📄 小球病毒脱壳程序.asm
字号:
CSEG SEGMENT PARA PUBLIC'code'
ORG 100H
ASSUME CS:CSEG,DS:CSEG,ES:CSEG,SS:CSEG
BALL PROC FAR
JMP INIT
INT08 PROC FAR
PUSH DS
PUSH AX
PUSH BX
PUSH CX
PUSH DX
POP DS
MOV AH,0FH
INT 10H
MOV BL,AL
CMP BX,[PMOD]
JZ LF27
MOV [PMOD],BX
DEC AH
MOV [COLN],AH
MOV AH,01
CMP BL,07
JNZ LF05
DEC AH
LF05:
CMP BL,04
JNB LF0C
DEC AH
LF0C:
MOV [NMOD],AH
MOV WORD PTR [POS0],0101H
MOV WORD PTR [POS1],0101H
MOV AH,03
INT 10H
PUSH DX
MOV DX,[POS0]
JMP LF4A
LF27:
MOV AH,03
INT 10H
PUSH DX
MOV AH,02
MOV DX,[POS0]
INT 10H
MOV AX,[ATTO]
CMP BYTE PTR [NMOD],01
JNZ LF41
MOV AX,8307H
LF41:
MOV BL,AH
MOV CX,0001
MOV AH,09
INT 10H
LF4A:
MOV CX,[POS1]
CMP DH,00
JNZ LF58
XOR CH,0FFH
INC CH
LF58:
CMP DH,18H
JNZ LF62
XOR CH,0FFH
INC CH
LF62:
CMP DL,00
JNZ LF6C
XOR CL,0FFH
INC CL
LF6C:
CMP DL,[COLN]
JNZ LF77
XOR CL,0FFH
INC CL
LF77:
CMP CX,[POS1]
JNZ LF94
MOV AX,[ATTO]
AND AL,07
CMP AL,03
JNZ LF8B
XOR CH,0FFH
INC CH
LF8B:
CMP AL,05
JNZ LF94
XOR CL,0FFH
INC CL
LF94:
ADD DL,CL
ADD DH,CH
MOV [POS1],CX
MOV [POS0],DX
MOV AH,02
INT 10H
MOV AH,08
INT 10H
MOV [ATTO],AX
MOV BL,AH
CMP BYTE PTR [NMOD],01
JNZ LFB6
MOV BL,83H
LFB6:
MOV CX,0001H
MOV AX,0907H
INT 10H
POP DX
MOV AH,02
INT 10H
POP DX
POP CX
POP BX
POP AX
POP DS
DB 0EAH
INT08_OFS DW 0
INT08_SEG DW 0
ATTO DW 0
POS0 DW 0101H
POS1 DW 0101H
NMOD DB 0
PMOD DW 0
COLN DB 0
INT08 ENDP
INIT:
MOV AX,3508H
INT 21H
MOV INT08_SEG,ES
MOV INT08_OFS,BX
MOV AX,2508H
LEA DX, INT08
INT 21H
LEA DX, INIT
MOV CX,4
SHR DX,CL
INC DX
MOV AX,3100H
INT 21H
BALL ENDP
CSEG ENDS
END INIT
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -