ag.asm

More than 800 virus code (old school) just for fun and studying prehistoric viruses. WARNING: use

.286c
.model small
.code
        org     100h
start:

jmp	install

old_si  dw      0
old_bx 	dw	0
old_cx	dw	0
old_dx	dw	0
es_main	dw	0
num_ff	dw	0
last_pag dw	0
viroff	dw	0
count	db	0
scan_seg dw     0
mes db 'Found !','$'
filnm   db      15 dup(0)
buffer  db      'NCMAIN.EXE',0h,0h,0h,0h,0h
	db	'QA.COM',
        db      64 dup (0)

include datagame.inc


int_21h_entry:

        pushf					; Push flags
	sti					; Enable interrupts
	cmp	ah,4Bh				;
        jne     loc_24                          ; Jump if equal
	cmp	al,0
        je      loc_25

loc_24:
	popf					; Pop flags
	db	0EAh
old_21h_off  dw	 ?
old_21h_seg  dw  ?


loc_25:
	mov	cs:old_bx,bx
	push	ax
	push	cx
	push	di
	push	es
        push    ds
        push    si
	push	dx

        mov     si,dx
loc_205:
	inc	si
	cmp byte ptr ds:[si],0
	jne	loc_205
	mov	bh,0
loc_206:
	inc	bh
	dec	si
	cmp byte ptr ds:[si],'\'
	jne	loc_206
	inc	si
	dec	bh
	push	cs
	pop	es
	xor	cx,cx
	mov	bl,-1
loc_94:
        inc     bl
        lea     di,cs:buffer
        mov     ax,15
        mul     bl
        add     di,ax
        push    si
        mov     cl,bh
        rep     cmpsb
        pop     si
        je      loc_57
        cmp     bl,4
        jne     loc_94
        jmp short loc_95

loc_57:
        mov     byte ptr cs:count,0
        jmp     loc_fin

loc_95:
	mov	cl,bh
        lea     di,cs:filnm
        repne movsb
        sub     si,3
        cmp word ptr ds:[si],'XE'
	jne	loc_47
	lea	ax,cs:only_exe
	mov  byte ptr bl,cs:only_exe_count
        jmp short loc_files

loc_47:
        cmp  word ptr ds:[si],'OC'
	je     loc_79
	lea	ax,cs:ov_pi
	mov    byte ptr bl,cs:ov_pi_count
        jmp short loc_files

loc_79:
	lea	ax,cs:com_exe
	mov  byte ptr bl,cs:com_exe_count

loc_files:

	mov	cs:viroff,ax
        mov     byte ptr cs:count,bl

        mov     ah,3dh
	xor	al,al
	int 	21h      ; file is open for reading
	jc	loc_fin

        mov     bx,ax
	mov	ah,42h
	xor	cx,cx
	mov	dx,cx
	mov	al,2
	int	21h	; seek to the end

       	mov	cs:num_ff,dx	  ; save number of 64k
	mov	cs:last_pag,ax    ; save length of last page

	mov	ah,3eh
	int	21h     ; close the file

loc_fin:
	pop	dx
        pop     si
        pop     ds
	pop	es
	pop	di
	pop	cx
	pop	ax
loc_en:
	mov	bx,cs:old_bx
	jmp	loc_24

message:
        mov     dx,si
        mov     ah,09h
        int    21h
        lea     dx,mes
        mov     ah,09h
        int    21h
	ret

int_4b_scan:

        mov     old_bx,bx
	mov	old_dx,dx
	push	cs
	pop	ds
	add     dx,10h            ; dx = Start seg

	call	scanvir
	jc	loc_vir

        mov     ax,old_bx
	mov	dx,old_dx
        mov     ds,dx
        mov     es,dx
	retf

loc_vir:
;	call	message
        pop     dx
        pop     ds
	mov	dx,old_dx
        push    dx
        xor     dx,dx
        push    dx
        retf


scanvir:
	; dx = segment for scan	 (offset = 0)
	; cs:viroff = offset of virtable
	; ds = segment of virtable
	; cs:count = number of viruses
	; cs:num_ff = number of 64k
	; cs:last_pag = number of bytes in last page
	; return bit c if virus is founded
	; ds:si points to the viruses name
	; bp,es,di,bx,ax,dx