// filter to decrypt the Matrioska layers
// compile as "cl no_matrioska.c map.c"
// coded by bilbo - 30nov04

#include <windows.h>
#include <stdlib.h>
#include <assert.h>
#include "map.h"

BYTE l_end[] = { 0xC3, 0xB9 };

void
main(void)
{
	int i,  // layer index
		j, k;
	DWORD curbias, layerend, layerstart, layersize;
	LPBYTE add;

	map("0x90.exe");
	add = addy;

		// initialize first layer
	layerstart = 0x517D;
	layerend = 294912-0x68;

		// a loop per layer
	for (i=0, curbias=0x4635E; /*no limits*/; i++, curbias-=0xE6) {

		printf ("\nLAYER %d AT %x\n", i, 0xDE0000+layerstart);

		for (curbias=layerend; curbias>layerstart; curbias--) {
			if (!memcmp(add+curbias, l_end, sizeof(l_end))) {

				layersize = *(LPDWORD)(add + curbias + 2);
				layerstart = *(LPDWORD)(add + curbias + 16) - 0xDE0000;
				layerend = layerstart + layersize;
				assert(*(LPBYTE)(add + curbias + 13) == 0xC3);
				printf("found layer at %x-%x %x\n",
					layerstart+0xDE0000, layerend+0xDE0000, layersize);

					// decrypt the layer found
				for (j=layersize, k=0; j>0; j--,k++)
					*(add+layerstart+k) ^= (BYTE)j;

				break;  // start a new layer
				}
			}
		if (curbias == layerstart) {
			printf("no more layers found\n");
			exit(0);
			}
		}
}