; MemScan code for Slayer
; Slayer - a desktop anti-virus for RISC OS
; Copyright (C) 1996 - 2000 Kiwi Software (UK)
;
; This program is free software; you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation; either version 2 of the License, or
; any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program; if not, write to the Free Software
; Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
;
; info@kiwisoft.co.uk
; -------------------------------------------------------------------------


; Version 0.03 last updated 3/9/98 (Luke)

#base 0
#type &FFD
#name ^.MSEngine
#smile		;sad but true
TEMP	r11

;r9 is used for viruses found count
;r10 is used for removal success count

			;debug code to test module SWI problems
			mov		r0,r0
			mov		r0,r0
			mov		r0,r0

			stmfd		r13!,{r14}

			mov		r9,#0	; no viruses found
			mov		r10,#0	; none successfully removed

			bl		scan_for_extend
			bl		scan_for_sysutils
			bl		scan_for_irqfix
			bl		scan_for_netstatus
			bl		scan_for_bbceconet
			bl		scan_for_link
			bl		scan_module_list
			bl		scan_task_list

.exit			adr		r8,result_block
			str		r9,[r8,#0]
			str		r10,[r8,#4]
			mov		r0,r9
			mov		r1,r10	;for use from Slayer SWI's
			ldmfd		r13!,{pc}

.scan_for_extend	mov		r0,#18
			adr		r1,extend_name_string
			swi		XOS_Module
			movvs		pc,r14	;not found, jump to next

			mvn		r0,#0
			adr		r1,irqfix_extend_string
			add		r2,r3,#&40
			swi		Territory_Collate
			movne		pc,r14

			add		r9,r9,#1
			stmfd		r13!,{r14}
			bl		remove_extend
			ldmfd		r13!,{r14}
			mov		pc,r14

.scan_for_sysutils
			mov		r0, #18
			adr		r1, sysutils_name_string
			swi		XOS_Module
			movvs		pc, r14 ; virus not found, bugger off.

			stmfd		r13!, {r14}
			bl		remove_sysutils
			ldmfd		r13!, {pc}^

.scan_for_irqfix	mov		r0,#18
			adr		r1,irqfix_name_string
			swi		XOS_Module
			movvs		pc,r14	;not found, jump to next
			mvn		r0,#0
			adr		r1,irqfix_extend_string
			add		r2,r3,#&40
			swi		Territory_Collate
			movne		pc,r14
			add		r9,r9,#1
			mov		r0,#4
			adr		r1,irqfix_name_string
			swi		XOS_Module
			addvc		r10,r10,#1
			mov		pc,r14

.scan_for_netstatus	mov		r0,#18
			adr		r1,netstatus_name_string
			swi		XOS_Module
			movvs		pc,r14	;not found, jump to next
			mvn		r0,#0
			adr		r1,netstatus_check_string
			add		r2,r3,#&36
			swi		Territory_Collate
			movne		pc,r14

			add		r9,r9,#1
			mov		r0,#4
			adr		r1,netstatus_name_string
			swi		XOS_Module
			addvc		r10,r10,#1
			mov		pc,r14

.scan_for_link		mov		r0,#18
			adr		r1,link_name
			swi		XOS_Module
			movvs		pc,r14	;not found

			ldr		r0,[r3,#&450]
			ldr		r1,link
			teq		r0,r1
			movne		pc,r14

			add		r9,r9,#1
			mov		r0,#4
			adr		r1,link_name
			swi		XOS_Module
			addvc		r10,r10,#1
			mov		pc,r14

.scan_for_bbceconet	mov		r0,#18
			adr		r1,bbceconet_name
			swi		XOS_Module
			movvs		pc,r14	;not found

			mvn		r0,#0
			adr		r1,bbceconet_check_string
			add		r2,r3,#&2F4
			swi		Territory_Collate
			movne		pc,r14

			add		r9,r9,#1
			mov		r0,#4
			adr		r1,bbceconet_name
			swi		XOS_Module
			addvc		r10,r10,#1
			mov		pc,r14


.scan_module_list	mov		r0,#12
			mov		r1,#0
			mov		r2,#0

.module_list_again	swi		XOS_Module
			movvs		pc,r14		;end of module list

;check for Jester
			ldr		r6,[r3,#&90]
			ldr		r7,jest_number
			teq		r6,r7
			addeq		r9,r9,#1
			stmeqfd		r13!,{r0-r2,r14}
			bleq		remove_jester
			ldmeqfd		r13!,{r0-r2,pc}

