;
; Icedump detection
;
; muzic: Chris Liebing - Live @ ????
; coder: daemon
; lang : assembler
; os   : w9x ONLY!

.586p
.Model Flat

extrn ExitProcess     : PROC
extrn MessageBoxA     : PROC
extrn LoadLibraryA    : PROC
extrn GetProcAddress  : PROC



.Data
caption db "daemon",0
text    db "successfully passed the detection",0
text2   db "found icedump in memory!",0
found   dd ?

.Code
main:   push    edx
        sidt    [esp-2]                         ; Interrupt table to stack
        pop     edx

        add     edx,02ch
        mov     ebx,[edx]
        mov     bx,word ptr [edx-4]

        sub     edx,5*8+4
        mov     eax,1*8+4
        mov     ebx,[edx+eax]
        mov     bx,[edx+eax-4]

        mov     eax,3*8+4
        mov     ecx,[edx+eax]
        mov     cx,[edx+eax-4]
        add     edx,eax

        mov     eax,ebx
        ror     eax,24
        and     eax,00000000Fh          ; when icedump is active we will
                                        ; get a '1' here
        test    eax,eax
        jz      nx1
        inc     dword ptr [found]
nx1:    mov     eax,[ebx]
        cmp     ax,0FF36h               ; icedump will hold FF36h here!
        jne     nx2
        inc     dword ptr [found]
nx2:    push    0
        push    offset caption
        push    offset text
        cmp     found,0
        je      okay
        mov     eax,offset text2
        mov     [esp],eax
okay:   push    0
        call    MessageBoxA

        call    ExitProcess

End Main                        ;End of code, Main is the entrypoint