtldr_name
push mtldr_name
call [CharToOemA]
push osstr
call [WritePrivateProfileStringA]
xchg eax, [esp]
push eax
push bootini
call [SetFileAttributesA]
pop eax
test eax, eax
jnz suci
; failed, delete written mtldr
call delete_mtldr
push 10h
push ebx
push insterr
jmp mbx
suci:
push 40h
push suct
push succ
jmp mbx
install_9x:
mov al, [img_name]
or al, 20h
sub al, 'a'-1
mov byte [regs], al
push ebx
push ebx
push 3
push ebx
push 3
push 80000000h
push vwin32
call [CreateFileA]
inc eax
jz norights
dec eax
xchg eax, esi
push ebx
push tmp
push 28
push regs
push 28
push regs
push 1
push esi
call [DeviceIoControl]
push eax
push esi
call [CloseHandle]
pop eax
test eax, eax
@@: jz norights
mov al, [diskinfobuf+3]
cmp al, 0xFF
jz @b
cmp al, 80h
jb norights
mov [mtldr_code+7], al
cmp dword [diskinfobuf+12], 0
jnz m1e
mov eax, [diskinfobuf+8]
jmp install_cmn
install_9x_2:
push ebx
push ebx
push 3
push ebx
push 1
push 80000000h
push config
call [CreateFileA]
inc eax
jnz @f
ie2:
push 10h
push ebx
push insterr2
jmp mbx
@@:
dec eax
xchg eax, esi
push ebx
push esi
call [GetFileSize]
inc eax
jz ie2
dec eax
xchg eax, ebp
push 4
push 1000h
push ebp
push ebx
call [VirtualAlloc]
xchg eax, edi
test edi, edi
jz ie2
push ebx
push tmp
push ebp
push edi
push esi
call [ReadFile]
push esi
call [CloseHandle]
push ebx
push 80h
push 2
push ebx
push ebx
push 40000000h
push config
call [CreateFileA]
inc eax
jz ie2
dec eax
xchg eax, esi
mov eax, dword [edi]
or eax, 0x20202000
cmp eax, '[men'
jz menu
push ostitle
call [lstrlenA]
cmp eax, 17
ja bt1
push esi edi
mov esi, ostitle
mov edi, mtldr_code+23Ah
mov ecx, eax
rep movsb
mov dword [edi], '? [y'
mov dword [edi+4], '/n]:'
mov word [edi+8], ' '
pop edi esi
jmp ct1
bt1:
push img_real_name+3
call [lstrlenA]
add eax, mtldr_code_size+1+100h
mov word [mtldr_code+0x19], ax
ct1:
push ebx
push tmp
push 8
push install
push esi
call [WriteFile]
cfgd:
mov eax, mtldr_name
push eax
push eax
push eax
call [CharToOemA]
call [lstrlenA]
push ebx
push tmp
push eax
push mtldr_name
push esi
call [WriteFile]
push ebx
push tmp
push 2
push newline
push esi
call [WriteFile]
push ebx
push tmp
push ebp
push edi
push esi
call [WriteFile]
push esi
call [CloseHandle]
call write_mtldr1
push ostitle
call [lstrlenA]
cmp eax, 11
jbe @f
push ebx
push tmp
push ld2sz
push ld2
push esi
push ebx
push tmp
push eax
push ostitle
push esi
push ebx
push tmp
push ld1sz
push ld1
push esi
call [WriteFile]
call [WriteFile]
call [WriteFile]
@@:
push esi
call [CloseHandle]
jmp suci
menu:
push edi
or ecx, -1
mes:
mov al, 0xA
repnz scasb
cmp byte [edi], '['
jz med
cmp dword [edi], 'menu'
jnz mes
cmp dword [edi+4], 'item'
jnz mes
cmp byte [edi+8], '='
jnz mes
mov eax, [edi+9]
or eax, ' '
cmp eax, 'koli'
jnz mes
mov eax, [edi+13]
and eax, 0xFFFFFF
or eax, ' '
cmp eax, 'bri'
jnz mes
movzx eax, byte [edi+16]
or al, 0x20
mov [menuitems+eax], 1
jmp mes
med:
cmp word [edi-4], 0x0A0D
jnz @f
dec edi
