The Fred Fish Collection 1.5

home *** CD-ROM | disk | FTP | other *** search

/ The Fred Fish Collection 1.5 / ffcollection-1-5-1992-11.iso / ff_disks / 200-299 / ff280.lzh / Berserker / Berserker.S < prev next >

Wrap

Text File | 1989-11-20 | 19KB | 763 lines

************************************************************************** * * B E R S E R K E R III + * ----------------------- * * © Copyright 1988, 1989 by Ralf Thanner * * This code is entirely written in assembler for the Kuma Seka assembler * * Executable program and source code are both in the PUBLIC-DOMAIN! * * A small copy fee for Berserker is okay, but anything which looks like * commercial redistribution is forbidden (remember that!). * ************************************************************************** * * REVISION HISTORY: * ================= * * V1.0 - Just a primitive SCA finder and killer. * * V1.c - Added Byte Bandit & Byte Warrior killer. * - Improved SCA & SCA mutants killer routine. * * V2.b - Now also finds the Exterminator (LAMER). * * V2.d - Now also finds the first link virus (IRQ TEAM 41). * * V2.e - Added alert box by Olaf Barthel. * - Some cleanups and bug-fixes done. * * V2.e+ - Doesn't refuse to work with Kick 1.3 any more. * - Added custom bootblock writer. * - Added kill cold-cool vectors; * There are just too many SCA clones on the market * and it is saver to clear these pointers * * V3.0 - Now also finds the BSG 9 link virus. * - Second (and final?) code cleanup for public * release (YEAH!!!). * - Removed the custom bootblock writer, too many guys * thought Berserker to be some kind of virus in * disguise. * * V3.0+ - Extended to find Gaddafi and Disk-Doctor viruses. * ************************************************************************** * * This is the assembly language source code for BERSERKER III + * (Cleaned up on request from Ralf Thanner by Olaf 'Olsen' Barthel) * ************************************************************************** ; ; ; exec.library ; openlib = -552 closelib = -414 forbid = -132 permit = -138 findname = -276 ; ; dos.library ; write = -48 output = -60 ; ; intuition.library ; dispalert = -90 ; ; ****************************************************************** powerup: movem.l d0-d7/a0-a6,-(a7); save registers bset #1,$bfe001 ; Turns the LED off for better ; sound on Amiga 500 & 2000 move.l d0,d4 ; Stuff from CLI move.l a0,a4 move.l $04.w,a6 ; $04 is ExecBase jsr forbid(a6) ; forbid it all bsr opendos ; Opens dos.lib to get ; the output handle.... bra regcheck ; Tests if user wants ; instructions... exit1: * Gadaffi search must be before SCA search, both use * cool-capt. and SCA searches only for DoIO (also in Gadaffi) bsr gad ; Gadaffi bsr disk bsr sca ; Checks for SCA & mutants bsr bytebandit bsr dasa ; Checks for Byte Warrior bsr irq bsr bsg bsr exterminator bsr killcold_cool ; Always clear the cold and ; the cool capture move.w virusflag,d0 cmp.w #0,d0 ; No virus found!!!! bne.s exit4 ; Lucky ones... move.l #mes1,d2 move.l #mes1length,d3 bsr.s writer bra.s exit3 exit4: bsr.L alert ; Virus found exit3: move.l $04.w,a6 jsr permit(a6) ; Allow it all bsr closedos movem.l (a7)+,d0-d7/a0-a6; regs back moveq #00,d0 ; For clear entry into CLI rts ; Back to CLI... *********************** sub routines ********************************* writer: move.l dosbase,a6 ; Throws text into the CLI move.l outputhandle,d1 ; window jsr write(a6) rts killcold_cool: move.l $04.w,a6 moveq #0,d3 move.l d3,46(a6) ; cool-capture normal move.l