[]

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
											xTG
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 

   RANG32, FAKA, xTG (rang32.asm, faka.asm, xtg.inc, xtg.asm, logic.asm).  
      ,    . 
     test.asm (+ test.bat). 
, ,  =)
,  ,  ,     ,    . 
																		
																m1x
																pr0mix@mail.ru
																EOF
																		
																  ... 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
											xTG
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx





								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx

								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
	




xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
											RANG32
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

=========================================================================================================
I. 
RANG32
RAndom Numbers Generator
 ()  ()
rang32.asm
=========================================================================================================
:
(stdcall) DWORD RANG32(DWORD n);	
n - .  RANG32    ()   [0..n - 1].
=========================================================================================================
:
[+]   (  ); 
[+] ;
[+]   ; 
[+]     -   ;    ;
[+]   WinApi';	
[+]  ;     ; 
=========================================================================================================
:

1. :
	rang32.obj/rang32.asm
	
2.  ( stdcall):
	push	05					;   
	call	RANG32				;  ->  EAX      [0..5-1]
=========================================================================================================	
:

v1.0.2 
=========================================================================================================
:

[v1.0.2]	:
				 .    .
			
[v1.0.0]	:
				 -  !
=========================================================================================================                                                                                                       

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
											RANG32
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx





								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx

								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								
								
								
								
											
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
											xTG
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

=========================================================================================================
II. 
xTG
eXperimental/eXtended/eXecutable Trash Generator
//   /
xtg.inc, xtg.asm, logic.asm	
=========================================================================================================
:
stdcall: DWORD xTG(DWORD xparam);
xparam -  ()  XTG_TRASH_GEN.    :
	1.   ;
	2.     XTG_TRASH_GEN; 
	3. EAX =     //etc. 
=========================================================================================================
:
[+]    XTG_TRASH_GEN (   )     
	  ,     -    ,    ;
[+]   (XTG_TRASH_GEN etc)  -  (    ..),  
	     4 (x86);
[+]      (  ),        
	 (xtg.asm) (  !); 
[+]     : xtg.inc, xtg.asm, logic.asm. xtg.inc - .     
	  ,  etc,     . xtg.asm -   
	 xTG. logic.asm -   ;
[+] xTG        (,  etc).   
	  ,     ()- () (): , 
	 etc.    ///etc,   (, 
	,  etc),   ; 
[+] , ,   (  )  ,   - ;
[+]  -  xD;
=========================================================================================================
   :
[0] - ,    .          
	  . 
[1] - ,    .       ,   
	      e  .
	 

---------------------------------------------------------------------------------------------------------	  
XTG_TRASH_GEN
/ ,   ( )    xTG. 

[fmode]					: [0]
						     (-).   2   :
						  XTG_MASK  XTG_REALISTIC. 
						   , XTG_MASK aka "" -       
						  :  ,     -   
						  (  (  )).        
						  ,   .    slow-polymorphism'a. 1-  
						      . 
						   , XTG_REALISTIC aka "".     
						   ,   ,      
						    (  ).     
						   :  (  ms-), ,  
						       ,     
						   . 
						     ""     ,   
						   ""      .  
						      . 
						     ,   !
						  ,    :   fmode  ,   
						  XTG_REALISTIC,     ,    XTG_MASK.  
						     . 
						  ,    XTG_MASK  , , 2-3   ,  
						       - ,   .   (a  
						   );
						  
[rang_addr]				: [0]
						   .       -  . 
						     xTG ( =))   RANG32 ( ).     
						    ,       :
						  (stdcall) DWORD xRandNumGen(DWORD n);
						      ( EAX)   ()   
						  [0..n - 1].  ( EAX) ()      
						  .  , ,    (n)    =). 
						   ,     RANG32,    .
						  
[faka_addr]				: [0]
						       . etc.
						     xTG   FAKA.       , 
						      -   :
						  (stdcall) DWORD xGenFakeApi(DWORD xaddr);
						  xaddr -   ,  FAKA_FAKEAPI_GEN.    
						  ,       - ,   
						    -  xTG. 
						          .
						   ,     FAKA,    ,  
						  -; 
						  ,     ,       0;
						  
[faka_struct_addr]		: [0]
						    FAKA_FAKEAPI_GEN (    etc).  
						          (FAKA)   
						  xTG.
						  ,     ,       0;
						  
[xfunc_struct_addr]		: [0]
						    XTG_FUNC_STRUCT.    ( , 
						    ..)   ,    (xTG)    
						     ,       (, 
						     EBP) -    XTG_FUNC_STRUCT   
						      . 
						     (,     ..)    (xTG, 
						   ""   XTG_FUNC etc),     0. 
						      ,      0; 
						  
[xdata_struct_addr]		: [0]
						    XTG_DATA_STRUCT.     ,  
						  mov	ecx, dword ptr [403008h] etc, /  - 
						  (, ),     ()    
						     .
						       ,   0; 
						  
[alloc_addr]			: [0]
						     . ,     
						   ,         100%. 
						       ,       
						      ,           
						   . ,          
						  (  [free_addr]). 
						     :
						  (stdcall) DWORD xFuncAlloc(DWORD xsize);
						        --,   
						  ( EAX)   ,  xsize .    
						  ( EAX)   .
						   ,      0; 
						  
[free_addr]				: [0]
						     . ,     
						   ,         100%; etc;
						  t   :
						  (stdcall) DWORD/void xFuncFree(xaddr);
						         xaddr.    
						    .
						   ,      -    - 
						  ?
						  