dec edi
jmp med
@@:
sub edi, [esp]
push ebx
push tmp
push edi
push dword [esp+12]
push esi
call [WriteFile]
add [esp], edi
sub ebp, edi
mov ecx, 7
cmp [menuitems+0x20], 0
jnz @f
cmp [menuitems+','], 0
jz mef
@@:
mov eax, '0'
mel1:
cmp [menuitems+eax], 0
jz med1
inc eax
cmp al, '9'+1
jb mel1
jnz @f
mov al, 'a'
jmp mel1
@@:
cmp al, 'z'
jbe mel1
push ebx
push tmp
push ebp
push dword [esp+12]
push esi
call [WriteFile]
push esi
call [CloseHandle]
jmp nomx
med1:
mov [menuitem+7], al
mov ecx, 8
mef:
push ebx
push tmp
push ecx
push menuitem
push esi
push ebx
push tmp
push ecx
push menuitem
push esi
push ebx
push tmp
push 9
push mis
push esi
call [WriteFile]
call [WriteFile]
push ebx
push tmp
push title9xsz
push title9x
push esi
call [WriteFile]
push ebx
push tmp
push ostitle
call [lstrlenA]
push eax
push ostitle
push esi
call [WriteFile]
push ebx
push tmp
push title9x2sz
push title9x2
push esi
call [WriteFile]
call [WriteFile]
push ebx
push tmp
push 11
push sec9x2
push esi
call [WriteFile]
mov byte [mtldr_code+1], 37h
pop edi
jmp cfgd
install_vista:
push esi
call [CloseHandle]
mov edi, sbn
call adjust_privilege
mov edi, srn
call adjust_privilege
push ebx
push ebx
call [CoInitializeEx]
test eax, eax
js we
push ebx
push ebx
push ebx
push 3
push ebx
push ebx
push ebx
push -1
push ebx
call [CoInitializeSecurity]
test eax, eax
jns @f
we2:
call [CoUninitialize]
we:
call delete_mtldr
push 10h
push ebx
push wmierr
jmp mbx
@@:
push ebx
push esp
push IID_IWbemLocator
push 1
push ebx
push CLSID_WbemLocator
call [CoCreateInstance]
pop edi
test eax, eax
js we2
push ebx
push esp
push ebx
push ebx
push ebx
push ebx
push ebx
push ebx
push ns
push edi
mov esi, [edi]
call dword [esi+12]
push eax
push edi
call dword [esi+8]
pop eax
pop edi
test eax, eax
js we2
push ebx
push ebx
push 3
push 3
push ebx
push ebx
push 10
push edi
call [CoSetProxyBlanket]
test eax, eax
jns @f
we3:
mov eax, [edi]
push edi
call dword [eax+8]
jmp we2
@@:
xor esi, esi
push osp
push osn
push bs
call call_method
test eax, eax
js we3
mov esi, guid
mov ebp, menuitems
push esi
call [CoCreateGuid]
push 2000h/2
push ebp
push esi
call [StringFromGUID2]
mov esi, [varout+8]
push con
push bs
call call_method
jns @f
wecei:
mov ebp, coerr
wece:
mov eax, [esi]
push esi
call dword [eax+8]
mov eax, [edi]
push edi
call dword [eax+8]
call [CoUninitialize]
call delete_mtldr
push 10h
push ebx
push ebp
jmp mbx
@@:
pop eax
push esi
push eax
mov ebp, tmp_data
mov dword [vartmpstr+8], ebp
mov dword [vari32+8], 0x12000004
push 2000h/2
push ebp
push -1
push ostitle
push ebx
push ebx
call [MultiByteToWideChar]
mov esi, [varout+8]
push ssen
push bo
call call_method
mov ebp, setproperr
js wece2
sub dword [esp], 24
mov byte [vari32+8], 2
push 2000h/2
push tmp_data
push -1
push mtldr_name+2
push ebx
push ebx
call [MultiByteToWideChar]
push ssen
push bo
call call_method
js wece2
mov dword [vari32+8], 0x11000001
mov ecx, tmp_data
