; the cruel way !!!         
;
; coder: daemon
; muzic: green velvet
; language: assembler (tasm)
; os: 9x only
;          

.586p
.Model Flat


extrn     ExitProcess     : PROC
extrn     MessageBoxA     : PROC
extrn     GetTickCount    : PROC

.Data                                        
caption     db "daemon",0
text        db "detected Icedump!",0
text2       db "NO ICEDUMP FOUND!",0
found_it    dd ?

.Code
Main:
        push    edx
        sidt    [esp-2]                         ; Interrupt table to stack
        pop     edx
        add     edx,5*8+4                       ; Get interrupt vector

        mov     ebx,[edx]
        mov     bx,word ptr [edx-4]     

        lea     edi,setup

        mov     [edx-4],di
        ror     edi,16                  
        mov     [edx+2],di

        push    ds
        push    es
        int     5
        pop     es
        pop     ds

        mov     [edx-4],bx
        ror     ebx,16
        mov     [edx+2],bx
        push    0
        push    offset caption
        cmp     found_it,1
        jne     normal
        push    offset text
        jmp     yep
normal: push    offset text2
yep:    push    0
        call    MessageBoxA
        call    ExitProcess


;---------------------------------------------------------------------------
; ring-0 routine that checks our interrupt 0x68 :)
;
setup:  pushad
        pushfd
        push    ebx
        db      0cdh,020h,03h,00h,01h,00h  ;   VMMCall  Get_Sys_VM_Handle
        mov     eax,068h
        db      0cdh,020h,041h,01h,01h,00h ;   VMMCall  Get_Instanced_V86_Int_Vector
        movzx   ebx,ax
        shr     eax,0ch
        and     al,0F0h
        add     eax,ebx
        cmp     byte ptr [eax],0CFh        ; iret ????
        jne     back
	inc     found_it
back:   pop     ebx
        popfd
        popad
        iret
;
;
;---------------------------------------------------------------------------

End Main                        ;End of code, Main is the entrypoint