d3,42(a6) ; cold-capture normal move.l d3,50(a6) lea 34(a6),a0 ; New execbase checksum clr.w d0 moveq #$17,d1 kcc1: add.w (a0)+,d0 dbf d1,kcc1 not.w d0 move.w d0,(a0) rts alert: lea IntName,a1 move.l $04.w,a6 moveq #00,d0 ; Version = 0 jsr openlib(a6) move.l d0,IntBase ; Buffering the IntuiBase move.l d0,a6 lea alert1,a0 moveq #00,d0 ; Recovery Alert move.l #28,d1 jsr dispalert(a6) move.l IntBase,a1 ; Close... move.l $04.w,a6 ; ...Intuition jsr closelib(a6) rts regcheck: cmpa.w #2,d4 ; 2 signs ( ? and <ret> ) ?? bne.s regcheck1 move.l (a4),d0 swap d0 cmp.w #$3f0a,d0 ; Yes it was the '?' bne.s regcheck1 move.l #mes11,d2 ; Prints out the instructions move.l #mes11length,d3 bsr.L writer jmp exit3 regcheck1: jmp exit1 opendos: move.l $04.w,a6 ; Open's dos.library moveq #00,d0 lea.l dosname,a1 ; And gets outputhandle jsr openlib(a6) ; for the messages... move.l d0,dosbase move.l d0,a6 jsr output(a6) move.l d0,outputhandle rts closedos: move.l $04.w,a6 ; What do you think ??? move.l dosbase,a1 jsr closelib(a6) rts ****************** V I R U S K I L L I N G P A R T **************** disk: move.l $04.w,a6 ; Disk-Doc uses cold & cool capture move.l 46(a6),d0 cmp.l #0,d0 ; No other virus uses both beq.L dd0 ; pointers... [ hope so !!! ] move.l 42(a6),d0 cmp.l #0,d0 beq.L dd0 move.l 42(a6),diskdoc ; I had to add this very move.l diskdoc,a0 ; complicated routine because add.l #$c4,a0 ; Disk-Doc uses or changes: move.l a0,a1 ; - cool capt. addq.l #4,a1 ; - cold capt. move.w #$4e75,(a1) ; - DoIO jsr (a0) ; - 148(a6) [what's that?] move.l a2,diskdoc1 ; - The task of clipboard.device addq.l #6,a2 move.l a2,a3 ; This routine gets the adress of addq.l #4,a2 ; its task routine and cuts it off move.w #$4e75,(a2) jsr (a3) move.l a0,diskdoc2 bsr.L killcold_cool move.l $04.w,a6 move.l #$fc06dc,-$1c6(A6); Only Kick 1.2 values, on 1.3 move.l #$fc12fc,148(a6) ; Disk-Doc shouldn't work... move.l diskdoc,a0 move.l a0,a1 add.l #$1a0,a1 moveq #0,d0 dd2: move.l d0,(a0)+ cmpa.l a0,a1 bge.s dd2 move.l diskdoc1,a2 move.w #$4e75,(a2) move.l diskdoc2,a2 move.w #$4e75,(a2) move.w #$1941,virusflag move.l #mes6,d2 move.l #mes6length,d3 bsr.L writer dd0: rts ******************************************************************** * * DISK-DOCTOR * * - After each reset Disk Doctor allocates more memory * - This was in my opinion the best one, although it could be * better: - it uses DoIO pointer from Kick 1.2 * - you can read it in the boot (crash on 1.3) * - it uses the clipboard task for its dirty work * - it uses cold & cool capture to stay in memory * * For such kind of virus Guardian or VirusX are the best killers!! * ( Find them in the boot and fight them when they are harmless! ) ************************************************************************ gad: move.l $04.w,a6 ; Gadaffi uses cool capture cmp.l #0,46(a6) ; for its dirty work... beq.s gad0 ; no cool capture set cmp.l #$47414441,$7fb40; Gadaffi bne.s gad0 ; is ALWAYS to be found at $7fb00 move.l -$1c6(a6),d5 ; $4b0 with 512 kb swap d5 cmp.w #$fc,d5 ; $fc06dc (1.2) $fc0718 (1.3) beq.s gad0 move.l 46(a6),gadaf bsr.L killcold_cool ; Clear its cool pointer move.l $04.w,a6 move.l #$fc06dc,-$1c6(A6) move.l d0,546(a6) ; Clear kicktagptr... move.l d0,550(a6) move.l d0,554(a6) move.l gadaf,a0 sub.l #$dc,a0 move.l a0,a1 add.l #$400,a1 moveq #0,d0 gad2: move.l d0,(a0)+ cmpa.l a0,a1 bge.s gad2 move.w #$1941,virusflag move.l #mes4,d2 move.l #mes4length,d3 bsr.L writer gad0: rts ******************************************************************** * * GADAFFI