Amiga Elysian Archive

home *** CD-ROM | disk | FTP | other *** search

/ Amiga Elysian Archive / AmigaElysianArchive.iso / virus / xenozap.lha / XenoZap.mod < prev next >

Wrap

Text File | 1989-12-01 | 6KB | 200 lines

MODULE XenoZap; (* PROGRAM : XenoZap VERSION : 1.0 AUTHOR : Kevin Kelm LANGUAGE: Modula-2 COMPILER: BenchMark DATE : 2 AM, 12/1/89 STATUS : Public Domain *) FROM SYSTEM IMPORT TSIZE, ADR, SETREG, REG, INLINE; FROM System IMPORT argc, argv, DOSBase; FROM InOut IMPORT WriteString, WriteCard, WriteLn; FROM AmigaDOS IMPORT FileHandle, Open, Close, Read, Write, FileLock, Lock, UnLock, Examine, ExNext, FileInfoBlockPtr, Seek, SigBreakCtrlC; FROM Strings IMPORT CopyString, ConcatString, StringLength; FROM Memory IMPORT AllocMem, FreeMem, MemReqSet; FROM Tasks IMPORT TaskPtr, FindTask; VAR fh : FileHandle; infected, directories : CARDINAL; path : ARRAY [0..107] OF CHAR; i : CARDINAL; mytask : TaskPtr; foundinmem : BOOLEAN; TYPE jmpptr = POINTER TO ARRAY [0..8] OF CARDINAL; PROCEDURE Warn; BEGIN IF NOT foundinmem THEN WriteString ("\n\n\23333m WARNING: Xeno virus found in memory. It has been removed.\23331m\n\n"); foundinmem := TRUE; END (* if *); END Warn; PROCEDURE CheckInMem() : BOOLEAN; VAR vector : jmpptr; BEGIN SETREG ( 8+4, LONGCARD(DOSBase) ); INLINE ( 41ECH, 0FFE2H ); (* LEA FFE2(A4), A0 *) vector := jmpptr(REG(8)); IF vector^[0] = 4EF9H THEN Warn; vector^[0] := 70FFH; vector^[1] := 6000H; vector^[2] := 0068H; END (* if *); SETREG ( 8+4, LONGCARD(DOSBase) ); INLINE ( 41ECH, 0FFACH ); (* LEA FFAC(A4), A0 *) vector := jmpptr(REG(8)); IF vector^[0] = 4EF9H THEN Warn; vector^[0] := 70F5H; vector^[1] := 6000H; vector^[2] := 009EH; END (* if *); SETREG ( 8+4, LONGCARD(DOSBase) ); INLINE ( 41ECH, 0FF6AH ); (* LEA FF6A(A4), A0 *) vector := jmpptr(REG(8)); IF vector^[0] = 4EF9H THEN Warn; vector^[0] := 70EDH; vector^[1] := 6000H; vector^[2] := 00E0H; END (* if *); RETURN foundinmem; END CheckInMem; CONST Xeno = 0D8E5EEEFH; XenoAt = 043CH; PROCEDURE KillXeno(offset : LONGCARD); VAR branch : LONGCARD; BEGIN branch := 60000462H; IF Seek ( fh, offset, -1D ) # -1D THEN (* write BRA #0462(PC) *) IF Write ( fh, ADR(branch), 4D ) # -1D THEN END (* if *); END (* if *); IF Seek ( fh, offset+LONGCARD(XenoAt), -1D ) # -1D THEN IF Write ( fh, ADR("XenoZAPPED!"), 11D ) # -1D THEN END (* if *); END (* if *); END KillXeno; PROCEDURE CheckForXeno ( name : ARRAY OF CHAR ); VAR lc : LONGCARD; offset : LONGCARD; BEGIN fh := Open ( ADR(name), 1004 ); IF fh # NIL THEN IF Read ( fh, ADR( lc ), 4 ) # -1D THEN IF lc = LONGCARD(03F3H) THEN (* executable *) WriteString ( " "); WriteString ( name ); IF Read ( fh, ADR(lc), 4 ) # -1D THEN END; IF Read ( fh, ADR(lc), 4 ) # -1D THEN END; offset := 28D + (lc * 4D); IF Seek ( fh, LONGCARD(XenoAt)+offset, -1D ) # -1D THEN IF Read ( fh, ADR(lc), 4 ) # -1D THEN IF lc = Xeno THEN WriteString ( "\23333m <==== INFECTED!\23331m Now Fixing..."); INC ( infected ); KillXeno(offset); END (* if *); END (* if *); END (* if *); WriteString ( "\n"); END (* if *); END (* if *); Close ( fh ); END (* if *); END CheckForXeno; PROCEDURE ScanDir ( name : ARRAY OF CHAR ); VAR tpath : ARRAY [0..107] OF CHAR; fib : FileInfoBlockPtr; fl : POINTER TO FileLock; BEGIN fib := AllocMem ( SIZE(fib^), MemReqSet{}); fl := AllocMem ( TSIZE(FileLock), MemReqSet{}); fl^ := FileLock(0); fl^ := Lock ( ADR(name), -2D ); IF fl^ # NIL THEN IF Examine ( fl^, fib^ ) THEN IF fib^.fibDirEntryType <= 0D THEN (* executable... check this one *) UnLock ( fl^ ); CheckForXeno ( name ); ELSE WriteString("\23332m"); WriteString ( name ); WriteString("\23331m\n"); INC (directories); WHILE ExNext ( fl^, fib^ ) AND NOT (SigBreakCtrlC IN mytask^.tcSigRecvd) DO CopyString ( tpath, path ); IF (path[0] # 0C) AND (path[StringLength(path)-1] # ":") THEN ConcatString ( path, "/"); END (* if *); ConcatString ( path, fib^.fibFileName ); IF fib^.fibDirEntryType <= 0D THEN (* executable... check it out *) IF fib^.fibSize > 1124D THEN (* only need to check files big enough *) CheckForXeno ( path ); END (* if *); ELSE (* recurse into the directory *) ScanDir ( path ); END (* if *); CopyString ( path, tpath ); (* restore last path *) END (* while *); UnLock ( fl^ ); END (* if *); ELSE UnLock ( fl^ ); END (* if *); END (* if *); FreeMem ( fl, TSIZE(FileLock) ); FreeMem ( fib, SIZE(fib^) ); END ScanDir; BEGIN WriteString("\23332m XenoZap 1.0 Public Domain \23331m\n"); WriteString("\2333mGREETINGS XENO VIRUS FROM THE AMIGA USERS,\n"); WriteString(" you scum-sucking PIG!\2330m\n"); foundinmem := FALSE; IF NOT CheckInMem() THEN WriteString ("\n\n Xeno virus \23332mNOT\23331m active in memory.\n\n"); END (* if *); mytask := FindTask(0); (* find ourselves *) infected := 0; directories := 0; IF argc > 1 THEN FOR i := 1 TO argc-1 DO IF NOT (SigBreakCtrlC IN mytask^.tcSigRecvd) THEN CopyString ( path, argv^[i]^); ScanDir ( path ); END (* if *); END (* for *); ELSE WriteString ("\nFORMAT: XenoZap <dev|dir|file> [dev|dir|file] . . .\n\n"); END (* if *); IF SigBreakCtrlC IN mytask^.tcSigRecvd THEN WriteString ("\n\2330;31m***** BREAK\n"); END (* if *); WriteCard ( infected, 0 ); WriteString(" infected executables found in "); WriteCard ( directories, 0 ); WriteString (" directories.\n"); END XenoZap.