[tw_trash_addr]			: [0]
						  ,    . ;
						  
[trash_size]			: [0]
						     ( );
						  
[xmask1] & [xmask2]		: [0]
						   (64- = 2 32-  )   .
						     (     )     
						  : XTG_MASK/XTG_REALISTIC.    xtg.inc,  ,  
						      XTG_MASK,    XTG_REALISTIC. 
						    ,   (  etc)      
						  XTG_REALISTIC,   XTG_FUNC,   [alloc_addr] & [free_addr] 
						    , ,  ,    ,  
						  . 
						    -  ,   
						   ,   XTG_FUNC  XTG_LOGIC; 
						  
[fregs]					: [0]
						   ().       ,  xtg.inc. 
						  , ,  [fregs] = XTG_EAX + XTG_EDX,  
						  -   ,    EAX & EDX   
						  /.  ,   ,   
						       ().   , , 
						    ( ) etc. 
						           3 
						  32-x   (    ).    
						   -      -    .
						  , ,   ,  [fregs] = XTG_EAX + XTG_ECX, 
						    EAX  ECX      -   
						   -  .      .
						   -  ebp & esp        
						     -; 
						  
[nobw]					: [1]
						     .    XTG_REALISTIC, 
						   [nobw] = [trash_size] (       
						   = [trash_size]).   : ,    
						  XTG_MASK, [trash_size] = 4 (), 
						  [xmask1] = XTG_NOT_NEG___R32 + XTG_THREE_BYTES_INSTR, [xmask2] = 0 (   
						      ).  ,   
						   movzx edx, dx (XTG_THREE_BYTES_INSTR).    = 3 . 
						        ,   [nobw] = 3  
						  ([nobw] < [trash_size]).   ,     
						     ,    = 2  
						  (not/neg reg32).      1  -     
						     . 
						  
[ep_trash_addr]			: [1]
						      .       
						  XTG_MASK,  [ep_trash_addr] = [tw_trash_addr].     
						  XTG_REALISTIC,    XTG_FUNC,  [ep_trash_addr] = [tw_trash_addr]. 
						      XTG_REALISTIC,     XTG_FUNC -  , 
						   ,   [ep_trash_addr] -     ,   
						    -. 
						  
[fnw_addr]				: [1]
						      /. 
---------------------------------------------------------------------------------------------------------


---------------------------------------------------------------------------------------------------------
XTG_FUNC_STRUCT
,  /   (,   ,  etc).    
XTG_GEN_TRASH.xfunc_struct_addr.

[func_addr]				: [0]
						   .      (  ) 
						   (  etc). 
						             .
						  
[func_size]				: [0]
						    ,       ;
						  
[call_num]				: [0]
						  -  (,    ) (call')    
						  (   [func_addr]); 
						  
[local_num]				: [0]
						  -    . 
						  ,      sub esp, 0Ch -  - 
						      = 0Ch (12) / 4 = 3   
						  ([local_num] = 3).    ;
						  
[param_num]				: [0]
						  -    . 
						   ,     . ? =)
						  ,   :
							push	ecx							;     
							push	dword ptr [ebp - 04]		; -  ,  2;
							call	func_x
						     func_x  [param_num] = 2;
---------------------------------------------------------------------------------------------------------


---------------------------------------------------------------------------------------------------------
XTG_DATA_STRUCT
,    ,   ,     -: 
,  etc.    XTG_TRASH_GEN.xdata_struct_addr

[xmask]					: [0]
						     -. 
						    ,    -.  , 
						  ,    ,    ,  
						    0;
						     -: , . 
						         xtg.inc; 
						  
[rdata_addr]			: [0]
						  ,    -; 
						        VirtualAddress (VA),    
						      (   ); 
						    0,  -   . 
						        -!  
						  -          ( - 
						     ).   ,  / - 
						    ,    ,    [xdata_addr]  
						    [xdata_size]. 
						      ()
						  [rdata_addr] + [rdata_size] 
						   
						  [xdata_addr] + [xdata_size]
						   ,      . 
						      ? 
						  ,      (.data).    = 405000h, 
						   = 5000h.  ,   :
						  [rdata_addr] = 405000h
						  [rdata_size] = 1000h
						  [xdata_addr] = 406000h
						  [xdata_size] = 1000h
						   ..      =); 
						   ,     4;
						  
[rdata_size]			: [0]
						     ();    >= 4 ();
						  
[rdata_pva]				: [0]
						      [rdata_addr]: VA    ? 
						          xtg.inc; 
						  
[xdata_addr]			: [0]
						     -       
						    ,  
						  add	ecx, dword ptr [403008h]
						  sub	dword ptr [40300Ch], edx
						   ; 
						      VA; 
						   ,     4; 
						  
[xdata_size]			: [0]
						     ;    >= 4 (); 
						  
[nobw]					: [1]
						  -    -. 
						   -   (, ,   ), 
						     ; 
---------------------------------------------------------------------------------------------------------


---------------------------------------------------------------------------------------------------------
FAKA_FAKEAPI_GEN
 ,      FAKA,     
XTG_TRASH_GEN.faka_struct_addr.

