home *** CD-ROM | disk | FTP | other *** search
- name VIRDET
-
- title VIRDET -- detects the Jerusalem virus in RAM
- ;
- ; Looks for the string: E9 92 00 73 55 4D, in RAM and returns with
- ; errorlevel 1 if it finds it, otherwise returns with 0.
- ;
- START segment word public 'CODE'
-
- org 100h
-
- assume CS:START,DS:START,SS:START
-
- search proc near
- mov ax,0
- mov es,ax
- ;
- ; Use ES as the segement for the target
- ;
- cld ;set to move forward
- mov bx,-0ffeh ;initialize search segment
- mov ax,7000h ;record current segment in AX
- init2: add bx,0ffeh ;increment search segment
- cmp ax,bx ;reached current segment?
- jb passed ;yes, then signature not found
- mov es,bx ;point ES to search segment
- mov di,0 ;point DI to memory
- mov al,intro ;point SI to the string
- mov cx,0ffffh ;check 16 characters
- init3: repne scasb ;look for intro character
- jne init2 ;continue search if compare failed
- ;
- ; check for the rest of the string
- ;
- cmp cx,16
- jb init2 ;don't go over boundary
- push di ;save the pointer
- push cx ;save the counter
- mov cx,str_len
- mov si,offset str ;remainder of string
- repe cmpsb ;compare remainder of string
- pop cx
- pop di ;restore if search must go on
- jne init3
- ;
- fail: mov ax,4c01h
- int 21h
-
- passed: mov ax,4c00h
- int 21h
-
- search endp
-
- str db 92h,0,73h,55h,4Dh ;the rest of the string
- str_len equ $-str
-
- intro db 0e9h ;the introductory character
-
- START ends
-
- end search
-
-
-
-
- �
