;
; DETECTING ICEDUMP 6.0.2.4
;
; the easy way :))
;
; muzic: DJ T-1000 - live in detroit
; coder: daemon
; lang : assembler
; os   : w9x ONLY!

.586p
.Model Flat

extrn ExitProcess     : PROC
extrn MessageBoxA     : PROC
extrn LoadLibraryA    : PROC
extrn GetProcAddress  : PROC



.Data
caption db "daemon",0
text    db "not detected! @ least NOT version 6.0.2.4!",0
text2   db "SORRY, but i've detected icedump (@ least v6.0.2.4) in here :)",0
found   dd ?

.Code
main: push offset handler
      push dword ptr fs:[0]
      mov  dword ptr fs:[0],esp                 ; set-up new exception handler
      db   08dh,0c0h                            ; cause first exception (setup)
      nop                                       ; and the single step afterwards
      push 0
      push offset caption     
      cmp  found,0
      je   not_found
      push offset text2
      jmp  go_on
not_found:
      push offset text
go_on:push 0
      call MessageBoxA                          ; give out MsgBox
      call ExitProcess                          ; and exit my Process

;-----------------------------------------------
;
; and here is the exception handler
;
;
;-----------------------------------------------

handler:
      mov  eax,[esp+04h]
      mov  ebx,[esp+0ch]                        ; get context struc pointer
      cmp  dword ptr [eax],080000004h           ; single step ???
      je   int_1
      and  dword ptr [ebx+014h],0               ; reset dr6!
      bts  dword ptr [ebx+018h],013             ; set gd-flag!  
      bts  dword ptr [ebx+0c0h],08h             ; set trap flag!
      add  dword ptr [ebx+0b8h],02h             ; increase eip in c_structure
      jmp  retu
int_1:bt   dword ptr [ebx+018h],013             ; bit test => GD FLAG
      jc   retu                                 ; test for carry flag
      inc  found                                ; 
retu: xor  eax,eax
      ret                                       ; return from exception handler
End Main                        ;End of code, Main is the entrypoint