; ; ; u must have soft-ice loaded !!! .586p .Model Flat extrn ExitProcess : PROC extrn MessageBoxA : PROC .Data caption db "daemon@I.LOVE.YOU.COM",0 text db "trace me! -> " to_decrypt db "love my feets, sucker",0 to_decrypt_end equ $ .Code Main: lea eax,handler ; pointer to my tracer push eax push dword ptr fs:[0] mov dword ptr fs:[0],esp ; set new exception handler int 1 ; generate an exception ; for debug register setup ;--- set up zero decryptor lea esi,to_decrypt mov edi,esi mov ecx,offset to_decrypt_end - offset to_decrypt decrypt:db 08dh,0c0h ; lea eax,eax -> generate exception xor byte ptr [ecx+esi],al loop decrypt push 0 push offset caption push offset text push 0 call MessageBoxA call ExitProcess handler:mov eax,[esp+04h] ; pointer to exception record mov eax,[eax] ; get exception code xor ecx,ecx cmp eax,80000004h ; single step ??? jne dont_setup_registers inc ecx dont_setup_registers: mov eax,[esp+0ch] ; pointer to context struc mov ebx,[eax+0b8h] cmp ecx,1 jne over_me lea edi,[eax+04h] xor eax,eax mov ecx,04h repz stosd ; kill debug register dr0-dr3 ret over_me:mov ebx,[eax+010h] ; get debug register #3 mov [eax+0b0h],ebx ; and store it in eax add dword ptr [eax+0b8h],02h ; update next eip xor eax,eax ret ; go back! End Main ;End of code, Main is the entrypoint