is a mutant version of Byte Warrior * * - It changes cool capture, kicktag. and DoIO * - It is much more stupid than Byte Warrior: * -> you can read it in the boot... * -> normally it crashes with Kick 1.3 because * he uses the DoIO vector of 1.2 itself * - After 12 resets it tries to kill your drive, or * was it playing a drive music (I don't see any difference). * ******************************************************************** bsg: move.l $04.w,a6 move.l 546(a6),d0 ; BSG 9 is a resident module adda.l 550(a6),d0 ; It is still in memory after adda.l 554(a6),d0 ; a reset cmp.l #0,d0 beq.s bsgende move.l 550(a6),a0 ; Searching from A0 move.l a0,a1 add.l #$1000,a1 ; Searching to A1 move.l #$00005454,d0 ; Searching for 'TT' moveq #0,d1 bsg0: move.w (a0)+,d1 cmp.w d1,d0 beq.s bsg1 cmpa.l a0,a1 bge.s bsg0 rts ; Nothing found ! ; It is not always a virus which ; uses these pointers bsg1: move.w #$5631,d0 move.w (a0),d1 cmp.w d1,d0 bne.s bsg0 moveq #0,d0 ; Kills it from beginning move.l a0,a1 ; to 'TTV1' <- its end marker move.l 550(a6),a0 bsg2: move.l d0,(a0)+ cmpa.l a0,a1 bne.s bsg2 move.l d0,546(a6) ; Clear kicktagptr... move.l d0,550(a6) move.l d0,554(a6) move.w #$1941,virusflag move.l #mes2,d2 move.l #mes2length,d3 bsr.L writer bsgende: rts ***************************************************************** * * BSG 9 is an intelligent version of a link virus * * - It always modifies the FIRST file of the startup- * sequence * - The file now always is about 2608 bytes long * - The old file in in the devs dir with * spaces instead of a name now * - After the fourth or fifth reset it turns the * screen black and prints out its stupid message. * ******************************************************************* irq: ; changes oldopen move.l $04.w,a6 move.l -$196(a6),d4 swap d4 cmp.b #$fc,d4 ; V1.2 00fc1430 V1.3 00fc146c beq.s irq5 move.w #$1942,virusflag move.l -$196(a6),a4 add.w #8,a4 move.l #$4e714e71,(a4) ; Castrate virus move.l $04.w,a5 sub.l #$196,a5 ; In this part the old move.l (a5),a4 ; oldopenlib call add.l #18,a4 ; is restored... move.l (a4),(a5) move.l #mes3,d2 move.l #mes3length,d3 bsr.L writer irq5: rts ********************************************************** * * The IRQ Team Virus was the first link virus * on AMIGA... * * It uses oldopenlibrary for its dirty work. * In order to work properly with all Kickstart * versions the IRQ-virus saves the replaced * sytemcall in memory. * To let my Berserker work with all kick versions * I just grab his saved sytemcall in order to * throw him out properly... * ********************************************************** exterminator: ; in trddevice, doio & kicktag... ($4678, $414, $898) move.l $4.w,a6 lea 350(a6),a0 lea trddevice,a1 ; Searches first jsr findname(a6) ; for trackdisk.device move.l d0,a0 sub.l #28,a0 move.l a0,exter move.l exter,d4 swap d4 cmp.b #$fe,d4 ; Is the pointer normal (V1.2) beq.L exe4 cmp.b #$ff,d4 beq.L exe4 ; Is the pointer normal (V1.3) move.l $04.w,a6 move.l a6,a5 sub.w #$262,a5 ; In A5 now Exterminator's address.. move.l a5,exter1 move.l (a5),d4 swap d4 cmp.b #$fc,d4 ; Is it the normal system call? beq.L exe4 move.l exter1,a5 move.l (a5),a0 sub.l #$14e,a0 move.l a0,a1 add.l #$400,a1 moveq #0,d1 moveq #0,d0 exe7: move.w #$4c41,d0 ; We are looking for 'LAMER' move.w (a0)+,d1 cmp.w d1,d0 beq.s exe2 cmpa.l a0,a1 bge.s exe7 rts exe2: move.w #$4d45,d0 move.w (a0),d1 cmp.w d1,d0 bne.s exe7 add.l #28,a0 ; Here exteminator saves his move.l (a0)+,a1 ; changed