Who can code?

[Pack3t SynAck3r]

Indecently, I have some c code I wrote that I'd like you to look at because it acting wonky and I have not yet been able to find a solution. I got irritated and stepped back from it for a while. It is simple enough for me not to suffer that thing that we do where we can't, for the life of us, understand our own code after being away from it for too long. Heh, do you know what I'm typing about?

Send it on over and give me a brief synopsis on what you are trying to accomplish and what your problem is. I would be more than happy to take a look at it. As far as the scratching your head at code that you have stepped away from....indeed. I have about 30 half written programs that on a few of them I forget what I was trying to accomplish at all. An example of one I remember but the method I was using is a little cloudy

Code:

void InstallRegistryHooks (void)  
{  
    __asm  
    {  
        push    eax  
        mov     eax, CR0  
        and     eax, 0FFFEFFFFh  
        mov     CR0, eax  
        pop     eax  
    }  
  
    Real_ZwCreateKey = (T_ZwCreateKey) InterlockedExchange((PLONG) &SYSTEMSERVICE(ZwCreateKey),  
                                                        (LONG)Hook_ZwCreateKey);  
  
  
    Real_ZwOpenKey = (T_ZwOpenKey) InterlockedExchange((PLONG) &SYSTEMSERVICE(ZwOpenKey),  
                                                        (LONG)Hook_ZwOpenKey);  
  
  
    Real_ZwEnumerateKey = (T_ZwEnumerateKey) InterlockedExchange((PLONG) &SYSTEMSERVICE(ZwEnumerateKey),  
                                                        (LONG)Hook_ZwEnumerateKey);  
  
  
    __asm  
    {  
        push    eax  
        mov     eax, CR0  
        or      eax, NOT 0FFFEFFFFh  
        mov     CR0, eax  
        pop     eax  
    }  
    return ;  
}  
  
  
/*  
* Remove the hook  
*/  
void RemoveRegistryHooks (void)  
{  
    __asm  
    {  
        push    eax  
        mov     eax, CR0  
        and     eax, 0FFFEFFFFh  
        mov     CR0, eax  
        pop     eax  
    }  
    InterlockedExchange( (PLONG) &SYSTEMSERVICE(ZwCreateKey), (LONG) Real_ZwCreateKey);  
    InterlockedExchange( (PLONG) &SYSTEMSERVICE(ZwOpenKey), (LONG) Real_ZwOpenKey);                
    InterlockedExchange( (PLONG) &SYSTEMSERVICE(ZwEnumerateKey), (LONG) Real_ZwEnumerateKey);  
    __asm  
    {  
        push    eax  
        mov     eax, CR0  
        or      eax, NOT 0FFFEFFFFh  
        mov     CR0, eax  
        pop     eax  
    }  
}

Now mind you this is only a snippet but it is someone difficult to go and look at it when I started it three years ago. The purpose of the code is to create null embedded registry keys that use NativeAPI and unicode text as opposed to the WINAPI and ASCII text. The WinAPI can only read ascii and so if you create a registry key with unicode it is impossible to read or edit it with any program that was built with the WinAPI like regedit, or pretty much any a/v product that is in existence. The ASM I put in is directly correlated from info retrieved while debugging a virtual machine so I could view memory output in real time. Problem is I lost the logs from my debugger in a HDD crash and so I never was able to finish. Besides that train of thought has long left the station. If I ever feel like rebuilding the bochs virtual machine with all the handles I had instituted perhaps I will finish, although it is more likely I would start from scratch. It was just something I was doing for fun anyway. In all actuality the program is more a weapon of evil than good, but I SUPPOSE it could be used to embed restricted security policies as Mark had been posting about recently.