mov dword [ecx], '\' + ('?' shl 16)
mov dword [ecx+4], '?' + ('\' shl 16)
xor eax, eax
mov dword [ecx+12], eax
mov al, [mtldr_name+1]
shl eax, 16
mov al, [mtldr_name]
mov dword [ecx+8], eax
push spden
push bo
call call_method
js wece2
mov eax, [esi]
push esi
call dword [eax+8]
pop eax
pop esi
push eax
push oon
push bs
call call_method
mov ebp, orerr
js wece3
pop eax
push esi
push eax
mov esi, [varout+8]
mov dword [vari32+8], 0x24000001
push gen
push bo
call call_method
js wece2
push esi
mov esi, [varout+8]
push ebx
push ebx
push varout
push ebx
push idsn
mov eax, [esi]
push esi
call dword [eax+16]
push eax
mov eax, [esi]
push esi
call dword [eax+8]
pop eax
pop esi
test eax, eax
js wece2
push esi
cmp word [varout], 2008h
jnz wece4
mov esi, [varout+8]
cmp word [esi], 1
jnz wece4
push dword [esi+20]
mov eax, [esi+16]
inc eax
push eax
push esp
push esi
call [SafeArrayRedim]
pop ecx
pop ecx
test eax, eax
js wece4
push menuitems
call [SysAllocString]
test eax, eax
jz wece4
push eax
mov ecx, [esi+16]
add ecx, [esi+20]
dec ecx
push ecx
mov ecx, esp
push eax
push ecx
push esi
call [SafeArrayPutElement]
pop ecx
call [SysFreeString]
pop esi
push solen
push bo
call call_method
js wece2
push varout
call [VariantClear]
mov eax, [esi]
push esi
call dword [eax+8]
pop eax
pop esi
mov eax, [esi]
push esi
call dword [eax+8]
mov eax, [edi]
push edi
call dword [eax+8]
call [CoUninitialize]
jmp suci
wece4:
pop esi
wece2:
mov eax, [esi]
push esi
call dword [eax+8]
pop eax
pop esi
push eax
wece3:
mov dword [vartmpstr+8], menuitems
pop eax
push dop
push don
push bs
call call_method
pop eax
jmp wece
write_mtldr1:
push ebx
push 80h
push 2
push ebx
push ebx
push 40000000h
push mtldr_name
call [CreateFileA]
inc eax
jnz @f
push 10h
push ebx
push noc
jmp mbx
@@:
dec eax
xchg eax, esi
push ebx
push tmp
push mtldr_code_size
push mtldr_code
push esi
call [WriteFile]
push img_real_name
push img_real_name
call [CharToOemA]
mov edi, img_real_name+3
push edi
call [lstrlenA]
inc eax
push eax
push ebx
push tmp
push eax
push edi
push esi
call [WriteFile]
pop ecx
ret
delete_mtldr:
push mtldr_name
push mtldr_name
push mtldr_name
call [OemToCharA]
call [DeleteFileA]
ret
adjust_privilege:
cmp [advapi32], 0
jnz @f
push advapi32_name
call [LoadLibraryA]
mov [advapi32], eax
mov esi, eax
test esi, esi
jz ape
push opts
push esi
call [GetProcAddress]
mov [OpenProcessToken], eax
test eax, eax
jz ape
push lpvs
push esi
call [GetProcAddress]
mov [LookupPrivilegeValueA], eax
test eax, eax
jz ape
push atps
push esi
call [GetProcAddress]
mov [AdjustTokenPrivileges], eax
test eax, eax
jz ape
@@:
push ebx
push esp
push 28h
call [GetCurrentProcess]
push eax
call [OpenProcessToken]
test eax, eax
pop esi
jz ape
push 2
push ebx
push ebx
mov eax, esp
push 1
push eax
push edi
push ebx
call [LookupPrivilegeValueA]
test eax, eax
jz ape2
mov eax, esp
push ebx
push ebx
push ebx
push eax
push ebx
push esi
call [AdjustTokenPrivileges]