system calls move.l (a0)+,a2 move.w #$1941,virusflag moveq #0,d0 move.l $04.w,a6 ; Clear resident structures move.l d0,546(a6) move.l d0,550(a6) move.l d0,554(a6) move.l exter1,a0 ; Correct both pointers move.l a1,(a0) move.l exter,a0 move.l a2,(a0) move.l exter1,a5 ; Crucify it move.l (a5),a0 sub.l #$14e,a0 move.l a0,a1 add.l #$400,a1 moveq #0,d0 exe5: move.l d0,(a0)+ cmpa.l a0,a1 bge.s exe5 move.l #mes9,d2 move.l #mes9length,d3 bsr.L writer exe4: rts sca: move.l $04.w,a6 move.l 46(a6),d2 ; Cold-capture cmp.l #0,d2 bne.s sca1 rts sca1: move.w #$1941,virusflag move.l 46(a6),a0 move.l a0,a1 sub.l #$3e,a0 ; We are now searching add.l #$400,a1 ; for jsr -456(a6) [DoIO] moveq #0,d1 ; if cold capture is set moveq #0,d0 ; and in the routine is sca2: ; a DoIO it is 100% a move.w #$4eae,d0 ; virus ( mostly mutants) move.w (a0)+,d1 cmp.w d1,d0 beq.s sca3 cmpa.l a0,a1 bge.s sca2 rts ; Nothing found sca3: move.w #$fe38,d0 move.w (a0),d1 cmp.w d1,d0 bne.s sca2 move.l $7eff0,d2 ; Here is the direct test cmp.l #$53434121,d2 ; if it is SCA or AEK or LSD beq.s sca4 ; if it is none of them it is ; another mutant SCA... cmp.l #$4c534421,d2 ; AEK beq.s scamutants cmp.l #$41454b21,d2 ; LSD beq.s scamutants bne.s scamutants sca4: move.l #mes5,d2 ; SCA move.l #mes5length,d3 bsr.L writer bra.s scakill scamutants: move.l #mes8,d2 ; Mutant move.l #mes8length,d3 bsr.L writer scakill: move.l $04.w,a6 move.l 46(a6),a0 move.l a0,a1 sub.l #$3e,a0 add.l #$400,a1 moveq #0,d1 ; Kills them in memory scakill1: move.w d1,(a0)+ cmpa.l a0,a1 bge.s scakill1 bsr.L killcold_cool ; Repairs both vectors rts dasa: move.l $04.w,a6 move.l -$1c6(a6),d5 ; $4b0 with 512 kb swap d5 cmp.w #$fc,d5 ; $fc06dc (1.2) $fc0718 (1.3) bne.s dasa0 move.l $7f804,d5 ; Dasa is ALWAYS at $7f800 cmp.l #$64116dec,d5 ; no need to restore doio beq.s dasa1 ; pointer (not changed) rts dasa0: move.l #$00fc06dc,-$1c6(a6) ; Remove its pointer dasa1: move.l -$1c6(a6),a3 sub.l #$16e,a3 ; Its beginning moveq #0,d0 move.l d0,554(a6) ; Kickchecksum move.l d0,550(a6) ; Kicktagptr move.l d0,546(a6) ; Kickmemptr move.l #$4ff,d1 ; Delete virus dasa2: move.b d0,(a3)+ dbf d1,dasa2 move.w #$1941,virusflag move.l #mes0,d2 move.l #mes0length,d3 bsr.L writer rts *********************************************************** * * DASA is the Byte Warrior * * DASA is always located at $7f800 and since * it uses a direct jump for DoIO of kick V1.2 * ( jmp $fc06dc ) for his own copy-routines it * crashes on kick v1.3. * Therefore I have added this two way search, because * when it's kick 1.3 it can't work but is still in * memory and I don't like a virus in memory... * * ONLY A DEAD VIRUS IS A GOOD VIRUS!!!! * ************************************************************ bytebandit: ; Searches for byte bandit move.l $4.w,a6 lea 350(a6),a0 lea trddevice,a1 ; Searches first jsr findname(a6) ; for trackdisk.device move.l d0,a0 sub.l #28,a0 ; Now check for DoIO move.l a0,bb1 cmp.l #$00f00000,a0 ble.s bytebandit1 ; OK! DoIO is changed rts bytebandit1: move.l 148(a6),a0 ; Now second test if it cmp.l #$00f00000,a0 ; is really byte bandit ble.s bytebandit2 ; LAMER also changes DoIO! rts bytebandit2: ; it is byte bandit!! move.l a0,a4 add.l #$10c,a0 ; Here the pointers are move.l (a0)+,a1 ; saved... move.l (a0),a2 move.l bb1,a0 move.l a1,(a0) ; Restoring both move.l a2,148(a6) ; pointers... moveq #0,d0 ; Removing byte bandit move.l d0,550(a6) ; as a resident module.. move.l d0,554(a6) sub.l #$2ca,a4 ; Its beginning move.l a4,a3 ; add.l #$400,a3 ; Its end bytebandit3: move.l d0,(a4)+ ; Deleting it cmpa.l a3,a4 ; from memory ble.s bytebandit3 move.w #$1941,virusflag move.l #mes10,d2 move.l #mes10length,d3 bsr.L writer rts *************** M E S S A G E S AND D A T A S **************** even mes0: dc.b $0a,'DANGER!! BYTE - WARRIOR (DASA) VIRUS found!!' dc.b $0a,'Virus killed, check your disks....' dc.b $0a,$0a mes0end: mes0length = mes0end-mes0 mes1: dc.b $0a,$9b,'7;32;41m' dc.b ' NO (SCA,DASA,Bbandit,Lamer,IRQ,BSG 9,Gadaffi,Disk-Doc.) VIRUS found!' dc.b $9b,'0;31;40m' dc.b $0a,' ^^ read instructions [berserker ?] for more information..' dc.b $0a,$0a mes1end: mes1length = mes1end-mes1 mes2: dc.b $0a,'DANGER!! BSG 9 LINK - VIRUS found and killed!!!' dc.b $0a,'Check first prog. in startup seq. or look into devs.' dc.b $0a,$0a mes2end: mes2length = mes2end-mes2 mes3: dc.b $0a,'DANGER!! IRQ LINK - VIRUS found and killed!!!' dc.b $0a,'Check 2nd prog. in startup seq. or cli-command DIR.' dc.b $0a,$0a mes3end: mes3length = mes3end-mes3 mes4: dc.b $0a,'DANGER!! GADAFFI - VIRUS found!!!' dc.b $0a,'Virus killed, check your disks....' dc.b $0a,$0a mes4end: mes4length = mes4end-mes4 mes5: dc.b $0a,'DANGER!! SCA - VIRUS found!!!' dc.b $0a,'Virus killed, check your disks....' dc.b $0a,$0a mes5end: mes5length = mes5end-mes5 mes6: dc.b $0a,'DANGER!! Disk-Doctor VIRUS found!!!' dc.b $0a,'Virus killed, check your disks....' dc.b $0a,$0a mes6end: mes6length = mes6end-mes6 mes8: dc.b $0a,'DANGER!! MUTANT SCA - VIRUS found!!!' dc.b $0a,'Virus killed, check you disks....' dc.b $0a,$0a mes8end: mes8length = mes8end-mes8 mes9: dc.b $0a,'DANGER!! EXTERMINATOR VIRUS (Lamer!) found!!!' dc.b $0a,'Virus killed, check you disks....' dc.b $0a,$0a mes9end: mes9length = mes9end-mes9 mes10: dc.b $0a,'DANGER!! BYTE - BANDIT VIRUS found!!!' dc.b $0a,'Virus killed, check you disks....' dc.b $0a,$0a mes10end: mes10length = mes10end-mes10 mes11: dc.b $0c,$0a,$1b,'[1m',' ***** BERSERKER III + *****' dc.b $1b,'[0m' dc.b $0a dc.b $0a,' 1. This Viruskiller finds and destroys the following:' dc.b $0a,' Byte Bandit Virus, Byte Warrior Virus (DASA)' dc.b $0a,' SCA and SCA Mutants (AEK, LSD, OBELISK & WARHAWK)' dc.b $0a,' Exterminator Virus (LAMER), GADAFFI Virus,' dc.b $0a,' Disk-Doctor Virus, IRQ Virus (Link Virus),' dc.b $0a,' BSG 9 VIRUS (Link Virus).' dc.b $0a,' 2. All bootblock viruses like SCA and mutants, BYTE BANDIT,' dc.b $0a,' BYTE WARRIOR and EXTERMINATOR will be deleted from' dc.b $0a,' memory and all system pointers will be restored.' dc.b $0a,' 3. The IRQ/BSG Viruses are only killed in memory. They' dc.b $0a,' might have infected some prgs. on disk!! Take care...' dc.b $0a,' 4. Berserker always corrects cold- and coolcapture....' dc.b $0a,' Berserker works with more memory and all kickstarts.' dc.b $0a,' 5. Greetings to Thomas M., Thorsten H., Olaf B., Gunnar L.,' dc.b $0a,' Henning L., Michael V., Dirk L. and Steve Tibbett....' dc.b $0a dc.b $1b,'[1m' dc.b $0a,' I LOVE MARTHA !!! This program is in the PUBLIC DOMAIN!!!' dc.b $1b,'[3m' dc.b $0a dc.b $0a,' © Copyright 1988, 1989 by Ralf Thanner.' dc.b $1b,'[0m' dc.b $0a mes11end: mes11length = mes11end-mes11 ; even diskdoc: dc.l 0 diskdoc1: dc.l 0 diskdoc2: dc.l 0 gadaf: dc.l 0 bb1: dc.l 0 exter: dc.l 0 exter1: dc.l 0 outputhandle: dc.l 0 dosbase: dc.l 0 IntBase: dc.l 0 virusflag: dc.w 0 even trddevice: dc.b 'trackdisk.device',0 even IntName: dc.b 'intuition.library',0 even dosname: dc.b 'dos.library',0 even alert1: dc.w 178 dc.b 16 dc.b 'Berserker found VIRUS in memory!' even