;check for module
			mvn		r7,#3
			ldr		r6,[r3,r7]
			ldr		r7,[r3,#4]
			sub		r6,r6,r7

			cmp		r6,#956
			blt		module_list_again
			cmp		r6,#960
			bgt		module_list_again

;okay this could well be the module virus - deeper check needed
			add		r7,r7,#&3A4
			ldr		r6,[r3,r7]
			ldr		r7,module_number
			teq		r6,r7
			addeq		r9,r9,#1
			stmeqfd		r13!,{r0-r2,r14}
			bleq		remove_module
			ldmeqfd		r13!,{r0-r2,r14}

			b		module_list_again

.scan_task_list		mov		r0,#0

.repeat_task_check	adr		r1,workspace
			mov		r2,#24
			swi		TaskManager_EnumerateTasks
			cmp		r0,#0
			movlt		pc,r14
			mov		r6,r0	;store next task pointer

			mvn		r0,#0
			adr		r4,workspace
			ldr		r1,[r4,#4]
			ldr		r7,[r4,#0]

;check for datadqm
			adr		r2,datadqm_name
			swi		Territory_Collate
			addeq		r9,r9,#1
			stmeqfd		r13!,{r0-r2,r14}
			bleq		remove_wimptask
			ldmeqfd		r13!,{r0-r2,r14}

;check for bigfoot
			mvn		r0,#0
			adr		r2,bigfoot_name
			swi		Territory_Collate
			addeq		r9,r9,#1
			stmeqfd		r13!,{r0-r2,r14}
			bleq		remove_wimptask
			ldmeqfd		r13!,{r0-r2,r14}

;check for honeymonster
			mvn		r0,#0
			adr		r2,honeymonster_name
			swi		Territory_Collate
			addeq		r9,r9,#1
			stmeqfd		r13!,{r0-r2,r14}
			bleq		remove_wimptask
			ldmeqfd		r13!,{r0-r2,r14}

;check for simple
			mvn		r0,#0
			adr		r2,simple_name
			swi		Territory_Collate
			ldreq		r5,[r4,#12]
			moveq		r0,#1
			andeq		r0,r0,r5
			teq		r0,#0
			addeq		r9,r9,#1
			stmeqfd		r13!,{r0-r2,r14}
			bleq		remove_wimptask
			ldmeqfd		r13!,{r0-r2,r14}

;check for icon5859
			mvn		r0,#0
			adr		r2,icon5859_name
			swi		Territory_Collate
			ldreq		r5,[r4,#12]
			moveq		r0,#1
			andeq		r0,r0,r5
			teq		r0,#0
			addeq		r9,r9,#1
			stmeqfd		r13!,{r0-r2,r14}
			bleq		remove_wimptask
			ldmeqfd		r13!,{r0-r2,r14}

;check for generic
			ldr		r0,[r1]
			teq		r0,#&20	;icon
			teqne		r0,#&A0	;MonitorDAT
			addeq		r9,r9,#1
			stmeqfd		r13!,{r0-r2,r14}
			bleq		remove_wimptask
			ldmeqfd		r13!,{r0-r2,r14}

			mov		r0,r6
			b		repeat_task_check


#include "MSEng:s.remove"

.jest_number		dcd		&65722049

.module_number		dcd		&968B9E8D

.netstatus_name_string	dcb		"NetStatus",0
			align

.netstatus_check_string	dcb		"NetStatus	3.07 (15 Sep 1988)",0
 			align

.irqfix_name_string	dcb		"IRQFix",0
			align

.irqfix_extend_string	dcb		"1.56 (08 Jul 1989)",0
			align

.extend_name_string	dcb		"Extend",0
			align

.sysutils_name_string	dcb		"SystemUtils",0
			align

.datadqm_name		dcb		"TaskManager",0
			align

.bigfoot_name		dcb		"BigFoot",0
			align

.simple_name		dcb		"Filer",0
			align

.link_name		dcb		"BSToDel",0
			align

.link			dcb		"LINK"
			align

.bbceconet_name		dcb		"BBCEconet",0
			align

.honeymonster_name	dcb		"The Honey Monster",0
			align

.icon5859_name		dcb		"V Protect",0
			align

.bbceconet_check_string	dcb		"%.Squeeze",0
			align

.workspace		dbb		28
			align

.copyright_string	dcb		" Kiwi Software (UK), 1999",0
			align

.result_block		dcd		0
			dcd		0

.copyright_str_pointer	dcd		copyright_string

.infoblocks_date	dcd		0
			dcd		0

.infoblocks_v_known	dcd		15

.plugin_reserved	dcd		0

.infoblocks_version	dcd		(0.06 * 100)

.plugin_crc		dcd		0

.plugin_header		dcb		"SLAY"