test eax, eax
jz ape2
add esp, 10h
push esi
call [CloseHandle]
ret
ape2:
add esp, 10h
push esi
call [CloseHandle]
ape:
push 10h
push ebx
push apf
jmp mbx
call_method:
push ebx
mov eax, esp
push ebx
push eax
push ebx
push ebx
push dword [eax+8]
mov eax, [edi]
push edi
call dword [eax+24]
xchg edi, [esp]
test eax, eax
js r
push ebx
mov eax, esp
push ebx
push eax
push ebx
push dword [eax+16]
mov eax, [edi]
push edi
call dword [eax+76]
push eax
mov eax, [edi]
push edi
call dword [eax+8]
pop eax
pop edi
test eax, eax
js r
push ebx
push esp
push ebx
mov eax, [edi]
push edi
call dword [eax+60]
push eax
mov eax, [edi]
push edi
call dword [eax+8]
pop eax
pop edi
test eax, eax
js r
cml1:
mov eax, [esp+16]
add dword [esp+16], 8
cmp dword [eax], 0
jz cme1
push ebx
push dword [eax+4]
push ebx
push dword [eax]
mov eax, [edi]
push edi
call dword [eax+20]
test eax, eax
js r2
jmp cml1
cme1:
and dword [varout], 0
mov ecx, [esp+8]
test esi, esi
jz cms
push ebx
push ebx
push varout
push ebx
push rpn
mov eax, [esi]
push esi
call dword [eax+16]
test eax, eax
js r2
cmp word [varout], 8
jnz r2
mov ecx, [varout+8]
cms:
pop edx
push edx
push ebx
mov eax, esp
push ebx
push eax
push edi
push ebx
push ebx
push dword [eax+16]
push ecx
mov eax, [edx]
push edx
call dword [eax+96]
push eax
mov eax, [edi]
push edi
call dword [eax+8]
push varout
call [VariantClear]
pop eax
pop edi
test eax, eax
js r
push ebx
push ebx
push varout
push ebx
push retvaln
mov eax, [edi]
push edi
call dword [eax+16]
test eax, eax
js r2
mov eax, 80000000h
cmp word [varout], 11
jnz r2
cmp word [varout+8], 0
jz r2
mov eax, [esp+16]
mov eax, [eax-4]
test eax, eax
jz r2
push ebx
push ebx
push varout
push ebx
push eax
mov eax, [edi]
push edi
call dword [eax+16]
test eax, eax
js r2
cmp word [varout], 13
setnz al
shl eax, 31
r2:
push eax
mov eax, [edi]
push edi
call dword [eax+8]
pop eax
r:
pop edi
test eax, eax
ret 8
ofn_hook:
cmp dword [esp+8], 2
jnz @f
push 260
push ostitle
push 23
push dword [esp+12+4]
call [GetDlgItemTextA]
@@:
xor eax, eax
ret 10h
section '.data' data readable writable
data resource from 'rsrc.res'
end data
align 4
ofn:
dd 76
dd 0
dd ofn_title_template
dd filter
dd 0
dd 0
dd 0
dd img_name
dd 100h
dd 0
dd 0
dd 0
dd ofn_title
dd 818A4h
dd 0
dd aImg
dd 0
dd ofn_hook
dd 0
ofn_title_template:
dw 1,-1
dd 0
dd 0
dd 56000444h
dw 2
dw 0,0,275,28
dw 0,0,0
dw 8
dd 0
du 'MS Sans Serif',0
align 4
dd 0
dd 0
dd 50010000h
dw 5,12,45,9
dw -1
dw 0
dw -1,82h
du 'Title:',0
dw 0
align 4
dd 0
dd 204h
dd 50010080h
dw 54,10,218,12
dw 23
dw 0
dw -1,81h
du 'KolibriOS',0
dw 0
filter db 'Image files (*.img)',0,'*.img',0,'All files',0,'*.*',0,0
ofn_title db 'Select KolibriOS image file',0
aImg db 'img',0
norightsmsg db 'Cannot query drive info.',10
db 'Probably it is invalid drive or you are not administrator',0
nohd db 'Image must be on hard disk!',0
m1 db 'Please mail to diamondz@land.ru',0
nom db "Too many mtldr's found!",0