[mapped_addr]			: [0]
						     (     (   
						  MapViewOfFile)).
						  
[rang_addr]				: [0]
						   .     XTG_TRASH_GEN.rang_addr. 
						    FAKA    xTG,      
						   RANG32   .      :
						  FAKA_FAKEAPI_GEN.rang_addr = XTG_TRASH_GEN.rang_addr.     
						       (alloc_addr, free_addr, xfunc_struct_addr etc); 
						  
[alloc_addr]			: [0]
						     .  XTG_TRASH_GEN.alloc_addr
						  
[free_addr]				: [0]
						     .  XTG_TRASH_GEN.free_addr
						  
[xfunc_struct_addr]		: [0]
						    XTG_FUNC_STRUCT.  XTG_TRASH_GEN.xfunc_struct_addr. 
						   :  XTG_FUNC_STRUCT  ,   
						       -   . 
						  ,   ,       ,   
						      push dword ptr [ebp - 14] etc;
						  
[xdata_struct_addr]		: [0]
						    XTG_DATA_STRUCT.  XTG_TRASH_GEN.xdata_struct_addr
						   FAKA_FAKEAPI_GEN.xfunc_struct_addr. 
						   :        
						  push dword ptr [403008h] etc; 
						  
[tw_api_addr]			: [0]
						  ,      . 
						    FAKA    xTG,      0. 
						  xTG       ;
						           ,     
						     ;
						  
[api_size]				: [0]
						    -. - -  , 
						  ,  :
							push	0
							push	403000h
							push	403000h
							push	0
							call	MessageBoxA
						       ,    -    
						   -;        
						  =); 
						    FAKA    xTG,      0.
						  xTG        ( WINAPI_MAX_SIZE); 
						  
[api_hash]				: [0] [1]
						    (  VA)       .  
						    != 0,      ,     
						  .       ,    , 
						     [api_va]  VirtualAddress (VA  IAT),     
						     .       ( 
						  )  ,        
						  ([tw_api_addr])    .        
						  ,    . Ÿ     
						  (   [api_va]). 
						      = 0,          
						  (        ,    
						      ,  ,     );
						     ,   ,    , 
						             .   
						    ,    0; 
						  
[api_va]				: [1]
						       ( ),     
						   VA,       .  
						    ,    0;
						  
[nobw]					: [1]
						  -   ;
						  
[fnw_addr]				: [1]
						      ; 						  
---------------------------------------------------------------------------------------------------------

=========================================================================================================
:
[+]  x86 / ( );
[+]   (, );
[+]    ;
[+]  "" :
		x ;
		x ;
		x ;
		x ;
		x    ;
		x   - ( !); 
[+]   (,   ,  etc);
[+]   ;
[+] ; 
[+]   ;     ;
[+]     -   ;    ;
[+]   winapi;
[x]      ,       -   
=========================================================================================================
:

1. :
	xtg.obj / xtg.inc, xtg.asm, logic.asm
	
2.  ( stdcall):
	; /     test.asm (+ test.bat etc);
=========================================================================================================	
:

v2.0.0
=========================================================================================================
:

[v2.0.0]	:
				  v1.0.0       .   
				" "; 
			
[v1.0.0]	:
				 -  !
=========================================================================================================

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
											xTG
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx





								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx

								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
			
			
			
			
								 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
											FAKA
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

=========================================================================================================
I. 
FAKA
FAKe Api generator
 - (  -)
xtg.inc, faka.asm
=========================================================================================================
:
stdcall: DWORD FAKA(DWORD xparam);
xparam -  ()  FAKA_FAKEAPI_GEN.    :
	1.  -;
	2.     FAKA_FAKEAPI_GEN; 
	3. EAX =     //etc. 
=========================================================================================================
:
[+]    xTG;
[+]      xTG -         
	  FAKA';
[+] etc
=========================================================================================================
:
[+]       ;
[+]  (  )  ;
[+] ;
[+]     -   ;    ;
[+]   winapi;
[+]  ;     ;  
=========================================================================================================
:

1. :
	faka.obj / xtg.inc, faka.asm
	
2.  ( stdcall):
	; /     test.asm (+ test.bat etc),   
	; xtg.asm ( xwinapi_func); 
=========================================================================================================	
:

v2.0.0
=========================================================================================================
:

[v2.0.0]	:
				  v1.0.0       .   
				" ";
			
[v1.0.0]	:
				 -  !
=========================================================================================================                                                                                                       

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
											FAKA
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx





								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx

								xxxxx		xxxxx		xxxxx
								xxxxx		xxxxx		xxxxx
	

