RRLF ZINE ISSUE SEVEN

Windows or Linux (WINE)
by Anonymous
;; Windows or Linux (WINE)
;;
;; This code figures out if it runs at Windows or
;; at Linux (WINE). At windows, it creates a MessageBox.
;; At Linux, it uses a Linux function to write to the
;; current console. This is interesting by the fact, that
;; WINE could be used for infecting Windows AND Linux files.
;;
;; The reason is, that WINE Is No(t) Emulation or sandbox,
;; but "simply" loads the Windows Libraries to be used by
;; the PE file.
;;
;; The tool is not interesting because of coding, but because
;; we can use WINE to create more effective cross-platform viruses.
;;
;; The SEH has been taken from (http://www.rohitab.com/sourcecode/seh.html)
;; Thanks a lot!
;;
;; Compile:
;; TASM32 /ml WINE
;; TLINK32 WINE,WINE,,IMPORT32.LIB


.386p
.model flat ,stdcall

EXTRN ExitProcess:PROC
EXTRN MessageBoxA:PROC

@TRY_BEGIN MACRO Handler
        pushad                          ; Save Current State
        mov esi, offset Handler         ; Address of New Exception Handler
        push esi                        ; Save Old Exception Handler
        push dword ptr fs:[0]           ; Install New Handler
        mov dword ptr fs:[0], esp
ENDM

@TRY_EXCEPT MACRO Handler
        jmp NoException&Handler         ; No Exception Occured, so jump over
Handler:        mov esp, [esp + 8]      ; Exception Occured, Get old ESP
        pop dword ptr fs:[0]            ; Restore Old Exception Handler
        add esp, 4                      ; ESP value before SEH was set
        popad                           ; Restore Old State
ENDM

@TRY_END MACRO Handler
        jmp ExceptionHandled&Handler    ; Exception was handled by @TRY_EXCEPT
NoException&Handler:                    ; No Exception Occured
        pop dword ptr fs:[0]            ; Restore Old Exception Handler
        add esp, 32 + 4                 ; ESP value before SEH was set. 32 for pushad and ...
ExceptionHandled&Handler:               ; ...4 for push offset Handler. (No Restore State)
                                        ; Exception has been handled, or no exception occured
ENDM

.data
        szCaption       db 'Windows and LINUX (WINE)', 0
        windows         db 'I am running under Windows', 0
        linux           db 'I am running under Linux (WINE)', 0

.code

WinMain:

@TRY_BEGIN Zero_Address_Access

        mov     edx, 31                 ; Length to write
        mov     ecx, offset linux       ; What to write
        mov     ebx, 1
        mov     eax, 4                  ; Function: Console Write
        int     80h                     ; Linux System Call

@TRY_EXCEPT Zero_Address_Access

        call    MessageBoxA, 0, offset windows, offset szCaption, 0
        jmp     ExitProgram

@TRY_END Zero_Address_Access

ExitProgram:     
        call    ExitProcess, 0
END WinMain