noc db 'Cannot create mtldr file!',0
osstr db 'operating systems',0
bootini db 'c:\boot.ini',0
insterr db 'Cannot write to boot.ini. Probably you are not administrator.',0
insterr2 db 'Cannot open config.sys',0
ptl db 'Path is too long',0
succ db 'Installation successful!',0
suct db 'Success',0
vwin32 db '\\.\vwin32',0
config db 'C:\config.sys',0
sec9x2 db ']',13,10
install db 'install='
newline db 13,10
menuitem db 'kolibri',0
mis db 'menuitem='
title9x db ',Load '
title9xsz = $ - title9x
title9x2 db 13,10,13,10,'['
title9x2sz = $ - title9x2
ld1 db 'Load '
ld1sz = $ - ld1
ld2 db '? [y/n]: ',0
ld2sz = $ - ld2
apf db 'Cannot adjust backup and restore privileges',0
opts db 'OpenProcessToken',0
lpvs db 'LookupPrivilegeValueA',0
atps db 'AdjustTokenPrivileges',0
sbn db 'SeBackupPrivilege',0
srn db 'SeRestorePrivilege',0
wmierr db 'BCD WMI API: initialization error',0
coerr db 'Cannot create BCD object for KolibriOS loader',0
setproperr db 'Cannot create BCD element in object for KolibriOS loader',0
orerr db 'Cannot add KolibriOS loader in BCD display list',0
ns du 'root\wmi',0
retvaln du 'ReturnValue'
emptystr du 0
rpn du '__Relpath',0
bs du 'BcdStore',0
bo du 'BcdObject',0
osn du 'OpenStore',0
con du 'CreateObject',0
don du 'DeleteObject',0
oon du 'OpenObject',0
ssen du 'SetStringElement',0
spden du 'SetPartitionDeviceElement',0
gen du 'GetElement',0
solen du 'SetObjectListElement',0
fn du 'File',0
storen du 'Store',0
idn du 'Id',0
idsn du 'Ids',0
tn du 'Type',0
obn du 'Object',0
sn du 'String',0
dtn du 'DeviceType',0
aon du 'AdditionalOptions',0
pn du 'Path',0
en du 'Element',0
bg du '{9dea862c-5cdd-4e70-acc1-f32b344d4795}',0
align 4
advapi32 dd 0
regs:
dd 0
dd diskinfobuf
dd 86Fh
dd 440Dh
dd 0
dd 0
dd 1
diskinfobuf:
db 10h,0,0,0FFh
times 0Ch db 0
IID_IWbemLocator:
dd 0DC12A687h
dw 737Fh
dw 11CFh
db 88h, 4Dh, 00h, 0AAh, 00h, 4Bh, 2Eh, 24h
CLSID_WbemLocator:
dd 4590F811h
dw 1D3Ah
dw 11D0h
db 89h, 1Fh, 00h, 0AAh, 00h, 4Bh, 2Eh, 24h
IID_IWbemClassObject:
dd 0DC12A681h
dw 737Fh
dw 11CFh
db 88h, 4Dh, 00h, 0AAh, 00h, 4Bh, 2Eh, 24h
varemptystr:
dd 8, 0, emptystr, 0
vartmpstr:
dd 8, 0, menuitems, 0
varbootmgr:
dd 8, 0, bg, 0
vari32:
dd 3, 0, 10400008h, 0
vari32_pd:
dd 3, 0, 2, 0
osp:
dd fn, varemptystr
dd 0, storen
dd idn, vartmpstr
dd tn, vari32
dd 0, obn
dd tn, vari32
dd sn, vartmpstr
dd 0, 0
dd tn, vari32
dd dtn, vari32_pd
dd aon, varemptystr
dd pn, vartmpstr
dd 0, 0
dd idn, varbootmgr
dd 0, obn
dd tn, vari32
dd 0, en
dd tn, vari32
dd idsn, varout
dd 0, 0
dop:
dd idn, vartmpstr
dd 0, 0
data import
macro thunk a
{a#_thunk:dw 0
db `a,0}
dd 0,0,0, rva kernel32_name, rva kernel32_thunks
dd 0,0,0, rva user32_name, rva user32_thunks
dd 0,0,0, rva comdlg32_name, rva comdlg32_thunks
dd 0,0,0, rva ole32_name, rva ole32_thunks
dd 0,0,0, rva oleaut32_name, rva oleaut32_thunks
dd 0,0,0,0,0
kernel32_name db 'kernel32.dll',0
user32_name db 'user32.dll',0
advapi32_name db 'advapi32.dll',0
comdlg32_name db 'comdlg32.dll',0
ole32_name db 'ole32.dll',0
oleaut32_name db 'oleaut32.dll',0
kernel32_thunks:
GetVersion dd rva GetVersion_thunk
CreateFileA dd rva CreateFileA_thunk
DeviceIoControl dd rva DeviceIoControl_thunk
CloseHandle dd rva CloseHandle_thunk
GetFileAttributesA dd rva GetFileAttributesA_thunk
SetFileAttributesA dd rva SetFileAttributesA_thunk
GetLastError dd rva GetLastError_thunk
ReadFile dd rva ReadFile_thunk
WriteFile dd rva WriteFile_thunk
ExitProcess dd rva ExitProcess_thunk
WritePrivateProfileStringA dd rva WritePrivateProfileStringA_thunk
GetShortPathNameA dd rva GetShortPathNameA_thunk
lstrlenA dd rva lstrlenA_thunk
VirtualAlloc dd rva VirtualAlloc_thunk
GetFileSize dd rva GetFileSize_thunk
DeleteFileA dd rva DeleteFileA_thunk
MultiByteToWideChar dd rva MultiByteToWideChar_thunk
GetCurrentProcess dd rva GetCurrentProcess_thunk
LoadLibraryA dd rva LoadLibraryA_thunk
GetProcAddress dd rva GetProcAddress_thunk
dw 0
thunk GetVersion
thunk CreateFileA
thunk DeviceIoControl
thunk CloseHandle
thunk GetFileAttributesA
thunk SetFileAttributesA
thunk GetLastError
thunk ReadFile
thunk WriteFile
thunk ExitProcess
thunk WritePrivateProfileStringA
thunk GetShortPathNameA
thunk lstrlenA
thunk VirtualAlloc
thunk GetFileSize
thunk DeleteFileA
thunk MultiByteToWideChar
thunk GetCurrentProcess
thunk LoadLibraryA
thunk GetProcAddress
user32_thunks:
MessageBoxA dd rva MessageBoxA_thunk
CharToOemA dd rva CharToOemA_thunk
OemToCharA dd rva OemToCharA_thunk
GetDlgItemTextA dd rva GetDlgItemTextA_thunk
dw 0
thunk MessageBoxA
thunk CharToOemA
thunk OemToCharA
thunk GetDlgItemTextA
comdlg32_thunks:
GetOpenFileNameA dd rva GetOpenFileNameA_thunk
dw 0
thunk GetOpenFileNameA
ole32_thunks:
CoInitializeEx dd rva CoInitializeEx_thunk
CoUninitialize dd rva CoUninitialize_thunk
CoInitializeSecurity dd rva CoInitializeSecurity_thunk
CoCreateInstance dd rva CoCreateInstance_thunk
CoSetProxyBlanket dd rva CoSetProxyBlanket_thunk
CoCreateGuid dd rva CoCreateGuid_thunk
StringFromGUID2 dd rva StringFromGUID2_thunk
dw 0
thunk CoInitializeEx
thunk CoUninitialize
thunk CoInitializeSecurity
thunk CoCreateInstance
thunk CoSetProxyBlanket
thunk CoCreateGuid
thunk StringFromGUID2
oleaut32_thunks:
VariantClear dd rva VariantClear_thunk
SafeArrayRedim dd rva SafeArrayRedim_thunk
SafeArrayPutElement dd rva SafeArrayPutElement_thunk
SysAllocString dd rva SysAllocString_thunk
SysFreeString dd rva SysFreeString_thunk
dw 0
thunk VariantClear
thunk SafeArrayRedim
thunk SafeArrayPutElement
thunk SysAllocString
thunk SysFreeString
end data
mtldr_code:
file 'mtldr_for_installer'
mtldr_code_size = $ - mtldr_code
dn db '\\.\'
img_name rb 256
img_real_name rb 256
mtldr_name rb 256
tmp_data rb 2000h
ostitle rb 260
systitle rb 262
align 4
OpenProcessToken dd ?
LookupPrivilegeValueA dd ?
AdjustTokenPrivileges dd ?
tmp dd ?
sdn rd 3
pi rd 8
varout rd 4
guid rd 4
b9x db ?
menuitems rb 100h